jowj
/
jowj.github.io
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Rebuilding site after adding tvm post.

Browse Source
master
jowj 5 years ago
parent 96e407dbfe
commit e4ed316ad2
18 changed files with 257 additions and 22 deletions
Show Stats Download Patch File Download Diff File

46
_posts/2019-06-24-new_company_tvm.md
Unescape View File

@ -0,0 +1,46 @@
---
title: tvm at a new company
categories: security
---
# no new problems
i recently started a new job and am faced with the usual: "please set up our scanners and Make Us Secure", "What Do These Alerts Mean", etc etc. i keep thinking about the scanning / threat and vulnerability management (TVM) aspect, so i want to write about that. here are a list of questions that i've been asking myself, along with some possible answers.
## using an existing scanning install or starting over
it may be reasonable to nuke an install if:
- data existing in the install is massively out of date / bad / for some reason is fucked up data
- data existing in the install doesn't tell you anything useful; 'these ips are alive' isn't useful.
times when you definitely should not nuke an install:
- if the install is tied to existing agents; losing those agent connections would be a mistake
those are really the only hard constraints i can think of. everything else seems pretty grey
## are naming schemes important enough to spend time on
hard yes. some of the names in use at my new place are frankly /hilarious/. and bad. "aaah, a scan template called 'corp users', what do you suppo - oh, its for scanning production? of course."
i picked a rough naming scheme template for all objects, and then tweaked it on a per-object-type basis, i.e.:
ProductName - Environment - Geolocation - Data
"search - prod - aus" is pretty straight forward, and then the 'data' field can be where you really express differences between the object classes. if it ends up looking a bit different between object classes, that's ok. the most important thing for naming schemes is consistency to the rules you set. everything else, while still important, is secondary.
## a note on scan schedules
think about what a particular scan is trying to accomplish. if the goal of a scan is to get data from /corporate servers/ then a typical overnight maintenance window makes sense.
if the goal is to get data from /the entire corporate netblock/ then scanning over night is probably really stupid, unless the entire company works during that time. after all, most companies are deploying large laptop fleets that all get taken home at the end of the day! instead, you can tackle this by doing one of these:
- scan midday, during the work hours, at several different times to catch differently shifted people
- install agents on all laptop / movable devices
ok, apparently the title should be "two notes on sacns". if your goal is to scan sensitive production servers make sure you reach out to the ops team that manages those servers. they should know, you should have a paper trail proving you at least made best efforts to communicate, etc.
## what other things should I check on
- is the OS backing the scanning app still getting updates? a lot of people fire and forget scan setups so make sure you're not running shit off some idiots ubuntu 12 install.
- how much of the infrastructure are we actually scanning? do have blind spots?
- if there isn't an ipam then this will be reaaaaal hard to figure out, but its very important.
- is your license sufficient or will you have to get more approved before you can actually achieve good coverage?
- are there any non-expiring exceptions?
- if so, i recommend nuking them and rebuilding them with at the most a 1 year expiration date; force the company to re-eval once a year if they really want these risks.

5
_site/index.html
Unescape View File

@ -4,7 +4,7 @@
<meta charset='utf-8'>
<meta name="viewport" content="width=device-width, initial-scale=1">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<link rel="stylesheet" href="/assets/css/style.css?v=4e3c68cf7a8c91904937937b8924d9627fc64a8a">
<link rel="stylesheet" href="/assets/css/style.css?v=96e407dbfef5e6ab83daa6dca716c304bdc64c14">
<link rel="stylesheet" type="text/css" href="/assets/css/print.css" media="print">
<link rel='shortcut icon' type='image/x-icon' href='favicon.ico' />
<!--[if lt IE 9]>
@ -20,7 +20,7 @@
<meta property="og:url" content="http://localhost:4000/" />
<meta property="og:site_name" content="josiah ledbetter" />
<script type="application/ld+json">
{"@type":"WebSite","url":"http://localhost:4000/","name":"josiah ledbetter","headline":"josiah ledbetter","@context":"http://schema.org"}</script>
{"name":"josiah ledbetter","@type":"WebSite","url":"http://localhost:4000/","headline":"josiah ledbetter","@context":"http://schema.org"}</script>
<!-- End Jekyll SEO tag -->
</head>
@ -42,6 +42,7 @@
<p>🤖 <a href="/projects/">projects</a><br />
🧟 <a href="/personal/">personal</a><br />
💩 <a href="/security/">security thots</a><br />
‍🧙 <a href="/josiah-resume.pdf">resume</a></p>
</section>

