[5 Mins Docker Series] Deploy AList using Portainer and Install AList in Winodws

12/28/2022

In this video, I am gonna use Portainer to demonstrate how to install AList into your own Linux VPS and how to run AList from your Windows machine. I also shows how to configure your own domain and use NPM to do reverse proxy with SSL certificate to enable HTTPS access. AList can be used in a ouple of use cases, such as central cloud management portal, central media sharing portal, or even to replace your NAS. It worths taking your time to explore the usage of AList. Related Post: ✍https://blog.51sec.org/2022/12/5-minutes-docker-series-deploy-free.html Related Videos: ?Using Docker Run to Deploy AList - A File Index App for Local/Cloud Storages - https://youtu.be/9ZFgm-5w8HY 5 Minutes Docker Series: ? Install A Web Notepad App - Minimalist - https://youtu.be/8Ea1-6Knl-g ? Install An Open Source Personal Music Streaming Server - koel - https://youtu.be/9ZrGV0zFbSw ? Deploy Wordpress in CentOS 7 with Docker - https://youtu.be/9whAlZIfEKE ? Using Portainer Deploy Minimalist Online Notepad & Using NPM Enable HTTPS with Basic Authentication - https://youtu.be/vWyE6qn-46o ? Deploy A File Index App for Local / Cloud Storages - AList - https://youtu.be/9ZFgm-5w8HY ? Using Docker Run to Deploy AList - A File Index App for Local/Cloud Storages - https://youtu.be/9ZFgm-5w8HY ?Chapters: 0:00 - Introduction 2:37 - Lets start it! 3:31 - Use Portainer to Install AList 4:46 - 2. Config Own Domain and Reverse Proxy with HTTPS access 11:02 - 3. Deploy AList to Local Windows Machine 17:17 - End Scene ✅#51Sec #NetSec ====================================================================== If you found this video has some useful information, please give me a thumb up and subscribe this channel to get more updates: ⚡https://www.youtube.com/c/Netsec?sub_confirmation=1 ⚡Resource Collection and Bookmarks: https://sites.51sec.org/ Learning and Sharing - ?海内存知己,天涯若比邻 https://51sec.org https://itprosec.com

Watch video on YouTube here: https://youtu.be/SE8ZuGKw4Eg by NetSec

0 Comments

[5 Mins Docker Series] Deploy A File Index App for Local / Cloud Storages - AList

12/26/2022

1 Comment

This video introduces AList, an open source project from Github, to list your files/folders from multiple storage places, either local or cloud. Although it is similar as other projects I introduced before, such as , GOIndex, GDIndex, OneManager, OnePoint, etc. This one is still under active maintenance and having more features. Related Post: ✍,https://blog.51sec.org/2022/12/5-minutes-docker-series-deploy-free.html Related Videos: ⚡Using Cloudflare Workers to Create a Serverless Google Drive Indexer with New Theme (GoIndex) - https://youtu.be/5O4zQc4pvDs ⚡Create a Serverless Fast OneDrive Index (FODI) Site Using Cloudflare Workers and GitHub Page - https://youtu.be/WE8qxkcJTlI ⚡Using Cloudflare Workers to Build Free Google Drive Indexer (GoIndex) in 5 Minutes - https://youtu.be/HjKjB8JKa08 ⚡Deploy GitHub Project OneManager using Heroku and Cloudflare to List OneDrive Content - https://youtu.be/aJ0SEUSeDZ4 ⚡Deploy OneManager (OneDrive Manager) to Heroku and Overcome Usage limitation Using Cloudflare Worker - https://youtu.be/RZZto9TGyxA 5 Minutes Docker Series: ? Install A Web Notepad App - Minimalist - https://youtu.be/8Ea1-6Knl-g ? Install An Open Source Personal Music Streaming Server - koel - https://youtu.be/9ZrGV0zFbSw ? Deploy Wordpress in CentOS 7 with Docker - https://youtu.be/9whAlZIfEKE ? Using Portainer Deploy Minimalist Online Notepad & Using NPM Enable HTTPS with Basic Authentication - https://youtu.be/vWyE6qn-46o ? Deploy A File Index App for Local / Cloud Storages - AList - https://youtu.be/9ZFgm-5w8HY ?Chapters: 0:00 - Introduction 2:24 - Lets start it 4:26 - 1. Deploy AList Using Docker Run 8:10 - 2. Mount Local Storage 10:27 - 3. Mount Google Drive Storage 15:10 - End Scene #51Sec #NetSec ====================================================================== If you found this video has some useful information✍, please give me a thumb up ✅ and subscribe this channel ?to get more updates?: ⚡https://www.youtube.com/c/Netsec?sub_confirmation=1 ⚡Resource Collection and Bookmarks: https://sites.51sec.org/ Learning and Sharing - ?海内存知己,天涯若比邻 ⚡https://51sec.org ?https://itprosec.com

Watch video on YouTube here: https://youtu.be/9ZFgm-5w8HY by NetSec

1 Comment

[5 Minutes Docker Series] Deploy A Free File List App for Multiple Cloud Storages - Alist

12/25/2022

0 Comments

[5 Minutes Docker Series] Deploy A Free File List App for Multiple Cloud Storages - Alist

AList is a file list program that supports multiple storage, powered by Gin (back end) and Solidjs (front end). It is similar as some other programs I used before in this blog. You can find related posts regarding them, such as OnePoint, GoIndex, OneManager, FODI (Fast OneDrive Index), :

Unfortunately, most of those programs are not actively maintained although they are still working fine as long as you configured them correctly. AList is still actively developing at their Github site. I am really hoping the author found a good way to continue this Open Source project for a longer time.

