Welcome back to IT Pro Tuesday!

Exciting News! Hornetsecurity’s Annual Cyber Security Report 2024 is here!

In 2023, Hornetsecurity’s Security Lab processed over 45 billion emails, providing a unique opportunity to discern emerging threats and critical vulnerabilities. Our report offers an in-depth exploration of the current state of Microsoft 365 security, highlighting the most critical and emerging cyber security threats.

Get yours today!

And in the latest episode of the Security Swarm Podcast: “Security Then vs Now: What’s Changed?” we explore the intriguing evolution of cybersecurity from the days of floppy disks and DOS to the complex, interconnected world of today. Tune in to learn about the significant shifts in security incidents, drawing correlations and highlighting differences.

As always, we’re updating the full list on our website here. Enjoy.

NOC Project is a robust network management system designed for scalability and high performance. Originally conceived for automating equipment management, NOC has evolved to encompass modules for comprehensive network information collection, monitoring, and metric analysis. Kindly suggested by mahanutra.

Peering Manager is a flexible Python-based, open-source BGP session management tool. It streamlines the tracking, maintenance, and configuration of BGP sessions from a centralized management point, eliminating the time-consuming manual provisioning process. Independent-Delay230 explains, “This is a great tool and makes managing IX and other peers much easier.”

Welcome back to IT Pro Tuesday!

In the latest episode of the Security Swarm Podcast: “Differences Between DNS/Route-Based Email Security and Email Security via API,” we discuss email filtration, particularly the DNS route-based approach versus the emerging API-based method. Tune in as we compare these two methodologies, weighing the pros and cons, discussing caveats, and navigating the intricacies of email security.

We’re looking for your favorite tips and tools we can share with the community… those that help you do your job better and more easily. Please reply or leave a comment with your suggestions, and we’ll be featuring them in the coming weeks.

RedHat Keycloak is an Identity and Access Management tool. Features include user federation, robust authentication methods, user management, and fine-grained authorization. Grintor describes it as an “open source alternative to okta.com.”

Simplilearn is a YouTube channel offering training content aimed at IT professionals who want to stay current on evolving technologies and best practices in the field. Thanks for the recommendation go to Present-Chard.

KasmVNC offers heightened security, improved compression, and seamless encoding through a web-based client, enabling access to the Linux server’s desktop from any web browser without the need for client software installation. Glum_Competition561 says it’s a “wonderful product, especially for browser isolation and sandbox environments to play with some risky stuff. :)”

Element is an open-source instant messaging client built on the Matrix protocol, offering users features such as end-to-end encryption, file sharing, and voice/video calls. The self-hosted version accommodates up to 200 users at no charge, providing a budget-saving secure and collaborative communication platform. perthguppy describes it as a “slack style team chat.”

Kevtech IT Support is a practical YouTube channel intended for individuals who are looking to forge a career in technology, offered by a guy who had to find his way without guidance. Kindly suggested by Emphasis-Hungry.

Xen Orchestra simplifies administration of XCP-ng, Citrix Hypervisor, or XenServer pools, providing a comprehensive view of virtual machine infrastructure. With no need for host installations, it offers remote accessibility from any device, ensuring efficient management without the burden of additional agents.

Greenbone is an open-source vulnerability management solution to harden your systems against cyber threats. Offers automated vulnerability management systems with customizable scan configurations and schedules for ongoing vulnerability detection to identify potential weaknesses before they are exploited. Grintor explains, “Formally OpenVAS – open source alternative to Nessus.”

Welcome back to IT Pro Tuesday!

We’re looking for your favorite tips and tools we can share with the community… those that help you do your job better and more easily. Please reply or leave a comment with your suggestions, and we’ll be featuring them in the coming weeks.

Zeek is an efficient network analysis framework, with a focus on in-depth analysis. Its suite of protocol analyzers facilitate high-level semantic examination at the application layer. Its adaptability and flexibility are notable, thanks to a domain-specific scripting language that allows for the creation of site-specific monitoring policies, avoiding confinement to a singular detection approach. Its highly stateful nature is a key strength, maintaining extensive application-layer state information about the monitored network and a comprehensive archive of network activity over time. Credit for this one goes to noukthx.

