Cryptocurrency is such an amazing thing and has huge benefits and long term ramifications. Sending a form of money that is universally accepted with almost no transaction fees is a way to break free from government's control of a commodity and returns us to a more trade-central idea of exchange between individuals. This is why I got into bitcoin back in late 2010.
At that time I just heard of bitcoin, it was about a year old. It took me a while to figure out how the system worked and how to mine. By early 2011, I had successfully earned 2 BTC. At the time, the lack of systems and goods to trade these items for, resulted in my just giving them away.
Flash forward to 2013. Bitcoin is on the rise, hitting $800+ mark per coin. Man, did I ever regret giving away those coins, but that is the way life goes. Kinda like all those people who wished they had invested in Microsoft and Apple.
As the value took off, I considered buying a Butterfly Labs machine, talked it over with the wife, and were considering the purchase. As I was evaluating pro's and con's, I discovered that the waiting list for devices was extremely long, resulting in close to a one year wait. (Little did I know, I just avoided my first scam). Disappointed, another missed opportunity passed me by, but then I heard of Litecoin. Excited, I dove into the world of scrypt coins and discovering why they were a great alternative to bitcoins. The algorithm was designed to prevent ASIC (Application Specific Integrated Chips) from ever being used, as they were on bitcoins SHA-256d.
I started off with my video card and earned my first Litecoins and I was so excited as more followed. I ended up with about 16 LTC, but then prices dove and I panicked sold. 3 months later, prices were up to $40, when I sold them for $1.60 each. Lesson learned: hold!!!
About this time I heard of a new cryptocurrency, called Dogecoin. I joined three days after announcement and soon had a big stash held up. At this time ASIC for scrypt were announced and I pre-purchased a 1 MH/s device from Zeusminer and was excited when it arrived. It freed up the work on my video card and I was hooked. I ended up with a 28 MH/s unit for free as I did a security analysis on Zeusminers website and gave them the report. They were so thankful that they sent me a free unit. It took me 6 months to get it up and working perfectly, which turned out to be my issue with the power supplies and how I was plugging them in. I ended up with a few more ASIC's along the way. A 14 MH/s unit from Zeusminer, a small Gridseed, and a large 24 MH/s unit from Gridseed.
I have a great wife who let me spend about $100-200 on electricity a month for this as we were hoping to add an alternate form of income while I attended school full-time.
During this time I got involved with GAW Miners cloud mining systems and started racking up numbers with them, figuring I was diversifying my portfolio of crypto. I also had a bit of holding with Zeusminers cloud mining services as well.
GAW announced a new coin called Paycoin, and that it was to be honored by them at $20. I was excited but still a bit cautious and transfered a bit more too them. Rumors of scam started to grow, but I had figured it was the Bitcoin people just trying to make sure their coin was the only one that succeeded. FUD began to show up all over (fear, uncertainty, doubt). I ignored it and plowed on, withdrawing and reinvesting some back in. I soon had hundreds of paycoin (XPY) stacked up and was even more excited when they showed their online store were "beta testers" were making purchases at a honored price of $20 each. I was sold! I exchanged 2,000,000 dogecoin for XPY and was excitedly waiting my turn to get into access as they said they were limiting the amount of acceptances. By this time the FUDers were crying even louder but I ignored it as I could clearly see that we had a store! And then the invite never came....
I also invested in another "energy efficient" ASIC, that to this date, I have yet to receive, from Hashra.
Disappointed, and cries of scam and investigations and legal issues began to arise with Paycoin and GAW Miners, I dumped my XPY and invested into a new cloud mining services I had been hearing about, Scrypt.cc. It had been online for a year and was paying out. My numbers with it slowly grew and I was excited that I was starting to make a decent amount of coin a day. Then there was a "power issue" and then "we got hacked" and then "we have to pay ourselves back so we can support you guys" and then "sorry profits are down a bit more but we'll bring them back up". I watched my money go down the drain and with it my hopes of cryptocurrency.
I have been exposed to too many dishonest people who didnt see the vision of crypto but just saw another way to rip people off. To this day, I estimate I lost somewhere around $800-100 in cryptocurrency and $USD. Disappointed and hearbroken, I have sold all my GPU's (except for one to game with), my ASIC's, dumped almost all my crypto except a million dogecoin and some bitcoin and I'm done.
Done with this crap of a world of crypto.
Sep 16, 2015
Jul 30, 2015
Graduation
I completed my degree on July 3rd so I'm finally done with school. Been doing a few interviews but trying to find the right fit is a bit difficulty. Because I've been in school for so long, my technical skills have been a bit lacking. So I need to head back to my books, brush up on Server 2008, Server 2012, my CCNA stuff, and a few security books along the way as well. I think I've lost out on a few good opportunities because of my time away. So here is the summary of my capstone project for WGU, it was a mock installation of the Suricata IDS/IPS.
