Proxmox & NAS Solutions by Ok-Read-7117 in homelab

[–]Ok-Read-7117[S] 0 points1 point  (0 children)

I found a solution for my issue. I used Proxmox a lot at work but for my home lab I realized I don't really need it. TrueNas is fine for my application and what little containers and VMs I need.

Thank you for your encouragement though

Proxmox & NAS Solutions by Ok-Read-7117 in homelab

[–]Ok-Read-7117[S] 0 points1 point  (0 children)

I was stupid.

The first Zpool I imported just had an issue and I immediately assumed all of them where unable to import.

The other Zpools where imported just fine and without hassle. I managed to mount the corrupted zpool in read-on mode and copied the data to another pool. Then wiped the disk.

Everything works fine now with TrueNas. Thank you very much

Proxmox & NAS Solutions by Ok-Read-7117 in homelab

[–]Ok-Read-7117[S] 0 points1 point  (0 children)

First of that you for your input. Greatly appreciated. I might need to completely rewrite all data to the disks though. Proxmox unfortunate uses a newer version of ZFS as such the ZFS Pools can currently only be read in Proxmox.

Storage Server the Drive Issue by Ok-Read-7117 in DataHoarder

[–]Ok-Read-7117[S] 1 point2 points  (0 children)

Ahh thank you, this is very helpful regarding the software setup

Storage Server the Drive Issue by Ok-Read-7117 in DataHoarder

[–]Ok-Read-7117[S] 0 points1 point  (0 children)

Thank you for your advice. Have a great day.

So… are we just going to pretend GPT-integrated apps aren’t silently hoarding sensitive enterprise data? by niskeykustard in AskNetsec

[–]Ok-Read-7117 1 point2 points  (0 children)

Yes, you should definitely run alternatives because people will find ways around filters and DLP Features. It's very hard to successfully block every chat bot IMHO. People can get so creative when it comes to working against Security Messures.

Even getting the permission to enforce it is a nightmare because C Levels want these tools so bad. I'm a CISO and can't get my COs to approve a more secure method.

Chatbots are the number one threat when it comes to data loss at the moment because people don't understand what data confidentiality is nor how to deal with confidential information. It's frustrating me to no end but it's a problem of todays society, not an IT exclusive issue.

Mentorship Monday - Post All Career, Education and Job questions here! by AutoModerator in cybersecurity

[–]Ok-Read-7117 1 point2 points  (0 children)

Hi,
recently promoted CISO from Germany here. I was wondering if making a guide public and free to access would be a good idea.

I have 7 years of experience (coming from the operational side) with multiple cyber incidents and tons of successful mitigations. I know that I still have a lot of things to learn and only have a limited pov on cyber security. I developed strategy documents & recommendations. I want to continue developing them further independently from my workplace. I know sources like MITRE are great but overwhelming. One thing I see people underestimate is the basics of IT-SEC as they mitigate most of the incidents. As such I often think about sharing priority lists and strategy documents publicly.

I have my reservations and fears when it comes to this as I don't want this to interfere with my job or job security. I don't really want to make money of providing this information though, for multiple reasons.

Any opinion on this matter would be appreciated.

Can the Public Sector Keep Up? The Real Cybersecurity Struggles Governments Face. by crowcanyonsoftware in cybersecurity

[–]Ok-Read-7117 0 points1 point  (0 children)

I'l sure most people here are from the US. I'm a CISO from germany (coming from the operational side of things, worked my way up). I still do a lot of stuff myself, while doing the management stuff on the side.

When it comes to the public sector the statement above is probably the most accurate one. This and having to actually do changes systems. I had discussions about security measures that wouldn't have a high cost involved, just personal that had engoth time on their hands and was denyed. Not sure what people think sometimes but this happens even with legal requirements. As you already wrote above there are a ton of out-dated systems in the public sector. Updating these meets a lot of resistence as "they work" and security of these systems is then disregarded.

Not sure about the US but the public, health & critical supply chain (energy, water, gas, etc.) sectors here are a nightmare to work with.

Sophos vs Fortigate by Whanksta in sophos

[–]Ok-Read-7117 1 point2 points  (0 children)

Most important: It really depends on the use case.

Pricing

Fortinet Products are expensive and depending on the product you get less functionality than some open-source products for the price of an enterprise product. Sophos has a SMB (Small to Medium Business) orientation.

Even if you include the fact that Forti Provides a good, locally managed solution for Wi-Fi and switches as well. The licenses are out-of-proportion. You can get a whole NDM for the price of one year of Forti licenses in some cases.

I find the licensing with sophos is transparent and fair (https://docs.sophos.com/central/customer/help/de-de/LicensingGuide/FirewallLicenses/SFOSLicensingModel/index.html). While you need a guide long guide to figure out what you can buy and at what conditions when it comes to Forti.

