IPSec Initiator Public IP Change

Hello Guys

Does anyone of you know how the responder in an IPSEC Tunnel (Dynamic Mode) reacts when the public IP of the initiator suddenly changes its public IP address? Will it instantly build a new tunnel with the new public IP?

Maybe a bit more background information: We have a headquarter and a remote office. The remote office has two internet lines. If the primary line from provider 1 goes down, we switch the uplink modem to provider 2. (Physically plug cable from provider 1 to WAN1 on our Firewall out, and plug the cable from provider 2 to WAN1 in. The configuration is the same, so no issues there. (I know there are other ways to do it). The IPSec tunnel is configured in dynamic mode, so the public IP change itself is not the problem. The thing is, I don't know how the responder site will react if the IP of the initiator changes abruptly. Does anyone have experience with this?

Thanks and best regards

Badabuum Badabang 😉

Touch here for the full post on Network Security Noblemen tumblr

Steps to take following Sec+

I’m currently studying for the Sec+ and do not have a college degree (I graduated about a year ago and absolutely hate school, however I’m a very diligent student when it comes to things that interest me)

I’m about at about an intermediate level with python and have recently got more into the security side of things.

My main question is what kind jobs should I be looking for or what should my next task be once I complete the Sec+. I know it’s an entry level cert and would be financially be capable of studying for another certification following the Sec+ versus immediately entering the workforce if that would be more beneficial, but I really don’t know.

Any input is greatly appreciated!

Touch here for the full post on Network Security Noblemen tumblr

What are clouds really made of?

Cloud computing has two meanings. The most common refers to running workloads remotely over the internet in a commercial provider’s data center, also known as the “public cloud” model. Popular public cloud offerings—such as Amazon Web Services (AWS), Salesforce’s CRM system, and Microsoft Azure—all exemplify this familiar notion of cloud computing. Today, most businesses take a multicloud approach, which simply means they use more than one public cloud service.

The second meaning of cloud computing describes how it works: a virtualized pool of resources, from raw compute power to application functionality, available on demand. When customers procure cloud services, the provider fulfills those requests using advanced automation rather than manual provisioning. The key advantage is agility: the ability to apply abstracted compute, storage, and network resources to workloads as needed and tap into an abundance of prebuilt services.

Learn what IaaS is

(infrastructure as a service), what is PaaS (platform as a service), and what is SaaS (software as a service). | Get ready for the latest trend in cloud computing: What is multicloud? The next step in cloud computing.]

The public cloud lets customers gain new capabilities without investing in new hardware or software. Instead, they pay their cloud provider a subscription fee or pay for only the resources they use. Simply by filling in web forms, users can set up accounts and spin up virtual machines or provision new applications. More users or computing resources can be added on the fly—the latter in real time as workloads demand those resources thanks to a feature known as autoscaling.

What are clouds really made of?

Cloud computing definitions for each type Other cloud computing considerations Benefits of cloud computing Cloud computing definitions for each type The array of available cloud computing services is vast, but most fall into one of the following categories.

SaaS (software as a service)

This type of public cloud computing delivers applications over the internet through the browser. The most popular SaaS applications for business can be found in Google’s G Suite and Microsoft’s Office 365; among enterprise applications, Salesforce leads the pack. But virtually all enterprise applications, including ERP suites from Oracle and SAP, have adopted the SaaS model. Typically, SaaS applications offer extensive configuration options as well as development environments that enable customers to code their own modifications and additions.

IaaS (infrastructure as a service)

At a basic level, IaaS public cloud providers offer storage and compute services on a pay-per-use basis. But the full array of services offered by all major public cloud providers is staggering: highly scalable databases, virtual private networks, big data analytics, developer tools, machine learning, application monitoring, and so on. Amazon Web Services was the first IaaS provider and remains the leader, followed byMicrosoft Azure, Google Cloud Platform, and IBM Cloud.

[ InfoWorld helps you identify the right tools for the job: AWS cloud services guide. • Microsoft Azure services guide. • Google Cloud Platform services guide. • IBM Cloud services guide. ] PaaS (platform as a service) definition PaaS provides sets of services and workflows that specifically target developers, who can use shared tools, processes, and APIs to accelerate the development, testing, and deployment of applications. Salesforce’s Heroku and Force.com are popular public cloud PaaS offerings; Pivotal’s Cloud Foundry and Red Hat’s OpenShift can be deployed on premises or accessed through the major public clouds. For enterprises, PaaS can ensure that developers have ready access to resources, follow certain processes, and use only a specific array of services, while operators maintain the underlying infrastructure.

