It is very important to see how many users your Websense proxy counted
today, because if you exceed the number of your licence, it means your
clients will not be blocked in that day anymore. To see the count, login
to SQL Server Management Studio in Triton Manager server, and open a
"New Query" window for the catalog database like that;
and run the query below. It will show you the number of the clients that Websense counted in last 100 days.
SELECT TOP (100) PERCENT DAY(date_time) AS day, MONTH(date_time) AS month, YEAR(date_time) AS year, COUNT(DISTINCT source_ip_int) AS ip_count
FROM dbo.incoming WITH (NOLOCK)
GROUP BY DAY(date_time), MONTH(date_time), YEAR(date_time)
ORDER BY month desc, day desc
10/5/16
9/29/16
"Additional forensics data is not available" error in Websense (Forcepoint) DLP
Sometimes, while DLP is working fine, you can encounter "Additional forensics data is not available" error in the "Forensics" tab of the incident. This means you cannot see the details of the incident.
It has a very simple solution;
1- Stop the DSSManager service and rename the following folders:
Websense says that you should not lose any incident in this scenario, and I have tried a few times, I really did not lose any incident.
It has a very simple solution;
1- Stop the DSSManager service and rename the following folders:
- %DSS_HOME%\tomcat\work > work.old
- %DSS_HOME%\tomcat\logs > logs.old
- %DSS_HOME%\tomcat\temp > temp.old
Websense says that you should not lose any incident in this scenario, and I have tried a few times, I really did not lose any incident.
Etiketler:
DLP,
Forcepoint,
Websense
9/26/16
What Happened to Yahoo!?
Yahoo has
confirmed that a copy of certain user account information was stolen from Yahoo
systems in 2014. Despite the acceptance of the data leakage, it is not certain
what type of data has stolen. According to Yahoo, the data may include names,
e-mail addresses, phone numbers, dates of birth, hashed passwords, and security
questions and answers. If you are lucky, just one or two of them may be stolen
for your account.
Yahoo now
does not allow people access accounts with unencrypted security questions and meanwhile,
they continue to detect unauthorized access to user accounts.
If you have
a Yahoo account, change your password and security questions for any other
accounts on which you used the same or similar information used for your Yahoo
account as soon as possible, and review your accounts for suspicious activity.
Phishing Technique and Its Success
Phishing is a social engineering technique that
manipulating people to perform some actions as the attacker wants. The attacker
prepares an e-mail as if it was sent from a known individual or organization, and
leads the victim to click on a link that will take the user to a malicious
website or download some malicious file, or to a fraudulent website that
appears legitimate so the victim enters his username and password or some more
individual information about himself.
Phishing is a very successful technique because people do not visit websites carefully or they do not have much time to be more careful, to investigate about the website or e-mail. One of the reasons may be that they did not become a victim before, or maybe they do not know even if they were. People easily trust brands and/or logos and influential texts. There is a lack of information assurance knowledge.
How Does Phishing Works?
Countermeasures
The most effective defense against phishing is creating user awareness. One
employee that you do not improve his awareness can cause to be hacked.
“You are as strong
as the weakest link in your defense system” Sun Tzu
Do
not let your clients use company e-mail addresses in Internet for personal
usage. Spammers search internet for the e-mail addresses used by company to send
the spam mail to more users.
Never
respond to spam, or click on “unsubscribe” links from questionable sources.
Make
sure your antispam solution works J
Use
Proxy servers in company, for clients’ internet usage. A Proxy server that has
a dynamic scanning feature can decrease the possibility to be hacked by
phishing. Even if the user opens the link in the e-mail, the Proxy would not
let him to enter the website.
Even if it is not enough for your security, ensure that all employee’s
PCs, and antivirus agents are up to date.
Getting hostname from an IP address list with PowerShell
To get the list of hostnames of a
network, first create a txt file with includes one ip address in each
line (ip_list.txt). You can get the hostname list (hostname_list.txt) of
the IP addresses that you wrote in the ip_list.txt file with using the
script below;
($_)).hostname >> "C:\hostname_list.txt"
}
If you also want to see the IP addresses that cannot be resolved, you can use the script below;
get-content C:\ip_list.txt | foreach-object{$a=([system.net.Dns]::GetHostByAddress
($_)).hostname
if($? -eq $False) {
add-content C:\hostname_list.txt $_, "Cannot resolve hostname"," "
}
elseif($? -eq $True){
add-content C:\hostname_list.txt $_,$a," "
}}
We made a tiny application and published it in sourceforge for resolving hostnames from an IP Address list, and for the opposite of it. Hope you like it.
http://secureeo.blogspot.com.tr/p/ip-hostname-converter.html
Subscribe to:
Posts (Atom)