aaron597.com
Blog Posts
- Details
- Written by: Aaron DeJong
- Category: Blog Posts
- Hits: 22
Network Security Influencer
For the Network Security Influencer role, I am working on learning about some influencer strategies. I want to get some experience and thought leadership skills out of being a Network Security Influencer. In addition, the way that I am approaching the influencer role is more of a top fan-based strategy.
I am looking forward to researching more Network Security Influencer strategies. I will be researching these to refine my approach and get better. The strategy that I have going forward is to help with the social media marketing of the organization or group. This is helpful in getting rising fan badges and top fan status.
Top Fan Status
Currently, I am doing Router Nest, Networks Baseline, IT Networks and nine or so altogether. The top fan status that I have also includes TryHackMe, HacktheBox, and Palo Alto Networks. By interacting with the sites or organizations on Facebook, Instagram, and X it helps provide the message to potential consumers. This is my basic strategy on the top fan status.
There is something that I have been doing for about 3.2 years as a weekly streak on Udemy which is 167 weeks in total. For Udemy, I have received a rising fan status and will be working on top fan status. This Udemy streak goes back to before they started the streak, and I am surprised with how long I have maintained it.
TryHackMe
I have become a Top Fan of TryHackMe by helping it out with the social media marketing and interacting with them. Currently, I am ranked #7179 on TryHackMe with being #932 in the Unites States All-Time. In addition, I have completed 247 rooms and am a Legend at Level 13 with 31780 points.
I will be working on my Junior Security Engineer Skill Matrix that is the second filter after Entry-Level, in which I have maxed out. On the Junior Security Engineer Skill Matrix, I am Strong in Identity Security and Incident Response while being weaker in Security Automation. I am back to working on the DevSecOps Learning Path where I am at around 70% completed.
Conclusion
Working with the Network Security Influencer role is allowing me to hone my craft and be more of an influencer over time. For the Udemy top fan status I will need to up the game on my interactions with Udemy. I am doing quite well on the TryHackMe site as a top fan and will be looking to extend my 8-day streak to 30 days at least.
- Details
- Written by: Aaron DeJong
- Category: Blog Posts
- Hits: 29
Introduction
My concept for this site needs an update. This is something that will be more Network Security oriented and still about myself in a journal blog kind of format. I will be updating this content from just Cisco and Microsoft into something that encompasses my Network Security Influencer role.
This is something that I have been thinking about lately, where I need some kind of platform to express myself as a Network Security Influencer. I have chosen this platform as a tool to create a community around my aaron597.com blog. The way that I am doing this is through Instagram, X, Facebook, and LinkedIn.
Concept
The concept for this site has some new direction. To get the concept off the ground, I am going to post weekly on this blog. Other changes include a scope change to anything around the Network Security niche in addition to focusing on my top fan status on multiple organizations including TryHackMe, HacktheBox, Router Nest, Palo Alto and others.
Within the concept, I will be trying out new things that I am interested in regarding Network Security. To provide the content I will be putting out Computer Networking, Cybersecurity and Network Security blog posts. The blog, aaron597.com, is more of a business on this site and will be thought of more as a business than as a personal blog like aaronwdejong.net is to me.
TryHackMe
Currently, I am ranked at #7370 with being ranked #959 in the All-time U.S. rankings. I have been doing easier rooms lately and building up my Exploit and Penetration Testing skills. There are some rooms that I have been doing that are regular rooms with the majority being CVE based rooms in the Exploitation skill.
Background
Having an IT background has helped me become a part-time writer for myself. I am now a writer for aaronwdejong.net, aaron597.com, and at Aaron W. DeJong IT Articles where I am also the editor. Aaron W. DeJong IT Articles is my own promotion on Medium. I also publish other articles on Medium and post my blog posts from the two blogs on Medium.
Conclusion
I am having some more time dedicated to writing and will be posting on aaron597.com and aaronwdejong.net weekly. I also have some time to write articles and focus on my Network Security niche. I am excited to be a Network Security Influencer due to my background in Computer Networking and some training that I have been doing for cybersecurity. I feel that this is something worth doing and I am committed to working on this going forward.
