Jump to content
NotebookTalk

Hackers suck


Meaker

Recommended Posts

About 25% rebuilding the network of a company that seems to be made up of decent people. I was just going to help out cover their desk but noooo sucky people have to suck. No time for me to play elden ring now 😞

  • Bump 2

Sager NP9877

Hybrid Watercooled setup, D5 pump with dual 140MM fans integrated into custom stand. All controlled via temp outputs from GPU and CPU.

17.3" 1440p 120Hz display

9900KS @ 4.7Ghz All core, delid with rockit IHS, liquid metal

RTX 3070 @ 180W shunt mod, liquid metal

3000Mhz DDR4 CL14

1TB SM961 SSD

Dual 330W PSU 

Link to comment
Share on other sites

Ouch, Network rebuilds are a pain at best, nice to see you back though bud!

 

Might be time to let them sucky people go.

{Main Laptop:} PCS Recoil 17.3" (Clevo X170KM-G)

Spoiler

{CPU:} Intel i7 11700K

{RAM:} 2x 16GB DDR4 Crucial 3200MT/s

{GPU:} Nvidia RTX 3070 Mobile
{Screen:} BOE NE173QHM-NY2 165hz 1440p

{Storage:} WD SN850X 4TB (Data/ShadowPlay/UserProfile), WD SN770 in 1TB (OS), 2TB WD SN770(Firmware/Drivers/Junk) and 2TB WD 850X (Games)

{OS:} Windows 11 Pro

Benchmarks:

{TimeSpy}: Normal Extreme  {Firestrike}: Normal Extreme {Port Royle}Result

Realtek Nahimic 3 Modded Driver for MSI Systems:Latest
 

Link to comment
Share on other sites

At least at the end they are going to have a much hardened network (not just perimeter firewall but internal separation too), better AD structure and group policies along with azure machine deployments and MFA.

 

Should hopefully avoid it happening again.

  • Thumb Up 1
  • Like 1

Sager NP9877

Hybrid Watercooled setup, D5 pump with dual 140MM fans integrated into custom stand. All controlled via temp outputs from GPU and CPU.

17.3" 1440p 120Hz display

9900KS @ 4.7Ghz All core, delid with rockit IHS, liquid metal

RTX 3070 @ 180W shunt mod, liquid metal

3000Mhz DDR4 CL14

1TB SM961 SSD

Dual 330W PSU 

Link to comment
Share on other sites

Nah, known group.

  • Thumb Up 1
  • Haha 1

Sager NP9877

Hybrid Watercooled setup, D5 pump with dual 140MM fans integrated into custom stand. All controlled via temp outputs from GPU and CPU.

17.3" 1440p 120Hz display

9900KS @ 4.7Ghz All core, delid with rockit IHS, liquid metal

RTX 3070 @ 180W shunt mod, liquid metal

3000Mhz DDR4 CL14

1TB SM961 SSD

Dual 330W PSU 

Link to comment
Share on other sites

With it being a known group, i take it is a full intrusion of the network? or are they simply DDOS'ing the hell out of it?

 

The thing is you can go all in and fancy with security however the one thing you can't upgrade is the weakest part of the link.

Its one reason why i am now reverse proxying alot of my services now as the more ports opened on router/firewall the bigger the target is for getting attacked.

 

The fact your using AD and Azure means your above my pay grade and have better knowledge of networking then me for sure.

But if it was me and it was a known threat actor i would troll the hell out of the them with an SSH terminal that would take years to fully load.

 

Might be wise to put a honey pot on the network too.

{Main Laptop:} PCS Recoil 17.3" (Clevo X170KM-G)

Spoiler

{CPU:} Intel i7 11700K

{RAM:} 2x 16GB DDR4 Crucial 3200MT/s

{GPU:} Nvidia RTX 3070 Mobile
{Screen:} BOE NE173QHM-NY2 165hz 1440p

{Storage:} WD SN850X 4TB (Data/ShadowPlay/UserProfile), WD SN770 in 1TB (OS), 2TB WD SN770(Firmware/Drivers/Junk) and 2TB WD 850X (Games)

{OS:} Windows 11 Pro

Benchmarks:

{TimeSpy}: Normal Extreme  {Firestrike}: Normal Extreme {Port Royle}Result

Realtek Nahimic 3 Modded Driver for MSI Systems:Latest
 

Link to comment
Share on other sites

On 4/7/2022 at 1:46 AM, solidus1983 said:

With it being a known group, i take it is a full intrusion of the network? or are they simply DDOS'ing the hell out of it?

 

The thing is you can go all in and fancy with security however the one thing you can't upgrade is the weakest part of the link.

