Podcasts about linux servers

**[LIVE] Out of the Woods: The Threat Hunting Podcast October 24, 2024 | 7:00 – 8:30 PM ET Sign Up > https://intel471.com/resources/podcasts/blood-sweat-and-threats-carving-the-perfect-threat-hunter ---------- Top Headlines: Aqua | perfctl: A Stealthy Malware Targeting Millions of Linux Servers: https://www.aquasec.com/blog/perfctl-a-stealthy-malware-targeting-millions-of-linux-servers/  Cisco Talos Blog | Threat Actor Believed to be Spreading New MedusaLocker Variant in Europe and South America: https://blog.talosintelligence.com/threat-actor-believed-to-be-spreading-new-medusalocker-variant-since-2022/?&web_view=true Proofpoint US | Security Brief: Royal Mail Lures Deliver Open Source Prince Ransomware: https://www.proofpoint.com/us/blog/threat-insight/security-brief-royal-mail-lures-deliver-open-source-prince-ransomware Security Affairs | Kyiv's Hackers Launched an Unprecedented Cyber Attack on Russian State Media VGTRK on Putin's Birthday: https://securityaffairs.com/169486/cyber-warfare-2/kyivs-hackers-hit-russian-state-media.html?web_view=true ---------- Stay in Touch! Twitter: https://twitter.com/Intel471Inc LinkedIn: https://www.linkedin.com/company/intel-471/ YouTube: https://www.youtube.com/channel/UCIL4ElcM6oLd3n36hM4_wkg Discord: https://discord.gg/DR4mcW4zBr Facebook: https://www.facebook.com/Intel471Inc/

[Referências do Episódio] SHROUDED#SLEEP: A deep dive into North Korea's Ongoing Campaign Against Southeast Asia - https://www.securonix.com/blog/shroudedsleep-a-deep-dive-into-north-koreas-ongoing-campaign-against-southeast-asia/ perfctl: A stealthy malware targeting millions of Linux Servers - https://www.aquasec.com/blog/perfctl-a-stealthy-malware-targeting-millions-of-linux-servers/ Ransomware groups demystified: CyberVolk Ransomware - https://www.rapid7.com/blog/post/2024/10/03/ransomware-groups-demystified-cybervolk-ransomware/ Roteiro e apresentação: Carlos Cabral e Bianca Oliveira Edição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia

Listen to the latest on System76 computers, manufacturing, Pop!_OS and COSMIC DE. This episode features an interview with Dave Shaver, an IT director at a small hospital and a local church in Northern New Mexico. Dave shares his extensive experience with Linux, starting from the early 2000s, and his preference for System 76 laptops, his day to day,  and his side projects in music, video, graphics, web design, and gaming.[00:00:02]: Introduction and Countdown[00:02:24]: Last month's Cosmic Desktop Environment Alpha Release[00:05:28]: Cosmic Ambassador Program[00:06:35]: Community Meetups and Online Groups[00:08:13]: Special Guest - Dave Shaver, IT Director and SysAdmin[00:11:00] Linux Servers in the data center[00:11:34] Why Choose System76[00:13:38] Day to day[00:15:55] Key tools and software used daily[00:20:03]: Game Time and Conclusion

This episode reports on the Phorpiex botnet spreading LockBit ransomware, the sentencing of a man behind the Tornado Cash cryptocurrency mixer for money laundering, and more

Navigate the complexities of IT automation with the Automate IT podcast, hosted by Automox's David van Heerden. Each episode dives deep into automation strategies, expert insights, and actionable advice to simplify your IT operations. Explore the far-reaching capabilities of automation in IT and make Automate IT your go-to resource.Show Links:Getting started with Home Assistant: https://www.home-assistant.io/getting-started/

Welcome to Product Talk, your ultimate guide to the features and use cases of Automox, hosted by Peter Pflaster and Steph Rizzuto. This podcast peels back the layers of Automox's endpoint management software, discussing its various features, practical uses, and the transformative impact it has on businesses. Join Peter and Steph as they explore the nooks and crannies of the Automox product and help you leverage its full potential for your IT needs.Links:Automox Worklet Catalog (public): https://www.automox.com/workletsAutomox Worklet Catalog (in console): https://console.automox.com/manage/worklet-catalogAutomox Supported Linux Distros: https://help.automox.com/hc/en-us/articles/5352186282644-Supported-Operating-Systems

Ansible gilt als Allzweckwaffe, um Linux-Server automatisiert zu konfigurieren – zurecht, und zwar nicht nur für Berufs-Admins, sondern auch zum schnellen Hochziehen eigener Server. In dieser Folge des c't uplink erzählen Niklas Dierking und Pina Merkert, was Ansible alles kann, was Roles und Playbooks sind und was es mit Telerec't auf sich hat – einem kleinen aber feinen Beispielprojekt, das einen Server mit wenigen Handgriffen mit den wichtigsten Diensten konfiguriert. Den ersten Teil unserer Ansible-Reihe finden Sie in c't 1/2024 auf Seite 150. Der zweite Teil der Reihe erscheint mit c't 2/2024 auf Seite 154 (ab 12. Januar erhältlich).

