|
Ugghhghghg you can't create exceptions in Nessus for compliance scan items? Do I seriously need to export CSVs and come up with some custom database to report on only items I care about?Solaron posted:My only experience with SIEM is NetWitness (formerly Security Analytics, formerly NetWitness), which we use at my current employer. How does that stack up? I thought I'd touched a lot of SIEMS but I always forget about this one. I had the misfortune of having to work with RSA enVision a few years ago and I think that set the bar for the worst software I have ever used in my entire life.
|
# ? Apr 13, 2017 00:11 |
|
|
# ? May 10, 2024 14:48 |
|
Martytoof posted:Ugghhghghg you can't create exceptions in Nessus for compliance scan items? Do I seriously need to export CSVs and come up with some custom database to report on only items I care about? I've only seen enVision a few times since we were just completing our migration project from enVision to NetWitness when I started, but it seemed terrible. Definitely worse than NetWitness, but I have no real experience now with the competition.
|
# ? Apr 13, 2017 01:00 |
|
“So what are we having for dinner today?” “Nice, succulent, slow-cooked cloud computing.”
|
# ? Apr 13, 2017 15:04 |
|
Double Punctuation posted:“Nice, succulent, slow-cooked cloud computing.” LOL, I'm glad I decided not to pick one of these up. A sous vide cooker should be at about the same technological complexity as a Crock Pot. Set the desired temp, and walk away for a few hours. It doesn't even need to have auto-off or auto-on, since the cooking time doesn't matter that much. In fact, you're better off leaving whatever 'cooking' at 140F than to have the device shut off and let bacteria start to grow in your cooling meal. Old-school Option: Google search "sous vide temperature steak", input temp, and set any handy timer for 2-3 hours. IOT Option: Find phone, turn on bluetooth, pair to Anova, download app/update app, sign in/create account, click through ads, use lovely app to find the food I'm cooking, and worry that my device will be bricked when Anova goes out of business.
|
# ? Apr 13, 2017 15:43 |
|
You can still just turn the knob.
|
# ? Apr 13, 2017 16:19 |
|
Guy Axlerod posted:You can still just turn the knob. One of my friends has this smoker: https://www.charbroil.com/smartchef-digital-electric-smoker For some idiotic reason the app is required to set the temperature. When he brought it down to my house a few weeks back during a LAN party the fact that my WiFi SSID has a space in it was the root cause behind a full hour of frustration when trying to get dinner going. This was with four people who all work in various IT fields prodding it and using monitor mode on Linux to watch the actual WiFi traffic. A normal person wouldn't have had a chance at figuring this out.
|
# ? Apr 13, 2017 16:45 |
|
B-Nasty posted:click through ads Haha, they run ads? That's some brazen poo poo. My Anova has Bluetooth capability I think (there's a symbol on the face) but I've never used it.
|
# ? Apr 13, 2017 16:48 |
|
I tried the bluetooth thing just to see if it was useful. Setting the temperature in the app was actually a worse UX. You have to use a spinner, instead of typing a number in.
|
# ? Apr 13, 2017 16:57 |
|
Subjunctive posted:Haha, they run ads? That's some brazen poo poo. I tried it once, saw the app was poo poo, and went back to just manually punching it in.
|
# ? Apr 13, 2017 17:29 |
|
Double Punctuation posted:“So what are we having for dinner today?” This is stupid and I'm not siding with the company, but I'm genuinely surprised there are so many people using the app. It takes me longer to open the app, connect it to my Anova, and set the temperature than it does to just walk up to the anova (which I have to do, to turn on BT) and turn the knob to set temperature. It's literally "app for the sake of having an app".
|
# ? Apr 13, 2017 17:30 |
|
wolrah posted:One of my friends has this smoker: https://www.charbroil.com/smartchef-digital-electric-smoker BTW I love setting Wi-Fi passwords with spaces in them because no one ever expects it to be a valid character. I think the main password lists out there don't have spaces in them unless you write some thing like a filter in hashcat.
|
# ? Apr 13, 2017 17:57 |
|
Oh my god, this one doesn't even have a dial. It's either the app or loving Alexa.
|
# ? Apr 13, 2017 23:23 |
|
EVIL Gibson posted:BTW I love setting Wi-Fi passwords with spaces in them because no one ever expects it to be a valid character. I think the main password lists out there don't have spaces in them unless you write some thing like a filter in hashcat. I learned something today.