- Details
- Written by: Aaron DeJong
- Category: Blog Posts
- Hits: 38
Introduction
DHCP is the Dynamic Host Configuration Protocol and is vital to an enterprise or small business. Securing this protocol on your LAN is one of the things that will help your company do a defense in depth approach to security. DHCP is secured by using certain configurations for DHCP Snooping and Dynamic ARP Inspection (DAI).
The DHCP Process that a client goes through to establish a dynamic IP address is called the DORA process. DORA is an acronym that Stands for Discover, Offer, Request and Acknowledgement.
This process starts with the client making a discovery ARP request for the DHCP server, the server then sends an Offer message to the client offering the IP address that it gives out for that client. The Client then sends a request for that IP address and the Acknowledgement from the server completes the DORA process.
APIPA
The Automatic Private IP Addressing range is the 169.254.X.X range and is used if there is a problem with the DHCP Process for that client. This address range is for automatically assigning the client with a dynamic IP address using itself as the DHCP server as a backup to not having an IP address.
Securing DHCP
There are some ways that you can secure DHCP using the IP Helper Address and DHCP trusted links. These work in conjunction with DAI and DHCP Snooping n order to provide the security needed to do defense in depth for DHCP. For DHCP Snooping on Cisco devices there is a way to create a binding database for trusted and untrusted ports connected to a DHCP Server.
In addition to the DHCP Snooping there is Dynamic ARP Inspection which validates ARP packets against the trusted binding database which prevents ARP Spoofing and untrusted ARP traffic from getting used maliciously for DHCP related attacks. Dynamic ARP Inspection is typically used with DHCP Snooping to create a binding database.
Conclusion
By securing DHCP there is a better defense in depth allocation for this protocol using the DAI and DHCP Snooping technology on Cisco devices. I have also been doing some things on TryHackMe and am now a top fan of TryHackMe in addition to being ranked 7360 with 237 rooms completed and 35 badges.
I am posting this blog post on aaron597.com and will be able to post this one on Medium as well. There are some more technologies that I would like to write about regarding Cisco and Microsoft technologies. This is more of what I would like to write about on the aaron597.com blog.
- Details
- Written by: Aaron DeJong
- Category: Blog Posts
- Hits: 73
Microsoft Solutions
SIEM, SOAR and XDR are three Microsoft solutions that provide Security Information Event Manager, Security Orchestration and Automation Response, and Extended Detection and Response. The SIEM is the main system for log aggregation and alert generation. For SOAR it looks through events and analyzes them to get automated responses to alerts or suspicious events. The XDR is a system in which integrates the threat detection and response from security sources in the enterprise like cloud or networking devices.
SIEM
A SIEM is a Security Information Event Manager and is responsible for log aggregation along with some alerts that can be generated in a SIEM. There were two different systems that the SIEM replaced, which were the SIM and the SEM. The SIM was the Security Information Management which collected log files to identify security events that are suspicious. The SEM was the Security Event Management which provides log aggregation on events that were related to security software and hardware like firewalls, IDS, and IPS systems.
The main SIEM application for Microsoft is Azure Sentinel which is more of a Security Operations Center (SOC) type of application. Azure Sentinel provides this log aggregation along with analysis, log correlation and data analysis for visualization and log retention.
SOAR and XDR
SOAR is the Security Orchestration and Automation Response that works with a SIEM system like Azure Sentinel. This is to provide security orchestration by collating the logs from a SIEM to provide an automated response by using AI and Machine Learning. This augments the SOC team and provides automated responses for more mundane and trivial log detections. Freeing up the SOC team will result in a better detection and response time.
XDR is Extended Detection and Response which allows a response to more elaborate threat detection using both the SIEM and SOAR system to provide for XDR. This is for better mean time to respond for the SOC team. The XDR also correlates Threat Intelligence and Security System logs in the mix for better SOC Operations giving the team a better chance to detect threats while reducing false positives.
Conclusion
I am using this as a blog post instead of an article. I need to work on my expertise more on the Microsoft Security applications to do a better job for my blog. I am going to be doing the Aaron W. DeJong IT Articles still and might work more on the articles for Microsoft Security concepts. This blog is going to be more on the computer networking or Cisco side of the IT House.
I will be working on more content and will update the blog on Friday for this one and aaronwdejong.net. This will allow me to complete to blog posts on a day that I normally do the aaronwdejong.net blog.