@scottalanmiller said in Introduction to IP - CompTIA Network+ N10-007 Prof Messer:

Humans do tend to get confused a bit on ports. Here are some things why...

• TCP and UDP have the same port ranges but are different protocols and TCP ports are unrelated to UDP ports. So TCP Port 22 can be doing one thing and UDP port 22 something totally different.
• Ports under 1024 are traditionally designated by the operating system as protected and require admin level to open. Ports at 1024 or higher can be opened by anyone. But that is an operating system thing, not a networking thing. But important to know.
• TCP and UDP are not the only protocols and not every situation has a port. ICMP doesn't use TCP or UDP and does not use ports at all, for example.
• TCP is connection based, UDP is connectionless. So people often get confused with UDP because you can't "open a connection" to see if it is working. Even people with 20 years of experience forget this constantly and fail to troubleshoot.

I'll tell you a UDP joke, but I'm not sure you'd get it.
Might tell you another UDP joke, but I'm not sure you'd get that either.
But then, I'll tell you a TCP joke, and I know you'll get that one.

Yesterday, at about 4pm EST, one of our engineers at NTG was notified by a client that our website was inaccessible. After some tests from several locations, we found he was right- all that came up was a blank page. So three of us dive into VSphere and jump into a Lync conference call with a screen share to determine what it happening. We jump into console access to the server and start digging into a the files that are our website. The first line bunch of lines is just one huge block of garbled text. After scrolling a little lower, we run into a line that states '//Silence is Golden.' Yup, we got hacked.

We pull out this text and keep going to see the extent of the damage. 'Sheesh, the site is running slow. What is going on in here?' After doing some looking, we realize that there are over 36 thousand emails queued to be sent out just sending back rejection errors due to being flagged spam. Okay, time to do some rollbacks. What all is on here?

A database for the hosting. apparently. Since databases don't really play well with external backups, we do some file level restores on our sites, disable postfix, and write up the problems to be looked at when we have the authority to do a full scale baremetal restore after backing up that database. How far back can we go?

Unitrends has been passed through several hands and setups over time by the time we got here. We can't find a solid retention policy and have difficulty finding a decent backup. We can go as far back as a month, so that is what we do. We look back into some of the files for our website and there are traces of the infection being already in there. Luckily, we do not store sensitive data there,nor do we ask for sensitive data there, so nothing was ever compromised on that end.

In conclusion, we had a website that had been compromised for a little while, a server acting as a spambot, questionable backups, and a large headache. Let this serve as a warning to us all on what happens when you think you can just set it and forget it. Do not forget to give your machines and servers a once-over every once in a while

@dustinb3403 said in Miscellaneous Tech News:

@danp that still counts as broken in my world. If the people developing the software don't understand how to use the tools they need to develop the software. . . well then there is a break there. .

Let this be a lesson to everyone who is writing scripts and programming...
COMMENT YOUR CODE.

Sometimes I have difficulty finding the proper line between helping out a friend and servicing their technology. I mean, sure, a lot of it is pretty straightforward. Can't figure out how to send an email? I'll help you. Obliterated your TCP/IP settings and uninstalled the drivers for your network adapter because 'I don't use an adapter for anything?' That will cost you.

What about everything in between? Do you guys have a line in your head where you will not cross as then you may be trapped in the endless game of 'Hey, can you help me out?' If so, where is that line?

This sounds very sketchy offhand. Sorry, I don't mean offense, but can you give us some background on why you need this?

I am looking to jump into Software Development, Web Dev, essentially anything that requires writing code. I've got a decent amount of languages under my belt already and have done a couple projects before now, but not too much as far as applicable experience to put on a resume. Do you guys have any tips for me for a good way to get into this? One of the big roadblocks I run into is that once I start learning a language, I have no direct application for it to be able to sustain what I learn.

Just picking the brain of the community.

I'm expecting to be able to make it. Gotta wait until I get vacation time in January to really be able to plan my year out lol

It also got approval from Steve Gibson- http://blog.lastpass.com/2010/07/lastpass-gets-green-light-from-security.html

Lastpass is my go-to utility for management. I can't really imagine going without it nowadays.

