Tech Check-In September 9, 2021 - Vendor 27Labs IP Blacklist

• 27Labs Blacklist - This email address is being protected from spambots. You need JavaScript enabled to view it..  This email address is being protected from spambots. You need JavaScript enabled to view it.
  • https://www.bestblacklist.com
  • Downloadable IP list of known active hacker addresses.
  • Collected by custom honeypots placed in several countries
  • Addresses only added when traffic actively trying to exploit honeypots
  • Downloadable lists in several formats for different devices
  • If a different format is needed for a specific device, the developer can make it available in the required format.
  • Free list available, Updated every 24 hrs, 2-3 days delayed from paid list, still very effective
    https://www.bestblacklist.com/download/
  • Paid list $99/year, Updated every 15 minutes, Available in 3 sizes
    • Addresses active in the last 3 days
    • Addresses active in the last 7 days
    • Addresses active in the last 14 days
  • Fortigate Implementation: https://docs.fortinet.com/document/fortigate/6.4.0/administration-guide/891236/external-block-list-threat-feed-policy
  • Sonicwall Implementation: https://www.sonicwall.com/support/knowledge-base/what-are-dynamic-external-objects-groups-and-how-can-we-configure-it/200507105852280/

• Fortinet Presentation - Jim Wineinger - Fortinet Systems Engineer - This email address is being protected from spambots. You need JavaScript enabled to view it.  -  
  • Discussion of the Fortinet security rating service and how that can provide a pretty good audit of how the security posture for a Fortigate stacks up against various compliance specifications and against other deployments in education.
• Limiting Administrative Management to workstations, but not servers.

Alrighty, well I'll tell you what, let me go ahead and take care of a start up here I think we'll get started so give just second. Welcome everybody to the sep tember ninth edition K 12 technology check in. Thanks everyone who's showing either locally at principal Park TODAY'S SPECIAL EDITION and, or if you're watching it recorded, sorry didn't make out do today we're going off our meeting have Brian Milburn from, probably should say 27 Labs is what with but he can correct company you'd like I'm babbling has product that implemented on my equipment week ago pretty excited about wanted share, share was everybody. So turn over brand. Okay. Thanks, Scott. the. We developed blacklist. For primarily for installing firewalls, web servers, things that. But we different approach recently. Well, year built new own custom routers, firewalls in doing so, were through looking myriad free blacklist available could subscribe to. And there tons them. couple months keeping track which best for, know, recommendations impressions from other people then one found the, frequency they kept current sort Helter Skelter. Some them wouldn't update two others, might it, be 2448 hours old. really wasn't, wasn't an ideal situation, know we've, we've been building lists filtering internet stuff years now, when are starting cyber sitter installed hundreds not thousands schools all country. relevance something this directly equates how frequently it's updated thought better job we'd already had projects underway where analysis bad actor traffic. some work federal law enforcement intelligence agencies. we, framework place developing taking further towards making useful regular, average market corporations institutions. little bit then, others seen terribly secretive find these, rules set beginning want any third party information coming didn't, don't reports anybody use else's list aggregate anything. All gather equipment, maintain full provenance every single IP address our, file point time somebody why dates times states countries, wherever attempted intrusion, or, unauthorized access It gives us a. The way as got, 16 now. General honey pots four United States countries more soon up. We're setting Amsterdam Frankfurt. designed special honeypot software, isn't just, You simply logging program actually simulate activity 1816 18, normal attack services popular services. However, functioning example RDP SSH whatever they, person end work. ever data, allow any, read payload send discard it. there's very risk of, trying, attempting try buffer overload cripple cause problems systems works idea is, gotten government agencies ladder. There's groups involved infiltration intrusion those nuisance scanner kid his basement he's trying scan running around build huge addresses sell people, who back find, servers interest their goal guys damage some, algorithms help identify these only block also providing enforcement. So, able criminal gangs, least suspicious, suspect gangs because operate screen sharing Scott show here. First Let website browsing everything. Now, domain name