/nsg/ - Network Security General

bomp

Bump. I've been doing over the wire and binging through cybrary vids. Doing the a+ vid series now as I have no prior experience sides cs classes. Is that a good place to start? Btw thanks for the links I'm definitely going to add them to my autistic schedule.

>>58644534
sounds like you are off to a great start

ubumptu

File: Common Lisp Lain.png (95KB, 504x504px) Image search: [Google]

95KB, 504x504px

bump

File: 1479985848517_0.jpg (62KB, 396x691px) Image search: [Google]

62KB, 396x691px

>cyber war game

please stop throwing cyber infront of everything

>>58646547
Stop cyberbullying

>network security
Anyway. Has anyone here done anything with Intel SGX or AMD SME?
I'm thinking of learning some of that.
But frankly AMDs SME seems fairly limited in its use. SGX is super useful on the other hand. At least as far as I can see.

I just don't know where to put my effort because Intel doesn't want to let anyone in it looks like. You need a commercial licence and shit and they don't give them out freely or anything.

>>58646547
Looks like you're not cyber enough to be able to handle the cyber-activity.

Been playing with the witchcraft compiler collection. It blew my mind how it could work with elf binaries from any is and several different CPU archs

>>58646743
anna-senpai is nasty.

File: 1476538253131.gif (3MB, 414x382px) Image search: [Google]

3MB, 414x382px

>Satan being sold on Skiddy Forum #3
>"underground website"
wew

How's your lab looking, /nsg/? Currently only have a pi and some Centrino laptops to play with.

>>58646743
Well at least our smart toilets are safe

>>58647617
it sounds like you already made up your mind

>>58650145
i would use my pi for security onion

>>58650145
20gb's of various skidware, some orange pi's and a whole bunch of Attiny85 boards (arduino) loaded with fun payloads

>>58650145
I have an odroid and plan on setting up an intranet to learn, but with basically 0 knowledge dis gonna get hard.

>>58643099
Is a university degree in computer networking a good career prospect?

>>58652736
Decent as long as you get some certs to go along with it and use your time at university wisely doing things like making connections not just partying 24/7.

>>58644340
>>58644534
>>58645366
>>58646117
>>58650014
kys

>>58652736
make sure you classes are based around work and less theory ask around to find out. on top of that find out if your uni has local a CTF meet up or something along that line. it also helps to pick up C as a programming language

>>58653379
rude

How much math do you need to learn for this compared to programming? Calculus 1/2?

>>58654613
depends on what you want to do, cryptography requires a math degree, programming you'll be fine with calculus, but designing an IDS will require more than what is needed for programming

File: Anti_depressants.jpg (35KB, 640x459px) Image search: [Google]

35KB, 640x459px

>>58654712
Damn... I'm so bad at math.

Respond to this post if you have not done the overthewire bandit wargame

>>58654743
Learn it if you want to, math will always be there together with programming.

File: 1474951464390.jpg (75KB, 440x660px) Image search: [Google]

75KB, 440x660px

>>58654863

>>58655039
n.n

>>58656595
U.U

>>58646547
>cyberimplying

>>58654712
>programming
>calculus
what is this I don't even

I miss seeing Lain everywhere on /g/

File: 9Exp5lv.png (2MB, 1520x1080px) Image search: [Google]

2MB, 1520x1080px

>>58658128

File: 1485242161331.gif (252KB, 838x650px) Image search: [Google]

252KB, 838x650px

>>58658128

File: schoollain.jpg (236KB, 600x635px) Image search: [Google]

236KB, 600x635px

>>58658128

>>58658473
I wonder how this pic was made, would be cool for making an animated Lain wallpaper.

>>58658056
You should try it out anon.

>>58658128
>>>/c/2827844

File: smallLain2.gif (4KB, 240x300px) Image search: [Google]

4KB, 240x300px

pics they came from this website https://fauux.neocities.org/

drives me crazy finding how to make the same effect

>>58658574
i found out about that site recently lurking a /wsg/ thread

any with minimal *nix experience should try leviathan

File: ssh.png (12KB, 256x256px) Image search: [Google]

12KB, 256x256px

What are the best ways to harden security on a home Linux box facing the internet?

>>58660429
disable root login and use certificate only login

>>58660429
>>58660441
This, and use fail2ban. If you have to use password login, make sure it's a difficult password and not in any password databases, because it will be tested.

Changing to a non-standard port will clean up your logs (you're going to have hundreds of botnet login attempts per hour on port 22 but 0 on any other port) but won't increase the security.

Im using an old netbook to learn how to do some server stuff


ifconfig shows the ethernet interface is enp9s0, when I am downloading somehting, the internet cuts out completely, nothing comes in or out (pings for another machine etc)

any ideas?

