24PinTech Wiki - User contributions [en]

Category:Cyber Security

2022-05-03T18:05:56Z

Agrace:

==== This category covers over all the pages that involve Cyber Security. ====

Security Policy

2022-05-03T18:03:57Z

Agrace:

[[Category:Cyber Security]]
= Group Policy =

Security Policy is done within [[Group Policy]]. If you are unsure what [[Group Policy]] is, or what it does, etc., visit the [[Group Policy]] page or the page on our domain: [[CISCOACA.local]] for more information.

= Global Security Policy =

Our Global security policy is located in the Group Policy Objects folder, and is named Security Policy. All of the configurations made by this are too long to list, but they are all located in <code>Computer Configuration/Policies/Windows Settings/Security Settings</code> within the object.

== Default Domain Controllers Policy ==

This policy controls the administration of the domain controllers. It has some security settings configured to disallow the Service Admins from accessing them.

These configuration items are located in: <code>Computer Configuration/Policies/Windows Settings/Security Settings/Local Policies/User Rights Assignment</code>

The configurations that stop Service Admins from accessing the servers are: Deny access to this computer from the network, deny log on locally, Deny log on through Remote Desktop Services.

=== Service Admins ===

This is a group that is within the Users folder in our active directory. It is used to define users that should have admin rights, but should not have access the the servers. Users put in this group also should be in the Domain Admins group.

==== Install ====

The install account is the one that we currently use for our service account, and should currently be the only one in the Service Admins group. The install account is located in the Admins folder in CiscoAcademy.

= Local Security Policy =

Locally on all of the servers, I have edited their settings to require auditing, this is done on the GPO security policy as well, but just in case some settings do not configure properly it will always audit what is happening to the server.

Server Hardening

2022-05-03T18:01:29Z

Agrace:

[[Category:Cyber Security]]
==Overview==
Server Hardening is the process of preemptively patching any security vulnerabilities that may arise. This is done by a multiplicity of policy adjustments either manually or run through a script. Scripts act as a blanket when it comes to changing policy, its great for changing lots of different areas on different devices quickly. On the other hand, manual server hardening can be tedious, but gives you the scalpel to change device specific policies that you may want to be enacted. Server Hardening itself is a broad category itself as well, ranging from password policy to remote connection policy, to firewall policy. There isn't any "one size fits all" solutions either, you will have to make some changes depending on the current 24pin policy.

==Windows==
[[File:Path to Password Policy.png|thumb|687x687px|The Path to Password Policy in the GPO Editor]]
Windows is one of the most common OSes out there, and is the one you'll most likely find running a server. Its relatively easy to understand what each policy does, its just that with the sheer quantity of policy, it can be somewhat difficult to understand what the whole does.

===Manual Server Hardening===
Windows has plenty of menus to parse through, making manual adjustments much more of a chore than anything. To find the policy you need, it'll most likely be through Group Policy Management, from there you can edit the default domain policy, wherein everything would be applied to every computer. Though be warned, unless it's something simple like password policy, you won't find what you're looking for unless you know exactly where it is without spending the greater years of your life digging around for it.

===Scripted Server Hardening===
Scripts can be ran from an elevated PowerShell instance directly, or can be used to create an .MOF file. Ours can be copied and pasted into PowerShell and it will create an .MOF.[1] It may claim that you don't have the required PowerShell module, in that case it should give you the command to install it. If not the required commands are

*<code>install-module AuditPolicyDSC</code>
*<code>install-module ComputerManagementDsc</code>
*<code>install-module SecurityPolicyDsc</code>

If it still says that you're unable to install the modules, a workaround that I've found is to run the following command.

*<code>[Net.ServicePointManager]::Security Protocol = [Net.SecurityProtocolType]::Tls12</code>

Now with that all out of the way, you should have just created a .MOF file, now this MOF file isn't the endpoint. What we just did was compress that whole block of text into something readable by Windows PowerShell, why couldn't we just do it from the.txt file? I don't know ,but this way works so we're rolling with it. Next step will be to run that .MOF file that was just created.

