How to detect, enable and disable SMBv1, SMBv2, and SMBv3 in Windows

This article describes how to enable and disable Server Message Block (SMB) version 1 (SMBv1), SMB version 2 (SMBv2), and SMB version 3 (SMBv3) on the SMB client and server components.

Disabled SMBv1 server and client via Group Policy is the best option!

https://docs.microsoft.com/en-us/windows-server/storage/file-server/troubleshoot/detect-enable-and-disable-smbv1-v2-v3

Top 25 Active Directory Security Best Practices

A comprehensive list of the top 25 Active Directory Security Tips and best practices. Securing domain admins, local administrators, audit policies, monitoring AD for compromise, password policies, vulnerability scanning and more.

See https://activedirectorypro.com/active-directory-security-best-practices/

Here are the 25 that he lists:
  1. Clean up the Domain Admins Group
  2. Use at Least Two Accounts (Regular and Admin Account)
  3. Secure The Domain Administrator account
  4. Disable the Local Administrator Account (on all computers)
  5. Use Local Administrator Password Solution (LAPS)
  6. Use a Secure Admin Workstation (SAW)
  7. Enable Audit policy Settings with Group Policy
  8. Monitor Active Directory Events for Signs of Compromise
  9. Password Complexity Sucks (Use Passphrases Instead)
  10. Use Descriptive Security Group Names
  11. Cleanup Old Active Directory User & Computer Accounts
  12. Do NOT Install Additional Software or Roles on Domain Controllers
  13. Continues Patch Management & Vulnerability Scanning
  14. Use DNS Services to Block Malicious Domains
  15. Run Critical Infrastructure on latest Windows Operating System
  16. Use Two Factor Authentication for Remote Access
  17. Monitor DHCP Logs for Connected Devices
  18. Monitor DNS Logs for Security Threats
  19. Use Latest ADFS and Azure Security Features
  20. Use Office 365 Secure Score
  21. Plan for Compromise ( Have a recovery plan)
  22. Document Delegation to Active Directory
  23. Lock Down Service Accounts
  24. Disable SMBv1
  25. Use Security Baselines and Benchmarks

How to use AWS Secrets Manager to securely store and rotate SSH key pairs

This AWS Article will show you how to secure, rotate, and use SSH keypairs for inter-cluster communication. You’ll use an AWS CloudFormation template to launch a cluster and configure Secrets Manager. Then we’ll show you how to use Secrets Manager to deliver the keypair to the cluster and use it for management operations, such as securely copying a file between nodes. Finally, we’ll use Secrets Manager to seamlessly rotate the keypair used by the cluster without any changes or outages. In this post, we’ve highlighted compute clusters, but you can use Secrets Manager to apply this solution directly to any SSH based use-case.

More info and to launch the CF Stack:

https://aws.amazon.com/blogs/security/how-to-use-aws-secrets-manager-securely-store-rotate-ssh-key-pairs/

mkcert – local certs

mkcert is a simple tool for making locally-trusted development certificates. It requires no configuration. Perfect for local test systems and local internal servers only!

https://github.com/FiloSottile/mkcert

Installation:
https://github.com/FiloSottile/mkcert#installation

First Create CA:
mkcert -install

Create cert for example:
mkcert example.com "*.example.com" example.test localhost 127.0.0.1 ::1

certificatechain.io

When installing an SSL certificate on a server you should install all intermediate certificates as well. Paste or upload your certificate to generate a .crt-file with all intermediate certificates concatenated.

All operating systems contain a set of default trusted root certificates.
But Certificate Authorities usually don’t use their root certificate to sign customer certificates.
They use so called intermediate certificates instead, because these can be rotated more frequently.

If not all intermediate certificates are installed on your server, some clients —mostly mobile browsers—
will think you are on an insecure connection.

More info and to test your certificate chain go to https://certificatechain.io/

DNS Twister

dnstwister generates a list of domain names that are similar to one that you provide, checking to see if any of them are registered.

dnstwister can tell you if someone may be using a domain like yours for malicious purposes like phishing or trademark infringement.

For instance as the owner of the domain dnstwister.report I would be very interested to know if someone registered the ‘dnstw1ster.report’ domain and started sending malicious password-reset emails to users.

For more info see https://dnstwister.report/

SSH Audit

Ideally you should whitelist your SSH Servers to your IPs or don’t even expose the service to the Internet and use a VPN to login. In some cases this is not an option and/or you may need to create a Bastion Host / Jump Box server with SSH exposed.

If this is the case you should do or at least consider these options:

  • Change the SSH port (May reduce the noise, but not the security)
  • Only use Key Based Authentication i.e. disable password and use keys only
  • Prevent root user from logging in via SSH
  • Limit user access via SSH

Once the above has been completed, use SSH Audit to check that everything from an SSH configuration is setup correctly and passes the security checks. SSH Audit is a free online tool allows you to audit the configuration of an SSH server.

Reference:
https://www.sshaudit.com

grepcidr

grepcidr is a 

grepcidr can be used to filter a list of IP addresses against one or more Classless Inter-Domain Routing (CIDR) specifications. As with grep, there are options to invert matching and load patterns from a file. grepcidr is capable of efficiently processing large numbers of IPs and networks.

grepcidr has endless uses in network software, including: mail filtering and processing, network security, log analysis, and many custom applications.

For detailed instructions and examples, please see the README file or man page. A couple examples of usage:

	grepcidr 2001:db8::/32 logfile
	grepcidr 66.249.64.0/19 access.log

Reference: http://www.pc-tools.net/unix/grepcidr/

Install grepcidr with your package manager:

 sudo apt install grepcidr 

Linux du command alternatives

For years I’ve used ncdu a NCurses Disk Usage utility for Linux. Recently someone alerted me to some other options as well as ncdu:

Dust:
du + rust = dust. Like du but more intuitive, Dust is meant to give you an instant overview of which directories are using disk space without requiring sort or head. Dust will print a maximum of 1 ‘Did not have permissions message’. Dust will list the 20 biggest sub directories or files and will smartly recurse down the tree to find the larger ones. There is no need for a ‘-d’ flag or a ‘-h’ flag. The largest sub directory will have its size shown in red.

https://github.com/bootandy/dust

The Tin Summer:
sn is a replacement for du. It has nicer output, saner commands and defaults, and it even runs faster on big directories thanks to multithreading.

https://github.com/vmchale/tin-summer

NCDU:
Ncdu is a disk usage analyzer with an ncurses interface. It is designed to find space hogs on a remote server where you don’t have an entire graphical setup available, but it is a useful tool even on regular desktop systems. Ncdu aims to be fast, simple and easy to use, and should be able to run in any minimal POSIX-like environment with ncurses installed.
Install from repos: sudo apt install ncdu

man page: https://dev.yorhel.nl/ncdu/man