1
_site/index.md
Unescape View File

@ -2,4 +2,5 @@ hi you have reached the landing page of me, the person whose name is above this
🤖 [projects](/projects/)
🧟 [personal](/personal/)
💩 [security thots](/security/)
‍🧙 [resume](/josiah-resume.pdf)

4
_site/personal/2019/04/15/friendsgiving.html
Unescape View File

@ -4,7 +4,7 @@
<meta charset='utf-8'>
<meta name="viewport" content="width=device-width, initial-scale=1">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<link rel="stylesheet" href="/assets/css/style.css?v=4e3c68cf7a8c91904937937b8924d9627fc64a8a">
<link rel="stylesheet" href="/assets/css/style.css?v=96e407dbfef5e6ab83daa6dca716c304bdc64c14">
<link rel="stylesheet" type="text/css" href="/assets/css/print.css" media="print">
<link rel='shortcut icon' type='image/x-icon' href='favicon.ico' />
<!--[if lt IE 9]>
@ -24,7 +24,7 @@
<meta property="og:type" content="article" />
<meta property="article:published_time" content="2019-04-15T00:00:00-05:00" />
<script type="application/ld+json">
{"mainEntityOfPage":{"@type":"WebPage","@id":"http://localhost:4000/personal/2019/04/15/friendsgiving.html"},"description":"look at how pretty this fucking table is my sister made a bunch of that stuff there; the candles were all melted on to the wood and the gourds that they were resting on; the wreathes of Whatever Plant were picked from her garden; even the table it all sat on was made by my sister and her family","@type":"BlogPosting","url":"http://localhost:4000/personal/2019/04/15/friendsgiving.html","headline":"friendsgiving","dateModified":"2019-04-15T00:00:00-05:00","datePublished":"2019-04-15T00:00:00-05:00","@context":"http://schema.org"}</script>
{"description":"look at how pretty this fucking table is my sister made a bunch of that stuff there; the candles were all melted on to the wood and the gourds that they were resting on; the wreathes of Whatever Plant were picked from her garden; even the table it all sat on was made by my sister and her family","@type":"BlogPosting","url":"http://localhost:4000/personal/2019/04/15/friendsgiving.html","headline":"friendsgiving","dateModified":"2019-04-15T00:00:00-05:00","datePublished":"2019-04-15T00:00:00-05:00","mainEntityOfPage":{"@type":"WebPage","@id":"http://localhost:4000/personal/2019/04/15/friendsgiving.html"},"@context":"http://schema.org"}</script>
<!-- End Jekyll SEO tag -->
</head>

4
_site/personal/2019/04/15/lt_thanksgiving.html
Unescape View File

@ -4,7 +4,7 @@
<meta charset='utf-8'>
<meta name="viewport" content="width=device-width, initial-scale=1">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<link rel="stylesheet" href="/assets/css/style.css?v=4e3c68cf7a8c91904937937b8924d9627fc64a8a">
<link rel="stylesheet" href="/assets/css/style.css?v=96e407dbfef5e6ab83daa6dca716c304bdc64c14">
<link rel="stylesheet" type="text/css" href="/assets/css/print.css" media="print">
<link rel='shortcut icon' type='image/x-icon' href='favicon.ico' />
<!--[if lt IE 9]>
@ -24,7 +24,7 @@
<meta property="og:type" content="article" />
<meta property="article:published_time" content="2019-04-15T00:00:00-05:00" />
<script type="application/ld+json">
{"mainEntityOfPage":{"@type":"WebPage","@id":"http://localhost:4000/personal/2019/04/15/lt_thanksgiving.html"},"description":"seattle we flew in to seattle from austin at 845 am. dont take that flight it was fucking horrible but it did give us a full day there despite flying for 4 hours.","@type":"BlogPosting","url":"http://localhost:4000/personal/2019/04/15/lt_thanksgiving.html","headline":"lt-friendsgiving","dateModified":"2019-04-15T00:00:00-05:00","datePublished":"2019-04-15T00:00:00-05:00","@context":"http://schema.org"}</script>
{"description":"seattle we flew in to seattle from austin at 845 am. dont take that flight it was fucking horrible but it did give us a full day there despite flying for 4 hours.","@type":"BlogPosting","url":"http://localhost:4000/personal/2019/04/15/lt_thanksgiving.html","headline":"lt-friendsgiving","dateModified":"2019-04-15T00:00:00-05:00","datePublished":"2019-04-15T00:00:00-05:00","mainEntityOfPage":{"@type":"WebPage","@id":"http://localhost:4000/personal/2019/04/15/lt_thanksgiving.html"},"@context":"http://schema.org"}</script>
<!-- End Jekyll SEO tag -->
</head>