Ansible gilt als Allzweckwaffe, um Linux-Server automatisiert zu konfigurieren – zurecht, und zwar nicht nur für Berufs-Admins, sondern auch zum schnellen Hochziehen eigener Server. In dieser Folge des c't uplink erzählen Niklas Dierking und Pina Merkert, was Ansible alles kann, was Roles und Playbooks sind und was es mit Telerec't auf sich hat – einem kleinen aber feinen Beispielprojekt, das einen Server mit wenigen Handgriffen mit den wichtigsten Diensten konfiguriert. Mit dabei: Niklas Dierking, Pina Merkert Moderation: Jan Schüßler Den ersten Teil unserer Ansible-Reihe finden Sie in c't 1/2024 auf Seite 150. Der zweite Teil der Reihe erscheint mit c't 2/2024 auf Seite 154 (ab 12. Januar erhältlich).

Ansible gilt als Allzweckwaffe, um Linux-Server automatisiert zu konfigurieren – zurecht, und zwar nicht nur für Berufs-Admins, sondern auch zum schnellen Hochziehen eigener Server. In dieser Folge des c't uplink erzählen Niklas Dierking und Pina Merkert, was Ansible alles kann, was Roles und Playbooks sind und was es mit Telerec't auf sich hat – einem kleinen aber feinen Beispielprojekt, das einen Server mit wenigen Handgriffen mit den wichtigsten Diensten konfiguriert. Mit dabei: Niklas Dierking, Pina Merkert Moderation: Jan Schüßler Den ersten Teil unserer Ansible-Reihe finden Sie in c't 1/2024 auf Seite 150. Der zweite Teil der Reihe erscheint mit c't 2/2024 auf Seite 154 (ab 12. Januar erhältlich).

Diese Episode, die am oberösterreichischen Bratwürstlsonntag stattfindet, startet mit dem Thema E-Mobilität und Tesla. Danach geht es weiter mit dem guten alten Thema "Todo Listen". André erzählt von seinen Erfahrungen mit Google Tasks und die Diskussion weitet sich zum Thema Notizen hin aus. Danach geht es weiter mit Backups. Tom erzählt von seiner Ablöse der Apple Time Capsule mit einem Time Machine Server am Linux Server. Zu guter Letzt gibt es noch einen kleinen Programmiertipp mit der Library Bucket4J.

Can we save an old Arch install? We'll attempt a live rescue, then get into our tips for keeping your old Linux install running great.

A classic gadget gets a Linux-powered new lease on life, the next project getting Rusty, great news for Btrfs users, and more.

A classic gadget gets a Linux-powered new lease on life, the next project getting Rusty, great news for Btrfs users, and more.

This episode reports on a review of the latest version of ChatGPT, poor passwords are compromising Linux SSH servers and more