>>58660429
Never log in from a Winblows or Mac. Only hardened setups you trust.

>>58660429
>What are the best ways to harden security on a home Linux box facing the internet?

>>58660441
>disable root login and use certificate only login
this, plus disabling services you don't need, is 99% percent of what you need to do

>>58660604
> fail2ban + non-default ports
as said, doesn't increase security by any real degree, but it will make keep your logs near empty, and minimizing distraction is useful in itself

>>58662708
> Never log in from non-hardened setups
unless you're in charge of Hillary Clinton & Friends' cheese pizza delivery service, this is probably overkill.
just use distinct certs for different client devices, and avoid sudo'ing etc. from machines you suspect might have been compromised.

File: bleachbit.jpg (1MB, 2992x2000px) Image search: [Google]

1MB, 2992x2000px

>>58663855
>unless you're in charge of Hillary Clinton & Friends' cheese pizza delivery service, this is probably overkill.

>>58660429

iptables and ip6tables everything.
Then install knock

Bump to give me time to read the thread.

>>58660604
>fail2ban
how 'bout Sshguard? agree about the password, I use keepassx/kpcli password generator

>>58662708
>>58666155
this

>>58666037
kek

>>58643099
>I am dead on the inside Edition
Did you fapped to dead again anon?

>>58670385
nah just feel that way on the come down

>>58658127
what i do you not get

File: Truth.jpg (50KB, 400x296px) Image search: [Google]

50KB, 400x296px

>>58643099
Wow I legit just closed out every thread i was in when i saw this one. OP was not a faggot today! gg.

So i have a stupidly large amount of fucking questions for this topic, and it seems easier to just dump all of them in one stream of post than flood the thread with a billion comments. I'm currently working through a AS in Network Administration, and have about 1 years experience in a professional network environment. I recognize that makes me about as capable/valuable as a potato with a clock plugged into it, but i do in earnest want to learn/do more than I am now.

>My current life situation won't allow me to pursue a bachelor's, or a master's degree in computer science. It sucks but it's my own damn fault, so that said I want to work my way into cert's / experience equal to or slightly less than those degrees. My plan is (hopefully) so far is CCENT, CCNA Security, and then i don't know what to do from here between the CCIE, or the SSCP, or the CISSP. I know CCIEs make pretty good money, but the SSCP sounds like a lot more enjoyment, and the CISSP is really more of a manager's deal than a security tech as i understand. so the actual questions, does this sound viable? does it make any sense? in your experience what's your opinion on the certs?(aside from making the company pay for them, which ill try to do, but if not i still want to grow and progress.)

TLDR; which of this shits cooler my dudes? CCIE, CISSP, SSCP? I want to get into security consulting and probably Security Systems Engineer.

>o wait there's more!

>>58671880

Told you i had to many questions!

> My school is only going to teach me so much at an associate level for the more interesting things in scripting, and math, and actually hands on using applications, so i've been teaching myself as much as i can lay my hands on. I'd say i'm a mediocre java and python programmer at best, been at it for maybe 1 year now but it takes me fucking ages to make a project and then not to mention make it work. (nothing fancy like a little calendar or some shit.) I'm also working a lot of different VM's right now to get used to different OS, mostly all linux systems. So my question is what is the best way to learn something totally fresh? How do you know you're getting quality information online? What kinds of things should someone really be focusing on, and what's just bells and whistles that most people get stuck on?

TLDR;So many things to learn, how the fuck is it all gonna stick? how does a newb avoid bad advice? what's some pro shit to learn? whats some shit to avoid?

>last one i (definitely don't) promise. I want to get my hands dirty with some networks that I can fuck up real good without costing a company bundles of money, or getting into a system that i don't have access to. Any time i try to ask my professors(most of them) they lose their shit and tell me all about the rules of ethical hacking, and so on and so forth, but i really just want to do it to see if i can put anything i've learned to use. So my question would be what would be the cheapest and most effective way to practice pen. testing? Should i save up some cash and get one big beefy server and make a bunch of VM's, or should i just start grabbing as many road side P.C.'s that i can find? Can i trust the war game sites to practice on, or should i be concerned about a malicious individual attempting to trick new players in the game?

TLDR: this shits expensive or illegal to do. How do i practice without going broke or gay in prison? Are war sites legit?

