|
Jesus, that's bleak. It just seems like such an enormous waste of time for everyone involved. When we were trying to track down log4j stuff, it was a disaster. There was just no centralized tracking, some poo poo was thrown in a ticket, some a Teams chat, some a spreadsheet, like I said. I had an infosec person asking me about a log4j asset yesterday, that's how bad it was.
|
# ? Feb 24, 2022 23:33 |
|
|
# ? May 25, 2024 20:20 |
|
Internet Explorer posted:Jesus, that's bleak. It just seems like such an enormous waste of time for everyone involved. When we were trying to track down log4j stuff, it was a disaster. There was just no centralized tracking, some poo poo was thrown in a ticket, some a Teams chat, some a spreadsheet, like I said. I had an infosec person asking me about a log4j asset yesterday, that's how bad it was. Its not ideal, but there just isn't a better way I have seen any do. Because lets say your on-prem vulnerability scanner finds log4j poo poo on x servers. You create a ticket for the team that manages x servers and tell them "you have a log4j vulnerability, get rid of that software or update your poo poo with the guidance of the vendor of the software. When they close the ticket, you run your scanner again and hope it goes green. There might be meetings you have to have, emails back and forth, whatever, but the end result is that work is needed to be done and another team is responsible to do it. If the challenge of "How do I keep track of the status of all my log4j poo poo?" is more of a project management problem at that point. Your infosec team should be able to give you adhoc scans to tell you the status of now, your ops teams should be able to tell you the status of tickets, and your project manager should be able to take all of that and make a powerpoint to feed the c's. At the end of the day, its just another project, even if an emergency one.
|
# ? Feb 24, 2022 23:42 |
|
I hear what you're saying, but there's a reason we have different systems for tracking projects, user requests, and ops issues. Creating a ticket for each specific vulnerability just isn't feasible, most ticketing systems are way too cumbersome. What you've described just sounds like an enormous waste of time.
|
# ? Feb 24, 2022 23:56 |
|
Internet Explorer posted:I hear what you're saying, but there's a reason we have different systems for tracking projects, user requests, and ops issues. Creating a ticket for each specific vulnerability just isn't feasible, most ticketing systems are way too cumbersome. What you've described just sounds like an enormous waste of time. Touche. Because I find recreating the wheel to be a even larger waste of time.
|
# ? Feb 25, 2022 00:03 |
Page IA32.
|
|
# ? Feb 25, 2022 00:19 |
|
The 80386 was launched 2 months before I was born. Now I feel old.
|
# ? Feb 25, 2022 00:24 |
|
the hard part of vulnerability management is getting people to actually manage and remediate their poo poo , not having a particular place or webapp or whatever to put it. having special software won't fix the organizational and ownership problems that are the _actual_ problems
|
# ? Feb 25, 2022 00:28 |
|
Internet Explorer posted:I generally try my best not to interact with other departments at current job, but I was chatting with one of our infosec folks about how we coordinate on vulnerabilities and I just want to make sure I'm not making poo poo up here. Our infosec team currently runs various scanners, keeps an eye on CVEs, etc., but the way they coordinate things needing to be fixed is all over the place. Often times it's a ticket, sometimes it's a conversation in a Teams thread, sometimes it's treated as a project with a spreadsheet. Just the wild west. What you described is what was taught to me and this is exactly my job. I just spent the last two days in meetings with vendors so we can start finding a vlms product that works for us.
|
# ? Feb 25, 2022 00:55 |
|
Thank you for confirming I'm not all the way out in left field.
|
# ? Feb 25, 2022 02:11 |
|
My current client has it all dashboarded in ServiceNow. Took them years to build up their CMDB to actually be useful, but it’s now tied into the scheduled Tenable scanning & ad hoc pen-testing fairly seamlessly
|
# ? Feb 25, 2022 11:53 |
|
Internet Explorer posted:Yeah, unfortunately current place is allergic to anything Azure/M365, so I was hoping there was something a little more specific. Something like Tenable, etc. I am going to have a hard time getting them to do anything and it has to be as stand-alone and modular as possible. You can run sentinel and add each component at your leisure, it will be less effective in cross-checking data the fewer connector you enable. If your firm is 100% onprem it's not the best tool tho.