4
_site/personal/2019/04/15/rad_boys_only.html
Unescape View File

@ -4,7 +4,7 @@
<meta charset='utf-8'>
<meta name="viewport" content="width=device-width, initial-scale=1">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<link rel="stylesheet" href="/assets/css/style.css?v=4e3c68cf7a8c91904937937b8924d9627fc64a8a">
<link rel="stylesheet" href="/assets/css/style.css?v=96e407dbfef5e6ab83daa6dca716c304bdc64c14">
<link rel="stylesheet" type="text/css" href="/assets/css/print.css" media="print">
<link rel='shortcut icon' type='image/x-icon' href='favicon.ico' />
<!--[if lt IE 9]>
@ -24,7 +24,7 @@
<meta property="og:type" content="article" />
<meta property="article:published_time" content="2019-04-15T00:00:00-05:00" />
<script type="application/ld+json">
{"mainEntityOfPage":{"@type":"WebPage","@id":"http://localhost:4000/personal/2019/04/15/rad_boys_only.html"},"description":"rad boys only we are boys and we are rad sometimes our cooking makes us sad","@type":"BlogPosting","url":"http://localhost:4000/personal/2019/04/15/rad_boys_only.html","headline":"rad boys only","dateModified":"2019-04-15T00:00:00-05:00","datePublished":"2019-04-15T00:00:00-05:00","@context":"http://schema.org"}</script>
{"description":"rad boys only we are boys and we are rad sometimes our cooking makes us sad","@type":"BlogPosting","url":"http://localhost:4000/personal/2019/04/15/rad_boys_only.html","headline":"rad boys only","dateModified":"2019-04-15T00:00:00-05:00","datePublished":"2019-04-15T00:00:00-05:00","mainEntityOfPage":{"@type":"WebPage","@id":"http://localhost:4000/personal/2019/04/15/rad_boys_only.html"},"@context":"http://schema.org"}</script>
<!-- End Jekyll SEO tag -->
</head>

4
_site/personal/2019/04/18/vcards.html
Unescape View File

@ -4,7 +4,7 @@
<meta charset='utf-8'>
<meta name="viewport" content="width=device-width, initial-scale=1">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<link rel="stylesheet" href="/assets/css/style.css?v=4e3c68cf7a8c91904937937b8924d9627fc64a8a">
<link rel="stylesheet" href="/assets/css/style.css?v=96e407dbfef5e6ab83daa6dca716c304bdc64c14">
<link rel="stylesheet" type="text/css" href="/assets/css/print.css" media="print">
<link rel='shortcut icon' type='image/x-icon' href='favicon.ico' />
<!--[if lt IE 9]>
@ -24,7 +24,7 @@
<meta property="og:type" content="article" />
<meta property="article:published_time" content="2019-04-18T00:00:00-05:00" />
<script type="application/ld+json">
{"mainEntityOfPage":{"@type":"WebPage","@id":"http://localhost:4000/personal/2019/04/18/vcards.html"},"description":"this past week my dad and I helped my grandmother with a few Computer Things. my grandfather died at the end of last year and the process of getting “Computer Things” to a usable state for my grandmother was pretty rough.","@type":"BlogPosting","url":"http://localhost:4000/personal/2019/04/18/vcards.html","headline":"vcards","dateModified":"2019-04-18T00:00:00-05:00","datePublished":"2019-04-18T00:00:00-05:00","@context":"http://schema.org"}</script>
{"description":"this past week my dad and I helped my grandmother with a few Computer Things. my grandfather died at the end of last year and the process of getting “Computer Things” to a usable state for my grandmother was pretty rough.","@type":"BlogPosting","url":"http://localhost:4000/personal/2019/04/18/vcards.html","headline":"vcards","dateModified":"2019-04-18T00:00:00-05:00","datePublished":"2019-04-18T00:00:00-05:00","mainEntityOfPage":{"@type":"WebPage","@id":"http://localhost:4000/personal/2019/04/18/vcards.html"},"@context":"http://schema.org"}</script>
<!-- End Jekyll SEO tag -->
</head>

