Strike Package is back online in it's new home as of about 4:30 today. SUU report materials please.
I'd like to see if we can schedule a couple days to meet with as much of the team as we can get together and distribute new gear, review tactics, and re/build tools and systems. What does everybody's July look like?
Week of July 6th, or week of July 13th. Could also do the last week of July if it was late in the week.
Also, what does everyone's August 3 - 7 look like? We could possibly do Weber's assessment that week if we can field a team. Otherwise it will be mid-September with school starting and what not.
We presented to the CIOs Friday. Notes Follow:
We are set to continue. A longer time period is a go, (conditional upon institutional approval).
Action Items out of the meeting: CIOs would like to designate a few system-wide standards, most of which could probably be taken straight out of SANS (e.g. system-wide password standards.) Send me any suggestions on what SANS controls should be considered system-wide mandatory standards.
CIOs also want a prioritized list of tools / software that could be used across the system and requested as part of a legislative initiative this coming session. Send me any ideas you have here please.
Will also consult with the ISO Committee on both these.
Thanks, Andrew
Thanks for the CIO meeting update. I've uploaded a draft of my section of the report to the dump. I have a feeling there may be more overlap in what we all worked on so if anyone has more or better coverage of an area feel free to use yours and not mine.
I'm open the two weeks in July except the 7th and the 14th and 15th. I'm sure we can get a room if you'd like to do it at UVU.
I'll be available the week of August 3-7th. That is the week of Defcon / Bsides, not sure how many from the team are going to Hacker summer camp this year.
Jon
________________________________________ From: ushe-assess-bounces@lists.dixie.edu [ushe-assess-bounces@lists.dixie.edu] on behalf of Andrew Goble [goble@dixie.edu] Sent: Monday, June 29, 2015 9:46 PM To: ushe-assess@lists.dixie.edu Subject: [USHE-assess] Follow-up From CIO Meeting
Strike Package is back online in it's new home as of about 4:30 today. SUU report materials please.
I'd like to see if we can schedule a couple days to meet with as much of the team as we can get together and distribute new gear, review tactics, and re/build tools and systems. What does everybody's July look like?
Week of July 6th, or week of July 13th. Could also do the last week of July if it was late in the week.
Also, what does everyone's August 3 - 7 look like? We could possibly do Weber's assessment that week if we can field a team. Otherwise it will be mid-September with school starting and what not.
We presented to the CIOs Friday. Notes Follow:
We are set to continue. A longer time period is a go, (conditional upon institutional approval).
Action Items out of the meeting: CIOs would like to designate a few system-wide standards, most of which could probably be taken straight out of SANS (e.g. system-wide password standards.) Send me any suggestions on what SANS controls should be considered system-wide mandatory standards.
CIOs also want a prioritized list of tools / software that could be used across the system and requested as part of a legislative initiative this coming session. Send me any ideas you have here please.
Will also consult with the ISO Committee on both these.
Thanks, Andrew
_______________________________________________ USHE-assess mailing list USHE-assess@lists.dixie.edu http://lists.dixie.edu/cgi-bin/mailman/listinfo/ushe-assess
Didn't think about that event... Weber doesn't start classes till the 31st, might be able to do August 10th - 14th with them, but I'm not sure what other schools are doing... might be cutting it close with the start of the semester for some.
On 06/29/2015 10:25 PM, Jon Barclay wrote:
Thanks for the CIO meeting update. I've uploaded a draft of my section of the report to the dump. I have a feeling there may be more overlap in what we all worked on so if anyone has more or better coverage of an area feel free to use yours and not mine.
I'm open the two weeks in July except the 7th and the 14th and 15th. I'm sure we can get a room if you'd like to do it at UVU.
I'll be available the week of August 3-7th. That is the week of Defcon / Bsides, not sure how many from the team are going to Hacker summer camp this year.
Jon
From: ushe-assess-bounces@lists.dixie.edu [ushe-assess-bounces@lists.dixie.edu] on behalf of Andrew Goble [goble@dixie.edu] Sent: Monday, June 29, 2015 9:46 PM To: ushe-assess@lists.dixie.edu Subject: [USHE-assess] Follow-up From CIO Meeting
Strike Package is back online in it's new home as of about 4:30 today. SUU report materials please.
I'd like to see if we can schedule a couple days to meet with as much of the team as we can get together and distribute new gear, review tactics, and re/build tools and systems. What does everybody's July look like?
Week of July 6th, or week of July 13th. Could also do the last week of July if it was late in the week.
Also, what does everyone's August 3 - 7 look like? We could possibly do Weber's assessment that week if we can field a team. Otherwise it will be mid-September with school starting and what not.
We presented to the CIOs Friday. Notes Follow:
We are set to continue. A longer time period is a go, (conditional upon institutional approval).
