Titles are getting longer and longer.
wop 3 weeks ago • 100%
We do. Security/Network > dummy data / files, brainstorming, drafts. Not part of a department-wide process, but rather part of an individual's workflow.
#isso #docker #selfhosting #hugo
wop 3 weeks ago • 100%
Gotcha - makes sense. appreciate it.
wop 3 weeks ago • 100%
It may be a little late, but do you enjoy cybersecurity? - Chasing ghosts, scrolling through endless lines of logs, fending off threats, responding to incidents in high-stress situations, fighting for budgets, clients and colleagues who just don't care, being the "bad guy" in meetings, and so on.
I've only been there a few months, but there's no light at the end of the tunnel. I'm pretty sure it has something to do with my environment, but I can't see myself doing this for a long time.
Feedback is welcome - as always #ssh #linux #hardening #security
wop 4 weeks ago • 100%
I am pretty sure one of our consultants has this Osprey Comet. Looks decent! Wow, the Technonaut looks more like a travel bag than an everyday carry, and man, 400 bucks? And I thought my Veto Pro Pac was expensive.
New article: My Personal Backup Strategy Feedback is welcome! #backup #borg #syncthing
wop 4 weeks ago • 100%
Just ordered the Catalyst 26. Thanks again
wop 4 weeks ago • 100%
Those bags are looking great! Having enough space for tools and a big water bottle. Cheers
wop 4 weeks ago • 100%
And fairly inexpensive - thanks!
wop 4 weeks ago • 100%
It seems that I have to drive more often to the office again. Any bag recommendations? What is your favorite brand/ model?
I've been a little bit inactive. Trying to change it again. Most recent article.
wop 5 months ago • 100%
So, let's assume that you are in an international company and the first and only security person. What are your first steps and projects? It is like really vague, but I'd assume like a SIEM, inventory of the network and all devices, backup situation, maybe even honeypots?
What are your high-prio things that every company should have? Is there even a framework for it?
Feeling kinda lost and I hope you get some guidance in the right direction.
Set up new #FreshRSS instance for now. I want to read more and stay up to date on certain topics and I figured I could give RSS another chance. Stays invite-only for now, but feel free to hit me up if you want to have an account.
Focus on decoding unknown strings.
wop 7 months ago • 100%
Testing a few CTF platforms to learn more about pentesting. It is interesting, but the learning curve is quite steep.
Not gonna lie, wasn't that fun. Learned a lot, but felt lost multiple times. Probably gets better over time.
Doing some rooms on TryHackMe. Decided to create a write up of one room. Have to work on the format, but it should be fine for now. Feedback is welcome!
I think I've never share one of my favorite articles with you. Creating this was great and it has been a great resource ever since. I use SSH tunnel a lot in troubleshooting sessions and security demonstrations.
I am pleased to announce the launch of: [**forum.ittavern.com**](https://forum.ittavern.com/) More information can be found in [this thread](https://forum.ittavern.com/d/5-welcome-getting-started), but in short I miss the forum culture and want to create an open-minded and sustainable community. I welcome you and look forward to great discussions.
wop 8 months ago • 100%
Same here
I am happy to share with you the new design of my blog. New logo, new thumbnails, lots of CSS changes and everything is now hosted in a German DC. The goal was to create a clean design and reduce the loading time even further. Feedback is welcome.
Sending files over the internet. Been a pain in the past and I finally decided to host my own instance. It should be 'production' ready, but let me know if you encounter any problems.
wop 8 months ago • 100%
Currently using HedgeDoc for taking notes, but it is lacking some features, so I am trying to find and host some alternatives and compare them. And I hope I can find some time to play with my Flipper Zero....
So, every network engineer knows it: everyone else will blame the network and you have to prove them wrong. There are multiple reason: - lack of knowledge - ignorance - passing on responsibility - laziness - ... There are more. **I am interested in how you react to 'The network is causing the problems' requests.** - do you request certain information? - need an explanation? - what are you first steps? - do you have a runbook or some policy in place? --- Without getting into too much detail, I request some or all of the following information before I start looking: - what are they trying to do? What is the desired outcome? - what is the error message? *(pref a screenshot!) *+ timestamp *(for logs)* - has it ever worked before? - since when isn't it working? - can you resolve domains? - Source Host > Destination Host:Port - Results of Ping + Powershell Test-NetConnection on Windows and Netcat on Linux *(to test general connection, assuming TCP connection)* What I ask for and in what order depends on the person I am talking to. By the way, **monitoring** is my friend. If it says everything is fine, it usually is. **Side note** Describing the actual proof that it is not the network depends heavily on the infrastructure and the problem, so this may be a discussion for another thread. --- What are your first steps?
