Vulnerability Management - Deprecated vs End of Support

The terms deprecated and end of support are related but have distinct meanings:

--> Deprecated:
When a protocol, software feature, or technology is deprecated, it means it is no longer recommended for use and may be phased out in the future. It is a warning that the technology is outdated, may have security vulnerabilities, or there are better alternatives available. However, the deprecated protocol or feature can still be used, and it may still receive security updates or limited support for a certain period.
Deprecated protocols or features are typically marked to discourage new usage, and developers or administrators are advised to transition to more secure or up-to-date alternatives.

--> End of Support (EoS):
End of support means that the protocol, software, or system will no longer receive any updates, including security patches and technical support from the vendor. This is a more critical stage than deprecation. Continuing to use systems or protocols that have reached end of support can expose them to security risks since vulnerabilities may no longer be addressed.
At this point, the vendor has officially stopped supporting the product, and users are strongly encouraged to migrate to newer versions or alternative solutions to avoid security risks.

--> Key Differences:
Deprecated: Still supported but not recommended for new use.
End of Support: No longer supported, no updates or security patches are provided.

The reason for this post was specifically one famous protocol .. Yes .. I am talking about NTLM.

Per Microsoft:
All versions of NTLM, including LANMAN, NTLMv1, and NTLMv2, are no longer under active feature development and are deprecated. Use of NTLM will continue to work in the next release of Windows Server and the next annual release of Windows. Calls to NTLM should be replaced by calls to Negotiate, which will try to authenticate with Kerberos and only fall back to NTLM when necessary.

Please find the below URL for more details:
https://learn.microsoft.com/en-us/windows/whats-new/deprecated-features

In cybersecurity, using deprecated protocols poses increasing risks over time, but using software that is at the end of support is much riskier, as it will not receive any security fixes.

Happy Learning !!
hashtag#VulnerabilityManagement hashtag#CyberSecurity

Excel VBA - Map a list of IP addresses with a list of subnets/IP ranges

I have uploaded a macro file on GitHub. The macro will map a list of IP addresses to their corresponding subnets/ranges. The subnets/IP ranges will act as input.

Instructions to run the macro are written in 'README' file.

Please find the below URL for GitHub repository:
https://github.com/tejaskore1234/map_IP_address_to_range

Happy Learning !!
hashtag#excel hashtag#microsoft hashtag#msexcel hashtag#vba

Vulnerability Management - Audit types for ISO management systems

Posting this because we all go through audits regardless of our individual domains, so thought we should all know basic terminology related to audits.

Following are the 3 types based on the organization conducting audit:

1. First-Party Audit
--> Definition: Conducted by an organization on its own management system.
--> Purpose: To evaluate internal processes and compliance with ISO standards. It helps identify areas for improvement.
--> Who Conducts: Internal auditors or designated staff within the organization.
--> Focus: Self-assessment, identifying non-conformities, and ensuring ongoing compliance.

2. Second-Party Audit
--> Definition: Conducted by one organization on another organization, often a supplier or partner.
--> Purpose: To assess the quality management system of a supplier to ensure they meet specific requirements and standards.
--> Who Conducts: Auditors from the purchasing organization or a contracted third party.
--> Focus: Evaluating the performance and compliance of suppliers or partners, ensuring alignment with contractual obligations.

3. Third-Party Audit
--> Definition: Conducted by an independent auditing body not affiliated with either party.
--> Purpose: To certify an organization’s compliance with ISO standards, typically resulting in an official certificate.
--> Who Conducts: Accredited certification bodies.
--> Focus: Comprehensive assessment of the entire management system, ensuring it meets the necessary ISO standards.

Summary
--> First-party audits are internal evaluations for continuous improvement.
--> Second-party audits focus on supplier compliance and risk management.
--> Third-party audits provide formal certification and external validation of adherence to ISO standards.

Each type of audit plays a vital role in the overall effectiveness of ISO management systems, ensuring quality, compliance, and continual improvement.

Happy Learning !!
hashtag#Cybersecurity hashtag#VulnerabilityManagement