Welcome back to IT Pro Tuesday!
The Microsoft 365 default security settings are simply not enough to prevent attacks. If you’re serious about your data, you need to know how to configure your tenant properly. Join this webinar with Paul Schnackenburg, author of the Microsoft 365 Security Checklist, and Microsoft MVP Andy Syrewicze, to learn about the critical security features (and some underrated features) that hit hard and immediately bolster your M365 tenant defenses. Learn more and register here.
We're looking for cool tips and tools we can share with the community... those that help you do your job better and more easily. Please reply with your latest finds, so we can help others benefit from your experience.
As always, we’re updating the full list on our website here. Enjoy.
But on with this week's tools...! Here are the most-interesting items that have come across our desks, laptops and phones this week. Hornetsecurity has no known affiliation with any of these unless we explicitly state otherwise.
A Free Tool
DNSQuerySniffer is a network sniffer utility that shows all the DNS queries being sent on your system. Displays: host name, port number, query ID, request type (A, AAAA, NS, MX, and so on), request time, response time, duration, response code, number of records, and content of the returned DNS record. Happy_Harry finds it useful "to see who is still using the DNS server I'm trying to decommission."
BurningIceTech YouTube Channel offers some great training courses on Microsoft products as well as a few featuring other vendors. Some courses are designed to help you pass an associated international certification exam, while others are aimed at general knowledge or troubleshooting. The material is presented by an internationally certified training pro with more than a decade of experience. Kindly suggested by Fluffy-Mix9834.
Another Free Tool
PrivateBin is an open-source online pastebin for absolute data privacy. Encryption/decryption occurs in the browser using 256bit AES in Galois Counter mode, so the server never has access to any of your data. gbarnick adds: "Requires hosting on something, but free open-source paste bin for sharing secure credentials, one-time burn after reading links, etc."
Some perspective from VelocityDuck on interviewing candidates to avoid screening out good people:
“[M]ost people don't interview well. It's just not something they do much, and they've never learned how to do it. So if you hit them with vague questions, they'll fall apart. Add to that: most people want the job. In some cases, they really NEED the job. That ratchets up the stress level.
I gave up asking bare technical questions. I just talk to them. And while doing so, I'm able to embed technical questions. Within a few minutes, I can tell what the person knows and also find out a lot of other things that simple technical questions won't reveal."
One More Free Tool
WSL gives you the ability to integrate Linux tools like Bash or Grep within Windows tools like PowerShell or Visual Studio Code—without the need to dual-boot. BitteringAgent explains, "I use this for SSH instead of putty+pageant along with Ansible. It's a much better experience. Plus, it's nice having a quick and easy bash console sometimes."
P.S. Bonus Free Tools
Switchmap is a Perl program that uses SNMP to gather data from your Ethernet switches and then displays that information on HTML pages. _LMZ_ appreciates it for keeping track of connected equipment: "I have SNMP enabled and a small Linux container that runs SwitchMap. It does a pull every Friday to which I can search IP’s, MAC, VLANs and get SN’s, modules, statistics."
Huginn lets you build online agents that create and consume events, propagating them along a directed graph—like a fully private version of IFTTT or Zapier. Your self-hosted agents can perform automated tasks like scanning the web for content, watching for events, and taking specific actions on your behalf. Our thanks for the suggestion go to Mintww.
Have a fantastic week and as usual, let us know any comments.