Angular is an application-design framework and development platform for the construction of streamlined single-page applications. This handy guide organizes documentation, insights, and practical examples from initial application development to the optimization of single-page applications for enterprise-level projects. Thanks for the suggestion go to Extra_Discipline_644.

Zammad is a web-based, open-source solution for user support and ticketing needs. Easily hostable on your own servers, it offers a nice alternative for budget-sensitive organizations seeking a competent support system. neuromancer-es adds, “it’s very customizable and has a fairly good documentation.”

Baïkal is a lightweight CalDAV+CardDAV server with an intuitive web interface for managing users, address books, and calendars. Requires only a basic PHP-capable server to support data storage in either MySQL or SQLite databases, offering a privacy-conscious, multiplatform solution. Kiindly suggested by jasonweiser.

John Craddock Identity and Access Training, hosted on YouTube by a respected Identity and Security Architect and Microsoft MVP, delivers a wealth of technical insights into on-premise Active Directory and Azure AD, drawing from his extensive experience in the field. Craddock provides exceptionally clear and detailed technical content to help build a community of identity experts. Recommended by AppIdentityGuy.

RT for Incident Response is a robust open-source tool for CERT and CSIRT teams, offering an efficient workflow for incident handling. This industrial-grade solution facilitates incident tracking, response, and resolution through a straightforward interface, along with a suite of tools aimed at streamlining routine operations for team members. Appreciation for this one goes to Quadling.

fsv is a file system visualizer for comprehensive exploration and analysis. Utilizes a 3D layout, with both MapV and TreeV views, to facilitate unique perspectives on file hierarchy. For viewing permissions, phein4242 says, “It doesnt get any better than FSN/FSV.”

Welcome back to IT Pro Tuesday!

In the latest episode of the Security Swarm Podcast: “Monthly Threat Report – November 2023” we bring you monthly insights into M365 security trends, email-based threats, and commentary on current events in the cybersecurity space. This edition focuses on data from October.

We’re also looking for your favorite tips and tools we can share with the community… those that help you do your job better and more easily. Please reply or leave a comment with your suggestions, and we’ll be featuring them in the coming weeks.

Trippy is a utilitarian networking tool that seamlessly merges traceroute and ping functionalities, crafted for in-depth analysis of networking glitches. A contemporary, cross-platform solution built in Rust, it serves as a sophisticated alternative to tools like mtr, boasting advanced features and an elegant Text User Interface. Kindly suggested by doglar_666.

Sage advice for the overstressed new sysadmin, compliments of 25-year veteran Mental-Aioli3372: 

1. Relax, stress will kill you and makes you ineffective, you can’t help anyone if you’re f*cked up or dead, and if you die of a heart attack at 4pm on a Friday, they’ll have a job opening posted before your body is cold.
2. Solving problems is just like hiking from point A to point B – figure out where you are, figure out where you need to go, draw a map, plot a course, divide it into individual turns, and start walking step by step, a little bit at a time. Get the big picture first, then zoom in, then go.
3. Learn to say no, learn to set boundaries, tell them to make a ticket, you’ll get to it in order of importance. Constant emergencies and distractions means nothing actually gets done completely. Don’t say yes just because you want to make people happy.
4. Learn to differentiate IT problems from HR problems, management problems, culture problems. You can’t fix bad business decisions.
5. Other people’s lack of planning is not your problem.
6. What does policy say? Do that. No policy? Make one.
7. Manage expectations, under promise, over deliver.
8. When you leave work, leave it at work. Work your 40 hours, use time wisely, then go home.
9. Get lots of sleep, have fun with friends, play video games, make sure you’re getting You Time. Separate you from your job. Take all your vacation days. Don’t burn out. It’s not worth it.
10. Make friends with the janitors. They know how shit really works and literally open doors to useful places.
11. Users lie, verify everything. Assume nothing.
12. Don’t answer calls if you’re not getting paid. Do Not Disturb means DO NOT DISTURB motherf*ckers.

