General InfoSec discussion

Discussion in 'Business & Enterprise Computing' started by Gunna, Nov 18, 2019.

  1. Gunna

    Gunna Member

    Joined:
    Dec 25, 2001
    Messages:
    7,315
    Location:
    Brisbane
    So I don't see a great deal of discussion regarding InfoSec in a corporate environment and lately i've been listening to a few podcosts about the topic so making this thread to discuss general InfoSec, news about exploits or to ask for advice on projects\solutions to implement.

    I found this today from a Veeam community form update email:

    https://blog.win-fu.com/2019/11/viewing-file-activity-on-remote.html
     
  2. BAK

    BAK Member

    Joined:
    Jan 7, 2005
    Messages:
    1,160
    Location:
    MornPen, VIC
    I think you mean "\\share\desktop (old)\new folder\new folder (1)\confidential\staffing\managers\new folder\TOP SECRET DEC Staffing Reduction plans draft (1) (1) FINAL edit confidential.xlsx"
     
    Last edited: Nov 18, 2019
  3. whatdoesthisdo

    whatdoesthisdo Member

    Joined:
    Jan 19, 2011
    Messages:
    8,365
    Location:
    Gold Coast
    Pffft everything is safe now that it is in the cloud... and even better the google cloud
     
    vladtepes likes this.
  4. QuakeDude

    QuakeDude ooooh weeee ooooh

    Joined:
    Aug 4, 2004
    Messages:
    8,464
    Location:
    Melbourne
    Love that you've started a thread on this - its something that everyone in IT should be at least aware of, given the source of most breaches tends to be... people :)

    What podcasts do you listen to on the topic? I've got all of my guys listening to Darknet Diaries, its a great podcast that's helped my non-security infrastructure guys get a much better appreciation for whats out there and the implications of not being aware of the world around them.
     
    vladtepes likes this.
  5. waltermitty

    waltermitty Member

    Joined:
    Feb 19, 2016
    Messages:
    1,040
    Location:
    BRISBANE
    are you paying your staff to listen to podcasts or is that homework?

    if my boss told me to listen to X podcast i'd tell them to stick it up their ass
     
  6. whatdoesthisdo

    whatdoesthisdo Member

    Joined:
    Jan 19, 2011
    Messages:
    8,365
    Location:
    Gold Coast
    If I asked one of my team to listen to a podcast that was work related and they told me to stick it my ass, they would be performance managed out of the business faster than you can say "podcast".
     
  7. QuakeDude

    QuakeDude ooooh weeee ooooh

    Joined:
    Aug 4, 2004
    Messages:
    8,464
    Location:
    Melbourne
    Its optional. I often give my guys learning material that they can use to better themselves.. if they don't want to use it then that's totally up to them. We have a very close team that work really well together so these discussions are always an educational thing.
     
    Last edited: Nov 18, 2019
  8. PabloEscobar

    PabloEscobar Member

    Joined:
    Jan 28, 2008
    Messages:
    13,697
    Are you 12?

    Pre TLS 1.3, SNI Handshake exposed Domain Name - is this considered a 'vulnerability', or is it just "the way it works (worked)"?
     
    Hive likes this.
  9. OP
    OP
    Gunna

    Gunna Member

    Joined:
    Dec 25, 2001
    Messages:
    7,315
    Location:
    Brisbane
    There are reasons people spend their entire career in a help desk role, its because they don't bother to upskill or learn.

    Also, I commute an hour + each day. I need to kill that time.

    I'd consider it a vulnerability. Most corporate naming conventions will have the server function in the hostname, this could expose an attack vector if someone wants to move laterally in the network. Corp-SQL-1 advertises to the attacker that SQL is on this server as opposed to CORP-SRV-1 etc.
     
    vladtepes likes this.
  10. OP
    OP
    Gunna

    Gunna Member

    Joined:
    Dec 25, 2001
    Messages:
    7,315
    Location:
    Brisbane
    That's where i've started as a pod cast. Great content.
     
  11. Daemon

    Daemon Member

    Joined:
    Jun 27, 2001
    Messages:
    5,469
    Location:
    qld.au
    Don't do a packet capture on your network then. Most of the MS services scream at the top of their lungs "HERE I AM AND THIS IS WHAT I DO". Besides, if you don't want an application server visible, then segregate it.

