Blog

PCI DSS Policy Click Here to Download the Editable Template Purpose This policy aims to establish and maintain standards to protect cardholder data, ensure adherence to the Payment Card Industry Data Security Standard (PCI DSS), and safeguard our organization’s information systems. Scope This policy applies to all [Company Name] personnel, systems, and processes involved in handling cardholder data and maintaining the security of our network. Policy Statement [Company Name] is committed to protecting cardholder data and ensuring compliance with PCI DSS standards. This policy explains the requirements and guidelines necessary to safeguard payment card information and maintain the highest level of data security. Definitions PCI DSS: Payment Card Industry Data Security Standard, a set of security standards designed to protect payment card information. Cardholder Data (CHD): Information associated with a payment card, including the primary account number (PAN), cardholder name, expiration date, and service code. Sensitive Authentication Data (SAD): Information used to authenticate payment card transactions, including magnetic stripe data, CVV2/CVC2, and PINs. There are twelve PCI-DSS Requirements according to PCI DSS version 4 as follows: 1. Firewall Configuration and Maintenance 2. Vendor-Supplied Defaults 3. Protection of Stored Cardholder Data 4. Encryption of Transmission Across Open Networks 5. Protect All Systems Against Malware and Regularly Update Anti-Virus Software or Programs 6. Secure Systems and Applications Development 7. Restrict Access to Cardholder Data by Need-to-Know 8. Identification and Authentication of Access to System Components 9. Restrict Physical Access to Cardholder Data 10. Track and Monitor All Access to Network Resources and Cardholder Data 11. Regular Testing of Security Systems and Processes 12. Information Security Policy for All Personnel Roles and Responsibilities Training and Awareness Incident Response Policy Review and Updates Enforcement Review and Revision To ensure continued compliance with PCI DSS requirements and to address any changes in our environment or operations, this policy will be reviewed at least annually and updated as needed. Reference PCI DSS Quick Reference Guide Understanding the Payment Card Industry Data Security Standard version 3.2.1

Ubuntu Desktop is one of the most user-friendly Linux distributions available. Running it in a virtual machine (VM) using VMware Workstation or other virtualization is an excellent way to try it out without altering your host. Whether you are new to Linux or want to use Ubuntu Desktop for testing and development, in this post, I will walk you through the step-by-step how to install Ubuntu Desktop in VMware Workstation. What You’ll Need Before you begin the installation process, make sure you have the following: Create a Ubuntu Virtual Machine in VMware Workstation Open the VMware Workstation and click on Create a New Virtual Machine to start the Virtual Machine wizard. Choose Typical (recommended) to use the default settings. Click on the Next button to proceed. Choose the Installer Disc Image file (ISO) option. Click Browse to locate the Ubuntu Desktop ISO file you downloaded earlier. Click on the open button and click Next. Enter your full name and create a username and password. Click the Next button. Give your Virtual Machine a name, such as Ubuntu Desktop. Click on Browse to choose where to store your VM, and click the Next button. Allocate disk space; as shown in the screenshot below, at least 25 GB of disk space is required for Ubuntu Desktop. I will allocate 100GB for this example. Select store virtual disk as a single file and click the Next button. Customize Hardware (Optional) Before starting the installation, you can adjust the virtual machine’s resources by clicking on the Customise Hardware button to allocate hardware resources based on your needs and click the Finish button. Once you’ve configured the resources, click Finish to create the virtual machine. Start Ubuntu Installation The VM will boot from the Ubuntu Desktop ISO. After a few seconds, you should see the Ubuntu installation menu. Select the language for the installation process; for this example, I will choose English. Choose the keyboard layout that suits you (typically English (US)). Choose Use wired connection and click Next. Choose Install Ubuntu and click Next. Choose Interactive Installation and Click Next. Choose Default selection and click Next. Choose Install third-party software for graphics and Wi-Fi hardware and click Next to optimize your computer. Click Next > Next > Finish. Installation was completed successfully. Conclusion Installing Ubuntu Desktop in VMware Workstation is an excellent way to run Ubuntu on your machine without altering your existing operating system. Whether you’re testing software, learning Linux, or creating a development environment, VMware provides a reliable and powerful virtualization solution. By following this step-by-step guide, you should now have Ubuntu up and running in VMware Workstation, ready for any tasks you want to perform in your virtual environment. Enjoy exploring Ubuntu and the world of virtualization!

