So, let’s assume that you are in an international company and the first and only security person. What are your first steps and projects? It is like really vague, but I’d assume like a SIEM, inventory of the network and all devices, backup situation, maybe even honeypots?

What are your high-prio things that every company should have? Is there even a framework for it?

Feeling kinda lost and I hope you get some guidance in the right direction.

Testing a few CTF platforms to learn more about pentesting. It is interesting, but the learning curve is quite steep.

Same here

Currently using HedgeDoc for taking notes, but it is lacking some features, so I am trying to find and host some alternatives and compare them. And I hope I can find some time to play with my Flipper Zero…

I want to get into Ansible and I am building a testing env for it - home lab with various switches and routers, Fortinet, Palo, and a proxmox host server and some remote VPS. One of my goals for Q1 '24. Today I am going to prep the switches.

Besides that, I want to host my own NFTY server and I hope that I can get it online within this week.

I am currently transitioning into a Security role at work. One question would be: what are the must-have tools for every blue team?

• Vuln-Scanner
• Logging/ SIEM-Server
• …

Learning things about Wireguard and implement it to secure my internet facing servers.

The ISPs are slow to answer if there is no active outage. Will take some time anyway.

Packets are dropped in bot directions. I am currently looking through the pcaps and will do another stress test later - got another window. MTU/MSS is the prio today.

Added the Update 2. Still some things to do, but we know a little bit more now. Feedback and questions are still welcome.

Ping - Update 2 Your numbers are are still missing since I havent had time to look into the pcaps yet. I hope I can get it done by the end of the week, but we are a little bit wiser.

Ping - Update 2

Thank you Jerry!

Not yet. Just got access to the test clients and I have planned to do a troubleshooting session tomorrow in the morning. Not a big fan of stress testing the network on a working day haha

Getting a pcap of another client could bring some insight, yeah.

SSH is used for the data transfer. Without knowing it at this moment, I’d assume scp or rsync. You mean whether all their internet traffic is routed through the active SSH session?

Fairly new too - why wouldn’t you be able to answer if the post is set to ‘Undetermined’. Haven’t had any issues yet.

Gotcha! - I thought Wireguard might has some logging features that could provide some insights. Thank you.

Not yet. Wouldn’t expect it tbh, but you’ll never know. How would you utilize Wirehuard for it? I’d like to hear more about it.

Valid question. We’ve checked it multiple times, on the client and via monitoring that it is 10 Mbits. Thank you.