phewadm, Author at phew-Staging

Why Your Data Is At Risk – And What To Do About It

25 July 2019

The New Report from Rapid 7 Security vendor Rapid 7 has released a new report analysing the results from penetration tests conducted by it between September 2018 and May 2019. The report is based on data is taken from 180 real-world internal and external penetration tests conducted on enterprise organisations. What are the Key Findings? Domain Admin Access The report finds that cybercriminals who manage to get access to an internal network have an opportunity to then gain domain administrator access in more than three quarters of cases. Finding Vulnerabilities The report also showed that penetration testers are almost always

What’s BlueKeep and why does it matter?

25 June 2019

What is BlueKeep? BlueKeep is the name given to a severe vulnerability that Microsoft recently identified in its Remote Desktop Protocol (RDP) service. This is being tracked under CVE-2019-0708. The vulnerability impacts the RDP service included in older versions of the Windows OS, such as XP, 7, Server 2003, and Server 2008. Although only older versions of Windows are affected, at the time of writing this equates to around one million devices. Devices running these older versions are exposing RDP to the internet, leaving them vulnerable to attack. What’s the problem? The problem is that the vulnerability can be abused

How to reconnect to an existing SSL VPN connection

7 June 2019

How to reconnect to an existing SSL VPN connection Windows From the system tray in the taskbar identify the FortiClient icon. Right click on the icon. Click on the remote connection you want to establish Type in the password and username (if not already filled). Click Connect. Mac From the menu bar, identify the FortiClient icon. Click on the icon Click on the remote connection you want to establish. Type in the password and username (if not already filled). Click Connect.

How to disconnect an SSL VPN connection

7 June 2019

How to disconnect an SSL VPN connection Windows From the system tray in the taskbar identify the FortiClient icon. Right click on the icon. Click on Disconnect <Connection Name>. Mac From the menu bar, identify the FortiClient icon. Click on the icon. Click on Disconnect <Connection Name>.

How to setup a new SSL VPN connection

7 June 2019

Navigate to https://forticlient.com/downloads from your web browser. Download “FortiClient VPN” application for your OS. NOTE that this is not the same application as the other types of FortiClient available on this page. Once download is complete install the application. Windows users should run the installer as administrator, or if you don’t have a permission ask your administrator to do so. Open FortiClient. From the left side tab select Remote Access. Click the gear icon on the top right of the interface Click Add a new connection. New VPN Connection settings will open. Select the SSL-VPN tab. Complete the New VPN

Isn’t this less convenient?

6 June 2019

Isn’t this less convenient? Yes, it might seem like it. Using the same, simple password everywhere is probably the most convenient way to authenticate to all the services you need to log into during your working week (and your personal life). But that’s not the end of it! We like to say that there is a scale with ‘Convenience’ at one end and ‘Security’ at the other end. Most prefer to to live right down the ‘Convenience’ end of that scale. However we now all understand that we have to move along that scale in the direction of ‘Security’. The Internet has

Understanding the LastPass notifications

6 June 2019

Understanding the LastPass notifications Password Update Notifications: If you update a password for an existing site, LastPass will detect that change and you will see a browser popup asking you whether you want to update the stored password for that site. If you do indeed want to update this item, click Update. Otherwise click Not now. If you have two similar looking items for the relevant site, but with a different usernames, LastPass will send you a browser popup to ask which account should it update (if any). Click the account you want to update, then click Update. New Site Notifications: If

How do I use the LastPass Authenticator for MFA?

6 June 2019

How do I use the LastPass Authenticator for MFA? LastPass Authenticator is a “multi-factor” authentication application for Android, iOS, and Windows mobile devices. Multi-factor authentication (aka “MFA”) is the process of requiring more than just a password to authenticate to a web site, service or application. There are three “factors” of authentication: Something you know (generally a password/passphrase) Something you have (generally a TOTP – see below) Something you are (biometrics, like your fingerprint, face-shape, iris pattern, retina pattern, etc) “TOTP” is short for time-based one-time password. It means a code (normally 6 digits) that changes frequently (eg every 60

Trusting mobile devices for LastPass access

6 June 2019

Trusting mobile devices for LastPass access When you try to access your LastPass Vault from a mobile device that has not previously been authorised to access your Vault, it is necessary to confirm that the new device is “trusted”. Managing access restriction for new mobile devices You can enable or disable the requirement of LastPass sending a verification email containing a secure link that you must click on in order to allow you to access your account from a mobile device. Log in to LastPass and access your Vault. Click Account Settings on the left menu. Click the Mobile Devices tab. Choose one of the

Articles by phewadm