Packet Threat Analysis

Everyone needs to do some housekeeping at different points, and I figured it was time I did some a basic security sweep of my setup. To get started, I performed a quick packet capture on the very server that hosts this blog. I decided to give one of CloudShark's newer and more distinct features a spin with my recently created account; their Threat Assessment tool. I thought it would be interesting to pit this against PacketTotal as well. These are both great tools with similar, but also different purposes. At the time, I had SSH and web ports open along with a few other unused ports for various common services. The only true security measure in place was a few basic iptables rules.   CloudShark What I Liked: Up front, quick severity level rating dashboard Brief descriptions of issues which helps puts everything in laymen's terms World map view Privacy settings ...
Read More

Password Management

What's that yellow sticky note poking out from under your keyboard? Is that your password? If you're like many people this may be the case. While this may be practical and convenient, it's not a good idea. It might be ok in the privacy of your own home, but it can still be risky. Privacy and security (online safety) is all about managing your risks and deciding what is right for you. If you would like suggestions on how to better handle your passwords (yes, I used the plural form) and manage your risk read on for my thoughts and experience. I'll start with the risks of poor password management then provide a couple of solutions and resources to check your password strength. Risks Obviously, your passwords are your virtual keys. Unlike traditional keys, though, they aren't safely tucked in your pocket. They are either in your head, written down, or saved electronically. There advantages and disadvantages to each of those methods...
Read More

Online Privacy

A couple of years ago I had the privilege of attending a seminar about electronic privacy and security led by former FBI computer crimes investigator Michael Bazzell. If this is your first time hearing that name or digging into this topic I highly encourage you to visit his websites, listen to his podcasts, and/or read his book. His blog is a great place to start. You can find it here: https://computercrimeinfo.com/wp/. During his presentation he explained the many ways our private information is obtained without our consent; either through social engineering, data mining, or outright hacking. At the end of the presentation, he even gave a live demonstration showing a wifi pineapple device that he setup earlier in the day to spoof the guest wifi of the facility. In doing so, he collected personal information from a handful of smartphones in the room (including pictures, web sites visited during the presentation, and more). Needless to say, I was impressed with his...
Read More

Cisco Meraki Security Appliance

Note: I apologize for the loss of the screen shots. When I transferred my blog host the images were lost and I did not yet have a backup copy. Being that I actually enjoy networking and it's not just a job, I like to explore new and different technologies. I also like to continue to learn and branch into areas where I'm not as comfortable. One of these areas being firewalls. In my personal life, I have typically used my home routers with their built-in firewall capabilities (though I have my eye on Sophos). Professionally, I have had very limited experience with Cisco ASAs and Bluecoat devices. However, I recently became aware of a free trial program provided by Cisco Meraki (more info here). I found that I fulfilled the requirements and decided that a little learning couldn't hurt, so I signed up for the webinar. A short time later the trial appliance arrived. Before I let my coworkers in on...
Read More