FaaS (functions as a service)

FaaS, the cloud version of serverless computing, adds another layer of abstraction to PaaS, so that developers are completely insulated from everything in the stack below their code. Instead of futzing with virtual servers, containers, and application runtimes, they upload narrowly functional blocks of code, and set them to be triggered by a certain event (such as a form submission or uploaded file). All the major clouds offer FaaS on top of IaaS: AWS Lambda, Azure Functions, Google Cloud Functions, and IBM OpenWhisk. A special benefit of FaaS applications is that they consume no IaaS resources until an event occurs, reducing pay-per-use fees.

Private cloud definition

A private cloud downsizes the technologies used to run IaaS public clouds into software that can be deployed and operated in a customer’s data center. As with a public cloud, internal customers can provision their own virtual resources to build, test, and run applications, with metering to charge back departments for resource consumption. For administrators, the private cloud amounts to the ultimate in data center automation, minimizing manual provisioning and management. VMware’s Software Defined Data Center stack is the most popular commercial private cloud software, while OpenStack is the open source leader.

Note, however, that the private cloud does not fully conform to the definition of cloud computing. Cloud computing is a service. A private cloud demands that an organization build and maintain its own underlying cloud infrastructure; only internal users of a private cloud experience it as a cloud computing service.

Hybrid cloud definition

A hybrid cloud is the integration of a private cloud with a public cloud. At its most developed, the hybrid cloud involves creating parallel environments in which applications can move easily between private and public clouds. In other instances, databases may stay in the customer data center and integrate with public cloud applications—or virtualized data center workloads may be replicated to the cloud during times of peak demand. The types of integrations between private and public cloud vary widely, but they must be extensive to earn a hybrid cloud designation.

Public APIs (application programming interfaces) definition

Just as SaaS delivers applications to users over the internet, public APIsoffer developers application functionality that can be accessed programmatically. For example, in building web applications, developers often tap into Google Maps’s API to provide driving directions; to integrate with social media, developers may call upon APIs maintained by Twitter, Facebook, or LinkedIn. Twilio has built a successful business dedicated to delivering telephony and messaging services via public APIs. Ultimately, any business can provision its own public APIs to enable customers to consume data or access application functionality.

iPaaS (integration platform as a service) definition

Data integration is a key issue for any sizeable company, but particularly for those that adopt SaaS at scale. iPaaS providers typically offer prebuilt connectors for sharing data among popular SaaS applications and on-premises enterprise applications, though providers may focus more or less on B-to-B and e-commerce integrations, cloud integrations, or traditional SOA-style integrations. iPaaS offerings in the cloud from such providers as Dell Boomi, Informatica, MuleSoft, and SnapLogic also let users implement data mapping, transformations, and workflows as part of the integration-building process.

IDaaS (identity as a service) definition

The most difficult security issue related to cloud computing is the management of user identity and its associated rights and permissions across private data centers and pubic cloud sites. IDaaS providers maintain cloud-based user profiles that authenticate users and enable access to resources or applications based on security policies, user groups, and individual privileges. The ability to integrate with various directory services (Active Directory, LDAP, etc.) and provide is essential. Okta is the clear leader in cloud-based IDaaS; CA, Centrify, IBM, Microsoft, Oracle, and Ping provide both on-premises and cloud solutions.

Collaboration platforms

Collaboration solutions such as Slack, Microsoft Teams, and HipChat have become vital messaging platforms that enable groups to communicate and work together effectively. Basically, these solutions are relatively simple SaaS applications that support chat-style messaging along with file sharing and audio or video communication. Most offer APIs to facilitate integrations with other systems and enable third-party developers to create and share add-ins that augment functionality.

Vertical clouds

Key providers in such industries as financial services, health care, retail, life sciences, and manufacturing provide PaaS clouds to enable customers to build vertical applications that tap into industry-specific, API-accessible services. Vertical clouds can dramatically reduce the time to market for vertical applications and accelerate domain-specific B-to-B integrations. Most vertical clouds are built with the intent of nurturing partner ecosystems.

Other cloud computing considerations

The most widely accepted definition of cloud computing means that you run your workloads on someone else’s servers, but this is not the same as outsourcing. Virtual cloud resources and even SaaS applications must be configured and maintained by the customer. Consider these factors when planning a cloud initiative.

Cloud computing security considerations

Objections to the public cloud generally begin with cloud security, although the major public clouds have proven themselves much less susceptible to attack than the average enterprise data center.

Of greater concern is the integration of security policy and identity management between customers and public cloud providers. In addition, government regulation may forbid customers from allowing sensitive data off premises. Other concerns include the risk of outages and the long-term operational costs of public cloud services.

Multicloud management considerations

The bar to qualify as a multicloud adopter is low: A customer just needs to use more than one public cloud service. However, depending on the number and variety of cloud services involved, managing multiple cloudscan become quite complex from both a cost optimization and technology perspective.

In some cases, customers subscribe to multiple cloud service simply to avoid dependence on a single provider. A more sophisticated approach is to select public clouds based on the unique services they offer and, in some cases, integrate them. For example, developers might want to use Google’s TensorFlow machine learning service on Google Cloud Platform to build machine-learning-enabled applications, but prefer Jenkins hosted on the CloudBees platform for continuous integration.

