Calcom Blog

New Posts Policy Expert All Posts

Ryuk Ransomware is Targeting Hospitals

Ryuk Hospitals

The Ryuk ransomware operators continue to target hospitals despite the Corona Virus and the massive loads they have to cope with. According to BleepingComputer, only two of the ransomware groups they’ve

Read Post

remote connection from a server hardening perspective

hardeni remote connction

The new reality demands from organizations to be creative to continue running the business. Having the ability to allow employees to work from home is becoming essential for business survival. Even

Read Post

Mitigating Type 1 Font Parsing Remote Code Execution Vulnerability for Windows

SAN FRANCISCO, CA JULY 1, 2018: Entrance to Adobe San Francisco office location in historic Baker and Hamilton warehouse

A new critical vulnerability in Microsoft Adobe Type Manager Library was discovered after investigating several Windows 7 based attacks. Microsoft is aware of this issue but hasn’t published any update to

Read Post

TrickBot RDP Brute Force Attack

trickbot rdp brute force

A new module in the known TrickBot attack is now is discovered. The new development allows attackers to leverage compromised systems and launch a brute force attack against Windows systems running

Read Post

RDS: Do Not Allow Drive Redirection

CALCOM_COP02

POLICY DESCRIPTION: This policy specifies whether to prevent the mapping of client drives in a Remote Desktop Services session.   By default, an RD Session Host server maps client drives automatically

Read Post

SQL server attacks: mechanisms you must know

sql server attacks new

SQL server attacks are one of the most painful attacks organizations can suffer from. Organizations’ database is one of their softest spots, resulting in it being an attractive target of attackers.

Read Post

CIS 5th Control : Secure Configuration for Hardware and Software on Mobile Devices, Laptops, Workstations, and Servers

cis 5th control

In April 2019 the Center for Internet Security published version 7.1 of the 20 CIS Controls. Like in the previous versions, the controls are divided into basic controls, foundational and organizational.

Read Post

rds: Do not allow LPT port redirection

CALCOM_COP03

Short for line printer terminal, LPT is used by IBM compatible computers as an identification for the parallel port, such as LPT1, LPT2, or LPT3. The LPT port is commonly required when installing a printer

Read Post

Windows RDP Server Hardening Guide

Alphabet letter block in word ASAP (Abbreviation of as soon as possible) on wood background

RDP has been dominating the headlines in the last few months with some of the most harmful vulnerabilities. But first of all, let’s fully understand RDS, its functions, and its structure.

Read Post

NIST 800-53 Server Hardening perspective

A confused businessman stares at a scribble design that is painted on a wall.  It represents the confusion and stress that some people feel in everyday life. He is looking up while standing with his back to the camera.

Many organizations approach us with the request to be NIST 800-53 compliant, not fully understanding what that really means. Well, it is not their fault, as it is really easy to

Read Post

RDS: Do Not Allow Drive Redirection

CALCOM_COP02

POLICY DESCRIPTION: This policy specifies whether to prevent the mapping of client drives in a Remote Desktop Services session.   By default, an RD Session Host server maps client drives automatically

Read Post

rds: Do not allow LPT port redirection

CALCOM_COP03

Short for line printer terminal, LPT is used by IBM compatible computers as an identification for the parallel port, such as LPT1, LPT2, or LPT3. The LPT port is commonly required when installing a printer

Read Post

RDS: Do Not Allow COM Port Redirection- The Policy Expert

CALCOM_COP04

  COM port is the name of the serial port interface on IBM PC-compatible computers. It can refer not only to physical ports but also to emulated ports, such as ports created by Bluetooth or USB-to-serial adapters.   POLICY DESCRIPTION: This

Read Post

Restrict NTLM: Audit Incoming NTLM Traffic- The Policy Expert

CALCOM_COP01

NTLM is Microsoft’s old mythological authentication protocol. Although new and better authentication protocol has already been developed, NTLM is still very much in use. Basically, even the most recent Windows versions

Read Post

LAN Manager authentication level- The Policy Expert

CALCOM_COP02

NTLM attacks are especially relevant to Active Directory environments. One of the most common attack scenarios is NTLM Relay, where the attacker compromises one machine and then spreads laterally to other

