Monday, July 31, 2023

The Art of Invisibility

I just recently finished Kevin Mitnick's book: "The Art of Invisibility: The World's Most Famous Hacker Teaches You How to Be Safe in the Age of Big Brother and Big Data"

Kevin Mitnick was a hacker in the 90's, then turned into a consultant and more since 2000. You can learn more about him here.
During my read of this book is when his death was announced

The book was a very interesting read that prompted me to question how much I depend on Google for services.
I was already aware of the expression "If the product is free, YOU are the product", but this takes privacy and the value of it to the next level.
In the book, he discusses the value of privacy and using tools to protect it. At times, he provides step-by-step guides to do specific tasks, even if it makes it seem like you are trying to avoid "being caught", as if you are trying to hide illegal activity.
His argument is that while he doesn't expect everyone to do every suggestion in his book, but that maybe the book will prompt people to question their day-to-day decisions around their privacy and cyber security. "Should I connect to this free Wi-Fi hotspot at the airport...?"

I was able to finish it in about a couple weeks with casual reading, so I suggest it to anyone who is interested in their cybersecurity or privacy!

Note: Some of the content is pretty technical, so it might sound overwhelming at times. :)

Friday, January 27, 2023

2023 Phone System Project - Part 1

TL;DR:
My company has used an on-prem Cisco Call Manager and Unity system for years, but due to the challenges of the pandemic in 2020, we rapidly deployed Cisco Jabber to allow employees to work from home. However, the existing system had limitations and often experienced issues with call quality and dropped calls. In 2021, I began researching different options for a new phone system, comparing upgrading the current system, migrating to Zoom Phone, or migrating to Microsoft Teams Phone. Ultimately, the cost savings and simplification of Zoom One, which included both Meetings and Phone in one license, made it the preferred option over upgrading the current system or migrating to Microsoft Teams Phone.


Full story:

The company I work for has used on-prem Cisco Call Manager and Unity for years. Each office has their own voice router and local PRI telco circuit. Each office had their own set of DIDs. Each employee had an internal extension normally configured to reflect the last 4 digits of their 10 digit DID. Then the employee would be assigned a desk phone with the extension. Calls made to the extension or the DID would route directly to the employee desk phone. We forced an outbound caller ID number to be what the main line is for the employee's respective office.

Then 2020 Covid happened.

Luckily in 2017 we had upgraded our Call Manager environment to support the ability to use Cisco Jabber, a softphone that can be ran our computers and cell phones, even over the internet. When Covid struck, we had maybe less than 10 users actually using Jabber, as there wasn't much interest in it before then since everyone was in the office. I had to rapidly deploy Cisco Jabber across our couple hundred employees when lockdowns and quarantines started. This was quite a tedious task in Call Manager, but I got the whole company on Jabber in a matter of weeks. Oh I forgot, even though our Call Manager environment was ready for Jabber use, we didn't have the licensing in place for it. And Cisco looooves their licensing. That was weeks and 10's of thousands of dollars investment in licensing just to get our organization to be able to even use Jabber.

Ever since 2020, I have configured a desk phone and Jabber for each and every employee (they are seperate configurations that each take a handful of minutes). Our company has hired a large amount of people and brought on many new offices. Each new office meant a migration to a PRI telco circuit and site configuration in Call Manager. It would take sometimes 6 months or more to get a new PRI circuit in place, and many hours in Call Manager configuring the new site. 

All the while, Call Manager itself would be flaky at times. The PRI circuits would be flakey or simply just go down for hours or days. We didn't have proper redundancy in place within the environment to make it so that if a site PRI went down, that the employee's phones simply routed to a different office PRI, so if a PRI went down, that whole office phone's were down. Even if they were using Cisco Jabber from home, because we had their phones route out of their office's PRI circuit. People would regularly complain of calls dropping, call quality issues, and just a general dissatisfaction with our phones.

Back to 2020. When Covid struck and I spent weeks getting our company set up on Cisco Jabber, I had mentioned that it would be a good idea to consider a cloud-based phone system instead. That way we don't have to worry about things like this. There was some push back because the perception of cloud-based phone systems was that they were only for small companies with a handful of employees, and they were generally unreliable.

In 2021 I mentioned that I wanted to do a full blown research project into what the best options would be for our organization. So at the beginning of 2022, I started the research and documenting potential costs and features of phone systems.
I landed on comparing the options of: 

1. Upgrading our current phone system
2. Migrating to Zoom Phone
3. Migrating to Microsoft Teams Phone

I was really wanting to use a system that we already had in place, to reduce the friction of change to the company. We had been using Zoom for years even prior to 2020, so we were comfortable with the experience. And we had started using Teams due to Covid. Honestly, the adoption of Teams was not that great within the org. We had some occasional "all-staff" posts, and we had departmental "Teams", but I think the biggest use case for it was Chat. We even went as far as to disable Zoom Chat to make sure everyone used Teams Chat, for governance and compliance reasons, I believe.

