Calcom Blog

New Posts Policy Expert All Posts

How to use IIS Request Filtering Rules to Block SQL Injection attacks:

Businessman out from a computer with a shield - Business concept vector

Organizations’ database is an important asset, making it very attractive for attackers to target. SQL Injection is one of the most well-known, and painful attack vectors used against organizations’ databases.  

Read Post

IIS: Ensure TLS 1.0 is disabled- The Policy Expert

CALCOM_COP03

Transport Layer Security (TLS) is a cryptographic protocol designed to provide secure communication between web browsers and servers. It is used in almost every app nowadays. Many IP-based protocols such as

Read Post

IIS 10 hardening: 6 configurations changes to harden IIS 10 web server

Search engine research and debugging

The IIS web server provides the frontline to your Web site, providing authentication options and Web permissions.   IIS integrates into the server’s security model and operating systems services such as

Read Post

CMMC Baseline Hardening Requirements Compared to the CIS Controls

CMMC CIS

In January 2020 the DoD published the Cyber Maturity Model Certification (CMMC) framework in order to assess and enhance the cybersecurity posture of the Defense Industrial Base (DIB). Every prime and

Read Post

Unsigned LDAP Channel Binding Attacks- How to Mitigate Without Breaking Production:

unsigned ldap channel binding

On March 2020 Microsoft published a patch that supposes to help prevent unsigned LDAP channel binding attacks on Domain Controllers (DC). In this article, we’ll dive into the attack and what

Read Post

Webinar: Windows 2019 Hardening: Ensuring CIS compliance while avoiding production outages.

Windows 2019 Hardening wheels

One of the biggest challenges in server hardening is to ensure that your hardening actions won’t damage the organization’s production. If that wasn’t hard enough, it needs to be done in

Read Post

Preventing LDAP Reconnaissance- The First Step of AD Attacks

LDAP reconnaissance

Due to the architecture of Active Directory, once a domain-joined computer is breached, the attacker is able to map the network, locate sensitive accounts and assets, and estimate vulnerabilities. The process

Read Post

Domain controller: LDAP server signing requirements

CALCOM_COP04

LDAP signing increases security in communication between LDAP clients and Active Directory domain controllers.  LDAP signing is a Simple Authentication and Security Layer (SASL) feature, as part of the LDAP protocol

Read Post

Why NTLMv1 will always be vulnerable to NTLM Relay attacks

Why NTLMv1 will always be vulnerable to NTLM Relay attacks

NTLM is one of the most iconic and common attacks on Active Directory environments. In this attack, the attacker (Relayer) captures an authentication and pass it to their desired server. This

Read Post

Ryuk Ransomware is Targeting Hospitals

Ryuk Hospitals

The Ryuk ransomware operators continue to target hospitals despite the Corona Virus and the massive loads they have to cope with. According to BleepingComputer, only two of the ransomware groups they’ve

Read Post

IIS: Ensure TLS 1.0 is disabled- The Policy Expert

CALCOM_COP03

Transport Layer Security (TLS) is a cryptographic protocol designed to provide secure communication between web browsers and servers. It is used in almost every app nowadays. Many IP-based protocols such as

Read Post

Domain controller: LDAP server signing requirements

CALCOM_COP04

LDAP signing increases security in communication between LDAP clients and Active Directory domain controllers.  LDAP signing is a Simple Authentication and Security Layer (SASL) feature, as part of the LDAP protocol

Read Post

RDS: Do Not Allow Drive Redirection

CALCOM_COP02

POLICY DESCRIPTION: This policy specifies whether to prevent the mapping of client drives in a Remote Desktop Services session.   By default, an RD Session Host server maps client drives automatically

Read Post

rds: Do not allow LPT port redirection

CALCOM_COP03

Short for line printer terminal, LPT is used by IBM compatible computers as an identification for the parallel port, such as LPT1, LPT2, or LPT3. The LPT port is commonly required when installing a printer

Read Post

RDS: Do Not Allow COM Port Redirection- The Policy Expert

CALCOM_COP04

  COM port is the name of the serial port interface on IBM PC-compatible computers. It can refer not only to physical ports but also to emulated ports, such as ports created by Bluetooth or USB-to-serial adapters.   POLICY DESCRIPTION: This

