Antivirus - Sophos Audit Logs 90 days retention and SIEM integration

Sophos has 90 days Administrative Audit logs retention limit.

This limit could be overrided configuring  SIEM Tool.

Here they are relative articles

https://www.sophos.com/en-us/legal/sophos-central

https://support.sophos.com/support/s/article/KB-000036372?language=en_US

Antivirus - Sophos Ideas

I am taking note, on blog, about link where you might request new Sophos Features to be implemented

https://ideas.sophos.com/

Security - Wipe Tools

On blog was already published, some articles, mentioning several wipe tools:

Programma - HardWipe bonificare un Hard disk e cancellare i propri dati

USB Live - Creare una USB autoavviante per fare il WIPE di un Hard Disk 

Privacy - Two tools to completely wipe data and create USB/CD Live 


An alternative wipe tool could be using ABAN 

(ABAN’s name is inspired by Darik’s Boot and Nuke, an older (and unfortunately no longer maintained) program that does something very similar. But but other than that, it's completely unrelated.)

https://aban.derobert.net/

https://gitlab.com/derobert/aban

You can burn it using RUFUS

Here it is an old blog article (that mentioned RUFUS too):

https://www.alessandromazzanti.com/2015/04/microsoft-free-download-link-windows-81.html

Monitor - Syslog using PRTG or Kiwi Syslog Server

On old blog article I already mentioned several monitoring/security tools

I am highlighting Kiwi Syslog Server that permit to:

  1. Centrally manage syslog messages, snmp traps and windows Event logs.
  2. Store and archive logs, receive promptly alerts based on critical events.
  3. Respornd to syslog messages
  4. Email alerting
  5. Diagnose network issues

Freeware - SolarWinds All Free Network/System/Security/DB/clients monitoring tools

<==============>

About configuring Kiwi Syslog on Cisco devices, here it is a small guide/tutorial

Kiwi Syslog Server Getting Started Guide

About configuring Syslog, on Cisco ASA, you can review this guide:

ASA Syslog Configuration Example

<==============>

At the same time I would like to mention that PRTG (free up to 100 sensors) has possibility to use sensor acting as syslog server

https://www.solarwinds.com/kiwi-syslog-server/use-cases/network-troubleshooting

Here they are old PRTG blog articles

Server - PRTG Network Monitor Tool

Monitoring - PRTG monitors freeware version until 100 sensors

Security - Radius Server

 Here it is a basic article related to Radius protocol, I am taking note, on blog, for future purposes and, in case, it would be useful for seomeone


https://techgenix.com/radius-protocol-authentication-management-guide/

Antivirus - Sophos Message Relay/Cache Manager #FIREWALL PORTS

Sophos Central endpoints has possibility, to update themselves, or send messages status, to a LAN server (that operate as Sophos Update Cache and Message Relay)

Alternatively Endpoints updates, themselves, to internet.

Here they are ports that are necessary to be opened (to permit previously behaviors)

https://support.sophos.com/support/s/article/KB-000035367?language=en_US

Tips - Webex Cache cleaning procedure

There is an easy and quick procedure necessary , to be done, to clear Cisco Webex Cache. 

It is really easy, but, in any case, I take note, about it, on blog.

Be aware that, on Citrix Environment, you should add, this path, to Exclusions list - folders that you should not syncronize (using Roaming profiles) (avoiding, in this case, to waste time during login and wasting disk space as well)

https://help.webex.com/en-us/article/WBX9000035301/How-Do-I-Clear-the-Cache-for-Cisco-Webex-Meetings-on-Windows?

Windows 10 - Autologon

On previous article we explained how to configure XP/Windows 7 autologon (without user and password request)

https://www.alessandromazzanti.com/2013/02/tips-abilitare-autologon-in-windows.html


Using Windows 10 situation is slightly different:



Related Articles:








Teams - How to disable message reading acknowledgement

On teams, there is possibility, like on WhatsApp, to disable message reading acknowledgement/read receipt, here it is relative setting:



More details:

https://www.addictivetips.com/web-conferencing/microsoft-teams-read-receipts/