aaron597.com

Details

Written by: Aaron DeJong

Category: Blog Posts

Published: 17 July 2025

Hits: 29

Introduction

My concept for this site needs an update. This is something that will be more Network Security oriented and still about myself in a journal blog kind of format. I will be updating this content from just Cisco and Microsoft into something that encompasses my Network Security Influencer role.

This is something that I have been thinking about lately, where I need some kind of platform to express myself as a Network Security Influencer. I have chosen this platform as a tool to create a community around my aaron597.com blog. The way that I am doing this is through Instagram, X, Facebook, and LinkedIn.

Concept

The concept for this site has some new direction. To get the concept off the ground, I am going to post weekly on this blog. Other changes include a scope change to anything around the Network Security niche in addition to focusing on my top fan status on multiple organizations including TryHackMe, HacktheBox, Router Nest, Palo Alto and others.

Within the concept, I will be trying out new things that I am interested in regarding Network Security. To provide the content I will be putting out Computer Networking, Cybersecurity and Network Security blog posts. The blog, aaron597.com, is more of a business on this site and will be thought of more as a business than as a personal blog like aaronwdejong.net is to me.

TryHackMe

Currently, I am ranked at #7370 with being ranked #959 in the All-time U.S. rankings. I have been doing easier rooms lately and building up my Exploit and Penetration Testing skills. There are some rooms that I have been doing that are regular rooms with the majority being CVE based rooms in the Exploitation skill.

Background

Having an IT background has helped me become a part-time writer for myself. I am now a writer for aaronwdejong.net, aaron597.com, and at Aaron W. DeJong IT Articles where I am also the editor. Aaron W. DeJong IT Articles is my own promotion on Medium. I also publish other articles on Medium and post my blog posts from the two blogs on Medium.

Conclusion

I am having some more time dedicated to writing and will be posting on aaron597.com and aaronwdejong.net weekly. I also have some time to write articles and focus on my Network Security niche. I am excited to be a Network Security Influencer due to my background in Computer Networking and some training that I have been doing for cybersecurity. I feel that this is something worth doing and I am committed to working on this going forward.

Details

Written by: Aaron DeJong

Category: Blog Posts

Published: 08 July 2025

Hits: 38

Introduction

DHCP is the Dynamic Host Configuration Protocol and is vital to an enterprise or small business. Securing this protocol on your LAN is one of the things that will help your company do a defense in depth approach to security. DHCP is secured by using certain configurations for DHCP Snooping and Dynamic ARP Inspection (DAI).

The DHCP Process that a client goes through to establish a dynamic IP address is called the DORA process. DORA is an acronym that Stands for Discover, Offer, Request and Acknowledgement.

This process starts with the client making a discovery ARP request for the DHCP server, the server then sends an Offer message to the client offering the IP address that it gives out for that client. The Client then sends a request for that IP address and the Acknowledgement from the server completes the DORA process.

APIPA

The Automatic Private IP Addressing range is the 169.254.X.X range and is used if there is a problem with the DHCP Process for that client. This address range is for automatically assigning the client with a dynamic IP address using itself as the DHCP server as a backup to not having an IP address.

Securing DHCP

There are some ways that you can secure DHCP using the IP Helper Address and DHCP trusted links. These work in conjunction with DAI and DHCP Snooping n order to provide the security needed to do defense in depth for DHCP. For DHCP Snooping on Cisco devices there is a way to create a binding database for trusted and untrusted ports connected to a DHCP Server.

In addition to the DHCP Snooping there is Dynamic ARP Inspection which validates ARP packets against the trusted binding database which prevents ARP Spoofing and untrusted ARP traffic from getting used maliciously for DHCP related attacks. Dynamic ARP Inspection is typically used with DHCP Snooping to create a binding database.

Conclusion

By securing DHCP there is a better defense in depth allocation for this protocol using the DAI and DHCP Snooping technology on Cisco devices. I have also been doing some things on TryHackMe and am now a top fan of TryHackMe in addition to being ranked 7360 with 237 rooms completed and 35 badges.

I am posting this blog post on aaron597.com and will be able to post this one on Medium as well. There are some more technologies that I would like to write about regarding Cisco and Microsoft technologies. This is more of what I would like to write about on the aaron597.com blog.

Details

Written by: Aaron DeJong

Category: Blog Posts

Published: 20 June 2025

Hits: 73

Microsoft Solutions

SIEM, SOAR and XDR are three Microsoft solutions that provide Security Information Event Manager, Security Orchestration and Automation Response, and Extended Detection and Response. The SIEM is the main system for log aggregation and alert generation. For SOAR it looks through events and analyzes them to get automated responses to alerts or suspicious events. The XDR is a system in which integrates the threat detection and response from security sources in the enterprise like cloud or networking devices.

SIEM

A SIEM is a Security Information Event Manager and is responsible for log aggregation along with some alerts that can be generated in a SIEM. There were two different systems that the SIEM replaced, which were the SIM and the SEM. The SIM was the Security Information Management which collected log files to identify security events that are suspicious. The SEM was the Security Event Management which provides log aggregation on events that were related to security software and hardware like firewalls, IDS, and IPS systems.

The main SIEM application for Microsoft is Azure Sentinel which is more of a Security Operations Center (SOC) type of application. Azure Sentinel provides this log aggregation along with analysis, log correlation and data analysis for visualization and log retention.

SOAR and XDR

SOAR is the Security Orchestration and Automation Response that works with a SIEM system like Azure Sentinel. This is to provide security orchestration by collating the logs from a SIEM to provide an automated response by using AI and Machine Learning. This augments the SOC team and provides automated responses for more mundane and trivial log detections. Freeing up the SOC team will result in a better detection and response time.

XDR is Extended Detection and Response which allows a response to more elaborate threat detection using both the SIEM and SOAR system to provide for XDR. This is for better mean time to respond for the SOC team. The XDR also correlates Threat Intelligence and Security System logs in the mix for better SOC Operations giving the team a better chance to detect threats while reducing false positives.

Conclusion

I am using this as a blog post instead of an article. I need to work on my expertise more on the Microsoft Security applications to do a better job for my blog. I am going to be doing the Aaron W. DeJong IT Articles still and might work more on the articles for Microsoft Security concepts. This blog is going to be more on the computer networking or Cisco side of the IT House.

I will be working on more content and will update the blog on Friday for this one and aaronwdejong.net. This will allow me to complete to blog posts on a day that I normally do the aaronwdejong.net blog.