Action Items out of the meeting: CIOs would like to designate a few system-wide standards, most of which could probably be taken straight out of SANS (e.g. system-wide password standards.) Send me any suggestions on what SANS controls should be considered system-wide mandatory standards.
CIOs also want a prioritized list of tools / software that could be used across the system and requested as part of a legislative initiative this coming session. Send me any ideas you have here please.
Will also consult with the ISO Committee on both these.
Thanks, Andrew
USHE-assess mailing list USHE-assess@lists.dixie.edu http://lists.dixie.edu/cgi-bin/mailman/listinfo/ushe-assess _______________________________________________ USHE-assess mailing list USHE-assess@lists.dixie.edu http://lists.dixie.edu/cgi-bin/mailman/listinfo/ushe-assess
I'll be out the 10th - 14th, but I bet Dave could represent UVU that week.
Thanks,
Jon
_____________________________ From: Andrew Goble <goble@dixie.edumailto:goble@dixie.edu> Sent: Monday, June 29, 2015 9:33 PM Subject: Re: [USHE-assess] Follow-up From CIO Meeting To: <ushe-assess@lists.dixie.edumailto:ushe-assess@lists.dixie.edu>
Didn't think about that event... Weber doesn't start classes till the 31st, might be able to do August 10th - 14th with them, but I'm not sure what other schools are doing... might be cutting it close with the start of the semester for some.
On 06/29/2015 10:25 PM, Jon Barclay wrote:
Thanks for the CIO meeting update. I've uploaded a draft of my section of the report to the dump. I have a feeling there may be more overlap in what we all worked on so if anyone has more or better coverage of an area feel free to use yours and not mine.
I'm open the two weeks in July except the 7th and the 14th and 15th. I'm sure we can get a room if you'd like to do it at UVU.
I'll be available the week of August 3-7th. That is the week of Defcon / Bsides, not sure how many from the team are going to Hacker summer camp this year.
Jon
From: ushe-assess-bounces@lists.dixie.edumailto:ushe-assess-bounces@lists.dixie.edu [ushe-assess-bounces@lists.dixie.edumailto:ushe-assess-bounces@lists.dixie.edu] on behalf of Andrew Goble [goble@dixie.edumailto:goble@dixie.edu] Sent: Monday, June 29, 2015 9:46 PM To: ushe-assess@lists.dixie.edumailto:ushe-assess@lists.dixie.edu Subject: [USHE-assess] Follow-up From CIO Meeting
Strike Package is back online in it's new home as of about 4:30 today. SUU report materials please.
I'd like to see if we can schedule a couple days to meet with as much of the team as we can get together and distribute new gear, review tactics, and re/build tools and systems. What does everybody's July look like?
Week of July 6th, or week of July 13th. Could also do the last week of July if it was late in the week.
Also, what does everyone's August 3 - 7 look like? We could possibly do Weber's assessment that week if we can field a team. Otherwise it will be mid-September with school starting and what not.
We presented to the CIOs Friday. Notes Follow:
We are set to continue. A longer time period is a go, (conditional upon institutional approval).
Action Items out of the meeting: CIOs would like to designate a few system-wide standards, most of which could probably be taken straight out of SANS (e.g. system-wide password standards.) Send me any suggestions on what SANS controls should be considered system-wide mandatory standards.
CIOs also want a prioritized list of tools / software that could be used across the system and requested as part of a legislative initiative this coming session. Send me any ideas you have here please.
Will also consult with the ISO Committee on both these.
Thanks, Andrew
USHE-assess mailing list USHE-assess@lists.dixie.edumailto:USHE-assess@lists.dixie.edu http://lists.dixie.edu/cgi-bin/mailman/listinfo/ushe-assess _______________________________________________ USHE-assess mailing list USHE-assess@lists.dixie.edumailto:USHE-assess@lists.dixie.edu http://lists.dixie.edu/cgi-bin/mailman/listinfo/ushe-assess
_______________________________________________ USHE-assess mailing list USHE-assess@lists.dixie.edumailto:USHE-assess@lists.dixie.edu http://lists.dixie.edu/cgi-bin/mailman/listinfo/ushe-assess
On Mon, Jun 29, 2015 at 9:46 PM, Andrew Goble wrote:
SUU report materials please
Mine just got uploaded.
What does everybody's July look like?
Week of July 6th, or week of July 13th. Could also do the last week of July if it was late in the week.
I'm out of town and out of even cell reach from July 7 - July 19, but can make anything else work.
We are set to continue. A longer time period is a go, (conditional upon institutional approval).
Muahhh haaa haa haaaaaa....
CIOs would like to designate a few system-wide standards, most of which
could probably be taken straight out of SANS (e.g. system-wide password standards.) Send me any suggestions on what SANS controls should be considered system-wide mandatory standards.