So far, based on my experience and testing for all of those Cloud Drive File Listing program, AList is best, OnePoint is second. Others are still having some critical function / feature missing.

Related Sites for this AList project:

Github : https://github.com/alist-org/alist
Document: https://alist.nn.ci/
Demo: https://al.nn.ci

Introduction

This file list program, Alist, supports multiple storage, and supports web browsing and webdav, powered by gin and Solidjs

Features:

Support Multiple Storages

#

There might be more cloud storage supported already, please visit Github page to get latest list.

Docker Run to Deploy

Usage

stable version

docker run -d --restart=always -v /etc/alist:/opt/alist/data -p 5244:5244 --name="alist" xhofe/alist:latest

beta version (not recommended)

docker run -d --restart=always -v /etc/alist:/opt/alist/data -p 5244:5244 --name="alist" xhofe/alist:main

Initial password refer to logs.

Use the following command after running the above command:

docker logs alist
# or
docker exec -it alist ./alist password

Noets:

Docker Hub site:

https://hub.docker.com/r/xhofe/alist

Docker Run AList from https://labs.play-with-docker.com/

AList Manage backend:

You can change your AList App's logo, favicon, home icon and home container style:

Supported Preview File Type:

Audio types: mp3,flac,ogg,m4a,wav,opus
Video types: mp4,mkv,avi,mov,rmvb,webm,flv
Image types: jpg,tiff,jpeg,png,gif,bmp,svg,ico,swf,webp
Documents: doc,docx,xls,xlsx,ppt,pptx, pdf

PaaS To Deploy Alist

The initial password refer to logs.

Easy to use but easy to violate ToS too.

Herokuâ€‹

https://github.com/alist-org/alist-heroku-postgres

Notes:

There are some issues for Heroku deployment. Here is one FAQ post mentions some issues: https://elements.heroku.com/buttons/cqchenqin/alist-heroku

Free Database for PaaS Deployment

You may need to use another remote MySQL database as instance restarts will lose data. Recommended Free MySQL Databases:

Add Storages

Local

Google Drive:

If you have your own Client ID, Client Secret, and refresh token, you can directly paste them in here. As to how to get your own Google Drive's following information, I will put them into another post to talk about it.

To make it simple, you can use a default client id / client secret to generate your refresh_token for your Google drive folder, using https://tool.nn.ci/google/request:

After you collected all those information, you can enter them into this AList page to add your Google Drive folder to show all the files / folders.

OneDrive:

Same as Google Drive, it had better to have your own client id

To make it simple, we also can use https://tool.nn.ci/onedrive/request to generate all information.

Videos

Online AList Sites

Some collected AList sites as demo:

https://store.vvhan.com/

References

via Blogger http://blog.51sec.org/2022/12/5-minutes-docker-series-deploy-free.html
December 25, 2022 at 04:52PM Cloud

0 Comments

Config Basic Barracuda CloudGen FW Firewall Access & NAT Rules

12/24/2022

0 Comments

This video is to continue my Barracuda lab , starting configuring LAN and WAN interfaces, Firewall access rules and NAT rules. All are basic but it shoule be helpful to get you an idea how to start configuring this powerful Barracuda firewall. Related Post: ✍,https://blog.51sec.org/2022/12/barracuda-firewall-access-list-policy.html ✍https://blog.51sec.org/2022/11/barracuda-cloudgen-firewall-f12-initial.html Related Videos: ?Barracuda CloudGen Firewall F12 Initial Configuration - https://youtu.be/dP_0dO7LO8E ?Config Basic Barracuda CloudGen FW Firewall Access & NAT Rules - https://youtu.be/ZzVlsZxTtew 00:00 - Introduction 01:35 - Log into Firewall Dashboard 02:46 - Configure LAN/WAN Interfaces 08:28 - Config a Pass Rule for ICMP Traffic 11:56 - Create a DST NAT Rule for RDP Traffic 16:10 - End #51Sec #NetSec ====================================================================== If you found this video has some useful information✍, please give me a thumb up ✅ and subscribe this channel ?to get more updates?: ⚡https://www.youtube.com/c/Netsec?sub_confirmation=1 ⚡Resource Collection and Bookmarks: https://sites.51sec.org/ Learning and Sharing - ?海内存知己,天涯若比邻 ⚡https://51sec.org ?https://itprosec.com

Watch video on YouTube here: https://youtu.be/ZzVlsZxTtew by NetSec

0 Comments

Barracuda Firewall Access-list Policy Lab

12/24/2022

0 Comments

Barracuda Firewall Access-list Policy Lab

This post is going to show a basic initial configuration for Barracuda CloudGen Firewall F12.

Topology

Online PNG Format Topology Diagram:

Configure Interfaces

Go to Configuration - IP Configuration - Shared Networks and IPs:

Add LAN and WAN interfaces in with corresponding configuration:

Configure Forwarding Firewall Rule

A Pass access rule permits traffic for a specific Service coming from the Source to access the selected Destination . For the Source and Destination , you can specify network objects, IP addresses, networks, or geolocation objects .

