Home » Posts tagged 'Cyber Security'
Tag Archives: Cyber Security
I’ve experienced that many people deliberately disable the Windows firewall. They don’t want to get annoyed with it, if something don’t work as expected. But there’s nothing to worry about, because it works as it should. I rather suspect that some administrators lack some knowledge. Any way, let’s get a list of all Domain Computers running Windows Server and let’s find out if they have their firewall enabled. It’s a small function which shows the good ones in green. The red ones are the bad ones 😉
Firewalls control traffic. They use technology such as Stateful Inspection to establish a connection to other networks. In this article I describe how to configure the host-based Windows Firewall by using Windows PowerShell.
Microsoft Advanced Threat Analytics (ATA) is a platform that enables you to protect your infrastructure from cyber attacks. ATA is using a parsing engine to capture network traffic of protocols such as Kerberos. It monitors authentication and authorization. This can be done with port mirroring from Domain Controllers and other important computers. You can also deploy ATA directly on Domain Controllers which is called ATA Lightweight Gateway.
Will you be notified when there are changes to group memberships? No? Memberships in groups are particularly interesting. Especially if it is the group of the domain administrators. The following article shows how to recognize changes and then check them at regular intervals. The administrator should be notified of any changes. This can be done by message or e-mail. Instead of configuring Audit Policies we do everything in PowerShell and then we put our script into a scheduled task.
There is more than enough monitoring software around. Most of them are really helpful and superbly done. For those who don’t have such software at hand, there are only 2 options: to do without it or to create create a script by themselves. If you want to implement monitoring by using ICMP Echo to check for example your Domain Controllers then this article is for you.
Long time ago I’ve created a small function that acts like a port scanner. It’s not a replacement for enterprise scanners such as nmap, but it’s quite useful for quick tests when nmap is not at hand. The command Test-Port calls Test-NetConnection and enables you to specify more than one port number. It’s nothing special, but it’s worth sharing.
Display only Folders that a User has Access: Configuring Access Based Enumeration on Windows Server 2012/2016
Access based enumeration enables you to configure advanced display options for shared folders. If a user is mapped to a network drive and this network drive has the Access Based Enumeration Feature enabled then this user can only see folders that he has access to. So far so good. Now I’m going to show how to configure this great feature in the graphical interface and – of course – in Windows PowerShell.