Posts by robertcc@infosec.exchange
 (DIR) Post #9gblduEtYaz6O6FSAy by robertcc@infosec.exchange
       2019-03-09T22:18:54Z
       
       0 likes, 0 repeats
       
       @leip4Ier I've always felt weird about toggling auto-rotation on when I want it. I frequently don't.
       
 (DIR) Post #9gc45iH1R9jSYmeV6G by robertcc@infosec.exchange
       2019-03-10T01:45:37Z
       
       0 likes, 0 repeats
       
       The spam prevention options look pretty dismal right now, don't they? Do whatever's going to be the easiest on your admin-time! I certainly appreciate you running this, as do a lot of us I wager.
       
 (DIR) Post #9gsDpecdLwp0fm6Jpg by robertcc@infosec.exchange
       2019-03-17T20:50:07Z
       
       0 likes, 0 repeats
       
       @jerry Thank you, Jerry!
       
 (DIR) Post #9haSHS19uZcx7Tr2KO by robertcc@infosec.exchange
       2019-04-08T04:59:18Z
       
       0 likes, 0 repeats
       
       @jerry Nah, you're good!
       
 (DIR) Post #9hmRgsb2See8jaiY0u by robertcc@infosec.exchange
       2019-04-13T23:49:14Z
       
       0 likes, 0 repeats
       
       @jerry I just swapped out a few Mikrotik APs for a big Unifi one, and I'm quite happy. I don't think I can replace my Sophos Home UTM VMs though.
       
 (DIR) Post #9hmXXTA4G3tAy3zwcS by robertcc@infosec.exchange
       2019-04-14T00:54:46Z
       
       0 likes, 0 repeats
       
       @jerry I guess it depends on what you're covering--that should be good for a solid block!
       
 (DIR) Post #9howrrkHS1UkAxg90y by robertcc@infosec.exchange
       2019-04-15T04:47:59Z
       
       0 likes, 0 repeats
       
       @jerry Oh man, if I have to have another conversation with an entity that really wants to invest in SOAR but can't manage fundamental patching, I'm going to buy a hat to eat.
       
 (DIR) Post #9jG9Z0vTBeOworAWHY by robertcc@infosec.exchange
       2019-05-28T05:39:35Z
       
       0 likes, 0 repeats
       
       @R10T Do you like the NoStarchPress stuff? I've found them a bit variable. (Not these specifically, just in general.)
       
 (DIR) Post #9jGWThqkyv0b9bP0QC by robertcc@infosec.exchange
       2019-05-28T05:38:23Z
       
       0 likes, 1 repeats
       
       Does anyone have any experience with either Kolab or KolabNow? I'm looking at my private e-mail options.
       
 (DIR) Post #9lzTWDKmKkKMJ9ylYu by robertcc@infosec.exchange
       2019-08-17T22:09:22Z
       
       0 likes, 0 repeats
       
       @jerry that's not how cats work!
       
 (DIR) Post #9o7esm4N68DFAdb0mO by robertcc@infosec.exchange
       2019-10-20T16:38:31Z
       
       0 likes, 0 repeats
       
       @piks3l In a SOC, yep!
       
 (DIR) Post #9oIJ9gY2opQIiTh1xw by robertcc@infosec.exchange
       2019-10-25T19:56:55Z
       
       0 likes, 0 repeats
       
       @piks3l oh boy, DNS.Provisional answer: yes.Long answer: more than I can talk about at present. DNS is absolutely vital and there are extremely interesting implementation and architecture choices that can dramatically improve collection. I am not quite ready to go into it deeply but will post here more when some stuff gets under way!
       
 (DIR) Post #9pqerGHcu3E7YEcljk by robertcc@infosec.exchange
       2019-12-11T07:32:22Z
       
       0 likes, 0 repeats
       
       @piks3l I still run across some Cisco jabber stuff occasionally.
       
 (DIR) Post #9rhjyCpC3YBbO2AxV2 by robertcc@infosec.exchange
       2020-02-04T20:01:31Z
       
       0 likes, 0 repeats
       
       @r000t @garrett Yeah, not anymore. Nevermind the quite robust other onprem offerings available now, plenty of those workloads can and should be in a cloud.
       
 (DIR) Post #9voI1I9EvvkkAslZ5M by robertcc@infosec.exchange
       2020-06-06T15:19:42Z
       
       0 likes, 0 repeats
       
       @leip4Ier SDN or, depending on how you want to stretch the definitions, proxies I wager. Take a look at something like zerotier, for instance--SDN made easy.The only downside for general browsing use is it's best practice for services to block client traffic from AWS since it shouldn't typically be an originator of web browsing. I don't think that's widespread though.
       
 (DIR) Post #9voIQXBUAMRe32qxMW by robertcc@infosec.exchange
       2020-06-06T15:24:17Z
       
       0 likes, 0 repeats
       
       @leip4Ier Does your DoH provider also allow IP-based lookup over https? I am still getting into secure DND and just setup cloudflared on my piholes, but the lookup there didn't rely on unencrypted DNS, so that seems odd.
       
 (DIR) Post #9voJj0ugTNyZPxMzxY by robertcc@infosec.exchange
       2020-06-06T15:38:50Z
       
       0 likes, 0 repeats
       
       @leip4Ier Yeah I have been driving into the DoH vs DoT fight myself to see what's going on. It's quite a mess we've made.Thank you for the information. Key management makes sense certainly. My experience has this far only been with cloudflare which does seem to require only IP but you also run a custom daemon to do some heavy lifting and validation I wager.
       
 (DIR) Post #9voJoiqKZQpn6y3WK0 by robertcc@infosec.exchange
       2020-06-06T15:39:51Z
       
       0 likes, 0 repeats
       
       @leip4Ier When I did this whole setup and blocked DNS at the border I found that Google devices started getting snickety, by the by. I actually internally NATed all calls to 8.8.8.8 and 8.8.4.4 to my resolvers, which solved it. Just in case!
       
 (DIR) Post #9voKdlkPWzgct8cz0S by robertcc@infosec.exchange
       2020-06-06T15:49:06Z
       
       0 likes, 0 repeats
       
       @leip4Ier I wanted to share because the symptoms were NOT obvious and forthcoming. So if I can save headache I will, gladly!
       
 (DIR) Post #9voZczQYgPqgL2Qcc4 by robertcc@infosec.exchange
       2020-06-06T18:37:01Z
       
       0 likes, 0 repeats
       
       @leip4Ier I was just intrigued why my Google devices were happily taking my local resolvers from DHCP but still running their own queries against the Google DNS servers, and never found a really satisfactory answer. They Just Do!