|
ewiley posted:I don't get the hate for microsegmentation, I mean it's already baked-in to AWS and Azure, NSX is expensive but it's not insanely complex to implement once you get past the vSwitches that you should be using anyway. aws and azure are infinitely easier to manipulate than network firewalls. If you really think it's worth popping a firewall between nodes on the same segment for whatever reason my argument is that it's far more transparent to implement it at the OS layer rather than the hypervisor or network. yoloer420 posted:Little Snitch my man! Or alternately windows firewall. Whatever works for you. I meant network firewalls, I should have clarified. EDR's like carbonblack also offer some pretty impressive network flow collection which tie network traffic to processes, users, etc.
|
# ? Mar 26, 2019 10:15 |
|
|
# ? Jun 11, 2024 13:57 |
|
i love seeing traffic from java.exe. what could it be? who cares.
|
# ? Mar 26, 2019 11:56 |
|
yoloer420 posted:Little Snitch my man! Or alternately windows firewall. Whatever works for you.
|
# ? Mar 26, 2019 12:04 |
|
Shinku ABOOKEN posted:i love seeing traffic from java.exe. what could it be? who cares. business critical api or data extraction by an unknown entity? no one knows, or can know, as the person who built it all left
|
# ? Mar 26, 2019 12:12 |
|
i too make all my important security decisions exclusively based on any adjacent filename i happen to spot
|
# ? Mar 26, 2019 12:21 |
|
Shinku ABOOKEN posted:i love seeing traffic from java.exe. what could it be? who cares. lmao if you still have the java runtime on your computer
|
# ? Mar 26, 2019 13:52 |
|
Krankenstyle posted:lmao if you still have the java runtime on your computer lmao if you think you got rid of the java runtime just because you don't have java installed
|
# ? Mar 26, 2019 14:32 |
|
Shinku ABOOKEN posted:i love seeing traffic from java.exe. what could it be? who cares. motherfuckers act like they forgot about jre
|
# ? Mar 26, 2019 17:18 |
|
Midjack posted:motherfuckers act like they forgot about jre lol
|
# ? Mar 26, 2019 17:35 |
|
Midjack posted:motherfuckers act like they forgot about jre
|
# ? Mar 26, 2019 17:41 |
|
Midjack posted:motherfuckers act like they forgot about jre
|
# ? Mar 26, 2019 17:47 |
|
abigserve posted:Generally it's fairly easy to use automation to stand up new stuff but ongoing cleanups and sanity-checking requires a lot of complicated logic that is hard to implement - ask anyone who is using Ansible (for example) for network automation how do they detect and then cleanup stuff when it's decommissioned and you'll get some interesting responses. Can you guess what happens when new changes are easy to automate but old policy is very hard to get rid of? Yea, this is where I'm at. Idempotent is a fun word, and ansible/network changes AREN'T. I can spin up (from scratch) an almost unlimited number of switches or routers that will be configured identically with dynamically assigned ip addresses, and hostnames, and ACLs etc etc. But tell me that you want to change our production vlan from 100 to 101 and I'll be at a loss to figure out how to do that cleanly and remove the old vlan :/
|
# ? Mar 26, 2019 17:48 |
|
Midjack posted:motherfuckers act like they forgot about jre
|
# ? Mar 26, 2019 17:49 |
|
Midjack posted:motherfuckers act like they forgot about jre
|
# ? Mar 26, 2019 17:50 |
|
Midjack posted:motherfuckers act like they forgot about jre
|
# ? Mar 26, 2019 17:51 |
|
abigserve posted:my point was regardless of what layer you are doing "firewalling" it's always terrible but the microseg solutions don't even try going above layer 4 so it's even worse than usual Security though ip/port whitelisting is obsolete. The security should be on the end point, the firewall should be providing NATing or allowing selective in-bound from the internet. That's it.