Hello, and welcome to another episode of CISO Tradecraft -- the podcast that provides you with the information, knowledge, and wisdom to be a more effective cybersecurity leader.  My name is G. Mark Hardy, and today we are going to discuss how nation state conflict and sponsored cyberattacks can affect us as non-combatants, and what we should be doing about it.  Even if you don't have operations in a war zone, remember cyber has a global reach, so don't think that just because you may be half a world away from the battlefield that someone is not going to reach out and touch you in a bad way.  So, listen for what I think will be a fascinating episode, and please do us a small favor and give us a "like" or a 5-star review on your favorite podcast platform -- those ratings really help us reach our peers.  It only takes a click -- thank you for helping out our security leadership community. I'm not going to get into any geopolitics here; I'm going to try to ensure that this episode remains useful for quite some time.  However, since the conflict in Ukraine has been ongoing for over two hundred days, I will draw examples from that. The ancient Chinese military strategist Sun Tzu wrote: “If you know the enemy and know yourself, you need not fear the result of a hundred battles.  If you know yourself but not the enemy, for every victory gained you will also suffer a defeat.  If you know neither the enemy nor yourself, you will succumb in every battle.” That's a little more detailed than the classic Greek aphorism, "know thyself," but the intent is the same even today.  Let me add one more quote and we'll get into the material.  Over 20 years ago, when he was Secretary of Defense, Donald Rumsfeld said: "As we know, there are known knowns; there are things we know we know.  We also know there are known unknowns; that is to say we know there are some things we do not know.  But there are also unknown unknowns—the ones we don't know we don't know.  And if one looks throughout the history of our country and other free countries, it is the latter category that tends to be the difficult ones. So, knowledge seems extremely important throughout the ages.  Modern governments know that, and as a result all have their own intelligence agencies.  Let's look at an example.  If we go to the CIA's website, we will see the fourfold mission of the Central Intelligence Agency: Collecting foreign intelligence that matters Producing objective all-source analysis Conducting effective covert action as directed by the President Safeguarding the secrets that help keep our nation safe. Why do we mention this?  Most governments around the world have similar Nation State objectives and mission statements.  Additionally, it's particularly important to understand what is wanted by "state actors" (note, I'll use that term for government and contract intelligence agents.). What are typical goals for State Actors?  Let's look at a couple: Goal 1: Steal targeting data to enable future operations.  Data such as cell phone records, banking statements or emails allow countries to better target individuals and companies when they know that identifying information.  Additionally, targeting data allows Nation state organizations to understand how individuals are connected.  This can be key when we are looking for key influencers for targets of interest.  All targeting data should not be considered equal.  Generally, Banking and Telecom Data are considered the best for collecting so be mindful if that is the type of company that you protect.  State Actors target these organizations because of two factors:The Importance of the Data is the first factor.  If one party sends a second party an email, that means there is a basic level of connection.  However, it's not automatically a strong connection since we all receive emails from spammers.  If one party calls someone and talks for 10 minutes to them on a phone call, that generally means a closer connection than an email.  Finally, if one party sends money to another party that either means a really strong connection exists, or someone just got scammed. The Accuracy of the Data is the second factor.  Many folks sign up for social media accounts with throw away credentials (i.e., fake names and phone numbers).  Others use temporary emails to attend conferences, so they don't get marketing spam when they get home.  However, because of Anti Money Laundering (or AML) laws, people generally provide legitimate data to financial services firms.  If they don't, then they risk not being able to take the money out of a bank -- which would be a big problem. A second goal in addition to collecting targeting data, is that State Actors are interested in collecting Foreign Intelligence.  Foreign Intelligence which drives policy-making decisions is very impactful.  Remember, stealing secrets that no one cares about is generally just a waste of government tax dollars.  If governments collect foreign intelligence on sanctioned activity, then they can inform policy makers on the effectiveness of current sanctions, which is highly useful.  By reporting sanctioned activity, the government can know when current sanctions are being violated and when to update current sanctions.  This can result in enabling new intelligence collection objectives.  Examples of this include:A country may sanction a foreign air carrier that changes ownership or goes out of business.  In that case, sanctions may be added against different airlines.  This occurred when the US sanctioned Mahan Air, an Iran's airline.  Currently the US enforces sanctions on more than half of Iran's civilian airlines. A country may place sanctions on a foreign bank to limit its ability to trade in certain countries or currencies.  However, if sanctioned banks circumvent controls by trading with smaller banks which are not sanctioned, then current sanctions are likely ineffective.  Examples of sanctioning bank activity by the US against Russia during the current war with Ukraine include:On February 27th sanctions were placed against Russian Banks using the SWIFT international payment systems On February 28th, the Russian Central Bank was sanctioned On March 24th, the Russian Bank Sberbank CEO was sanctioned On April 5th, the US IRS suspended information exchanges with the Russian tax authorities to hamper Moscow's ability to collect taxes. On April 6th, the US sanctioned additional Russian banks. These sanctions didn't just start with the onset of hostilities on 24 February 2022.  They date back to Russia's invasion of Crimea.  It's just that the US has turned up the volume this time. If sanctions are placed against a country's nuclear energy practices, then knowing what companies are selling or trading goods into the sanctioned country becomes important.  Collecting information from transportation companies that identify goods being imported and exported into the country can also identify sanction effectiveness. A third goal or activity taken by State Actors is covert action.  