Browsed by
Author: admin

Installing Nagios XI on CentOS 7

Installing Nagios XI on CentOS 7

First things first, why CentOS 7 instead of 6? Well, CentOS 6 has issues with Python updating because of yum. Yes, you can install a separate instance, but it’s not fun and it can break down the road. Second, why not use the OVA provided by Nagios? As of September 2017, the version of Python on the OVA is ancient — 2.6.6. And because yum is tied to it, you can’t update it or you need to install a separate…

Read More Read More

HL7 Data Interfaces in Medical Environments: Attacking and Defending the Achille’s Heel of Healthcare

HL7 Data Interfaces in Medical Environments: Attacking and Defending the Achille’s Heel of Healthcare

This security research paper is the second of two examining the HL7 messaging standard, which is arguably the most fundamental flaw in healthcare IT. HL7 is used extensively for system-to-system communications and is in nearly every healthcare facility worldwide. The first paper is an overview of what can be done with stolen medical data, what HL7 is, as well as potential dangers inherent to HL7. The second paper moves beyond theory and is an in-depth, technical discussion on ways to…

Read More Read More

HL7 Data Interfaces in Medical Environments: Understanding the Fundamental Flaw in Healthcare

HL7 Data Interfaces in Medical Environments: Understanding the Fundamental Flaw in Healthcare

This security research paper is the first of two examining the HL7 messaging standard, which is arguably the most fundamental flaw in healthcare IT. HL7 is used extensively for system-to-system communications and is in nearly every healthcare facility worldwide. The first paper is an overview of what can be done with stolen medical data, what HL7 is, as well as potential dangers inherent to HL7. The second paper moves beyond theory and is an in-depth, technical discussion on ways to…

Read More Read More

Sending pfSense logs to the DShield project

Sending pfSense logs to the DShield project

What is DShield and why would I send them my logs? According to the SANS Internet Storm Center (ISC), “DShield provides a platform for users of firewalls to share intrusion information. DShield is a free and open service.” While DShield is often referred to generically as a “collaborative firewall log correlation system,” for all practical purposes, it is a bit of threat intelligence well before threat intelligence was cool or an overused buzzword. 😉 The truth is many folks across…

Read More Read More

Shadow Brokers Dump And Best Practices

Shadow Brokers Dump And Best Practices

Well that’s a weird title, right? Now that the dust has settled to some degree, let’s look at a not-so-obvious takeaway from the latest security news that simultaneously set everyone’s hair on fire? The latest Shadow Brokers dump is bad on so many different levels. Let’s not concentrate on the potential levels of government and private industry collusion our guts told us existed, but we weren’t sure of. Even now, Microsoft is claiming the vulnerabilities were fixed as part of a…

Read More Read More

Why Phone Numbers Make Horrible WiFi Passwords

Why Phone Numbers Make Horrible WiFi Passwords

Aside from discussing the most obvious item (in the title), you also have the issue of why your average ISP isn’t helping out the security of the average consumer. In addition, the underlying theme here is that installation and implementation matters. You can have the best security/encryption on the planet and someone else can trash it in short order simply because they implement it wrong. Also note that while I won’t be publicly naming them, I will instead provide my emails…

Read More Read More

Using pfBlockerNG (And Block Lists) On pfSense

Using pfBlockerNG (And Block Lists) On pfSense

In a previous post, I talked about implementing blocklists (aka IP reputation lists, ban lists, blacklists, etc.) generically on nearly any firewall to improve your security. The examples I used were on pfSense and OPNsense. I also discussed the methodology and some background as well so if you’re just coming into the conversation, it might be worth a read beforehand. (Previous Post: Using Firewall Block Lists) There were some downfalls to the previously discussed approach such as the URL download (via aliases)…

Read More Read More

Using Firewall Block Lists

Using Firewall Block Lists

IP reputation lists (aka IP blacklists, ban lists, block lists, etc.) are fairly plentiful and some are better (more IPs and less false positives) than others. Now before I get hate mail stating blacklists don’t work, the truth is blacklists are extremely helpful. Would I use them as my sole line of defense? No way! However, when used with multiple layers of security, blacklists prove to be extremely useful. In addition, in many cases a blacklist can actually help reduce resource…

Read More Read More

Dynamic DNS… With Google Domains?

Dynamic DNS… With Google Domains?

I recently switched all of my domains over to Google Domains. While I didn’t have an issue with my previous domain registrar, I wanted to try something new. The primary allure of moving to Google Domains was the fact that private info domain registrations cost nothing additional over public registrations. I’ve never experienced issues as a direct result of public registrations… most likely because I always created email aliases instead of using actual email addresses. Regardless, I haven’t felt completely at…

Read More Read More

Uncovering Indicators of Compromise

Uncovering Indicators of Compromise

Last updated: 16 October 2016 This is the new version of a paper and script I originally wrote as part of my SANS gold paper for the GCCC certification. The paper re-write was primarily in preparation for my presentation of the topic at the 2016 Nagios World Conference… Unfortunately, the conference was canceled. <sigh> Nonetheless, the paper now covers version 6 of the Critical Security Controls instead of 5.1. The original paper in PDF format can still be retrieved from the SANS…

Read More Read More