*<code>Start-DscConfiguration -Path C:\Windows\system32\CIS_WindowsServer2019_v110 -Force -Wait -Verbose</code>

[[File:Script Running.png|thumb|429x429px|An Image of what everything should look like if you've ran the script correctly]]
DscConfiguration will read the script and configure the policy listed in the .MOF file, <code>-path</code> will allow you to put in the path to the MOF, when the MOF is done compiling it should give you the path so make sure to write that down or remember it good. <code>-Force</code> will, well, force its way over any running commands. <code>-Wait</code> will wait for <code>-Force</code> to stop the running command before running the <code>DscConfiguration</code> command, and lastly <code>-Verbose</code> will generate a more detailed output.

Now you should see all this mishmash of words coming at you, don't worry this is the script doing its job. They aren't warnings or failures, this is what <code>-Verbose</code> does. Otherwise just let it do its thing, the flashing timer at the top should tell you when its approximately going to be done. After that the script is all done and ran, feel free to close PowerShell. Just make sure to double check local and group policy to make sure that the script is in fact functional. Once you've doublechecked, you're all done, just repeat these steps if you're looking to run this script on more machines.

====Step-by-Step Scripted Server Hardening====

#Open an Elevated PowerShell instance.
#If this is a first time instillation, use the following commands to install vital modules
##<code>install-module AuditPolicyDSC</code>
##<code>install-module ComputerManagementDsc</code>
##<code>install-module SecurityPolicyDsc</code>
###If unable to install required modules, use the command: <code>[Net.ServicePointManager]::Security Protocol = [Net.SecurityProtocolType]::Tls12</code>
#Copy and Paste the script into the Elevated PowerShell instance and press enter, after a brief delay, you should see the path that the .MOF was saved to.
#Use the command <code>Start-DscConfiguration -Path C:\Windows\system32\CIS_WindowsServer2019_v110 -Force -Wait -Verbose</code> and use the path that was given to you in place of the path used in the example, and press enter.
#The .MOF should now be running, wait for the timer to finish, and it should be opperational.

==Linux==
Hasn't been publicly documented due to security concerns.

==References==
Our Modified Windows script for Windows Server 2019[https://docs.google.com/document/d/1GyCaeNv9F3taE8jpmVNqJ8JlcXy79q_S8GATVvzKFUE/edit?usp=sharing <nowiki>[1]</nowiki>]

Original Script & Scripts for Server 2016[https://github.com/NVISOsecurity/posh-dsc-windows-hardening <nowiki>[2]</nowiki>]

Suricata

2022-05-03T16:53:50Z

Agrace:

[[Category:Cyber Security]]
Suricata

CyberPatriot

2022-05-03T16:51:17Z

Agrace:

[[Category:Cyber Security]]
''This page is a work in progress.''

==What is CyberPatriot?==

======'''Basic Information'''======
- Established by the [https://www.afa.org/ Air Force Association (AFA)], [https://www.uscyberpatriot.org/ CyberPatriot] or the National Youth Cyber Defense Competition, is part of the National Youth Cyber Education Program, a program designed to inspire students from levels K-12 towards a career in cybersecurity. CyberPatriot, the nation's largest cyber defense competition, places high school and middle school students in Windows and Linux based environments, tasking these students with securing a virtual machine. All scenarios are designed to replicate real life threats, providing students with the training necessary to secure not only virtual machines, but physical hardware as well.

======'''CyberPatriot Competition'''======
- The CyberPatriot competition is composed of several rounds. Each of these rounds consists of several tasks, in which teams will partake in two challenges in earn points:

*Network Security Challenge
*Cisco Networking Challenge

======'''Network Security Challenge'''======
- The network security challenge tasks students in locating and eliminating vulnerabilities found in a variety of operation systems. Each vulnerability fixed grants the team points, placing them higher up on the leader board. Vulnerabilities can range from removing unauthorized users to uninstalling malicious software. Operating systems utilized in the CyberPatriot competition include the following:

*Windows 10
*Windows Server
*Ubuntu
*Debian

======'''Cisco Networking Challenge'''======
- The Cisco networking challenge on the other hand, tasks students with completing an online quiz. As well as configuring a virtual network utilizing the program Packet Tracer.

