Microsoft Policy Analyzer 3.0 Update available

WARNING: THIS link will download Policy Analyzer 3.0 and samples in a safe zip file from Microsoft:

Microsoft Policy Analyzer 3.0 is now available  and according to Aaron Margosis: “Policy Analyzer is a utility for analyzing and comparing sets of Group Policy Objects (GPOs).”  There is a pdf file that is included with the download that explains how to use the application. The new updated 3.0 version also includes several PolicyRules files that can be imported into the Policy Analyzer application and used to compare to the computer’s policies or any imported GPO backup files.

The best use of this software in my opinion is to use it in a domain to analyze your organization’s Group Policy Objects and to look for conflicts with Local Policies or within all the GPOs. You can point it to the SYSVOL folder and import the group policy objects that are being used in the domain. Then by comparing them, you will be alerted to any conflicts and you can export the results to an Excel spreadsheet. It is an excellent tool that will take some time to get used to, but it is extremely important for any security professional to do an analysis of an organization’s policies.



Shop Amazon Gift Cards. Any Occasion. No Expiration.

Microsoft Security Compliance Manager 4.0, Policy Analyzer, and LGPO – Security Admin Tools


(Microsoft’s Channel 9 Podcast – Defrag Tools)

I recently installed the Security Compliance Manager 4.0 using and already installed version of SQL Server 2016 express. This is how you need to install SCM 4.0 on windows 10, since SQL Server 2008 is no longer compatible with Windows 10. If you do not already have SQL Server Express installed, then you need to download and install SQL Server express 2014 or 2016 and install just the engine. Then you can install Security Compliance Manager 4.0 and it will ask for an installed instance of SQL Server and you must choose the name of the instance that you just installed. Then SCM4.0 will install successfully on Windows 10. Although Petri.com has posted a review of Microsoft Security Compliance Manager in 2014, there is now a new version available and this post will discuss Version 4.0. Security Compliance Manager will allow you to download Microsoft recommended Security Baselines for Windows 7,8, and 10, and for Windows Server 2012, 2016, and SQL Server 2012. These baselines contain group policies and settings that are recommended by Microsoft to secure your Active Directory domains.

Also available now is Policy Analyzer.

Policy Analyzer

Photo of Policy Analyzer from Microsoft Security Guidance blog on Microsoft TechNet.



The most interesting of the new baselines is perhaps the Windows 10 1607 Security Baseline, and it is available to download after you install Security Compliance Manager 4.0. This baseline can be exported to an Excel spreadsheet that separates the settings and configurations into different tabs. For some reason I am not able to preview this page anymore as I type it, I think adding Google tag manager has screwed it up. So I’m going to post this and then investigate what happened, and I might have to remove the Google Tag Manager. Hopefully I will continue this post later, if you have any questions about these two security software applications from Microsoft feel free to email me at james at jgnetworksecurity.com.

Black Hat USA 2012 | Briefings

Black Hat USA 2012 | Briefings.

Check Out Information Weeks Dark Reading site for some more Black Hat 2012 information, link to be posted here

http://www.blackhat.com/html/bh-us-10/training/bh-us-10-training_OFF-PenTestBackTrack.html

http://www.blackhat.com/html/webcast/webcast-2010_auditassess.html%0Attp://www.blackhat.com/html/webcast/webcast-2010_auditassess.html

http://www.darkreading.com/security/news/240001945/black-hat-usa-2012-complete-coverage.html

Black Hat Releases Complete Event Schedule
Among the news breaking will be 36 tools, 17 0-days, and 49 live on-stage demonstrations
Jun 14, 2012 | 06:12 PM | 0 Comments

SAN FRANCISCO, June 14, 2012 /PRNewswire/ — Black Hat, producer of the world’s premier information security events, today announced the official schedule for Black Hat USA 2012, where the smartest and most disruptive cyber security professionals will reveal research and vulnerabilities that threaten national critical infrastructure and identify flaws in popular consumer devices. Among the news breaking will be 36 tools, 17 0-days and 49 live onstage demonstrations during the action packed week of July 21-26 2012 in Las Vegas. For more information and to register, visit Black Hat.

Click here for more of Dark Reading’s Black Hat articles.
The keynote speakers at Black Hat USA 2012 include Neal Stephenson, one of the world’s foremost historical and science fiction authors, and Shawn Henry, former FBI Executive Assistant Director (EAD) and currently President of CrowdStrike Services. Neal will take the stage for an interactive interview with attendees while Shawn will offer new insights on how a hostile cyber environment has rendered traditional security obsolete in a talk entitled: “Changing the Security Paradigm…Taking Back Your Network and Bringing Pain to The Adversary.”

