Author https://t.co/06J9jb3tlm, Lead Incident Detection Engineer @Blumirasec, CEO @hackershealth, @brakesec cohost https://t.co/nSvf7Os4NH
May 25, 2018 • 7 tweets • 1 min read
Here are 50 FREE things you can do to improve the security of most environments:
Access control lists are your friend (deny all first)
AD delegation of rights
App Whitelisting
Best practice GPO (NIST GPO templates)
Block browsing from servers. Not all machines need internet access
Block Dns zone transfers
Change ilo settings/passwords
Close open mail relays
Diff. local admin passwords (LAPS)
Disable LLMNR/NetBios
Disable ports that are unused, & setup port security
Mar 11, 2018 • 11 tweets • 3 min read
#infosecstaples = Time for a new hashtag to help out our #infosec students. Asked some remedial questions that anyone going into a tech field should know and was surprised they hadn't been taught these things in school.
I know my own college degree didn't prepare me at all for the work that I would be doing after I graduated, but I thought maybe it had gotten a little bit better at this point. I guess not. They seem to be failing the participants still.