blacklist.com. doesn't that's easiest remember. Yeah, okay. sometimes turns search results says what's see where. Okay, go. right, website. The, 15 minutes. Most many routers even capable frequency, but, sure version no older than minutes good getting ones active comes online 30 ago. Next list. three sizes speak, three, seven 14 day observations several formats various installations support, whether tables whichever type installation need. got template system add formats, quickly within few usually. The. main page graph on. Over past 24 amount attempts observed hour period, country breakdown. Unfortunately, usually top right now one. look protocols seeing smarting high art high. third. him most dead number five. 10 thing yellow color minor major organizations, checked there, ASN numbers, offending organizations unfortunately Digital Ocean large provider, they're always two, beat China by quite ways, sending weeks compromised, seem too interested next 100 tutors last hours, interestingly morning. neighborhood somewhere. This belongs Cox services, local provider Santa Barbara home. commercial home pay extra guaranteed bandwidth. did poking mean, change screens, is. finish 129,000 reports. 2058 never before. time. That's middle size file. database days. 27,480 592,000 total hits 217 seen. me. stop another Now checking address, thought, possibly maybe providers muck was, equipment. interesting query hitting These machines And, interestingly, Ocean. They're located facilities, states, Silicon Valley area Seattle Dallas. kind odd complicated doing. of. significant here, same servers. bottom hit second apart. set, class A, widely separated, far go, seconds we're, being targeted reason. repeats multiple, multiple lines pattern. obvious group responsible targeting particular must reason, after RDP. you'll 575 means such rapid succession combine into entry log transaction save space. that'll will authorities. goals come put business can, benefit pattern occurrences patterns that, short period None net all, separated odds happening, slim case apart highly unusual would indicate working small particular. lot compilers, aggregated sources and. separate based upon concerned, bad, your system. rate, mean there's. Initially, pot listeners purposes simple matter data databases catalog it's, effective, first. In first place, using free, rarely hit, these. organized fast for. don't. One blocks whole testing faster individual calculate network court order number, compare between much index sorted list, performance accuracy. bring webpage again could, remember correctly, public charge anyone Right. depend requirement be. It's typically days old, About midnight roll over, ages leaves a, still than. enough purposes, people's knowing I'm, side, 20 blocking on, value subscription there's, leave Microsoft Internet Information Server provide utility manage download putting location integrate server SMTP modified alligator mail steps commands everything word made makes they've accessed secret requires author credentials given hints credentials, to, generate tips programmer hacker know. funny spend figure out. wrong shut down shutting minutes, again. cat mouse game piques curiosity. lets clearly more, savvy about, breaking systems. Cool. implemented. raw format. decade open There uncompressed version. Let's external connectors called afford gate. connector. copied URL feed pasted be, create firewall 40 Gator policies say, internet. If anything inside drop portal reverse created rule said, head counts But, service well. fairly reasonable minute currently paid lyst any. great latest so. real beneficial worked, yet knock wood call can't anywhere having yeah i school district assistance 995 month 9995 annually. figured per cases, obviously supports Linux running, patchy engine x stuff. support machine intended entire control parts quick false positives likelihood experiencing. zero, assigned researched previous. listed DNS resolved problematic asked address. had. Anything resolve low did, porn site guy used then. tried DPS hosting companies. interesting. Other addresses. bps places okay, Hewlett Packard uses scanning done targets. it's. its history store whatever. refuse very, click button pure Korea, surprisingly activity. there'd low, wide keep expanding view internet, can. Well thank you, Brian, um, automated pick link, said I've walk Ford gate without directions vendors. part hundred dollars cheap insurance zero blocked, longer happen credit card something. need pod, envelope note you. So. Does else questions while line. thanks yep turned around, like, oh my, weird lost participants did. yeah. hopefully drive direction greatly appreciate Yep, yep, worries, worries. computer anyway, guest Jim Florida joining room enjoy Troy we'll, there. Alright, Like parking Of course live demos, demo. Something inevitably goes wrong, took Park. My ISP connection won't