Network Security

Blog posts, papers, and articles on Network Security by Teri Radichel

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

⚙️ Check out my series on Automating Cybersecurity Metrics. The Code.

🔒 Related Stories: Network Security | AWS Security | Cloud Security Architecture

💻 Free Content on Jobs in Cybersecurity | ✉️ Sign up for the Email List

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Here are some of my posts on Network Security for those who are trying to improve the security of clouds, home networks, and offices.

Topics covered in this post (you can jump to the topic that interest you by searching for these names):

• How traffic got me into cybersecurity
• Basic network security improvements for home users
• Dealing with a network security incident
• Vendors make zero trust networks hard
• Inspecting network traffic
• Network Protocols — Dissecting Network Packets
• Route traffic through an AWS VPN for security and inspection
• AWS Networking
• General network security topics
• Posts that have been removed or moved on the WatchGuard blog
• SANS White Paper on packet capture in the cloud

How network traffic got me into cybersecurity

How network traffic got me into cybersecurity

Basic network security improvements for home users

Disabling IPv6 on a Mac

Create A Configuration File for MacOS to Run at Startup

Easy DNS Change To Prevent Attacks

Evaluating Printer Security Features

Glitchy Mobile Hotspot (Netgear)?

Turn off UPnP on Netgear Mobile Hotspots and Routers

Host-based Firewall to Validate Network Firewall

Dealing with a network security incident

There’s the correct way, which is a specific process for organizations with security incident response teams, security operations centers (SOCs) and then there’s me trying to get by as one person. There’s a big difference between the two. And yes, I have the GSE and a certification in incident response but this is not something I do day in and day out for a living, so refer to others for more detailed guidance on this topic if you are trying to get a job in incident response.

The attackers are in your network — now what?

I had a security incident on my network that caused settings in my pfSense to change. I wrote about those and other issues where I’m rebuilding everything here. I also wrote about how you can inspect traffic in the next section to see if your network or systems are compromised (at a high level because large organizations are going to have teams and SIEMs and SOARs and other terms you’ll want to know if you wnat to do this for a living.

What Can An Attacker View in TLS Encrypted Traffic?

Why Do I Have to Reset My Netgear Cable Modem to Connect to Comcast?

I reset the pfSense as explained in this post, and I’m actually using a new device that I haven’t used on the internet before.

Beginner’s Guide — pfSense

You can find more posts about how I set up Ubiquiti here:

Ubiquiti, Unifi and The Dream Machine Pro

And pfSense here:

Configuring pfSense and Netgate Devices

Vendors make zero trust networks hard

The network requirements vendors provide need to be more specific. That is why we have such a hard time creating secure networks. Vendor products need to be designed with zero trust networks in mind.

The network requirements vendors should provide but most of the time they do not — ask for it so they improve.

How to Provide Network Requirements

Zero Trust for Software Updates

Domain Names Used by Devices

Inspecting network traffic

What is Packet Sniffing?

Who Owns That IP Address?

How to Inspect Network Traffic

Scanners lead to scammers

Example: Something on Wifi Trying to Find an Something on The Internal Network

Figuring out what application code is causing certain traffic (in this case STUN which can bypass NATs and sometimes firewalls with TURN and ICE)

How to Figure Out What’s Running On a Specific Port on Linux

What Can An Attacker View in TLS Encrypted Traffic?

Public and Private Autonomous System Numbers (ASNs)

Apple Macintosh Network Traffic

Useful tcpdump commands

Check DNS Requests — if you’re not using DNS over HTTPS

One Rule To Identify Network Noise

The Network Logs You Might Not Need (GASP!)

The Network Logs You Need

Watching the Network Watchers

Suricata on pfSense

Network Security Devices Can’t Inspect Encrypted Payloads

Where Are the Packets Captured by Suricata on pfSense?

I have since determined that some location information provided by Little Snitch is completely wrong, so take this one with a grain of salt (meaning useful but verify.)

gvt2 domain connecting to Japan, Europe, Brazil…

Also see this series of posts below:

Network Protocols — Dissecting Network Packets

Route traffic through AWS for security and inspection

Network Protocols — Dissecting Network Packets

Networking Basics — hexadecimal to binary to decimal, deciphering network packet headers, etc.

Cybersecurity Math

Numbering systems (base 2, base 10, base 16)

Counting in Hexadecimal (Base 16)

Hexadecimal To Binary To Decimal

Math in Network Packets

Calculating Packet and IP Header Lengths

Calculating the Next Layer in a Packet

Calculating the size of a TCP Packet Payload

QUIC and DNS over HTTPS

Attacks on and through network devices

Your Home Router May Be Committing Crimes

Glitchy Mobile Hotspot (Netgear)?

Turn off UPnP on Netgear Mobile Hotspots and Routers

What Can An Attacker View in TLS Encrypted Traffic?

Why Do I Have to Reset My Netgear Cable Modem to Connect to Comcast?

