Meaker Posted April 3, 2022 Share Posted April 3, 2022 About 25% rebuilding the network of a company that seems to be made up of decent people. I was just going to help out cover their desk but noooo sucky people have to suck. No time for me to play elden ring now 😞 2 Louqe Ghost S1 case (Top hat and bottom extension) Nvidia RTX 4070 MSI twin fan 32" MSI 4k 160HZ IPS display AMD Ryzen 7 7700 cooled via Thermalright 240mm AIO 32GB (2x16) DDR5 6000 CL38 @ 6400 CL38, 1:1 mem controller, 2166Mhz F clock Asrock A620I Lighting motherboard 1TB SM961 nvme SSD + 2TB SN770 nvme 500W Silverstone SFX-L PSU Link to comment Share on other sites More sharing options...
solidus1983 Posted April 3, 2022 Share Posted April 3, 2022 Ouch, Network rebuilds are a pain at best, nice to see you back though bud!  Might be time to let them sucky people go. {Main System:} The Beast Spoiler {Cooling:} Corsair H170i Elite {Mainboard:} Asrock X670E Pro {CPU/GPU:} AMD Ryzen R9 7900x3D / AMD RX 7900 XTX (Asrock Phantom) {RAM/Storage:} 2x 16GB DDR5 Corsair Vengeance 6400MT/s , 13TB WDD SN850X 2x4TB, 2x 2TB, 1x 1TB {PSU/Case:} Corsair RM 1000x V2, Corsair 7000D Airflow (Black) {OS:} Windows 11 Pro  Realtek Nahimic 3 Modded Driver for MSI Systems:Latest  Link to comment Share on other sites More sharing options...
Meaker Posted April 3, 2022 Author Share Posted April 3, 2022 At least at the end they are going to have a much hardened network (not just perimeter firewall but internal separation too), better AD structure and group policies along with azure machine deployments and MFA. Â Should hopefully avoid it happening again. 1 1 Louqe Ghost S1 case (Top hat and bottom extension) Nvidia RTX 4070 MSI twin fan 32" MSI 4k 160HZ IPS display AMD Ryzen 7 7700 cooled via Thermalright 240mm AIO 32GB (2x16) DDR5 6000 CL38 @ 6400 CL38, 1:1 mem controller, 2166Mhz F clock Asrock A620I Lighting motherboard 1TB SM961 nvme SSD + 2TB SN770 nvme 500W Silverstone SFX-L PSU Link to comment Share on other sites More sharing options...
Reciever Posted April 4, 2022 Share Posted April 4, 2022 no chance at it being a nefarious actor in that company? Â Telegram / TS3 /Â Twitter 2700X to 5800X3D upgrade! With a 10850K cameo! Â Link to comment Share on other sites More sharing options...
Meaker Posted April 4, 2022 Author Share Posted April 4, 2022 Nah, known group. 1 1 Louqe Ghost S1 case (Top hat and bottom extension) Nvidia RTX 4070 MSI twin fan 32" MSI 4k 160HZ IPS display AMD Ryzen 7 7700 cooled via Thermalright 240mm AIO 32GB (2x16) DDR5 6000 CL38 @ 6400 CL38, 1:1 mem controller, 2166Mhz F clock Asrock A620I Lighting motherboard 1TB SM961 nvme SSD + 2TB SN770 nvme 500W Silverstone SFX-L PSU Link to comment Share on other sites More sharing options...
solidus1983 Posted April 7, 2022 Share Posted April 7, 2022 With it being a known group, i take it is a full intrusion of the network? or are they simply DDOS'ing the hell out of it?  The thing is you can go all in and fancy with security however the one thing you can't upgrade is the weakest part of the link. Its one reason why i am now reverse proxying alot of my services now as the more ports opened on router/firewall the bigger the target is for getting attacked.  The fact your using AD and Azure means your above my pay grade and have better knowledge of networking then me for sure. But if it was me and it was a known threat actor i would troll the hell out of the them with an SSH terminal that would take years to fully load.  Might be wise to put a honey pot on the network too. {Main System:} The Beast Spoiler {Cooling:} Corsair H170i Elite {Mainboard:} Asrock X670E Pro {CPU/GPU:} AMD Ryzen R9 7900x3D / AMD RX 7900 XTX (Asrock Phantom) {RAM/Storage:} 2x 16GB DDR5 Corsair Vengeance 6400MT/s , 13TB WDD SN850X 2x4TB, 2x 2TB, 1x 1TB {PSU/Case:} Corsair RM 1000x V2, Corsair 7000D Airflow (Black) {OS:} Windows 11 Pro  Realtek Nahimic 3 Modded Driver for MSI Systems:Latest  Link to comment Share on other sites More sharing options...