Login to your Nesus account. If you don’t have an account, Click here for a Step-by-Step Guide on Installing Nessus Essentials. It’s free! What is Host Discovery Scan? A host Discovery scan is a simple and basic scan to discover live hosts and open ports. Click on the New Scan button by the top right. Choose the Host Discovery Template by clicking Host Discovery Name your scan, type a description (optional), choose My Scan folder for your scan, and enter your target IP address(s) or IP range. You can schedule your scan as shown below. But for this scan, I am keeping the schedule off. You can enter an email address to receive notification as shown below. But for this scan, I am keeping it as default. Keep everything else as default and click the Save button. Click the play icon by the top right. Scan completed successfully. Click the Vulnerability tab

There are two types of vulnerability scans. Authenticated Scan and Non-authenticated scan Non-authenticated scan: This is when you scan target systems without providing any login credentials. In this type of scan, the scanning tool can only gather information that is accessible from external. This means the information that attackers scanning your network without any credentials from outside your organization can access, such as open ports. While non-authenticated scans may not provide as much detail as authenticated scans, they still play a valuable role in identifying common vulnerabilities, misconfigurations, and exposures that could be exploited by attackers. You can learn more here Authenticated Scan This is a type of scan when you provide login credentials (such as usernames and passwords) to the scanning tool to log in to the target systems as an authorized user. This enables the scanning tool to access and collect more accurate and comprehensive vulnerability assessment results, which reduces false positives and produces more reliable risk prioritization. You can learn more here In this post, we are going to analyze the results of the Qualys virtual scanner from the previous lab. Click here for a step-by-step guide on launching a Non-authenticated scan in Qualys virtual appliance. Click here for a step-by-step guide on launching an Authenticated scan in Qualys virtual appliance. What are Confirmed Vulnerabilities? Confirmed vulnerabilities refer to security issues that have been verified and confirmed through the scanning process. These vulnerabilities have been detected with a high level of confidence and are considered legitimate security risks. Confirmed vulnerabilities typically result from the identification of known security weaknesses in software, configurations, or systems. Specific details, such as vulnerability IDs, severity ratings, affected systems, and remediation recommendations, accompany them. Organizations prioritize addressing confirmed vulnerabilities to mitigate security risks and reduce the likelihood of exploitation by attackers. What are Potential Vulnerabilities? Potential vulnerabilities represent security findings that require further investigation or validation to confirm their existence or severity. These findings may indicate areas of concern that merit additional scrutiny or follow-up actions. Potential vulnerabilities may arise due to factors such as ambiguous scan results, incomplete information, or the presence of indicators that suggest a possible security issue but do not conclusively confirm its presence. It’s important for organizations to assess potential vulnerabilities carefully and determine whether they pose genuine security risks that warrant remediation efforts. Further analysis or testing may be needed to confirm the presence and severity of potential vulnerabilities. What is Information Gathered? Information gathered refers to data collected during the scanning process that may not necessarily indicate the presence of vulnerabilities but provides valuable insights into the target environment. This category may include details such as network topology, system configurations, installed software, service banners, and other information relevant to assessing the security posture of the target systems. While the information gathered may not directly represent security vulnerabilities, it can help security teams gain a better understanding of the target environment, identify potential attack vectors, and prioritize security measures accordingly. Understanding Qualys Severity Levels Qualys severity levels are a classification system used to prioritize and categorize vulnerabilities detected during security scans conducted by the Qualys vulnerability management platform. These severity levels help organizations identify and address security risks based on the potential impact and severity of the vulnerabilities. Qualys assigns severity levels to vulnerabilities based on various factors, including the type of vulnerability, its exploitability, and the potential impact on affected systems. The severity levels used by Qualys range from 1 to 5, with 5 being the most severe and 1 being the least severe. Critical (Severity Level 5) Critical vulnerabilities represent the most severe security risks and pose a significant threat to the confidentiality, integrity, and availability of affected systems or data. Critical vulnerabilities often include Remote root/administrator, privilege escalation flaws, and vulnerabilities that allow unauthorized access to sensitive data. High (Severity Level 4) High-severity vulnerabilities represent significant security risks that could lead to system compromise, data breaches, or service disruptions if exploited.High-severity vulnerabilities may include issues such as Remote control over the system with user privileges and authentication bypass vulnerabilities. Medium (Severity Level 3) Medium-severity vulnerabilities represent potential security risks that could lead to information disclosure, unauthorized access, or system compromise. This may include issues such as Remote access to applications or services. Low (Severity Level 2) Low-severity vulnerabilities represent security issues that pose limited risk to affected systems or data and may require additional context or conditions to be exploited. This may include issues such as sensitive information disclosure and determining precise service/system versions. For example, outdated software versions. Informational (Severity Level 1) Informational findings represent basic information gathered during scans, such as Open ports, system configurations, and other easily gathered information. In the report, you will see the scan status, date, target IP/Asset group, the scanner that was used, the option profile, the severity, and so on. The severity level of this scan is severe, which is 5 color-coded red. Here you see the result by Categories Detailed Results: Here, you will find the severity levels and a list of color codes. Click the > icon next to each result to expand each section and view its vulnerability details. Click on the Associated CVEs to read more about the vulnerability and how to fix it.