|
# ? Feb 25, 2022 12:14 |
|
Internet Explorer posted:Thank you for confirming I'm not all the way out in left field. You're not, but at the same time many companies do successfully manage that workflow with something like a Kanban or other project board linked with Jira or whatever other ticketing system they're already using. Whether you have a specific magical tool or not doesn't define if your company is doing vulnerability lifecycle management properly, though: that's more about policies and getting people to actually fix their poo poo in an organized manner, as I'm sure you already know.
|
# ? Feb 25, 2022 14:15 |
|
How are we doing web filtering on mobile phones these days? Looking at Intune's options for Androids, and it seems that we're looking at either: a. Massively cumbersome block-lists, or b. Highly resource-intensive allow-lists (for the various Microsoft and Google RLs for enrollment, Authentication, Office 365, Play Store, etc etc). Neither is ideal. My thinking is maybe something DNS-based, any affordable services out there?
|
# ? Feb 25, 2022 18:48 |
|
this is heavily dependent on what you are trying to accomplish with said web filtering do you mind expanding on your use case a little bit
|
# ? Feb 25, 2022 19:00 |
|
Sure thing -- We basically want to make sure that phones are used for email, Authenticator, and not much else. We want to suppress social media, media streaming, potential browsing to malicious sites, etc. This is for a quasi-governmental agency of ~250 users who is coming from NO MDM, NO device inventory, a very legacy mindset.
|
# ? Feb 25, 2022 19:20 |
|
On the Cloud end of VM, I've been playing with Orca and Wiz lately. Their workflows for finding and prioritizing vulnerabilities and automating Slack/Jira/ServiceNow alerting is pretty slick. Combining VM and CSPM lets you do some really nice things.
|
# ? Feb 25, 2022 19:28 |
|
Otis Reddit posted:Sure thing -- We basically want to make sure that phones are used for email, Authenticator, and not much else. We want to suppress social media, media streaming, potential browsing to malicious sites, etc. This is for a quasi-governmental agency of ~250 users who is coming from NO MDM, NO device inventory, a very legacy mindset. You can turn Safari off entirely if you have supervised devices. You can then deploy Edge as a managed app and have an allow list of websites that are permitted https://docs.microsoft.com/en-us/mem/intune/apps/manage-microsoft-edge Better content filtering can be achieved by combining it with something like Cisco Umbrella https://docs.umbrella.com/deployment-umbrella/docs/cisco-mobile-security-setup-guide Thanks Ants fucked around with this message at 19:35 on Feb 25, 2022 |
# ? Feb 25, 2022 19:32 |
|
Otis Reddit posted:How are we doing web filtering on mobile phones these days? Looking at Intune's options for Androids, and it seems that we're looking at either: a. Massively cumbersome block-lists, or b. Highly resource-intensive allow-lists (for the various Microsoft and Google RLs for enrollment, Authentication, Office 365, Play Store, etc etc). Neither is ideal. My thinking is maybe something DNS-based, any affordable services out there? OpenDNS has a commercial offering (called Umbrella, I think?) that offers DNS-based blocking.
|
# ? Feb 25, 2022 19:56 |
|
This is great info -- we are probably too cheap for Cisco Umbrella (and I'm not sure the organization is ready to use everything else that it offers tbh), and our previous attempts at managing Chrome with an allow-list led to Azure sign-in pages and device enrollment breaking. We are looking at a block-list but that would probably be over a million blocked domains and IPs, and with new malicious addresses spinning up each day, doesn't do much from a security standpoint. So this is the crossroads that we're at currently. Champagne business needs on a beer budget. Maybe Webtitan - anybody have any experience with them? Otis Reddit fucked around with this message at 20:16 on Feb 25, 2022 |
# ? Feb 25, 2022 19:57 |
|
https://twitter.com/HackingDave/status/1497295039881355267
|
# ? Feb 25, 2022 20:39 |
|
KozmoNaut posted:The 80386 was launched 2 months before I was born. Now I feel old. My friend, I was born before the 8080 came out. Also the z80, 6800, and 6502. I do learn today while looking that up the Atari 2600 used a 6502, which I did not know for some reason.
