So, can... anyone help me?

FaunCB · January 15, 2018, 2:18am

I’d join :U

anon79053375 · January 15, 2018, 2:26am

Chris Sanders has a book that is phenomenal. He has a few, actually, but the one I am referring to is Practical Packet Analysis. He uses Wireshark for a lot of the exercises in the book, and provides really great instruction.

Dude is a beast when it comes to Blue Team.

Please do! I’ve been mulling around various blog ideas for a long time. Just don’t have the balls to start out on my own

ropestretcher · January 15, 2018, 2:37am

Great pointer for a resource. Thanks for that! Looks like it is perhaps soon to be difficult to find.Strike while the iron is hot.

Dexter_Kane · January 15, 2018, 2:53am

Off topic but does your switch have support port mirroring? Because if it does you can mirror the ports connected to your router (stick the switch in between the modem and router on an isolated vlan or something) and run wireshark on the mirrored port. That way you can get real time monitoring without doing anything to the router.

FaunCB · January 15, 2018, 3:00am

I can start it if you want lol.

ropestretcher · January 15, 2018, 3:05am

Wouldn’t it be more helpful initially on the exsting Linux channel. The setup, initial detail, what to look for that is important, what is fluff (std i/o) that can be skimmed eventually, triggers to be set, and then all the really good bits like the sweetness that @Dexter_Kane just dropped. (nice one - seriously)

That is what our OP is looking for … yeah?

Shadowbane · January 15, 2018, 4:42am

I see I need to clarify some of my statement. Ok I don’t have a L3 switch, at least not yet, it’s on my to do list along with wireing the house for Ethnet. What I have right now is what I referred to as a combo device which is acting like a L3 switch if I understand correctly how a L3 switch works, a modum, and WIFI device,which is how most of my family connects to the network.

please excuse the few misspelled words I am trying g this message out on my tablet, so I don’t wake up the whole house by using my computer. I swish you could attach a full size keyboard to a tablet it sure would make typing so much easyer.

Shadowbane · January 15, 2018, 5:22am

While you are correct at least in the United States, what is napping to @sumidor063 is a crime if commited by any one other then the owner of the building network or owner of the building the only thing the Police can do is take incident report, unless you can prove who is doing this to you. Then maybe you can have charged filed against them. As it has already been pointed out by this community it probably is a kid fooling around, but the little brat should be taught a hard lesson for his own good. I hope you catch the little snot.I

Dexter_Kane · January 15, 2018, 5:23am

Any managed switch with port mirroring would do, or you could set up a pc with a bridge in whatever port you want to look at, but a switch with port mirroring makes it a lot easier/cheaper/flexible.

Should be able to, Bluetooth will definitely work, otherwise usb would probably work with an adapter.

risk · January 15, 2018, 6:19am

Does anyone know of a checklist containing best practices for security?

Things like,

never log in from a shared computer
never use the same password for different things
never run software from sources you don’t trust
never run or open unexpected email attachment
enable always show extension
encrypt your drives and phones so you can take them to repair safely
don’t tell others your passwords
don’t enable file sharing over internet
run periodic malware scans using reputable software
don’t use flash drives
…

… that sort of thing checklist.

Something that’s widely applicable and doesn’t require a full time admin to maintain an IDS with a CA and so on.

Marten · January 15, 2018, 7:13am

If it was me and I was interested in following it further. I would boot a live linux and dd and image of your boot drive to test and monitor within a VM.

Format and reinstall asap and change passwords as stated above. It all good info on this thread.

Eden · January 15, 2018, 9:59am

There are a number of us here.

Shadowbane · January 15, 2018, 5:32pm

There are A few things I would add, which to me are more like common sense.