Business X has recently had been growing in their field of expertise. Along with this growth is a larger market awareness of their company, which had increased their exposure to possible network, attacks, from both external sources and possibly internal threats such as disgruntle employees. CEO Bob has expressed this concern to the current information security department and it had decided that an Intrusion Detection System or an Intrusion Prevention System would be an ideal upgrade to the network infrastructure. The purpose of this device was to provide real-time monitoring and alerts of active threats against the integrity of the network and the data that resides on it.
There was no current solution in place at that time that matched the needs requested by Business X. It was then determined, through discussions between the finance department and the information security department that an open source solution running on current virtual server infrastructure would provide the necessary requirements and constraints. This product must not cost anything, have some level of support, and provided regular updates to its core capabilities in order to stay ahead of any future threats and provide a way for acceptable risk mitigation.
Requirements requested include a Network Intrusion Detection System (NIDS) engine, Network Intrusion Prevention System (NIPS) engine, and a Network Security Monitoring (NSM) engine. Offline analysis of PCAP network traffic capture files and possible integration with current network firewalls were also requested features. It must also have a broad operating system support as it is yet to be determined which operating system it would lie on, but the IT department was leaning toward a Linux deployment.
In order to prepare for the future growth of the company, IPv6 support was needed along with current protocols including IPv4, IPv6, TCP, and UDP. It must be able to monitor HTTP traffic along with SSL/TLS, SMB file transfer protocol, SMTP/POP email protocols, along with FTP and DNS.
Suricata meet nearly all the requested features from the provided list. As an open source solution, it is a well-maintained protection engine and current staff will deploy it. This is to be deployed with a new virtual server, using provided documentation from the Suricata website, and with support on hand. Training was available from the Suricata staff through conferences as well as on-site training upon request. This will be a later consideration if it is determined it would be a necessity.
Suricata hardware requirements match with current virtualization setup. Two 1GB/s LAN connections will provide for an inline deployment method. Other requirements were a dual CPU setup in order to assist in traffic analysis. 2GB of RAM was the starting point in the virtualization with the option of upgrading in the future to 8GB as the company grew. Hard drive space requirements were little; therefor 20GB of hard drive space would suffice. The above requirements match current VMware deployment solution and no other hardware requirements were going to be added to the current systems.
The Suricata PPA bundle had the necessary packages and library dependencies included with the installation for functionality. This would shorten deployment time and easy complexity with mismatching library versions. Ease of deployment was the primary goal, as a junior information security engineer was to be the primary personal assigned.
The implementation of Suricata on Business X’s computer network was done with no major issues. The issues that were present were minor and easily correctable. Several dependencies for the program itself needed to be correct as the guide used on the developers’ website had not been maintained. Additional time had to be allocated for the development of the test network, as unplanned operating system updates arose. Additional delays occurred with the technical documentation of the IT staff due to family emergencies but did not provide any significant delays as the Chief Information Officer made a speedy signing off of the project, resulting in the Suricata development being well ahead of schedule
Business X has recently had been growing in their field of expertise. Along with this growth is a larger market awareness of their company, which had increased their exposure to possible network, attacks, from both external sources and possibly internal threats such as disgruntle employees. CEO Bob has expressed this concern to the current information security department and it had decided that an Intrusion Detection System or an Intrusion Prevention System would be an ideal upgrade to the network infrastructure. The purpose of this device was to provide real-time monitoring and alerts of active threats against the integrity of the network and the data that resides on it.
There was no current solution in place at that time that matched the needs requested by Business X. It was then determined, through discussions between the finance department and the information security department that an open source solution running on current virtual server infrastructure would provide the necessary requirements and constraints. This product must not cost anything, have some level of support, and provided regular updates to its core capabilities in order to stay ahead of any future threats and provide a way for acceptable risk mitigation.
Requirements requested include a Network Intrusion Detection System (NIDS) engine, Network Intrusion Prevention System (NIPS) engine, and a Network Security Monitoring (NSM) engine. Offline analysis of PCAP network traffic capture files and possible integration with current network firewalls were also requested features. It must also have a broad operating system support as it is yet to be determined which operating system it would lie on, but the IT department was leaning toward a Linux deployment.
In order to prepare for the future growth of the company, IPv6 support was needed along with current protocols including IPv4, IPv6, TCP, and UDP. It must be able to monitor HTTP traffic along with SSL/TLS, SMB file transfer protocol, SMTP/POP email protocols, along with FTP and DNS.