A quick & dirty solution that is available on most Linux hosts.
I've decided to self-host yet another service. This time it is [NTFY](ntfy.sh). Simple HTTP based push notifications for your devices. https://ntfy.brrl.net/ Feel free to use it. Feedback is welcome. I use it to notify me about successful logins on one of my servers, failed backups, results of cron jobs and so on. One simple HTTP request is all you need.
Sometimes I just need a simple whiteboard for **troubleshooting or brainstorming sessions**. I've decided to self-host a whiteboard with collaboration function. I am going to give [whitebophir](https://github.com/lovasoa/whitebophir) a try. Feel free to use it too! - free - no ads - no tracking --- Disclaimer: the data is **not** encrypted and I - as provider - could look into them. Not optimal for permanent boards as I plan to reset it once a month (not sure yet).
Rsync is one of my most used tools and I am happy to share this guide with you. I've learned a lot doing the research and I hope to share some tipps with you.
wop 8 months ago • 100%
Does fortigate not have a form of DMVPN like Cisco?
ADVPN (Auto-discovery VPN) seems to be the equivalent. https://docs.fortinet.com/document/fortimanager/7.2.0/single-datacenter-for-enterprise/282533/advpn
Just curious why ISP/third party MPLS? Purely interest.
I guess it was easier at some point? - Taht was way before my time there. But we are going to replace the MPLS part with simple internet-breakout points on location and the the rest with SDWAN.
Also, did you find this purely from user complaining or have monitoring tool?
Purely from users complaining and other departments getting frustrated about why their stuff was not working (e.g. Citrix). The new FW had to be installed in a short time and 'everything' worked fine at first. Problems only occurred after some load was put on the network. We failed - as in network dep - by NOT doing a stress/limit test of the network and finding this problem immediately, and NOT implementing some kind of monitoring that would have notified us of all those lost packets and connections. We caught up, but we should have done it in the first place, because it is necessary.
I’m assuming using third party was supposed to offload the work/config from you?
Do you mean the ISP/MPLS provider? - If so, not really.
Thanks to Jerry for bringing this community back to life. I'll be playing moderator for a while and may tweak the design a bit. Enjoy!
I've added a status page with #uptimekuma. I want to get used to it for now. It is currently running on the same server as the rest of the services, which is not optimal. Additionally adding some more sensors at some point.
wop 9 months ago • 100%
I want to get into Ansible and I am building a testing env for it - home lab with various switches and routers, Fortinet, Palo, and a proxmox host server and some remote VPS. One of my goals for Q1 '24. Today I am going to prep the switches.
Besides that, I want to host my own NFTY server and I hope that I can get it online within this week.
Just created an overview of the services I host.
I've decided to add an email newsletter to my blog. It is still 'work in progress', but I make progress and the first 'issue' will be sent next Monday. GDPR-compliant, no tracking, lightweight, and nothing special. Feel free to check out the following link for additional information. https://ittavern.com/newsletter/
wop 9 months ago • 100%
I am currently transitioning into a Security role at work. One question would be: what are the must-have tools for every blue team?
- Vuln-Scanner
- Logging/ SIEM-Server
- ...
I am happy to share my revised SSH server hardening guide. Feedback is very welcome.
wop 10 months ago • 100%
public key authentication ... is king.
I agree that port knocking won't replace any other hardening method, but I thought I'd look into it since it gets recommended so often. Not a big fan either.
I've created a new article about Port Knocking in preparation of my rework of the SSH Hardening guide. I'd like to hear your opinion about port knocking.
wop 11 months ago • 100%
Learning things about Wireguard and implement it to secure my internet facing servers.
wop 11 months ago • 100%
Being using rsync and borg for backups, but rclone is a great alternative and has even more functions.
haven't shared my backup guide here yet - your feedback would be greatly appreciated
I'm working on a guide focused on securing Linux servers and I'd like to ask you what your essential hardening techniques and tips are? Your feedback would be greatly appreciated
Not sure if there is any activity on Lemmy. Let's find out.