Note: https://campus.barracuda.com/product/cloudgenfirewall/doc/79462929/how-to-create-a-pass-access-rule/

Configure Destination NAT Firewall Rule

A Dst NAT access rule redirects traffic that is sent to an external IP address to a destination in the internal network. The following example shows a Dst NAT rule allowing HTTP and HTTPS access from the Internet to a server in the DMZ (172.16.0.10). The redirect target can be a single IP address or hostname, or a network object. Hostnames and IP addresses can be appended with a port number to redirect the traffic to a different port.

Note: https://campus.barracuda.com/product/cloudgenfirewall/doc/79462926/how-to-create-a-destination-nat-access-rule/

References

via Blogger http://blog.51sec.org/2022/12/barracuda-firewall-access-list-policy.html
December 24, 2022 at 11:45AM Security

0 Comments

Cybersecurity Governance Overview

12/23/2022

0 Comments

Cybersecurity Governance Overview

Cybersecurity governance refers to the component of governance that addresses an organization's dependence on cyberspace in the presence of adversaries. The ISO/IEC 27001 standard defines cybersecurity governance as the following:

The system by which an organization directs and controls security governance, specifies the accountability framework and provides oversight to ensure that risks are adequately mitigated, while management ensures that controls are implemented to mitigate risks.

Introduction

Traditionally, cybersecurity is viewed through the lens of a technical or operational issue to be handled in the technology space. Cybersecurity planning needs to fully transition from a back-office operational function to its own area aligned with law, privacy and enterprise risk. The CISO should have a seat at the table alongside the CIO, COO, CFO and CEO. This helps the C-suite understand cybersecurity as an enterprise-wide risk management issue -- along with the legal implications of cyber-risks -- and not solely a technology issue.

The C-suite can then set the appropriate tone for the organization, which is the cornerstone of any good governance program. Establishing the right tone at the top is much more than a compliance exercise. It ensures everyone is working according to plan, as a team, to deliver business activities and ensure the protection of assets within the context of a risk management program and security strategy.

Historically, cybersecurity was managed by implementing a solution to solve a problem or mitigate a risk. Many cybersecurity departments have technical security safeguards, such as firewalls or intrusion detection, but often lack basic cybersecurity governance policies, best practices and processes. Where they do exist, policies or processes are often outdated or ignored.

Many cybersecurity departments also have poor or inadequate cybersecurity awareness training programs that fail to address all levels of an organization. As we have learned from recent breaches, many organizations have inadequate hardening and patching programs. Poor access control practices, such as uncontrolled group passwords, shared accounts, proliferated admin privileges, shared root access and the absence of an authorization process except at a low operational level, also are problematic.

Steps

Here are six steps that can help an organization grow and sharpen its cybersecurity governance program:

Establish the current state.
- Complete a cyber-risk assessment to understand the gaps, and create a roadmap to close those gaps.
- Complete a maturity assessment.
Create, review and update all cybersecurity standards, policies and processes.
- Many describe this as low-hanging fruit -- and it is -- but it is a heavy lift. Take the time needed to establish the structure and expectations of cybersecurity governance.
Approach cybersecurity from an enterprise lens.
- Understand what data needs to be protected.
- How are the cyber-risks aligned with enterprise risk management?
- What is the relative priority of cybersecurity investment as compared with other types of investments?
Increase cybersecurity awareness and training.
- With the rise in remote work driven by COVID-19 and the ongoing adoption of hybrid work models, we are no longer just training our internal employees. With so many people working from home and many children attending school online, it is critical that the entire family understands good cyber hygiene.
Cyber-risk analytics: How are threats modeled and risks contextualized and assessed?
- When creating the risk model, consider all the risks to your organization -- external, internal and third party.
Monitor, measure, analyze, report and improve.
- This is not a one-and-done exercise. Establish regular assessment intervals, measure what matters, analyze the data and create an improvement plan.
- Report to the board on cyber maturity and the cyber-risk posture across the organization.

Another similar six cyber security governance steps diagram:

Note: https://www.ncsc.govt.nz/assets/NCSC-Documents/NCSC-Cyber-Security-Governance.pdf

Build Cyber Security Governance Step Example

1. Create Cybersecurity Transformation

1.1 ESTABLISH CURRENT STATE

As a first step, the current state of cybersecurity and the existing governance model should be assessed and established. This means that, beyond the assumptions that may have existed before, cybersecurity in its present state should be described “as is,” including all weaknesses and deficiencies. Typically, this includes any systemic weaknesses previously identified (see previous section) and the pain points that have triggered the need for transformation. The underlying objective is to go from the initial observation that “we cannot go on like this” to a more constructive view of existing information security governance, management and assurance. The current state review will also reveal any weaknesses in management attitudes. As described previously, neither the minimalist nor the “zero tolerance” attitude are likely to lead to success. Part of establishing the current state of cybersecurity is to identify the exact position of the enterprise in terms of attitudes, beliefs and security spending behavior. In summary, the governance model selected by the enterprise is likely to provide a lot of insight on what may have led to the, apparently unsatisfactory, current state. Taking stock in this manner may be a painful exercise. However, it is indispensable as a starting point in transforming cybersecurity. Only where weaknesses have been recognized beyond doubt, and clearly articulated, will the enterprise be able to transition to an improved way of governing cybersecurity.