Disable cookies
Never Let your Web browser’s save your password
Disable the AutoFill feature in web browser’s
Never share personal Information on the Internet
Never visit websites that encourage criminal activity
Never visit porn sites

That is the only thing else I can think of off the top of my head, if anyone else can think of more please share. I think the rest of us would be interested.

anon79053375 · January 15, 2018, 6:44pm

I included some of those in the link below. Let me know what you guys think! @Eden @ropestretcher @Linuxephus @risk

Information Security Primer Blog

So, you’ve decided to go down the path of Information Security, eh? Rather than get banned from /r/netsec for asking “H0w doe ! get n2 P3nt3$$ting???” – You decided to frequent your community of Level 1 Techs for expert advice. Instead, you found this :smiley: Welcome to my Information Security primer. Now, I say my Information Security primer, what I really mean is my introduction. I would like this to be a living document, something that the L1T community can actively contribute to, and eventually it will evolve into something that rivals that of Carlos Perez and Chris Sanders! If you don’t know who they are, don’t sweat it. If you prefer books, real advice, or Podcasts, check out the list at the end of this post. Otherwise, keep reading! :smiley: Useful Tips for Beginner: Never log in to your accounts on a shared computer. Use different passwords/different patterns. For exampe: Say your password is C@nt4@ckM3! You put in a lot of work making this password, but you don’t trust password managers and you don’t want to spend time and energy making 40 different passwords for all of your accounts. So, what do you do? Break the domain and the password in half, and concatenate the halves. C@nt4Level1@ckME!Techs is your new password. Ridiculous? Too long to type every time? Welcome to infosec :wink: Don’t blindly trust scripts and software. explainshell.com and virustotal.com are great for looking at something iffy. These are not failsafes, though. Windows and Linux are not foolproof, no matter how much hardening you think you have done. YOU are the best antivirus. Never share your passwords with anyone. NO ONE. A vendor (Blizzard, Steam, Microsoft), a coworker, or someone in your I.T. Department. Forget it. If you need to have something serviced and have no choice, reset your password to something temporary before giving it over. Do not Trust hardware. If you find something in the street, don’t plug it in to your computer. Resist! Anything from USB…

Linuxephus · January 15, 2018, 7:43pm

Ah, thank God. New account post restriction removed after all. More than likely thanks to @FaunCB.
Meanwhile, in related news: Time to catch up on what I can now reply to.

Linuxephus · January 15, 2018, 8:25pm

Already addressed on a broader scale via Inbox discussion. No real need for me to repost at this juncture of the conversation due to irrelevance as the thread has evolved beyond the original subject material with excellent Community input at large.

Linuxephus · January 15, 2018, 8:27pm

One could always go that route as well, truth be told, yes. But from personal experience it adds more complication to the setup. Which in turn adds the probability of more items to go wrong versus a more simple, direct approach that leaves a lower probability of items going wrong and thus needing recalibration. I understand that installing directly to the source (router/modem) directly filters at that point, yes. I don’t believe I’ve actually read, ever, of Wireshark being directly installed to a router/modem in all my years of attending the World Wide Web without exception. On a technical level, I believe it can be done (apparently all of those certificates stuffed away in mine oh so tidy drawer are doing naught but collecting dust after all) while accessing the setup via the proper packet capturing software and corresponding driver module installed on the workstation itself. Hence that particular setup being needlessly complicated versus Wireshark from the first day of it’s inception being designed for installation at the workstation level and monitoring of connections through said workstation’s locale. Which is why I’ve always installed that software directly to the operating system used with no degradation of data filtered to the extent that a red flag event results in a system compromise at the source or connected devices. The only real overhead is negligible simply by virtue of a majority of White Hats, Grey Hats, Black Hats and Pentesters installing a single instance to the operating system itself and performance remains true to form by the very fact of the data sets given.

Footnote: I may have to Dedoimedo that one if need be.

Linuxephus · January 15, 2018, 8:29pm

@anon79053375: Methinks a majority of the information looks perfectly feasible and functional based upon the information given for The Reader at large.

Baz · January 15, 2018, 10:57pm

+1 For the sec blog thingy, a while back we beta tested a community wiki (security was one topic) but that’s been long since dead, would be great to document something that would be more permanent than a forum topic.

EDIT: I could contribute on the topic about SELinux if/when MAC/RBAC/TE is on the plate.

Linuxephus · January 15, 2018, 11:05pm

Should be still relevant on a basics agenda depending upon how old the wiki is. And what happened to such extent that it merely died out? Lack of further input would be my guess.