echlinm

There are three rules I drive into the heads of all of my techs and admins. They are, Backup, backup and backup. Everything must have a backup. The backups are cycled so that we don't have just last night's backup but a weekly full backup and nightly incrementals. And there has to be off-site backups, of everything. (Which…

Linux is so useful in cyber. From being able to boot an infected windows system from a Linux CD to recover data, so forensics etc. to distributions like Kali for testing/auditing systems and networks. But Windows is also required for those people who just can't handle Linux, and as a means of keeping those of us who can…

What determines what files are sent? Are they just files coming through the perimeter or any file crossing any Cisco device? I deal in nuclear and some of our stuff being sent to Cisco would cause issues for us and Cisco. I'm not sure what our IT Guys have set up this way, I do cyber research, I don't actually protect the…

"Without active sponsorship by executive management and a specific role dedicated to ensuring the fulfillment of security goals, instituting security controls is next to impossible" (NRECA / Cooperative Research Network: Guide to Developing a Cyber Security and Risk Mitigation Plan)

Number one reason for having configuration management (in networks or software or pretty much anything else that can be configured), sanity! I can make changes knowing if I mess up I can get back to something that works with a few mouse clicks. I can make changes without worry and no net loss of hair (And I work with…

People need to realize that to learn from mistakes you need to record them. And every work environment should be a place you can make mistakes without negative effects. That guy who never does anything because he is afraid to make mistakes would be a much more productive member of the team if his mistakes were acknowledged…

Cyber security can be agile. And we have to be. Our adversary is not the devops guys or the standards guys or the regulators or users but the attackers. Attackers are extremely agile. They can change at a whim, change to be undetected and change to adapt to our slow moving responses. We change so little between attacks. If…

Do they stop and ask, "sorry I missed that word can you repeat it please?"

Why would you ever have a cyber security person who didn't code? I know most cyber people aren't coders, but all the best attackers are. And we wonder why the attackers win more often than we do. (Yes I know coders are hard to come by and hard to get to jump ship to cyber security, and they are expensive. You can teach…

I'm a computer guy, technical name for it. I've been playing with computers since the 70's, for pay since the 80's and in the nuclear labs since the 90's. I started in cyber because I got a virus, Friday the Thirteenth. Nasty piece of work and it opened my eyes. I've been hooked ever since. Now cyber research in industrial…

Of course when talking to a network one must talk at layer 2 or layer 3 (unless you are still using snmp). I tend to use a tool like Ostinato or packeth (scapy is also good). I would use netcat but it doesn't seem to like broadcasting, requires a port. Follow this recipe at your own risk, sending random packets to all the…

I understand the allure of cloud. But I don't understand how anyone could think of it as secure. People say it's more secure than your own lan, but, you still have to have your own lan, so it's not more secure it's an added risk that requires a connection through an untrusted network and allows connections from anywhere in…

I would then do as rschroeder suggested above. Hopefully you have the node already monitored and can start at step 4 of his instructions.

OK let me see what we are trying to do. You have a device, a vpn tunnel? or monitored through a vpn tunnel, what is the device you are getting the report on. If you don't have the monitoring set up already in ncm with the right parameters that may not have the info you require, but the device itself may. What is the…

We need more info. What vpn server/box and clients are you using?