1.2 DEFINE TARGET STATE

Once the existing state of cybersecurity is known and fully acknowledged, the future or target state may be defined based on weaknesses and deficiencies, risk and vulnerabilities, and the extent to which the enterprise will be able to change and adapt to the trends in attacks, breaches and incidents. Where the target state is not clearly understood, it is unlikely that a transformation approach will be successful.

Typical pitfalls include:

• Lack of realism—The target state is formulated as a wish list for perfection, rather than the next obvious (and stable) state of overall cybersecurity.

• Escalating commitment—The target state is defined as “just a little more of what we are doing now,” without incorporating the changed threat and vulnerability landscape, not to mention actual attacks and breaches.

• Blurred vision—The target state is defined based on wrong assumptions—e.g., where organizational management does not incorporate future trends in cybercrime and cyberwarfare.

• Governance model bias—The current governance model (e.g., “zero tolerance” or “we are insured”) is maintained, ignoring strong signals that it may be dysfunctional.

In transformation thinking, the target from a governance perspective is to identify the next stable—and, therefore, achievable—level at which cybersecurity will be able to meet the needs of stakeholders, and at which there will be a reasonable level of protection against attacks and breaches. Transforming cybersecurity is a repetitive and iterative exercise that resembles a life cycle rather than a one‐off project.

1.3 STRATEGIC AND SYSTEMIC TRANSFORMATION

The distance between the current and future states of overall cybersecurity is subject to governance as well as management. Once the target state has been identified and defined, there are two dimensions of change that need to be planned, managed and monitored. The strategic dimension covers setting strategy, planning and implementing high‐level steps, and initiating a program and related portfolio of cybersecurity projects. The systemic dimension addresses dependencies between parts of the cybersecurity system that will have an impact on how change will be achieved and what will be the immediate and secondary effects.

Transforming cybersecurity in a systemic way also means that any changes will need to be examined with regard to unwelcome side effects. As an example, the deployment of an awareness program for employees may be beneficial in terms of improving vigilance and attention to detail. However, an unwelcome secondary result might be that a large number of “false positives” increases the cost of incident management and
distracts attention from real (but unobtrusive) APT attacks. More complex dependencies may exist in cybersecurity systems that will only come to light if the transformation is seen as a systemic and holistic exercise.

2. ESTABLISHING CYBERSECURITY GOVERNANCE

Information security governance in general sets the framework and boundaries for security management and related solutions. This necessarily includes formal policies, procedures and other elements of guidance that the agencies are required to follow. However, where governance in its best sense means “doing the right things,” it needs to take into account that a large part of cybersecurity is concerned with handling unexpected events and incidents.

Cybersecurity governance is both preventive and corrective. It covers the preparations and precautions taken against cybercrime, cyberwarfare and other relevant forms of attack. At the same time, cybersecurity governance determines the processes and procedures needed to deal with actual incidents caused by an attack or security breach. In this context, governance principles and provisions must be reasonably flexible to allow for the fact that attacks are often unconventional, generally against the rules, and most often designed to circumvent exactly those procedures and common understandings within the organization that keep the business running. Establish Cybersecurity governance with following six‐step approach as explained below:

STEP 1: IDENTIFY STAKEHOLDER NEEDS

• Determine the internal and external (usually restricted) stakeholders and their interest in organizational Cybersecurity.
• Incorporate confidentiality needs and mandated secrecy in the identification process.
• Understand how cybersecurity should support overall enterprise objectives and protect stakeholder interests.
• Identify reporting requirements for communicating and reporting about cybersecurity (contents, detail).
• Clearly define and articulate instances of reliance on the work of others (for external auditors).
• Define and formally note confidentiality and secrecy requirements for external auditors.

STEP 2: MANAGE CYBERSECURITY TRANSFORMATION STRATEGY.

• Review legal and regulatory provisions in cybercrime and cyberwarfare
• Identify the senior management tolerance level in relation to attacks and breaches.
• Validate business needs (express and implied) with regard to attacks and breaches
• Identify and articulate any game changers or paradigm shifts in cybersecurity.
• Document systemic weaknesses in cybersecurity as regards the business and its objectives
• Identify and validate strategy for cybersecurity (“zero tolerance” vs. “living with it”)
• Identify adaptability, responsiveness and resilience of strategy in terms of cybersecurity attacks and breaches
• Identify any rigid/brittle governance elements that may inadvertently be conducive to cybercrime and cyberwarfare (e.g., instances of over control)
• Define the expectations, in alignment with strategy (“zero tolerance” vs. “living with it”), with regard to cybersecurity, including ethics and culture.
• Highlight any ethical/cultural discontinuities that exist or emerge.
• Define the target culture for cybersecurity, and develop a cybersecurity awareness program.
• Obtain management commitment for the selected strategy

STEP 3: DEFINE CYBERSECURITY STRUCTURE

Structure

• Define the Cybersecurity organizational structure – an appropriate platform/committee, in alignment with information security and information risk functions.
• Highlight any barriers or other organizational segregation of duties/information.
• Mandate an appropriate cybersecurity function, including incident and attack response

Roles and Responsibilities

• Determine an optimal decision‐making model for cybersecurity— this may be distinct and different from “ordinary” information security
• Define high‐level RACI (responsible, accountable, consulted, informed) model for cybersecurity function, including any external resources.
• Consider any extended decision rights that may be applicable in crisis/ incident handling situations.
• Determine cybersecurity obligations, responsibilities and tasks of other organizational roles (including groups and individuals).
• Ensure cybersecurity participation at the steering committee level.
• Embed cybersecurity transformation activities in the steering committee agenda.

