IT BS thread

We have zero plans to upgrade to Win11 until it gets through DISA testing. Maybe 2023.

 

*cries in IoT*

 

We're getting ready to have a staff meeting, and we have guest speakers from our mobile and endpoint security department.

I'm introducing them.

"It is my pleasure to introduce (Tom, Dick, and Harry) from Mobile and Endpoint Security. Your computers know them from such hits as "why won't this black-listed software install?" and "does this file look infected to you?" and they're here to lead off the meeting and talk about ad-hoc vulnerability scanning. Gentlemen, the floor is yours!"

 

OK, this ad-hoc scanning team is the shit. We're constantly arguing with the authorizing official (who doesn't like to accept risk) that vulnerabilities are remediated quickly and effectively.

Waiting for the next schedule scan is a pain in the ass.

Plus these guys are feeding the sysads detailed instructions (like an IAVA) on how specifically to remediate the vulnerability, both Windows and RHEL 6/7/8.

Great work, great team. We are making them our friends.

 

I haven't checked on this thread in a while, but a wifi mesh might be a solution for you, as well. We have a really long ranch house and the mesh gives great coverage, even out to my workshed, which is a good fifty feet from the house.

As for getting said wifi on the desktop, I have had really good luck with these.

$30 BrosTrend 1200Mbps Long Range USB WiFi Adapter for PC Desktop Laptop of Windows 11/10/8.1/8/7, Wireless Adapter Dual Band 2.4GHz 300Mbps + 5GHz 867Mbps, 2X 5dBi High Gain Antennas, USB 3.0 Cradle

https://www.amazon.com/gp/product/B01IEU7UZ0?ie=UTF8

 

We actually setup the computer and realized it has a wifi card in it. Connected up just fine, go figure! We tried out a couple TPLink powerlines (one with wifi and one without) and then realized this. One of those moments. She thought the wifi down there was no bueno since her phone has connection issues down there, the computer is the furthest it could be in our house from my Unifi AP and works fine. Must be her phone

 

IMO, mesh systems are fine for regular browsing, but what we've seen when using all day work VPN it's a no Bueno here. All sorts of reliability issues.

I use an older router in my office that is wired to my main router and acts like a Bridge. (House is wired.) Then I end up running about 4 devices if not more off of the bridge wifi/wired.

 

Thanks, Bob. My experience has been totally different. I took up the idea of a mesh for my situation, and it has been great for coverage throughout the house, and even to out buildings away from the house. We have a long house, and our regular ole home use router didn't have the punch to get through all the walls.

My VPN connection has been somewhat spotty here and there, but I am sure it is more of a matter of how many people are trying to use VPN and RDP than my connectivity.

 

This made me laugh way too hard.

 

I've found our Forticlient VPN is pretty sensitive to less than perfect network connections. When we were remote, we had a few people getting booted quite a bit on a wireless connection but when they used a wired connection instead it was rock solid.

 

I'm sitting on interview panels all day for a supervisor leading our web application firewall and scanning team, and just met a lady whose CISSP is old enough to vote...and next year is old enough to drink.

Holy shit.

Mine can't vote until 2024.

That test then was fucking HARD - half of it was using the Rainbow Series to lock a application system down and the various strengths and weaknesses of encryption systems. All 10 domains - physical security being the easiest. I only passed it because I worked in a unit that literally built network security tools...and even then our officers had a hard time passing the test (Academy grads - whatchagonnado?).

Mad respect. I hope she gets the position.

 

My daughter just graduated with an IT degree and has an interest in security. I suggested getting a CISSP to open some doors. What good resources are out there to learn and prep?

 

Sounds like they're just a paper CISSP. No experience at all.

I wouldn't trust any CISSP unless they had 7-10yrs experience in a real environment.

 

Move in here: https://www.isc2.org/

If ISC2 doesn't recommend or recognize it, it isn't good enough. This is also a more managerial certification - 500-foot view and not the 5-foot one that a technician would have.

There are also good entry-level certs that are easier to pass (but still challenging) and help build up to a CISSP. I have several employees that are trying for CISSP out of the gate and aren't passing. What they ARE passing are CAP, SSCP, Sec+, CCSP, CISM, and CISA. Think of it like a ladder - and the CISSP is the top of the ladder.

Sec+ is probably the easiest
CAP is a low-level focus on security authorization - proving that your system complies with legal guidance and audit requirements.
SSCP is a low-level focus on security administration - for a technician who maintains firewalls, IDS/IPS, scanners, SIEM tools, etc.
CCSP is a focus on cloud-system security - it is the fastest growing in-demand cert out there now because of the shift toward cloud-hosting models.
CISA is focused on auditing
CISM is focused on management of security tools and professionals

This site has a great breakdown on job roles and the salary ranges that best match up to the certs, so perhaps she should look at the role she wants most and pick a cert to match.
https://www.coursera.org/articles/popular-cybersecurity-certifications

As a supervisor and hiring manager, I tend to look at degrees and certifications. I tend to lean more toward operational experience and certifications over degrees. I've met a lot of educated idiots, but I've met only 2 people with the certifications who couldn't do the job. Some roles in security need deep-diving experts to succeed, while others work best with someone with a very broad knowledge and skill set that understands all aspects (in order to prove legal compliance). Our field doesn't have near enough folks to fill either role, so whatever she picks I'm sure she'll have more than her share of opportunities to excel in.

 

Thank you, sir, great info! I know our InfoSec folks are challenged with filling roles, and I have asked around, but everyone says CISSP. That's probably overkill to expect someone straight out of school to have.

 

It is. We had people look at the 8570 requirements list, see CISSP at the top, and they all went for it. Even though their role was Sec+. We ended up with 4 SNCO CISSP deployment positions...and about 25 SNCO CISSPs to be able to fill them. As a result I kept going back out...and going back out...and dropping retirement paperwork early because 7 deployments is enough.

 

With a couple of exceptions, our infosec folks read reports and send those reports to the people who actually make changes to improve security. To me, it's better to just do it right in the first place, when you build it, lock it down, harden it up, so you don't need to get the report in the first place.

 

We've got our grubby little paws in all kinds of fields, but an area I largely support is medical, and that tends to stay petty tightly focused with minimal fingers in the pot, so to speak, mostly due to HIPAA. We have discussed and probably will do something very similar in the near future with dedicated teams. I have opinions about it.