==MHS CyberPatriot==
- Maricopa High School is proud to partake in the nation CyberPatriot competition. Having competed for several years, we strive to aim higher each year. Go RAMs! The CyberPatriot program here at MHS is made possible by the (insert class name) and ROTC.

===MHS CyberPatriot 2021 - 2022===
'''Teams:''' Participating in the 2021-2022 competition, MHS currently has two registered teams, consisting of many awesome students, each bringing their own skills to the table. The MHS CyberPatriot team is managed and lead by the one and only Mr. Chamberlain!

- '''Coach:'''

*

- '''Team A / Warriors of the Net (The Dream Team)'''

*

- '''Team B / 24PinTech Alpha:'''

*

== CyberPatriot Set-Up Process ==
- Before beginning the CyberPatriot competition, several steps must be completed. This steps include the following:

* Image Download: About a week before the competition, the images used will be available to download. Mr. Chamberlain will provide the document with download links and passcodes. Download these images to your computer and upload them to the network drive. This process can be completed the fastest if each student downloads one image. Not everyone needs to download the image as it will be available on the network drive.
* Location: Competitions will take place in the (insert classroom name) here at MHS. Students will typically arrive at the gate between culinary and the library at 9:00 a.m.
* Image Download and Set-up: Once seated at your computer, access the network drive and drag the image to your desktop. Using the provided decryption code, unlock the folder and extract it. Open VMWare and (insert instructions)
* Beginning the Round Image: Once you have booted up your virtual machine, enter your team's unique identifier. Congratulations, you have begun, this applies to all images. Your team will have 6 hours (check to see if right) to complete the images. Make sure to submit all images before the deadline, or your team will lose points.
__FORCETOC____FORCETOC__

Category:Cyber Security

2022-05-03T16:48:20Z

Agrace: Created page with "yes"

yes

Three Letter Acronym (TLA)

2022-04-01T18:02:26Z

Agrace: /* Misc: */

== Topic ==
This page will be used for you to make yourself knowledgeable on a variety of tech acronyms. A wide array of acronyms, whether it be on hardware, networking, protocols, etc. These will be very important for any tech in 24Pintech. Learn them and know them well, otherwise you will fall victim to the ether whip.

