security Archives

Home » security » Page 6

How you view message headers in Outlook

Dave Farquhar Office, security July 19, 2021July 18, 2021

Viewing message headers is helpful for troubleshooting, and also making sure you’re not getting phished. Microsoft moved things around in recent versions of Outlook, so here’s how to view message headers in Outlook–the current version.

Dave Farquhar

David Farquhar is a computer security professional, entrepreneur, and author. He started his career as a part-time computer technician in 1994, worked his way up to system administrator by 1997, and has specialized in vulnerability management since 2013. He invests in real estate on the side and his hobbies include O gauge trains, baseball cards, and retro computers and video games. A University of Missouri graduate, he holds CISSP and Security+ certifications. He lives in St. Louis with his family.

dfarq.homeip.net

What does the Qualys cloud agent do?

Dave Farquhar security July 14, 2021July 11, 2021

If you work in a corporate environment, there’s a chance you see something called the Qualys Cloud Agent running on your computer. And information about this mysterious agent can be hard to come by? What does the Qualys cloud agent do? How does it work? I’m glad you asked.

Dave Farquhar

dfarq.homeip.net

Force a Qualys Cloud Agent scan

Dave Farquhar security July 7, 2021March 15, 2022

Unlike its leading competitor, the Qualys Cloud Agent scans automatically. This means you don’t have to schedule scans, which is good, but it also means the Qualys agent essentially has free will. The latest results may or may not show up as quickly as you’d like. How to initiate an agent scan on demand was easily the most frequent question I got during the five years I supported Qualys for a living. Here’s how to force a Qualys Cloud Agent scan.

You can force a Qualys Cloud Agent scan on Windows by toggling a registry key, or from Linux or Mac OS X by running the cloudagentctl.sh shell script.

Dave Farquhar

dfarq.homeip.net

Iterate over a CSV in Python and Pandas

Dave Farquhar security June 16, 2021October 22, 2022

I frequently get data in CSV or Excel format, which I then have to use to deploy a vulnerability management solution like Tenable or Qualys. I use Pandas to process this data, which usually involves iterating each row of the dataframe in Pandas. It abuses Pandas. But it works. Yes, it’s a hack. I don’t care.

Dave Farquhar

dfarq.homeip.net

Qualys vulnerability vs discovery scan

Dave Farquhar security June 14, 2021May 22, 2021

One of my most frequent topics of discussion in my time as a vulnerability management architect was the question of a Qualys vulnerability vs discovery scan. It’s especially confusing because Qualys is completely silent on the topic. There’s a reason for that. Let’s talk about the types of Qualys scans and what they can do for you.

Officially, Qualys discovery scans don’t exist. That said, you can implement something very close to what Qualys’ competitors call a discovery scan, and reap numerous benefits from it.

Dave Farquhar

dfarq.homeip.net

What to do if you can’t scan your whole network

Dave Farquhar security June 11, 2021September 15, 2023

A former colleague contacted me some time ago with an interesting conundrum. I thought his problem in the solution would be worth sharing, because it’s not at all uncommon. He manages a network of, let’s say, 22,000 computers. But he has licenses to scan 8,800 of them. The question is, what can he do?

Dave Farquhar

dfarq.homeip.net

How to read a Nessus scan report

Dave Farquhar security June 9, 2021September 15, 2023

Reading and analyzing a Nessus vulnerability scanner report is an underrated skill. Frankly, I see a lot of misuse and abuse surrounding Nessus scans. So let’s talk about how to read and analyze a Nessus scan for the purpose of understanding and solving problems.

You can read it in the user interface but I recommend exporting a CSV so you can sort and filter. The exact CSV format has changed a bit over the years so they may not be in this exact order. But this will get you started. The most important columns are all here. You’ll find it very similar to reading a Qualys scan report.

For reference, I used the sample file here: https://github.com/derekmorr/nessus-csv/blob/master/nessus_test.csv

Dave Farquhar

dfarq.homeip.net

Lockheed Martin Cyber Kill Chain explained

Dave Farquhar security June 9, 2021January 26, 2022

The Lockheed Martin Cyber Kill Chain is a popular model in information security. The model illustrates the typical cyber attack. Like the CIA triad, the Cyber Kill Chain is a fundamental concept that helps people understand what motivates security professionals. Understanding it and being able to explain it makes us more effective at our jobs.

Here’s an explanation of the Cyber Kill Chain, along with a couple of examples, one real, and one imagined.

Dave Farquhar

dfarq.homeip.net

How to choose a VPN service

Dave Farquhar security June 8, 2021June 5, 2021

Someone asked me to recommend a VPN service. Since I’m a security professional, I’m supposed to know how to evaluate things like that. But that question makes me very uncomfortable, for reasons I’ll explain in a bit. I’d rather tell you what to look for so you can choose one. So here’s how to choose a VPN service.

Dave Farquhar

dfarq.homeip.net

Vulnerabilities without CVE

Dave Farquhar security June 3, 2021September 15, 2023

I had a discussion with somebody this week about vulnerabilities that don’t have CVEs. I learned from this conversation that there are a lot of misconceptions about those. So let’s talk about vulnerabilities without CVEs, and what to do about them.

Dave Farquhar

dfarq.homeip.net