ITTavern Changelog Week 31 # General Added a [SEARCH](https://ittavern.com/search/) function: - only for the titles, fulltext search follows - added it to the menu Changed the design sligthly: - headers are having a light grey background # Notes Update **Update** [ITTavern.com](https://ittavern.com/notes): - reworked the beginning and removed some things that might not needed # Blog Updates **Update** [Getting started with iperf3 - Network Troubleshooting](https://ittavern.com/getting-started-with-iperf3-network-troubleshooting/): - fixed an error: `-P` instead of `-p` for parallel streams **Update** [ICMP echo requests on Linux and Windows - Reference Guide](https://ittavern.com/icmp-echo-requests-reference-guide/): - added more tags to make it easier to find **Update** [SSH - How to use public key authentication on Linux](https://ittavern.com/ssh-how-to-use-public-key-authentication-on-linux/): - added a new and prefered way to stop the ssh-agent with `eval "$(ssh-agent)"` --- Feedback is welcome!
wop 1 year ago • 100%
Ping - Update 2 @Avian_Carrier@infosec.pub @jharrison@infosec.pub @SgtKetchup@infosec.pub
Ping - Update 3 @Avian_Carrier@infosec.pub @jharrison@infosec.pub @SgtKetchup@infosec.pub
wop 1 year ago • 100%
The ISPs are slow to answer if there is no active outage. Will take some time anyway.
Packets are dropped in bot directions. I am currently looking through the pcaps and will do another stress test later - got another window. MTU/MSS is the prio today.
wop 1 year ago • 100%
Good points and thank you for your input. What kind of TaskManager do you use? Any system, or just simple list?
wop 1 year ago • 100%
Do you know https://logseq.com/ ? - I think it is considered an alternative to Obisidian. Had been using it for a while, was great, but it was almost too much work to organize everything.
wop 1 year ago • 100%
Haven't found my perfect solution. The current goal is get everything together and see what I really need. Most likely a single .md file that I can encrypt and sync in my machines, but not sure yet.
wop 1 year ago • 100%
I am currently trying to organize my notes. The old 'system' is a pain, and getting everything centralized makes it easier to find things. Notes, snippets, bookmarks, and so on.
wop 1 year ago • 100%
Thank you for the AMA.
Do you regularly feel overwhelmed? - Keeping up with the sec news and patch accordingly, firewall/ips and endpoint alarms, logs, meetings, and more. It shouldn't be the case, but it seems that everything in security is prio 1.
EDIT: and being the party pooper and saying no to everything, bc people do not think about security.
wop 1 year ago • 100%
Added the Update 2. Still some things to do, but we know a little bit more now. Feedback and questions are still welcome.
wop 1 year ago • 100%
Ping - Update 2 Your numbers are are still missing since I havent had time to look into the pcaps yet. I hope I can get it done by the end of the week, but we are a little bit wiser.
wop 1 year ago • 100%
Ping - Update 2
wop 1 year ago • 0%
Ping - Update 2 @Avian_Carrier@infosec.pub @jharrison@infosec.pub @SgtKetchup@infosec.pub
I hope it is ok to ping you.
wop 1 year ago • 100%
Thank you!
wop 1 year ago • 100%
Thank you!
wop 1 year ago • 100%
I am hosting multiple services, but my application/web security knowledge is lacking. Is there a guide or framework to check for common or risky mistakes? Is there a list of things I should check every application for, or guide on how to harden hosted applications? That is a topic that I am going to tackle in the near future, and would appreciate some tips in advance.
# General - I **deleted my Mastodon account** and removed the links from the blog - remove 'Projects' from the menu and move content to 'Notes' # Notes Update **Update** [ITTavern.com](https://ittavern.com/notes): - added a [Cyberchef quick access](https://ittavern.com/notes/#cyberchef) list for various tasks # Blog Updates **Update** [URL explained - The Fundamentals ](https://ittavern.com/url-explained-the-fundamentals/): - formatting + spelling mistakes - domains must not start with a dash (`-`) - subdomains CAN contain an underscore (`_`), but shouldn't **Update** [Getting started with nmap](https://ittavern.com/getting-started-with-nmap/): - added the option to check the results every x seconds/minutes with `--stats-every 1m / 10s` **Update** [Getting started with tmux](https://ittavern.com/getting-started-with-tmux/): - add a way to kill the whole session with `:kill-session` # Project/ Service Updates Switching secondary domain from itt.sh to brrl.net. The reason for the change is the .sh TLD. Not a big fan and I recommend to block it. --- Thank you for the feedback! - The goal is to keep all posts up-to-date and add more content over time.
wop 1 year ago • 100%
Thank you Jerry!
