Calcom Blog

New Posts Policy Expert All Posts

solving microsoft’s Print Spooler security issues

Businessmen Put the papers on the copier for copy and scanning documents papers in Office workplace.

Two zero-day vulnerabilities were discovered in Microsoft’s Print Spooler service. These new vulnerabilities accompany an old DoS vulnerability which Microsoft declared won’t be patched. The first vulnerability CVE-2020-1048, a privilege escalation

Read Post

securing Active Directory when anonymous users must have access

No name, anonymous person hiding face in shadow, human identity. Silhouette portrait of young man in casual T-shirt standing calm with hands down, indoor studio shot, isolated on pink background

Allowing unauthorized users to perform actions anonymously in your Active Directory (AD) is not recommended security-wise, but in many cases is mandatory to allow critical network activities. When this is the

Read Post

zerologon vulnerability- patching is not enough

3d illustration of a laser scanner on a fingerprint embossed.

Zerologon (CVE-2020-1472) is a vulnerability in the cryptography of Microsoft’s Netlogon process. It is rated 10 out of 10 for severity, and there are already known proof of concepts exploits and

Read Post

Ensure ‘Turn on PowerShell Script Block Logging’ is set to ‘Disabled’

CALCOM_COP02

PowerShell is a built-in scripting language and a command-line executor developed by Microsoft to provide a better interface for system administrators to simplify and automate administrative tasks. PowerShell’s power makes it

Read Post

Basic Steps for powershell attacks prevention

Isometric network security technology

PowerShell is a built-in scripting language and a command-line executor developed by Microsoft to provide a better interface for system administrators to simplify and automate administrative tasks. PowerShell’s power makes it

Read Post

The different stages of a PowerShell attack

A silhouette style illustration of a team of superheroes running to attack with sunlight in the background. Easy to edit.

PowerShell is a scripting language and a command-line executor developed by Microsoft to provide a better interface for system administrators to simplify and automate administrative tasks. Although it was developed for

Read Post

PowerShell- a risk factor or a risk mitigator?

commercial illustrator

PowerShell is a scripting language and a command-line executor developed by Microsoft to provide a better interface for system administrators to simplify and automate administrative tasks. PowerShell was launched in 2006

Read Post

CMMC, NIST 800-171, AND SERVER HARDENING- PART 2

Vector illustration of an American flag on a shield against a blue background in flat style.

In January 2020 the Department of Defense (DoD) published the Cyber Maturity Model Certification (CMMC) framework into asses and enhance the cybersecurity posture of the Defense Industrial Base (DIB). According to the DoD,

Read Post

CMMC, NIST 800-171, and server hardening- Part 1

Vector illustration of an American flag on a shield against a blue background in flat style.

In January 2020 the Department of Defense (DoD) published the Cyber Maturity Model Certification (CMMC) framework into asses and enhance the cybersecurity posture of the Defense Industrial Base (DIB). According to

Read Post

IIS: Ensure ‘deployment method retail’ is set

CALCOM_COP01

This configuration is important both for the performance and the security of the production environment.   Performance-wise, you can set the <deployment retail> to true in order to ensure that no

Read Post

Ensure ‘Turn on PowerShell Script Block Logging’ is set to ‘Disabled’

CALCOM_COP02

PowerShell is a built-in scripting language and a command-line executor developed by Microsoft to provide a better interface for system administrators to simplify and automate administrative tasks. PowerShell’s power makes it

Read Post

IIS: Ensure ‘deployment method retail’ is set

CALCOM_COP01

This configuration is important both for the performance and the security of the production environment.   Performance-wise, you can set the <deployment retail> to true in order to ensure that no

Read Post

IIS: Ensure TLS 1.0 is disabled- The Policy Expert

CALCOM_COP03

Transport Layer Security (TLS) is a cryptographic protocol designed to provide secure communication between web browsers and servers. It is used in almost every app nowadays. Many IP-based protocols such as

Read Post

Domain controller: LDAP server signing requirements

CALCOM_COP04

LDAP signing increases security in communication between LDAP clients and Active Directory domain controllers.  LDAP signing is a Simple Authentication and Security Layer (SASL) feature, as part of the LDAP protocol

Read Post

RDS: Do Not Allow Drive Redirection

CALCOM_COP02

POLICY DESCRIPTION: This policy specifies whether to prevent the mapping of client drives in a Remote Desktop Services session.   By default, an RD Session Host server maps client drives automatically

