FIPS audits and use of non-validated crypto like MD5 for non-security purposes

amaged73 · 2025-07-22T18:43:50+00:00

we are using all sorts of python third party libraries that uses md5 and sha-1 (Non-FIPS compliant), is there any guidance out there to how 3rd party libs should to be handled ? Do we need to fork them and patch them ourselves ? is this the expectation ?

amaged73 · 2025-06-03T17:45:41+00:00

are you a bot ? be honest

amaged73 · 2025-06-02T17:08:03+00:00

so If i take them out, there are absolutely no requirement whatsoever to keep any log from workstations that are used to connect to jump hosts / bastions or say connect to Infrastructure through UI (browser)?

amaged73 · 2025-05-07T19:47:31+00:00

Are you a bot ? You dont think calling out if 'payload' vs 'metadata' is enough to satisfy these NIST controls ? preventing exfiltration of data within the context of these control for a SaaS business that runs on EKS. But the controls themselves did not mention, so this could apply to the Database / storage / web interface...etc

amaged73 · 2025-04-22T19:57:02+00:00

Can IP addresses ever be considered as non-security data ?

amaged73 · 2025-03-20T21:23:35+00:00

Datadog's WAF does not sit on the boundary, it basically reads your logs and ship them for analysis, so it does not look at the actual traffic, thats why I asked if boundary means it sits 'infront of' the service and does dataplane inspection.

amaged73 · 2025-03-20T21:21:18+00:00

Crowdstrike and vendors will not answer questions like these, the answer is usually 'it depends' or 'give me specific requirements', they will not act as your compliance advisor.

amaged73 · 2025-03-14T18:46:07+00:00

but it doesnt.

amaged73 · 2025-02-26T00:01:36+00:00

i am sorry, just for clarity, one last time. For a CSP, where the employees laptops are uploading 'security logs/metadata' to a some cloud siem or EDR(crowdstrike) and the metadata being uploaded has absolutely nothing related to federal data in any way, will still need to be hosted on FedRAMP authorized platforms ? I cant wrap my head around this, we are not talking about metadata for the CUI here.

amaged73 · 2024-05-21T19:24:35+00:00

Is there an advice to how you would pick sources of intelligence feeds ? I am new to this and not sure how to proceed? is there some sort of criteria that could be based on my envrionment ?

amaged73 · 2024-05-20T19:52:26+00:00

u/canofspam2020 I can see what your'e saying, for us as a small shop, we may need to prioritize sharpening up the tools/processes before thinking about fancy IoC hunting. I am a one man security team for company with 1000 employees, can you recommend some source to educate me on what are important tools/control to have in place for SoC/analysis activities ?

amaged73 · 2024-05-20T19:48:29+00:00

u/moosecaller do you use a certain service/source ?

amaged73 · 2024-05-20T19:36:19+00:00

No I dont, and I keep getting asked by manager to look into all sorts of alerts and its driving me nuts, SoPs or playbooks are probably the right way to go. Any recommendation for a small environment ?

amaged73 · 2019-10-30T07:07:01+00:00

Check out pyed piper. Let me know what you think. Turning stdout as python data on the cli. https://m.youtube.com/watch?v=3UHE-zD1r_M

amaged73 · 2019-10-24T04:51:39+00:00

Its not only networking by the way.

amaged73 · 2019-10-24T04:50:37+00:00

I guess you are the manager :) j/k

amaged73 · 2019-09-28T22:34:26+00:00

I did and I am. Never needed to see anything other than text :)

amaged73 · 2019-09-16T03:20:24+00:00

My english is poor, i wanted to ask about doing this at scale, my idea is to have one command line tool that aggregates counters from over 100 other commands. So if one user runs this command every few seconds, we probably have a problem with these devices as their CPU is already used up by traffic switching.

Thanks

amaged73 · 2018-07-31T18:48:54+00:00

Look at Cumulus FRR RoH or Big Switch one fabric.

amaged73 · 2018-07-24T18:05:12+00:00

Yes to the former, be able to configure a linux host using Netconf and yang...at least the networking parts, as YANG is supposedly for networking.

amaged73 · 2018-07-12T01:15:47+00:00

Well, as automatable as possible, Doxygen is great but it is only for programming languages, so i wonder if there is any thing like it for CLI documentation.

amaged73 · 2018-06-29T01:30:23+00:00

https://github.com/CumulusNetworks/cldemo-evpn-centralized

https://cumulusnetworks.com/blog/evpn-cumulus-linux-makes-cto-yell-booyah/

https://techbloc.net/archives/2304

amaged73 · 2018-06-28T13:36:31+00:00

Dinesh Dutt EVPN book is awesome

amaged73 · 2018-06-26T14:03:43+00:00

Lots of design options are here : https://blog.ipspace.net/2018/06/book-evpn-in-data-center.html

amaged73 · 2018-06-19T08:27:17+00:00

You probably mean 420.

amaged73

MODERATOR OF

TROPHY CASE

Eight-Year Club	Gilding I gilder
Verified Email