Covert Action is generally intended to cause harm to another state without attribution.  However, anonymity is often hard to maintain.If we look at Russia in its previous history with Ukraine, we have seen the use of cyber attacks as a form of covert action.  The devastating NotPetya malware (which has been generally accredited to Russia) was launched as a supply chain attack.  Russian agents compromised the software update mechanism of Ukrainian accounting software M.E. Doc, which was used by nearly 400,000 clients to manage financial documents and file tax returns.  This update did much more than the intended choking off of Ukrainian government tax revenue -- Maersk shipping estimates a loss of $300 million.  FedEx around $400 million.  The total global damage to companies is estimated at around $10 billion. The use of cyberattacks hasn't been limited to just Russia.  Another example is Stuxnet.  This covert action attack against Iranian nuclear facilities that destroyed nearly one thousand centrifuges is generally attributed to the U.S. and Israel. Changing topics a little bit, we can think of the story of two people encountering a bear. Two friends are in the woods, having a picnic.  They spot a bear running at them.  One friend gets up and starts running away from the bear.  The other friend opens his backpack, takes out his running shoes, changes out of his hiking boots, and starts stretching.  “Are you crazy?” the first friend shouts, looking over his shoulder as the bear closes in on his friend.  “You can't outrun a bear!”  “I don't have to outrun the bear,” said the second friend.  “I only have to outrun you.” So how can we physically outrun the Cyber Bear? We need to anticipate where the Bear is likely to be encountered.  Just as national park signs warn tourists of animals, there's intelligence information that can inform the general public.  If you are looking for physical safety intelligence you might consider:The US Department of State Bureau of Consular Affairs.  The State Department hosts a travel advisory list.  This list allows anyone to know if a country has issues such as Covid Outbreaks, Civil Unrest, Kidnappings, Violent Crime, and other issues that would complicate having an office for most businesses. Another example is the CIA World Factbook.  The World Factbook provides basic intelligence on the history, people, government, economy, energy, geography, environment, communications, transportation, military, terrorism, and transnational issues for 266 world entities. Additionally you might also consider data sources from the World Health Organization and The World Bank If we believe that one of our remote offices is now at risk, then we need to establish a good communications plan.  Good communications plans generally require at least four forms of communication.  The acronym PACE or Primary, Alternate, Contingency, and Emergency is often usedPrimary Communication: We will first try to email folks in the office. Alternate Communication: If we are unable to communicate via email, then we will try calling their work phones. Contingency Communication: If we are unable to reach individuals via their work phones, then we will send a Text message to their personal cell phones. Emergency Communication: If we are unable to reach them by texting their personal devices, then we will send an email to their personal emails and next of kin. Additionally, we might purchase satellite phones for a country manager.  Satellite phones can be generally purchased for under $1,000 and can be used with commercial satellite service providers such as Inmarsat, Globalstar, and Thuraya.  One popular plan is Inmarsat's BGAN.  BGAN can usually be obtained from resellers for about $100 per month with text messaging costing about fifty cents each and calls costing about $1.50 per minute.  This usually translates to a yearly cost of $1,500-2K per device.  Is $2K worth the price of communicating to save lives in a high-risk country during high political turmoil?  Let your company decide.  Note a great time to bring this up may be during use-or-lose money discussions at the end of the year. We should also consider preparing egress locations.  For example, before a fire drill most companies plan a meetup location outside of their building so they can perform a headcount.  This location such as a vacant parking lot across the street allows teams to identify missing personnel which can later be communicated to emergency personnel.  If your company has offices in thirty-five countries, you should think about the same thing, but not assembling across the street but across the border.  Have you identified an egress office for each overseas country?  If you had operations in Ukraine, then you might have chosen a neighboring country such as Poland, Romania, or Hungary to facilitate departures.  When things started going bad, that office could begin creating support networks to find local housing for your corporate refugees.  Additionally, finding job opportunities for family members can also be extremely helpful when language is a barrier in new countries. If we anticipate the Bear is going to attack our company digitally, then we should also look for the warning signs.  Good examples of this include following threat intelligence information from: Your local ISAC organization.  ISAC or Information Sharing Analysis Centers are great communities where you can see if your vertical sector is coming under attack and share your experiences/threats.  The National Council of ISACs lists twenty-five different members across a wide range of industries.  An example is the Financial Services ISAC or FS-ISAC which has a daily and weekly feed where subscribers can find situational reports on cyber threats from State Actors and criminal groups. InfraGard™ is a partnership between the Federal Bureau of Investigation and members of the private sector for the protection of US Critical Infrastructure.  Note you generally need to be a US citizen without a criminal history to join AlienVault offers a Threat Intelligence Community called Open Threat Exchange which grants users free access to over nineteen million threat indicators.  Note AlienVault currently hosts over 100,000 global participants, so it's a great place to connect with fellow professionals. The Cybersecurity & Infrastructure Security Agency or CISA also routinely issues cybersecurity advisories to stop harmful malware, ransomware, and nation state attacks.  Helpful pages on their websites include the following:Shields Up which provides updates on cyber threats, guidance for organizations, recommendations for corporate Leaders and CEOs, ransomware responses, free tooling, and steps that you can take to protect your families. There's even a Shields Technical Guidance page with more detailed recommendations. CISA routinely puts out Alerts which identify threat actor tactics and techniques.  For example, Alert AA22-011A identifies how to understand and mitigate Russian State Sponsored Cyber Threats to US Critical Infrastructure.  