As far as passwords go, the "Stanford Model" is what I've been pimping here at USU. I think I'll get it soon. We're waiting on one last Banner piece of the puzzle to work with SSO and we'll be set. https://itservices.stanford.edu/service/accounts/passwords/quickguide
Given the results we've seen with passwords under 10 characters though, I'm inclined to rule out the lowest rung of Stanford's password guide, but I like the flexibility of their model and that it has a built in reward system for users who start to think in passphrases instead of passwords, in that the complexity requirements get easier, the longer your password gets.
CIOs also want a prioritized list of tools / software that could be used
across the system and requested as part of a legislative initiative this coming session.
We're all using Duo, pretty much. Collective purchasing for this would be great to get organized.
I have seen a demo of Rapid7's UserInsight and was blown away. It was easy to configure, you can trace users login movement across all the network, they notify you if they discover one of your institutions credentials in the wild out there, you can create incidences for compromised users and increase the monitoring of those accounts etc. Being able to track users and detect anomalies is very high on my priority list and of the softwares I've looked at for that, nothing has had as good of a price to features as that one did.
Regardless of if it's that specific software or not, I think having user logging and alerting is a critical thing that has to start happening for all of us. We can run our ELK stacks till the cows come home, but inventing algorithms that can detect anomalous behavior on a case by case, just isn't practical for us to write on our own. Purchasing a software collectively would go a long ways to getting us all running something.
There are two schools (UVU & SLCC) and sorta three or four (Dixie & Utah) that are running IDS and IPS, but I would like to see something we could all get onboard with and collectively afford as well. I don't have any specific wares to recommend to the CIO group, but I think it's critical we all find a sustainable and affordable way to do this across all the institutions.
My $.02
I'm good the week of July 13th. But it doesn't sound like Chuck is. The rest of July is hit and miss for me.
I could probably do either first or second week in August for an assessment. I was playing with the idea of going to Defcon, but haven't decided. I could put that off if everybody else wants to do an assessment that week. I could also do the following week (10-14).
As for tools/priorities:
Duo is a given.
I agree with Chuck for the need for some time of detection of anomalous behavior, both for user accounts as well as for network hosts.
I also wondered about some kind of Privileged Access Management product. Maybe the need is lessened with proper Duo implementation. The idea here is that admins don't actually have their own admin accounts on servers. If they need to access a server, they go to the Privileged Access Management server, check out a One Time Password for the server they need to access, use that for their session, and then check the OTP back into the management server when they're done.
EAP-TLS solution.
Log Management/SIEM (This just goes to an overall lack of detection capabilities)
IPS/IDS / Fireeye
Mark
On Tue, Jun 30, 2015 at 1:06 PM, Chuck Kimber chuck.kimber@usu.edu wrote:
On Mon, Jun 29, 2015 at 9:46 PM, Andrew Goble wrote:
SUU report materials please
Mine just got uploaded.
What does everybody's July look like?
Week of July 6th, or week of July 13th. Could also do the last week of July if it was late in the week.
I'm out of town and out of even cell reach from July 7 - July 19, but can make anything else work.
We are set to continue. A longer time period is a go, (conditional upon institutional approval).
Muahhh haaa haa haaaaaa....
CIOs would like to designate a few system-wide standards, most of which
could probably be taken straight out of SANS (e.g. system-wide password standards.) Send me any suggestions on what SANS controls should be considered system-wide mandatory standards.
As far as passwords go, the "Stanford Model" is what I've been pimping here at USU. I think I'll get it soon. We're waiting on one last Banner piece of the puzzle to work with SSO and we'll be set. https://itservices.stanford.edu/service/accounts/passwords/quickguide
Given the results we've seen with passwords under 10 characters though, I'm inclined to rule out the lowest rung of Stanford's password guide, but I like the flexibility of their model and that it has a built in reward system for users who start to think in passphrases instead of passwords, in that the complexity requirements get easier, the longer your password gets.
CIOs also want a prioritized list of tools / software that could be used
across the system and requested as part of a legislative initiative this coming session.
We're all using Duo, pretty much. Collective purchasing for this would be great to get organized.
I have seen a demo of Rapid7's UserInsight and was blown away. It was easy to configure, you can trace users login movement across all the network, they notify you if they discover one of your institutions credentials in the wild out there, you can create incidences for compromised users and increase the monitoring of those accounts etc. Being able to track users and detect anomalies is very high on my priority list and of the softwares I've looked at for that, nothing has had as good of a price to features as that one did.
Regardless of if it's that specific software or not, I think having user logging and alerting is a critical thing that has to start happening for all of us. We can run our ELK stacks till the cows come home, but inventing algorithms that can detect anomalous behavior on a case by case, just isn't practical for us to write on our own. Purchasing a software collectively would go a long ways to getting us all running something.
