Each week, I thought I'd post these SysAdmin tools, tips, tutorials etc.
To make sure I'm following the rules of r/sysadmin, rather than link directly to our website for sign up for the weekly email we're running reddit ads so:
You can sign up to get this in your inbox each week (with extras) by following this link. If the subscription link is not working for you from your computer, try from mobile phone.
Here are the most-interesting items that have come across our desks, laptops and phones this week. As always, Hornetsecurity has no known affiliation with any of these unless we explicitly state otherwise.
** We're looking for your favorite tools and resources to share with the community... the ones that help you do your job better and more easily. Please comment with your favorite(s) and we'll be featuring them over the following weeks.
A Free Tool
Parallel-SSH is an asynchronous parallel SSH library designed to simplify large-scale automation. Uses the least resources and runs fastest among all Python SSH libraries. thenumberfourtytwo likes it because "all you need is a file containing all your ssh hostsβwhich in hindsight is quite similar to ansible, in its simplest form."
A Tip
kuldan5853 offers this advice to reduce security risks associated with network print servers: "[T]his is not for print servers only, but really look into Micro Segmentation of your network - there is no reason why printers need to be exposed to the clients directly for example, or why the print server should see your HPC cluster.
It is vastly more effort to manage if you divide your network in many small subnets that are segregated via firewall, but the gain in security is about the biggest you can imagine (if the firewall rules are implemented strictly as needed and not what is convenient)."
Another Free Tool
PDFescape is a surprisingly capable online PDF editor that allows you to annotate & modify PDFs, create forms, and more⦠entirely for free. Works with any modern browser, with no downloads or account required and no watermarks.
Yet Another Free Tool
Bulk Crap Uninstaller is an uninstaller for removing the vast majority of crap applications that weigh down Windows, with little user input or tech
... keep reading on reddit β‘Howdy! There are plenty of mentions of and recommendations for the incomparable Network Security Toolkit NST here on reddit, so I won't tell you how incredible it is, but I did want to share this.
Wireshark on NST displaying on Windows 7
I just finished setting up Cygwin-X to host remote X sessions on my Win7 machine.
While it's not difficult to setup, it's not exactly easy either.
The purpose of this post is to encourage folks to check out NST, and also take advantage of some of the functions it includes that aren't well suited to the Web Interface. (Wireshark for example).
I can post my steps if anyone is interested though I suspect my "How-To" would reveal my hack and whack noobtastic approach to Linux. it's more like "If I can get it working, so can you".
anyway TONS of great Network tools available in NST, I have it running on a P4 2.8 with a Gig of Ram and it just runs and runs and runs.
Running Port Replication from my Center Star switch and NST has a dedicated interface monitoring that, plus another NIC for connecting to the network.
If you've ever wanted to try Linux, or any Linux based network tools this is a great excuse.
I keep finding myself, having to modify the View logic for packages like django-oauth-toolkit, djangorestframework-simplejwt, etc to make it so that refresh token is exchanged in a HttpOnly cookie to harden security aspects further. A little while ago I decided to make a package that modifies this behavior for django-oauth-toolkit so I don't have to keep doing it in every Django Project: https://github.com/oscarychen/django-oauth-toolkit-cookie-refresh
If you are curious about why I'm doing it, I provided the explanation in the ReadMe. However, I'm hoping someone can take a look and see if my logic and implementation are sound, it's possible that I missed something entire. All suggestions welcome. Thanks!
There seems to be a surprising lack of fundamental knowledge in network security. Has anyone else felt the same?
Here are some examples working with different teams:
- Work heavily with Kibana servers, but lacked fundamental database knowledge
- You would think someone managing a clusters would at least understand the basics of distributed systems
- Heavily use SIEMs, but could not tell you what a the concept of an operating system process beyond "Yeah, it's a program that executes."
- A serious lack of web development knowledge
A lot of people entering the field claiming they are knowledgeable in network security, but can't forward engineer a basic CRUD app, and yet they'll claim they know how to reverse engineer it and secure it. Yeah, you're able to successfully complete a basic SQL injection hackthebox, but you could barely construct a SQL query yourself. You just blindly put in a SQL query and hope you get back an error saying the web application is vulnerable and then blindly put in another SQL query.
Security isnt the only reason people tell you not to keep crypto on exchanges, one reason banks have so much power is because of the huge amount of our money they have at their disposal, to lend and invest. Exchanges are centralisation centres for a technology that is valued for not being centralised. At the least you shouldn't do it since you're essentially devaluing your own investment.
It is not that hard to own your keys, a couple of off-line backups of a series of words stored in a few safe places, if you have a small amount it's not too big a deal, but it's better to learn how it works when it is not much risk for you, and if it's a big investment then it's pretty silly not to take a little time, less than an hour really, to learn how to go about storing your large investment safely.
