S1E18: "Pr0n and Nigerian Princes"

Posted
Comments 0

Navigation
Previous EpisodeNext Episode
Log
Recorded (UTC) Aired (UTC) Editor
2016-10-13 03:04:21 2016-10-24 04:42:00 "Edita"
Verification
Format SHA256 GPG Audio File
MP3 f0af818d44d4c7e0b6f904ab26774d3ac1679768a923affcd89a958c71ac1ac5 click click
OGG d3e1a588eccba90bca14c9da80fc7eb26f86541945bf88ea9970343aac3d0725 click click

Using VPNs in a corporate use case and surface discussion on running your own email server.

The birth of Jthan’s “VPN noise”.

News

Starts at 5m42s.

Notes

Starts at 16m40s.

Jthan was drinking Chai High from Avery Brewing Company. Paden was drinking Grant’s Family Reserve Whisky. I was drinking Knob Creek (once again).

  • We shortly recap BSides DE 2016.
  • VPNs (Virtual Private Networks) can be a HUGE asset to your company.
    • The Microsoft VPN, or PPTP, has been around for a looong time, and has some major security issues.
    • macOS and iOS10 don’t support PPTP (source).
    • The Linux version of PPTP server is called Poptop, and the client is (aptly-named) PPTP Client.
    • IPSec is pretty popular. Windows has native L2TP / IPSec support, as does Mac OS X/macOS, iOS, Android, etc.- just about everything supports L2TP/IPSec. The Cisco “variant” is IPSec IKEv1 with XAuth extensions. Linux has several different projects that support IPSec and various iterations of it (FreeS/WAN (now defunct), Openswan, IPSec-Tools (including e.g. racoon)- which is what Android uses, and Strongswan. I recommend Strongswan).
    • Windows users (and Linux users…) can use ShrewSoft for IPSec if they need drop-in support for Cisco-style IPSec.
    • Microsoft’s PPTP replacement is SSTP, and if you want to run an SSTP server on Linux you’ll need to use SoftEther. Thankfully, the standalone SSTP Client for Linux feels a lot cleaner.
    • But OpenVPN is, by far, my personal favourite. (The community/opensource version also has a pretty fantastic HOWTO.)
    • USE SELECTIVE ROUTING WHENEVER POSSIBLE, don’t push a full default route to your clients!
    • Jthan also mentions Tinc. However, it is not viable for a company VPN.
  • Email is omnipresent and messy as hell. (39m24)
    • Email has been around for a LONG. TIME. But is starting to show its age.
    • Email has a TON of RFCs.
    • I mention POP1 (RFC918).
    • MISCONFIGURED EMAIL SERVERS CAUSE SPAM. DO NOT RUN YOUR OWN MAIL SERVER IF YOU HAVEN’T DONE A TON OF STUDY AND TESTING FIRST.
    • If you choose to, use Postfix and Dovecot.
    • Learn the ins and outs of, and set up:
    • ArchWiki’s Postfix article and Dovecot articles (and the suggested articles on the right sidebar) are immensely useful, as are the Gentoo articles.
    • This thread has some useful information as well (but be forewarned- it has a LARGE amount of noise/signal).
    • The SwiftOnSecurity thread on Twitter is here.

Sysbadministration Award

In this segment, we highlight system administration mistakes. Think of them as the IT equivalent of the Darwin Awards. (56m18s)

A bank is enforcing 8-digit passwords. Yes, you read that correctlyDIGITS, not characters.

Errata

  • Jthan fixed his mumble… :P
  • Paden refers to “Rule 43” when we’re discussing the EFF rule 41 thing. He meant Rule 34. (Obligatory.)
  • srg from our IRC channel has pinged us as let us know that he wrote an article for postfix/dovecot as well. And he totally reminded me of Sieve, which is super handy for giving users the power to perform their own filtering.

Music

Music Credits
Track Title Artist Link Copyright/License
Intro White Eagles Simon Mathewson click CC-BY-NC-SA 4.0
Outro Wife (Johnny_Ripper Remix) strangerfamiliar click CC-BY-NC-SA 4.0
(All music is royalty-free, properly licensed for use, used under fair use, or public domain.)

Author
Categories Season One

Comments

There are currently no comments on this article.

Comment...

Enter your comment below. Fields marked * are required. You must preview your comment before submitting it.