Meaker Posted April 10, 2022 Author Share Posted April 10, 2022 On 4/7/2022 at 1:46 AM, solidus1983 said: With it being a known group, i take it is a full intrusion of the network? or are they simply DDOS'ing the hell out of it? Â The thing is you can go all in and fancy with security however the one thing you can't upgrade is the weakest part of the link. Its one reason why i am now reverse proxying alot of my services now as the more ports opened on router/firewall the bigger the target is for getting attacked. Â The fact your using AD and Azure means your above my pay grade and have better knowledge of networking then me for sure. But if it was me and it was a known threat actor i would troll the hell out of the them with an SSH terminal that would take years to fully load. Â Might be wise to put a honey pot on the network too. Â It was an intrusion, they even got into the hosts and datastores. Â What you can do is limit access and damage if someone is compromised. Sure maybe a file share gets hit but with secure documentation and an internal firewall (not just a perimeter firewall) you can separate machines on the network properly and just restore from a backup if someone is compromised. Things like MFA (multi factor authentication) will also help stop that in the first place. Â It's a bit of a pain in the ass to set up and get it all right, and takes a bit more work for say Devs who want to run a new app but it's way better than rebuilding the network from almost scratch. 1 Louqe Ghost S1 case (Top hat and bottom extension) Nvidia RTX 4070 MSI twin fan 32" MSI 4k 160HZ IPS display AMD Ryzen 7 7700 cooled via Thermalright 240mm AIO 32GB (2x16) DDR5 6000 CL38 @ 6400 CL38, 1:1 mem controller, 2166Mhz F clock Asrock A620I Lighting motherboard 1TB SM961 nvme SSD + 2TB SN770 nvme 500W Silverstone SFX-L PSU Link to comment Share on other sites More sharing options...
solidus1983 Posted April 11, 2022 Share Posted April 11, 2022 18 hours ago, Meaker said:  It was an intrusion, they even got into the hosts and datastores.  What you can do is limit access and damage if someone is compromised. Sure maybe a file share gets hit but with secure documentation and an internal firewall (not just a perimeter firewall) you can separate machines on the network properly and just restore from a backup if someone is compromised. Things like MFA (multi factor authentication) will also help stop that in the first place.  It's a bit of a pain in the ass to set up and get it all right, and takes a bit more work for say Devs who want to run a new app but it's way better than rebuilding the network from almost scratch.  That does sound like a right nightmare, totally agree with how your working on a solution for it though. Yep Dev's might complain however Data security is and should be paramount.  I take it your also going down the vlan route too to isolate the network futher with firewalls on top. It something i have done for my Private and Guest Networks using vlan's to split them and then using the firewall to then make sure they can't communicate between networks or in case of the guest network no even the clients connected to it. Which reminds me i still have the IOT stuff to get ready for complete isolation as well.  As for your backup point, that only really works if said backup is offsite and also doesn't get compromised. {Main System:} The Beast Spoiler {Cooling:} Corsair H170i Elite {Mainboard:} Asrock X670E Pro {CPU/GPU:} AMD Ryzen R9 7900x3D / AMD RX 7900 XTX (Asrock Phantom) {RAM/Storage:} 2x 16GB DDR5 Corsair Vengeance 6400MT/s , 13TB WDD SN850X 2x4TB, 2x 2TB, 1x 1TB {PSU/Case:} Corsair RM 1000x V2, Corsair 7000D Airflow (Black) {OS:} Windows 11 Pro  Realtek Nahimic 3 Modded Driver for MSI Systems:Latest  Link to comment Share on other sites More sharing options...
Meaker Posted April 11, 2022 Author Share Posted April 11, 2022 6 hours ago, solidus1983 said:  That does sound like a right nightmare, totally agree with how your working on a solution for it though. Yep Dev's might complain however Data security is and should be paramount.  I take it your also going down the vlan route too to isolate the network futher with firewalls on top. It something i have done for my Private and Guest Networks using vlan's to split them and then using the firewall to then make sure they can't communicate between networks or in case of the guest network no even the clients connected to it. Which reminds me i still have the IOT stuff to get ready for complete isolation as well.  As for your backup point, that only really works if said backup is offsite and also doesn't get compromised.  Their final step is off site tape backups and a physical backup server that's going to be nicely isolated too. VLAN assignments are part of having an internal firewall and segmenting the network, so yep that's being locked down too. 1 Louqe Ghost S1 case (Top hat and bottom extension) Nvidia RTX 4070 MSI twin fan 32" MSI 4k 160HZ IPS display AMD Ryzen 7 7700 cooled via Thermalright 240mm AIO 32GB (2x16) DDR5 6000 CL38 @ 6400 CL38, 1:1 mem controller, 2166Mhz F clock Asrock A620I Lighting motherboard 1TB SM961 nvme SSD + 2TB SN770 nvme 500W Silverstone SFX-L PSU Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now