There are two schools (UVU & SLCC) and sorta three or four (Dixie & Utah) that are running IDS and IPS, but I would like to see something we could all get onboard with and collectively afford as well. I don't have any specific wares to recommend to the CIO group, but I think it's critical we all find a sustainable and affordable way to do this across all the institutions.
My $.02
USHE-assess mailing list USHE-assess@lists.dixie.edu http://lists.dixie.edu/cgi-bin/mailman/listinfo/ushe-assess
btw.... duo had an outage for a couple hours this morning.
Dave Nielsen (nielseda@uvu.edu) UVU / OIT Security
On 07/01/2015 02:24 PM, Mark Walton wrote:
I'm good the week of July 13th. But it doesn't sound like Chuck is. The rest of July is hit and miss for me.
I could probably do either first or second week in August for an assessment. I was playing with the idea of going to Defcon, but haven't decided. I could put that off if everybody else wants to do an assessment that week. I could also do the following week (10-14).
As for tools/priorities:
Duo is a given.
I agree with Chuck for the need for some time of detection of anomalous behavior, both for user accounts as well as for network hosts.
I also wondered about some kind of Privileged Access Management product. Maybe the need is lessened with proper Duo implementation. The idea here is that admins don't actually have their own admin accounts on servers. If they need to access a server, they go to the Privileged Access Management server, check out a One Time Password for the server they need to access, use that for their session, and then check the OTP back into the management server when they're done.
EAP-TLS solution.
Log Management/SIEM (This just goes to an overall lack of detection capabilities)
IPS/IDS / Fireeye
Mark
On Tue, Jun 30, 2015 at 1:06 PM, Chuck Kimber <chuck.kimber@usu.edu mailto:chuck.kimber@usu.edu> wrote:
On Mon, Jun 29, 2015 at 9:46 PM, Andrew Goble wrote: SUU report materials please Mine just got uploaded. What does everybody's July look like? Week of July 6th, or week of July 13th. Could also do the last week of July if it was late in the week. I'm out of town and out of even cell reach from July 7 - July 19, but can make anything else work. We are set to continue. A longer time period is a go, (conditional upon institutional approval). Muahhh haaa haa haaaaaa.... CIOs would like to designate a few system-wide standards, most of which could probably be taken straight out of SANS (e.g. system-wide password standards.) Send me any suggestions on what SANS controls should be considered system-wide mandatory standards. As far as passwords go, the "Stanford Model" is what I've been pimping here at USU. I think I'll get it soon. We're waiting on one last Banner piece of the puzzle to work with SSO and we'll be set. https://itservices.stanford.edu/service/accounts/passwords/quickguide Given the results we've seen with passwords under 10 characters though, I'm inclined to rule out the lowest rung of Stanford's password guide, but I like the flexibility of their model and that it has a built in reward system for users who start to think in passphrases instead of passwords, in that the complexity requirements get easier, the longer your password gets. CIOs also want a prioritized list of tools / software that could be used across the system and requested as part of a legislative initiative this coming session. We're all using Duo, pretty much. Collective purchasing for this would be great to get organized. I have seen a demo of Rapid7's UserInsight and was blown away. It was easy to configure, you can trace users login movement across all the network, they notify you if they discover one of your institutions credentials in the wild out there, you can create incidences for compromised users and increase the monitoring of those accounts etc. Being able to track users and detect anomalies is very high on my priority list and of the softwares I've looked at for that, nothing has had as good of a price to features as that one did. Regardless of if it's that specific software or not, I think having user logging and alerting is a critical thing that has to start happening for all of us. We can run our ELK stacks till the cows come home, but inventing algorithms that can detect anomalous behavior on a case by case, just isn't practical for us to write on our own. Purchasing a software collectively would go a long ways to getting us all running something. There are two schools (UVU & SLCC) and sorta three or four (Dixie & Utah) that are running IDS and IPS, but I would like to see something we could all get onboard with and collectively afford as well. I don't have any specific wares to recommend to the CIO group, but I think it's critical we all find a sustainable and affordable way to do this across all the institutions. My $.02 _______________________________________________ USHE-assess mailing list USHE-assess@lists.dixie.edu <mailto:USHE-assess@lists.dixie.edu> http://lists.dixie.edu/cgi-bin/mailman/listinfo/ushe-assess
USHE-assess mailing list USHE-assess@lists.dixie.edu http://lists.dixie.edu/cgi-bin/mailman/listinfo/ushe-assess
On Wed, Jul 1, 2015 at 2:52 PM, Dave Nielsen dave.nielsen@uvu.edu wrote:
btw.... duo had an outage for a couple hours this morning.
Really? That would mean you were the only guy actually doing any work this morning. Nobody around here even noticed...
I know they've been recently enduring several DDoS attacks lately, and I'm sure it's some kind of attempt to break two-factor in some cyber warfare exchange between China and the U.S. ...that's what Miles tells me anyways.
