S0E11: "Proto-Router"

Posted
Comments 0

Navigation
Previous EpisodeNext Episode
Log
Recorded (UTC) Aired (UTC) Editor
2015-07-03 04:42:42 2015-07-13 03:23:10 brent s.
Verification
Format SHA256 GPG Audio File
MP3 0034de006ef16710edf39a18ed62e6c7303f1cab0cc443682f5284e06d682c70 click click
OGG 4592df6eae5b6a176d914cc85d062c07be39727598fc11ebf49a05f39ae8e334 click click

“InfoSec Speaks!”- where I get some input from the InfoSec crowd via Twitter. We also talk about running your own router box, briefly talk about VPNs, IPv6, and a really stupid decision MSFT made with Windows 10.

Notes

Infosec Speaks

Many thanks to all that contributed input! It was really great to hear from them!

NOTE: Some of the following have been modified from their original form to be more easily read in US English. I have included a link to the original tweet for your reference.

We asked:

If you could give one piece of advice to system/network administrators/engineers, what would it be? (12:49 AM – 2 Jun 2015)

These are the replies we got.

Learn to triage problems well, and learn it from people who do it day in and day out.@hacks4pancakes, 12:57 AM – 2 Jun 2015

Nail down the fundamentals.@fugueish, 12:59 AM – 2 Jun 2015]

RTFM, of course. :)@CodedBe, 1:00 AM – 2 Jun 2015

Never accept 24×7×365 on-call duty. Rotate monthly with someone under Director of Operations.@GeneticSequence, 1:07 AM – 2 Jun 2015

Vodka gives less of a hangover than whiskey.@tobermatt, 1:07 AM – 2 Jun 2015

Make sure to take your vacation days throughout the year.@GeneticSequence, 1:08 AM – 2 Jun 2015

Project work with Milestone Bonuses and get it in writing; they may not pay otherwise.@GeneticSequence, 1:09 AM – 2 Jun 2015

Don’t just learn what buttons to push and/or when. Learn the fundamentals of your technologies.@t0×0pg, 1:24 AM – 2 Jun 2015

Make sure 20% of your time is spent not doing administration/engineering. Get an unrelated hobby. Stay off the forums.@J0hnnyXm4s, 1:53 AM – 2 Jun 2015

Learn to know when to listen, and when to be aggressive like bear.@hacks4pancakes, 1:54 AM – 2 Jun 2015

If you are a lone admin: don’t give up your holidays just because someone derped.@chkconfig, 1:59 AM – 2 Jun 2015

Find a (third-party) IT support provider and get the business to buy rolling hours just in case.@chkconfig, 2:00 AM – 2 Jun 2015

Compliance doesn’t mean secure.@IDSninja, 2:04 AM – 2 Jun 2015

Buy one of those purses that explodes into nunchucks.@J0hnnyXm4s, 2:11 AM – 2 Jun 2015

You gotta be crazy to beat crazy.@PeterGanzevles, 4:32 AM – 2 Jun 2015

Always quote your regexps, because you just wrote a buncha pipelines and sub-shells! :-P@Dave_Korn_, 4:34 AM – 2 Jun 2015

Get experience in non-tech areas too. Gives you new perspectives.@unfo, 6:04 AM – 2 Jun 2015

Make sure your response plan is proactive rather than reactive. – [https://twitter.com/mzbat @mzbat], 7:16 AM – 2 Jun 2015

We can’t do our job without you guys, and without your cooperation. We aren’t the enemy.@da_667, 7:18 AM – 2 Jun 2015

[REDACTED]@porthunter, (redacted)

Learn how easy antivirus is to bypass, how weak passwords are, common social engineering attacks, … try to understand the concept of credential theft and view rights from an attacker’s perspective. … e.g. “If I can control your box, I may as well have all your privileges.”@scriptjunkie1, 1:57 PM – 2 Jun 2015, 2:11 PM – 2 Jun 2015, 2:13 PM – 2 Jun 2015

Errata

  • When discussing OpenVPN, I say it supports both tunneling and “peer-to-peer”; I actually meant TAP and point-to-point (“Bridged”-mode). Pretty similar concepts, but there are differences. See here and here.
  • When discussing PPTP, I mention the weak security of MS-CHAPv2. That’s actually the authentication method; the encryption is MPPE (but they’re pretty closely intermingled, so potato/potato).

Music

Music Credits
Track Title Artist Link Copyright/License
Intro Exit the Premises Kevin MacLeod click CC-BY 3.0
Outro Rhinoceros Kevin MacLeod click CC-BY 3.0
(All music is royalty-free, properly licensed for use, used under fair use, or public domain.)

Author
Categories (Pilot Season)

Comments

There are currently no comments on this article.

Comment...

Enter your comment below. Fields marked * are required. You must preview your comment before submitting it.