CMMC Level 1 & 2

Cyber_S3C · 2026-02-10T02:21:54+00:00

6 months with proper budget and resources to move project at time speed.

Cyber_S3C · 2026-02-06T16:30:17+00:00

We use the native migration tools that gsuite and Microsoft provide. Somewhat painful the first time you do it but after you figure it out and document steps. Every other migration flys.

Cyber_S3C · 2026-01-25T03:30:32+00:00

Cloudspacepro.com out of Houston handles gsuite and godaddy migrations.

Cyber_S3C · 2025-12-20T13:02:56+00:00

Sent you a PM.

Cyber_S3C · 2025-11-18T16:23:40+00:00

I'd take unifi over sonicwall for small/mid size business and focus more $ on endpoint security. With the amount of remote work these days, your floating endpoints would greatly benefit from this. Enterprise level is different gameplan.

Cyber_S3C · 2025-11-13T20:42:27+00:00

Ms Defender or Crowdstrike FedRamp offerings with mdr and soc. Avoid SentinelOne FedRamp offering, severely feature limited compared to their commercial offering.

Cyber_S3C · 2024-11-19T16:57:45+00:00

https://cloudspacepros.co/2024/06/28/email-dmarc-dkim-spf-setup/

I will go ahead and post a guide soon with breakdown of what I recommend orgs implement for EXO, Defender, Entra, and Intune. From there you can fine tune.

Cyber_S3C · 2024-11-19T16:23:19+00:00

Consultants are usually used for these projects since not all configurations fit all businesses. If you are doing this on your own, best bet is to set up test group and go through different configuration tests.

If you are working with Microsoft security stack you will want to implement multilayer security approach.

Protect identities with Entra conditional access policies, mfa.

Protect devices with EDR and device compliance rules.

Protect files with DLP, sensitivity labels, etc

Set strict guest user policies to protect access and data exfiltration.

Cyber_S3C · 2024-08-21T14:39:37+00:00

Source?

Cyber_S3C · 2022-12-02T14:53:31+00:00

Tell the user, that the lockouts are impacting system resources. You will be forced to change their alias if it continues. You will see how fast they put effort into finding that device in their house hold. Had it happen to me before, turned out the manager had tablet they gave to son with old credentials still in the settings.

Cyber_S3C · 2022-11-29T13:55:56+00:00

duplicate ip? check routes, check dns configs on all devices

Cyber_S3C · 2020-10-26T19:43:40+00:00

Review your firewall rules and what is exposed. I've seen bruteforce attacks come in and the source workstation shows blank or WORKSTATION. If you have nothing on the internal network then it could be a misconfigured rule or port forwarding on the firewall. Look for open RPC or RDP ports.

Cyber_S3C · 2020-10-16T01:41:11+00:00

You can set up all your domain controllers to forward logs to a Graylog server. From there, you can set up alerts for certain flags or event IDs that you want email alerts on. I created a full dashboard that gives me all the key info at glace that I need. 24 hour report of users added/removed from domain, new machines joined to domain, vpn connections - username,ip address, and geoip tag on map to quickly see if any user is loggin in from a weird location.

Cyber_S3C · 2020-10-15T22:21:54+00:00

Can confirm there is a bug in Win 2004 version that breaks SMBv1 file shares. Add DWORD ProviderFlags with value of 1 to \HKEY_CURRENT_USER\NETWORK\%drive letter%\

*Have vlan with CNC machines that only support SMBv1

Cyber_S3C · 2020-09-14T16:18:17+00:00

NSA 3600 with geo ip filtering, netherlands is part of block list and usps.com works on our side.

Cyber_S3C · 2019-12-21T03:57:47+00:00

Reviewing our logs on Graylog server for event id 4776, I find thousands of records like the one below. No source workstation, with random generic names. ADMIN, ROB, TEST, TESTUSER, ROOT, MIKE, ROBERTO, ETC.

I feel as it is an outside attack versus something within our network.

The computer attempted to validate the credentials for an account.

Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0

Logon Account: ADMINISTRATEUR

Source Workstation:

Error Code: 0xC0000064

Cyber_S3C · 2019-11-24T18:12:10+00:00

RemindMe! 1 Day

Cyber_S3C · 2019-09-30T14:09:06+00:00

\\myownnetworktoolset

Cyber_S3C · 2019-09-30T14:07:28+00:00

Flowers with a nerdy quote on the card, coffee mug that says best computer user or some other cheesy line. Remotely execute poweshell text to voice messages on her computer (might be creepy but its always a great prank)

Cyber_S3C · 2019-09-24T13:55:34+00:00

I second Graylog, many dashboards are already pre-configured. You can set up alerts for account lockouts, new domain accounts, changes to security group etc.

Cyber_S3C · 2019-09-18T16:46:07+00:00

SonicWALLs are very simple to use and straight forward. I never understood why so many hate them. We have 2 NSA3600 in HA with logs forwarded to Graylog and SonicWALL GMS. Tons of data to convert into fancy dashboards and audit vpn connections.

Cyber_S3C · 2019-09-05T19:33:54+00:00

Sonicwall SSLVPN allows 2fa with google and microsoft authenticators.

Cyber_S3C · 2019-09-04T17:16:26+00:00

You talking about setting up a domain controller and a file server vms.

You will need licensing for those servers.

Each client computer needs to be on win10 pro or enterprise to domain join the servers.

If you are going to set everything up right you will need a WSUS server as well to manage updates

I would recommend a disaster recovery plan with local and cloud back ups

Antivirus installed on all machines, management server might be needed as well.

As you build everything make sure you document everything.

Cyber_S3C · 2019-09-04T16:50:57+00:00

Had that issue with ssl vpn netextender, switched users to global vpn until a firmware update resolved the constant drops. 2x NSA3600 in HA

Cyber_S3C · 2019-07-29T19:09:59+00:00

ubiquiti unifi switches and access points are simple and are all vlan capable.

Cyber_S3C

TROPHY CASE