It's without a doubt the safest way to store your investment, so long as you aren't bragging to the neighbours about it, and you took an hour to learn how to store off-line backups securely.
It's best practice, and that was known back when it was mostly punks who understood the technology and purpose of crypto, when new guys started coming along they would inform them of this, but over time and with new investors who don't really understand anything more than its potential to be profitable becoming the norm, the explanations became less detailed and and the core message of "not your keys not your crypto" became a beneficial meme that worked to get people to follow the best practices for keeping cryptos decentralised and safe.
Not your keys not your crypto, is important for every crypto holder to follow, at the least not to devalue a technology they are invested in. Decentralisation is one of the core value drivers for all cryptocurrencies and a major attribute of another core value, network security.
I am wondering if itβs possible to get a fully remote job with Just A+, Network+ and Security+. I spend most of my time outside of the United States.
Welcome back to IT Pro Tuesday!
We're looking for your favorite tips and tools we can share with the community... those that help you do your job better and more easily. Please reply or leave a comment with your suggestions, and we'll be featuring them in the coming weeks.
And as always, weβre updating the full list on our website here. Enjoy.
But on with this week's tools...! Here are the most-interesting items that have come across our desks, laptops and phones this week. Hornetsecurity has no known affiliation with any of these unless we explicitly state otherwise.
A Free Tool
Parallel-SSH is an asynchronous parallel SSH library designed to simplify large-scale automation. Uses the least resources and runs fastest among all Python SSH libraries. thenumberfourtytwo likes it because "all you need is a file containing all your ssh hostsβwhich in hindsight is quite similar to ansible, in its simplest form."
A Tip
kuldan5853 offers this advice to reduce security risks associated with network print servers: "[T]his is not for print servers only, but really look into Micro Segmentation of your network - there is no reason why printers need to be exposed to the clients directly for example, or why the print server should see your HPC cluster.
It is vastly more effort to manage if you divide your network in many small subnets that are segregated via firewall, but the gain in security is about the biggest you can imagine (if the firewall rules are implemented strictly as needed and not what is convenient)."
Another Free Tool
PDFescape is a surprisingly capable online PDF editor that allows you to annotate & modify PDFs, create forms, and more⦠entirely for free. Works with any modern browser, with no downloads or account required and no watermarks.
Yet Another Free Tool
Bulk Crap Uninstaller is an uninstaller for removing the vast majority of crap applications that weigh down Windows, with little user input or technical knowledge required. Can detect most applications and games (even portable or unregistered), clean up leftovers, force uninstall, automatically uninstall according to premade lists, and more. IntelligentCanary902 says, "I'm a big fan of the portable version."
**One More Free Tool
... keep reading on reddit β‘Just a few free tools, resources etc.Β that can make your tech life a little nicer.
But without further ado, here's the list⦠I have no known association with any of these unless stated otherwise.
A Free Tool
Parallel-SSH is an asynchronous parallel SSH library designed to simplify large-scale automation. Uses the least resources and runs fastest among all Python SSH libraries. thenumberfourtytwo likes it because "all you need is a file containing all your ssh hostsβwhich in hindsight is quite similar to ansible, in its simplest form."
A Tip
kuldan5853 offers this advice to reduce security risks associated with network print servers: "[T]his is not for print servers only, but really look into Micro Segmentation of your network - there is no reason why printers need to be exposed to the clients directly for example, or why the print server should see your HPC cluster.
It is vastly more effort to manage if you divide your network in many small subnets that are segregated via firewall, but the gain in security is about the biggest you can imagine (if the firewall rules are implemented strictly as needed and not what is convenient)."
Another Free Tool
PDFescape is a surprisingly capable online PDF editor that allows you to annotate & modify PDFs, create forms, and more⦠entirely for free. Works with any modern browser, with no downloads or account required and no watermarks.
Yet Another Free Tool
Bulk Crap Uninstaller is an uninstaller for removing the vast majority of crap applications that weigh down Windows, with little user input or technical knowledge required. Can detect most applications and games (even portable or unregistered), clean up leftovers, force uninstall, automatically uninstall according to premade lists, and more. IntelligentCanary902 says, "I'm a big fan of the portable version."
One More Free Tool
PSAppDeployToolkit facilitates the performance of common application deployment tasks, including interacting with users. It offers functions that simplify the scripting needed for deploying applications in the enterprise and that help create a consistent, more-successful deployment experience. Can be used to replace your WiseScript, VBScript and Batch wrapper scripts with a single versatile, reusable, extensible tool. A shout out to knawlejj for pointing us to this one.
... keep reading on reddit β‘
