Friday, January 11, 2019

homelab updates - security onion

I'm sorting through a few IDS issues but I've finally had enough downtime to build a SecurityOnion instance and I'm looking forward to learning more about Snort/Surricata, Bro. and Kibana on this.

I'd initially tried running it on a Udoo x86 SoC device that'd kickstarted but it was woefully underpowered to run everything I needed so I decided to start over.




Specs
Gigabyte Brixx 

I'm a big fan of small form factor PCs for labs because of the size and noise profile. They're lower powered so they make less noise but that's fine for a home lab.

  • 16 Gigs (2x8Gigs) of Hynix SODIMM DDR3L
  • 250 Gig SSD Samsung 860 Evo 
  • USB3.0 Gigabit Ethernet interface for packet capture
  • Netgear GS110TP 8 port gigabit switch providing SPAN interface. 

The only issue that I'm having is with secure boot causing Snort/Surricata to fail because the kernel module PF_RING isn't signed (more info). I will need to eventually disable this in the BIOS/UEFI menu.


Findings/next steps

1. I need to learn to use docker more
2. pipe security onion / bro/snort alerts to my Splunk instance.
3. IOT is really crap at managing SSL certs. A lot of devices like Canary and Roku's phone home to a location that does not have a correctly signed SSL/TLS cert. Just a subset below:


  • CN=digdug.data.roku.com,O=Roku\, Inc.,L=Los Gatos,ST=California,C=US SSL certificate validation failed with (self signed certificate in certificate chain)
  • CN=scribe.logs.roku.com,O=Roku\, Inc.,L=Los Gatos,ST=California,C=US SSL certificate validation failed with (unable to get local issuer certificate)
  • CN=*.canaryis.com,OU=Server,O=Canary Connect\, Inc.,L=New York,ST=New York,C=US SSL certificate validation failed with (self signed certificate in certificate chain)
  • CN=wdcp.microsoft.com,OU=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US SSL certificate validation failed with (unable to get local issuer certificate)
  • CN=configsvc.cs.roku.com,O=Roku Inc.,L=Los Gatos,ST=California,C=US SSL certificate validation failed with (self signed certificate in certificate chain)
  • CN=*.delivery.mp.microsoft.com,OU=DSP,O=Microsoft,L=Redmond,ST=WA,C=US SSL certificate validation failed with (unable to get local issuer certificate)
  • CN=fe2.update.microsoft.com,OU=DSP,O=Microsoft,L=Redmond,ST=WA,C=US SSL certificate validation failed with (unable to get local issuer certificate)
4. I really need to write up a post on the lab. 









Friday, November 16, 2018

my work travel EDC

There are two bits of tech that I make sure that's always in my work bag whether I'm running out to the coffee shop for a change of scenery or when I'm at traveling to the client site. This is beyond the standard cell phone, work laptop(s), and all that other stuff.

The first is a Belkin Power Strip + USB. I've added a short power cable because I've found that it always won't plug into the outlets in conference rooms. Conference rooms never have enough power outlets for laptops and cell phone chargers. The 2 2.1A USB ports are an added bonus so I don't need to carry the little USB chargers. There is a newer model that does 2.4 A USB ports.

Amazon Link - Power strip - $14.99
Amazon Link - Power adapter -  $16.99 for 10

Unless I need a personal laptop, I usually just travel with an iPad Mini with a keyboard. My last iPad Mini had a Logitech keyboard that only protected the screen but this time I opted for a Zagg one because this one would better protect the back and edges of the iPad. This iPad size is a better form factor for reading and handling e-mail. It's also great for watching content from whatever streaming service you have.  The keyboard is pretty good and responsive.

When this is combined with a dongle for Lightning -> HDMI, it makes watching movies in the hotel that much better.  The dongle is pricey, but trust me you'll thank me when you're otherwise stuck watching the content on a smaller screen or be stuck with the options at the hotel. It also does let you charge while using the dongle.

Amazon Link - Zagg Keyboard+ case  - $44.99
Amazon Link - Apple iPad 4 mini - $300
Amazon Link - Apple Lightning / HDMI dongle  $50

Other stuff I'm usually traveling with:

  • Kindle Paperwhite (1st Generation) in a Timbuk2 case - Great battery life and screen quality. I've had it for ages and it's still  alive and kicking. 
  • Anker or an Aukey powerbank - gotta keep those gadgets charged. 
  • If my flight is 2+ hours, I usually travel with my Nura headphones. They've got great sound quality, isolation, and noise cancellation. 
  • If it's a shorter flight, I usually just travel with my Anker bluetooth earbuds that I use in the gym too. 

