About a year ago I went to the effort of updating my cybersecurity credentials and signed up with a course at the University of Western Australia. We had a great class, mentor and Professor during the course, and I did well and enjoyed it immensely. The only reason I don’t work in a SOC is that mining pays better (even though I know a SOC is where I belong – I love this stuff).
About a year before I did the course, I invested in a firewall and bridged my router (it was a little dated), and since it was issued by one of Australia’s primary ISP’s, I saved the $245 update cost (I have since found out that I am eligible for a free upgrade now), but who bloody cares. I bridged it – now it’s nothing more than a protocol adapter with the firewall, doing all the routing and processing.
Since it is bridged, there is no way to connect to it and well its basically just a protocol box. I have removed any chance (based on my research). I can’t connect to it within the network, which obviously implies nobody else can either, and have pen tested it via a VPN and other resources, with the addition of friends and colleagues who have greater skills than mine.
On initial setup of the firewall router, I enabled UPNP. I wasn’t happy with what I discovered. Certain applications on endpoints ranging from Smart TV’s, android devices, windows endpoints were enabling forwarding from certain ports to the said devices on UPNP with lifetimes that were basically – forever.
I don’t like that sort of stuff. It allows for a port to be open to an attacker, and an attack vector that is almost limitless, based on the service on the receiving port. So, I disabled UPNP and switched to IPV6 within my home network, that my firewall/router could deal with. No more double NAT and I killed the forever UPNP forwards that were being recreated by UPNP. If you have a global ipv6 address it’s like it states, global. However, that does create an opening that requires a defense.
So now what.
- Ensure that your firewall is capable of defending the internal ipv6 addressed devices
- Block problematic (read hackers) from entering devices using ipv6
- EDR or XDR defenses on endpoints
- Education of end users – your family – within the family (ACSC posters in the toilet – yep)
- Geo-blocking problematic countries, ASNs, and other address blocks
- Installation of fail2ban on servers, AbuseIPDB system
- Updating and backup system on all critical systems and the installation of enhanced logging
- DNS malware filtering and advanced DNS solutions – preferably free.
- Enabling of a vulnerability system that can scan your devices live.
- Utilize Wireshark to capture and use the “expert analysis” utility.
So, what to do when a cybersecurity researcher finds a vulnerability within an application or operating system.
- Enable a backup system so you have a full back if compromised
- Enable automatic updates using cron or other
- Remove the offending package, if possible (Linux), or supply chain vetting. There have been at least two in the last 6 months on Linux.
- Examine the logs on the local system and set reminders for update schedules from vendors
- Switch to a more open-source solution that enhances your defenses and logging
- Run scripts in either PowerShell or bash that report on the status of your systems
- Subscribe to reputable sources of information in relation to cybersecurity.
- Create baselines on devices – especially critical ones – where it connects, when and on what ports.
- Enable WAF defenses if available
- Enable external scanning services (Shodan for a start plus others) to monitor your gateway devices (your public facing internet devices that enable your internet access)
- Switch to more open-source operating systems such as Linux rather than propriety lifetime limited operating systems.
- Replace devices that are no longer receiving updates – Smart TV’s and mobile devices for a start.
- Enable MFA on every service you can, follow the ACSC essential eight as best you can, along with best practices on every service you deploy, with the assistance of AI (its far superior to a google search)
Am I secure, I believe so. A lot more than the average Joe Blogs. Am I bullet proof, no – that would be arrogance at an absurd level. There are men and women out there with various skills that far surpass mine. But so far, I have seen nothing in my logs that suggest that someone has breached my systems.
I have attached a YouTube blog from a source I respect. This is a case in point. You cannot control the operating system; it is a level of trust, and it is in relation to IPv6 on Windows Endpoints. I was slightly intrigued into the disabling of IPv6. 20 odd devices within a home network. You have to be kidding. I was way past that 10 years ago.
Since this is my own server and therefore, I don’t have to be polite. The world in my humble opinion is going to shit in a hand basket. To many hot wars, to many agendas that have nothing to do with the greater good of the human species. The internet has been in a hot war for nearly 10 years, some would argue for longer. You need to defend yourself, your loved ones and be vigilant.
I have managed lately to watch a great many shows about the risks that learned men have taken lately. Churchills little operation to disable the U-boats logistics in the Atlantic, Wyatt Earp in America. Nothing is what it seems.
Eventually someone is going to miscalculate, and the shit will fly on a global scale. Cybersecurity will be the first point of attack, they will go after the powerplants, the hospitals, logistics and the communications. Be smart, learn how to defend yourself in the cyberspace, as well as the real world.
I have yet to master WordPress, so this website is not exactly what I want but it’s a project that I will endeavor to learn, along with Linux administration, hypervisors and various other facets within the space of Information Technology. After all, I believe this is where I belong, all though due to my lack of people skills I have yet to find my place.
If you are aware of a fault within my systems, please contact me. Am willing to learn and make new acquaintances, after all, we are stronger together. No man is an island.
Sincerely