Black Hat USA 2012 will feature talks that point out key security vulnerabilities in global and national infrastructure, including:

Threats to air traffic control systems (Andrei Costin), smart meters and the power grid (Don Weber). Stephen Ridley and Stephen Lawler will address advanced ARM exploitation and share some anecdotal “hardware hacking” experiences. Yann Allain and Julien Moinard will discuss power analysis of embedded systems. Methods for taking cyber security on the offensive: Renowned security researcher Dan Kaminsky will offer a look at “black ops,” offering insight on attack techniques that previously may have been considered ‘wrong and evil.’ Robert Clark, operational attorney for the U.S. Army Cyber Command, will offer a look at the legal aspects of cyberspace operations. Apple operating systems and applications: speakers will discuss flaws in the Apple AppStore (Justin Engler, Seth Law, Joshua Dubik, and David Vo); vulnerabilities in the operating system kernel that drives IOS and Mac OS X (Stefan Esser); and a workshop on the dark art of IOS application hacking (Jonathan Zdziarski). Threats and vulnerabilities to the most commonly used Web applications and tools, demonstrating key vulnerabilities at the very core of today’s Internet. Sheeraj Shah offers a look at the Top 10 threats, while Sergey Shekyan and Vaagn Toukharian discuss hacking with HTML5’s WebSockets; a look at recent Java exploitation trends and malware (Jeong Wook Oh); and the revelation of several new vulnerabilities in popular Web application firewalls (Ivan Ristic).

Black Hat will feature nine concurrent tracks every day, mixing workshops, roundtables and cutting edge presentations by top security experts. Deep technical training will take place July 21-24, while the open briefings will run from July 25-26.

Black Hat on Facebook; Black Hat on LinkedIn; #BlackHatEvents on Twitter; Black Hat Events on Flickr.

Sponsors of this year’s Black Hat include Diamond Sponsors Qualys, Microsoft and Lookingglass Cyber Solutions; Platinum Sponsors Accuvant LABS, Blue Coat Systems, Core Security, Cisco, IBM, Juniper Networks, LogRhythm, RSA, Symantec, Trustwave and Verizon.

About Black Hat

Black Hat provides briefings and training to leading corporations and government agencies around the world. Black Hat differentiates itself by working at many levels within the corporate, government, and underground communities. This unmatched informational reach enables Black Hat attendees to be continuously aware of the newest vulnerabilities, defense mechanisms, and industry trends. Black Hat Briefings and Trainings are held annually in Europe and Las Vegas. Black Hat is produced by UBM TechWeb. More information is available at www.blackhat.com.

Security Startups Focusing On Threats, Not Malware

According to Robert Lemos of Dark Reading,
Stopping malware is so yesterday. Eclectic groups of security people have banded together to make life difficult for attackers… Well, I enjoy studying malware, and I don’t have as many years of experience working in CyberSecurity yet, so I will continue doing what I enjoy for now, Hunting, Studying, and Destroying Viruses and Malicious code. Here’s Mr. Lemos’ story anyway, its interesting
Jimmy G
Jun 14, 2012 | 06:06 PM |

By Robert Lemos, Contributing Writer
Dark Reading

Security consultant Dino Dai Zovi hacked Macs and co-authored a book on how to secure them. Tillmann Werner researched ways to detect the Conficker worm on infected networks and advocated an offensive approach to dealing with the threat. Shawn Henry chased cybercriminals during his 23-year career at the FBI. And Dan Guido teaches at NYU Poly and espouses a “Know Your Attacker” philosophy.
All four have left previous positions and joined startups that are creating services and products that focus on ways to make attacks more painful for the attackers. Rather than continue finding vulnerabilities or pointing out ways attackers can infiltrate networks, groups of well-known researchers are increasingly coming together to find better ways to identify and hinder attackers.

As attackers become more skilled at quiet, targeted attacks, traditional defenses are failing to catch them. While some security companies, for example, can search their logs of blocked programs for evidence that their products stopped Flame, it took the antivirus industry at least four years to detect the attack.

The lack of success has frustrated a number of researchers, such as Guido. With Dai Zovi and former VMWare researcher Alexander Sotirov, the one-time security consultant and occasional professor created Trail of Bits, a company focused on analyzing attacks and finding the best ways to help its clients defend their networks and data.