Option 1 was upgrading our current Cisco Call Manager phone system, I knew what it would look like, because I had gone through it back in 2017. It was a massive year-long project that cost a ton of money and had a slew of VAR engineers and project managers and licening and hardware and config change. It was a nightmare. From the time we got a scope of work to the time of project close, it literally was a calendar year. And this was to go from Call Manager 8.6 to 11.5 with 2 physical servers.
I really did not want to go with option 1, and I presented the running cost of our current system since 2017, and it was very high. I will admit that most of the cost came from having individual PRI circuits at every single location, even offices with a few people in them.

Option 2 was to migrate to Zoom Phone. When I first started considering cloud-based phone systems, Zoom was not my #1 choice. I was leaning more towards Microsoft Teams. I did the reasearch anyway. Gathered how much we were already paying Zoom for Meetings, and got MSRP pricing for Zoom Phone. Right in the middle of my research, Zoom rolled out "Zoom One", which was a license type that included Meetings and Phone in one license. This immediately piqued my interest for the simplification and for the cost savings.

Option 3 was to migrate to Microsoft Teams Phone. I had originally set this out as my #1 choice. I think primarily becuase I thought "hey, we're already using Teams for chat, why not add calling to it" and because I thought it would be wayyyy cheaper than eanything else. I mean, we already had E3 licensing, it looked like a tiny add-on fee to get the phones! Well turns out that having E3 didn't mean anything regarding their phones. I even trialed an E5 license because their marketing said "phone system was included!". What a deal! Seemed like an easy sell to upgrade our licensing to E5 and get all of the other security and compliance improvements and a phone system thrown in for free!
Well, it turns out, the terminology was important here. To Microsoft, the "phone system" was essentially the equivalent to Cisco Call Manager, it doesn't do anything unless you have a connection to the PSTN. So you would still need to pay a seperate license for a "calling plan" (the connectivity to the PSTN) or get a 3rd party provider to provide your PSTN connectivity.
All of this seemed expensive, complex, and exhausting. That option #2 of "a single license for all video meetings and phones" seemed much more appealing when I started digging into the Microsoft world.

So I started leaning towards migrating to Zoom Phone. I reached out to our rep and started gathering more information about features, pricing, and what a potential roll-out would look like. I got a demo license from Zoom and started seeing what the admin side of Zoom Phone was like. It was amazingly simple, especially for someone who knows what they are doing and hoping to accomplish already. I had multiple sites, auto attendandts, and call queues set up in a very short amount of time. No consultants, engineers, or project managers. Just me and my own understanding and an easy admin interface.

I made an official pitch to have our company migrate to Zoom Phone, got a quote, and we signed the contract.

I will be working on migrating our company over to Zoom Phone office-by-office this year starting now. This is a very exciting project for me and will provide updates as I go.

Wednesday, April 6, 2022

CompTIA Security+ Certification - Part 3 (I passed!)


I passed the Security+ exam on April 5th with a 787!

Security+ Logo

The Security+ incorporates best practices in hands-on troubleshooting, ensuring candidates have practical security problem-solving skills required to:
  • Assess the security posture of an enterprise environment and recommend and implement appropriate security solutions
  • Monitor and secure hybrid environments, including cloud, mobile, and IoT
  • Operate with an awareness of applicable laws and policies, including principles of governance, risk, and compliance
  • Identify, analyze, and respond to security events and incidents

Other than my experience, I relied primarily on Professor Messer's video content. I watched all of his videos over the last 6 months or so.

I didn't take any notes other than a few flashcards to memorize port numbers and protocols. I also used some study apps on my phone to do extra practice questions. I have been in IT since 2014 and focused on networking and security, and I have also had my CCNA in the past. I think those played a factor in my passing as well.

I used Professor Messer's and Jason Dion's practice exams, and here are my scores:

Messer A: 81%, Messer B: 88%, Messer C: 87%
Dion 1: 83%, Dion 2: 79%, Dion 3: 80%, Dion 4: 78%

I took a handful of TotalTester exams as well and averaged 85% on those.
My weakest categories were Architecture and Design and Governance-Risk-Compliance.

For the exam:
  • I did it at a testing center to avoid the complications of testing at home.
  • I skipped the Performance-Based Questions at the beginning and came back to them after the multiple-choice questions.
  • There were definitely questions that I had no idea for that even after going back for review still had no clue, so I just made the best guess
  • I had about 30 minutes left on the clock after reviewing everything and submitting
  • I was a little anxious that I might fail, but overall felt confident


Thanks to my wife and kids for being patient with me and for my time away to study!

