Tel Aviv, Israel
May 31, 2023   |  By John Gates
The cybersecurity landscape is witnessing a phenomenon that has come to be known as the “Great Resignation” among Chief Information Security Officers (CISOs). The challenges faced by CISOs in coping with ever-increasing regulations, compliance mandates, and the need for skilled resources have reached a tipping point. Coupled with a lack of cooperation from the C-suite, these factors have led to a surge in burnout among CISOs.
May 30, 2023   |  By John Gates
The Center for Internet Security (CIS) team continuously release updates about cybersecurity best practices for new technologies. As of March 2023 all CIS Windows Server and Windows Workstation Benchmarks will be updated once a year to align with Microsoft’s update schedule. Major version updates that CIS will release (i.e., updating from v1.12.0 to v2.0.0) will account for significant changes in the operating system.
May 29, 2023   |  By John Gates
CIS Critical Security Control, known now as CIS Controls have recently been updated and revised in the CIS Controls v8 released by the Center for Internet Security (CIS). The CIS Controls are a collection of industry-recognized best practices for businesses dealing with data security risks. Such measures were created to make things easier and keep the IT operations and security teams attention on crucial tasks.
May 25, 2023   |  By John Gates
The CIS Critical Security Controls (CIS Controls) created by the Center for Internet Security (CIS) offer a set of best practices and recommendations that address key areas of system security, such as secure configurations, access controls, and vulnerability management. By following the CIS Controls, organizations can systematically strengthen their systems, reduce the attack surface, and mitigate common security risks.
May 23, 2023   |  By Keren Pollack
Transport Layer Security 1.0 (TLS 1.0) is a cryptographic protocol designed to provide secure communication between web browsers and servers. It is used in almost every app nowadays. Many IP-based protocols such as HTTPS, SMTP, POP3, and FTP support TLS. Disable TLS 1.0 is a critical task for security and compliance.
May 22, 2023   |  By John Gates
In the ever-evolving landscape of cybersecurity, organizations strive to safeguard their systems and data against emerging threats. Amidst this pursuit, CIS Benchmarks emerge as an indispensable resource, offering a wealth of knowledge and practical recommendations. But what exactly are CIS Benchmarks, and why are they highly regarded across industries?
May 22, 2023   |  By Keren Pollack
Hardening the “RDS: Do not allow clipboard redirection” settings is a fundamental step in server hardening. Hardening servers can be a painful procedure. Hardening remote services such as RDS is one of the most critical operational components when hardening servers as it have immediate impact on user and application functionality. Endless hours, and resources are invested in this process. However, despite the efforts, hardening often causes damage to production server environments.
May 4, 2023   |  By Keren Pollack
Kerberos is an authentication protocol. It is designed for client-server applications and requires mutual verification. Kerberos, the default protocol used for logging into a Windows machine that is part of a domain, relies on a secure communication channel between the client and the Domain Controller (DC). Windows updates address security concerns such as vulnerabilities in this channel, ensuring that the user database stored on the DC is protected.
May 1, 2023   |  By Keren Pollack
NTLM authentication is a legacy protocol used to authenticate users and computers in Windows-based networks. Despite the availability of newer and more secure protocols, NTLM is still widely used and required for deploying Active Directory, a crucial component of Windows-based networks. This is because NTLM is deeply ingrained in the Windows architecture, making it difficult to disable without causing damage to production systems.
Apr 29, 2023   |  By Keren Pollack
System hardening refers to actions done to reduce the attack surface, by securing the configurations of the system’s components (servers, applications, etc.). As arrived from the manufacturer, system components are more function-oriented than security, which means that unnecessary functions are enabled. Each function is a potential attack vector, so securing the system’s configuration is critical for mitigating vulnerabilities and preventing breaches.
Mar 21, 2023   |  By CalCom
When installing a new Linux server, you should be aware that its level of security is very low by default, to allow as much functionality as possible. Therefore, performing basic hardening actions before the server is installed in production is crucial. CalCom Software is hardening RedHat / Linux.
Mar 9, 2023   |  By CalCom
The LAN Manager (LM) is a group of early Microsoft client/server software products that enable users to connect personal computers on a single network. Its features include transparent file and printer sharing, user security features, and network administration tools. In Active Directory domains, the default authentication protocol is the Kerberos protocol. However, if Kerberos is not available for any reason, LM, NTLM, or NTLMv2 can be used as an alternative.
May 26, 2021   |  By CalCom
May 6, 2021   |  By CalCom
Access this computer from the network - best practices for DC and Member Server
Apr 13, 2021   |  By CalCom
This policy setting determines whether the LDAP server requires LDAP clients to negotiate data signing. Using the default configuration of this value allows LDAP clients to communicate with Active Directory in an insecure fashion.
Apr 8, 2021   |  By CalCom
Server hardening is a bigger challenge today than ever before. When infrastructure becomes more and more complex, it is impossible to achieve compliance using manual tools to harden servers. CalCom offers an automated solution for server hardening for easy policy enforcement and maximum compliance.
Apr 4, 2021   |  By CalCom
Auditing Kerberos service ticket operations is important for detecting hackers trying to use Kerberos as an attack vector. The default value of this configuration is to audit only successful events. This may eventually result in missing an attack or not having enough information to investigate it.
Mar 16, 2021   |  By CalCom
This video will discuss the recommended setting for Symbolic Links in your servers, since as much as they are useful, Symbolic Links can also be used maliciously to gain access and control in your network.
Feb 12, 2020   |  By CalCom
This policy specifies whether to prevent the redirection of data to client LPT ports during a Remote Desktop Services session. You can use this setting to prevent users from mapping local LPT ports and redirecting data from the remote computer to local LPT port peripherals. If a value is configured to Disabled or Not Configured, the attacker can leverage it to map the client’s LPT ports. In addition, he can use the port to redirect data from the Terminal Server to the local LTP ports.

CalCom Hardening Solution (CHS) is the ideal choice for IT Ops & CISOs looking to create a secured configured infrastructure.

CHS is a flexible hardening tool, with the unique ability to ‘learn’ where desired hardening changes will adversely impact production activity. CHS determines the impact of baseline changes before they implemented, producing visible conclusions for decision-makers. CHS eliminates time-consuming lab testing, reduces the cost and impact of hardening, and centering infrastructure control, thereby stopping security breaches and operational mistakes.

How Can CalCom Hardening Suite Make a Huge Difference In Server Hardening:

  • Cost effective server hardening process: Save time and resources required for testing security policies in lab environments.
  • Zero server outages: Ensure that production services are not harmed during server hardening.
  • Prevent & monitor unauthorized policy changes: Stop security breaches and operational mistakes before they happen.

Make Your Hardening Project Effortless.