[ The White House’s first cybersecurity coordinator says it’s time for the federal government to begin implementing its blueprints for secure identities and its international strategy for cybersecurity. See Former White House Cybersecurity Czar Calls For Security Action. ]

Similar reasons drove George Kurtz to start up CrowdStrike with Dmitri Alperovitch, former vice president of threat research at McAfee, and Gregg Marston, formerly of Foundstone, a company Kurtz co-founded in the late ’90s. There is still a lot of work to be done, but CrowdStrike is developing the ability to help companies understand who is attacking them and why they are being targeted so that they can martial their defenses around those actual threats, Kurtz says. Companies are tired of trying to keep up with the large number of threats that may be targeting them.

“There is only so many fingers that they can put into the dike, and they want to know who is in their network and how to get them out of the network,” Kurtz says. “They want to understand what they are ultimately after. By switching from a focus on … malware to moving toward figuring out who is attacking and how they are doing it, you can basically put up better defenses.”

Both companies are investing in creating intelligence on threats to better inform their clients’ defenses. And both companies hope that doing so will help companies drop out of the rat race of trying to keep up with attackers’ ability to change their code. The fact that the firms exist and have attracted a bevy of smart researchers is likely due to the high level of frustration among defenders aimed at the unending success of attackers. Such frustration led Shawn Henry — recently the executive assistant director of the Criminal, Cyber, Response, and Services Branch of the FBI — to head up CrowdStrike’s services branch.

“The problem with existing technologies and threat-mitigation tactics is they are too focused on adversary tools — malware and exploits — and not on who the adversary is and how they operate,” Henry stated in written testimony (PDF) to the U.S. House Subcommittee on Homeland Security in April. “Ultimately, until we focus on the enemy and take the fight to them to raise their cost of attack, we will fail because they will always get thorough.”

Companies have enough information to understand attackers and gain better information on the threats to their business, but lack the tools to turn that data into a strategy for stopping attackers, Guido says.

“In reality, data on attackers is widely available in published security industry reports, but many organizations have trouble interpreting this data and making it actionable,” he says. “The difficulty in achieving this vision will be in making the knowledge and tools to perform this analysis widespread.”

Defense.gov News Article: Intelligence Leaders Urge Congress to Act on Cyber Laws

Defense.gov News Article: Intelligence Leaders Urge Congress to Act on Cyber Laws.

Intelligence Leaders Urge Congress to Act on Cyber Laws

By Lisa Daniel
American Forces Press Service
WASHINGTON, Feb. 2, 2012 – The threat to U.S.-based computer networks is one of the country’s most pressing security problems, and Congress needs to act on it soon, the director of national intelligence told a congressional panel today.
James R. Clapper Jr. said he and all of the U.S. intelligence leadership agree the United States is in a type of cyber Cold War, losing some $300 billion annually to cyber-based corporate espionage, and sustaining daily intrusions against public systems controlling everything from major defense weapons systems and public air traffic to electricity and banking.
Clapper was joined by CIA Director David H. Petraeus, Defense Intelligence Agency Director Army Lt. Gen. Ronald L. Burgess Jr. and FBI Director Robert S. Mueller for a House Select Intelligence Committee hearing on worldwide threats. He urged lawmakers to pass a bill that forces intelligence sharing between the government and the private sector, such as the Defense Industrial Base pilot program that then-Deputy Defense Secretary William J. Lynn III launched last year.
“It’s clear from all that we’ve said – and I hope predications about mass attacks don’t become a self-fulfilling prophesy – but we all recognize we need to do something,” he said.
Clapper also urged Congress to reauthorize the Foreign Intelligence Surveillance Act, which he called crucial to intelligence gathering. It expires this year.
The director said he foresees a cyber environment in which technologies continue to be fielded before effective security can be put in place. Among the greatest challenges in cyber security, he added, are knowing the perpetrator of a cyber attack in real time and capabilities gaps in the cyber supply chain – the entire set of key actors involved in the cyber infrastructure.
Mueller noted that the National Cyber Task Force includes 20 U.S. agencies, “so when a major intrusion happens, we’re all at the table.” The “breaking down of stovepipes” and sharing information in cyber security “is as important now as it was before 9/11,” he added.
The FBI director told the panel that 47 states have different reporting requirements for cyber attacks, and the private sector doesn’t have to report them at all. “If they’re not reported, we can’t prevent the next one from happening,” he said.
Mueller said the cyber threat is growing and is important to address. “I do believe cyber threats will equal or surpass the threat from terrorism in the near future,” he said.
Clapper agreed. “We all recognize this as a profound threat to this country, to its future, to its economy, to its very being,” he said. “We all recognize it, and we are committed to doing our best in defending the country.”

Biographies:
James R. Clapper Jr.
Related Sites:
Special Report: Defense Department Cyber Strategy
Related Articles:
Sharing Intelligence Helps Contractors Strengthen Cyber Defenses
Lynn Outlines New Cybersecurity Effort