Certificate Transparency Logs

January 24, 2023 nlogician Leave a comment

Due to the ever increasing list of network compromises, securing our online presence has become more crucial than ever. One way to ensure online security is to use SSL/TLS certificates, which encrypt data transmissions between servers and clients, making them unreadable to any third-party. However, these certificates can be compromised, causing severe security breaches. This was seen back in 2011 with certificate authorities Comodo & DigiNotar. Read more here. There have been around 10 CA compromises in the last 3 – 4 years. Still a rare issue but one that needs consideration. That is where Certificate Transparency comes in, which is an open framework for monitoring SSL/TLS certificates.

Continue reading →

Uncategorized

Top 10 Indicators of Corporate Fraud

September 7, 2022 nlogician Leave a comment

It is well understood that corporate fraud can have devastating consequences for an organization and that detecting and preventing fraud is essential for safeguarding the interests of the owners, investors, employees, and customers. Therefore, it is important to be aware of the leading indicators of potential corporate fraud so that companies can take proactive steps to mitigate the risk of fraudulent activity. This post will explore 10 leading indicators of potential fraud that should be taken seriously. It should be noted that the presence of these flaws are no guarantee of fraud and could just point towards poor management practices or errors in accounting procedures. However, it is essential that thorough routine investigations and analysis be conducted to determine if there is actual fraudulent activity taking place.

Continue reading →

Systems

Best Practices for /etc/sudoers

January 5, 2022 nlogician Leave a comment

Sudo is a powerful tool that allows users to execute commands with root privileges on a Linux system. Sudo is typically used to allow users to perform administrative tasks without giving them full access to the root account. The sudoers file, located at /etc/sudoers, controls which users can use sudo and what commands they are allowed to run.

Continue reading →

Networks, Systems

Fiber Factoids, Part 1 – A primer on common fiber optic cable types

June 14, 2021 nlogician Leave a comment

If you’ve been in the IT industry for any amount of time you are likely to have ran across fiber optic patch cables in use in various different installations. Typically, you will most often see fiber optic cables used for an uplink to an internet service provider, in between network devices between buildings in a campus network, or in a datacenter where large amounts of bandwidth and high speeds are required.

Continue reading →

Networks, Quick Tips

What is a null route and why do I need one?

May 26, 2021 nlogician Leave a comment

Definition

There are several names for a null route, such as a “bit bucket”, a “black hole”, or just a null0 route. They all refer to the same basic mechanism that points traffic to a virtual interface on a router. That in turn is used for managing unwanted traffic to prevent loops or entering routes into the RIB (routing information base) of a router.

Continue reading →

Networks, Security

FIREPOWER DNS Sinkhole

May 9, 2021 nlogician Leave a comment

Many admins inadvertently design a sinkhole by null routing unused ranges within their core in order to limit unnecessary traffic. Some may even advertise these ranges from a Linux server running zebra or quagga for advanced alerting while monitoring for the propagation of worms or enumeration scans. In this post, we will discuss a similar idea for DNS using Firepower.

Continue reading →

Systems

Basic DHCP Setup

May 1, 2021 nlogician Leave a comment

Introduction

When it comes to efficiently assigning IP addresses to multiple clients, DHCP is the de facto standard in most networks. In this post, we’ll explore DHCP configuration on Red Hat Enterprise Linux 7 and give an example of how to install it, as well as a few configuration options for dhcpd. With a basic understanding of DHCP, you can get your network up and running almost immediately.

Continue reading →

Networks, Security

Unboxing and initial setup of a Meraki MX Security Appliance

April 24, 2021 nlogician Leave a comment

Meraki is a pretty well known company, and has been a part of Cisco since 2012. There are a multitude of cloud based managed Wi-Fi solutions, but Meraki is one of the most prolific and has a variety of cloud managed products to suit most any size company’s needs. Several of their devices have similar setup steps, but today we will cover the initial out of the box setup of a Meraki MX64 security appliance that will have your MX appliance online and configured in your dashboard in no time.

Security, Systems

AIDE – File Integrity Monitoring

April 24, 2021 nlogician Leave a comment

The idea of using file integrity monitoring to validate your operating system and applications has been around since the late ’90s, with programs like Tripwire. Today, we have a steady stream of companies offering their own version for FIM. However, one consistent and reliable open source solution for Linux is AIDE or the Advanced Intrusion Detection Environment.

Continue reading →

Security, Systems

Sniffing SSH Passwords

April 17, 2021 nlogician Leave a comment

Is it possible to get someone’s password in plaintext over ssh? Yes! Surely, this makes no sense when the purpose of ssh is to prevent such a thing. Well, I’m speaking of monitoring the session directly from the server the user is connecting to and not across the network.

Continue reading →