2
_site/personal/index.html
Unescape View File

@ -4,7 +4,7 @@
<meta charset='utf-8'>
<meta name="viewport" content="width=device-width, initial-scale=1">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<link rel="stylesheet" href="/assets/css/style.css?v=4e3c68cf7a8c91904937937b8924d9627fc64a8a">
<link rel="stylesheet" href="/assets/css/style.css?v=96e407dbfef5e6ab83daa6dca716c304bdc64c14">
<link rel="stylesheet" type="text/css" href="/assets/css/print.css" media="print">
<link rel='shortcut icon' type='image/x-icon' href='favicon.ico' />
<!--[if lt IE 9]>

4
_site/projects/2019/04/15/agares.html
Unescape View File

@ -4,7 +4,7 @@
<meta charset='utf-8'>
<meta name="viewport" content="width=device-width, initial-scale=1">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<link rel="stylesheet" href="/assets/css/style.css?v=4e3c68cf7a8c91904937937b8924d9627fc64a8a">
<link rel="stylesheet" href="/assets/css/style.css?v=96e407dbfef5e6ab83daa6dca716c304bdc64c14">
<link rel="stylesheet" type="text/css" href="/assets/css/print.css" media="print">
<link rel='shortcut icon' type='image/x-icon' href='favicon.ico' />
<!--[if lt IE 9]>
@ -24,7 +24,7 @@
<meta property="og:type" content="article" />
<meta property="article:published_time" content="2019-04-15T00:00:00-05:00" />
<script type="application/ld+json">
{"mainEntityOfPage":{"@type":"WebPage","@id":"http://localhost:4000/projects/2019/04/15/agares.html"},"description":"agares, a multi armed demon well, originally i dont think the multi armed part was mentioned in the “list of demons” i found on the internet. now, though, agares is absolutely multi armed because I keep adding so much bullshit to this project.","@type":"BlogPosting","url":"http://localhost:4000/projects/2019/04/15/agares.html","headline":"agares","dateModified":"2019-04-15T00:00:00-05:00","datePublished":"2019-04-15T00:00:00-05:00","@context":"http://schema.org"}</script>
{"description":"agares, a multi armed demon well, originally i dont think the multi armed part was mentioned in the “list of demons” i found on the internet. now, though, agares is absolutely multi armed because I keep adding so much bullshit to this project.","@type":"BlogPosting","url":"http://localhost:4000/projects/2019/04/15/agares.html","headline":"agares","dateModified":"2019-04-15T00:00:00-05:00","datePublished":"2019-04-15T00:00:00-05:00","mainEntityOfPage":{"@type":"WebPage","@id":"http://localhost:4000/projects/2019/04/15/agares.html"},"@context":"http://schema.org"}</script>
<!-- End Jekyll SEO tag -->
</head>