|
# ? Mar 26, 2019 17:52 |
|
Midjack posted:motherfuckers act like they forgot about jre
|
# ? Mar 26, 2019 18:03 |
|
Midjack posted:motherfuckers act like they forgot about jre
|
# ? Mar 26, 2019 18:07 |
|
Midjack posted:motherfuckers act like they forgot about jre
|
# ? Mar 26, 2019 18:11 |
|
Midjack posted:motherfuckers act like they forgot about jre
|
# ? Mar 26, 2019 18:14 |
as usual, i dont get it
|
|
# ? Mar 26, 2019 18:29 |
|
https://www.youtube.com/watch?v=QFcv5Ma8u8k
|
# ? Mar 26, 2019 18:31 |
lol
|
|
# ? Mar 26, 2019 18:32 |
|
Midjack posted:motherfuckers act like they forgot about jre
|
# ? Mar 26, 2019 18:57 |
|
|
# ? Mar 26, 2019 19:09 |
|
Krankenstyle posted:lmao if you still have the java runtime on your computer I need it to run a large number of useful java programs, most of which I wrote it doesn’t have unrestricted permission to talk to the network tho
|
# ? Mar 26, 2019 19:37 |
|
Midjack posted:motherfuckers act like they forgot about jre
|
# ? Mar 26, 2019 19:43 |
|
Midjack posted:motherfuckers act like they forgot about jre
|
# ? Mar 26, 2019 19:46 |
|
Midjack posted:motherfuckers act like they forgot about jre
|
# ? Mar 26, 2019 19:59 |
|
"secfuck megathread - v18.0 - motherfuckers act like they forgot about jre" is a few chars under the cap
|
# ? Mar 26, 2019 19:59 |
|
cinci zoo sniper posted:as usual, i dont get it The song Dr.Dre Ft. Eminem- Forgot About Dre includes the lyrics 'And motherfuckers act like they forgot about Dre'
|
# ? Mar 26, 2019 20:01 |
|
haveblue posted:"secfuck megathread - v18.0 - motherfuckers act like they forgot about jre" is a few chars under the cap somebody has to volunteer to touch the poop in order to force the creation of a new thread
|
# ? Mar 26, 2019 20:22 |
|
I'm not digging through a dump of data collected by a parental spyware app thanks
|
# ? Mar 26, 2019 20:25 |
|
mods can rename threads my dude and they should
|
# ? Mar 26, 2019 20:34 |
|
simble posted:mods can rename threads my dude we have traditions in the secfuck thread that must be upheld
|
# ? Mar 26, 2019 20:38 |
|
Midjack posted:motherfuckers act like they forgot about jre haveblue posted:"secfuck megathread - v18.0 - motherfuckers act like they forgot about jre" is a few chars under the cap it's a 17.1, dawg
|
# ? Mar 26, 2019 20:38 |
|
Midjack posted:motherfuckers act like they forgot about jre
|
# ? Mar 26, 2019 22:03 |
|
Midjack posted:motherfuckers act like they forgot about jre jesus lol
|
# ? Mar 26, 2019 22:58 |
|
Wiggly Wayne DDS posted:those really aren't the same... The question was about process aware firewalls that work. They do work, I'm not aware of any enterprise level solutions (for anything) that work though. The tech exists however. abigserve posted:I meant network firewalls, I should have clarified. EDR's like carbonblack also offer some pretty impressive network flow collection which tie network traffic to processes, users, etc. Absolutely fair, I don't know that there are any network firewalls that properly do anything close to that. If there were they'd need to be heavily dependent on host based reporting anyway. yoloer420 fucked around with this message at 23:05 on Mar 26, 2019 |
# ? Mar 26, 2019 23:03 |
|
|
# ? Jun 11, 2024 13:57 |
|
i'd never call windows firewall is a process-aware firewall that works last time i saw a windows firewall as effective as little snitch for end users was over a decade ago
|
# ? Mar 26, 2019 23:07 |