|
# ? Feb 25, 2022 20:47 |
|
Here's a direct link to the article quoted by the article linked in the tweet that's quoted in the posted tweet: https://www.telegraph.co.uk/business/2022/02/25/us-microchip-powerhouse-nvidia-hit-cyber-attack/
|
# ? Feb 25, 2022 20:48 |
|
Here's the article without a paywall https://12ft.io/proxy?q=https%3A%2F%2Fwww.telegraph.co.uk%2Fbusiness%2F2022%2F02%2F25%2Fus-microchip-powerhouse-nvidia-hit-cyber-attack%2F
|
# ? Feb 25, 2022 21:09 |
|
Or you could just browse their site with a modern adblocker + without javascript/cookies/third-party junk, taking advantage of your browser's reader mode to fill in any gaps in presentation. In other words, "What paywall?"
|
# ? Feb 25, 2022 21:18 |
|
Otis Reddit posted:This is great info -- we are probably too cheap for Cisco Umbrella (and I'm not sure the organization is ready to use everything else that it offers tbh), and our previous attempts at managing Chrome with an allow-list led to Azure sign-in pages and device enrollment breaking. We are looking at a block-list but that would probably be over a million blocked domains and IPs, and with new malicious addresses spinning up each day, doesn't do much from a security standpoint. So this is the crossroads that we're at currently. Champagne business needs on a beer budget. The free version of OpenDNS might be enough for you. I can't remember if the EULA forbids use by commercial entities or not, so you'd need to check that, and I imagine setting up DNS on mobile devices might be a pain. Still, it would be cheap from a licensing, if not a labor, perspective.
|
# ? Feb 25, 2022 22:18 |
|
Ynglaur posted:The free version of OpenDNS might be enough for you. I can't remember if the EULA forbids use by commercial entities or not, so you'd need to check that, and I imagine setting up DNS on mobile devices might be a pain. Still, it would be cheap from a licensing, if not a labor, perspective. One assumes a MDM solution?
|
# ? Feb 26, 2022 11:13 |
|
LtCol J. Krusinski posted:Are there any opinions on IT/Infosec degrees from WGU (Western Governors University)? CommieGIR posted:Honest answer? There's not a lot of good "CyberSecurity/Infosec" programs, largely because they focus on governance. If that is what you want, its probably good. Quoting some old posts because I was searching the thread for info about ethical hacking/infosec related tutorials. I’m not looking to make a career out of it, I’ve just been curious for a long time and would enjoy learning a little more and having some hands on experience, even if it’s just dabbling. Is there a currently recommended place to start with that? Guides, YouTube videos, anything like that. Absolute beginner friendly would be best.
|
# ? Feb 26, 2022 17:57 |
|
Snowy posted:Quoting some old posts because I was searching the thread for info about ethical hacking/infosec related tutorials. I’m not looking to make a career out of it, I’ve just been curious for a long time and would enjoy learning a little more and having some hands on experience, even if it’s just dabbling. Tryhackme.com is a browser-based thing you might be interested in. If you want to get more in-depth, then it really is trivially easy to set up a Kail VM, a Metasploitable2 VM and get them talking to each other across the hypervisor. There are a million YouTube and medium tutorials on getting started cracking metasploitable, and, if you haven’t played around with VMs it’s a good start to mess around with them. If you get REALLY froggy, you can set up an ELK stack so you can use kibana and watch what security sees when you run a scan or brute force attack. Good times.
|
# ? Feb 26, 2022 18:44 |
|
There's also HackTheBox, but I thinkTryHackMe is a geared towards learning. I'd start by looking up ippsec on Youtube and watching one of his walkthrough videos and see if seems like fun...