This alert tells you what CVEs the Russian government is using as well as the documented TTPs which map to the MITRE ATT&CK™ Framework.  Note if you want to see more on the MITRE ATT&CK mapped to various intrusion groups we recommend going to attack.mitre.org slant groups. CISA also has notifications that organizations can sign up for to receive timely information on security issues, vulnerabilities, and high impact activity. Another page to note on CISA's website is US Cert.  Here you can report cyber incidents, report phishing, report malware, report vulnerabilities, share indicators, or contact US Cert.  One helpful page to consider is the Cyber Resilience Review Assessment.  Most organizations have an IT Control to conduct yearly risk assessments, and this can help identify weaknesses in your controls. Now that we have seen a bear in the woods, what can we do to put running shoes on to run faster than our peers?  If we look at the CISA Shield Technical Guidance Page we can find shields up recommendations such as remediating vulnerabilities, enforcing MFA, running antivirus, enabling strong spam filters to prevent phishing attacks, disabling ports and protocols that are not essential, and strengthening controls for cloud services.  Let's look at this in more detail to properly fasten our running shoes. If we are going to remediate vulnerabilities let's focus on the highest priority.  I would argue those are high/critical vulnerabilities with known exploits being used in the wild.  You can go to CISA's Known Exploited Vulnerabilities Catalog page for a detailed list.  Each time a new vulnerability gets added, run a vulnerability scan on your environment to prioritize patching. Next is Multi Factor Authentication (MFA).  Routinely we see organizations require MFA access to websites and use Single Sign On.  This is great -- please don't stop doing this.  However, we would also recommend MFA enhancements in two ways.  One, are you using MFA on RDP/SSH logins by administrators?  If not, then please enable immediately.  You never know when one developer will get phished, and the attacker can pull his SSH keys.  Having MFA means even when those keys are lost, bad actor propagation can be minimized.  Another enhancement is to increase the security within your MFA functionality.  For example, if you use Microsoft Authenticator today try changing from a 6 digit rotating pin to using security features such as number matching that displays the location of their IP Address.  You can also look at GPS conditional policies to block all access from countries in which you don't have a presence. Running antivirus is another important safeguard.  Here's the kicker -- do you actually know what percentage of your endpoints are running AV and EDR agents?  Do you have coverage on both your Windows and Linux Server environments?  Of the agents running, what portion have signatures updates that are not current?  How about more than 30 days old.  We find a lot of companies just check the box saying they have antivirus, but if you look behind the scenes you can see that antivirus isn't as effective as you think when it's turned off or outdated. Enabling Strong Spam Filters is another forgotten exercise.  Yes, companies buy solutions like Proofpoint to secure email, but there's more that can be done.  One example is implementing DMARC to properly authenticate and block spoofed emails.  It's the standard now and prevents brand impersonation.  Also please consider restricting email domains.  You can do this at the very top.  Today, the vast majority of legitimate correspondents still utilize one of the original seven top-level domains:  .com, .org, .net, .edu, .mil, .gov, and .int, as well as two-letter country code top-level domains (called ccTLDs).  However, you should look carefully at your business correspondence to determine if communicating with all 1,487 top-level domains is really necessary.  Let's say your business is located entirely in the UK.  Do you really want to allow emails from Country codes such as .RU, .CN, and others?  Do you do business with .hair, or .lifestyle, or .xxx?  If you don't have a business reason for conducting commerce with these TLDs, block them and minimize both spam and harmful attacks.  It won't stop bad actors from using Gmail to send phishing attacks, but you might be surprised at just how much restricting TLDs in your email can help.  Note that you have to be careful not to create a self-inflicted denial of service, so make sure that emails from suspect TLDs get evaluated before deletion. Disabling Ports and Protocols is key since you don't want bad actors having easy targets.  One thing to consider is using Amazon Inspector.  Amazon Inspector has rules in the network reachability package to analyze your network configurations to find security vulnerabilities in your EC2 Instances.  This can highlight and provide guidance about restricting access that is not secure such as network configurations that allow for potentially malicious access such as mismanaged security groups, Access Control Lists, Internet Gateways, etc. Strengthening Cloud Security- We won't go into this topic too much as you could spend a whole talk on strengthening cloud security.  Companies should consider purchasing a cloud security solution like Wiz, Orca, or Prisma for help in this regard.  One tip we don't see often is using geo-fencing and IP allow-lists.  For example, one new feature that AWS recently created is to enable Web Application Firewall protections for Amazon Cognito.  This makes it easier to protect user pools and hosted UIs from common web exploits. Once we notice there's likely been a bear attack on our peers or our infrastructure, we should report it.  This can be done by reporting incidents to local governments such as CISA or a local FBI field office, paid sharing organizations such as ISAC, or free communities such as AlienVault OTX. Let's walk through a notional example of what we might encounter as collateral damage in a cyberwar.  However, to keeps this out of current geopolitics, we'll use the fictitious countries Blue and Orange. Imagine that you work at the Acme Widget Corporation which is a Fortune 500 company with a global presence.  Because Acme manufactures large scale widgets in their factory in the nation of Orange, they are also sold to the local Orange economy.  Unfortunately for Acme, Orange has just invaded their neighboring country Blue.  Given that Orange is viewed as the aggressor, various countries have imposed sanctions against Orange.  Not wanting to attract the attention of the Orange military or the U.S. Treasury department, your company produces an idea that might just be crazy enough to work.  Your company is going to form a new company within Orange that is not affiliated with the parent company for the entirety of the war.  This means that the parent company won't provide services to the Orange company.  