4
_site/projects/2019/04/15/hosting_static_sites_on_s3.html
Unescape View File

@ -4,7 +4,7 @@
<meta charset='utf-8'>
<meta name="viewport" content="width=device-width, initial-scale=1">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<link rel="stylesheet" href="/assets/css/style.css?v=4e3c68cf7a8c91904937937b8924d9627fc64a8a">
<link rel="stylesheet" href="/assets/css/style.css?v=96e407dbfef5e6ab83daa6dca716c304bdc64c14">
<link rel="stylesheet" type="text/css" href="/assets/css/print.css" media="print">
<link rel='shortcut icon' type='image/x-icon' href='favicon.ico' />
<!--[if lt IE 9]>
@ -24,7 +24,7 @@
<meta property="og:type" content="article" />
<meta property="article:published_time" content="2019-04-15T00:00:00-05:00" />
<script type="application/ld+json">
{"mainEntityOfPage":{"@type":"WebPage","@id":"http://localhost:4000/projects/2019/04/15/hosting_static_sites_on_s3.html"},"description":"Hosting static sites on S3","@type":"BlogPosting","url":"http://localhost:4000/projects/2019/04/15/hosting_static_sites_on_s3.html","headline":"Hosting static sites on S3","dateModified":"2019-04-15T00:00:00-05:00","datePublished":"2019-04-15T00:00:00-05:00","@context":"http://schema.org"}</script>
{"description":"Hosting static sites on S3","@type":"BlogPosting","url":"http://localhost:4000/projects/2019/04/15/hosting_static_sites_on_s3.html","headline":"Hosting static sites on S3","dateModified":"2019-04-15T00:00:00-05:00","datePublished":"2019-04-15T00:00:00-05:00","mainEntityOfPage":{"@type":"WebPage","@id":"http://localhost:4000/projects/2019/04/15/hosting_static_sites_on_s3.html"},"@context":"http://schema.org"}</script>
<!-- End Jekyll SEO tag -->
</head>

4
_site/projects/2019/04/15/mojojojo_bot.html
Unescape View File

@ -4,7 +4,7 @@
<meta charset='utf-8'>
<meta name="viewport" content="width=device-width, initial-scale=1">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<link rel="stylesheet" href="/assets/css/style.css?v=4e3c68cf7a8c91904937937b8924d9627fc64a8a">
<link rel="stylesheet" href="/assets/css/style.css?v=96e407dbfef5e6ab83daa6dca716c304bdc64c14">
<link rel="stylesheet" type="text/css" href="/assets/css/print.css" media="print">
<link rel='shortcut icon' type='image/x-icon' href='favicon.ico' />
<!--[if lt IE 9]>
@ -24,7 +24,7 @@
<meta property="og:type" content="article" />
<meta property="article:published_time" content="2019-04-15T00:00:00-05:00" />
<script type="application/ld+json">
{"mainEntityOfPage":{"@type":"WebPage","@id":"http://localhost:4000/projects/2019/04/15/mojojojo_bot.html"},"description":"mojojojo-bot this was relatively easy to build initially (straight from a template), but building any functionality that I wanted into was, as expected, hard. because i am garbage at python.","@type":"BlogPosting","url":"http://localhost:4000/projects/2019/04/15/mojojojo_bot.html","headline":"mojojojo-bot","dateModified":"2019-04-15T00:00:00-05:00","datePublished":"2019-04-15T00:00:00-05:00","@context":"http://schema.org"}</script>
{"description":"mojojojo-bot this was relatively easy to build initially (straight from a template), but building any functionality that I wanted into was, as expected, hard. because i am garbage at python.","@type":"BlogPosting","url":"http://localhost:4000/projects/2019/04/15/mojojojo_bot.html","headline":"mojojojo-bot","dateModified":"2019-04-15T00:00:00-05:00","datePublished":"2019-04-15T00:00:00-05:00","mainEntityOfPage":{"@type":"WebPage","@id":"http://localhost:4000/projects/2019/04/15/mojojojo_bot.html"},"@context":"http://schema.org"}</script>
<!-- End Jekyll SEO tag -->
</head>