>>58672014
You're a fucking idiot. Install gentoo

>>58671880
>>58672014
You should do some war games to apply what you have learned, retain it, and find out what you enjoy. Through working on problems you should be able to figure out what cert you want. But all of this can be void if you want to chase money

File: brb_kms.jpg (36KB, 432x576px) Image search: [Google]

36KB, 432x576px

>>58672152
thanks annon <3 u
(real shit though i'm working on it now, i see there's a fuck ton of potential in gentoo but its going be a while to mine through it all. these were just the most important questions i have)

>>58672167
Thanks i will! so far HackThisSite and OverTheWire look amazing, but i'm going to need to do some work before i'm ready i think. I need to start a fresh OS (in a virtual environment), and a bunch of new tools from what i've read so far from the gentoowiki. I went through the flow chart i noticed Kali wasn't listed, it's what i currently have the most experience in. Is it a meme OS, or is it just not very popular? Working on gentoo VM atm and then i'll look for some tools.

File: 055eebe8e7971f755fea7510df1e9757884390c843922a31ed56c5ea216b8c02.jpg (113KB, 750x679px) Image search: [Google]

113KB, 750x679px

So I have 2 weeks to get ready for a CTF competition and I don't really know a ton about CTF. What is the best use of my time to prepare? I've been going through overthewire but is there anything else I can do to help myself get prepared?

>>58672672
Kali is purpose built for pen testing. Its not really good as an everyday OS, but its great at what it was designed for because it has pretty much every tool you could every need already installed so you don't have to waste time grabbing them all.

>>58672672
You should not need any prep work for overthewire all the beginner challenge tell you want commands to use and give you useful reading materials, pwnalb.kr also does the same thing. You will be fine with what ever linux OS you are using but the thing about kali is that is has many tools you may not use.

>>58672719
Practice online CTF and make sure you a familiar with linux. You could also brush up on C, bash, reverse engineering, and cryptography.

File: MVP4ME.jpg (80KB, 634x539px) Image search: [Google]

80KB, 634x539px

>>58672810
Sweet! damn it feels good to know that i didn't waste my time learning that OS! Also awesome i got the tools! I will work out gentoo as a general OS though so i'm just more familiar with linux as a day to day OS. thanks annon!

>>58672882
If you are trying to learn gentoo make sure you take your time reading the portage section and maybe then learn about kernel config

Anyone here currently an network admin? What is the daily life of that job? I will be going to school in the fall for network infrastructure.

File: 1472599168363.jpg (45KB, 600x600px) Image search: [Google]

45KB, 600x600px

I want to make a LAN tap, if I just get some old ethernet cables and cut and splice the wires, would that result in packet loss?

Or do I have to buy some connectors and solder etc?

I have a networking question (not security related). If you have at most 100 hosts, is there any benefits of using a subnet smaller than /24?

>>58677610

Unless you're scraping for free IPs, not really.
Also, you'll run into issues once you get some more hosts/printers/swicthes/things.

>>58671880
he has some idea. he has the taskbar on the side

Daily reminder:

Become better with threading in python.

all post sandy bridges provessors have a 3g chip embedded on the dye so only pre sandy bridge cpus are safe

>>58677610
Not really unless you're sure that your network will never expand beyond 100 hosts ever and have a hardon for saving ip addresses, but speaking from personal experience its a much bigger pain in the dick to swap everything over to a bigger subnet then to just leave enough room for growth in the first place.

>>58675882
http://www.instructables.com/id/Make-a-Passive-Network-Tap/

>>58678550
You're stupid.

>>58680829
explain

>>58680989
Let's assume there is indeed some hidden "3G chip" in all modern Intel CPUs that tries phone home. Even if it's there, it's completely useless without a SIM card, and it's simply not feasible for Intel to distribute SIM cards along with their CPUs. Even if their NSA overlords ordered them to, it's not reasonable for technical (SIM cards are huge, unique and what networks are they going to connect to?) and financial reasons (they'd be essentially giving free internet to everyone who bought their CPUs).

>>58680697
That's pretty neat. I might have a weekend project now.

>>58681158
i agree with you that his claim of embedded 3g chips is highly questionable, but for different reasons
>SIM cards are huge
yes, because handling a 1 mm by 1mm card would be a PITA
but you don't even necessarily need one:
"A virtual SIM is a mobile phone number provided by a mobile network operator that does not require a SIM card to connect phone calls to a user's mobile phone.

At the 2015 Mobile World Congress in Barcelona, Simless, Inc., a US-based startup unveiled world's first GSM phone without a SIM card slot. The reference phone was capable of downloading multiple virtual SIM cards over-the-air."
>they'd be essentially giving free internet to everyone who bought their CPUs)
how so? Just because something exists, doesn't mean you have access to it or can get access to it easily enough. Embedded 3G modems are more common than you think some intercoms have them(https://media.ccc.de/v/33c3-8027-intercoms_hacking)
"All new car models in the EU will need to have one by 2015 to instantly connect the car to the emergency services in case of an accident" and some "smart" devices have them too