|
# ? Feb 26, 2022 20:41 |
|
Cool, thank you both looking forward to playing around a little
|
# ? Feb 26, 2022 21:09 |
|
For those working corporate gigs, what part (if any) does data analytics play in your day to day job? Is there value in a data analyst background for an infosec rookie? Or will teams tell me to pound sand if I'm not a sysadmin/network nerd?
|
# ? Feb 26, 2022 21:44 |
|
Hughmoris posted:For those working corporate gigs, what part (if any) does data analytics play in your day to day job? Is there value in a data analyst background for an infosec rookie? Tons of room for data analytics and knowing how to slice,dice and collate data and identify patterns. I don’t do anything particularly fancy but at least once a week I’m pulling data for identifying easy wins for vuln remediation, identifying if there are patterns in WAF traffic and what can be blocked outright (think ASNs, VPS providers etc), looking for interesting abuse patterns from messages we hoover up into our SIEM, etc. Not to mention all the vendors whose products rely on meaningful data insights. obv like with any data analytics/science, domain knowledge is important to have. Tryzzub fucked around with this message at 22:32 on Feb 26, 2022 |
# ? Feb 26, 2022 22:10 |
|
Hughmoris posted:For those working corporate gigs, what part (if any) does data analytics play in your day to day job? Is there value in a data analyst background for an infosec rookie? I'm in the business of infosec management software. Every single one of our customers is screaming about getting some power bi reports for security stuff. Incidentally, none of them know what they want beyond that, except "some way to track if it's good or bad across time". If you are somehow able to take the gigantic amount of data that exists in the infosec det department and transform it into a pie chart, you're gonna be a huge asset, because now you can explain that poo poo's hosed to non-nerds.
|
# ? Feb 27, 2022 12:07 |
|
Hughmoris posted:For those working corporate gigs, what part (if any) does data analytics play in your day to day job? Is there value in a data analyst background for an infosec rookie? In my experience, yes, but you will end up learning to code whether you like it or not
|
# ? Feb 27, 2022 12:12 |
|
BonHair posted:I'm in the business of infosec management software. Every single one of our customers is screaming about getting some power bi reports for security stuff. Incidentally, none of them know what they want beyond that, except "some way to track if it's good or bad across time". DO. NOT. BUY. QLIK.
|
# ? Feb 27, 2022 12:18 |
|
navyjack posted:Tryhackme.com is a browser-based thing you might be interested in. If you want to get more in-depth, then it really is trivially easy to set up a Kail VM, a Metasploitable2 VM and get them talking to each other across the hypervisor. There are a million YouTube and medium tutorials on getting started cracking metasploitable, and, if you haven’t played around with VMs it’s a good start to mess around with them. If you get REALLY froggy, you can set up an ELK stack so you can use kibana and watch what security sees when you run a scan or brute force attack. Good times. 2nd'ing TryHackMe. Its much more learning oriented and a very good hands on tutorial.
|
# ? Feb 28, 2022 14:29 |
|
Rust Martialis posted:DO. NOT. BUY. QLIK. For a while I kind of equated Power BI, Tableau, and Qlik for most data visualization work. Some of my data viz colleagues have recently (last year or so) kind of waved me off of that idea. They generally land on Tableau or Power BI. Is there a short version of what's behind this, or is it nuanced and something that requires some domain knowledge to appreciate?
|
# ? Feb 28, 2022 15:48 |
|
Ynglaur posted:For a while I kind of equated Power BI, Tableau, and Qlik for most data visualization work. Some of my data viz colleagues have recently (last year or so) kind of waved me off of that idea. They generally land on Tableau or Power BI. Nah, just I find QlikView and QlikSense ugly and hate coding it. Plus you can hire power bi coders much easier.
|
# ? Feb 28, 2022 16:40 |
|
https://twitter.com/nypost/status/1498324183226408961?t=Uj1t-tICldh5EncH3PnD2g&s=19
|
# ? Feb 28, 2022 16:55 |
|
|
# ? May 25, 2024 20:20 |
|
I love all the details and information in this article. What a worthless rag.
|
# ? Feb 28, 2022 18:05 |