Just followed up with Weber, they lean towards a September assessment. So maybe keep the last couple weeks of September penciled in for that...
Let's try to do our work meeting late the last week of July or the first week of August. How does the 29th/30th look? That would avoid the next week for anybody off to DefCon.
With most of the strike package gear becoming stationary, I'd like to come up with a 3rd level domain to start using with assessment stuff so we can apply real signed certs, use services by name, etc.
.ushe-sat.dixie.edu .usheassess.dixie.edu .supersecurityawesomeness.dixie.edu
etc. Any ideas?
Thanks, Andrew
On 07/01/2015 02:24 PM, Mark Walton wrote:
I'm good the week of July 13th. But it doesn't sound like Chuck is. The rest of July is hit and miss for me.
I could probably do either first or second week in August for an assessment. I was playing with the idea of going to Defcon, but haven't decided. I could put that off if everybody else wants to do an assessment that week. I could also do the following week (10-14).
As for tools/priorities:
Duo is a given.
I agree with Chuck for the need for some time of detection of anomalous behavior, both for user accounts as well as for network hosts.
I also wondered about some kind of Privileged Access Management product. Maybe the need is lessened with proper Duo implementation. The idea here is that admins don't actually have their own admin accounts on servers. If they need to access a server, they go to the Privileged Access Management server, check out a One Time Password for the server they need to access, use that for their session, and then check the OTP back into the management server when they're done.
EAP-TLS solution.
Log Management/SIEM (This just goes to an overall lack of detection capabilities)
IPS/IDS / Fireeye
Mark
On Tue, Jun 30, 2015 at 1:06 PM, Chuck Kimber <chuck.kimber@usu.edu mailto:chuck.kimber@usu.edu> wrote:
On Mon, Jun 29, 2015 at 9:46 PM, Andrew Goble wrote: SUU report materials please Mine just got uploaded. What does everybody's July look like? Week of July 6th, or week of July 13th. Could also do the last week of July if it was late in the week. I'm out of town and out of even cell reach from July 7 - July 19, but can make anything else work. We are set to continue. A longer time period is a go, (conditional upon institutional approval). Muahhh haaa haa haaaaaa.... CIOs would like to designate a few system-wide standards, most of which could probably be taken straight out of SANS (e.g. system-wide password standards.) Send me any suggestions on what SANS controls should be considered system-wide mandatory standards. As far as passwords go, the "Stanford Model" is what I've been pimping here at USU. I think I'll get it soon. We're waiting on one last Banner piece of the puzzle to work with SSO and we'll be set. https://itservices.stanford.edu/service/accounts/passwords/quickguide Given the results we've seen with passwords under 10 characters though, I'm inclined to rule out the lowest rung of Stanford's password guide, but I like the flexibility of their model and that it has a built in reward system for users who start to think in passphrases instead of passwords, in that the complexity requirements get easier, the longer your password gets. CIOs also want a prioritized list of tools / software that could be used across the system and requested as part of a legislative initiative this coming session. We're all using Duo, pretty much. Collective purchasing for this would be great to get organized. I have seen a demo of Rapid7's UserInsight and was blown away. It was easy to configure, you can trace users login movement across all the network, they notify you if they discover one of your institutions credentials in the wild out there, you can create incidences for compromised users and increase the monitoring of those accounts etc. Being able to track users and detect anomalies is very high on my priority list and of the softwares I've looked at for that, nothing has had as good of a price to features as that one did. Regardless of if it's that specific software or not, I think having user logging and alerting is a critical thing that has to start happening for all of us. We can run our ELK stacks till the cows come home, but inventing algorithms that can detect anomalous behavior on a case by case, just isn't practical for us to write on our own. Purchasing a software collectively would go a long ways to getting us all running something. There are two schools (UVU & SLCC) and sorta three or four (Dixie & Utah) that are running IDS and IPS, but I would like to see something we could all get onboard with and collectively afford as well. I don't have any specific wares to recommend to the CIO group, but I think it's critical we all find a sustainable and affordable way to do this across all the institutions. My $.02 _______________________________________________ USHE-assess mailing list USHE-assess@lists.dixie.edu <mailto:USHE-assess@lists.dixie.edu> http://lists.dixie.edu/cgi-bin/mailman/listinfo/ushe-assess
USHE-assess mailing list USHE-assess@lists.dixie.edu http://lists.dixie.edu/cgi-bin/mailman/listinfo/ushe-assess
On Thu, Jul 2, 2015 at 4:22 PM, Andrew Goble goble@dixie.edu wrote:
Let's try to do our work meeting late the last week of July or the first week of August. How does the 29th/30th look? That would avoid the next week for anybody off to DefCon.
This works for me.
