2023-04-21 18:37:00
It's no secret that I use Ubiquiti equipment for my networking. My office runs on a UDM Pro, which has been great for me.
The UDM Pro performs well and stable, it has a great feature set and it's easy to manage (for someone who wants to spend little time managing their network). Heck, even site-to-site VPN for my security cameras was simple!
My main WAN connection comes from MAC3Park, my housing company. They recently had an outage on my Internet connection, which lasted a few days. That messes with my backups and a few of my business processes, so I want to have at least some form of alternative in place.
Luckily, the UDM Pro also makes it dead simple to configure automatic failover or even load balancing across two WAN connections! It really is amazingly simple! Or it should be, as we'll see in a bit.
As a second Internet connection, I looked into getting 4G/5G from my mobile provider. Ubiquiti have their own LTE/4G/5G solution, which looks awesome but is a bit expensive. For half the price, I got a Teltonika RUT241 aimed at IoT solutions.
Sure, the LAN port on the RUT241 is slower (10/100Mbit), but seeing how the 4G connection averages around 20MBit that'll be fine. That's also where the "should be simple" I mentioned earlier comes in.
The RUT241 worked great with my laptop, but hooking it up to the SFP RJ45-module on the UDM Pro it just wouldn't go. No amount of changing settings would make it work. Very odd! There was no DHCP lease and even a statically assigned IP wouldn't let me connect to the Teltonika.
Turns out that, upon closer inspection, my vendor sent me the wrong SFP module :) I'd ordered the 1G model (which does 10/100/1000), but they sent me the 2.5G (which does 1000/2500/10000). The latter will not work with the Teltonika.
Time to get that SFP replaced by my vendor and we'll be good to go!
EDIT:
Or even better! I could just switch my cabled connection from MAC3Park (which is 1G) to port 10 and switch the Teltonika to port 9 (which natively does 100/1000). So basically, switch the definitions of WAN1 and WAN2 around!
EDIT2:
That worked.
I made port 9 WAN2 and port 10 WAN1. I switched the cables around and now port 9 happily runs at 100Mbit, connected to the Teltonika.
Even nicer: in bridge mode, port 9 gets the 4G IP address so it's perfectly accessible as intended. But in that same bridge mode, the RUT241 remains accessible on its static, private IP as well so you can still access the admin web interface.
So if, for example, my internal LANs are 10.0.10.0/24 and the Teltonik's private IP is 10.0.200.1, I've setup a traffic management route which says that 10.0.200.0/24 is accessible via WAN2. That way I can manage the Teltonika web interface, from inside my office LAN, even when it's in bridge mode. Excellent!
EDIT3:
I tested the setup!
Setting the UDM Pro to failover between the connections works very well. Within 60 seconds, Internet-connectivity was restored. It does seem that the dynamic DNS setup does not quickly switch over, so a site-to-site VPN will fail for a lot longer.
Setting the UDM Pro to load balancing didn't work so well. The connection remained down after I pulled WAN1.
kilala.nl tags: work, sysadmin,
View or add comments (curr. 0)
2023-04-19 11:29:00
This month, I've put some time into formalizing my experience with the ISO 27001 standard for "Information Security Management Systems". That is, the business processes and security controls which an organization needs to have in place to be accredited as "ISO27001 certified"... which translates into: this organization has put the right things into place to identify, address and manage risk and to provide personnel and management with policies, standards and guidelines on how to securely operate their IT environment.
It's a cliché that people in IT have a distaste for "auditing" and "compliance". And sure, I've never had much fun with it either! But I felt I was doing myself a disservice by not formalizing what I've learned over the past decades. Or to put it the other way around: making sure I properly learn the fundamentals, means that I can assist my customers better in properly structuring their IT security.
So off I went, to my favored vendor of InfoSec trainings: TSTC in Veenendaal. :)
They provide the PECB version of the ISO27001 LI training and examination. The PECB materials aren't awesome, but they get the job done. And yes, if you're a hands-on techie, then the material can be rather dreary. But overall I had a fun four days at TSTC, with a great class and a solid trainer.
The exam experience was a bit different from what I'm used to with other vendors.
TLDR, in short:
kilala.nl tags: work, studies,
View or add comments (curr. 0)
2023-03-29 21:41:00
As a quick follow-up to this week's post about CSC 210 and CFR 410: I've now also gone through the majority of the course book for CFR 410.
