Is your system vulnerable to BlueKeep?

bluekeepThere was a critical exploit that was announced about two month ago. The exploit (CVE-2019-0708) is a remote wormable vulnerability in Microsoft’s RDP known as BlueKeep. This means that people with RDP services running need to patch their systems as soon as possible, unless there will be attackers trying to gain access to your networks. For a list of affected products and the security patch needed to remedy this exploit can be found here

Normally, RDP servers are only secured by simply a username and password, which could cracked easily with brute force or password cracking tools like mimikatz. Once cracked, the attacker has the ability to execute arbitrary code on the target system. Also, the attacker would have the ability to install programs; view, change, or delete data; or create new accounts with full user rights. This exploit is giving me nightmares tonight!

In order to exploit this vulnerability, an attacker will need to send special requests to the target systems Remote Desktop Service via RDP. Here is a link to an example implementation of Microsoft Windows Remote Desktop BlueKeep Denial of Service: click here and here. I am not responsible for what you use this to accomplish and should only be used for education purposes.

Some possible mitigation practices is to disable Remote Desktop Services if they are not required. Disabling unused and unneeded services help reduce exposure to security vulnerabilities. Another option is to enable Network Level Authentication (NLA) on systems running supported editions of Windows 7, Windows Server 2008, and Windows Server 2008 R2. The last option is to block or only allow certain host to go through TCP port 3389 (for RDP) at the enterprise perimeter firewall. 




CCNA Security Certified


I am excited to write this post, finally! I passed my CCNA Security Exam – Implementing Cisco Network Security (210-260). I started studying around Summer of 2018 with reading the CCNA Security Official Certified Guide. I read this document for about two or three months getting halfway through that thick lexicon of security terms. If you have read my previous post about me getting my VCP-DCV6.5 certification and keeping up with my new role at Trend Micro. So far, I have not been on track for what I wanted to do originally. However, I am thankful because I am a network professional who demonstrates the skills required to develop a security infrastructure, recognize threats and vulnerabilities to networks, and mitigate security threats.

You are probably thinking, you just ONLY read the OCG!? The answer to that question is simply no. I used various mediums to get the knowledge needed. To start, purchase the “31 days until the CCNA security exam” and the “CCNA portable commands guide”. I used these two books religiously through my studies. Going through 31 days until the CCNA security exam book was the most helpful in understanding what I needed to know for the exam. Note that this book is not the only thing you need to do.

Another aspect of my studies was actually getting my hands wet with the Cisco Firewall Adaptive Security Appliance 5505. I was able to use the ASDM which was necessary for this exam. Also, I configured different features on firewalls, routers and switched that were outlined in the books I mentioned above. People say that you can use GNS3, but I always have a hard time getting the application to work properly. Doing it with a physical device will work fine.

Make sure to go through all the supplemental resources that are given in 31 days until the CCNA Security exam. I love that this book gives extra resources to go and get more information when confused about something. The key is to get a lot of information from a lot of different places.

The week leading up to the exam, I studied my butt off looking for exam dumps that had sample questions. Luckily, I found this youtube video and it saved me on a couple of questions on the exam. I am glad that I took my time and answered everything within time to leave with around 20 minutes left. I was stressing when I got my results. 870 out of 1000. Ten points away from having to pay another $300 to get this certification. Thank God Almighty!

Overall, this test was stressful since I was reading comments about people barely passing on Reddit and didn’t want to be one of those people. I needed to pass the first time. That is why it took me so long to actually get my confidence up to schedule the exam. So now, I want to continue my quest by getting my CCNP Security certification before the Cert Apocolyse happens on 2/23/2020. I plan on finishing this certification sometime before the end of the year, so stay tuned on my journey to become an Information Security engineer.