Communications

• Establish escalation points for attacks, breaches and incidents (information security, crisis management, etc.)
• Define escalation paths for cybersecurity activities and transformational steps (e.g., new vulnerabilities and threats).
• Establish fast‐track/crisis mode decision procedures with escalation to senior management.
• Identify the means and channels to communicate cybersecurity issues and information.
• Prioritize cybersecurity reporting to stakeholders by applying the principles of least privilege and need‐to‐know basis.
• Develop appropriate guidance for associates.

Integration

• Integrate, to the appropriate extent, the cybersecurity direction into the overall information security direction, and highlight areas of cybersecurity that are deliberately kept separate and distinct.
• Establish interfaces between the cybersecurity function and other information security roles.
• Embed cybersecurity reporting into the generic reporting methods for information security.

STEP 4: MANAGE CYBERSECURITY RISKS

• Determine risk appetite/tolerance levels in terms of cybercrime and cyberwarfare attacks and breaches at the board/management level.
• Align risk tolerance levels against the overall strategy (“zero tolerance” vs. “living with it”).
• Compare cybersecurity and generic information security risk tolerance levels and highlight inconsistencies.
• Integrate cybersecurity risk assessment and management within overall information security management.

STEP 5: OPTIMIZE CYBERSECURITY RESOURCES

• Evaluate the effectiveness of cybersecurity resources in comparison with information security and information risk needs.
• Validate cybersecurity resources in terms of specific goals and objectives.
• Ensure that cybersecurity resource management is aligned to overarching information security needs.
• Include external resource management.

STEP 6: MONITOR CYBERSECURITY EFFECTIVENESS

• Track cybersecurity outcomes and effects, particularly with a view to changes in attacks/breaches/incidents.
• Compare outcomes against transformation steps and milestones – initial (current state) and future (target state) expectations.
• Integrate cybersecurity measurements and metrics into routine compliance check mechanisms.
• Evaluate threats and vulnerabilities relevant to cybersecurity, and incorporate the changing threat landscape into cybersecurity strategy.
• Monitor the risk profile for attacks/breaches and the corresponding risk appetite to achieve optimal balance between cybersecurity risk and business opportunities.
• Measure the effectiveness of cybersecurity resources (internal and external) against defined information security needs, goals and objectives.

Note: https://www.moheri.gov.om/userupload/Policy/Cyber%20Security%20Governance%20Guidelines.pdf

Cybersecurity: Governance vs Management

Cyber security governance should not be confused with cyber security management. Cyber security management is concerned with making decisions to mitigate risks; governance determines who is authorized to make decisions. Governance specifies the accountability framework and provides oversight to ensure that risks are adequately mitigated, while management ensures that controls are implemented to mitigate risks. Management recommends security strategies. Governance ensures that security strategies are aligned with business objectives and consistent with regulations.

NIST describes IT governance as the process of establishing and maintaining a framework to provide assurance that information security strategies are aligned with and support business objectives, are consistent with applicable laws and regulations through adherence to policies and internal controls, and provide assignment of responsibility, all in an effort to manage risk.

Governance: doing the right thing.
Management: doing things right.

Governance	Management
Oversight	Implementation
Authorizes decision rights	Authorized to make decisions
Enact policy	Enforce policy
Accountability	Responsibility
Strategic planning	Project planning
Resource allocation	Resource utilization

Cyber Security : Governance vs Operation

Governance is an important topic in cybersecurity, as it describes the policies and processes which determine how organizations detect, prevent, and respond to cyber incidents. In many organizations, there is a division between governance and operation (management). Those who work in governance tend to emphasize strategic planning, whereas operation (management) deals with the day-to-day operationalized approach to security. Sometimes this results in different leadership perspectives.

Making the organizational move from a divided hierarchy to one in which strategy informs operation (and operation informs strategy) is a difficult challenge. Communication is key to effectively managing expectations, messaging, and security posture throughout the process.

Detect, prioritize, and control

Operational controls – the real-life response to a cybersecurity incident – should be the focus of any security program. Managing these controls and reporting to a governance structure may not require the knowledge of operationalization, but instead may rely on an agreed-upon level of confidence in respect to risk management involving both governance and operational leadership.

In addition to working alongside governance experts, operational controls managers should measure their security posture against a framework or baseline such as the CIS Controls™ or NIST Cyber Security Framework. Conducting such an assessment is important, as understanding your organization’s compliance levels is key to finding weaknesses in the organizational controls as well as the prioritization of investment for strengthening controls.

A previous blog post discussed calculating your risk-reduction ROI; after identifying weaker controls, we can start to use this single calculation to define what provides the greatest level of return on investment as well as the greatest reduction in risk. In future blog posts, risk will be discussed with respect to quantitative analysis, using a Monte Carlo simulation to demonstrate how a single risk and control mitigation can provide an overall reduction in risk to the whole organization.

With clearer reporting and analysis of risk reduction, we can bridge the gap between governance and operational security, leading to better strategic decision making and a more unified approach to the cyber threat landscape.