    It'd also take an adversary a few minutes to map your network... without SNI interception ;)
     
    cvidler likes this.
  12. waltermitty

    waltermitty Member

    Joined:
    Feb 19, 2016
    Messages:
    1,040
    Location:
    BRISBANE
    OK boomers
     
    Hive likes this.
  13. Frozen_Hell

    Frozen_Hell Member

    Joined:
    Sep 11, 2002
    Messages:
    2,974
    Location:
    Melbourne
    Pretty much, if you don't want to invest time in improving yourself, then why the fuck should anyone else?

    Don't put applications names/types in DNS if you're concerned? To be honest, naming leaking is probably the least of your worries anyway - the amount of internal DNS that inadvertently leaks onto the internet by many mechanisms is huge. Besides, pretty much every single DNS provider in the chain of resolution is doing analytics on the data these days for external lookups, including positive and negative lookup results.

    Remember that when a DNS lookup occurs, each NS in the path gets asked the full question everytime. i.e. say you lookup some.server.name.domainname.com.au. Every lookup in the chain gets asked the full question, because a dot does not necessarily indicate a delegation point. So the people running the root servers and any of the TLD, 2LD, 3LD etc. name servers you traverse on the way all know you asked for some.server.name.domainname.com.au, not just the portion of the name that they are the delegation for. That of course is on top of whoever you use as a recursive nameserver as well who is probably also analysing the data.
     
  14. PabloEscobar

    PabloEscobar Member

    Joined:
    Jan 28, 2008
    Messages:
    13,697
    Dns over https. The future... Is Now
     
  15. Frozen_Hell

    Frozen_Hell Member

    Joined:
    Sep 11, 2002
    Messages:
    2,974
    Location:
    Melbourne
    So the remote DNS server decrypts the payload and still sees the full question you're asking? Encrypting the data in transit only stops sniffing it on the wire, it doesn't stop all of the third parties operating that DNS infrastructure seeing all your queries and making money out of it. Efforts to monetise this stuff goes back years, remember the whole Sitefinder wildcard shenanigans that Versign tried to pull way back when? Yeeeaaaah.
     
  16. OP
    OP
    Gunna

    Gunna Member

    Joined:
    Dec 25, 2001
    Messages:
    7,315
    Location:
    Brisbane
  17. QuakeDude

    QuakeDude ooooh weeee ooooh

    Joined:
    Aug 4, 2004
    Messages:
    8,464
    Location:
    Melbourne
    Interested to know - what are people running when it comes to cybersecurity products? We're currently doing a POC with Darktrace, and will being doing another POC with Armis and AttackIQ for comparison.
     
  18. OP
    OP
    Gunna

    Gunna Member

    Joined:
    Dec 25, 2001
    Messages:
    7,315
    Location:
    Brisbane
    We use digital guardian and Cylance for AV and machine optics.
     
  19. elvis

    elvis Old school old fool

    Joined:
    Jun 27, 2001
    Messages:
    38,900
    Location:
    Brisbane
    I would hope anyone hired for a technology role in 2019 would be aware of security implications. I don't feel that's optional any more, and I certainly wouldn't want anyone working for me that didn't put security high on their list of considerations when doing work or evaluating new solutions.

    As for who to keep up with, most folks in this field are chatty about their work on Twitter. By all means, folks can old-man-rant about social media all they like. But there's a lot of juicy stuff there. More importantly, it's about security NOW, not security from years ago. This stuff moves fast, and so should we.

    https://twitter.com/DDoSecrets
    https://twitter.com/DAlperovitch
    https://twitter.com/matthew_d_green
    https://twitter.com/troyhunt
    https://twitter.com/mikko
    https://twitter.com/schneierblog
    https://twitter.com/MalwareTechBlog

    ... and many more. Many of these people maintain blogs with lengthier and more detailed posts on them, which are also worth reading. However Twitter serves as a nice indexing system for their content, as well as what's happening right now.

    In what respects? I'm doing three separate contracts for film and VFX content security at the moment, and the "list of products" could fill a book and changes by the minute.

    Describing the specific security requirement/problem you are trying to solve, I feel, is far more important than just throwing vendor products out into your network.
     
    Last edited: Nov 19, 2019
  20. 2SHY

    2SHY Member

    Joined:
    Aug 10, 2010
    Messages:
    7,640
    Location:
    Sydney NSW Australia

Share This Page

Advertisement: