How to detect, enable and disable SMBv1, SMBv2, and SMBv3 in Windows

This article describes how to enable and disable Server Message Block (SMB) version 1 (SMBv1), SMB version 2 (SMBv2), and SMB version 3 (SMBv3) on the SMB client and server components.

Disabled SMBv1 server and client via Group Policy is the best option!

https://docs.microsoft.com/en-us/windows-server/storage/file-server/troubleshoot/detect-enable-and-disable-smbv1-v2-v3

Top 25 Active Directory Security Best Practices

A comprehensive list of the top 25 Active Directory Security Tips and best practices. Securing domain admins, local administrators, audit policies, monitoring AD for compromise, password policies, vulnerability scanning and more.

See https://activedirectorypro.com/active-directory-security-best-practices/

Here are the 25 that he lists:
  1. Clean up the Domain Admins Group
  2. Use at Least Two Accounts (Regular and Admin Account)
  3. Secure The Domain Administrator account
  4. Disable the Local Administrator Account (on all computers)
  5. Use Local Administrator Password Solution (LAPS)
  6. Use a Secure Admin Workstation (SAW)
  7. Enable Audit policy Settings with Group Policy
  8. Monitor Active Directory Events for Signs of Compromise
  9. Password Complexity Sucks (Use Passphrases Instead)
  10. Use Descriptive Security Group Names
  11. Cleanup Old Active Directory User & Computer Accounts
  12. Do NOT Install Additional Software or Roles on Domain Controllers
  13. Continues Patch Management & Vulnerability Scanning
  14. Use DNS Services to Block Malicious Domains
  15. Run Critical Infrastructure on latest Windows Operating System
  16. Use Two Factor Authentication for Remote Access
  17. Monitor DHCP Logs for Connected Devices
  18. Monitor DNS Logs for Security Threats
  19. Use Latest ADFS and Azure Security Features
  20. Use Office 365 Secure Score
  21. Plan for Compromise ( Have a recovery plan)
  22. Document Delegation to Active Directory
  23. Lock Down Service Accounts
  24. Disable SMBv1
  25. Use Security Baselines and Benchmarks

bandwhich

bandwhich sniffs a given network interface and records IP packet size, cross referencing it with the /proc filesystem on linux or lsof on macOS. It is responsive to the terminal window size, displaying less info if there is no room for it. It will also attempt to resolve ips to their host name in the background using reverse DNS on a best effort basis.

More info and install details: https://github.com/imsnif/bandwhich

How to use AWS Secrets Manager to securely store and rotate SSH key pairs

This AWS Article will show you how to secure, rotate, and use SSH keypairs for inter-cluster communication. You’ll use an AWS CloudFormation template to launch a cluster and configure Secrets Manager. Then we’ll show you how to use Secrets Manager to deliver the keypair to the cluster and use it for management operations, such as securely copying a file between nodes. Finally, we’ll use Secrets Manager to seamlessly rotate the keypair used by the cluster without any changes or outages. In this post, we’ve highlighted compute clusters, but you can use Secrets Manager to apply this solution directly to any SSH based use-case.

More info and to launch the CF Stack:

https://aws.amazon.com/blogs/security/how-to-use-aws-secrets-manager-securely-store-rotate-ssh-key-pairs/

mkcert – local certs

mkcert is a simple tool for making locally-trusted development certificates. It requires no configuration. Perfect for local test systems and local internal servers only!

https://github.com/FiloSottile/mkcert

Installation:
https://github.com/FiloSottile/mkcert#installation

First Create CA:
mkcert -install

Create cert for example:
mkcert example.com "*.example.com" example.test localhost 127.0.0.1 ::1

certificatechain.io

When installing an SSL certificate on a server you should install all intermediate certificates as well. Paste or upload your certificate to generate a .crt-file with all intermediate certificates concatenated.

All operating systems contain a set of default trusted root certificates.
But Certificate Authorities usually don’t use their root certificate to sign customer certificates.
They use so called intermediate certificates instead, because these can be rotated more frequently.

If not all intermediate certificates are installed on your server, some clients —mostly mobile browsers—
will think you are on an insecure connection.

More info and to test your certificate chain go to https://certificatechain.io/

DNS Twister

dnstwister generates a list of domain names that are similar to one that you provide, checking to see if any of them are registered.

dnstwister can tell you if someone may be using a domain like yours for malicious purposes like phishing or trademark infringement.

For instance as the owner of the domain dnstwister.report I would be very interested to know if someone registered the ‘dnstw1ster.report’ domain and started sending malicious password-reset emails to users.

For more info see https://dnstwister.report/

AWS Transit Gateway

AWS Transit Gateway is a service that enables customers to connect their Amazon Virtual Private Clouds (VPCs) and their on-premises networks to a single gateway. As you grow the number of workloads running on AWS, you need to be able to scale your networks across multiple accounts and Amazon VPCs to keep up with the growth. Today, you can connect pairs of Amazon VPCs using peering. However, managing point-to-point connectivity across many Amazon VPCs, without the ability to centrally manage the connectivity policies, can be operationally costly and cumbersome. For on-premises connectivity, you need to attach your AWS VPN to each individual Amazon VPC. This solution can be time consuming to build and hard to manage when the number of VPCs grows into the hundreds.

With AWS Transit Gateway, you only have to create and manage a single connection from the central gateway in to each Amazon VPC, on-premises data center, or remote office across your network. Transit Gateway acts as a hub that controls how traffic is routed among all the connected networks which act like spokes. This hub and spoke model significantly simplifies management and reduces operational costs because each network only has to connect to the Transit Gateway and not to every other network. Any new VPC is simply connected to the Transit Gateway and is then automatically available to every other network that is connected to the Transit Gateway. This ease of connectivity makes it easy to scale your network as you grow.

Without AWS Transit Gateway

With AWS Transit Gateway

https://aws.amazon.com/transit-gateway/

AWS Enabling Enhanced Networking with ENA on Linux Instances

In order to change the instance type on EC2 Linux instances ENA needs to be enabled. In most cases this is already set, however if you have some older EC2’s running they will need to be ENA enabled for this change to occur. Otherwise you will need to create a new Instance from a fresh snapshot or detach and re-attach the EBS volume.

ENA is a custom network interface optimized to deliver high throughput and packet per second (PPS) performance, and consistently low latencies on EC2 instances. Using ENA, customers can utilize up to 20 Gbps of network bandwidth on certain EC2 instance types. ENA-based Enhanced Networking is currently supported on X1 instances, and will be available on other new EC2 instance types in the future.

Open Source licensed ENA drivers are currently available for Linux and Intel® Data Plane Development Kit (Intel® DPDK), and we will soon be releasing an ENA driver for Microsoft Windows® operating systems. The latest Amazon Linux AMI includes the ENA Linux driver support by default. ENA Linux driver source code is also available on github.com for developers to integrate in their AMIs. There is no additional fee to use ENA. For more information, read the Enhanced Networking documentation.

https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/enhanced-networking-ena.html

Testing Whether Enhanced Networking Is Enabled
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/enhanced-networking-ena.html#test-enhanced-networking-ena

ubuntu:~$ modinfo ena
 ERROR: modinfo: could not find module ena

Enabling Enhanced Networking on Ubuntu
The latest Ubuntu HVM AMIs have the module required for enhanced networking with ENA installed and have the required enaSupport attribute set. Therefore, if you launch an instance with the latest Ubuntu HVM AMI on a supported instance type, enhanced networking is already enabled for your instance.

modify-instance-attribute (AWS CLI):

aws ec2 modify-instance-attribute --instance-id instance_id --ena-support