4
_site/projects/2019/04/15/workingcopy.html
Unescape View File

@ -4,7 +4,7 @@
<meta charset='utf-8'>
<meta name="viewport" content="width=device-width, initial-scale=1">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<link rel="stylesheet" href="/assets/css/style.css?v=4e3c68cf7a8c91904937937b8924d9627fc64a8a">
<link rel="stylesheet" href="/assets/css/style.css?v=96e407dbfef5e6ab83daa6dca716c304bdc64c14">
<link rel="stylesheet" type="text/css" href="/assets/css/print.css" media="print">
<link rel='shortcut icon' type='image/x-icon' href='favicon.ico' />
<!--[if lt IE 9]>
@ -24,7 +24,7 @@
<meta property="og:type" content="article" />
<meta property="article:published_time" content="2019-04-15T00:00:00-05:00" />
<script type="application/ld+json">
{"mainEntityOfPage":{"@type":"WebPage","@id":"http://localhost:4000/projects/2019/04/15/workingcopy.html"},"description":"editing files tracked in gif while on your phone","@type":"BlogPosting","url":"http://localhost:4000/projects/2019/04/15/workingcopy.html","headline":"editing files tracked in gif while on your phone","dateModified":"2019-04-15T00:00:00-05:00","datePublished":"2019-04-15T00:00:00-05:00","@context":"http://schema.org"}</script>
{"description":"editing files tracked in gif while on your phone","@type":"BlogPosting","url":"http://localhost:4000/projects/2019/04/15/workingcopy.html","headline":"editing files tracked in gif while on your phone","dateModified":"2019-04-15T00:00:00-05:00","datePublished":"2019-04-15T00:00:00-05:00","mainEntityOfPage":{"@type":"WebPage","@id":"http://localhost:4000/projects/2019/04/15/workingcopy.html"},"@context":"http://schema.org"}</script>
<!-- End Jekyll SEO tag -->
</head>

4
_site/projects/2019/06/23/pynit.html
Unescape View File

@ -4,7 +4,7 @@
<meta charset='utf-8'>
<meta name="viewport" content="width=device-width, initial-scale=1">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<link rel="stylesheet" href="/assets/css/style.css?v=4e3c68cf7a8c91904937937b8924d9627fc64a8a">
<link rel="stylesheet" href="/assets/css/style.css?v=96e407dbfef5e6ab83daa6dca716c304bdc64c14">
<link rel="stylesheet" type="text/css" href="/assets/css/print.css" media="print">
<link rel='shortcut icon' type='image/x-icon' href='favicon.ico' />
<!--[if lt IE 9]>
@ -24,7 +24,7 @@
<meta property="og:type" content="article" />
<meta property="article:published_time" content="2019-06-23T00:00:00-05:00" />
<script type="application/ld+json">
{"mainEntityOfPage":{"@type":"WebPage","@id":"http://localhost:4000/projects/2019/06/23/pynit.html"},"description":"pynit is a personal archival script that relies on pinboard.in. it pulls in posts through the reddit api (by way of praw) and adds them to the linked pinboard account. you can get it here","@type":"BlogPosting","url":"http://localhost:4000/projects/2019/06/23/pynit.html","headline":"pynit","dateModified":"2019-06-23T00:00:00-05:00","datePublished":"2019-06-23T00:00:00-05:00","@context":"http://schema.org"}</script>
{"description":"pynit is a personal archival script that relies on pinboard.in. it pulls in posts through the reddit api (by way of praw) and adds them to the linked pinboard account. you can get it here","@type":"BlogPosting","url":"http://localhost:4000/projects/2019/06/23/pynit.html","headline":"pynit","dateModified":"2019-06-23T00:00:00-05:00","datePublished":"2019-06-23T00:00:00-05:00","mainEntityOfPage":{"@type":"WebPage","@id":"http://localhost:4000/projects/2019/06/23/pynit.html"},"@context":"http://schema.org"}</script>
<!-- End Jekyll SEO tag -->
</head>

2
_site/projects/index.html
Unescape View File

@ -4,7 +4,7 @@
<meta charset='utf-8'>
<meta name="viewport" content="width=device-width, initial-scale=1">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<link rel="stylesheet" href="/assets/css/style.css?v=4e3c68cf7a8c91904937937b8924d9627fc64a8a">
<link rel="stylesheet" href="/assets/css/style.css?v=96e407dbfef5e6ab83daa6dca716c304bdc64c14">
<link rel="stylesheet" type="text/css" href="/assets/css/print.css" media="print">
<link rel='shortcut icon' type='image/x-icon' href='favicon.ico' />
<!--[if lt IE 9]>

