Secure Your Clients by Disabling SSL

At this point SSLv3 is somewhat old news, but there are still businesses that have SSLv3 (and worse, sometimes SSLv2) accepted on their client machines, this can lead to a multitude of security vulnerabilities that can be easily exploited (i.e. POODLE). The purpose of this post is to show you how to disable the insecure protocols on standalone workstations or via Group Policy if you are on a corporate network with a domain controller.

Continue reading “Secure Your Clients by Disabling SSL”

Force JS Files to Open in Notepad

This post will cover how to change Folder options via Group Policy to force JavaScript (JS/JSE) files to open in Notepad instead of being executed on the workstation. The reasoning behind this is because JS files can potentially be malicious, and JS files can be executed simply be double-clicking on them. This method will make it so that JS files will never be executed accidentally.

Continue reading “Force JS Files to Open in Notepad”

Introduction

First of all, I’d like to welcome you to my blog. Obviously you’ve come here for some reason, that likely being your want or need for facts or opinions on Information Security (InfoSec). Well, you have come to the right place.

Now let me provide an introduction: My name is James Montour, I am a Systems Administrator that presently works for a financial institution. I’ve worked as a Systems Administrator officially for just about 2 years now, with miscellaneous IT work done prior. I technically have no formal IT education, with the exception of a Computer Programming certificate I received… Funnily enough, my two degrees are actually both in Video Production. Everything that I know in terms of IT, InfoSec, etc. has been self taught. Just to add some extra context to the information that I will be posting here, I run a primarily Windows dominated corporate network, with a few Linux servers for things like documentation, knowledge base, and network monitoring.

The purpose of this blog is to share my knowledge and experiences relating to creating, operating, and maintaining a Windows-based corporate network. The primary topics I will cover are security hardening, group policy, active directory management, and general best practices. If these things sound interesting to you, then you are in the right place.

Enjoy!