Suricata meet nearly all the requested features from the provided list. As an open source solution, it is a well-maintained protection engine and current staff will deploy it. This is to be deployed with a new virtual server, using provided documentation from the Suricata website, and with support on hand. Training was available from the Suricata staff through conferences as well as on-site training upon request. This will be a later consideration if it is determined it would be a necessity.
Suricata hardware requirements match with current virtualization setup. Two 1GB/s LAN connections will provide for an inline deployment method. Other requirements were a dual CPU setup in order to assist in traffic analysis. 2GB of RAM was the starting point in the virtualization with the option of upgrading in the future to 8GB as the company grew. Hard drive space requirements were little; therefor 20GB of hard drive space would suffice. The above requirements match current VMware deployment solution and no other hardware requirements were going to be added to the current systems.
The Suricata PPA bundle had the necessary packages and library dependencies included with the installation for functionality. This would shorten deployment time and easy complexity with mismatching library versions. Ease of deployment was the primary goal, as a junior information security engineer was to be the primary personal assigned.
The implementation of Suricata on Business X’s computer network was done with no major issues. The issues that were present were minor and easily correctable. Several dependencies for the program itself needed to be correct as the guide used on the developers’ website had not been maintained. Additional time had to be allocated for the development of the test network, as unplanned operating system updates arose. Additional delays occurred with the technical documentation of the IT staff due to family emergencies but did not provide any significant delays as the Chief Information Officer made a speedy signing off of the project, resulting in the Suricata development being well ahead of schedule
Full text can be read here
Jun 25, 2015
Last Leg of the Race
"The difference between a successful person and others is not a lack of strength, not a lack of knowledge, but rather a lack in will."
Vince Lombardi
I'm approaching the end of my time as a student. Four years ago, I was laid off from a great job as a desktop support technician. Four years ago, I decided to convert my career into an area I had a passion for. I'm nearing the end.
Yesterday, I got notification that the first section of my capstone project at WGU had passed. It was a business proposal for the deployment of Suricata. I think it took me three to four weeks to write. Next step on the road to graduation is the Capstone, which is basically a rewrite of the proposal, stating what was proposed and what actually happened when the "project" was done and completed. I hoping for just one or two weeks to completion for this.
I have been asked a few times if I recommend WGU, and I always answer, "That depends". It depends on your will to succeed. It depends on your ability to be alone. It depends on your ability to be self-motivated. If you do not have all three, I do not see you being able to succeed, without intervention, at WGU.
May 27, 2015
Nearing the end
I am finally approaching the end of my BIT in Security with WGU. A requirement for graduation is the creation of a project, writing the proposal(s), completing the project and then writing a capstone project result paper. My original idea was to do an analysis of passwords chosen for a specific website given. By that, I mean, people typically use certain passwords determined by the actual URL. Unfortunately, after registering to begin my capstone, I found out this is not the type of work they are looking for. So I had to give it another weeks thought and came up with the following, which is my submission for my project. This is just the original submission, and approval, not the actual project proposal or actually having done the project.
WGU Tech Writing
Project – Topic Proposal Outline
ANALYSIS:
Project Topic - Deploy a Intrustion Detection and Prevention
System (IDS/IPS) from a virtual server environment.
Problem Statement or Project
Purpose – Currently Business X has no formal way of monitoring network traffic
for local and remote malicious attacks. The purpose of this project will be to deploy Suricata on current
virtual server setup.
DESIGN and
DEVELOPMENT:
Project Scope
a.
Goals and Objectives
The
goal at the end of this project is to have Suricata deployed and actively
monitoring the network for malicious activity. Upon completion, the product
will be deployed using current resources, be easily managed by current staff
with no additional demand on resources or current staff man hours.
b.
Project Outcomes and Deliverables
The
outcome of this will be fully functional Suricata IDS/IPS deployment on
existing hardware with monitoring enabled and traffic being filtered and
watched for malicious activity. Continuous use of this will consist of current
information security staff performing daily monitoring and a weekly reports of
any suspicious activity and providing timely updates to the product.
c.
Projected Project End Date
Current
projected timely is completion of project no later than July 15th
2015
IMPLEMENTATION and
EVALUATION:
Describe how you will approach the
execution of your project –
The execution of this project will
consist of creating a virtual server to run Suricata on along with a virtual
test network environment to confirm functionality and performance before deploying on a production network.
Apr 21, 2015
Education for security
This was an old essay I wrote for one of my security classes, just cleaning out my G-Drive.
