“But I need have local admin to run this!”

March is finally here!  The walls of snow are melting down quickly here in New England.  I can finally see grass!  Well ok… it is more like torn up chunks of sod from completely missing the side walk with the snow blower, but it has remnants of grass.

During my hibernation, I remembered some conversations from the past.  Mainly they had to do with “discussions” with users about their needs on their systems.  They commonly revolved around the requirement of administrative rights on their local workstations.  Which of course lead them to believe their current user account was the one that needed those rights.  Well most of us in security, as well as many others in the Systems Admin side of things, know that this is bad and should never be granted without a really good reason.  But does this mean it isn’t possible to grant these users their wishes? Continue reading

Network Security Protections when not in the office…

So in a previous life, I worked for a large enterprise which had many laptop users and a good size remote workforce. When I first took my laptop home for the night, I realized that for one, I could connect to any wireless network… and two I was no longer behind my web filtering servers. This article reminded me on how often this issue is overlooked: Postal Service Suspends Telecommuting

Continue reading

Build your own Tor Router with a Raspberry Pi

In a recent episode of the Paul’s Security Weekly podcast, they covered a tech segment on how to build your own Raspberry Pi Tor router. There have been quite of few of these popping up ever since the Anonabox debacle that happened a few weeks ago. In any event, I decided to give this version a go. I had the Pi lying around, so it seemed like a fun project to try.

Continue reading

Last Week’s Meetup

We had a couple new faces come out to the kickoff of Nutmeg InfoSec Meetup. We discussed the state of the CT InfoSec community over some beer and pizza. Thankfully we all seem to believe that it exists and just needs a push to get more people involved. We eventually moved over to the classroom to a talk about Shodan.io.  The slides will be posted shortly, but you will get more out of actually checking it out and searching the “Internet of Things.”

If you couldn’t make it out to last week’s meetup, don’t worry!  We plan to do this every month.  We will most likely finish out the year at NESIT Hackerspace, but after the holidays we will look at moving around the State.  If you happen to know of  a good location between Hartford and New Haven, let us know!

Looking forward to the next one!

The first official NutmegInfoSec Meetup is just around the corner!

So what do you need to know for Wednesday October 15th?

  • Laptops not required, unless you are planning to present on something.
  • For those presenting, projector supports VGA input, so bring adapters if you need to.
  • The event is free, but NESIT is kind enough to allow us to use the space, so donations are welcomed.  NESIT is a 501(3)(c) so it is tax deductible.
  • Pizza and Soda and other cold beverages will be provided courtesy of the host.
  • If the building entrance (East Entrance) is locked, call the NESIT number (sign on door) and someone will come down to let you in.
  • Be ready to participate, this is not intended to be a “Death by PowerPoint” night, we get enough of that at work!
  • Bring a friend!
  • Bring some business cards, after all it is a networking event.
  • Where’s NESIT?  – 290 Pratt St,, Meriden, CT – East entrance go up one floor and follow the signs.

Any questions you can send them to info(at)nutmeginfosec.com

Things are happening!

We are being quite productive over here.  The site is up and running, a calendar of events has been added, and now we are running over SSL!  Eventually the stuff over on Meetup.com will be moved over to here.  Feel free to register to become part of the CT InfoSec community!

Also don’t forget the first official Meetup night on October 15th @ NESIT Hackerspace!

-@NutmegInfoSec

WE LIVE!!!!

Please be patient, we have just woken up and are still a little groggy.  Welcome to the future home for the CT InfoSec collective… we mean Community.  We know there are more of you out there.  Our goal is to assim… invite you to the group so that we may have share knowledge and improve our skills in the world of infosec within the Nutmeg state.

For now you can go to our meetup site and follow us on twitter.

Don’t forget to come to our new monthly meetup beginning October 15th, see the meetup page for more details.