(Link to CompTIA's website: https://www.comptia.org/certifications/security#overview)
(Link to Professor Messer's website: https://www.professormesser.com/)

Tuesday, February 15, 2022

Sophos Threat Response Certified Admin

I participated in the Sophos Threat Hunting Academy - Season 3, which had 5 1 hour sessions of Sophos and threat hunting training. Here is the schedule and topics:

Session 1 – Responding To An Attack: Initial Response                         Feb. 1, 2022
Session 2 – Responding To An Attack: Triaging The Issues                 Feb. 2, 2022
Session 3 – Responding To An Attack: Neutralizing The Threat         Feb. 3, 2022
Session 4 – Incident Response: Planning and Prevention Measures Feb. 8, 2022
Session 5 – Season 3 Wrap-Up and Q&A                                                 Feb. 9, 2022

Each session had a live demonstration of the Sophos incident response team and how they respond to incidents of new and existing customers.

They showed how to use the Sophos Central Live Discover feature and run queries against the machines and the stored data in Sophos Central.

They discussed other tools available in the cybersecurity industry, and also how to get training in cybersecurity using tools like "Hack The Box" and "Try Hack Me".

Overall it was very educational and was a great free resource, especially for existing Sophos Central customers.

At the end of the course, there was an exam where I passed and was given the title of "Sophos Threat Response Certified Admin".
See the certificate here: Sophos Threat Response Certificate



Here is a link to the community page to learn more:
https://community.sophos.com/intercept-x-endpoint/b/threat-hunting-academy

Tuesday, December 28, 2021

CompTIA Security+ Certification - Part 2

Within the last few months, I have spent more time intentionally studying for the CompTIA Security+ exam, specifically the SY0-601. (Link to CompTIA's website: https://www.comptia.org/certifications/security#overview)

I have primarily been using Professor Messer's videos. (Link to Professor Messer's website: https://www.professormesser.com/)

I have made it through about 12 hours of his 21 hours of videos, or around 57%.

Since I started watching the videos, I started taking some practice exams. I had access to practice exams since I am an ACM member (https://www.acm.org/), which gives me access to O'Reilly's online learning platform (https://www.oreilly.com/online-learning/).

I have documented all of my exam scores so far, and here is a summary of where I am at (this is an average of 5 practice tests):


As you can see, I am not scoring very well in the "Governance, Risk, and Compliance" domain. I haven't had very much in the realm of formal training in this, and I don't have much real-world experience either.
On top of that, I haven't gotten to that domain yet in the Professor Messer videos.

I also bought the Professor Messer Sec+ practice exams, and have only taken one of them so far, and got around an 81%. I noticed that many of the ones I got wrong are covered in videos of his that I haven't watched yet.

I will continue watching his videos and taking exams and reporting my progress.

Tuesday, February 25, 2020

CompTIA Security+ Certification - Part 1

I was browsing for content in Safari Books Online and saw a CompTIA Security+ Exam guide. This is an exam I have considered in the past, so I decided to click on it. When reviewing the book, I saw there was an option to take a Pearson practice exam and that it is included in my membership. I have never formally studied any of the Security+ exam content, but I thought it could be worth taking it to see how I would do.

I took the practice exam and I got a 90% and the passing requirement was 85%!

I was surprised by this result, and have determined that I am going to study up for this exam and take it. My goal is within the next month or so.

I am primarily responsible for many of our cyber security efforts where I work (second to my manager), and I think this would be a good fit for my role.

I will report my progress through new posts.

Monday, February 10, 2020

CHI-NOG 10

I will be attending CHI-NOG 10 this year. Just like I said in a previous posts about CHI-NOG, I am super excited about going to learn some new things and meet some great networking folks.

Snippet from CHI-NOG's website about what it is:

CHI-NOG is the first and the only Chicago based Network Operators Groups. The group was started by network engineers and network architects to create a community, to learn from each other and meet others. We get away from our keyboards and screens to meet in person every year bringing in speakers from all over the US to learn and have a beer with them. CHI-NOG is vendor neutral so we aren’t trying to sell you anything, but you do get a pretty awesome t-shirt each year for attending.

I have attended each since CHI-NOG 07 and have always loved it. The venue is great, the speakers are great, and I always learn a lot. The vendor hall afterwards is usually small and intimate, so you can ask all the questions you want. The vendors are normally pretty laid back instead of being super sales-y.

You can find past presentation videos on YouTube here: https://www.youtube.com/user/chicagonog/videos

Here is some info on CHI-NOG 10 this year:
Venue: Holiday Inn Chicago Mart Plaza River North Hotel
Address: 350 W Mart Center Dr, Chicago, IL 60654
Date: 28 May 2020
Start: 8:00 AM
Social: 6:00 PM – 8:00 PM

More information on CHI-NOG 10: http://chinog.org/chi-nog-10/

Hope to see you there!