redfox

@redfox@infosec.pub

This is a remote user, information on this page may be incomplete. View at Source ↗

Husband, Father, IT Pro, service.

I ask a lot of questions to try to understand how people think.

⁨Comment⁩ on ⁨What are You Working on Wednesday⁩ ⁨⁨3⁩ ⁨months⁩ ago⁩:
I have been painstakingly laying the ground work for segmenting network into data center management plane, and future overlay networks for internal applications and dmz / public services.

It would have been easy to burn the place down and start over…
⁨Comment⁩ on ⁨What are You Working on Wednesday⁩ ⁨⁨3⁩ ⁨months⁩ ago⁩:
Ever look at emby?
Firewall Schemes at Different Layers
Submitted ⁨⁨6⁩ ⁨months⁩ ago⁩ to ⁨cybersecurity@infosec.pub⁩ | ⁨1⁩ ⁨comment⁩
⁨Comment⁩ on ⁨Technical Controls⁩ ⁨⁨7⁩ ⁨months⁩ ago⁩:
How far do you guys go?

'All of it’s or until it’s inconvenient?

What’s the pain tolerance for when everyone says it makes the job too hard?

Ever compared CIS controls to STIG ACAP?

I’ve only ever used SCAP for a few reasons z but one being it’s free.
⁨Comment⁩ on ⁨Implementing Least-Privilege Administrative Models⁩ ⁨⁨7⁩ ⁨months⁩ ago⁩:
What do you guys use for STIG audit?

Manual STIG viewer or SCAP?
Technical Controls
Submitted ⁨⁨7⁩ ⁨months⁩ ago⁩ to ⁨cybersecurity@infosec.pub⁩ | ⁨3⁩ ⁨comments⁩
Implementing Least-Privilege Administrative Modelslearn.microsoft.com ↗
Submitted ⁨⁨7⁩ ⁨months⁩ ago⁩ to ⁨cybersecurity@infosec.pub⁩ | ⁨2⁩ ⁨comments⁩
⁨Comment⁩ on ⁨Asset and Vulnerability Scanning⁩ ⁨⁨7⁩ ⁨months⁩ ago⁩:
Makes sense. Thanks. I have heard of R7. Had not heard of Qualys.
⁨Comment⁩ on ⁨Asset and Vulnerability Scanning⁩ ⁨⁨7⁩ ⁨months⁩ ago⁩:
Thanks
⁨Comment⁩ on ⁨Asset and Vulnerability Scanning⁩ ⁨⁨7⁩ ⁨months⁩ ago⁩:
Good info, thanks.

I am familiar with ACAS, which is why I am testing the products.

Fully capturing all the capabilities of scanning, auditing configuration seems like you could put countless hours into the implementation.

I imagine the ROI is high based on what I’ve seen.

Would you agree?
⁨Comment⁩ on ⁨Asset and Vulnerability Scanning⁩ ⁨⁨7⁩ ⁨months⁩ ago⁩:
Thanks,. I’ll check into those two
Asset and Vulnerability Scanning
Submitted ⁨⁨7⁩ ⁨months⁩ ago⁩ to ⁨cybersecurity@infosec.pub⁩ | ⁨8⁩ ⁨comments⁩
⁨Comment⁩ on ⁨What are You Working on Wednesday⁩ ⁨⁨7⁩ ⁨months⁩ ago⁩:
I spent Wednesday tracking down what was transferring too much data. It was domain controllers. The team didn’t figure out why though. I’m waiting in anticipation. I also can’t call people names without knowing/JK
⁨Comment⁩ on ⁨What are You Working on Wednesday⁩ ⁨⁨8⁩ ⁨months⁩ ago⁩:
Spent the day/week wondering why part of a network was transferring 100 times the planned data, wondering if data exfil, etc.

Nope, just misconfigured domain controllers. Still waiting on the geniuses on that team to figure something out.

If your DC uses GBs instead of MBs to replicate a mostly static directory, you might have a problem…
⁨Comment⁩ on ⁨WordPress Admins Urged to Remove miniOrange Plugins Due to Critical Flaw⁩ ⁨⁨8⁩ ⁨months⁩ ago⁩:
Thanks for posting interesting stuff.
⁨Comment⁩ on ⁨WordPress Admins Urged to Remove miniOrange Plugins Due to Critical Flaw⁩ ⁨⁨8⁩ ⁨months⁩ ago⁩:
1. I like getting infosec info on infosec instance :)
2. If you cross post to two communities on the same instance, we all see double posts.
Maybe we can pick between cybersecurity and security news for articles and the other for discussion?
⁨Comment⁩ on ⁨What are You Working on Wednesday⁩ ⁨⁨8⁩ ⁨months⁩ ago⁩:
Nice. You guys allowing the playbooks to configure or just audit?
⁨Comment⁩ on ⁨What are You Working on Wednesday⁩ ⁨⁨8⁩ ⁨months⁩ ago⁩:
Can you share any of the baseline that’s not specific to your org/sensitive? What sources are you using as a reference?
⁨Comment⁩ on ⁨Security Technical Implementation Guides (STIGs) – DoD Cyber Exchange⁩ ⁨⁨8⁩ ⁨months⁩ ago⁩:
I hear what you’re saying, you’re not wrong.

I would argue that the technical implementations, the ones that are about a quantified or Boolean evaluation, that’s not the case.

Sure, STIGs can be open to interpretation like any benchmark or compliance standard and are open to the reviewers personal discretion or trends in the industry.

I wouldn’t suggest that stigs are more relevant than CIS, since it’s mostly only used by federal government, but it is something to be aware of and a skill set that’s in demand.

I wouldn’t say cis, or stigs, aren’t a security practice by themselves. Security practices come from implementing good policies and evaluation, and I would suggest that the new cybersecurity framework 2.0 would help inform good security practices.

Have you never found ambiguous standards anywhere else?
⁨Comment⁩ on ⁨Podcast: 7 Minute Security⁩ ⁨⁨8⁩ ⁨months⁩ ago⁩:
They’ll all over the place time wise.

I skip forward when he goes on tangents, though I can usually relate to them 😀
⁨Comment⁩ on ⁨Podcast: 7 Minute Security⁩ ⁨⁨8⁩ ⁨months⁩ ago⁩:
Yeah, he’s an acquired taste. I could see being friends, but you have to be interested in wading through a lot of friendly commentary, or do a lot of skipping forward.

I like the domain admin dance.
Security Technical Implementation Guides (STIGs) – DoD Cyber Exchangepublic.cyber.mil ↗
Submitted ⁨⁨8⁩ ⁨months⁩ ago⁩ to ⁨cybersecurity@infosec.pub⁩ | ⁨2⁩ ⁨comments⁩
Podcast: 7 Minute Security7minsec.com ↗
Submitted ⁨⁨8⁩ ⁨months⁩ ago⁩ to ⁨cybersecurity@infosec.pub⁩ | ⁨4⁩ ⁨comments⁩