7MS #406: Securing Your Family During and After a Disaster - Part 4
7 Minute Security21 Mar 2020

7MS #406: Securing Your Family During and After a Disaster - Part 4

This episode of the 7MS podcast is brought to you by ITProTV. It’s never too late to start a new career in IT or move up the later, and ITProTV has you covered. From CompTIA and Cisco to ECCouncil and VMWare. Get a 7-day free trial and save 30% off all plans by going to itpro.tv/7MS

First and foremost, I hope you all are doing well and taking care of yourselves.

Today's episode focuses on disasters, which is unfortunately a very appropriate topic. As a quick refresher, our family had a fire a few months ago. It sucked. I talked about the day of the fire in this episode then did a "how do we get back on the grid?" episode here and then answered some of your FAQs here.

Regardless of if your DR plan includes fires, virus outbreaks, tornados or zombie attacks, it's important to have a solid plan for your family and business. So in today's episode I cover these main two topics:

A DIY $500 NAS + Unlimited Cloud Backup Plan

In trying to be more organized with my backup strategy, I set out to create a new backup plan with the following criteria:

  • Priced at ~$500
  • One on-prem array
  • Encrypted at rest
  • Backs up to cloud with encryption key I control
  • Unlimited scalable storage

I found my solution using this awesome video but I need to warn you about something right off the bat: the config in this video and in today's episode is not supported by CrashPlan because CP doesn't have a native backup agent that will run on the Synology NAS (at the time of this writing, anyway). With that said, here's the grocey list of things that make up my backup rig:

(See more info on the show notes for todya's episode at 7ms.us)

Episoder(687)

7MS #150: OFF-TOPIC-Bone Tomahawk / Goodnight Mommy / Comedy Loves Misery

7MS #150: OFF-TOPIC-Bone Tomahawk / Goodnight Mommy / Comedy Loves Misery

Preview16 wordsIn today's off-topic episode I review the following movies: Bone Tomahawk Goodnight Mommy Misery Loves Comedy

3 Feb 201610min

7MS #149: Securing Your Life - Part 3

7MS #149: Securing Your Life - Part 3

This episode continues the series on securing your life - making sure all the security stuff related to your life is in order. Today we're particularly focusing on preparing to travel. What if (God forbid) the plane goes down? Who has access to your money, passwords, etc.?

1 Feb 20168min

7MS #148: OFF-TOPIC - Apple Watch Review

7MS #148: OFF-TOPIC - Apple Watch Review

Yep, there are tons of people/blogs/magazines/children/pets who have provided reviews of the Apple Watch. This is mine.

28 Jan 20169min

7MS #147: DIY Hosted Mutillidae

7MS #147: DIY Hosted Mutillidae

In this episode I talk about how to build a cheap hosted Mutillidae server to safely hack away on while keeping other Internet prowlers out. Here are the basic commands to run to lock down the Digital Ocean droplet's iptables firewall: *Flush existing rules* **sudo iptables -F** *Allow all concurrent connections* **sudo iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT** *Allow specific IPs/hosts to access port 80* **sudo iptables -A INPUT -p tcp -s F.Q.D.N --dport 80 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT** *Allow specific IPs/hosts to access port 22* **sudo iptables -A INPUT -p tcp -s F.Q.D.N --dport 22 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT** *Block all other traffic:* **sudo iptables -P INPUT DROP** *Provide the VPS loopback access:* **sudo iptables -I INPUT 1 -i lo -j ACCEPT** *Install iptables-persistent to ensure rules survive a reboot:* **sudo apt-get install iptables-persistent** *Start iptables-persistent service* **sudo service iptables-persistent start** *If you make iptables changes after this and they don't seem to stick, do this:* **sudo iptables-save > /etc/iptables/rules.v4** See this Digital Ocean article for more information.

26 Jan 20168min

7MS #146: Friday Infosec News and Links Roundup

7MS #146: Friday Infosec News and Links Roundup

Here are some of my favorite stories and links for this week! If you missed last week's BURN IT ALL! Webcast, it's now online as a Youtube video. There is still time to register for the Real World Web Penetration Testing Webinar. It's(Thursday, January 28 @ 1 p.m. CST) and $25 (cheap!) Trustwave is in big trouble after failing to find hackers under their noses. Their noses mustreally hurt because Mandiant was quick to point out the work done by Trustwave was "woefully inadequate." I'm scared of IoT stuff. Why? Oh, I don't know, because what happens when your Nest fails and leaves your buttcheeks freezing cold?!?!? Or what if hackers steal your doorbell, and thus your wifi password and pwn your network? Thankfully, OWASP now now has a top 10 for IoT stuff too. A researcher found some clever ways to abuse Lastpass with an exploit called Lostpass. Lastpassresponded with a security change wherein a Lastpass authentication from a new device requires approval via email. A new Sysinternals tool helps figure out if you have shady, unsigned files in c:\windows\system32. Oh, and for sure upgrade all your iThings ASAP. Apple patched some ugly security holes.

23 Jan 201610min

7MS #145: OFF-TOPIC - Sicario and The Walk

7MS #145: OFF-TOPIC - Sicario and The Walk

In today's off-topic episode I review two movies: Sicario and The Walk.

21 Jan 20167min

7MS #144: Shoulder-Surfing with Seasoned Pentesters

7MS #144: Shoulder-Surfing with Seasoned Pentesters

I recently had the opportunity to shoulder-surf with some seasoned Webapp pentesters, and wanted to share what I learned about their tools, techniques and methodologies.

18 Jan 20167min

7MS #143: Friday Infosec News and Links Roundup

7MS #143: Friday Infosec News and Links Roundup

Here are some of my fav' stories and links for this week! * Burn it all...The New Security Fundamentals **(Wednesday, January 20 @ 1 p.m. CST)**: a free Webinar on setting up the "*core technical things you need to do for your security program*." I've attended many Webinars from the BHIS group and they're always informative and humorous. * Real World Web Penetration Testing **(Thursday, January 28 @ 1 p.m. CST)**: a $25 Webinar on going through "*a real world penetration test. We will explore the methodology and procedures Secure Ideas follows as we test web applications. The course will also walk through some tricks and tips on how to focus your testing on likely flaws*." I have seen four of their recorded courses before and found them to be *absolutely* worth the money I spent, so I'm confident this upcoming session will be no exception. * Fortinet SSH backdoor not much to say except if you use any of the affected products, update immediately as they contain an SSH backdoor: * FortiOS v4.3.17 or any later version of FortiOS v4.3 (available as of July 9, 2014) * FortiOS v5.0.8 or any later version of FortiOS v5.0 (available as of July 28, 2014) * Any version of FortiOS v5.2 or v5.4 * Hacker sentenced to 334 years in prison for operating a phishing Web site similar to that of a legit banking Web site. Moral of the story? Don't do that. * Don't use IE 8, 9 or 10 anymore! unless you like to live dangerously.

15 Jan 20168min

Populært innen Politikk og nyheter

giver-og-gjengen-vg
aftenpodden
aftenpodden-usa
forklart
stopp-verden
popradet
hva-star-du-for
nokon-ma-ga
fotballpodden-2
det-store-bildet
dine-penger-pengeradet
bt-dokumentar-2
unitedno
aftenbla-bla
e24-podden
rss-ness
rss-penger-polser-og-politikk
rss-dannet-uten-piano
rss-borsmorgen-okonominyhetene
oppdatert