I'd like to come up with a 3rd level domain to start using with assessment stuff so we can apply real signed certs, use services by name, etc.
I think all the USHE DNS stuff is up and fully functional and I know many or most of the other things are online as well. We have had guys start moving services up to the magical USHE cloud, here at USU. It got me thinking... Maybe we should just start parking all our assessment stuff all up there maybe? It would give us the DNS you seek, put us in a "centralish" location, the DDC.
I don't care either way, it was just a thought I was having. ...you know how much those are usually worth.
I'm good for the 29th/30th.
Up to you on where to host the strike package. The DDC is a good alternative. But you at least have direct physical access to the equipment there at Dixie. I'm good either way.
Mark
On Sat, Jul 4, 2015 at 1:47 PM, Chuck Kimber chuck.kimber@usu.edu wrote:
On Thu, Jul 2, 2015 at 4:22 PM, Andrew Goble goble@dixie.edu wrote:
Let's try to do our work meeting late the last week of July or the first week of August. How does the 29th/30th look? That would avoid the next week for anybody off to DefCon.
This works for me.
I'd like to come up with a 3rd level domain to start using with assessment stuff so we can apply real signed certs, use services by name, etc.
I think all the USHE DNS stuff is up and fully functional and I know many or most of the other things are online as well. We have had guys start moving services up to the magical USHE cloud, here at USU. It got me thinking... Maybe we should just start parking all our assessment stuff all up there maybe? It would give us the DNS you seek, put us in a "centralish" location, the DDC.
I don't care either way, it was just a thought I was having. ...you know how much those are usually worth.
USHE-assess mailing list USHE-assess@lists.dixie.edu http://lists.dixie.edu/cgi-bin/mailman/listinfo/ushe-assess
I'm not opposed to the DDC, but it adds a layer of management complexity plus we'd ahve to put some physical hardware there (aka thekraken) I think we'd have to pay for space at the DDC right now... I didn't budget for that. Dixie will be free so I'm happy to just let it stay here for the time being.
That said, any strong opinions on what 3rd level domain to use?
Should we plan on for sure on July 29-30th for the work meeting? Jon, Dave, would you be willing to put us up for a couple days at UVU for the meeting?
Thanks, Andrew
On 07/06/2015 12:10 PM, Mark Walton wrote:
I'm good for the 29th/30th.
Up to you on where to host the strike package. The DDC is a good alternative. But you at least have direct physical access to the equipment there at Dixie. I'm good either way.
Mark
On Sat, Jul 4, 2015 at 1:47 PM, Chuck Kimber <chuck.kimber@usu.edu mailto:chuck.kimber@usu.edu> wrote:
On Thu, Jul 2, 2015 at 4:22 PM, Andrew Goble <goble@dixie.edu <mailto:goble@dixie.edu>> wrote: Let's try to do our work meeting late the last week of July or the first week of August. How does the 29th/30th look? That would avoid the next week for anybody off to DefCon. This works for me. I'd like to come up with a 3rd level domain to start using with assessment stuff so we can apply real signed certs, use services by name, etc. I think all the USHE DNS stuff is up and fully functional and I know many or most of the other things are online as well. We have had guys start moving services up to the magical USHE cloud, here at USU. It got me thinking... Maybe we should just start parking all our assessment stuff all up there maybe? It would give us the DNS you seek, put us in a "centralish" location, the DDC. I don't care either way, it was just a thought I was having. ...you know how much those are usually worth. _______________________________________________ USHE-assess mailing list USHE-assess@lists.dixie.edu <mailto:USHE-assess@lists.dixie.edu> http://lists.dixie.edu/cgi-bin/mailman/listinfo/ushe-assess
USHE-assess mailing list USHE-assess@lists.dixie.edu http://lists.dixie.edu/cgi-bin/mailman/listinfo/ushe-assess
I've submitted a request to reserve a room for us for the 29th and 30th at UVU. I'll work on parking for those not coming in a state vehicle.
Thanks,
Jon
On Mon, Jul 6, 2015 at 11:51 AM -0700, "Andrew Goble" <goble@dixie.edumailto:goble@dixie.edu> wrote:
I'm not opposed to the DDC, but it adds a layer of management complexity plus we'd ahve to put some physical hardware there (aka thekraken) I think we'd have to pay for space at the DDC right now... I didn't budget for that. Dixie will be free so I'm happy to just let it stay here for the time being.
That said, any strong opinions on what 3rd level domain to use?
Should we plan on for sure on July 29-30th for the work meeting? Jon, Dave, would you be willing to put us up for a couple days at UVU for the meeting?
Thanks, Andrew
On 07/06/2015 12:10 PM, Mark Walton wrote:
I'm good for the 29th/30th.
Up to you on where to host the strike package. The DDC is a good alternative. But you at least have direct physical access to the equipment there at Dixie. I'm good either way.
