wop

Mentorship Monday - Discussions for career and learning!

Weekly thread for any and all career, learning and general guidance questions. Thinking of taking a training or going for a cert? Wondering how to level up your career? Wondering what NOT to do? Got other questions? This is the time and place to ask!

wop, 1 month ago

So, let’s assume that you are in an international company and the first and only security person. What are your first steps and projects? It is like really vague, but I’d assume like a SIEM, inventory of the network and all devices, backup situation, maybe even honeypots?

What are your high-prio things that every company should have? Is there even a framework for it?

Feeling kinda lost and I hope you get some guidance in the right direction.

What are You Working on Wednesday (Special Thursday edition)

Weekly thread to discuss whatever you’re working on, big or small, at work or in your free time.

Periodic 500 errors

I’m receiving periodic 500 server errors when viewing posts for about the last week. It’s pretty infrequent but definitely still happening....

Reacting to "It's the network" allegation

So, every network engineer knows it: everyone else will blame the network and you have to prove them wrong....

What are You Working on Wednesday

Weekly thread to discuss whatever you’re working on, big or small, at work or in your free time.

wop, 3 months ago

Currently using HedgeDoc for taking notes, but it is lacking some features, so I am trying to find and host some alternatives and compare them. And I hope I can find some time to play with my Flipper Zero…

'Networking' community is back

Thanks to Jerry for bringing this community back to life. I’ll be playing moderator for a while and may tweak the design a bit....

Cron Jobs on Linux - Comprehensive Guide with Examples (ittavern.com)

wop, 4 months ago

I want to get into Ansible and I am building a testing env for it - home lab with various switches and routers, Fortinet, Palo, and a proxmox host server and some remote VPS. One of my goals for Q1 '24. Today I am going to prep the switches.

Besides that, I want to host my own NFTY server and I hope that I can get it online within this week.

wop, 5 months ago

I am currently transitioning into a Security role at work. One question would be: what are the must-have tools for every blue team?

• Vuln-Scanner
• Logging/ SIEM-Server
• …

SSH Server Hardening Guide v2 (ittavern.com)

I am happy to share my revised SSH server hardening guide....

wop, 6 months ago

Learning things about Wireguard and implement it to secure my internet facing servers.

Linux Hardening - what are you must-haves?

I’m working on a guide focused on securing Linux servers and I’d like to ask you what your essential hardening techniques and tips are? Your feedback would be greatly appreciated

Infosec Engineer AMA

Hello! My name is Mike and I am an infosec engineer with 10+ years experience. I’ve worked in GRC, Vulnerability Management, PenTesting & AppSec. I have 17 SANS certs (I have a serious problem) and I’m also an infosec community enthusiast and creator/mod for /c/cybersecurity. AMA!

How do you find the bottleneck of a network?

cross-posted from: infosec.pub/post/306795...

wop, 10 months ago

Ping - Update 2

wop, 10 months ago

Ping - Update 2 Your numbers are are still missing since I havent had time to look into the pcaps yet. I hope I can get it done by the end of the week, but we are a little bit wiser.

wop, 10 months ago

Added the Update 2. Still some things to do, but we know a little bit more now. Feedback and questions are still welcome.

wop, 10 months ago

The ISPs are slow to answer if there is no active outage. Will take some time anyway.

Packets are dropped in bot directions. I am currently looking through the pcaps and will do another stress test later - got another window. MTU/MSS is the prio today.

wop, 10 months ago

Yeah, notifications are really unreliable here. I’ve got another window for more stress test today. Going to post update later, or tomorrow. Focus on MTU/MSS

wop, 9 months ago (edited 9 months ago)

Ping - Update 2 @Avian_Carrier @jharrison @SgtKetchup

Ping - Update 3 @Avian_Carrier @jharrison @SgtKetchup

wop, 9 months ago

Yeah, after more testing, we can say that the second IPStunnel was the issue. Re-worked the route over a single tunnel and the whole 100 Mbps are available again. Users are happy, I am happy. Even tho a little bit frustrating.

Thank you for your input!

wop, 4 months ago

Does fortigate not have a form of DMVPN like Cisco?

ADVPN (Auto-discovery VPN) seems to be the equivalent. docs.fortinet.com/document/fortimanager/…/advpn

Just curious why ISP/third party MPLS? Purely interest.

I guess it was easier at some point? - Taht was way before my time there. But we are going to replace the MPLS part with simple internet-breakout points on location and the the rest with SDWAN.

Also, did you find this purely from user complaining or have monitoring tool?

Purely from users complaining and other departments getting frustrated about why their stuff was not working (e.g. Citrix). The new FW had to be installed in a short time and ‘everything’ worked fine at first. Problems only occurred after some load was put on the network. We failed - as in network dep - by NOT doing a stress/limit test of the network and finding this problem immediately, and NOT implementing some kind of monitoring that would have notified us of all those lost packets and connections. We caught up, but we should have done it in the first place, because it is necessary.

I’m assuming using third party was supposed to offload the work/config from you?

Do you mean the ISP/MPLS provider? - If so, not really.