Jump to content

Ogedei

Active Members
  • Posts

    13
  • Joined

  • Last visited

Everything posted by Ogedei

  1. we work by blocking the social network category itself. So that needs https inspection and cert installation. The same for web email etc. Google's quic needs to blocked for any of their sites. Also wouldn't we want to see through all https traffic to scan it and stuff.
  2. from my ceh studies if you are talking of hacking the same machine over the internet you need to install something to give you a session to your public ip and on a port which is open for the victim machine. And with that you have a cmd session over the internet.
  3. Nice list. I was referring to blocking social media, youtube etc. You cant block them without https inspection. And most FWs already have a category defined for malware/ads so all these links would be blocked anyway, right? Also how's your experience been with blocking social media etc with pfsense. I might need to do it some time.
  4. You just have to install the FW cert to all computers if you using SSL inspection. I have done it with fortigates, does increase the load and stuff i guess, never done any thorough calculations on that though. And if not using https inspection how would you go about blocking https sites?
  5. HAHA the questions i asked about pfsense vs commercial FWs riles them up a lot too. Here https://doc.pfsense.org/index.php/Comparison_to_Commercial_Alternatives
  6. So now there these SOCs which seem to be really the top thing in cybersec these days. My idea of them is just guys sipping coffee and checking whatsapp and sending arcsight automated excel generated reports to people who also have no idea on what to do with them. Ec-council has also come with the incident handling cert now which i think is geared towards this. I want to know what the whole deal is with these SOCs, anybody working in one, please share. Right now all i know is the fuckers are expensive.
  7. email gateways use smtp connection IP how do they do that if the headers can be spoofed easily. .i am not even sure yet what does the smtp connection ip mean.
  8. You tried any of their guides? The content seems thorough but just very hard to find and jump to a particular topic and it's written like a fucking research paper format instead of a linear PDF.
  9. Nice thread. Signed up for cyberrary. BTW i just feel lost on the OWASP site, do they have a "start here" stage somewhere?
  10. You mean they can rival checkpoints etc? If yes then the savings companies can make would be insane, no? But then the problem with companies is they don't seem to find employees who understand cybersec, what they end up hiring is guys who just sit and email the TAC lol. Also I can recall pfsense can't do deep ssl inspection or can it?
  11. HI So you people are using pfsense firewalls in actual work/office production networks? I am all for open source but then how much of a good idea is this really? I ask because whenever open source AV topic comes up, most of us dont seem to be enthusiastic about it. Also how good is pfsense, let's say if one is considering it for environments where security is a top need.
  12. I don't know how much I would believe this. And given the by default anti-capitalism/anti-US nature of hacker groups/hackers this just sounds like coming from that position. Having said that I think it's more agreeable the cost problem is the real reason companies dont take this route. But then to go a little deeper there, I see that companies end up buying email gateways, smtp services from third party anyway and the pay the managed service providers on top of it for the "support". To share an incident I see that these vendors/managed service providers, even the best of them give you an annual support contract for $6k and every time you call them for something they play the call operator, open a case for you with the TAC and take you on the conference call. lol . I am talking from an india experience here, Is this how things are done in the western countries too?
  13. HI, Glad to be here and here's my first post, which are just some doubts I have about "stuff" I do and deal with at work. Apologies if they're too nooobiee.. just trying to "think out loud here". Firstly I fail to understand why are enterprises not buying email services like "google for work" with their personalized domain name instead of setting up the whole thing by themselves. I do understand many do but the big ones seem to be shy of it, are there really risks involved with downtime, data loss etc? Wouldn't gmail's spam filtering etc be better and effective? Coming to my SPAM doubts, why can't the ISPs just themselves block emails from the blacklisted IPs instead of letting them reach all the way to the intended recipient and then expecting the spam filtering there to do the same thing? And talking about the major email filtering solutions how come they miss out obvious spam, I get that nothing is 100% but i am talking about obvious spam here. To share one incident, lets say that the email spam control solution can't see the incoming SMTP connection IP, and hence can't match the incoming IP against the blac lists in this case, but even then the real blacklisted IP which is the real email source still present in the email header, can't the email gateway read it from there? That's all is coming to me now ..cheers.
×
×
  • Create New...