Mark
On Sat, Jul 4, 2015 at 1:47 PM, Chuck Kimber <chuck.kimber@usu.edu mailto:chuck.kimber@usu.edu> wrote:
On Thu, Jul 2, 2015 at 4:22 PM, Andrew Goble <goble@dixie.edu <mailto:goble@dixie.edu>> wrote: Let's try to do our work meeting late the last week of July or the first week of August. How does the 29th/30th look? That would avoid the next week for anybody off to DefCon. This works for me. I'd like to come up with a 3rd level domain to start using with assessment stuff so we can apply real signed certs, use services by name, etc. I think all the USHE DNS stuff is up and fully functional and I know many or most of the other things are online as well. We have had guys start moving services up to the magical USHE cloud, here at USU. It got me thinking... Maybe we should just start parking all our assessment stuff all up there maybe? It would give us the DNS you seek, put us in a "centralish" location, the DDC. I don't care either way, it was just a thought I was having. ...you know how much those are usually worth. _______________________________________________ USHE-assess mailing list USHE-assess@lists.dixie.edu <mailto:USHE-assess@lists.dixie.edu> http://lists.dixie.edu/cgi-bin/mailman/listinfo/ushe-assess
USHE-assess mailing list USHE-assess@lists.dixie.edu http://lists.dixie.edu/cgi-bin/mailman/listinfo/ushe-assess
_______________________________________________ USHE-assess mailing list USHE-assess@lists.dixie.edu http://lists.dixie.edu/cgi-bin/mailman/listinfo/ushe-assess
Awesome...
We have a date, who's planning on coming? Let's get a headcount of who's going to be there and who's coming from far enough away that they'll want a hotel room the night of the 29th.
Got commits from Mark, Chuck, and Jon so far.
I'll have the new strike package gear there with the network and virtual environment ready to go. Also will have new toys, ducks, proxmark, Pis, etc there to work on and spread around the team. Lets plan to talk strategy and tactics, work on tools, etc at the meeting.
Thanks, Andrew
On 07/07/2015 02:34 PM, Jon Barclay wrote:
I've submitted a request to reserve a room for us for the 29th and 30th at UVU. I'll work on parking for those not coming in a state vehicle.
Thanks,
Jon
On Mon, Jul 6, 2015 at 11:51 AM -0700, "Andrew Goble" <goble@dixie.edu mailto:goble@dixie.edu> wrote:
I'm not opposed to the DDC, but it adds a layer of management complexity plus we'd ahve to put some physical hardware there (aka thekraken) I think we'd have to pay for space at the DDC right now... I didn't budget for that. Dixie will be free so I'm happy to just let it stay here for the time being.
That said, any strong opinions on what 3rd level domain to use?
Should we plan on for sure on July 29-30th for the work meeting? Jon, Dave, would you be willing to put us up for a couple days at UVU for the meeting?
Thanks, Andrew
On 07/06/2015 12:10 PM, Mark Walton wrote:
I'm good for the 29th/30th.
Up to you on where to host the strike package. The DDC is a good alternative. But you at least have direct physical access to the equipment there at Dixie. I'm good either way.
Mark
On Sat, Jul 4, 2015 at 1:47 PM, Chuck Kimber <chuck.kimber@usu.edu mailto:chuck.kimber@usu.edu> wrote:
On Thu, Jul 2, 2015 at 4:22 PM, Andrew Goble <goble@dixie.edu <mailto:goble@dixie.edu>> wrote: Let's try to do our work meeting late the last week of July or the first week of August. How does the 29th/30th look? That would avoid the next week for anybody off to DefCon. This works for me. I'd like to come up with a 3rd level domain to start using with assessment stuff so we can apply real signed certs, use services by name, etc. I think all the USHE DNS stuff is up and fully functional and I know many or most of the other things are online as well. We have had guys start moving services up to the magical USHE cloud, here at USU. It got me thinking... Maybe we should just start parking all our assessment stuff all up there maybe? It would give us the DNS you seek, put us in a "centralish" location, the DDC. I don't care either way, it was just a thought I was having. ...you know how much those are usually worth. _______________________________________________ USHE-assess mailing list USHE-assess@lists.dixie.edu <mailto:USHE-assess@lists.dixie.edu>http://lists.dixie.edu/cgi-bin/mailman/listinfo/ushe-assess
USHE-assess mailing list USHE-assess@lists.dixie.edu http://lists.dixie.edu/cgi-bin/mailman/listinfo/ushe-assess
USHE-assess mailing list USHE-assess@lists.dixie.edu http://lists.dixie.edu/cgi-bin/mailman/listinfo/ushe-assess
USHE-assess mailing list USHE-assess@lists.dixie.edu http://lists.dixie.edu/cgi-bin/mailman/listinfo/ushe-assess
Looks like it will just be me from the U.
