Basic GDPR

Away from the bit more interesting technical side of information security, there is allways the law and compliance issues. And with May 2018 aproaching, GDPR is a good topic.

General Data Protection Regulation (GDPR) is governance designed to safeguard sensitive data for all individuals and businesses based in the European Union (EU).

Once implemented in May 2018, the act will override the previous regulation installed back in 1995. It is applicable on all sovereign members, thus having an expansive scope. GDPR Compliance will guarantee consistency and transparency of personal data for all concerned.

Any organization controlling or processing data must abide by the GDPR. Companies must serve a steep cost of utilizing this classification as well.
Leading professional services firm PwC suggest that up to 68% of US based enterprises expect to spend between one and ten million dollars to comply with the GDPR. Although based abroad, any business handling EU data is also exposed to GDPR.

Failure to comply is also accompanied by precipitous costs. Penalties may tantamount to 20 million Euros or 4% of global turnover in some cases. Other estimates strongly hint that a slew of businesses will fall in the non-compliance category.

Personal data which is relevant includes basic identification, medical records, information of the cultural variety, political opinions and gender related data as well.

Security is decisive on the internet. In the past, data leakages have comprised individuals and companies alike. Under the forthcoming GDPR, if there is a breach, then the relevant authorities must be notified with immediate effect.

In the United Kingdom, this will be the Information Commissioner’s Office. Interestingly, despite the inception of Brexit, which would mean the UK exit the EU, the former are still liable to enforce GDPR. Statement whih will probably have to change depending on the ongoing Brexit activities.

The GDPR is bound to alter the landscape of data handling. The immediate need to comply with this privacy protection measure has created a sense of urgency in the region. Since there is an assemblage of stakeholders, the precedent this governance will set will not be completed swiftly.

Improved home lab

So, after the new hardware upgrade, time to set-up proper functioning lab.

Some background: the infrastructure in question will be for engineering company with about ~50 employees. It will have 4 branches, 3 operating within the major economical regions – EMEA, APAC, AMCS, and fourth one – the HQ. This will be used for setting up the active directory structure later on. Every branch will have local HR, finance, engineering team, on-site support and all the basic departments (definitely not the most optimized solution, but should be interesting).

Underlying infrastructure: Heavily based on Microsoft products: composed Workstations with Windows 10, on-premise Exchange, File & Share servers. To spice up the things, there will be some Linux based instances, use primary for java, web & middleware, sandboxing and testing. In the end there would be also some android devices, just for the sake of testing BYOD scenarios. Active directory will be used for proper management.

Security solutions: here is the funny part – hopefully more thinks will break and will have to be fixed for the fun.

  • Antivirus: Symantec Endpoint Protection, McAfee Enterprise & Microsoft Defender.
  • Encryption: Checkpoint Full Disk Encryption and Microsoft BitLocker
  • Network Security: Symantec Endpoint Protection, Splunk, AlienVault
  • Vulnerability management: Nessus
  • Penetration testing: Kali OS, Parrot OS
    More to be added in the future.

Fix: Windows 10 installs various apps and games without asking

So Windows 10 includes a new feature that automatically installs apps from the Windows Store because it wants to promote some of them. Usually, not a problem, but can be of annoyance. Fortunately, there is a quick solution:

  1. Open Registry Editor
  2. Go to
    1. HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CloudContent
    2. if the value is not present, you will need to make one
  3. Create a 32-bit DWORD value for the key:
    1. name: DisableWindowsConsumerFeatures
    2. value:1
DisableWindowsConsumerFeatures
DisableWindowsConsumerFeatures

Restart the computer.

Life span of a Linux user/ basic Linux user management

Bob comes into the company and wants to use Linux as his main Operating system.

Some of the basic moments in the lifespan of his user on Linux are: user creation, group adding, SELinux user related activities, deletion, etc.

Continue reading “Life span of a Linux user/ basic Linux user management”

Fix: Fedora 25 Server stuck at “Setting up installation source” [probably Bug 1048344]

Fix: Fedora 25 Server stuck at “Setting up installation source”

Installation started, everything selected and you end up with the following screen and ongoing process of “Setting up installation source”.

Stuck at setting up installation sources fedora 25 server
Stuck at setting up installation sources fedora 25 server

Possible problem, that can cause this is related to the networking (or the lack of decent connection in this case). Probably caused by Bug 1048344, more info on which can be found here.

So after removing the virtual switch, everything continued flawlessly 😊.

Series: Security testing

Series: Security testing

Purpose:

  • Analyze various malware [viruses, trojans, keyloggers] in sandbox environment
  • Penetration testing [web applications, system testing]
  • Intrusion prevention/ detection system deployment, usage and testing
  • Vulnerability management
    • Testing vulnerability management solutions
    • Testing vulnerabilities them selves
  • Policy compliance

Continue reading “Series: Security testing”

Series: Gaining some Linux traction

Series: Gaining some Linux traction

Purpose:

  • Delve into Linux system administration
  • Practice installation, configuration, and other package/ program management tasks
  • Test networking and security
  • Gain additional experience in administering *nix systems
  • Enjoy VIM and try out EMACS
  • Gather some scattered knowledge
  • enjoy while building, breaking and fixing

Continue reading “Series: Gaining some Linux traction”

Series: Compact corporate environment

Series: Compact corporate environment

Purpose:

  • troubleshoot common problems found in complex environment
  • gain additional experience
  • test new products and features
  • develop some PowerShell and Desired State configuration scripts
  • go through the design and deployment phases
  • enjoy while building, breaking and fixing

Continue reading “Series: Compact corporate environment”

FIX: Windows cannot find the Microsoft Software License Terms

So, setting up a nice Windows Server 2012 R2 machine in Hyper-V for some active directory testing.

Allocating the minimum required resources for WS 2012 R2, as seen here , and just after selecting the edition that I wanted to install [doesn’t matter if you prefer Standard or datacenter edition, with or without GUI], a greeting window appeared:

Windows cannot find the Microsoft Software License Terms
Windows cannot find the Microsoft Software License Terms

Continue reading “FIX: Windows cannot find the Microsoft Software License Terms”

Office 365 lab set up [in progress]

A useful guide for setting up an Office 365 lab for testing purposes.

Components:

  • On-premise domain controller
  • On-premise SCCM
  • Public cloud exchange server
  • Windows 10 workstation
  • Windows 8.1 workstation

Original article available here.

 

Nice readings, conversions or forums, related to the post:

  • Moving Domain controller to cloud (AWS or Azure) for a small business @ Spice Works – available here.
  • Protect Active Directory and DNS with Azure Site Recovery @ Microsoft – available here.
  • Install a new Active Directory forest on an Azure virtual Network @ Microsoft, available here.