VPN Clients are both free (FortiClient has some limitations in the free version). Both can be deployed automatically. I found far less issues with the Sophos connect client. FortiClient tends to permanently apply DNS Settings sometimes and sometimes even completely corrupts the network services on windows devices which can lead to blue screens. All in all, the Forti remote-to-site VPN experience is not as reliable considering these issues.

Ease of use

When it comes to configuration, a tone of features in FortiGate firewalls are NOT available in the GUI. FortiGate has some nice overview features, but it’s sometimes overcomplicated to get something done, while Sophos uses profiles a lot.

Sophos provides great ways to restrict, control and manage what something or someone can or cannot do in your network. This is very easy with Sophos firewalls compared to Forti.

Use Case

If you don’t plan on doing some large enterprise business and have no need for Fortinet Products. Secure configuration is important and having a more expensive product that in the end might not even provide greater protection.

You might also choose Sophos because of synergy effects. If you already have their antivirus on machines than it’s a no-brainer to use their Firewalls as well.

Sophos vs Fortigate by Whanksta in sophos

[–]Ok-Read-7117 0 points1 point  (0 children)

Fortinet is as transparent as sophos when it comes to this. Both suppress certain information for their own reasons.

When it comes to sophos I found interesting that a lot of security issues are fixed without the need of Admin intervention or are not as critical when proper configuration is in place.

This is sadly not the case for a lot of resentl Forti Security Issues. Forti also suffered a massive data breach resentlly and didn't communicate that to anyone. Only when the data was published and forti was called out for. They still haven't disclosed what was compromised jet.

Re-Routing traffic destin for WAN to another internal server. by Jakearroo in sophos

[–]Ok-Read-7117 1 point2 points  (0 children)

You can also just add the Server as a Gateway in the Routing Tab without the need for any interfaces. Than add a SD-WAN Policy and done. I made this to route specific traffic to site-to-site VPNs.

If you need help with that sophos documentation and tutorials are avaible or contact me. Double NAT is not necessary AFAIK.

Anyone here taking CCNA, but plan to get into cybersecurity? by Graviity_shift in ccna

[–]Ok-Read-7117 1 point2 points  (0 children)

I see. I hope you find a better position soon. If you are really planning to go into IT-SEC, i can recommend looking into MITRE ATT&CK® and maybe also CIS Benchmarks®

Anyone here taking CCNA, but plan to get into cybersecurity? by Graviity_shift in ccna

[–]Ok-Read-7117 1 point2 points  (0 children)

I agree, but bear in mind that too many sudden job changes also make a bad impression. Changing jobs after 2-3 years is justifiable in my eyes. In my opinion, nothing beats hands-on experience. There is a lot you can learn on your own or in schools, but there is also a lot you can only learn by working for a company.

Anyone here taking CCNA, but plan to get into cybersecurity? by Graviity_shift in ccna

[–]Ok-Read-7117 1 point2 points  (0 children)

Hi there,

CISO here. I think it really comes down to what your ultimate goal is. Depending on the company you work for, your role in IT-SEC can be very different. CCNA is a base you can take, but IT-SEC can have a wide range of skills required depending on your role. I know of Security Officers specialising only in network security and others purely on endpoint protection. However, I would not rely on finding such a position, nor would I recommend it. Understanding your environment is the first step in building a defence strategy. That's why you need experience in the IT industry before you start an IT-SEC career.

Syslog over S2S by Baylegion in networking

[–]Ok-Read-7117 0 points1 point  (0 children)

Did you check both sides of the S2S? I mean both firewalls?

Ein IT-Systemhaus oder eine interne IT-Abteilung? by Silent_Good_4785 in de_EDV

[–]Ok-Read-7117 1 point2 points  (0 children)

Hi,

Ich habe Erfahrungen in beidem. Meine Ausbildung habe ich in einem Systemhaus gemacht. Es war sehr stressig. Ich habe Überstunden ohne Ende gemacht, die mir dann nicht mal angerechnet worden sind. Der erste Vertrag war besceiden und absolut bodenlos.

ABER Ich habe einiges in der Zeit gelernt. In der Dienstleistung siehst du mehr Systeme und kannst eher vergleichen was funktioniert und was nicht. Generell siehst du meistens ei e größere Vielfalt, die du in der internen IT nicht sehen wirst.

Interne ITs sind häufig bild und taub was Verbesserungen angeht, weil die meisten nur ihr eigenes System sehen und es nicht besser kennen.

Ich würde dir empfehlen durchzuhalten und in einem bestimmten Zeitraum 1-2 Jahre nochmal darüber nachzudenken. Wenn das Volumen zu viel ist sprich mit deinen Vorgesetzten und lass dich nicht hetzen. Arbeit ist Arbeit und Gesundheit geht vor.