111
_site/security/2019/06/24/new_company_tvm.html
Unescape View File

@ -0,0 +1,111 @@
<!DOCTYPE html>
<html lang="en-US">
<head>
<meta charset='utf-8'>
<meta name="viewport" content="width=device-width, initial-scale=1">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<link rel="stylesheet" href="/assets/css/style.css?v=96e407dbfef5e6ab83daa6dca716c304bdc64c14">
<link rel="stylesheet" type="text/css" href="/assets/css/print.css" media="print">
<link rel='shortcut icon' type='image/x-icon' href='favicon.ico' />
<!--[if lt IE 9]>
<script src="//html5shiv.googlecode.com/svn/trunk/html5.js"></script>
<![endif]-->
<!-- Begin Jekyll SEO tag v2.5.0 -->
<title>tvm at a new company | josiah ledbetter</title>
<meta name="generator" content="Jekyll v3.7.4" />
<meta property="og:title" content="tvm at a new company" />
<meta property="og:locale" content="en_US" />
<meta name="description" content="no new problems i recently started a new job and am faced with the usual: “please set up our scanners and Make Us Secure”, “What Do These Alerts Mean”, etc etc. i keep thinking about the scanning / threat and vulnerability management (TVM) aspect, so i want to write about that. here are a list of questions that ive been asking myself, along with some possible answers." />
<meta property="og:description" content="no new problems i recently started a new job and am faced with the usual: “please set up our scanners and Make Us Secure”, “What Do These Alerts Mean”, etc etc. i keep thinking about the scanning / threat and vulnerability management (TVM) aspect, so i want to write about that. here are a list of questions that ive been asking myself, along with some possible answers." />
<link rel="canonical" href="http://localhost:4000/security/2019/06/24/new_company_tvm.html" />
<meta property="og:url" content="http://localhost:4000/security/2019/06/24/new_company_tvm.html" />
<meta property="og:site_name" content="josiah ledbetter" />
<meta property="og:type" content="article" />
<meta property="article:published_time" content="2019-06-24T00:00:00-05:00" />
<script type="application/ld+json">
{"description":"no new problems i recently started a new job and am faced with the usual: “please set up our scanners and Make Us Secure”, “What Do These Alerts Mean”, etc etc. i keep thinking about the scanning / threat and vulnerability management (TVM) aspect, so i want to write about that. here are a list of questions that ive been asking myself, along with some possible answers.","@type":"BlogPosting","url":"http://localhost:4000/security/2019/06/24/new_company_tvm.html","headline":"tvm at a new company","dateModified":"2019-06-24T00:00:00-05:00","datePublished":"2019-06-24T00:00:00-05:00","mainEntityOfPage":{"@type":"WebPage","@id":"http://localhost:4000/security/2019/06/24/new_company_tvm.html"},"@context":"http://schema.org"}</script>
<!-- End Jekyll SEO tag -->
</head>
<body>
<div id="container">
<div class="inner">
<header>
<h1>josiah ledbetter</h1>
</header>
<section id="downloads" class="clearfix">
</section>
<hr>
<section id="main_content">
<h1 id="no-new-problems">no new problems</h1>
<p>i recently started a new job and am faced with the usual: “please set up our scanners and Make Us Secure”, “What Do These Alerts Mean”, etc etc. i keep thinking about the scanning / threat and vulnerability management (TVM) aspect, so i want to write about that. here are a list of questions that ive been asking myself, along with some possible answers.</p>
<h2 id="using-an-existing-scanning-install-or-starting-over">using an existing scanning install or starting over</h2>
<p>it may be reasonable to nuke an install if:</p>
<ul>
<li>data existing in the install is massively out of date / bad / for some reason is fucked up data</li>
<li>data existing in the install doesnt tell you anything useful; these ips are alive isnt useful.</li>
</ul>
<p>times when you definitely should not nuke an install:</p>
<ul>
<li>if the install is tied to existing agents; losing those agent connections would be a mistake</li>
</ul>
<p>those are really the only hard constraints i can think of. everything else seems pretty grey</p>
<h2 id="are-naming-schemes-important-enough-to-spend-time-on">are naming schemes important enough to spend time on</h2>
<p>hard yes. some of the names in use at my new place are frankly /hilarious/. and bad. “aaah, a scan template called corp users, what do you suppo - oh, its for scanning production? of course.”</p>
<p>i picked a rough naming scheme template for all objects, and then tweaked it on a per-object-type basis, i.e.:</p>
<p>ProductName - Environment - Geolocation - Data</p>
<p>“search - prod - aus” is pretty straight forward, and then the data field can be where you really express differences between the object classes. if it ends up looking a bit different between object classes, thats ok. the most important thing for naming schemes is consistency to the rules you set. everything else, while still important, is secondary.</p>
<h2 id="a-note-on-scan-schedules">a note on scan schedules</h2>
<p>think about what a particular scan is trying to accomplish. if the goal of a scan is to get data from /corporate servers/ then a typical overnight maintenance window makes sense.</p>
<p>if the goal is to get data from /the entire corporate netblock/ then scanning over night is probably really stupid, unless the entire company works during that time. after all, most companies are deploying large laptop fleets that all get taken home at the end of the day! instead, you can tackle this by doing one of these:</p>
<ul>
<li>scan midday, during the work hours, at several different times to catch differently shifted people</li>
<li>install agents on all laptop / movable devices</li>
</ul>
<p>ok, apparently the title should be “two notes on sacns”. if your goal is to scan sensitive production servers make sure you reach out to the ops team that manages those servers. they should know, you should have a paper trail proving you at least made best efforts to communicate, etc.</p>
<h2 id="what-other-things-should-i-check-on">what other things should I check on</h2>
<ul>
<li>is the OS backing the scanning app still getting updates? a lot of people fire and forget scan setups so make sure youre not running shit off some idiots ubuntu 12 install.</li>
<li>how much of the infrastructure are we actually scanning? do have blind spots?
<ul>
<li>if there isnt an ipam then this will be reaaaaal hard to figure out, but its very important.</li>
</ul>
</li>
<li>is your license sufficient or will you have to get more approved before you can actually achieve good coverage?</li>
<li>are there any non-expiring exceptions?
<ul>
<li>if so, i recommend nuking them and rebuilding them with at the most a 1 year expiration date; force the company to re-eval once a year if they really want these risks.</li>
</ul>
</li>
</ul>
</section>
<footer>
</footer>
</div>
</div>
</body>
</html>

