CalCom

Tel Aviv, Israel
2001
  |  By By John Gates
Secure Boot constitutes a vital component within modern Windows servers and client devices, forming an integral aspect of the Unified Extensible Firmware Interface (UEFI) specification. Its primary function involves the validation of trusted software components during the boot process, thereby fortifying system security against diverse malware and unauthorized software infiltrations.
  |  By By John Gates
Anonymous logon refers to a type of network access where a user can log in to a system or network resource without providing any authentication credentials such as a username or password. This type of access is typically granted to allow basic, unauthenticated access to certain resources for public use or for specific purposes.
  |  By By John Gates
The “Network access: Restrict clients allowed to make remote calls to SAM” security policy setting manages which users are permitted to view the list of users and groups stored in both the local Security Accounts Manager (SAM) database and Active Directory through remote calls. This policy setting allows you to restrict remote RPC connections to SAM. If not selected, the default security descriptor will be used.
  |  By By John Gates
Cipher suites are a set of cryptographic algorithms utilized by the schannel SSP implementation of TLS/SSL protocols. These algorithms are employed to generate keys and encrypt data. Each cipher suite designates specific algorithms for the following functions: In TLS 1.2 and TLS 1.3, the NSA suggests using cryptographic settings that meet the standards in CNSSP 15, known as Commercial National Security Algorithms.
  |  By By John Gates
Kernel Direct Memory Access (DMA) Protection is a security feature in Windows designed to prevent unauthorized access to memory by external peripherals. Kernel DMA Protection requires UEFI firmware support, and Virtualization-based Security (VBS) isn’t required. Kernel DMA Protection offers enhanced security measures for the system compared to the countermeasures against BitLocker DMA attacks, all while preserving the usability of external peripherals.
  |  By By John Gates
Windows permits an anonymous user to carry out specific actions, such as listing the names of domain accounts and network shares. This functionality proves useful in scenarios when an administrator needs to provide access to users in a trusted domain lacking a reciprocal trust agreement. By default, the Everyone security identifier (SID) is excluded from the token generated for anonymous connections. Consequently, permissions assigned to the Everyone group don’t extend to anonymous users.
  |  By By John Gates
The SQL Server Audit object gathers individual occurrences of server or database-level actions and sets of actions for monitoring purposes. This audit operates at the SQL Server instance level, allowing for multiple audits per instance. Upon defining an audit, you designate the destination for result output. Before beginning a SQL Server audit pay attention to the limitations and restrictions associated with database audit specifications.
  |  By By John Gates
Interactive logon: Machine inactivity limit is among the 9 Interactive logon security settings. If a user hasn’t been active on their Windows session for a while and surpasses the set limit, this setting typically controls the duration of inactivity allowed before the user is automatically logged out of their session on a machine. The recommended state for this setting is: 900 or fewer second(s), but not 0.
  |  By CalCom
Access Control Entry (ACE) is data within an access control list detailing the access privileges assigned to an individual user or a collective group of users. In the Access Control Entry system each ACE is associated with an identification (ID) that distinguishes the specific individual or group of subjects.
  |  By CalCom
SDDL, or Security Descriptor Definition Language, defines the string format that the ConvertSecurityDescriptorToStringSecurityDescriptor and ConvertStringSecurityDescriptorToSecurityDescriptor functions use to describe the security settings of an object in Windows as a text string. Think of it like a simple language for defining who can access an object (like a file, folder, or registry key) and what they can do with it.
  |  By CalCom
In this video discussing server hardening, you’ll learn why server hardening is so important to your IT Enterprise. Whether you’re a seasoned CISO or IT professional, this video is a must-watch for anyone who wants to keep their servers secure.
  |  By CalCom
Explore the core principles behind these baselines, including risk management, threat identification, and control selection. Gain insights into the latest updates and revisions, ensuring you stay up-to-date with the best practices and industry standards.
  |  By CalCom
To safeguard the SQL layer against common SQL-based attacks, including Denial of Service, Brute Force, and SQL injections, and to prevent privilege escalations, hardening the SQL server is of utmost importance. Achieving compliance and satisfying auditors also necessitates SQL hardening. By implementing SQL hardening measures at both the application and operating system levels, the organization can significantly reduce its attack surface and eliminate critical vulnerabilities.
  |  By CalCom
When installing a new Linux server, you should be aware that its level of security is very low by default, to allow as much functionality as possible. Therefore, performing basic hardening actions before the server is installed in production is crucial. CalCom Software is hardening RedHat / Linux.
  |  By CalCom
The LAN Manager (LM) is a group of early Microsoft client/server software products that enable users to connect personal computers on a single network. Its features include transparent file and printer sharing, user security features, and network administration tools. In Active Directory domains, the default authentication protocol is the Kerberos protocol. However, if Kerberos is not available for any reason, LM, NTLM, or NTLMv2 can be used as an alternative.
  |  By CalCom
  |  By CalCom
Access this computer from the network - best practices for DC and Member Server
  |  By CalCom
This policy setting determines whether the LDAP server requires LDAP clients to negotiate data signing. Using the default configuration of this value allows LDAP clients to communicate with Active Directory in an insecure fashion.
  |  By CalCom
Server hardening is a bigger challenge today than ever before. When infrastructure becomes more and more complex, it is impossible to achieve compliance using manual tools to harden servers. CalCom offers an automated solution for server hardening for easy policy enforcement and maximum compliance.
  |  By CalCom
Auditing Kerberos service ticket operations is important for detecting hackers trying to use Kerberos as an attack vector. The default value of this configuration is to audit only successful events. This may eventually result in missing an attack or not having enough information to investigate it.

CalCom Hardening Solution (CHS) is the ideal choice for IT Ops & CISOs looking to create a secured configured infrastructure.

CHS is a flexible hardening tool, with the unique ability to ‘learn’ where desired hardening changes will adversely impact production activity. CHS determines the impact of baseline changes before they implemented, producing visible conclusions for decision-makers. CHS eliminates time-consuming lab testing, reduces the cost and impact of hardening, and centering infrastructure control, thereby stopping security breaches and operational mistakes.

How Can CalCom Hardening Suite Make a Huge Difference In Server Hardening:

  • Cost effective server hardening process: Save time and resources required for testing security policies in lab environments.
  • Zero server outages: Ensure that production services are not harmed during server hardening.
  • Prevent & monitor unauthorized policy changes: Stop security breaches and operational mistakes before they happen.

Make Your Hardening Project Effortless.