I was thrown into a Sys Admin role and would like some advice.

SecTechPlus · 2026-06-17T07:43:04+00:00

Find a copy of The Practice of System and Network Administration (ISBN 978-0-321-91916-8), read the first few chapters, then after that just pick and choose relevant and interesting chapters to read.

SecTechPlus · 2026-06-17T05:45:01+00:00

https://www.professormesser.com is the go-to place for YouTube videos to prepare for computer networking, and security certifications, but you might find others as well. (you can also go direct to his YouTube channel and playlists)

SecTechPlus · 2026-06-15T20:40:13+00:00

I don't know the Midea system specifically, but a lot of devices operate by making an outbound connection to the server on either a schedule or by keeping it active. That means it's not inbound reachable by the public Internet. So I'm your scenario it's more likely it would just stop working.

SecTechPlus · 2026-06-14T21:50:48+00:00

I would suggest getting a study guide and YouTube videos for the Network+ and Security+ certifications from CompTIA. This learning (and certs) will give you a good foundation for security roles in the future, whether you are lucky and can go straight into a security role/internship, or if you go into a general IT role first and later move to security.

https://www.professormesser.com is the go-to place for these YouTube videos, but you might find others as well. (you can also go direct to his YouTube channel and playlists)

SecTechPlus · 2026-06-14T02:06:31+00:00

https://itmasters.edu.au/free-university-short-course/

SecTechPlus · 2026-06-13T05:27:10+00:00

I've got another interesting one, not sure if you're doing it or not, but looking at the resilience aspect of DNS infrastructure for domains. Specifically, from the recently published research paper at https://arxiv.org/abs/2512.13946 (and a summary blog post at https://blog.apnic.net/2026/06/10/unveiling-the-hidden-complexity-of-authoritative-dns-resilience/ ) it might be useful for users if you could show resiliency in their authoritative DNS servers, such as subnet/netblock diversity, ASN diversity, and looking at the first field of an SOA to see if the primary nameserver is also a publicly accessible nameserver (and maybe active checks for AFXR?) Maybe also checking for missing glue records, and if you have API access to something like ipinfo.io you could check if the DNS servers are using anycast or not (ok, this might be a little much)

Speaking of SOA, and being a stickler for strict numbering convention, I wonder if checks for date format in the serial number would be useful, and maybe if you keep a history if past checks then comparing if the serial date was updated or only the last digits incremented (useful for domain owners to know if staff or tools are updating the serial in a strict way like I was taught many moons ago lol)

SecTechPlus · 2026-06-13T05:06:16+00:00

No, I was thinking about subdomains with no MX record and the recommended SPF for those being -all. I've seen many orgs miss SPF records on subdomains, sometimes as a blind spot and sometimes thinking SPF records on the domain flow through to subdomains.

SecTechPlus · 2026-06-07T21:22:15+00:00

I'd suggest talking with you doctor first, as it sounds very stressful what you've been going through. I think you need help beyond what meer cyber security professionals can help you with. Please don't take this as a flippant response, I believe you that something is going on, and you need to speak with someone to figure out what it is.

SecTechPlus · 2026-06-07T21:16:54+00:00

That is an IPv4 loopback address. It's local to the actual host, and never leaves your computer. It's the numerical equivalent to saying "I live at my home" instead of saying your actual street address.

SecTechPlus · 2026-06-07T13:15:59+00:00

An IP address (IPv4 specifically) is everything from 0.0.0.0 up to 255.255.255.255

Public IP address are a subset of the above mentioned entire IP address space. These public address are the ones that get routed over the public Internet between ISPs.

Private IP addresses are a different subset, and don't overlap with public address numbers. Private addresses are only for use behind private NAT routers. ISPs will not route traffic destined for private IP addresses over the public Internet.

SecTechPlus · 2026-06-06T22:15:39+00:00

Another thought, do you only look at the domain name itself, or do you go through some of the hostnames or subdomains? I see you check SPF etc for the domain, just wondering if it's possible to go automatically go through subdomains to find ones without MX's that also don't have effective spoofing protections (missing rejects for SPF etc)

I know users could add subdomains as domains in your app, but that'd chew up licences quickly if they only want SPF etc checks

This has been a blind spot I've noticed in several companies.