A deep-dive into the world of URLs. I'll explain the syntax, the functions, some information about domains, and the difference between URL, URI, URN and URC. Feedback is welcome
wop 1 year ago • 100%
I'll keep that in mind
wop 1 year ago • 0%
You are right. Still an active policy that we have to work on.
wop 1 year ago • 0%
I am certain that we block ICMP on multiple FW in between. I could allow it temporary and check. Good suggestion.
wop 1 year ago • 100%
Will compare it as soon as I get my hands on the machine.
And yeah, we do tend to block ICMP over here too.
wop 1 year ago • 100%
Getting a pcap of another client could bring some insight, yeah.
SSH is used for the data transfer. Without knowing it at this moment, I'd assume scp or rsync. You mean whether all their internet traffic is routed through the active SSH session?
wop 1 year ago • 100%
Fairly new too - why wouldn't you be able to answer if the post is set to 'Undetermined'. Haven't had any issues yet.
wop 1 year ago • 100%
I haven't had the chance to get a pcap yet. As soon as I get my fingers on the test clients, I'll check them and additionally do testing with TCP and UDP transfers. I'll let you know.
Just to clarify: this would be the limit for a single TCP connection and yes, could be the limit for this one download. This would not explain, why the rest of the location is affected if theoretically 90% of the bandwidth is still available, no? - Please correct me if I am wrong here.
cross-posted from: https://infosec.pub/post/306795 > I am interested in your ways to identify a bottleneck within a network. > > In my case, I've got 2 locations, one in UK, one in Germany. Hardware is Fortigates for FW/routing and switches are Cisco/HPE. Locations are connected through an Ipsec VPN over the internet and all internet connections have at least a bandwidth of 100 Mbps. > > The problem occurs as soon as one client in UK tries to download data via SSH from a server in Germany. The max download speed is 10 Mbps and for the duration of the download the whole location in UK has problems accessing resources through the VPN in Germany (Citrix, Exchange, Sharepoint, etc). > > I've changed some information for privacy reasons but I'd be interested in your first steps on how to tackle such a problem. Do you have some kind of runbook that you follow? What are common errors that your encounter? > (independently from my case too, just in general) EDIT: Current list - packet capture on client and server to check for packet loss, latency, etc. - if packets dropped, check intermediate devices - check utilization of intermediate devices (CPU, RAM, etc) - check throughput with different tools (ipfer3, nc, etc) and protocols (TCP, UDP, etc) and compare - check if traffic shaper/ QoS are in place - check ports intermediate devices for port speed mismatch - MTU/MSS mismatch - is the internet connection affected too, or just traffic through the VPN - Ipsec configuration - turn off security function of FW temporary and check if it is still reproducible - traceroute from A to B, any latency spikes? - check RTT, RWND, MSS/MTU, TTL via pcap, on the transferring client itself and reference client, without and while an active data transfer Prob not related but noteworthy: - check I/O of server and client I'll keep this list updated and appreciate further tips. --- **Update** I had to postpone the session and will do the stress test on Monday or Tuesday evening. I'll update you as soon as I have the results. --- **Update2** So, I'll try to keep it short. First iperf3 over TCP run (UK < DE) with same FW rules let me reproduce the problem. Max speed 10 Mbps, and DE < UK even slower, down to 1-2 Mbps. Pattern of the test implies an unreliable connection (short up to 30 Mbts, then 0, and so on). Traceroute shows same hops in both directions, no latency spikes, all good. BUT ICMP and iperf3 over UDP runs show a **packet loss of min 10% and up to 30% in both directions!** Multiple speed tests to endpoints over the internet (UK>Internet) showed a download of 80 Mbts andupload of like 30 Mbts, which indicates a problem with the IPSec tunnel. Some smaller things we've tried without any positive effect: - routing changes - disabling all security features for affected rule set - removed traffic shaper - Port speed/duplex negotiations are looking good - and some other things that I already forgot Things we prepared: - We have opened some tickets at our ISPs to let them check it on their site > waiting for response - Set up smokeping to ping all provider/public/gw/ipsec endpoinrts/host IPs and see where packets could be dropped (server located in DE) - Planned a new session with an Fortigate expert to look in-depth into the IPSec configuration. Need to do: - look through all packet captures (takes some time) - MSS/MTU missmatches / DF flags - further iperf3 tests with smaller/larger packet - double check ipsec configuration - QoS on Switches I wish I had more time. I'll keep you updated