What is Windows Defender Firewall? The Windows Defender Firewall serves as an integrated security component in Windows, safeguarding your computer against entry and potential threats posed by software attempting to infiltrate via the internet or local network. How does Windows Defender Firewall work? Windows Defender Firewall monitors the traffic coming in and out of your system and decides whether to allow or block traffic based on predefined rules. Windows Defender Firewall acts as a barrier, blocking unauthorized access and keeping your system safe. For example, If a hacker or malware tries to sneak into your computer through the internet. It not only protects you from threats coming from the outside but also helps manage communication between different programs on your computer. It ensures that only safe and authorized connections are allowed, preventing malicious programs from spreading or accessing sensitive information. You can create rules to allow specific programs or services to communicate over the network while blocking others. This gives you control over what enters and leaves your computer. In the search box, type Control Panel. Then click Control Panel. To easily locate Windows Defender Firewall, change your “view by” on the top right to small icons Click Windows Defender Firewall > Turn Windows Defender Firewall on or off. Check the radio button next to Turn off Windows Defender Firewall (not recommended) under Domain Network Settings. Check the radio button next to Turn off Windows Defender Firewall (not recommended) under Private Network Settings. Check the radio button next to Turn off Windows Defender Firewall (not recommended) under Public Network Settings. Then click the OK button to save the changes. Windows Defender Firewall was successfully turned off. Your screen should look similar to the screenshot below. Conclusion While it is not recommended to turn off Windows Defender Firewall for security purposes, you may need to do so in some situations, such as when you are trying to bypass the firewall for testing purposes. Or trying to set up a vulnerable machine for practicing penetration testing/ vulnerability scanning in your lab environment.

As cybersecurity threats continue to grow, organizations and individuals need to assess the security of their systems regularly. One way to do this is through vulnerability scanning. A process that helps identify weaknesses in a system that malicious actors could exploit. In this guide, we will explore how you can intentionally make a Windows 10 machine vulnerable to attack for vulnerability scanning/penetration testing purposes. How to make a Windows 10 machine vulnerable to attack for vulnerability scanning purposes 1. Turn Off Firewall and Antivirus:  One of the first steps in making a Windows 10 machine vulnerable is to turn off the firewall and anti-virus. Windows 10 has a built-in firewall and Windows Defender antivirus software to protect your system from threats. Disable both the firewall and antivirus to make your machine vulnerable. This leaves your system unprotected against viruses, malware, and other malicious activities. 2. Disable Security Updates: Security updates are critical for patching known vulnerabilities in the operating system and other software installed on the machine. Disabling automatic updates leaves your system exposed to any existing security flaws. 3. Install Old/Outdated Software: Installing outdated software is another way to introduce vulnerabilities into your Windows 10 machine. This includes installing outdated applications, plugins, operating system versions, and web browsers. Older software versions may have known security issues that have been patched in later releases. By using outdated software, you increase the risk of exploitation. 4. Enable Remote Desktop Access: Enabling Remote Desktop access on your Windows 10 machine can create a potential entry point for attackers. Remote Desktop allows remote connection to your system, which can be exploited by malicious actors if not properly secured. Enabling this feature without a proper security measure makes your machine more vulnerable to attacks. Now that you have a good understanding of what this post is all about. Let’s proceed to making our Windows 10 Machine vulnerable. Download and install some old version software on your Windows 10 machine Install the old/ outdated version software listed above and restart your Windows 10 Machine. Next, we will make the following changes to our Windows 10 target/vulnerable machine: How to enable file sharing in Windows 10 Click on the network icon at the lower right of your screen. Click on Network & Internet settings highlighted in blue. Click Network and Sharing Center. Click the Change Advanced Sharing Settings link on the left. Click the Change Advanced Sharing Settings link on the left. Under Guest or Public (Current Profile), turn on network discovery and turn on file and printer sharing. As shown below, click on the Save Changes button. Ensure these settings are correct. For All Networks, turn off Public Folder Sharing and turn on Password Protected Sharing. Next, we are going to turn the Windows firewall off. How to turn Windows Defender off In the search box, type Control Panel. Then click Control Panel. To easily locate Windows Defender Firewall, change your “view by” on the top right to small icons. Click Windows Defender Firewall > Turn Windows Defender Firewall on or off Check the radio button next to Turn off Windows Defender Firewall (not recommended) under Domain Network Settings. Check the radio button next to Turn off Windows Defender Firewall (not recommended) under Private Network Settings. Check the radio button next to Turn off Windows Defender Firewall (not recommended) under Public Network Settings. Then click the OK button to save the changes. Windows Defender Firewall was successfully turned off. Your screen should look similar to the screenshot below. Click here to learn about Windows Defender. Let’s Enable Remote Registry Service How to Enable Remote Registry Service in Windows 10 In the search box, type Service. Click on services Look for Remote Registry. and right-click on it. Click on Properties, and change Startup Type from Manual to Automatic to start automatically at reboot. Click Apply and click OK. Finally, let’s configure User Access Control (UAC). We need to disable User Access Control (UAC. How to disable User Access Control (UAC) in Windows 10 Log in to your Windows 10 as an administrator. In the search box, type Contol Panel. Click on Contol Panel. Change the view by: to small icons on the top right for easy access. Click on User Accounts. Click Change User Account Control Settings. Move the slider down to Never Notify. Click OK. Click Yes on the User Account Control prompt. Restart the machine for the changes to take effect. How to Change Remote UAC Settings Launch Registry Editor by typing run in the search box as shown below. Open type regedit.exe and click the OK button to open it. You may need to run it in administrator mode to perform this action. We will perform a vulnerability assessment on this Windows 10 machine in our next lab. Click here to learn. Happy Learning! References https://cdn2.qualys.com/docs/qualys-authenticated-scanning-windows.pdf