To control costs and reduce management overhead, some customers opt for cloud management platforms (CMPs) and/or cloud service brokers (CSBs), which let you manage multiple clouds as if they were one cloud. The problem is that these solutions tend to limit customers to such common-denominator services as storage and compute, ignoring the panoply of services that make each cloud unique.

Edge computing considerations You often see edge computing described as an alternative to cloud computing. But it is not. Edge computing is about moving local computing to local devices in a highy distributed system, typically as a layer around a cloud computing core. There is typically a cloud involved to orchestrate all the devices and take in their data, then analyze it or otherwise act on it.

Benefits of cloud computing The cloud’s main appeal is to reduce the time to market of applications that need to scale dynamically. Increasingly, however, developers are drawn to the cloud by the abundance of advanced new services that can be incorporated into applications, from machine learning to internet of things (IoT) connectivity.

Although businesses sometimes migrate legacy applications to the cloud to reduce data center resource requirements, the real benefits accrue to new applications that take advantage of cloud services and “cloud native” attributes. The latter include microservices architecture, Linux containersto enhance application portability, and container management solutions such as Kubernetes that orchestrate container-based services. Cloud-native approaches and solutions can be part of either public or private clouds and help enable highly efficient devops-style workflows.

Cloud computing, public or private, has become the platform of choice for large applications, particularly customer-facing ones that need to change frequently or scale dynamically. More significantly, the major public clouds now lead the way in enterprise technology development, debuting new advances before they appear anywhere else. Workload by workload, enterprises are opting for the cloud, where an endless parade of exciting new technologies invite innovative use.

Source: https://itblogr.com/what-are-clouds-really-made-of/

Touch here for the full post on Network Security Noblemen tumblr

Mcafee Institute Review?

Found their offerings, they all look good on the surface. Googling found dated reviews that suggested them to be questionable (paid reviews which is fine, they all do it) but I think that might have just been because of the name and how new they were at the time. So, anyone have recent experience with them? Have any hiring managers seen these courses on resumes yet? Thank you in advance!

They are NOT affiliated with John McAfee or McAfee security (Intel) that I was able to find

Touch here for the full post on Network Security Noblemen tumblr

Powershell logging for MSP

I work at a MSP, and am trying to go down the road if increasing security and system auditing for our clients. I am limited to what I can get our RMM to do and what I can script.

I'm in the process of scripting a LAPS like process to set a unique local admin password as well as documenting it in our documentation system via a Powershell accessible API. I'm also looking into enabling script block logging and module logging. And here is where I run into problems.

I've taken care to hide the API keys and passwords that the script runs so they aren't visible in the script block logging, but the module logging exposes this privileged and private information. Restricting admin access and locking down the powershell event logs are not a possible solution for us to implement across it client base.

Are there ways to exclude specific powershell modules from logging their details and leave everything else in place, or will I just need to live with solely using script block logging and disabling module logging? Or is there a third option I've not considered?


Touch here for the full post on Network Security Noblemen tumblr

reading material on SSDLC and Product Security

I have recently taken a new job. I have years of experience in security but mostly in IAM/PAM. And I do development in the side so I know what SDLC is.

I know what SSDLC and Product Security means and have a good idea of what it entails/requires but I want to do some studying before I start.

I was hoping folks could share some of their favorite articles on them for me to read/digest. Plus, this will help me make sure my understanding of them is the same as everyone else's.

Based on the job description and the conversation I had with the hiring manager I know I will succeed in the role but I want to kick-ass which is why I want to study a little before to hone my knowledge.

Any help is greatly appreciated.

Touch here for the full post on Network Security Noblemen tumblr

Weighing early SOC career options

I have the opportunity to take a soc consulting gig in the bay area, the only problem is, I wouldn't be paid while on the bench. My first project would be for a year with the option of being extended or hired by the client or new project. My question is, if I want my career to take off, what type of SOC gig would get me on the right path. I refuse to work for an MSSP, and so far in my internal soc gig in Dallas (less than 2 years), I've realized that I've outgrown the environment and am no longer learning on the job. Long term I want to have a more specialized cyber role, I just haven't narrowed down which area I want to specialize in. Ask any questions necessary. Thanks for any opinions/advice in advance.

Touch here for the full post on Network Security Noblemen tumblr

Supplementary text book for GCIA certification


I am going to start this GCIA on demand class in the next couple months. I read that some people bring additional text books to the test, such as The TCPIP guide. Would it be a good idea to get this book, or something more up to date? Such as:

Internetworking with TCPIP 6th ed

Practical packet analysis

TCPIP Illustrated

TCPIP network administration 3rd ed

Touch here for the full post on Network Security Noblemen tumblr