Exponential increases in cyber risk from Internet exposure

High-risk ports: The chink in your network armor

log4j: The Aftermath

SolarWinds Hack: Retrospective

Google Chrome DNS security bypass

Google Chrome DNS Security Bypass

How a just-in-time VPN access might have helped in the case of the APT10 attacks

What to Do About a Recently Discovered SSH Vulnerability

Setting up a home network

I have a some posts on home networking in various places. To understand the big picture start here. Then check out my reltaed posts for the configuration of each device along the way.

Home Network Diagram

Configuring the cable modem — reset the default password before you connect it to the internet! And you may want to reset it periodically anyway.

Why Do I Have to Reset My Netgear Cable Modem to Connect to Comcast?

Configuring the pfSense starts here:

Beginner’s Guide — pfSense

You can find more posts on pfSense configuration here:

Configuring pfSense and Netgate Devices

I configured the UDM in these posts:

Ubiquiti, Unifi and The Dream Machine Pro

Some other topics related to home networks:

Administering Network Devices

Considering Where to Buy Network Devices

PFSense in Front of a UDM. Why?

Resolving No Route To Host

Assessing Supply Chains ~ The People

Assessing Supply Chain Geopolitical Risk

PFSense in Front of a UDM. Why?

Route traffic through an AWS VPN for security and inspection

Here’s a mini-series on setting up your home or business traffic to flow through AWS for inspection. Still adding all the stories to show how to do it. Be careful with this one because the static network routes and systems always on might become a path for an attacker. Also this was too expensive for me to keep up and running.

How to Route Your Home Network or Business Network Traffic Through AWS and Why

Configuring the VPC and VPC Flow Logs for an AWS Site to Site pfSense VPN

AWS Credentials and Roles for the pfSense VPN Wizard

Calculating the Cost of An AWS Architecture plus a Region Security Warning

Creating an AWS Site to Site VPN for pfSense with a Virtual Private Gateway

Test Sending Traffic From a Load Balancer To A NAT Gateway

Sending Traffic From pfSense to a Site to Site VPN to a VGW to a NAT in AWS

Subnets And Routes For a Public NAT

Configure a Transit Gateway To Route Traffic From A Site To Site VPN to a NAT

Related to the above posts — some issues I had while trying to implement that solution:

Concatenate Contiguous IP Ranges in Its IP List #awswishlist

AWS Routing Logs and Error Messages #awswishlist

AWS Networking

First…

Why You Need a VPC

And…

Amazon DocumentDB Network Access — Why the VPC?

Also…

Lambda Networking

Convinced yet?

Find a number of posts on creating networks on AWS here

Automating Cybersecurity Metrics (ACM)

General network security topics

Routing — in a nut shell

Be careful with VPNs as they can be a single point of failure. Monitor them closely and think through your architecture carefully. Update them whenever a new security patch comes out. Consider the difference between VPNs you manage and monitor and those monitored by someone else — who may have visibility into your logs even though they claim they don’t do that.

Cloud Security ~ Why Use a VPN?

someone seIoT Security ~ AWS 1-Click Buttons

CDN Security Wishlist

Mapping Network Attack Paths

SASE: Secure Access Service Edge

Assessing Supply Chains ~ The People

Assessing Supply Chain Geopolitical Risk

Redirect IoT Devices to Preferred DNS

Blocking Networks You Don’t Need

Concatenating IP Ranges And Other Firewall Rule Tricks

Posts that have been removed or moved on the WatchGuard blog

Indicators of RDP Brute Force Attacks — Secplicity — Security Simplified

IDS and IPS in the Cloud

Where in The World Is That Network Traffic Coming From? — Secplicity — Security Simplified

Packet Capture on AWS ~ New Solutions to Old Problems — Secplicity — Security Simplified

Using Firewall Policies to Auto-Block Rogue Hosts on External Networks — Secplicity — Security…

Auto-Blocking Suspicious Hosts Found in Traffic Logs — Secplicity — Security Simplified

How to Automate Deployment of a WatchGuard Firebox Cloud on AWS — Secplicity — Security Simplified

SANS White Paper on packet capture in the cloud

I also wrote this white paper: Packet Capture on AWS — before any cloud providers enabled or allowed packet capture. Azure was the first to introduce a solution followed by AWS and then GCP.

Follow for updates.

Teri Radichel | © 2nd Sight Lab 2022

About Teri Radichel:
~~~~~~~~~~~~~~~~~~~~
⭐️ Author: Cybersecurity Books
⭐️ Presentations: Presentations by Teri Radichel
⭐️ Recognition: SANS Award, AWS Security Hero, IANS Faculty
⭐️ Certifications: SANS ~ GSE 240
⭐️ Education: BA Business, Master of Software Engineering, Master of Infosec
⭐️ Company: Penetration Tests, Assessments, Phone Consulting ~ 2nd Sight Lab

Need Help With Cybersecurity, Cloud, or Application Security?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
🔒 Request a penetration test 
🔒 Schedule a consulting call

Follow for more stories like this:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 
❤️ Sign Up my Medium Email List
❤️ Twitter: @teriradichel
❤️ LinkedIn: https://www.linkedin.com/in/teriradichel
❤️ Mastodon: @teriradichel@infosec.exchange
❤️ Facebook: 2nd Sight Lab
❤️ YouTube: @2ndsightlab