62
_site/security/index.html
Unescape View File

@ -0,0 +1,62 @@
<!DOCTYPE html>
<html lang="en-US">
<head>
<meta charset='utf-8'>
<meta name="viewport" content="width=device-width, initial-scale=1">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<link rel="stylesheet" href="/assets/css/style.css?v=96e407dbfef5e6ab83daa6dca716c304bdc64c14">
<link rel="stylesheet" type="text/css" href="/assets/css/print.css" media="print">
<link rel='shortcut icon' type='image/x-icon' href='favicon.ico' />
<!--[if lt IE 9]>
<script src="//html5shiv.googlecode.com/svn/trunk/html5.js"></script>
<![endif]-->
<!-- Begin Jekyll SEO tag v2.5.0 -->
<title>security thots | josiah ledbetter</title>
<meta name="generator" content="Jekyll v3.7.4" />
<meta property="og:title" content="security thots" />
<meta property="og:locale" content="en_US" />
<link rel="canonical" href="http://localhost:4000/security/" />
<meta property="og:url" content="http://localhost:4000/security/" />
<meta property="og:site_name" content="josiah ledbetter" />
<script type="application/ld+json">
{"@type":"WebPage","url":"http://localhost:4000/security/","headline":"security thots","@context":"http://schema.org"}</script>
<!-- End Jekyll SEO tag -->
</head>
<body>
<div id="container">
<div class="inner">
<header>
<h1>josiah ledbetter</h1>
</header>
<section id="downloads" class="clearfix">
</section>
<hr>
<section id="main_content">
<p>Posts in category "security thots" are:</p>
<ul>
<li><a href="/security/2019/06/24/new_company_tvm.html">tvm at a new company</a></li>
</ul>
</section>
<footer>
</footer>
</div>
</div>
</body>
</html>

1
index.md
Unescape View File

@ -2,4 +2,5 @@ hi you have reached the landing page of me, the person whose name is above this
🤖 [projects](/projects/)
🧟 [personal](/personal/)
💩 [security thots](/security/)
‍🧙 [resume](/josiah-resume.pdf)

13
security.md
Unescape View File

@ -0,0 +1,13 @@
---
permalink: /security/
title: security thots
---
<p>Posts in category "security thots" are:</p>
<ul>
{% for post in site.categories.security %}
{% if post.url %}
<li><a href="{{ post.url }}">{{ post.title }}</a></li>
{% endif %}
{% endfor %}
</ul>
Write Preview
Loading…
Cancel
Save