|
Sorry if this is the wrong place for this. My company's environment uses a '.corp' domain name for its AD/Windows domain for some godforsaken reason and has no AD CS/PKI/internal CA set up. I'm trying to secure a Windows server application with an SSL certificate. The server will talk to many clients (internally). Does anyone have any suggestions for how to accomplish this? Should I just create a self-signed certificate and push it out via a GPO or something? I have less Windows admin experience than Linux but got saddled with this project because reasons and am trying to figure out the best way to accomplish securing it. I know I am bad at my job. Thank you.
|
#
¿
Nov 2, 2017 19:25
|
|
|
|
| # ¿ May 8, 2024 05:27 |
|
|
anthonypants posted:Without an internal CA, you're either going to have to use a self-signed certificate, or pay for one from an external CA. What you should absolutely not do is create one self-signed certificate and push it out to multiple servers. i dont think that I can buy the certificate because '.corp' is a high-risk TLD according to ICANN and thus is not available for registration and probably never will be. I would gladly just go that route though. I think using a self-signed one would create issues right? (I'd need to distribute it to every client who needs to contact the server or they'll get cert errors, right?) This might be opening a huge can of worms but can anyone recommend a resource for setting up an internal CA in windows? I assume I should use AD CS for this but people make it sound like a very scary, delicate process... (eg the comments here: https://redmondmag.com/articles/2015/06/01/ad-certificate-services.aspx ) post hole digger fucked around with this message at 19:33 on Nov 2, 2017 |
|
#
¿
Nov 2, 2017 19:30
|
|
|
ChubbyThePhat posted:That's pretty much accurate. It can be a pain to stand up a CA inside an already existing environment because lots of authentication will break until you sort out the individual certs. I need a beer.
|
|
#
¿
Nov 2, 2017 19:52
|
|
|
anthonypants posted:An IT job at a brewery, you say lol their beer sucks too.
|
|
#
¿
Nov 3, 2017 05:08
|
|
|
moved. wrong thread
post hole digger fucked around with this message at 19:06 on Feb 15, 2018 |
|
#
¿
Feb 15, 2018 00:46
|
|
|
CLAM DOWN posted:hot take: Swift On Security is bad in every way and always has been
|
|
#
¿
Jun 26, 2018 18:30
|
|
|
I just finished Spam Nation and enjoyed reading it. Does anyone have any recommendations for other narrative-based books about hacking or security? Surveillance Valley is also on my list.
|
|
#
¿
Jun 26, 2018 18:34
|
|
|
has anyone played with one of these? https://github.com/whid-injector/WHID thanks for the book rec's btw I will be getting Kingpin and Cuckoo's Egg shortly... post hole digger fucked around with this message at 16:19 on Jun 29, 2018 |
|
#
¿
Jun 29, 2018 05:38
|
|
|
Have any of you done OSWE for a web app pentesting cert? Based on the work I'm doing these days (working for a web-facing software company) OSWE might be more relevant than OSCP, although probably a fair amount more challenging as well. I am comfortable writing and reading source code to a degree (mainly Python and Perl) but am coming from a sysadmin background, not software engineering. I really want to give an OS cert a go this year, and the fact theyre on sale right now might be enough to push me over the edge. I am pretty confident I could pass OSCP with some practice, I have done a bunch of vulnhub boxes before and had my GCIH (now expired) up until this fall. I think I'd get a lot out of OSCP still, and its been one of my goals for a long time, but OSWE has my interest as well.
|
|
#
¿
Nov 29, 2022 23:22
|
|
|
Glad I already moved off of azure to entra 
|
|
#
¿
Jul 22, 2023 17:17
|
|
|
Os Furoris posted:Bitwarden, Keepass, or 1password? I use a PC, Mac and iPhone. 1password is great ime
|
|
#
¿
Aug 8, 2023 20:24
|
|
|
anyone here have any experience with wazuh particularly in a kubernetes/eks environment? we are looking for a replacement for threatstack for one of our orgs, which is getting sunset by F5 in october, and it seems like it could be needs suiting.
|
|
#
¿
Aug 11, 2023 01:21
|
|
|
It could be worse, and indeed, has been.
|
|
#
¿
Aug 16, 2023 05:28
|
|
|
I have never used it but I’ve heard good things about backblaze.
|
|
#
¿
Aug 29, 2023 16:24
|
|
|
Cannon_Fodder posted:I'm inheriting a massive vulnerability debt and taking on a vulnerability management position with very little experience. Username + post combo
|
|
#
¿
Sep 16, 2023 06:43
|
|
|
Bald Stalin posted:Remembering the time our boss had us implement rapid7 ($$$$$$$) then we didn't have enough resources to act on anything. Big tick from the board though. i feel like this is basically everything i do.
|
|
#
¿
Nov 16, 2023 00:28
|
|
|
It’s always a developer
|
|
#
¿
Dec 6, 2023 00:54
|
|
|
Burp Suite is a legitimate security tool maintained by a respected company. There's possibly a use case for it on a dev machine if they work in a web dev or something but based on the context above, that is probably not the case here.some kinda jackal posted:Tor on a work device significantly more horrifying. you are going to employee jail brother!
|
|
#
¿
Dec 6, 2023 18:31
|
|
|
Agreed, having an index is important but putting a decent one together isn’t that hard and the tests are incredibly straightforward if you do.
|
|
#
¿
Mar 26, 2024 23:35
|
|
|
some kinda jackal posted:I just run a linux distro from 1996 to be safe. No one will think to try exploits that old same, its called centos 7
|
|
#
¿
Apr 3, 2024 00:39
|
|
|
Cannon_Fodder posted:I would love to know what a cyber attack triage specialist consultant costs because I'm sure these guys are making stupid money. You need to apply strategic defenses to your perimeter to maximize your security ROI and strengthen your overall security posture in alignment with NIST 800-53 best practices. Do you have XDR? SOAR? CSPM? CNAPP? MDR? ZTNA? Let me set up a few calls with vendors. I won’t be able to attend due to scheduling conflicts but these guys are great, you’re in good hands. That will be $95,000.
|
|
#
¿
Apr 3, 2024 23:25
|
|
|
|
| # ¿ May 8, 2024 05:27 |
|
|
Mustache Ride posted:Hey remember that Palo vuln? although i have mixed feelings about the way a lot of 'ZTNA' poo poo actually works (lots of them doing layer 7 proxy stuff instead of working on layer 3 like a traditional vpn) i'm ready to see running stuff like vpn on your edge die. use tailscale or something if ztna is too stupid for your use case. too bad prisma just piggybacks on GP infra/your edge firewalls iirc. Sickening posted:It costs a thousand dollars, requires a specific kind of degree, and 5 years experience. It also require CE's to upkeep. The test is just a front for the club fee and the rest is suppose to gatekeep the non-desirables. cissp requires a specific kind of degree? do you mean in lieu of work experience? post hole digger fucked around with this message at 23:02 on Apr 24, 2024 |
|
#
¿
Apr 24, 2024 22:59
|
|