demo, news plan worst. PowerPoint screenshots yesterday. let's talk today. screen. good. security rating service. tree IT staff networking hands dirty configuration changes. What gonna industry practices PCI minute, security, practices, changes administration. folks taken network, automation report communication someone newspaper. Maybe somebody's issues. final reading auditors. prove fact. Why document, exactly you've secure works. provides levels, daily basis, boss do, understand compliance. guess skipped networking, properly, administration, secure, auditor, evidence. Those areas service, advantage Yes, filtering, prevention virus along lines. sign trial, slides. gig, account. Go assets, assets slides reach myself happy this, select game. underneath opportunity guard trial. Once quarter gate, Anybody this. perfectly invite apply network. elements self assessment configurations, properly. hand-waving power, measurable actionable information, do. weaknesses, vulnerabilities Fortinet regular hourly basis vulnerability statuses. point. slip fortunately, score stay familiar topology. fabric. demo gates, winter. Here spotlight. 48 price root switches supported voice, PR PBX switch wireless AP apparently numbers above five 522 seven. insane. issues yes lab run higher people. Each issues, fabric at, important hey, administrative password. tells switch, On API, issue. way. Or drill details rating. executed against resolve, buy feels requirement. snapshot example, interface classification, fail. outbound ports, haven't defined DMZ land, when. foot violates, violation associated told wrong. device FSB requirements added. that's. reason selected one, hasn't easy does. easy, happen. known issue passwords timeouts fix. devices, again, PS management platforms, hurt platform each does impact overall organization administrator level, fit, compared yesterday, fit peers, posture. instead specific problem step hierarchy strategic level. looks posture, 69th percentile. rank peers. sled vegan sled. High School, schools, enterprise government. vertical, rank. You'll case, minus eight puts seventh well, failed. failing, roughly, 20% things. You've exempted talked earlier below upper level With revision software. deeper, letter grades, breaks basic capabilities areas. poor coverage, fabric, lots needs firmware wise, optimization, optimized environment, grade course, area, grades sub across informational expect. user devices sitting runs, grade, runs scores postures. manager analyzer, values piece becomes combine. both implementing compliance mechanisms went passed failed printout yes, export favorite spreadsheet CSV JSON, proof auditors, principles board, anchor parents, protecting children school. overview pass days, feel accountant. Jason slaughter Iowa Great Lakes region, anything, employee call, always. Dr. Thank sir Alright question computer's acting weird, hear Nope. mute unmute luckily spacebar graphs in, 646. time, application am different. Sorry No, actually, correct. default, normally historic results, analyzer cry, question. Sarah Do questions. may turning Absolutely. absolutely encourage park cost mentioned. engineer. They play thing. audit either. Good yeah, check. sales context notes added typical bundle through, prevention, filtering. 360, generally State Farm, IBM, customers environment. push Because, includes use, Things, sensors assembly line bundle, paying capability. sense. just. contact old wise Things waiting ordered. hoping wait till week's nice quiet Oh man, share. sounds update. How Sarah. Um, moved office left tech assistant burden super glad rights workstation administrator, answer no, Active Directory. mess bunch through. Yeah. limit node side computers awesome learner Prague product, 48, restrict Gate, Directory admin cherry rights. users system, with, somewhat restrictive rights, messed looked words aren't policy Group Policy. couldn't see, hate hired trained tax yet, position gets broken tries sat visited morning god breakage summer phone book books Chromebooks book. chords hopes bills long ahead. We'll see. recycle products pulled screens kids break buy. route. loss anticipated pleasantly That Breaking happened breaking, me, too. feeling clever sent before fishing training felt dropped balls Covidien shorter struggling science merely subs. way, rooms. creative goes. right. Can wigged spot nothing happens. recording say. anyway specify OU someplace. You, user. member experimenting applying person. Users Computers Adam under hood college. hire capacity about. Yep. move. Anyway, here's my. Here's using. It'll it'll really. he'll tech, English teacher became ready fulfill role beyond Help Desk remembered admins. laptops admins fold group. successful ends totally willing Anyone came man slimmer. too, I, Zach contacted yesterday night youngest slow gutsy Scotty dance feisty buddy. wish After sit watch jealous but. Thursday