Why information security is important is a statement that speaks for itself. In today's world, we see examples all over the news of Company X losing its data to Hacker Group Y and how that data is then posted over the Internet for anyone to view and copy. Those with malicious intent have had a growing rise of popularity recently and other aim to have their minutes in the spotlight as well, resulting in the need for those of us to step and protect the users who just want to perform their work. Information security is a growing field that continues to see new development and ideas and companies are starting to see the need for this as well. But I disagree,I don't think we need more information security, I think we need more education. The need to protect a network has significantly grown in the past ten years and so has the technology to do so. This has been the spear head of many companies that do security such as Microsoft or Symantec. We have seen software firewalls and even the development of hardware firewalls that provide robust protection and features. This is great! We know realize the importance of it and we are doing something about it. However, with these features comes the need to use it. While this may seem like a good thing, its really not. Now we have users who want to use VPN's or remote desktop or similar features and save their credentials in the program. We have users who do not want to memorize their 8 character passwords but want to use CAC cards to login and then forget those cards at home. We have users who do use their 15 character passwords and then leave their desktops unlocked while going to the bathroom. We even have system administrators who place amazing defenses up and yet leave their ID cards hanging around or write down their passwords. What we really need is more education.
This is why I can say I don't believe in information security, but instead I believe in education. Educating users and even computer personal of the best practices for handling and safeguarding information is far better than any firewall, any anti-virus software, any physical security device. We need to educate users that despite having the best password in the world and changing it often, that if they write it down for anyone who walks by to see it, the great password is useless. Most security attacks actually come from within the organization, not from the outside, and these are easily avoidable by simple changes in practices. Users need to remember to lock their workstations even when they step away for "just a minute". It does not take long for the malicious employee to write down their username and password that was so conveniently written down. Even system administrators and computer support personal need to be taught that their accounts are the ones that most need to be protected, and it also why I believe we should be punished the hardest for failing to set an example.
When I was in the military, if I saw my Marines leaving their workstations unlocked, I would lock their accounts and make them come to me to get it unlock. My Sergeant and I went on an educational rampage and made everyone in the entire unit read and sign the DoD and Marine Corps computer usage policies to ensure that everyone understood and agreed to the punishments that were required of failure to obey. I rather spend money on educating people than on equipment to protect the uneducated.
When we fail to learn and grow from our mistakes and from the mistakes of others, the fault does not lay on the attackers but on ourselves for not being on the lookout.
Why information security is important is a statement that speaks for itself. In today's world, we see examples all over the news of Company X losing its data to Hacker Group Y and how that data is then posted over the Internet for anyone to view and copy. Those with malicious intent have had a growing rise of popularity recently and other aim to have their minutes in the spotlight as well, resulting in the need for those of us to step and protect the users who just want to perform their work. Information security is a growing field that continues to see new development and ideas and companies are starting to see the need for this as well. But I disagree,I don't think we need more information security, I think we need more education. The need to protect a network has significantly grown in the past ten years and so has the technology to do so. This has been the spear head of many companies that do security such as Microsoft or Symantec. We have seen software firewalls and even the development of hardware firewalls that provide robust protection and features. This is great! We know realize the importance of it and we are doing something about it. However, with these features comes the need to use it. While this may seem like a good thing, its really not. Now we have users who want to use VPN's or remote desktop or similar features and save their credentials in the program. We have users who do not want to memorize their 8 character passwords but want to use CAC cards to login and then forget those cards at home. We have users who do use their 15 character passwords and then leave their desktops unlocked while going to the bathroom. We even have system administrators who place amazing defenses up and yet leave their ID cards hanging around or write down their passwords. What we really need is more education.
This is why I can say I don't believe in information security, but instead I believe in education. Educating users and even computer personal of the best practices for handling and safeguarding information is far better than any firewall, any anti-virus software, any physical security device. We need to educate users that despite having the best password in the world and changing it often, that if they write it down for anyone who walks by to see it, the great password is useless. Most security attacks actually come from within the organization, not from the outside, and these are easily avoidable by simple changes in practices. Users need to remember to lock their workstations even when they step away for "just a minute". It does not take long for the malicious employee to write down their username and password that was so conveniently written down. Even system administrators and computer support personal need to be taught that their accounts are the ones that most need to be protected, and it also why I believe we should be punished the hardest for failing to set an example.
When I was in the military, if I saw my Marines leaving their workstations unlocked, I would lock their accounts and make them come to me to get it unlock. My Sergeant and I went on an educational rampage and made everyone in the entire unit read and sign the DoD and Marine Corps computer usage policies to ensure that everyone understood and agreed to the punishments that were required of failure to obey. I rather spend money on educating people than on equipment to protect the uneducated.
When we fail to learn and grow from our mistakes and from the mistakes of others, the fault does not lay on the attackers but on ourselves for not being on the lookout.
Feb 4, 2015
Subscribe to:
Posts (Atom)