Read Post

rds: Do not allow LPT port redirection

CALCOM_COP03

Short for line printer terminal, LPT is used by IBM compatible computers as an identification for the parallel port, such as LPT1, LPT2, or LPT3. The LPT port is commonly required when installing a printer

Read Post

RDS: Do Not Allow COM Port Redirection- The Policy Expert

CALCOM_COP04

  COM port is the name of the serial port interface on IBM PC-compatible computers. It can refer not only to physical ports but also to emulated ports, such as ports created by Bluetooth or USB-to-serial adapters.   POLICY DESCRIPTION: This

Read Post

Restrict NTLM: Audit Incoming NTLM Traffic- The Policy Expert

CALCOM_COP01

NTLM is Microsoft’s old mythological authentication protocol. Although new and better authentication protocol has already been developed, NTLM is still very much in use. Basically, even the most recent Windows versions

Read Post

LAN Manager authentication level- The Policy Expert

CALCOM_COP02

  NTLM attacks are especially relevant to Active Directory environments. One of the most common attack scenarios is NTLM Relay, in which the attacker compromises one machine and then spreads laterally

Read Post

RDS: Require user authentication for remote connections by using Network Level Authentication (NLA)- The policy expert

CALCOM_COP03

POLICY DESCRIPTION: This policy setting allows you to specify whether to require user authentication for remote connections to the RD Session Host server by using Network Level Authentication (NLA). This policy

Read Post

solving microsoft’s Print Spooler security issues

Businessmen Put the papers on the copier for copy and scanning documents papers in Office workplace.

Two zero-day vulnerabilities were discovered in Microsoft’s Print Spooler service. These new vulnerabilities accompany an old DoS vulnerability which Microsoft declared won’t be patched. The first vulnerability CVE-2020-1048, a privilege escalation

Read Post

securing Active Directory when anonymous users must have access

No name, anonymous person hiding face in shadow, human identity. Silhouette portrait of young man in casual T-shirt standing calm with hands down, indoor studio shot, isolated on pink background

Allowing unauthorized users to perform actions anonymously in your Active Directory (AD) is not recommended security-wise, but in many cases is mandatory to allow critical network activities. When this is the

Read Post

zerologon vulnerability- patching is not enough

3d illustration of a laser scanner on a fingerprint embossed.

Zerologon (CVE-2020-1472) is a vulnerability in the cryptography of Microsoft’s Netlogon process. It is rated 10 out of 10 for severity, and there are already known proof of concepts exploits and

Read Post

Ensure ‘Turn on PowerShell Script Block Logging’ is set to ‘Disabled’

CALCOM_COP02

PowerShell is a built-in scripting language and a command-line executor developed by Microsoft to provide a better interface for system administrators to simplify and automate administrative tasks. PowerShell’s power makes it

Read Post

Basic Steps for powershell attacks prevention

Isometric network security technology

PowerShell is a built-in scripting language and a command-line executor developed by Microsoft to provide a better interface for system administrators to simplify and automate administrative tasks. PowerShell’s power makes it

Read Post

The different stages of a PowerShell attack

A silhouette style illustration of a team of superheroes running to attack with sunlight in the background. Easy to edit.

PowerShell is a scripting language and a command-line executor developed by Microsoft to provide a better interface for system administrators to simplify and automate administrative tasks. Although it was developed for

Read Post

PowerShell- a risk factor or a risk mitigator?

commercial illustrator

PowerShell is a scripting language and a command-line executor developed by Microsoft to provide a better interface for system administrators to simplify and automate administrative tasks. PowerShell was launched in 2006

Read Post

CMMC, NIST 800-171, AND SERVER HARDENING- PART 2

Vector illustration of an American flag on a shield against a blue background in flat style.

In January 2020 the Department of Defense (DoD) published the Cyber Maturity Model Certification (CMMC) framework into asses and enhance the cybersecurity posture of the Defense Industrial Base (DIB). According to the DoD,

Read Post

CMMC, NIST 800-171, and server hardening- Part 1

Vector illustration of an American flag on a shield against a blue background in flat style.

In January 2020 the Department of Defense (DoD) published the Cyber Maturity Model Certification (CMMC) framework into asses and enhance the cybersecurity posture of the Defense Industrial Base (DIB). According to

Read Post

IIS: Ensure ‘deployment method retail’ is set

CALCOM_COP01

This configuration is important both for the performance and the security of the production environment.   Performance-wise, you can set the <deployment retail> to true in order to ensure that no

Read Post