Additionally, since there is no affiliation between the companies then the legal department advises that there will not be sanction evasion activity which could put the company at risk.  There's just one problem.  Your company has to evict the newly created Orange company (Acme Orange LLC) from its network and ensure it has the critical IT services to enable its success. So where do we start?  Let's consider a few things.  First, what is the lifeblood of a company?  Every company really needs laptops and Collaboration Software like Office 365 or GSuite.  So, if we have five hundred people in the new Acme Orange company, that's five hundred new laptops and a new server that will host Microsoft Exchange, a NAS drive, and other critical Microsoft on premises services. Active Directory: Once you obtain the server, you realize a few things.  Previous Acme admin credentials were used to troubleshoot desktops in the Orange environment.  Since exposed passwords are always a bad thing, you get your first incident to refresh all passwords that may have been exposed.  Also, you ensure a new Active Directory server is created for your Orange environment.  This should leverage best practices such as MFA since Orange Companies will likely come under attack. Let's talk about other things that companies need to survive: Customer relations management (CRM) services like Salesforce Accounting and Bookkeeping applications such as QuickBooks Payment Software such as PayPal or Stripe File Storage such as Google Drive or Drop Box Video Conferencing like Zoom Customer Service Software like Zendesk Contract Management software like DocuSign HR Software like Bamboo or My Workday Antivirus & EDR software Standing up a new company's IT infrastructure in a month is never a trivial task.  However, if ACME Orange is able to survive for 2-3 years it can then return to the parent company after the sanctions are lifted. Let's look at some discussion topics. What IT services will be the hardest to transfer? Can new IT equipment for Acme Orange be procured in a month during a time of conflict? Which services are likely to only have a SaaS offering and not enable on premises during times of conflicts? Could your company actually close a procurement request in a one-month timeline? If we believe we can transfer IT services and get the office up and running, we might look at our cyber team's role in providing recommendations to a new office that will be able to survive a time of turmoil. All laptops shall have Antivirus and EDR enabled from Microsoft. Since the Acme Orange office is isolated from the rest of the world, all firewalls will block IP traffic not originating from Orange. SSO and MFA will be required on all logins Backups will be routinely required. Note if you are really looking for effective strategies to mitigate cyber security incidents, we highly recommend the Australian Essential Eight.  We have a link in our show notes if you want more details. Additionally, the ACME Orange IT department will need to create its own Incident Response Plan (IRP).  One really good guide for building Cyber Incident Response Playbooks comes from the American Public Power Association.  (I'll put the link in our show notes.)  The IRP recommends creating incident templates that can be used for common attacks such as: Denial of Service (DoS) Malware Web Application Attack (SQL Injection, XSS, Directory Traversal, …) Cyber-Physical Attack Phishing Man in the middle attack Zero Day Exploit This Incident Response Template can identify helpful information such as Detection: Record how the attack was identified Reporting: Provide a list of POCs and contact information for the IT help desk to contact during an event Triage: List the activities that need to be performed during Incident Response.  Typically, teams follow the PICERL model.  (Preparation - Identification - Containment - Eradication - Recovery - Lessons Learned) Classification: Depending on the severity level of the event, identify additional actions that need to occur Communications: Identify how to notify local law enforcement, regulatory agencies, and insurance carriers during material cyber incidents.  Additionally describe the process on how communications will be relayed to customers, employees, media, and state/local leaders. As you can see, there is much that would have to be done in response to a nation state aggression or regional conflict that would likely fall in your lap.  If you didn't think about it before, you now have plenty of material to work with.  Figure out your own unique requirements, do some tabletop exercises where you identify your most relevant Orange and Blue future conflict, and practice, practice, practice.  We learned from COVID that companies that were well prepared with a disaster response plan rebranded as a pandemic response plan fared much better in the early weeks of the 2020 lockdown.  I know my office transitioned to remote work for over sixty consecutive weeks without any serious IT issues because we had a written plan and had practiced it.  Here's another one for you to add to your arsenal.  Take the time and be prepared -- you'll be a hero "when the bubble goes up."  (There -- you've learned an obscure term that nearly absent from a Google search but well-known in the Navy and the Marine Corps.) Okay, that's it for today's episode on Outrunning the Bear.  Let's recap: Know yourself Know what foreign adversaries want Know what information, processes, or people you need to protect Know the goals of state actors:steal targeting data collect foreign intelligence covert action Know how to establish a good communications plan (PACE)Primary Alternate Contingency Emergency Know how to get out of Dodge Know where to find private and government threat intelligence Know your quick wins for protectionremediate vulnerabilities implement MFA everywhere run current antivirus enable strong spam filters restrict top level domains disable vulnerable or unused ports and protocols strengthen cloud security Know how to partition your business logically to isolate your IT environments in the event of a sudden requirement. Thanks again for listening to CISO Tradecraft.  Please remember to like us on your favorite podcast provider and tell your peers about us.  Don't forget to follow us on LinkedIn too -- you can find our regular stream of low-noise, high-value postings.  This is your host G. Mark Hardy, and until next time, stay safe. References https://www.goodreads.com/quotes/17976-if-you-know-the-enemy-and-know-yourself-you-need https://en.wikipedia.org/wiki/There_are_known_knowns  https://www.cia.gov/about/mission-vision/  https://www.cybersecurity-insiders.com/ukraines-accounting-software-firm-refuses-to-take-cyber-attack-blame/  https://www.wired.com/story/notpetya-cyberattack-ukraine-russia-code-crashed-the-world/  https://www.nationalisacs.org/member-isacs-3  https://attack.mitre.org/groups/  https://data.iana.org/TLD/tlds-alpha-by-domain.txt  https://www.publicpower.org/system/files/documents/Public-Power-Cyber-Incident-Response-Playbook.pdf 