|
# ? Apr 14, 2017 07:32 |
|
Latest ShadowBrokers dump is apparently less of a nothingburger than their last one. https://twitter.com/x0rz/status/852851891285487616 https://twitter.com/hackerfantastic/status/852851946146975744
|
# ? Apr 14, 2017 13:18 |
|
EVIL Gibson posted:BTW I love setting Wi-Fi passwords with spaces in them because no one ever expects it to be a valid character. I think the main password lists out there don't have spaces in them unless you write some thing like a filter in hashcat. This isn't true. The ?s mask in hashcat which covers all special characters also includes the space. So if a mask uses ?s or ?a it's going to catch your space.
|
# ? Apr 14, 2017 14:51 |
|
Doug posted:This isn't true. The ?s mask in hashcat which covers all special characters also includes the space. So if a mask uses ?s or ?a it's going to catch your space. That's what I meant, masks not filters. Do the rockyou default mask include spaces?
|
# ? Apr 14, 2017 21:53 |
|
Nothing new there, but a fairly comprehensive article about Cylance and other AV products: https://arstechnica.com/information-technology/2017/04/the-mystery-of-the-malware-that-wasnt/ I've decided I don't like these guys much. Working in the network equipment benchmarking industry I'm not surprised in the slightest, but these guys seem pretty aggressive about it.
|
# ? Apr 18, 2017 10:47 |
|
If a vendor is pushing a product as a revolution then it probably isn't.
|
# ? Apr 18, 2017 13:36 |
|
Just had a request from my boss to evaluate Vectra Networks to bring on-board as part of our SOC. Anyone have any experience with them?
|
# ? Apr 18, 2017 20:58 |
|
What's a good book to learn more about crypto just for personal reading and education? No, I won't be "rolling my own," but I would love to know the semi-technical workings of public keys, AES-CTR, stream ciphers...stuff like that. As a point of reference, I've took basic calculus in college (many years ago) and I read a lot about PC hardware and security issues, but I don't code. Thanks for any recommendations.
|
# ? Apr 19, 2017 02:07 |
|
WAR DOGS OF SOCHI posted:What's a good book to learn more about crypto just for personal reading and education? No, I won't be "rolling my own," but I would love to know the semi-technical workings of public keys, AES-CTR, stream ciphers...stuff like that. Read Simon Singh's Code Book then pickup Applied Cryptography by Bruce Schneier.
|
# ? Apr 19, 2017 02:17 |
WAR DOGS OF SOCHI posted:What's a good book to learn more about crypto just for personal reading and education? No, I won't be "rolling my own," but I would love to know the semi-technical workings of public keys, AES-CTR, stream ciphers...stuff like that. https://crypto.stanford.edu/~dabo/cryptobook/draft_0_3.pdf
|
|
# ? Apr 19, 2017 02:22 |
|
OSI bean dip posted:Read Simon Singh's Code Book then pickup Applied Cryptography by Bruce Schneier. You guys rock. These are outstanding!
|
# ? Apr 19, 2017 02:34 |
|
That book corresponds closely to Dan Boneh's course on Coursera if you want to learn in video form or do test questions on each topic.
|
# ? Apr 19, 2017 02:50 |
|
I've been really enjoying working through https://www.crypto101.io/ myself.
|
# ? Apr 19, 2017 06:20 |
|
This is a pretty good resource too if you want to learn crypto by breaking it: https://cryptopals.com/
|
# ? Apr 19, 2017 13:01 |
|
Doug posted:This is a pretty good resource too if you want to learn crypto by breaking it: https://cryptopals.com/ Seconded, this was fun.
|
# ? Apr 19, 2017 13:51 |
|
Recommended CISM study guides? My employer is paying my way because reasons, just need a book to cram before forgetting all the formalisms of the exam material five years later Potato Salad fucked around with this message at 16:26 on Apr 19, 2017 |
# ? Apr 19, 2017 16:22 |
|
If anyone is still doing evaluations, it would probably be a good idea to make sure the vendor isn't using extremely sensitive live data in its demos. (Source is WSJ, so I linked a summary due to the paywall.)
|
# ? Apr 19, 2017 22:25 |
Double Punctuation posted:If anyone is still doing evaluations, it would probably be a good idea to make sure the vendor isn't using extremely sensitive live data in its demos. Holy guacafuckingmole they have to be about to get destroyed by a lawsuit right? Why in the name of gently caress wouldn't you just set up your own demo environment if the company is really worth 3 billion dollars?