Like CSC I can say I'm of the opinion that the course book for CFR is solid. It's good. I might not like the CFR exam, but the book is good!
kilala.nl tags: studies,
View or add comments (curr. 0)
2023-03-24 10:27:00
About a month ago I re-sat CompTIA's Linux+ exam, to make sure I am still preparing my students properly for their own exams. I still like the Linux+ exam (which I first beta-tested in 2021) and I'm happy to say that my course's curriculum properly covers all "my kids" need to know.
This week I sat not one, but two exams. That makes four this year, so far. :D
Why the sudden rush, with two exams in a week? I'm applying as CertNexus Authorized Instructor, through an acceleration programme that CN are running. They invited professional trainer to prepare and take their exams for free, so CN can expand their pool of international trainers.
I feel that's absolutely marvelous. What a great opportunity! I heartily applaud CertNexus for this step.
The first exam which I took was CSC-210: Cyber Secure Coder. The curriculum had a nice overlap with the secure coding / app hacking classes that our team taught at ${Customer}, which means it's a class I would feel comfortable teaching. It's not programming per sé, it's about having a properly secure design and way-of-work in building your software. The curriculum is language agnostic, though the example projects are mostly in Python and NodeJS.
I went through the official book for CSC and I like the quality. I actually enjoyed it a lot more than CompTIA's style. I haven't gone through the slide decks yet, so I can't say anything about those yet. The exam, I really liked. The questions often tested for insight and when it asked to define certain concepts, it wasn't just dry regurgitation.
I can definitely recommend CertNexus CSC to anyone who needs an entry-level training and/or certification for secure development.
Now, CFR-410 (CyberSec First Responder) is a different beast. I took the beta back in 2021 and at the time I was not overly impressed. The exam has stayed the same: it still asks about outdated concepts and it still has dry fact-regurgitation questions.
I haven't gone through the book and slides yet, I'll do that this weekend so I can update this post.
I have contact CertNexus to offer them feedback and help, so we can improve CFR. Simply complaining about it won't help anyone, I'd rather help them improve their product.
EDIT: CertNexus have indicated they will welcome any feedback I can provide them for CFR, so that's ace. I will work with them in the coming weeks.
kilala.nl tags: work, studies,
View or add comments (curr. 0)
2023-03-18 19:30:00
On Discord, people frequently ask whether "is Linux+ worth it?". Here's my take.
The value depends on your market and on what you get out of it. In the US and UK, CompTIA is a well-known vendor but in other parts of the world they aren't. But left or right, Linux+ is not very well known.
I teach at a local school to prep young adults for the Linux+ exam. The school chose Linux+ because they can get heavily discounted vouchers for the exams, versus LPI, LF and others. For the school it was a matter of money: they really don't have much money and every dollar helps.
Personally, I feel that the Linux+ curriculum is pretty solid as far as Linux sysadmin certs go. The exam itself is also decent and the vendor is mature.
So in this case the value you'll get is from learning Linux system administration pretty in-depth. You'll also get a slip of paper which some might recognize and others will go "*cool, you passed a cert exam, good job*" (in a positivie sense).
Linux+ is not worthless, it's just worth less (when compared to LFCS, LPIC1 and RHCSA).
kilala.nl tags: studies, work,
View or add comments (curr. 0)
2023-03-04 08:20:00
Someone on Discord asked: "Question: Does DevSecOps type of work fall under ISSO's roles and responsibilities?"
That got me thinking.
IMO: DevSecOps, like many things in InfoSec, is something everybody needs to get in on!
Architects need to define reference designs and standards. The ISO needs to define requirements based on regulations and laws and industry standards. An AppSec team needs to provide the tooling. Another team needs to provide CI/CD pipeline integration for these tools. And yes, the devops squads themselves need to actually do stuff with all of the aforementioned things. Someone needs to provides trainings, someone needs to be doing vulnerability management. Etc.
One book on the subject which I heartily recommend, is the Application Security Program Handbook, by Derek Fisher.
I bought that book right after leaving my previous AppSec role, where we spent two years building an AppSec team that did a lot of things from that list. I was amazed by the book, because cover to cover it's everything we self-taught over those two years.
kilala.nl tags: work,
View or add comments (curr. 0)
2023-02-26 12:55:17
On /r/comptia and Discord, there's a lot of people hopeful to break into cybersecurity. The get their Security+ (because CompTIA's marketing promises a lot of jobs), but... then what?