This hour Noah and Steve answer your questions, big picture mode on KDE, and living off-grid with solar panels!

Noah and Steve answer your NAS questions, follow-up on Z-Wave devices, and appropriate responses for unwanted drones!

Noah and Steve have recommended Z-Wave devices for home automation. What do you do when your home automation fails? What do you do when you suffer latency from streaming? Noah and Steve talk troubleshooting for your home network, and home automation.

The EFF has offered an opinion on the FAAs visual line of sight rule for Drones. What does this do for privacy? If the FAA makes a different recommendation on how they will enforce drone regulations. The EFF has also launched the Atlas of Surveillance, a publicly searchable crowdsourced database to see which tools law enforcement is using to spy on communities. -- During The Show -- 02:20 Wiping Hard drives? - Stephen DBAN Nwipe ShedOS All In One System Rescue Toolkit Destroy the drive 07:30 Whole BR rips? - Karel Just rip ISOs 12:00 Smart door lock? - Eddie Bluetooth locks are terrible Schlage ZWave Axis A1001 Shelly 1 Axis Door Phone 22:50 Remote Desktop Suggestion - Chris Apache Guacomole & Yggdrasil 25:15 Linux News Wire MX Linux 21.2 Make Use Of Tails 5.4 Tails Cemu 2.0 Gaming On Linux Upscayl Released Its Foss LibVF.IO Adds GVM Support Arc Compute LXQt Supports Sway Wayland Twitter Linux 6.1 Seg Fault Reporting Tech Radar RHEL 10 Eliminates GTK 2 Phoronix Free Quantum Computing Course Engineering.com PiCam Peta Pixel Capital One Joins OSSF Dark Reading Nutanix Breaks OSS License Open Source For U 27:00 Pick of the Week t2bot.io Bridges Matrix to other platforms Backwards compatibility Paid Synapse Service(EMS) Beeper 29:50 Gadget of the Week Star64 RISC-V SBC from Pine64 Fedora and Debian being ported to StarFive JH7110 Why use this? 37:40 Kernel 6.1 Tech Radar Linux 6.1 gets a new way to identify faulty CPUs Lots of updates 40:20 Drones Beyond Visual Line of Sight EFF FAA ARC Lots of Industry Privacy as a suggestion No Penalties for violations Didn't even want to have a privacy conversation BVLOS Drones are a privacy nightmare 47:00 Atlas of Surveillance EFF's Atlas of Surveillance EFF Press Release Police Ring Cam Program Body Cams Drones Automatic License Plate Readers -- The Extra Credit Section -- For links to the articles and material referenced in this week's episode check out this week's page from our podcast dashboard! This Episode's Podcast Dashboard Phone Systems for Ask Noah provided by Voxtelesys Join us in our dedicated chatroom #GeekLab:linuxdelta.com on Matrix -- Stay In Touch -- Find all the resources for this show on the Ask Noah Dashboard Ask Noah Dashboard Need more help than a radio show can offer? Altispeed provides commercial IT services and they're excited to offer you a great deal for listening to the Ask Noah Show. Call today and ask about the discount for listeners of the Ask Noah Show! Altispeed Technologies Contact Noah live [at] asknoahshow.com -- Twitter -- Noah - Kernellinux Ask Noah Show Altispeed Technologies Jupiter Broadcasting no Linux, howto, Ubuntu, Fedora, Red hat, Linux Servers, SysAdmin, community, ca

As we celebrate Episode 300 Noah and Steve dig into the difference in industry between 2017 when ANS launched and today. The landscape has changed considerably. Today people ask about Open Source, today people value interoperability.