Note: https://www.cisecurity.org/insights/blog/breaking-the-divide-between-governance-and-operational-cybersecurity

Plan - Do - Check - Act model

The ICGM utilizes a Plan, Do, Check & Act (PCDA) approach that is a logical way to design a governance structure:

Plan. The overall GRC/IRM process beings with planning. This planning will define the policies, standards and controls for the organization. It will also directly influence the tools and services that an organization purchases, since technology purchases should address needs that are defined by policies and standards.
Do. Arguably, this is the most important section for cybersecurity and privacy practitioners. Controls are the “security glue” that make processes, applications, systems and services secure. Procedures (also referred to as control activities) are the processes how the controls are actually implemented and performed. The Secure Controls Framework (SCF) can be an excellent starting point for a control set if your organization lacks a comprehensive set of cybersecurity and privacy controls.
Check. In simple terms, this is situational awareness. Situational awareness is only achieved through reporting through metrics and reviewing the results of audits/assessments.
Act. This is essentially risk management, which is an encompassing area that deals with addressing two main concepts (1) real deficiencies that currently exist and (2) possible threats to the organization.

Note: https://www.linkedin.com/pulse/integrated-cybersecurity-governance-model-plan-do-check-tom-cornelius/

cybersecurity policies standards procedures metrics

Plan – Policies & Standards

Do – Controls & Procedures

Check – Reporting & Assessments

Act – Risk Management

References

Cyber Security Governance A Component of MITRE's Cyber Prep Methodology

via Blogger http://blog.51sec.org/2022/12/cybersecurity-governance-overview.html
December 23, 2022 at 09:45AM Architecture

0 Comments

Gartner Magic Quadrant for Enterprise Network Firewall (2010-2022)

12/22/2022

0 Comments

Gartner Magic Quadrant for Enterprise Network Firewall (2010-2022)
Based on Gartner's definition, the enterprise network firewall " is composed primarily of purpose-built appliances for securing enterprise corporate networks. Products must be able to support single-enterprise firewall deployments and large and/or complex deployments, including branch offices, multitiered demilitarized zones (DMZs) and, increasingly, the option to include virtual versions for the data center. Customers should also have the option to deploy versions within Amazon Web Services (AWS) and Microsoft Azure public cloud environments. These products are accompanied by highly scalable (and granular) management and reporting consoles, and there is a range of offerings to support the network edge, the data center, branch offices and deployments within virtualized servers and the public cloud. "

Here is the difference from UTM appliance, which UTM approaches are suitable for small or midsize businesses (SMBs), but not for the remainder of the enterprise market.

2022

Fortinet, Palo Alto, and Check Point has once again been named a Leader in the 2022 Gartner® Magic Quadrant™ for Network Firewalls.

2021

Fortinet is in Leader quadrant since 2016.

2020

2019

2018 Gartner Magic Quadrant for Enterprise Network Firewalls

Cisco comes back to Leaders quadrant again. Palo Alto, Fortinet and Check Point are still doing well as Leaders.

2017 Gartner Magic Quadrant for Enterprise Network Firewalls

2016 Gartner Magic Quadrant for Enterprise Network Firewalls

Reference:
https://www.amerinet.com/sites/default/files/2016%20FW%20gartner%20report.pdf

2015 Gartner Magic Quadrant for Enterprise Network Firewalls

Gartner, Inc. has released the latest Magic Quadrant for Enterprise Network Firewalls on April 22, 2015:

The biggest change in this year is Juniper lost their challengers position in the magic quadrant based on following reasons. In 2010 Juniper was in leaders quadrant:

"Juniper is assessed as a Niche Player for enterprises, mostly because we see it selected in concert with other Juniper offerings, rather than displacing competitors based on its vision or features, and we see it being replaced in enterprise environments more often than we see it selected. Juniper is, however, shortlisted and/or selected in mobile service provider deployments and large-enterprise data center deployments, primarily because of price and high throughput on its largest appliances." - From Gartner report.

Other small changes from 2014 to 2015:

Fortinet is doing pretty good and geting closer to Leaders Quadrant.
In the leader Quadrant, the position between Palo Alto and Check Point is getting closer and closer for last four years.

CheckPoint has been in Leaders Magic Quadrant Since 1997, and Palo Alto becomes leaders since 2011.

2014 Gartner Magic Quadrant for Enterprise Network Firewall:

Palo Alto and Checkpoint position into leader quadrant again.

This is the third year for Palo Alto and seventeenth year for Checkpoint to list in the leader quadrant.

2013 Gartner Magic Quadrant for Enterprise Network Firewall:

Note: There is no 2012 Gartner Magic Quadrant for Enterprise Network Firewall

2011 Gartner Magic Quadrant for Enterprise Network Firewalls

Gartner Magic Quadrant for Enterprise Network Firewall:

2010 Gartner Magic Quadrant for Enterprise Network Firewall:

Reference:

1. Gartner 2015 Magic Quadrant for Enterprise Network Firewalls

via Blogger http://blog.51sec.org/2014/04/2014-gartner-magic-quadrant-for.html
December 22, 2022 at 04:31PM Security

0 Comments

Using Portainer Deploy Minimalist Online Notepad & Using NPM Enable HTTPS with Basic Authentication

