De-Coder’s Ring

Consumable Security and Technology

Author: Chris Fauerbach (page 3 of 20)

Backup Plan

How often do you have a backup plan for when something goes wrong?

The group I’m working with went downtown Richmond today and had a blast on the Segway Tour.  Segways are like motorized mountain bikes/scooters and therefore, are a ton of fun.

When getting ‘trained’ for Segway operation, the guide taught us about what to do if the Segway just acted stupidly, beeped incessantly, vibrated without stopping, fell over, etc.  It made me start to wonder about logistics.

It was the second time that day the thought of drastically changing plans came to mind….  ok, maybe the 3rd now that I think about it more.

I try not to make a habit of thinking about the ‘what if’ or the potential negatives of a situation, but, it is always good to have a backup plan if something goes wrong.

 

 

Suricata – Detecting the (false positive) things

Suricata is a fantastic IDS, and can be used as an IPS

Intrusion Detection System

Intrusion Prevention System

The challenge with making it an IPS, comes with the false positives.  I’ve spent countless hours troubleshooting IDS rules that come from external intelligence.   This is not a knock on Suricata, this is not a knock on shared threat intelligence, they’re both critical components of a mature cybersecurity system.

A few critical points of validating your threat intelligence before throwing it into an IPS:

  1. Make sure it’s not google.com
  2. No private IP addresses
    1. 10.0.0.0/8 IP addresses: 10.0.0.0 — 10.255.255.255
    2. 172.16.0.0/12 IP addresses: 172.16.0.0 — 172.31.255.255
    3. 192.168.0.0/16 IP addresses: 192.168.0.0 – 192.168.255.255
  3. Watch out for IP addresses in general (WHAT?!), especially when they’re owned in a share host (Google, Azure, AWS).. those IPs get recycled SO frequently
  4. Watch out for CDNs.  Specific URLs are fine, but domains that are CDN (cdn.whatevr.com, etc), or anything related to cloud front, that isn’t a specific url, isn’t good.
  5. Prefer host names over IPs, but, make sure URLs are better.

It takes work, it’s hard, but it’ll be worth it.

Tuning is essential.  Tune your rules.

 

Podcast – Breaches

Affected by Equifax?  Yahoo?    What do you do now….

a little bit of recent news, and some tidbits on how to deal with it.

 

Subscribe here : https://fauie.com/feed/podcast

Kent Brake – Interview

This is another exciting podcast for the Decoder’s Ring series!

My friend Kent Brake joined me with a wealth of knowledge around cybersecurity and a few tools we can use to get a new network and host-based system monitoring.

Kent’s a seasons security architect and is currently working as a Solutions Architect for a company that you probably know.

In this podcast, we talk about how to start building a network security solution.  We discuss Bro, Suricata, Elasticsearch, Greylog, Splunk and all kinds of fun stuff you can use to create a new monitoring system.

OSQuery?  Yep, talked about that too!

Subscribe here : https://fauie.com/feed/podcast

Make a Flipping Decision

Don’t tell my wife about this post, because at home, I’m the WORST at making decisions. I don’t care what we have for dinner, I appreciate being fed. I don’t care what show we’re watching (as long as I’m caught up on GoT). I just like relaxing sometimes.

My attitude towards decision making has reached an age of enlightenment.  A big “ah-ha” moment.   I figured it out!

At work, no one likes to make a decision.  For years (ok, like 15?) I’d ALWAYS defer a decision to the ‘senior’ person in the room.  Especially if they were in my reporting chain. My boss is in the room?   I defer to her.  Her boss? Yep, I defer there.

It took me a REALLY long time to realize that the simple task of making a decision was a skill that 90% of people didn’t have, or wouldn’t take advantage of.

It reminds me of Aaron Burr.  At least how Lin-Manuel Miranda portrays him in Hamilton.  Dude wouldn’t pick a side.  He waited for others to make a decision.  “You keep out of trouble and you double your choices.”   In other words,  if I don’t pick a side, I won’t be wrong when the dust settles.   What an awful way to live!

Once that clicked, I’ll make a decision all day long.  If I’m wrong, oh well, I made a decision, and worked through it.  If I made a decision, it’s because no one else would.   Which means they didn’t have their own answer, or the guts to try something unknown.

This goes right into my post about Learning by Failure.

…. wonder what subconsciously is pushing me to talk about failure and decisions this week?

 

Older posts Newer posts

© 2017 De-Coder’s Ring

Theme by Anders NorenUp ↑