Authenticated scanning involves providing credentials (such as usernames and passwords) to the scanning tool, allowing it to log in to the target systems or devices as an authorized user. This enables the scanning tool to access and collect detailed information about the target’s configuration, installed software, patches, and other system attributes that may not be accessible through non-authenticated scanning methods.Qualys Authentication allows the scanning tool to gather comprehensive information about the target systems, including detailed software inventory, configuration settings, and patch status. By authenticating to target systems, Qualys can perform deeper vulnerability assessments, identify misconfigurations, missing patches, and potential security weaknesses that may be overlooked in non-authenticated scans. Authenticated scanning offers several benefits, including: More accurate and comprehensive vulnerability assessment results.Better detection of security issues related to system configuration and patch management.Reduced false positives and more reliable risk prioritization.Enhanced compliance auditing capabilities, particularly for regulatory requirements that mandate comprehensive asset inventory and configuration management. Click here for a step-by-step guide on installing and configuring Qualys Virtual Scanner. Once your virtual Appliance is ready as shown in the screenshots below, let’s proceed with the scanning. We need to create an Option Profile for the authentication scan. Click on the scans tab > Option Profiles > New > Option Profiles. Name your new Option Profile Click on Scan, for this example we are leaving everything else as default except the Authentication as this is a basic Authentication scan. We are using the Windows Domain Authentication created in the previous lab. See how to create Windows Domain Authentication here. Click here to learn how to set up Unix Authentication (Linux in Qualys). Check the box next to Windows under Authentication. And Click the save button. Next, we are going to create a new Scan. To do this, click the Scans tab > Scans > New > Scan. Give your new scan a Title, Select the Option Profiles created, leave the Processing Priority as 0, and choose the Virtual Scanner Appliance created. Choose your Target Host. You can choose an Asset Group, see how to create an Asset Group here. For this example, I am scanning a specific IP address of a Windows 10 virtual machine I made Vulnerable. See how to make a vulnerable machine here. Note: Before you launch the scan, ensure your target host IP address (es) is in the same range as the IP address of your virtual appliance. Turn the firewall off on your target host. For this example, my target host is Windows 10 and Windows Defender is turned off. See how to turn Windows Defender off here. Click the Launch button. The Scan was completed successfully. You should see similar to the screenshot below. Next, let’s review the Scan Result. Click here for How to Analyze Qualys Scan Results.