Pull up your General Settings page, and under dialing options make sure to add Ww to both options fields if not already there. This might clear this up for you.

Okay, a little bit of a rant. Just had to edit a holiday schedule for a customer and help them record a greeting for being closed for said holiday...

Have IE11 which usually has to be used because it doesnt load the scripts properly in chrome. Well, that stopped working due to security issues with the call manager. Okay... Download Firefox, turn off some security settings that it yells about, and boom. I'm in...

Okay, let's check out the recording. you need java to run this Damn. Alright. Download and install Java...

Okay, now let's try again. security issue: this applet doesn't meet the requirements for high or very high security and has been blocked. Really?! Okay. Reconfigure Java to allow exemptions. Reconfigure again because it didn't like taking IP's very well...

This entire process took half an hour. and all because of antiquated UI's with poor security, and if I recall right there's Cisco Call Manager, and also there's a lot of bank UI's that require certain versions of Java, and only run in IE. When did any of this become okay to just let sit idle like this and everyone be like "Yeah, that's just how it is."?! Are these applications just going to continue to callously disregard security because "Oh, well, it shouldn't matter in an internal environment or with all of these other security checks in place."? To the point where we have developed full workarounds as standards to accessing these things?
</rant>

Just looking to hear your thoughts on this. I know at least a handful of you have ran into things like this.

@JaredBusch said in Running Filebeat on ARM:

@FiyaFly said in Running Filebeat on ARM:

Take a look at what the system comes with. From a quick check, I'm almost certain both CentOS and Fedora ship with rsyslog, which would lead me to believe that the Pi would have that or something very similar. If not, rsyslog does at least have an ARM package.

Pi runs Debian.

Yeah, I don't have any debian-based systems I can check right now, but I know it still has the mechanism built-in. Just might not be rsyslog.

I think my approach to this would be this: Keep your endpoints simple.

Take a look at what the system comes with. From a quick check, I'm almost certain both CentOS and Fedora ship with rsyslog, which would lead me to believe that the Pi would have that or something very similar. If not, rsyslog does at least have an ARM package.

That native syslog package should almost certainly have the capability to send it's messages (or generally any you might want to specify) to a remote server. I would configure that to push out to a remote server of your choice and do any parsing, filtering, or manipulating server-side. That way you don't have to worry about keeping a package up to date, or ensuring you have a system/application specific configuration. The generic config you'll end up with can, in theory, be applied to anything running linux.

Hope this helps.

@scottalanmiller said in Introduction to IP - CompTIA Network+ N10-007 Prof Messer:

Humans do tend to get confused a bit on ports. Here are some things why...

• TCP and UDP have the same port ranges but are different protocols and TCP ports are unrelated to UDP ports. So TCP Port 22 can be doing one thing and UDP port 22 something totally different.
• Ports under 1024 are traditionally designated by the operating system as protected and require admin level to open. Ports at 1024 or higher can be opened by anyone. But that is an operating system thing, not a networking thing. But important to know.
• TCP and UDP are not the only protocols and not every situation has a port. ICMP doesn't use TCP or UDP and does not use ports at all, for example.
• TCP is connection based, UDP is connectionless. So people often get confused with UDP because you can't "open a connection" to see if it is working. Even people with 20 years of experience forget this constantly and fail to troubleshoot.

I'll tell you a UDP joke, but I'm not sure you'd get it.
Might tell you another UDP joke, but I'm not sure you'd get that either.
But then, I'll tell you a TCP joke, and I know you'll get that one.

@FiyaFly said in Github for code storage:

@scottalanmiller said in Github for code storage:

@FiyaFly said in Github for code storage:

I've been using Bitbucket for private repos, and I didn't run into any issues with them, but man I scoured a year ago trying to find the best alternatives because I didn't want to pay for Github. This is awesome.

Why not GitLab which has always been free, and is totally open source?

It was long enough ago that I would have to review my notes, but I think it had to do with data encryption, and at the time I saw BitBucket had a plugin for that.