Read Post

RDS: Require user authentication for remote connections by using Network Level Authentication (NLA)- The policy expert

CALCOM_COP03

POLICY DESCRIPTION: This policy setting allows you to specify whether to require user authentication for remote connections to the RD Session Host server by using Network Level Authentication (NLA). This policy

Read Post

RDS: Do not allow supported Plug and Play device redirection- The policy expert

CALCOM_COP04

POLICY DESCRIPTION: This policy setting allows you to control the redirection of supported Plug and Play devices, such as Windows Portable Devices, to the remote computer in a Remote Desktop Services

Read Post

MSS: (DisableIPSourceRouting) IP source routing protection level (protect against packet spoofing)- The Policy Expert

CALCOM_COP02

Configuring this value in the most secure fashion can help to lower the risk for DOS attacks via packet spoofing. The objective of this kind of attack is to flood the

Read Post

RDS: Do not allow clipboard redirection- The Policy Expert

CALCOM_COP01

POLICY DESCRIPTION: Specifies whether to prevent the sharing of clipboard contents (clipboard redirection) between a remote computer and a client computer during a Remote Desktop Services session. You can use this setting

Read Post

Configuring Maximum Security Log Size- The Policy Expert

CALCOM_COP03

Maximum log size should be set to any kind of event logs, as part of your security policy. This configuration’s value is highly important for detecting attacks and investigating their source.

Read Post

Ryuk Ransomware is Targeting Hospitals

Ryuk Hospitals

The Ryuk ransomware operators continue to target hospitals despite the Corona Virus and the massive loads they have to cope with. According to BleepingComputer, only two of the ransomware groups they’ve

Read Post

remote connection from a server hardening perspective

hardeni remote connction

The new reality demands from organizations to be creative to continue running the business. Having the ability to allow employees to work from home is becoming essential for business survival. Even

Read Post

Mitigating Type 1 Font Parsing Remote Code Execution Vulnerability for Windows

SAN FRANCISCO, CA JULY 1, 2018: Entrance to Adobe San Francisco office location in historic Baker and Hamilton warehouse

A new critical vulnerability in Microsoft Adobe Type Manager Library was discovered after investigating several Windows 7 based attacks. Microsoft is aware of this issue but hasn’t published any update to

Read Post

TrickBot RDP Brute Force Attack

trickbot rdp brute force

A new module in the known TrickBot attack is now is discovered. The new development allows attackers to leverage compromised systems and launch a brute force attack against Windows systems running

Read Post

RDS: Do Not Allow Drive Redirection

CALCOM_COP02

POLICY DESCRIPTION: This policy specifies whether to prevent the mapping of client drives in a Remote Desktop Services session.   By default, an RD Session Host server maps client drives automatically

Read Post

SQL server attacks: mechanisms you must know

sql server attacks new

SQL server attacks are one of the most painful attacks organizations can suffer from. Organizations’ database is one of their softest spots, resulting in it being an attractive target of attackers.

Read Post

CIS 5th Control : Secure Configuration for Hardware and Software on Mobile Devices, Laptops, Workstations, and Servers

cis 5th control

In April 2019 the Center for Internet Security published version 7.1 of the 20 CIS Controls. Like in the previous versions, the controls are divided into basic controls, foundational and organizational.

Read Post

rds: Do not allow LPT port redirection

CALCOM_COP03

Short for line printer terminal, LPT is used by IBM compatible computers as an identification for the parallel port, such as LPT1, LPT2, or LPT3. The LPT port is commonly required when installing a printer

Read Post

Windows RDP Server Hardening Guide

Alphabet letter block in word ASAP (Abbreviation of as soon as possible) on wood background

RDP has been dominating the headlines in the last few months with some of the most harmful vulnerabilities. But first of all, let’s fully understand RDS, its functions, and its structure.

Read Post

NIST 800-53 Server Hardening perspective

A confused businessman stares at a scribble design that is painted on a wall.  It represents the confusion and stress that some people feel in everyday life. He is looking up while standing with his back to the camera.

Many organizations approach us with the request to be NIST 800-53 compliant, not fully understanding what that really means. Well, it is not their fault, as it is really easy to

Read Post