Dustin
On 7/7/15, 2:53 PM, "ushe-assess-bounces@lists.dixie.edu on behalf of Andrew Goble" <ushe-assess-bounces@lists.dixie.edu on behalf of goble@dixie.edu> wrote:
Awesome...
We have a date, who's planning on coming? Let's get a headcount of who's going to be there and who's coming from far enough away that they'll want a hotel room the night of the 29th.
Got commits from Mark, Chuck, and Jon so far.
I'll have the new strike package gear there with the network and virtual environment ready to go. Also will have new toys, ducks, proxmark, Pis, etc there to work on and spread around the team. Lets plan to talk strategy and tactics, work on tools, etc at the meeting.
Thanks, Andrew
On 07/07/2015 02:34 PM, Jon Barclay wrote:
I've submitted a request to reserve a room for us for the 29th and 30th at UVU. I'll work on parking for those not coming in a state vehicle.
Thanks,
Jon
On Mon, Jul 6, 2015 at 11:51 AM -0700, "Andrew Goble" <goble@dixie.edu mailto:goble@dixie.edu> wrote:
I'm not opposed to the DDC, but it adds a layer of management complexity plus we'd ahve to put some physical hardware there (aka thekraken) I think we'd have to pay for space at the DDC right now... I didn't budget for that. Dixie will be free so I'm happy to just let it stay here for the time being.
That said, any strong opinions on what 3rd level domain to use?
Should we plan on for sure on July 29-30th for the work meeting? Jon, Dave, would you be willing to put us up for a couple days at UVU for the meeting?
Thanks, Andrew
On 07/06/2015 12:10 PM, Mark Walton wrote:
I'm good for the 29th/30th.
Up to you on where to host the strike package. The DDC is a good alternative. But you at least have direct physical access to the equipment there at Dixie. I'm good either way.
Mark
On Sat, Jul 4, 2015 at 1:47 PM, Chuck Kimber <chuck.kimber@usu.edu mailto:chuck.kimber@usu.edu> wrote:
On Thu, Jul 2, 2015 at 4:22 PM, Andrew Goble <goble@dixie.edu <mailto:goble@dixie.edu>> wrote: Let's try to do our work meeting late the last week of July or the first week of August. How does the 29th/30th look? That would avoid the next week for anybody off to DefCon. This works for me. I'd like to come up with a 3rd level domain to start using with assessment stuff so we can apply real signed certs, useservices by name, etc.
I think all the USHE DNS stuff is up and fully functional and Iknow many or most of the other things are online as well. We have had guys start moving services up to the magical USHE cloud, here at USU. It got me thinking... Maybe we should just start parking all our assessment stuff all up there maybe? It would give us the DNS you seek, put us in a "centralish" location, the DDC.
I don't care either way, it was just a thought I was having. ...you know how much those are usually worth. _______________________________________________ USHE-assess mailing list USHE-assess@lists.dixie.edu <mailto:USHE-assess@lists.dixie.edu>http://lists.dixie.edu/cgi-bin/mailman/listinfo/ushe-assess
USHE-assess mailing list USHE-assess@lists.dixie.edu http://lists.dixie.edu/cgi-bin/mailman/listinfo/ushe-assess
USHE-assess mailing list USHE-assess@lists.dixie.edu http://lists.dixie.edu/cgi-bin/mailman/listinfo/ushe-assess
USHE-assess mailing list USHE-assess@lists.dixie.edu http://lists.dixie.edu/cgi-bin/mailman/listinfo/ushe-assess
USHE-assess mailing list USHE-assess@lists.dixie.edu http://lists.dixie.edu/cgi-bin/mailman/listinfo/ushe-assess
On Tue, Jun 30, 2015 at 1:06 PM, Chuck Kimber chuck.kimber@usu.edu wrote:
We are set to continue. A longer time period is a go, (conditional upon
institutional approval).
Muahhh haaa haa haaaaaa....
Some clarification here too. If an institution wants to run some "Blue Team" exercises here, like UVU did when we were there, I think this is fully valid. But we run into this little "problem", at all institutions, where things start to leak. Sometimes it's the local liaison, sometimes it's us just chumming around (I've done this myself), but obviously the less this leaks ahead of time, the better, and more realistic our "Persistent Threat" scenario will be. For the sake of keeping all of UEN's address space blacklisted and firewalled, I would suggest we keep these activities mainly restricted to the address space at Dixie where our virtual boxes are kept. If one or all of them get blocked, that is a finding in itself, but it will be easier to coordinate any unblocking of those addresses for the audit, with the local Security Officer.
Are there any strong opinions about that, or is it just silly?
participants (6)
-
Andrew Goble -
Chuck Kimber -
Dave Nielsen -
Dustin Udy -
Jon Barclay -
Mark Walton