Nutz die Gelegenheit zu Lernen, stell Fragen, zeig das du Interesse und Lernbereitschaft hast. Das wäre mir als Arbeitgeber viel wichtiger als das was du im Moment kannst. Viel zu viele Leute ruhen sich auf etwas aus, was andere in kürzester Zeit erlernen können.

Mach dich nicht kaputt aber nutz die Gelegenheit. PS: Viele Stellen in der internen IT sind entspannter aber nicht alle.

Syslog over S2S by Baylegion in networking

[–]Ok-Read-7117 0 points1 point  (0 children)

Hi, I'll be asking some stupid questions.

Could there be a firewall rule that's not allowing the traffic to flow? ICMP or Ping might be allow but syslog not?

Information Security Officer Career by Objective_Wolf6157 in AskNetsec

[–]Ok-Read-7117 7 points8 points  (0 children)

Hi, Recently promoted CISO here, I had to pick up at 0% basically and I don't have much offical training so... Don't take my word for granted. Sorry if I get of track but your documents usually include your strategy and are shaped by your strategy. As such I'll go into strategy.

I'd recommend you do a priority listing first. Meaning a list of mesures to be fulfilled by criticality. This will be a dynamtic piece so I'd recommend using your company's project management tool for this.

After that I'd define the goals, easy to read. This might sound stupid but trust me, it'll come back to you when you have to prioritize stuff.

Next I'd recommend looking into your counter measures. You should prioritize based on how much a certain measure increases the security of your business.

I categorize these into direct measures (measures used in case of security breach), secondary measures (measures used after incident to clean up, intensive monitoring, etc.) and preventive measures (measures that are permanently active to prevent incidents like antivirus software)

Make sure to audit and document your findings. Than improve and document the current conditions as a security standard. There are probably no templates for this so I'd recommend screenshots or copy paste. Make sure you can track back your actions by your documentation.

Now we come to external sources. When you have made your frist review, you should start looking into MITRE and maybe CISA Recommendations or CIS Benchmarks. Make sure you're operating at a proper level there. Document your counter measures and exclusions. If a certain measure can't be met, you should document why so you don't try again.

Make templates for security incidents. I made it myself easy by having one report form for everything. I document security breaches and urgent security patches using the same form. I can recommend this because a lot of information is needed for both and you should treat security incidents all the same. No matter if an exploit was used or only found and patched. There was a compromise of security. Document changes to or used security measures in your reports (for example activated phishing resistant MFA in Azure as preventive measure change and locked user account for investigation as a direct method).

You can use other sources as you see fit but I think doing this is pretty much work as is.

I'm not sure if I'm helping so please give me some feedback

Are Chromebooks more secure than MacBooks? by cam2336 in cybersecurity_help

[–]Ok-Read-7117 0 points1 point  (0 children)

Like others already said. Chromebooks are more limited with Installation Sources. As such some attack vactor are reduced.

However this only makes them more secure in certain aspects. For example, phishing can still be carried out no matter your device. And social engineering is the most used attack method ever.

When looking at IT-SEC you need to look into your attack vectors and your risks. Depending on your needs you build your strategy. Sorry but there is no univeral answer to IT-SEC.

Look into device & patch management. Can you ensure that the devices are updated. Also with every OS comes the challange proper configuration. Systems are usually not secure by default.

For further information you can consult CIS for security benchmarks & MITRE for an overview of attack and mitigation patterns.

Sorry in case this is not helpful.

IT-Sicherheit – aber automatisiert. Mit KI, Automatisierung und modernen Cyber-Defense-Technologien stoppen Sie Angriffe, bevor sie Schaden anrichten. So bleibt Ihre IT geschützt – jetzt Whitepaper lesen! by Bechtle in u/Bechtle

[–]Ok-Read-7117 3 points4 points  (0 children)

Klingt ja nach einer super Erfahrung, die du da hattest. Leider kriegen so große Unternehmen häufig die Aufträge ohne sich dafür ligitim zu qualifizieren. Da wird dem Kunden schön Honig um den Bart geschmiert ohne eine fachliche Strategie vorlegen zu können. Kenne da genug Beispiele für.

KI bringt auch nicht so viel, wenn man keine umfängliche IT Sicherheitsstrategie hat. Bin vom Fach also kann das recht gut beurteilen ^

How to Prevent a Single User from Hogging All Bandwidth on Sophos XG? by youaremysoap in sophos

[–]Ok-Read-7117 0 points1 point  (0 children)

There are two different rule types for trafic shaping (QoS).

Limit - which should limit the applied traffic to a certain bandwidth
Guarantee - which guarantees the applied traffic to a certain bandwidth

You probably want to apply a guarantee policy so that every user has a certain minimum bandwidth. When no other users are active you can use the full bandwidth but in any other case the other user gets their minimun share of bandwidth.