12/20/2022

1 Comment

My previous video has shown two ways to deploy this open source online notepad project - Minimalist. This video shows more advanced usages, such as enable https on your own custom domain, and enable basic authentication to protect your Web App. Related Post: ✍https://blog.51sec.org/2022/12/5-mins-docker-series-minimalist-web.html 5 Minutes Docker Series: ? Install A Web Notepad App - Minimalist - https://youtu.be/8Ea1-6Knl-g ? Install An Open Source Personal Music Streaming Server - koel - https://youtu.be/9ZrGV0zFbSw ? Deploy Wordpress in CentOS 7 with Docker - https://youtu.be/9whAlZIfEKE Related Videos: ?Get Two Free and Permanent VPS from Oracle Cloud Platform - https://youtu.be/E9dHA3NBbN8 ?Using Portainer to install NPM and Configure Domain Name Access for Management Portal of Portainer & NPM - https://youtu.be/_gKl_wtY_Gg ?Using Rclone To Add Cloud Drive(s) Into Your VPS and Execute Read/Write Performance Test - https://youtu.be/A_o9E1yx-O4 #51Sec #NetSec ====================================================================== If you found this video has some useful information✍, please give me a thumb up ✅ and subscribe this channel ?to get more updates?: ⚡https://www.youtube.com/c/Netsec?sub_confirmation=1 ⚡Resource Collection and Bookmarks: https://sites.51sec.org/ Learning and Sharing - ?海内存知己,天涯若比邻 ⚡https://51sec.org ?https://itprosec.com

Watch video on YouTube here: https://youtu.be/vWyE6qn-46o by NetSec

1 Comment

[5 Mins Docker Series] Install A Web Notepad App - Minimalist

12/18/2022

0 Comments

This video is to show you two different ways to install a Github project - Minimalist as your Web Notepad. It is a simple web appliction to get a notepad in your web browser and you can use it to collaborate with others over Internet. Related Post: ✍https://blog.51sec.org/2022/12/5-mins-docker-series-minimalist-web.html 5 Minutes Docker Series: ? Install A Web Notepad App - Minimalist - https://youtu.be/8Ea1-6Knl-g ? Install An Open Source Personal Music Streaming Server - koel - https://youtu.be/9ZrGV0zFbSw ? Deploy Wordpress in CentOS 7 with Docker - https://youtu.be/9whAlZIfEKE Related Videos: ?Get Two Free and Permanent VPS from Oracle Cloud Platform - https://youtu.be/E9dHA3NBbN8 ?Using Portainer to install NPM and Configure Domain Access for Management Portal of Portainer & NPM - https://youtu.be/_gKl_wtY_Gg ?Using Rclone To Add Cloud Drive(s) Into Your VPS and Execute Read/Write Performance Test - https://youtu.be/A_o9E1yx-O4 #51sec #NetSec ====================================================================== If you found this video has some useful information✍, please give me a thumb up ✅ and subscribe this channel ?to get more updates?: ⚡https://www.youtube.com/c/Netsec?sub_confirmation=1 ⚡Resource Collection and Bookmarks: https://sites.51sec.org/ Learning and Sharing - ?海内存知己,天涯若比邻 ⚡https://51sec.org ?https://itprosec.com

Watch video on YouTube here: https://youtu.be/8Ea1-6Knl-g by NetSec

0 Comments

Configure NTFS Permissions (Windows ACLs) on Azure File Share Folders

12/17/2022

0 Comments

Configure NTFS Permissions (Windows ACLs) on Azure File Share Folders

We can configure Windows access control lists (ACLs), also known as NTFS permissions, at the root, directory, or file level on directory and file level over mounted file share(s). While share-level permissions act as a high-level gatekeeper that determines whether a user can access the share, Windows ACLs operate at a more granular level to control what operations the user can do at the directory or file level.

Both share-level and file/directory-level permissions are enforced when a user attempts to access a file/directory, so if there's a difference between either of them, only the most restrictive one will be applied. For example, if a user has read/write access at the file level, but only read at a share level, then they can only read that file. The same would be true if it was reversed: if a user had read/write access at the share-level, but only read at the file-level, they can still only read the file.

There are multiple ways we can apply NTFS permission during your data migration by using other tools such as azcopy or robocopy. Here are some related posts:

In this post, I am going

Azure Share-Level Permission Mapping to NTFS Permission

Share-level permission = RBAC permissions:

The following table contains the Azure RBAC permissions related to this configuration. If you're using Azure Storage Explorer, you'll also need the Reader and Data Access role in order to read/access the file share.

Share-level permission (built-in role)	NTFS permission	Resulting access
Storage File Data SMB Share Reader	Full control, Modify, Read, Write, Execute	Read & execute
	Read	Read
Storage File Data SMB Share Contributor	Full control	Modify, Read, Write, Execute
	Modify	Modify
	Read & execute	Read & execute
	Read	Read
	Write	Write
Storage File Data SMB Share Elevated Contributor	Full control	Modify, Read, Write, Edit (Change permissions), Execute
	Modify	Modify
	Read & execute	Read & execute
	Read	Read
	Write	Write

Supported Windows ACLS (NTFS)

Azure Files supports the full set of basic and advanced Windows ACLs.