Here's something I told someone on Discord the other day.
CompTIA will have a big list of options in their marketing fluff, but as I said I personally don't believe Sec+ preps you for any particular roles.
That doesn't mean it's not valuable! Quite the opposite! Having passed Sec+ means you bring fundamental InfoSec knowledge to any role you'll work in, be that user support, systems administration, network operations, DevOps, IAM, risk management, or whatever.
Career wise, it makes sense to define short and longterm goals for yourself. Investigate what different jobs in your local marketplace mean, what the work involved actually is and check their requirements.
${Deity}, I'm saying the things I hated hearing twenty years ago, but here we are.
Next to those goals, also investigate the options available to you in your local marketplace. Also take stock of your current set of experience and skills. This information will help you figure out what kind of tools are at your disposal to meet your goals.
For example, say that your long term goal is to have a hardcore technical role in cyber security. Like pen-tester maybe, DevSecOps engineer or cloud security engineer.
From that you would start figuring out which of those roles sound best to you and figure out what you need to learn to get there. This will help you define short term goals... mile stones, if you will.
For example, if you already have some prior IT experience and you've dabbled with programming and Linux, then you could aim for junior devops or sysadmin roles for the short term. If you've already done a lot of TryHackMe, HackTheBox then a junior pentesting role, or junior devsecops.
Now, if you have zero IT experience, then you're going to have to take a different route. One option is to start way lower in the IT ladder, like IT support. Another option is to go for a soft-skills based role! Like user awareness training, or risk management.
Here's a very long Reddit thread about why it's hard to break into InfoSec right from the start.
Which reminds me of a solid tip: check your local market for MSSPs: managed security service providers. They are often in a position to train juniors with little IT experience into the job. They need warm bodies to take care of the low-level work influx and can help you build experience and knowledge on the job.
kilala.nl tags: studies,
View or add comments (curr. 0)
2023-02-26 11:56:00
On the CompTIA sub-reddit, people often ask for labs to work through while prepping for an exam. For Linux+, I've made all the labs for my class freely available on Github.
Server+ is a less common CompTIA exam, which focuses on sysadmin / data center admin roles. There's quite some overlap between A+, Linux+ and Security+; I kinda liked it!
Here's a few suggestions which I gave for practice for SK0-005 Server+
Unfortunately a lot of the aspects of Server+ relate to actually working in a data center, so it'll be hard to have labs for those sections.
Most of objective 1 you will need to have actual hardware for. If you're in the US, you can check LabGopher to find gear for your homelab. Otherwise, check your local nerdery forums or just eBay. A Dell R410 or R420 with Perc and RAID controller will set you back 100-400 dollars depending on specs and if hardware is included.
If you're already in IT, you can also ask your server admin team if they'd be willing to show you the ropes for objective 1.
Many of the topics in objective 2 can be practiced if you have a few VMs that run Windows, Windows Server and Linux to try out the various related tools. You can run these VMs on just about any recent laptop with 8GB or more of RAM and an i5/i7/i9 or similar Zen2 processor.
Virtual networking on objective 2 can be practiced with VMWare ESXi and pfSense.
The good part is that the software mentioned so far can be gotten for free legally. Windows is available for free use on 180-day licenses (which can be renewed multiple times). VMWare ESXi can be gotten on a free license, also for studying/lab purposes.
Licensing and asset management are mostly theoretical on Server+
Objective 3 is partially theoretical/conceptual, but there's a few practical aspects as well. Server hardening is something you can practice with the aforementioned VMs by reading and applying STIGs or CIS Benchmarks. If you're familiar with Ansible, you can even dive into the relevant playbooks. IAM can be practiced with Active Directory and/or Azure AD.
Objective 4 again is a nice mix of theory and practice. LogHub is a nice resource to read through all types of different log files. A lot of the other troubleshooting objectives can be exercised with the lab VMs and hardware I mentioned simply by trying to get it all to work :D That can sometimes already be a struggle, so you're troubleshooting!
Multiple objectives relate to services which you can run, configure and test on Linux VMs. NTP and SSH are two common ones, which I also include in my Linux+ labs. Ditto for the networking config + troubleshooting.
kilala.nl tags: studies,
View or add comments (curr. 0)
All content, with exception of "borrowed" blogpost images, or unless otherwise indicated, is copyright of Tess Sluijter. The character Kilala the cat-demon is copyright of Rumiko Takahashi and used here without permission.