Andrew Latham

I was playing around and just wrote:

- name: Kill banned services
  shell: "pkill -f {{ item }}"
  with_items: "{{ banned_services }}"
  ignore_errors: yes
  changed_when: False
  failed_when: False

Which will run pkill against a list of names which is both dangerous and effective at the same time. This will look like:

TASK [common : Kill banned services] **********************************
ok: [192.168.15.12] => (item=screen)
ok: [192.168.15.13] => (item=screen)
ok: [192.168.15.11] => (item=screen)
ok: [192.168.15.12] => (item=tmux)
ok: [192.168.15.11] => (item=tmux)
ok: [192.168.15.13] => (item=tmux)

Which should be all green and evil at the same time.

Software and Internet Security 101

Software and Internet Security 101

Andrew Latham

The vast majority of security issues in the tech industry fall into these problem areas. You can't buy security but you can plan to react faster. Maybe a better write up would help in the future but here is a mind dump.

Software or Services

  1. Is there a Source Code Management (SCM) system with matching code to what is running in production? (Hint: this is the problem most of the time)
  2. Is there a group of developers mentioned by name and with alternate contacts like phone that are knowledgeable of the code and the service? Still employees I hope.
  3. Is there an incident coordinator? **

Internet or Network

  1. Is the DCIM and or IPAM accurate?
  2. Does the issue or attack come from a Bogon or DROP list?
  3. Does BCP38 address the issue?
  4. Is the issue related to unnecessary services running on a system?
  5. Is there an incident coordinator? **

Resources

  1. ** https://en.wikipedia.org/wiki/Incident_management