Tuesday, October 16, 2018

living the best #consultantlife -a series

After spending 6+ months on the road traveling Monday - Thursday or Monday - Friday, I've been slowly tweaking my kit and how I do things to make things easier on the road.  So I'd like to share my tips and tricks, but I'd love to hear other people's.


I'll break it into the following topics:
1. Gear
2. Travel
3. Food and Drink
4. Fitness
5. Misc

Monday, June 19, 2017

Favorite Security podcasts

As I posted a few months ago I listen to a bunch of podcasts. Here are the security/privacy podcasts I listen to:
  1. Sans Internet Storm Daily Networking- It's a short daily update of security issues. It's more focused on vulnerabilities and major hacks. 
  2. Twiet-this week in enterprise tech. I find it more focused from a topic perspective. It does go into other topics being an enterprise tech podcast however it's very clear and concise in describing issues and trends. The presenters are people in industry, SEs, or tech journalists so they share interesting perspectives. 
  3. Enterprise Security Weekly-I started listening to this recently and I've found it to be pretty good and informative.
  4. Intercept-This covers privacy topics and was co-founded by Glenn Greenwald, who is best known as the journalist that Edward Snowden contacted. 
  5. Cigital Silver Bullet-Haven't listened to this in a while.
  6. Down the Security Rabbit Hole-Haven't listened to this in a while.
  7. CERT's Podcast Series: Series for Business Leaders- Haven't listened to this in a while.
  8. Decrypted
  9. Secureabit
  10. Security Now - I find this one to be too long and veers off topic. 

Thursday, March 23, 2017

25 favorite podcasts


  1. WTF
  2. 538
  3. All Songs Considered
  4. Sound Opinions 
  5. DTR from Gimlet
  6. a16z
  7. 50 Things that made the Modern Economy
  8. Tell Me something I don't know
  9. The way I heard it with Mike Rowe
  10. The Ezra Klein Show
  11. Planet Money
  12. Sans Internet storm center
  13. Food Chain
  14. The Moth
  15. Radio Lab
  16. This American Life
  17. This is only a test
  18. The Axe File with David Axelrod
  19. The Tim Feriss show
  20. Radio Lab presents more perfect
  21. Freakonomics
  22. Wait Wait don't tell me
  23. Curious City 
  24. How I built this
  25. Wired spoken editions


Tuesday, March 7, 2017

#trypod recommendations

This post started as a list of recommendations but then I realized how many podcasts I listen to Below is a partial list of my subscribed list. I got part way through and realized that I don't listen to all of these regularly. So I'll start posting about my favorites with a short blurb why I like them.
  1. Accidental Tech Podcast
  2. The Vergecast
  3. Harry Potter Podcast- last update 2011
  4. Fidelity Investment Insights
  5. Tiny Desk Concerts
  6. Indivisible
  7. 5 on 45
  8. Dear Sugar
  9. In the dark
  10. Vice
  11. Pop Culture Happy Hour
  12. Intercepted Jeremy Scahill
  13. Enterprise Security Weekly (audio)

Tuesday, February 14, 2017

Finsix Dart- a product review

I recently picked up a Finsix Dart from Massdrop because I've got 3 laptops and travel a bit for work and pleasure. I remember seeing the IndieGoGo campaign but I missed out on it.  Seeing it was at a decent price at Massdrop, I picked it up.  Bottomline there are some pluses and minuses but check their website to see your if your laptop is compatible.

Pros

  • One of the things Finsix says is the charger as small. It really is small. It's the size of a USB cigarette light power adapter.
  • It has a USB port on it. I'm really surprised more laptop power bricks don't have one. It makes it easy to charge a phone or battery pack. It is a 2v USB port so it'll charge at the same speed as an iPhone or iPad charger. 
  • It's really easy to use, after all it's a laptop power brick so it better be easy to use. 
Con

  • It's not able to power one of my laptops that has a power draw of > 65w. This was my primary reason for the purchase. 

Con(but not for me)

  • Doesn't work with Apple products.