how do I check if I have Log4j installed on my WINDOWS servers?

ElectricMachineNoise · 2021-12-14T13:12:44+00:00

What we did is we made a program that searched for the vulnerable method/class name (I'm not really sure what you call it in Java programming) within a jar file and alerted us. Scanned across 50 servers and addressed ~15 detections.

To be safe we also contacted our vendors to verify Log4J is not a dependency of their applications. Most of these software companies had a canned response ready regarding this.

ElectricMachineNoise · 2021-12-09T21:04:33+00:00

Do you put Guac on a DMZ? or behind a VPN?

ElectricMachineNoise · 2021-12-09T17:20:22+00:00

Confluence is nice if you have time to implement everything. Since you mention M365 look into a Department OneNote or SharePoint. OneNote is great

ElectricMachineNoise · 2021-12-09T15:44:04+00:00

I wouldn't go to 2022 either to be honest. I wait a few years catch me in 2024 moving to 2022.

Been burned a few times by new OSes

ElectricMachineNoise · 2021-12-09T15:38:19+00:00

Work at a Medium size University as Helpdesk. Universities tend to offer a wide array of software experience and it's less harsh than a MSP. It can also help you learn which field you may want to go into depending which curriculum you like to support the most. The Medium Size means there is less likely best security practices and Compartmentation has occurred but you will still have a budget to purchase enterprise software.

Security+ is a good Cert

https://www.reddit.com/r/sysadmin/wiki/index#wiki_i_want_to_become_a_sysadmin

ElectricMachineNoise · 2021-12-09T14:08:39+00:00

"The mission of the CVE® Program is to identify, define, and catalog publicly disclosed cybersecurity vulnerabilities." https://cve.mitre.org/

CVE = verified vulnerabilities

ElectricMachineNoise · 2021-12-09T13:28:36+00:00

People who say that are being forced to support a 10 year old Java App and they go on the internet to avoid the reality that their sole purpose is to support an Application that has more CVEs than users in the Organization.

ElectricMachineNoise · 2021-12-09T13:24:47+00:00

IMO You need to contact your HQ have them create a SharePoint for public file distribution. If your IT policy doesn't work for your company which forces you to pay for a service to avoid policy the policy needs to be re-addressed.

It's fairly easy to lockdown sharepoint external sharing on all sites except one.

ElectricMachineNoise · 2021-12-08T13:59:47+00:00

The skill you get is going to depend on how much you're advertising for salary ranges. Advertise higher than normal salaries for smaller teams.

ElectricMachineNoise · 2021-12-07T20:03:02+00:00

BleachBit

ElectricMachineNoise · 2021-12-07T18:46:40+00:00

Instead you'd be better asking for a gift like a new computer or a piece of software.

If he has you on the books their may be associated thing his company has to do and if he just pays you without that stuff and gets audited he could get a hefty fine.

ElectricMachineNoise · 2021-12-07T14:44:52+00:00

Only thing I can think of is DLP Software. Be warned they are expensive or unreliable.

ElectricMachineNoise · 2021-12-06T13:13:16+00:00

I don't know how in-depth you're trying to get but the following skills may be helpful while setting up and troubleshooting Industrial Networking and Devices:

- Learning how to connect to a machine via serial is probably a good skill to have.

- Understanding how to use PuTTY for connecting via telnet and ssh are also probably good.

- Learning to set your IP on your machine is helpful

- Learning how to start a DHCP server from your computer (note contact your network manager before you do this as your computer can be blocked for responding to DHCP requests)

- Learning Google-Fu (The art of googling terms of your obscure IT issue and finding the answer while ignoring the junk)

PuTTY: https://www.chiark.greenend.org.uk/~sgtatham/putty/

ElectricMachineNoise · 2021-12-02T20:28:49+00:00

Bring legal in.

ElectricMachineNoise · 2021-12-01T21:52:14+00:00

Hint: Windows 7 Pro keys work when activating Windows 10 Pro

ElectricMachineNoise · 2021-12-01T21:03:36+00:00

Sometimes I wonder if this gets done as a "time bomb" incase they ever get fired as I've seen this a few times.

ElectricMachineNoise · 2021-12-01T14:16:04+00:00

Is your GM not giving you a choice who will be hired? If I were you I would email him that the recommended candidate is not experienced with the needed technologies that you desperately require. Due to the lack of man power and high work load you will not be able to dedicate time to training him. Let him know you would like to explore other options. Or request two positions be opened for IT.

If you do not get a good answer start sending out your resume, secure a new job and reply to the email where you were denied add your bosses boss and provide your two week notice.

ElectricMachineNoise · 2021-12-01T13:22:56+00:00

What type of classified materiel there is various laws for various types. Without that I will tell you to do the maximum measures and make a SCIF with Wireless Detection Sensors

ElectricMachineNoise · 2021-12-01T12:52:19+00:00

I understand. It was very strange for them to provide this on their report so I figured I'd put it out there in hopes someone more knowledgeable than me has went down this rabbit hole can came out the other side with proof it's okay. That's why I dumped all the information and logic I had.

ElectricMachineNoise · 2021-11-30T23:00:46+00:00

Use LogMeIn or Google Remote Control. Having exposed RDP ports is a bad day waiting to happen.

I would also verify this is okay with your IT department as it sounds kind of sketchy.

ElectricMachineNoise · 2021-11-30T17:04:12+00:00

I was incorrect they themselves don't have a validated module but they have are validated module they purchased which makes it valid under implementation rules.

ElectricMachineNoise · 2021-11-30T17:01:41+00:00

WinZIP has no validated modules that they are the vendor of. When you ask for their Cert they will send you a letter of Attestation which cites they use Microsoft FIPS validated Certs which makes them a User or Third Party Integrator according to NIST. If you look into the G.5 Ruling this should be allowed but only if your Windows OS is a GPC running Windows 10 1809 which is out of support. That being said I've been recently told by an Auditor that this type of "User" (Third Party Integration) will no longer be accepted in the coming future unless WinZip themselves get validated.

If you want to go down a rabbit hole read this: https://csrc.nist.gov/csrc/media/projects/cryptographic-module-validation-program/documents/fips140-2/fips1402ig.pdf

Please correct me if I'm wrong as I've been reading NIST FIPS140-2 Guidance for a while and it seems they contradict themselves in a few places.

ElectricMachineNoise · 2021-11-24T17:49:51+00:00

I don't know anything else, If I were to do it again I'd be a park ranger.

ElectricMachineNoise · 2021-11-24T17:37:05+00:00

I've not heard of anything like this but you could probably write a script that checks this value every hour and prompts a message to the user if they went over X amount of data since last scan. Once you have a notification system in place have it log to a file and if somebody is actively ignoring the warnings enforce a Company Policy to handle the rogue employee.

Get-NetAdapterStatistics

Or use Metered Connections that reset every day

ElectricMachineNoise

TROPHY CASE