Powershell Qualys Authentication Part 1

I always mean to post more on my blog, but as life gets in the way and work keeps me busy, I always seem to push it to the back-burner. This time, I am hoping to make it stick as a regular routine.

To kick off my new-found motivation to blog more, I am starting a series of posts surrounding PowerShell and Qualys Vulnerability Management API.

To start this off, first I’m going to share some my basic steps with regards to authentication to Qualys VM API v1. This is really basic, but I see a lot of posts around that seem to try to create some “advanced” way of authenticating to Qualys API. You don’t need to do anything fancy.

Continue reading

Presentation Securing Windows With Group Policy

Recently I gave a presentation at MORENet’s 2015 Annual Conference about “Securing Windows with Group Policy”.  This presentation was part of their “Advanced” technology track, and really focused on looking at the current permission levels of your users and deciding if they really need those rights/permissions.

I hope some people find these slides useful or at least a good reference point.  If you have any questions about these slides then please do not hesitate to contact me by leaving a comment below.

Continue reading

Qualysguard Decentralized It How to Organize Your Assets

I work for a University with a decentralized IT department: each college, division, department, etc maintains their users.  As a security department who maintains QualysGuard, we were wanting each department to scan their own assets and re-mediate all vulnerabilities found in these scans based on the following policy:

• Level 4 and Level 5 vulnerabilities must be re-mediated within 15 days
• Level 3 vulnerabilities must be re-mediated within 30 days
• Level 2 vulnerabilities must be re-mediated within the next semesters
• Level 1 vulnerabilities must be re-mediated whenever possible

WIth this policy in mind, we began rolling out our QualysGuard service using the following methods.  We would create Asset Groups for each group of servers that belong to one of the following: a department, college, division, application group, etc.  Each Asset Group would be additionally subdivided into each network core.  For example, if you have a Athletics department, they may have assets in all the different network cores (Faculty/Staff Network, Data Center, DMZ, Residential Network, etc.).  Because each of these departments will have multiple assets in multiple network cores, we relied heavily on our naming conventions.  Our naming convention is the following for Asset Groups: CAMPUS DEPT NETWORK Assets (SCANNER NAME) -> CAMPUS Athletics DC Assets (DC_SCANNER)

When dealing with QualysGuard in a decentralized IT infrastructure, your naming convention will save you!

Continue reading

Windows Security Publicprivate Key Exchange Basics

My wife and I saw CITIZENFOUR yesterday during a secret screening.  If you have not had the chance to see this movie, please do so as soon as you can - it’s a great documentary!  The only complaint I have about the film is that they do not explain Cryptography or Encryption for the “normal” folks.  When the film ended, I looked around and their were many non-technical people (including older individuals).  I remember hearing someone say “well I guess I’m not going to be using email anymore”.  This sentiment is not what the film is about, and I believe the director should have explained this very technical methodology to not confuse the non-techie people.

Continue reading

Windows Security Server Hardening Security Templates

Hardening your systems (Servers, Workstations, Applications, etc.) ensures that every system is secured in accordance to your organizations standards.  Microsoft has a “Solution Accelerator” called Security Compliance Manager that allows System Administrators or IT Pro’s to create security templates that help harden their systems in a manageable, repeatable, way.  In addition to SCM, you can build your own by using the standard MMC console and adding the Security Templates Snap-In to the console - this gives you a more refined configuration, but can be cumbersome.

Continue reading

Windows Security Patch Management

Recently, at work, I nominated myself to begin a “Windows Security” course for IT Professionals that I work with.  Being a former IT Pro, and now part of our security department as an Incident Responder, I thought I would create a course surrounding security.  So, i’m going to use my blog to layout my plans for this “Windows Security” course - which will hopefully be useful for others as well.

Continue reading

Qualys Guard Qualys in a University Environment

The University I work for has began using Qualys for our Enterprise Vulnerability Scanning and so far it’s been well received.  The problem is that every “College/School” maintains their own systems thus we are decentralized, which makes maintaining Reports/Scans/Maps/etc. very difficult.

Because I have not found many posts/articles focused on a decentralized environment I decided I would explain the way we are approaching this.  This is all a work in progress - if you have any questions or ideas, please get a hold of me.:)

Continue reading