If memory serves, that plugin actually didn't work, and I never had the time nor energy to go on another hunt. Was attempting to adhere to data encryption standards here at work because some of my stuff might have identifiable information in it.

Also a lot of things have changed since then, and even with this new advent, I'll still have to review where things stand with requirements, desires, and focus.

Currently I mostly use the private repo for my notes storage on my general tasks. Originally it was a factor of I was just getting into using Git for anything and wanted to ensure I had a backup of my notes somewhere. This was not something
my employer would participate in, and almost certainly my boss would have rejected my request for approval, mostly for arbitrary reasons. Since I certainly have 'sensitive' information in my notes, I wanted to ensure that I stayed properly aligned with any and all compliances that may have applied.

Since then... those aren't details to get into on a post, but suffice it to say I have the most care for those compliances in my department.

@scottalanmiller said in Github for code storage:

@FiyaFly said in Github for code storage:

I've been using Bitbucket for private repos, and I didn't run into any issues with them, but man I scoured a year ago trying to find the best alternatives because I didn't want to pay for Github. This is awesome.

Why not GitLab which has always been free, and is totally open source?

It was long enough ago that I would have to review my notes, but I think it had to do with data encryption, and at the time I saw BitBucket had a plugin for that.

If memory serves, that plugin actually didn't work, and I never had the time nor energy to go on another hunt. Was attempting to adhere to data encryption standards here at work because some of my stuff might have identifiable information in it.

@JaredBusch said in Github for code storage:

@Danp said in Github for code storage:

@DustinB3403 said in Github for code storage:

You could of course use a paid account with Github and have private repositories

I think this changed a while back so that you can create private repos on GH using a free account.

January 2019, after Microsoft purchased them.

I'm late both to the post and the update, but this is the first I read about this, and am now very, very excited.

I've been using Bitbucket for private repos, and I didn't run into any issues with them, but man I scoured a year ago trying to find the best alternatives because I didn't want to pay for Github. This is awesome.

@DustinB3403 said in Why IT Builds a House of Cards:

Just to necro this thread, how would someone in IT actually get the business to see and understand these risks? I've tried this, explained in full detail the chances taken and I get a "thank you for telling us, but let's stay the course" sorts of responses.

Thanks for the necro. Get greeted with a comment I didn't recall making, just to look at the date 2 1/2 years ago. lol.

Then, on a second note, this article legitimately applies to me today.

@wrx7m said in Creating a Shortcut for Chrome Incognito with Proxy Settings:

I am trying to see if I can use PS to create the shortcuts. Not sure how to get this path to work with the quotes it needs.

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --incognito --proxy-server=squid1.domain.com:3128 --user-data-dir="%LOCALAPPDATA%\Google\Squid1\User Data"

This is the template I am using.

# Create a Shortcut with Windows PowerShell
$TargetFile = "$env:SystemRoot\System32\notepad.exe"
$ShortcutFile = "$env:Public\Desktop\Notepad.lnk"
$WScriptShell = New-Object -ComObject WScript.Shell
$Shortcut = $WScriptShell.CreateShortcut($ShortcutFile)
$Shortcut.TargetPath = $TargetFile
$Shortcut.Save()

Took me a minute, but got it working. The template you are using doesn't account for arguments. Give this a shot:

$TargetFile = "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
$args = '--incognito --proxy-server=squid1.domain.com:3128 --user-data-dir="%LOCALAPPDATA%\Google\Squid1\User Data"'
$ShortcutFile = "$env:UserProfile\Desktop\chrome1.lnk"
$WScriptShell = New-Object -ComObject WScript.Shell
$Shortcut = $WScriptShell.CreateShortcut($ShortcutFile)
$Shortcut.TargetPath = $TargetFile
$Shortcut.Arguments = $args
$Shortcut.Save()

IBM Bought RedHat:
https://newsroom.ibm.com/2018-10-28-IBM-To-Acquire-Red-Hat-Completely-Changing-The-Cloud-Landscape-And-Becoming-Worlds-1-Hybrid-Cloud-Provider

I plan to. However, I'm still learning the whole process for a local root CA and have hundreds of projects that are currently higher priority so I haven't had time to look into it.