this post was submitted on 13 Mar 2024
11 points (92.3% liked)

cybersecurity

3209 readers
5 users here now

An umbrella community for all things cybersecurity / infosec. News, research, questions, are all welcome!

Community Rules

Enjoy!

founded 1 year ago
MODERATORS
 

Weekly thread to discuss whatever you’re working on, big or small, at work or in your free time.

top 11 comments
sorted by: hot top controversial new old
[–] [email protected] 5 points 7 months ago (1 children)

ISO 27002 audit season baby!

[–] [email protected] 1 points 7 months ago

Sounds thrilling!!

I’ll be on vacation for our audit next week. I’m thrilled to miss it.

[–] [email protected] 3 points 7 months ago (2 children)

Did a website pentest - something I did not do for a while. Was very fun and we also had some interesting findings :)

[–] [email protected] 1 points 7 months ago

Sounds like a fun assignment! Glad you got some interesting results!

[–] [email protected] 1 points 7 months ago (1 children)

What are you normally up to?

[–] [email protected] 1 points 7 months ago

Security operating

[–] [email protected] 2 points 7 months ago (1 children)

Working on an Ansible playbook to configure our security baseline over all the network devices we manage.

[–] [email protected] 2 points 7 months ago (1 children)

Can you share any of the baseline that's not specific to your org/sensitive? What sources are you using as a reference?

[–] [email protected] 1 points 7 months ago (1 children)

I am using the Cisco hardening guide with some tweeks.

https://www.cisco.com/c/en/us/support/docs/ios-nx-os-software/ios-xe-16/220270-use-cisco-ios-xe-hardening-guide.html

Covers things like only allowing sshv2, enable logging of commands to syslog, disabling the switch web servers.

[–] [email protected] 1 points 7 months ago (1 children)

Nice. You guys allowing the playbooks to configure or just audit?

[–] [email protected] 2 points 7 months ago

we use the playbooks to configure, the trick is to do it in an idempotent way so when something is changed it doesn't kick off alarm bells.

SNMPv3 is my current bane as snmpv3 accounts are not stored in running config so snmp always says something is changed.