== Cloud Computing: ==
'''DaaS:''' Desktop as a Service

'''IaaS''': Infrastructure as a Service

'''ICaaS''': Integration Capabilities as a Service

'''NaaS''': Network as a Service

'''PaaS''': Platform as a Service

'''SaaS''': Software as a service

== Hardware: ==
'''CLI''': Command Line Interface

'''CMOS''': Complementary Metal-Oxide Semiconductor

'''CPU''': Central Processing Unit

'''CRT''': Cathode Ray Tube

'''DIMM''': Dual In-line Memory Module

'''GPU''': Graphics Processing Unit

'''NAS''': Network Attached Storage

'''NIC''': Network Interface Card

'''POST''': Power-on Self Test

'''PC''': Personal Computer

'''RAM''': Random Access Memory

'''ROM''': Read-only Memory

'''TPM''': Trusted Platform Module

== Hypervisor/ Virtual ==
'''VDI''': Virtual Desktop Infrastructure

'''VM''': Virtual Machine

'''VNC''': Virtual Network Computer

'''VPN''': Virtual Private Network

== Networking: ==
'''DNS''': Domain Name Service

'''ISP''': Internet Service Provider

'''LAN''': Local Area Network

'''MAN''': Metropolitan Area Network

'''UC''': Unified Communications

'''WAN''': Wide Area Network

== Organizations: ==
'''ANSI''': American National Standards Institute

'''CCIA''': Computer and Communications Industry Association

'''CompTIA''': Computing Technology Industry Association

'''DEC''': Digital Equipment Corporation

'''EIA''': Electronics Industry Alliance

'''FCC''': Federal Communications Commission

'''IANA''': Internet Assigned Number Authority

'''IEEE''': Institute of Electrical and Electronics Engineers

'''IETF''': Internet Engineering Task Force

'''ITU-T''': International Telecommunication Union

'''MoCA''': Multimedia over Coax Alliance

'''OSI''': Open System Interconnect

'''TIA''': Telecommunications Industry Alliance

'''W3C''': World Wide Web Consortium

== Protocol: ==
'''DHCP''': Dynamic Host Configuration Protocol

'''FTP''': File Transfer Protocol

'''HTTP''': Hypertext Transfer Protocol

'''HTTPS''': Hypertext Transfer Protocol Secure

'''IP''': Internet Protocol

'''PAP''': Password Authentication Protocol

'''PPP''': Point-to-Point Protocol

'''SMTP''': Secure Mail Transfer Protocol

'''TCP''': Transmission Control Protocol

'''TCTP''': Trivial File Transfer Protocol

== Security: ==
'''ACL''': Access Control List

'''AES''': Advanced Encryption Standard

'''DDoS''': Distributed Denial of Service

'''DES''': Data Encryption Standard

'''IDS''': Intrusion Detection System

'''IPS''': Intrusion Prevention System

'''MFA''': Multi Factor Authentication

'''RMM''': Remote Monitoring Management

'''SIEM''': Security Information and Event Management

'''TFA''': Two Factor Authentication

'''WPA''': Wi-Fi Protected Access

== Misc: ==
'''CA''': Conditional Access

'''IB''': Install Base

'''PII''': Personally Identifiable Information

'''RTT''': Round Trip Time

Three Letter Acronym (TLA)

2022-03-31T18:15:37Z

Agrace: Everything

File:Report.png

2021-11-17T18:14:45Z

Agrace:

Showing what the report section is.

File:Email.png

2021-11-17T18:13:58Z

Agrace:

Image showing what it is.

File:ELK.png

2021-11-09T20:14:37Z

Agrace:

This is shows where to be looking for on elasticstack.

Suricata

2021-09-27T19:41:53Z

Agrace: Created page with "Suricata"

Suricata

Common Printer Issues

2021-08-27T03:54:20Z

Agrace:

There is a large list of things that could be wrong with a printer. This guide can be used to diagnose and solve some of the common issues that tend to happen with printers. If none of these work, then it is recommended to do further research on the issue, documentation on the some fixes, or even call the manufacturing company's help center for further assistance.

== Common problems ==

=== Unable to connect to the printer ===

# Restart/Shutdown the printer.
# Reconnect the printer to the internet by using the menu on the printer and going to internet settings.
# Make sure that the right printer is connected to the computer.
# Configure the settings of the printer on the computer by accessing control panel>Hardware and security>Device and Printers>Printer and making sure it is set up properly.

=== Low ink/replace cartridge ===

# Replace the cartridge.
# Reset the counter if it has already been replaced by using the settings on the printer and going to printing options.

=== '''Bad Print Quality''' ===

# Match printer settings when printing by configuring the resolution, size, and format.
# Make sure paper quality is standard as mixing different types of paper brands can cause low quality

=== Printer wont print. ===

# Readjust the paper tray.
# Make sure the printer has a stable connection to the computer and internet
# Make sure the right drivers are installed or if the need to be updated by going to Settings>Devices>Printers and Scanners> Printer Server Properties
# The printer may not be added, to do so in Windows 10 go to settings>Devices> Printers and Scanners and add.

=== Paper jams ===

# Make sure the paper tray is not overfilled
# Turn off printer and unplug
# Open access doors and remove any jammed paper
# Do a test print to make sure it is working

Common Printer Issues

2021-08-27T03:43:35Z

Agrace: Created page with "l"