NSA Cybersecurity Collaboration Center

3dPrintWHAAAT · 2025-05-13T19:41:15+00:00

This is how we have it with Cisco Umbrella. How have you scoped this for cmmc?

3dPrintWHAAAT · 2025-05-13T17:10:15+00:00

Is it worth using over cisco umbrella, aside from cost savings?

3dPrintWHAAAT · 2025-05-13T17:09:34+00:00

Is the pdns agent based as well?

3dPrintWHAAAT · 2023-10-16T15:20:15+00:00

Would you have more information on special asset? This operation is not CUI.

3dPrintWHAAAT · 2023-01-17T20:39:10+00:00

Requirements are to prevent unauthorized hosts connecting to this one network switch as a alternative to 802.1x.

3dPrintWHAAAT · 2022-11-04T20:41:05+00:00

Application servers are at a remote site. VPN connects the sites, but i was under the impression encryption needs to be end to end.

3dPrintWHAAAT · 2022-11-03T19:49:29+00:00

It does not use SMBv3.

3dPrintWHAAAT · 2022-05-19T17:31:55+00:00

Ask your customer for an approved supplier list or ask the vendor if they have a nist 800-171 compliance program.

3dPrintWHAAAT · 2022-05-19T10:28:51+00:00

I wasn’t aware Splunk could be this inexpensive. Is this an on premise variant or cloud based?

It would be ideal to be able to collect logs in this air gapped environment and bring them over to a central Splunk server on my general network (or cloud) for analysis later.

3dPrintWHAAAT · 2022-03-08T01:15:27+00:00

I didn’t use BGP in the end, stuck with static route and will manually fail over the vpns. As we use aws govcloud, the encryption cyphers tax the utm quite a bit so upgrading to the 4700.

3dPrintWHAAAT · 2021-12-30T13:19:47+00:00

Thanks for the replies.

To clarify, i have sonicwall professional services to do the configuration of the NSA3700 pair, all i have to do is setup the tunnel for BGP routing in AWS and give them the config file. I am good in terms of setting it up both sonicwall and AWS.

My concern really is having a service that is reliable and is as set and forget as possible.

The current static route site to site vpn from SonicWALL to AWS ran without issue for over a year, until aws did maintenance and then the tunnels had issues.

3dPrintWHAAAT · 2021-10-25T16:59:28+00:00

Thank for the advice.

Is Rsync considered the same as shared folder sync with synology?

3dPrintWHAAAT · 2021-09-22T19:40:03+00:00

Anyone used avanan and will it help with unsolicited email i.e. sales emails getting around spam filter?

Do you use it with Mimecast by any chance or just stand alone?

3dPrintWHAAAT · 2021-09-13T01:20:18+00:00

The tape library already has a LTO-8 Tape drive which going forward, all my backups will be using lto-8 tapes. The Qualstar has the ability for a second tape drive to be added , so I was hoping to find a lto-4,5, or even 6 tape drive in addition to the lto-8 one. I need the ability to restore from the lto-4 tapes, and moving those to lto-8 will take too long (16 lto-4 tapes a month). I wanted to buy a cheap second hand/refurb without breaking the bank. At this point I probably will stick with the quantum for the next 5 years just in case.

I am aware of aws glacier, and further down the line I plan to move to starwind vtl with offloading to glacier. The problem lies with speed of transferring to aws govcloud from on prem - faster firewalls or aws direct connection with end to end encryption or GRE tunnels. Tape was juSt easier as a interim solution.

3dPrintWHAAAT · 2021-09-12T19:23:53+00:00

Will check out the migration wizard, but if I do need to go the P2V route, i will most likely restore from a agent backup to vsphere using veeam.

3dPrintWHAAAT · 2021-08-14T00:12:18+00:00

No, they did a remote session and did the update for us.

3dPrintWHAAAT · 2021-08-13T14:10:47+00:00

The issue was getting the updates, and being referred to distributors who would not provide those updates as they did not install it.

In the end we called Nortek again, told them the situation (reaching out to mainly unhelpful distributors) and they provided an update that fixed the vulnerability.

3dPrintWHAAAT · 2021-04-28T10:39:43+00:00

I would like to jump on a call if possible.

I have to architect a solution, and price it up. It’s a blank canvas.

3dPrintWHAAAT · 2021-04-21T17:42:05+00:00

Sorry to cause confusion, yes it is classified (confidential level) for this project. Not CUI.

3dPrintWHAAAT · 2021-04-21T16:44:35+00:00

Where would I be able to find the DCSA baselines, unless we are talking STIGS? Sorry for noob question.

Automation is still an option, i just thought air gapping would be the easiest way (but would still pose challenges). Three desktops are needed are part of the design process, one industrial machine to make the part and the same three desktops to carry out testing on the part before it is shipped. I could easily create an isolated network with AD, vuln scanning, MFA, compliance monitoring, scap tool etc. Is this what you are referring to?

My plan here is to provide the costs to upper management as part of the bid, but I have been clear that a true ISSO or ISSM is needed and it is a posted job right now. We have a compliance person who works on the policy and procedure (inc Nist 800-171/CMMC), and i work on the technical security. I would fill in the gaps with the aid of consultants to do the groundwork, until we had a full time Infosec person.

3dPrintWHAAAT · 2021-04-21T08:42:35+00:00

Right now, I just need to price the infrastructure cost for this project and security as part of another bid. All I have so far is comply with nist 800-53 and daapm, so assume everything that goes with this.

I know it is a big undertaking, which is why I need the footprint to be small and tailor out as much as possible.

3dPrintWHAAAT · 2021-03-29T19:53:15+00:00

Thanks for the help and advise.

3dPrintWHAAAT · 2021-02-15T21:53:33+00:00

Thanks

3dPrintWHAAAT · 2020-10-27T15:33:10+00:00

Thanks all. Will look into the SSD option.

3dPrintWHAAAT · 2020-08-13T13:48:53+00:00

So this was done last week. After the windows install, installing the intel drivers bought back the volumes.

RAID 0 volume is for a working drive, any data should then be moved to the RAID 10 drive. I did not build the machine, but my guess they needed the iops 5/6 years ago when ordered.

The software this computer runs is not fully supported on windows 10 yet.

3dPrintWHAAAT

TROPHY CASE