How do you provide open source support to business who use FOSS in production? If you're using FOSS in production you need support. Noah and Steve dig into what it takes and how companies use supported FOSS software.

This hour we focus on your feedback, Kubernetes, audio interfaces, and of course your weekly Linux headlines!

Red Hat hints at its future direction, why realtime might finally come to Linux after all these years, and our reaction to Google's ambitious new programing language.

Red Hat hints at its future direction, why realtime might finally come to Linux after all these years, and our reaction to Google's ambitious new programing language.

Do you feel lost getting into home automation? This week Steve and Noah start from the beginning and give you a taste of what it takes to get a solid Home Automation system up and running!

This week we talk about things you want to be aware of before putting self hosted services on the wide open internet!

Philippe Humeau joins us this hour to talk about CrowdSec - an IDS/IPS that uses crowd sourced information to evaluate threats on your network!

This week we dig into containers and what it takes to get started working with them.

What do you do when your container crashes your host? Steve is back and we walk through this and other questions!

Troubleshooting is much more than solving problems. True troubleshooting is digging into the issue until you identify the root cause of the issue. This week we dig deep into the art of troubleshooting and give you some practical tips and ticks you can use

Rocket Chat is the newest member of the Matrix family! Yet another open source communication platform adopts Matrix as their standard for federation.

What do you need to get a redundant virtual host system setup using Proxmox? We help Tony through this situation, as well as answer your questions!

What precautions (if any) do you take when traveling with your electronics to another country or to a hacking conference? Noah and Steve dig into the idea of travel security. Your questions, our picks, it's a packed episode you don't want to miss!

This episode is focused on your feedback and your questions. Prebuilt NAS or custom built? Digital open source signage, and security camera recordings. We answer it all!

Rolling Rhino Remix is an un-official Ubuntu flavour which converts the Ubuntu operating system into a rolling release Linux distribution. This solves an age old problem of getting up to date software on Ubuntu.

We spend most of the hour on your questions and your feedback. Elon Musk purchases and promises to make the platform more open!

This week it's ALL feedback! We tackle your questions and your calls!

Fitbit announced their FDA approval to detect atrial fibrillation in their wearable. What privacy and security concerns does this pose and what can you do about it? We tackle your questions, plus the news! It's a packed week!

The Weaponization of Open Source is happening but does it enact real change or are we hurting the reputation of FOSS? We tackle your questions, your feedback and this question this week!

Erik Lietz, PE from Oakridge Engineering joins the Ask Noah Show this hour to discuss running an an engineering firm on Linux! Does it work perfectly? Does Linux leave something to be desired? We dig deep and discuss merits of running a business on FOSS

In episode 274 we introduced you to block storage, in this episode we build on that to talk about storage types, and using those storage types with NAS and SAN storage.

This week we take your questions then dig into the releases that are hot this week. KDE, Gnome, Pine64, and System76 all have something for you this week!

In addition to answering your questions, this week Noah and Steve give you some tips and tricks to getting started with a home lab!

This week we talk storage! The more we dig into this the deeper the hole goes. We start with an introduction and and overview but this one is likely to be a two or even three part series!

This week we tried to migrate our Matrix instance to our own data center, it didn't go well. We discuss our mistakes and what our next steps are. Your calls, your emails we cover it all in this episode!

In this episode we talk with Bitwarden to learn more about this open source password manager.

Improve your work environment by knowing yourself. How do you convince a customer or co-worker that their idea is a bad one? Google Analytics gets another blow from the Austrian government, SUSE announces Liberty Linux a RHEL clone.

You filled this hour with questions, we spent the hour answering them. From VLANS to point to point radios, this episode has something for everyone.

Moxie steps down as Signal CEO, Snapcraft gets a rework, and a developer courrupts NPM libraries Colors and Faker breaking thousands of apps. The crew of Altispeed joins this episode to answer questions and participate in the tech round table! -- The Extra Credit Section -- For links to the articles and material referenced in this week's episode check out this week's page from our podcast dashboard! This Episode's Podcast Dashboard Phone Systems for Ask Noah provided by Voxtelesys Join us in our dedicated chatroom #GeekLab:linuxdelta.com on Matrix -- Stay In Touch -- Find all the resources for this show on the Ask Noah Dashboard Ask Noah Dashboard Need more help than a radio show can offer? Altispeed provides commercial IT services and they're excited to offer you a great deal for listening to the Ask Noah Show. Call today and ask about the discount for listeners of the Ask Noah Show! Altispeed Technologies Contact Noah live [at] asknoahshow.com -- Twitter -- Noah - Kernellinux Ask Noah Show Altispeed Technologies Jupiter Broadcasting no Linux, howto, Ubuntu, Fedora, Red hat, Linux Servers, SysAdmin, community, call in, radio, VPN, Networking, Security, Privac