Its one reason why i am now reverse proxying alot of my services now as the more ports opened on router/firewall the bigger the target is for getting attacked.

 

The fact your using AD and Azure means your above my pay grade and have better knowledge of networking then me for sure.

But if it was me and it was a known threat actor i would troll the hell out of the them with an SSH terminal that would take years to fully load.

 

Might be wise to put a honey pot on the network too.

 

It was an intrusion, they even got into the hosts and datastores.

 

What you can do is limit access and damage if someone is compromised. Sure maybe a file share gets hit but with secure documentation and an internal firewall (not just a perimeter firewall) you can separate machines on the network properly and just restore from a backup if someone is compromised.


Things like MFA (multi factor authentication) will also help stop that in the first place.

 

It's a bit of a pain in the ass to set up and get it all right, and takes a bit more work for say Devs who want to run a new app but it's way better than rebuilding the network from almost scratch.

  • Thumb Up 1

Sager NP9877

Hybrid Watercooled setup, D5 pump with dual 140MM fans integrated into custom stand. All controlled via temp outputs from GPU and CPU.

17.3" 1440p 120Hz display

9900KS @ 4.7Ghz All core, delid with rockit IHS, liquid metal

RTX 3070 @ 180W shunt mod, liquid metal

3000Mhz DDR4 CL14

1TB SM961 SSD

Dual 330W PSU 

Link to comment
Share on other sites

18 hours ago, Meaker said:

 

It was an intrusion, they even got into the hosts and datastores.

 

What you can do is limit access and damage if someone is compromised. Sure maybe a file share gets hit but with secure documentation and an internal firewall (not just a perimeter firewall) you can separate machines on the network properly and just restore from a backup if someone is compromised.


Things like MFA (multi factor authentication) will also help stop that in the first place.

 

It's a bit of a pain in the ass to set up and get it all right, and takes a bit more work for say Devs who want to run a new app but it's way better than rebuilding the network from almost scratch.

 

That does sound like a right nightmare, totally agree with how your working on a solution for it though. Yep Dev's might complain however Data security is and should be paramount. 

 

I take it your also going down the vlan route too to isolate the network futher with firewalls on top. It something i have done for my Private and Guest Networks using vlan's to split them and then using the firewall to then make sure they can't communicate between networks or in case of the guest network no even the clients connected to it. Which reminds me i still have the IOT stuff to get ready for complete isolation as well. 

 

As for your backup point, that only really works if said backup is offsite and also doesn't get compromised.

{Main Laptop:} PCS Recoil 17.3" (Clevo X170KM-G)

Spoiler

{CPU:} Intel i7 11700K

{RAM:} 2x 16GB DDR4 Crucial 3200MT/s

{GPU:} Nvidia RTX 3070 Mobile
{Screen:} BOE NE173QHM-NY2 165hz 1440p

{Storage:} WD SN850X 4TB (Data/ShadowPlay/UserProfile), WD SN770 in 1TB (OS), 2TB WD SN770(Firmware/Drivers/Junk) and 2TB WD 850X (Games)

{OS:} Windows 11 Pro

Benchmarks:

{TimeSpy}: Normal Extreme  {Firestrike}: Normal Extreme {Port Royle}Result

Realtek Nahimic 3 Modded Driver for MSI Systems:Latest
 

Link to comment
Share on other sites

6 hours ago, solidus1983 said:

 

That does sound like a right nightmare, totally agree with how your working on a solution for it though. Yep Dev's might complain however Data security is and should be paramount. 

 

I take it your also going down the vlan route too to isolate the network futher with firewalls on top. It something i have done for my Private and Guest Networks using vlan's to split them and then using the firewall to then make sure they can't communicate between networks or in case of the guest network no even the clients connected to it. Which reminds me i still have the IOT stuff to get ready for complete isolation as well. 

 

As for your backup point, that only really works if said backup is offsite and also doesn't get compromised.

 

Their final step is off site tape backups and a physical backup server that's going to be nicely isolated too. VLAN assignments are part of having an internal firewall and segmenting the network, so yep that's being locked down too.

  • Thumb Up 1

Sager NP9877

Hybrid Watercooled setup, D5 pump with dual 140MM fans integrated into custom stand. All controlled via temp outputs from GPU and CPU.

17.3" 1440p 120Hz display

9900KS @ 4.7Ghz All core, delid with rockit IHS, liquid metal

RTX 3070 @ 180W shunt mod, liquid metal

3000Mhz DDR4 CL14

1TB SM961 SSD

Dual 330W PSU 

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue. Terms of Use