Information Security and Network Awareness

Hurricane Labs

Subscribe to Hurricane Labs: eMailAlertsEmail Alerts
Get Hurricane Labs: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn


Latest Blogs from Hurricane Labs
Your Intrusion Detection System (IDS) fires off an alert implying that your Domain Controller may have been compromised by malware XYZ and your network logs show connections with fifteen other hosts on your network. Where do you turn for help? … Continue reading →
When organizations think about moving their Splunk implementation to the Cloud, there are a couple of pain points that they encounter. For starters, LDAP Authentication. In this article, we’re not going to address that issue, as there aren’t currently any … Continue reading ͛...
Before you go and try to fix a problem, it’s important to find out exactly what the problem is. This is something that seems to be getting harder and harder these days, especially when it comes to cryptography. Why am … Continue reading →
Hurricane Labs has recently had the opportunity to give back to some of our local classrooms here in the Cleveland area. Empowering students has been a positive reminder about how important local community involvement truly is and why we’re hopeful … Continue reading →...
Splunk has many compelling features. For me, the most advantageous features are often the built-in capabilities that allow users to make use of the data being fed into Splunk. A long-time favorite has been Splunk’s data visualization modules, specifically, geostats. Geostats can …...
Are you interested in learning how to create a bootable USB drive for the unattended install and configuration of a Check Point compliance firewall? In this screencast, Hurricane Labs’ Adam Army will walk you through this method, including what is required and … Continue re...
Conferences in our industry tend to have varying reactions from different people. Depending on your role, personality type, and outlook, they can either be extremely valuable or something you tend to avoid at all costs. In my opinion, above all … Continue reading →
Since the beginning of time as we know it… Well, maybe not that long ago, but for a while now, there have been Internet Browsers. And where there are browsers there are vulnerabilities, software security patches, new versions – rinse, … Continue reading →
The simple answer is because it’s impossible to “get a grip” on cybersecurity. Recently, I was asked (*in a mild tone of irritation*), “Why is it that our government can’t seem to deal with this?” ‘This’ being the inability to … Con...
Basically, Password Strength Doesn’t Matter The other day a friend of mine decided that it should be International Password Awareness Day. What an amazing idea and what should be the start of a movement for better passwords everywhere. “I am … Continue reading →
I’m going to tell you a little story about myself that might come as a surprise to those of you who know me. For those of you who don’t, yes ladies and gentlemen, I’m a giant nerd, might as well … Continue reading →
Splunk 6.3 was released this year at .conf, Splunk’s annual conference. Some of the new features were expected, including faster performance, scheduler improvements, and so forth, along with others that were interesting and impressive, even though they may not have … Continue rea...
In this screencast, one of Hurricane Labs’ Splunk Administrators and Security Operations Analysts, Jeremy Nenadal walks you through a “How-To” for turning a Universal Forwarder into a Heavy Forwarder in Splunk. Performing this upgrade can be beneficial to your organiz...
Let me begin by making one thing very clear… Something can be a REALLY good idea, and still be wrong. These two things are NOT mutually exclusive. The world of “security research” has recently begun overflowing with a sense of … Continue reading →
Deploying Check Point firewalls is a common task for the Operations team at Hurricane Labs. Whether it is a customer with a fresh installation, a new acquisition at a remote location, or replacing an existing solution, it all begins with … Continue reading →
Time to Fortify Our Senses and Steer Clear of the SIEM Sharks I’ve been adventuring in the SIEMs for some time now, learning what I can and striving to be successful across both management and consultative realms. Over the course … Continue reading →
As a recent graduate, and now professor in the University of Connecticut's Business Analytics and Project Management masters program, I have a lot of conversations surrounding the topic of "Big Data" and questions such as, "What does that term actually mean?" Big Data is a fairly new ...
  It’s time to take control of your threat landscape by increasing visibility and minimizing your attack surface. The chunks of untouched data floating around your network can be collected and correlated to establish intelligence and reduce uncertainty in your environment. H...
  “We’ve learned that when security is done right, it’s done as a community.” -Heather Adkins, Director of Information Security, Google   Unity Leads To Victory… A major contributor to security success is individuals’ willingness to work to...
Part 1 and Part 2 of the “Splunk Custom Modal View Creation” tutorial, have finally lead us to the point where we are able to add the final functionality to the modal view in Splunk. In this step I will … Continue reading →