Read Post

Restrict NTLM: Audit Incoming NTLM Traffic- The Policy Expert

CALCOM_COP01

NTLM is Microsoft’s old mythological authentication protocol. Although new and better authentication protocol has already been developed, NTLM is still very much in use. Basically, even the most recent Windows versions

Read Post

LAN Manager authentication level- The Policy Expert

CALCOM_COP02

  NTLM attacks are especially relevant to Active Directory environments. One of the most common attack scenarios is NTLM Relay, in which the attacker compromises one machine and then spreads laterally

Read Post

RDS: Require user authentication for remote connections by using Network Level Authentication (NLA)- The policy expert

CALCOM_COP03

POLICY DESCRIPTION: This policy setting allows you to specify whether to require user authentication for remote connections to the RD Session Host server by using Network Level Authentication (NLA). This policy

Read Post

RDS: Do not allow supported Plug and Play device redirection- The policy expert

CALCOM_COP04

POLICY DESCRIPTION: This policy setting allows you to control the redirection of supported Plug and Play devices, such as Windows Portable Devices, to the remote computer in a Remote Desktop Services

Read Post

MSS: (DisableIPSourceRouting) IP source routing protection level (protect against packet spoofing)- The Policy Expert

CALCOM_COP02

Configuring this value in the most secure fashion can help to lower the risk for DOS attacks via packet spoofing. The objective of this kind of attack is to flood the

Read Post

How to use IIS Request Filtering Rules to Block SQL Injection attacks:

Businessman out from a computer with a shield - Business concept vector

Organizations’ database is an important asset, making it very attractive for attackers to target. SQL Injection is one of the most well-known, and painful attack vectors used against organizations’ databases.  

Read Post

IIS: Ensure TLS 1.0 is disabled- The Policy Expert

CALCOM_COP03

Transport Layer Security (TLS) is a cryptographic protocol designed to provide secure communication between web browsers and servers. It is used in almost every app nowadays. Many IP-based protocols such as

Read Post

IIS 10 hardening: 6 configurations changes to harden IIS 10 web server

Search engine research and debugging

The IIS web server provides the frontline to your Web site, providing authentication options and Web permissions.   IIS integrates into the server’s security model and operating systems services such as

Read Post

CMMC Baseline Hardening Requirements Compared to the CIS Controls

CMMC CIS

In January 2020 the DoD published the Cyber Maturity Model Certification (CMMC) framework in order to assess and enhance the cybersecurity posture of the Defense Industrial Base (DIB). Every prime and

Read Post

Unsigned LDAP Channel Binding Attacks- How to Mitigate Without Breaking Production:

unsigned ldap channel binding

On March 2020 Microsoft published a patch that supposes to help prevent unsigned LDAP channel binding attacks on Domain Controllers (DC). In this article, we’ll dive into the attack and what

Read Post

Webinar: Windows 2019 Hardening: Ensuring CIS compliance while avoiding production outages.

Windows 2019 Hardening wheels

One of the biggest challenges in server hardening is to ensure that your hardening actions won’t damage the organization’s production. If that wasn’t hard enough, it needs to be done in

Read Post

Preventing LDAP Reconnaissance- The First Step of AD Attacks

LDAP reconnaissance

Due to the architecture of Active Directory, once a domain-joined computer is breached, the attacker is able to map the network, locate sensitive accounts and assets, and estimate vulnerabilities. The process

Read Post

Domain controller: LDAP server signing requirements

CALCOM_COP04

LDAP signing increases security in communication between LDAP clients and Active Directory domain controllers.  LDAP signing is a Simple Authentication and Security Layer (SASL) feature, as part of the LDAP protocol

Read Post

Why NTLMv1 will always be vulnerable to NTLM Relay attacks

Why NTLMv1 will always be vulnerable to NTLM Relay attacks

NTLM is one of the most iconic and common attacks on Active Directory environments. In this attack, the attacker (Relayer) captures an authentication and pass it to their desired server. This

Read Post

Ryuk Ransomware is Targeting Hospitals

Ryuk Hospitals

The Ryuk ransomware operators continue to target hospitals despite the Corona Virus and the massive loads they have to cope with. According to BleepingComputer, only two of the ransomware groups they’ve

Read Post