Users	Definition
`BUILTIN\Administrators`	Built-in security group representing administrators of the file server. This group is empty, and no one can be added to it.
`BUILTIN\Users`	Built-in security group representing users of the file server. It includes `NT AUTHORITY\Authenticated Users` by default. For a traditional file server, you can configure the membership definition per server. For Azure Files, there isn't a hosting server, hence `BUILTIN\Users` includes the same set of users as `NT AUTHORITY\Authenticated Users`.
`NT AUTHORITY\SYSTEM`	The service account of the operating system of the file server. Such service account doesn't apply in Azure Files context. It is included in the root directory to be consistent with Windows Files Server experience for hybrid scenarios.
`NT AUTHORITY\Authenticated Users`	All users in AD that can get a valid Kerberos token.
`CREATOR OWNER`	Each object either directory or file has an owner for that object. If there are ACLs assigned to `CREATOR OWNER` on that object, then the user that is the owner of this object has the permissions to the object defined by the ACL.

The following permissions are included on the root directory of a file share:

BUILTIN\Administrators:(OI)(CI)(F)
BUILTIN\Users:(RX)
BUILTIN\Users:(OI)(CI)(IO)(GR,GE)
NT AUTHORITY\Authenticated Users:(OI)(CI)(M)
NT AUTHORITY\SYSTEM:(OI)(CI)(F)
NT AUTHORITY\SYSTEM:(F)
CREATOR OWNER:(OI)(CI)(IO)(F)

Mount the file share using storage account key

Before you configure Windows ACLs, you must first mount the file share by using your storage account key. To do this, log into a domain-joined device, open a Windows command prompt, and run the following command. Remember to replace <YourStorageAccountName>, <FileShareName>, and <YourStorageAccountKey> with your own values. If Z: is already in use, replace it with an available drive letter. You can find your storage account key in the Azure portal by navigating to the storage account and selecting Security + networking > Access keys, or you can use the Get-AzStorageAccountKey PowerShell cmdlet.

It's important that you use the net use Windows command to mount the share at this stage and not PowerShell. If you use PowerShell to mount the share, then the share won't be visible to Windows File Explorer or cmd.exe, and you'll have difficulty configuring Windows ACLs.

net use Z: \\<YourStorageAccountName>.file.core.windows.net\<FileShareName> /user:localhost\<YourStorageAccountName> <YourStorageAccountKey>

net use Z: \\<YourStorageAccountName>.file.core.windows.net\<FileShareName> /user:localhost\<YourStorageAccountName> <YourStorageAccountKey>

Example::

net use R: \\fileshare4test.file.core.windows.net\fstest /user:localhost\fileshare4test h1GUuy3YasaG1LLNjQLQ8wD9PpYtyeVY1MY6s4s11BJLJQTzyUaX69LzYsDVyYOKm3cXgrsvYOpX+AStkQD+zW==

Other Command:

net use

Robocopy Command with permission to copy

Robocopy "F:\testshare" "R:\test" /COPY:DAT /SEC /MIR /R:10 /W:5 /V /ETA

azcopy Command with permission to copy

./azcopy.exe copy "F:\testshare\" "https://fileshare4test.file.core.windows.net/fstest/testfolder/?sv=2021-06-08&ss=bfqt&srt=sco&sp=rwdlacupiytfx&se=2022-09-13T05:11:14Z&st=2022-09-12T21:11:14Z&spr=https&sig=85MdmVM%2FGwPmAQSay0sDC1mCboxZZP62UdFnYmW1HHR%3D" --preserve-smb-info=true --preserve-smb-permissions=true --disable-auto-decoding=false --recursive --log-level=INFO

Videos

References

Configure directory and file-level permissions over SMB

via Blogger http://blog.51sec.org/2022/12/configure-ntfs-permissions-windows-acls.html
December 17, 2022 at 06:34PM Cloud

0 Comments

<<Previous

Build Confidence

Introduction

Support Multiple Storages

Docker Run to Deploy

Usage

stable version

beta version (not recommended)

Initial password refer to logs.

Docker Run AList from https://labs.play-with-docker.com/

PaaS To Deploy Alist

Koyebâ€‹

Renderâ€‹

Railwayâ€‹

Herokuâ€‹

Free Database for PaaS Deployment

Add Storages

Local

Google Drive:

OneDrive:

Videos

Online AList Sites

References

Topology

Configure Interfaces

Configure Forwarding Firewall Rule

Configure Destination NAT Firewall Rule

References

Introduction

Steps

Build Cyber Security Governance Step Example

1. Create Cybersecurity Transformation

2. ESTABLISHING CYBERSECURITY GOVERNANCE

Cybersecurity: Governance vs Management

Cyber Security : Governance vs Operation

Detect, prioritize, and control

Plan - Do - Check - Act model

Plan – Policies & Standards

Do – Controls & Procedures

Check – Reporting & Assessments

Act – Risk Management

References

2022

2021

2020

2019

2017 Gartner Magic Quadrant for Enterprise Network Firewalls

2016 Gartner Magic Quadrant for Enterprise Network Firewalls

2015 Gartner Magic Quadrant for Enterprise Network Firewalls

2014 Gartner Magic Quadrant for Enterprise Network Firewall:

2013 Gartner Magic Quadrant for Enterprise Network Firewall:

2011 Gartner Magic Quadrant for Enterprise Network Firewalls

2010 Gartner Magic Quadrant for Enterprise Network Firewall:

Reference:

Azure Share-Level Permission Mapping to NTFS Permission

Supported Windows ACLS (NTFS)

Mount the file share using storage account key

Videos

References

Categories

Archives