|
|
# ? Apr 19, 2017 22:41 |
|
Does anyone have any solid advice / tools for reviewing firewall rule sets for PCI compliance? My boss dropped this task on me this week and I've never touched a Firewall rule set before (although understanding them is easy enough), or audited anything for PCI compliance for that matter. A previous employee wrote some vba code in Microsoft access to do these types of reviews. However, the program was getting caught in an infinite loop while parsing the config files. I spent my day tracing through the code and I believe I solved the issue. Not really sure though, because I've never seen this program run before, and all of my co-workers haven't used it either. So, the program seems to parse the files now, but I'm unsure if it's doing so correctly. Does anyone have any tools to make my life easier? If not I'm going to be spending the weekend trying to fix this access database or rolling my own QAD implementation in Python.
|
# ? Apr 19, 2017 23:40 |
|
I'm not sure having the firewall rules in a more readable format is going to help you too much with assessing whether those rules allow the network(s) affected by them to be PCI compliant or not. At best you will get to a point where you have x number of zones/subnets/whatever defined, and the traffic that is allowed to pass between them, but without an understanding of the network itself surely you aren't able to give it the green light for compliance? And also you definitely don't want to be making any definitive statements on compliance either way.
|
# ? Apr 19, 2017 23:47 |
|
My surefire method of firewall review for PCI compliance is: Delegate it to someone with more patience (who is obligated to do what you say) some kinda jackal fucked around with this message at 00:33 on Apr 20, 2017 |
# ? Apr 20, 2017 00:30 |
Run a PCI scan if it's externally accessible and then correct whatever it caught. What else would you need to do?
|
|
# ? Apr 20, 2017 01:24 |
|
I'm not the PCI dude so maybe I'm interpreting the requirements incorrectly, but in my mind the intent of the firewall audit is to be certain that the rules you have in place are least privilege and up to date. So I mean you could have rules which may have been put in incorrectly, or made sense at one point, but no longer make sense, applications/servers that were decommissioned still being granted access through zones, etc. I can run a scan against a subnet and it won't trigger if the server that was decommissioned is down, but that doesn't mean the rule shouldn't be removed once found. Just stuff like that. some kinda jackal fucked around with this message at 01:32 on Apr 20, 2017 |
# ? Apr 20, 2017 01:29 |
Yah after reading the PCI requirements for firewalls it's actually not as ambiguous as I thought. If you're big enough to have a PCI guy why aren't they just feeding you the requirements? The change management and business documentation portions sound like particularly huge pains in the rear end depending on where it's at now. Edit: god drat it, not even sort of following this convo correctly. Person who got this dropped on you, your boss has given you what will likely turn out to be a Sisyphean task. milk milk lemonade fucked around with this message at 01:52 on Apr 20, 2017 |
|
# ? Apr 20, 2017 01:45 |
|
The problem is that the PCI guy will just say this needs to be done and documented and supporting evidence made available. You still need to do the work yourself, or if you're someone who doesn't have intimate knowledge of every single port and component of an application that has to communicate between zones then you'd better hope you have up to date documentation (hint: you probably don't), because then that means week long meetings with business owners while they try to track down engineers responsible for everything and make them come to "useless" meetings. That's why I try to push to do reviews quarterly to not let too much cruft build up, before things have a chance to wildly deviate from what I remember last time. When I went through my first PCI audit the QSA chuckled and told me that it stands for "Pain Commences Immediately" and we all had a laugh. Little did I know he wasn't joking. some kinda jackal fucked around with this message at 02:07 on Apr 20, 2017 |
# ? Apr 20, 2017 02:05 |
|
Double Punctuation posted:If anyone is still doing evaluations, it would probably be a good idea to make sure the vendor isn't using extremely sensitive live data in its demos. It's okay, I'm sure that they'll be prosecuted under the Computer Fraud and Abuahahahaha I can't possibly say that with a straight face.
|
# ? Apr 20, 2017 03:56 |
|
Reminds me of when I used to work on a government contract and the tax department happily furnished us with access to their testing database... which was a copy of the production database. Yep, everyone's tax details right there to touch, names and all included. I didn't even have to uniquely identify myself to access them. The border patrol did the exact same thing. I wonder if this is common practice all over...
|
# ? Apr 20, 2017 05:44 |
|
|
# ? May 10, 2024 14:48 |
|
What does your heart tell you?
|
# ? Apr 20, 2017 07:56 |