The technical sh*t is whatever. You’ll figure that part out.”

World Time Buddy is a versatile online world clock, time zone converter, and meeting scheduler, designed for individuals navigating different global time zones. Its user-friendly interface allows efficient planning of international calls, webinars, and business meetings. Main-ITops77 says, “World Time Buddy is my favorite, very easy to see different time zones at a quick glance.”

How to build your wireless network for iOS/MacOS is a post that walks through the relevant details from Apple’s support documents that explain exactly how to build a wireless network for iOS/Mac OS to provide wireless roaming for enterprise customers.

Duff is a command-line utility that finds duplicate files, with a focus on speed. lilolalu explains, “reports clusters of duplicates in the specified files and/or directories. In the default mode, duff prints a customizable header, followed by the names of all the files in the cluster. In excess mode, duff does not print a header, but instead for each cluster prints the names of all but the first of the files it includes.”

PDF-Xchange is a versatile PDF editor and viewer that allows you to easily create, view, edit, annotate, perform OCR, digitally sign, and explore a range of features for efficient PDF management.

NuShell is a cross-platform shell that merges the Unix philosophy of connecting simple commands through pipes with the modern style of development. doglar_666 adds, “I also make occasional use of nushell for its native functionality for displaying CSV, YAML and JSON in terminal and there’s a DNS plugin which is a handy addition to usual nslookup/dig combo. It’s cross-platform, so useable on Linux, Windows and macOS.”

Welcome back to IT Pro Tuesday!

In the latest episode of the Security Swarm Podcast: “Questionable Methods for Protecting Backups from Ransomware,” we explore some historical methods devised by the security community to safeguard backups against ransomware such as air gapping, removable media, and application whitelisting. But here’s the twist: we’re approaching these protective measures from the mindset of a relentless threat actor… someone who’s determined to breach your defenses and make your backups their own.

We’re also looking for your favorite tips and tools we can share with the community… those that help you do your job better and more easily. Please reply or leave a comment with your suggestions, and we’ll be featuring them in the coming weeks.

acme.sh is a lightweight Unix shell script for automatic issuance and renewal of free certificates in a Unix environment. It’s compatible with Bash, dash, and sh; Docker/IPv6 ready; requires no external dependencies; and can issue, renew, and install certificates without the need for root or sudoer access. Thanks for this recommendation go to blitznogger.

How to Use Packet Analysis to Prove it’s Not the Network (or it is the network) offers practical guidance on how to strategically address common network-related issues. Bright-Wear explains, “There are a lot of things you could do to troubleshoot stuff that may not be network related before you start ripping up and replacing things… Watch this video and download wireshark. The only thing this valuable tool and guide will cost you is a bit of your time.”

Vim Cheatsheet is a concise, mobile-friendly reference guide designed to help you quickly find all the commands you’ll need when working with Vim. Our appreciation for directing us to this handy resource go to Extra_Discipline_644.

Professor Messer is a YouTube channel that offers an extensive collection of certification training videos for IT professionals, covering CompTIA A+, Network+, Security+, and more. It’s a great resource for enhancing your technical skills or to help get ready for certification. Kindly suggested by Emphasis-Hungry.

Tio is a user-friendly CLI tool for straightforward serial device management. Allows you to connect to serial TTY devices and perform basic input/output operations through a configuration file or via direct commands. bh0 adds, “I use tio for serial/console on my Mac. Tio is awesome.”

Clavier+ is a lightweight utility for creating customizable keyboard shortcuts. Offers global shortcuts, a compact and portable EXE file, and no need for Registry entries or setup installation. hudgeba778 explains, “it’s a free to use keyboard macro software and I absolutely love using it to make repetitive data entry MUCH more efficient.”

AlienVault OTX is an open-source platform providing access to a large collection of threat indicators contributed by a global community of over 200,000 participants. Allows users to collaborate to investigate emerging threats, extract IOCs from various sources, submit files for malware analysis, and more. candyke appreciates it for “threat intel and malware related OSINT.”