10/5/16

Determining User Count on Websense (Forcepoint)

It is very important to see how many users your Websense proxy counted today, because if you exceed the number of your licence, it means your clients will not be blocked in that day anymore. To see the count, login to SQL Server Management Studio in Triton Manager server, and open a "New Query" window for the catalog database like that;



and run the query below. It will show you the number of the clients that Websense counted in last 100 days.


SELECT TOP (100) PERCENT DAY(date_time) AS day, MONTH(date_time) AS month, YEAR(date_time) AS year, COUNT(DISTINCT source_ip_int) AS ip_count

FROM dbo.incoming WITH (NOLOCK)

GROUP BY DAY(date_time), MONTH(date_time), YEAR(date_time)

ORDER BY month desc, day desc




9/29/16

"Additional forensics data is not available" error in Websense (Forcepoint) DLP

Sometimes, while DLP is working fine, you can encounter "Additional forensics data is not available" error in the "Forensics" tab of the incident. This means you cannot see the details of the incident.

It has a very simple solution;

1-  Stop the DSSManager service and rename the following folders:

  1. %DSS_HOME%\tomcat\work > work.old
  2. %DSS_HOME%\tomcat\logs > logs.old
  3. %DSS_HOME%\tomcat\temp > temp.old
2- Create a new %DSS_HOME%\tomcat\temp folder and restart the DSSManager service.

Websense says that you should not lose any incident in this scenario, and I have tried a few times, I really did not lose any incident. 

9/26/16

What Happened to Yahoo!?


Yahoo has confirmed that a copy of certain user account information was stolen from Yahoo systems in 2014. Despite the acceptance of the data leakage, it is not certain what type of data has stolen. According to Yahoo, the data may include names, e-mail addresses, phone numbers, dates of birth, hashed passwords, and security questions and answers. If you are lucky, just one or two of them may be stolen for your account.

Yahoo now does not allow people access accounts with unencrypted security questions and meanwhile, they continue to detect unauthorized access to user accounts.

If you have a Yahoo account, change your password and security questions for any other accounts on which you used the same or similar information used for your Yahoo account as soon as possible, and review your accounts for suspicious activity.


For more information about the issue, please visit https://yahoo.com/security-update.

Phishing Technique and Its Success

Phishing is a social engineering technique that manipulating people to perform some actions as the attacker wants. The attacker prepares an e-mail as if it was sent from a known individual or organization, and leads the victim to click on a link that will take the user to a malicious website or download some malicious file, or to a fraudulent website that appears legitimate so the victim enters his username and password or some more individual information about himself.

Phishing is a very successful technique because people do not visit websites carefully or they do not have much time to be more careful, to investigate about the website or e-mail. One of the reasons may be that they did not become a victim before, or maybe they do not know even if they were. People easily trust brands and/or logos and influential texts. There is a lack of information assurance knowledge.




How Does Phishing Works?















Countermeasures

The most effective defense against phishing is creating user awareness. One employee that you do not improve his awareness can cause to be hacked.

            “You are as strong as the weakest link in your defense system” Sun Tzu

Do not let your clients use company e-mail addresses in Internet for personal usage. Spammers search internet for the e-mail addresses used by company to send the spam mail to more users.

Never respond to spam, or click on “unsubscribe” links from questionable sources.

Make sure your antispam solution works J

Use Proxy servers in company, for clients’ internet usage. A Proxy server that has a dynamic scanning feature can decrease the possibility to be hacked by phishing. Even if the user opens the link in the e-mail, the Proxy would not let him to enter the website.

Even if it is not enough for your security, ensure that all employee’s PCs, and antivirus agents are up to date.





Getting hostname from an IP address list with PowerShell

To get the list of hostnames of a network, first create a txt file with includes one ip address in each line (ip_list.txt). You can get the hostname list (hostname_list.txt) of the IP addresses that you wrote in the ip_list.txt file with using the script below;
get-content C:\ip_list.txt | foreach-object{([system.net.Dns]::GetHostByAddress
($_)).hostname >> "C:\hostname_list.txt"
}


If you also want to see the IP addresses that cannot be resolved, you can use the script below;

get-content C:\ip_list.txt | foreach-object{$a=([system.net.Dns]::GetHostByAddress
($_)).hostname
if($? -eq $False) {
add-content C:\hostname_list.txt $_, "Cannot resolve hostname"," "
}

elseif($? -eq $True){
add-content C:\hostname_list.txt $_,$a," "
}}


We made a tiny application and published it in sourceforge for resolving hostnames from an IP Address list, and for the opposite of it. Hope you like it.
http://secureeo.blogspot.com.tr/p/ip-hostname-converter.html