In Part 1 of this tutorial, which you can view here, I walked you through how to get started and on your way to building out a modal view in Splunk. Part 2 of the tutorial will take the next step in continuing … Continue reading →
I was recently working on a Splunk dashboard, and I ran into a particular case where there were multiple pivots that could occur across several table links. Situations like this can lead to a confusing user experience, to say the least, because … Continue reading →
Imagine you are wanting to check the progress of a bunch of searches and you need a separate [crayon-55a7f165acd91388448301-i/] event for each one. This would become very lengthy and increase the risk of error, which of course you want to avoid if possible. This is where modules come i...
If you’ve ever had a dashboard in Splunk that includes searches with errors, you’ll notice a little icon popup that alerts you of an error message. From a user standpoint, this little popup may not make it completely obvious that an error is being outputted. This can be ...
Although File Transfer Protocol (FTP) is easy to set up, fast, and a widely-used way to transmit files between two remote hosts, it has the downside of being an insecure protocol. Sometimes FTP is okay for files that aren’t as … Continue reading →
Splunk is great at keeping plain-text passwords out of configuration files. Each Splunk server generates its own salt when it starts for the first time. So, this means the encrypted password can’t just be copied to another Splunk server. However, … Continue reading →
As a whole, user education and security awareness is broken in its current state. We need to strengthen our weakest link… the user. This is, of course, something easier said than done. So, how can we go about doing this? … Continue reading →
Okay, so maybe not exactly, but the recent information security reports of Dyre Wolf bring to mind the family crest from Game of Thrones, as well as their family motto, “Winter is Coming.” In a recent report by IBM Managed … Continue reading →
Basically the Target attack, as I understand it anyway, was to get malware on point-of-sale systems – exfiltrate data. Does that sound familiar? It should, it’s basically how every breach has ever occurred. Sure you can replace malware with SQL … Continue reading →The...
I have been in IT a really long time with an interest in technology that far predates my career, think Commodore and Atari, and every expert I’ve ever met had exactly one thing in common. They are all narrow minded. … Continue reading →The post Beware The Expert IT Security...
Many of the mid to high-end Check Point appliances feature a built in LCD display and control panel. When an appliance is booted up, the display will show the appliance model and the Check Point logo, as pictured. The LCD and control panel … Continue reading →The post Check...
December 19th, 2013 marked 10 years of successful business for Hurricane Labs. In honor of the occasion, the company will celebrate January 8th at their “10th Anniversary Celebration Lunch” with selected employees and clients. Hurricane Labs, founded in 2003 by … Continue reading...
It’s been a busy year in the information security industry. We saw several breaches this year and heard much talk around “cyber warfare”.  Some three-letter agencies have been in the news with spying, wiretapping, and hacks.  In the beginning of … Continue reading →The post...
A brief tale of two PCs for Holiday Tech-Support. A relative with a Windows machine v. a relative with an Ubuntu machine. Which one did I have to troubleshoot? Relative 1 This machine had dropped its wireless connection inexplicably. Wired … Continue reading →The post Holid...
Introduction In Splunk there are a number of ways to “add knowledge”, as they call it, to your incoming data. You can tag a host with an arbitrary text block to identify it some way. For example, hostxyz.xyzcorp.com could be … Continue reading →The post The Tagging Of The S...
In our office, the need for up-to-date information regarding the operations and upkeep of live equipment is a source of major importance for our system administrators. As malfunctions can lead to a wide breadth of issues such as delayed response … Continue reading →The post...
In our office, the need for up-to-date information regarding the operations and upkeep of live equipment is a source of major importance for our system administrators. As malfunctions can lead to a wide breadth of issues such as delayed response … Continue reading →
The custom User model is a new feature in Django 1.5. Before this version, applications that wanted to use Django’s [crayon-525722d1c2ecd026582934-i/]  framework had to use Django’s provided User model and a custom Profile model to extend it. In this new version you are … Continu...
The custom User model is a new feature in Django 1.5. Before this version, applications that wanted to use Django’s [crayon-527c96b7e5f9f864665923-i/]  framework had to use Django’s provided User model and a custom Profile model to extend it. In this new version you are … Continu...
There are four ways to get data from a host to Icinga. The first is to use an agent, something like NRPE on *nix systems or NSClient++ on Windows based systems. The second way is to pull the data from … Continue reading →The post Icinga and Agentless Monitoring appeared fir...