Non-authenticated scanning involves scanning target systems without providing any credentials. In this scenario, the scanning tool can only collect information that is accessible from outside (external) the target system, such as open ports, network services, and banner information. Non-authenticated scans are typically less intrusive and can provide a quick overview of potential vulnerabilities and exposures present on the network. Qualys non-authenticated scanning (sometimes referred to as “no authentication scan”) allows organizations to perform vulnerability assessments without the need for privileged access to target systems. While non-authenticated scans may not provide as much detail as authenticated scans, they still play a valuable role in identifying common vulnerabilities, misconfigurations, and exposures that could be exploited by attackers. Some key points regarding non-authenticated scanning: Non-authenticated scans are useful for quickly identifying externally visible vulnerabilities and exposures.They can be performed without the need to manage and maintain credentials for target systems.Non-authenticated scans may not detect all vulnerabilities, especially those related to configuration settings, missing patches, or user-specific privileges. Click here for a step-by-step guide on installing and configuring Qualys Virtual Scanner. Once your virtual Appliance is ready as shown in the screenshots below, let’s proceed with the scanning. We need to create an Option Profile. Click on the scans tab > Option Profiles > New > Option Profiles. Name your new Option Profiles Click on Scan, for this example we are leaving it as default as this is a basic Non-authentication scan. Click the save button. We have successfully created an Option Profiles Next, we are going to create a new Scan. To do this, click the Scans tab > Scans > New > Scan. Give your new scan a Title, Select the Option Profiles created, leave the Processing Priority as 0, and choose the Virtual Scanner Appliance created. Choose your Target Host. You can choose an Asset Group, see how to create an Asset Group here. For this example, I am scanning a specific IP address of a Windows 10 virtual machine I made Vulnerable. See how to make a vulnerable machine here. Note: Before you launch the scan, ensure your target host IP address (es) is in the same range as the IP address of your virtual appliance. Turn the firewall off on your target host. For this example, my target host is Windows 10 and Windows Defender is turned off. See how to turn Windows Defender off here. Click the Launch button. The Scan was completed successfully. You should see similar to the screenshot below. The scan was completed successfully, let’s review the Scan Result. Click here for How to Analyze Qualys Scan Result.

Qualys Cloud Agent allows you to gain instant, global visibility of your IT assets. It Can monitor assets that are impossible or difficult to monitor with network scanners. The Qualys Cloud Agent is lightweight and can be installed on any host such as a desktop, laptop, server, or virtualmachine. It collects data continuously about the assets they are installed on. Whether the assets are offline or online. In your Ubuntu machine, log in to your Qualys account. You will be presented with the welcome screen as shown in the screenshot below. Click on the Download Cloud Agent button. Choose your Operating System. I am using the Linux (.deb) Operating System in this example. You don’t have the welcome page? You can download the Qualys Cloud agent by clicking the drop-down arrow on the top left and clicking Cloud Agent as shown in the screenshot below. Alternatively, Click on the drop-down arrow next to the Default VMDR Action Key. Click Install Agent Click on the Install Instructions for Debian Ubuntu. Click the Download button. Copy the code in the installation steps presented. Qualys Cloud Agent is now downloaded successfully. If this isn’t the machine you want it to be installed on, copy the agent to the intended machine. To install the Agent, open the terminal and Change the Directory using the cd command to where your agent is located on your system. as shown in the example below, type cd ~/Downloads and press enter. Now paste the code you copied and press enter. Enter your sudo password. The agent is successfully installed. And you can view it in your Qualys account under the Agents tab as shown in the screenshot below.

First, find out your dynamic Ip address assigned by the DHCP. To do this, open the terminal, type ifconfig and press enter. This gives you the information as shown in the screenshot below. Note the eth0 detail. To set a static IP address using GUI, click the application icon and start typing in the word “network”. Click on “Advanced Network Configuration“ Click the ipv4 Setting tab. Change the Method from Automatic(DHCP) to Manual Enter your IP address, Netmask, Gateway, and DNS Server as shown in the screenshot below. You can use the Ip address noted earlier or use a new Ip address. Click the Save button to save the changes. Open your terminal, type ifconfig and press enter. Take note of your eth0 detail. Set a static IP address in Kali Linux using the terminal. We need to use the nano command to edit /etc/network/interfaces to do this. Open your terminal, type sudo nano /etc/network/interfaces and press enter. As shown in the screenshot below, edit the file with your IP address, gateway, and netmask. A pop-up appears, asking you to authenticate to start ‘NetworkManager.service’. Enter your sudo password and click the Authenticate button. Now type sudo systemctl restart networking.service and press enter to restart the service. Type ifconfig and press enter to confirm the changes.