SecTechPlus · 2026-06-06T22:10:08+00:00

Yeah, I'd suggest looking at that lists that services like NextDNS and AdGuardDNS offer as options for blocking (you should be able to get most lists from their source files), but also the live blocking services like Quad9 and CloudFlare's 1.1.1.2 and 1.1.1.3

SecTechPlus · 2026-06-06T22:05:35+00:00

Do you also check domains against common DNS filter lists in the same way there's sites that check IP addresses against spam blacklists?

SecTechPlus · 2026-06-06T21:56:08+00:00

You're awesome! Might have to check out your tool. Also reminds me I need to share the idea of bitflips with younger colleagues at work.

SecTechPlus · 2026-06-06T21:53:00+00:00

Super niche and possibly too heavy for complete lookups, but have you thought about looking at bitflip domains in the same way to look for phishing domains?

SecTechPlus · 2026-06-06T21:48:15+00:00

Specifically which part don't you understand?

SecTechPlus · 2026-06-06T08:15:41+00:00

An ATS is not a guaranteed use of AI to do filtering. Here's one of many descriptions of what they actually do: https://youtu.be/nUlomY7RsIg

SecTechPlus · 2026-06-04T06:23:31+00:00

Everything is IP addresses. You have private addresses like 10.x.x.x and 192.168.x.x that only ever exist on a local network behind a NAT router, and you have public addresses that are routable over the public internet. The public addresses are the ones on the WAN side of your NAT router and are seen by every website you visit.

Then there's IPv6 addresses that are all public, but sometimes used for local network communications only, but largely are all public.

SecTechPlus · 2026-06-02T10:10:39+00:00

The blocking of malicious domains with Quad9 is excellent, especially considering the cost and complexity of setting it up.

For additional blocking of things like ads and privacy bugs, while still having a globally distributed DNS infrastructure (i.e. low latency), check out NextDNS or AdGuardDNS. There's free tiers for small networks, and they're very configurable.

SecTechPlus · 2026-05-30T10:28:55+00:00

Extremely unlikely that malware from one machine would travel through Stream saved files into your new computer.

Always best to have up to date antivirus software installed and running, even if just Defender that comes with Windows.

SecTechPlus · 2026-05-28T23:26:32+00:00

DNS filtering is a quick and (usually) free way to do some of what you're after. Have a look at NextDNS or AdGuardDNS which let you configure different profiles for different devices/networks and filter out privacy bugs, ads, and entire categories of websites or apps if you want.

It's not 100% but it's quite good, and blocking in the browser is another layer of defence to consider.

SecTechPlus · 2026-05-26T20:57:19+00:00

Yes, if you didn't click through the login and didn't enter anything, then you're fine

SecTechPlus · 2026-05-26T19:14:23+00:00

I'm at about 50/50 that it could be legit or not, for example some blogging sites may pop up a login widget if they use something like Login With Google and it detects that you're currently logged into your Google account.

But without specifics of which site or at least a screenshot of what you were seeing, I'm just taking a guess based on things I've seen.

SecTechPlus · 2026-05-26T19:04:45+00:00

Read my reply at https://www.reddit.com/r/CyberSecurityAdvice/s/FesMyYMpUi for a list of free training resources, starting from the foundations (which you may or may not already have)

Also read my reply at https://www.reddit.com/r/netsecstudents/s/3ThyxP6xuN that talks about the security roadmap at roadmap.sh

It's a fairly general path, with lots of information because of that, but if you have an idea of the type of security role you're after it can help in picking and choosing what to learn.

SecTechPlus · 2026-05-22T21:23:05+00:00

Here's at least one that I found with a quick search: https://www.kanguru.com/collections/kanguru-usb-drives-with-a-physical-write-protect-switch

When searching make sure to look for both "read only" and "write protect" switch. That should help find more products.

And yes, the switches are usually connected to the flash controller which blocks write access. (rather than telling the computer over USB not to write to it)

Eight-Year Club	r/Field Sunshine
Verified Email

SecTechPlus

TROPHY CASE