I have been painstakingly laying the ground work for segmenting network into data center management plane, and future overlay networks for internal applications and dmz / public services.

It would have been easy to burn the place down and start over…

Ever look at emby?

Office culture nuances… I enjoy them.

DomainCode-SiteCode-Function##

ACME-USCA-WEB01 ACME-GERM-DC02

I worked for a company where the previous IT dorks named the servers after startrek ships. It’s cute at home. Had to rename everything and readdress the whole organization.

How far do you guys go?

'All of it’s or until it’s inconvenient?

What’s the pain tolerance for when everyone says it makes the job too hard?

Ever compared CIS controls to STIG ACAP?

I’ve only ever used SCAP for a few reasons z but one being it’s free.

What do you guys use for STIG audit?

Manual STIG viewer or SCAP?

Makes sense. Thanks. I have heard of R7. Had not heard of Qualys.

Thanks

Good info, thanks.

I am familiar with ACAS, which is why I am testing the products.

Fully capturing all the capabilities of scanning, auditing configuration seems like you could put countless hours into the implementation.

I imagine the ROI is high based on what I’ve seen.

Would you agree?

Thanks,. I’ll check into those two

I spent Wednesday tracking down what was transferring too much data. It was domain controllers. The team didn’t figure out why though. I’m waiting in anticipation. I also can’t call people names without knowing/JK

Spent the day/week wondering why part of a network was transferring 100 times the planned data, wondering if data exfil, etc.

Nope, just misconfigured domain controllers. Still waiting on the geniuses on that team to figure something out.

If your DC uses GBs instead of MBs to replicate a mostly static directory, you might have a problem…

Thanks for posting interesting stuff.

1. I like getting infosec info on infosec instance :)

2. If you cross post to two communities on the same instance, we all see double posts.

Maybe we can pick between cybersecurity and security news for articles and the other for discussion?

Nice. You guys allowing the playbooks to configure or just audit?

Can you share any of the baseline that’s not specific to your org/sensitive? What sources are you using as a reference?

Just make sure it’s HBA mode and it’ll be fine. Sometimes called IT mode.

Google IBM m1015 hba, there’s a ton on eBay for no money. It used to be TrueNAS go to. There’s newer HBAs that are faster, but I don’t think it will matter for you

If you do TN, you MUST read the manual and look at their ZFS intro guide. Trust me.

I hear what you’re saying, you’re not wrong.

I would argue that the technical implementations, the ones that are about a quantified or Boolean evaluation, that’s not the case.

Sure, STIGs can be open to interpretation like any benchmark or compliance standard and are open to the reviewers personal discretion or trends in the industry.

I wouldn’t suggest that stigs are more relevant than CIS, since it’s mostly only used by federal government, but it is something to be aware of and a skill set that’s in demand.

I wouldn’t say cis, or stigs, aren’t a security practice by themselves. Security practices come from implementing good policies and evaluation, and I would suggest that the new cybersecurity framework 2.0 would help inform good security practices.

Have you never found ambiguous standards anywhere else?

They’ll all over the place time wise.

I skip forward when he goes on tangents, though I can usually relate to them 😀