Ayoi's

No, this post title doesn’t has anything to do about me looking to add another “branch” OK? The one that I have is enough already. There’s no way I want to add another headache and even though I always listen to Mr. Salih Yaacob’s antics and his humorous quips in Sinar FM’s sinar pagi show on the radio every morning, I have to admit that I do not possess or intent to have the skills that he possessed (happily married with 3 wives that is).

This is more about the difficulty that I have to face. Currently I’ve been given the task to become the TECHNICAL team leader for our multimillion MSS project at one of the telecommunication companies in Malaysia. Why I emphasis on the technical thingy? Because it seems that currently the tasks that I’ve performed is beyond the technical aspects of the project haha.. Why? My friends, that will require one special post which I do not think will see the light of the day. I am not that stupid less clever you know..

Anyway, what I want to touch in this post is (I guess) the same thing that posted in many many entries in this blog; the human factor. On the non-human part, I think everything is within my control. Updating, configuring, installing, mounting servers and switches is not that difficult. There’s always mr google to provide useful/non-useful assistance. I bet that most of us and it doesn’t matter how many years that you’ve collected all the skills and knowledge in executing your tasks and jobs, you will look for mr google for some answers or references, at least once. No? You are lying (I guess I’d like to have Dr. Lightman’s skills in detecting liars from facial/body expressions. Don’t know what am I talking about? google “Lie To Me” ;P )

Human is totally different matter (of course). In my field at least here in Malaysia; to find a Security Analyst is similar like searching a man who REALLY understand his other half (Currently we dun have internet access and the twins smashed our laptop screen recently so wifey wont read this ). I didn’t say that there is none, but perhaps RARE ). It is not about lack of knowledge (there ARE many books or e-books about everything and there is google), skills (many many avenue to hone the skills, legally or illegal, underground or in the office, laptops/desktops-cheaper nowadays) but it is more about the ATTITUDE.

During Interview:

“Are you familiar with Linux or any UNIX variant type of Operating Systems?”

“Yes, I’ve used ubuntu for my desktop, redhat, centos, fedora and all the distros that you never heard of”

“Cool. Anyway, do you have any experience in networking? Designing, implementing or any other “ings” that you can think of?”

“Of course. I help setting up cybercafes, configuring the workstation, setting up the internet connection etc.”

“OK good. Familiar with any security devices and implementation like IDS, IPS, Firewalls, End point security etc?”

“Hell yeah. My final year project during my univ years was snort implementation as IDS / comparison between ipchains and iptables etc”

“OK”

On the job

“Bro, since I have a an important meeting can you please check whether the connection between our monitoring servers and our correlation engines? If the monitoring servers can’t retrieve the logs from the correlation engines, perhaps you should restart the service. But maybe you need to check the process list to make sure the service properly stopped and restarted. Also remember the ICMP is disabled in this network.”

“How can I do that?”

“Err remote login? Just use any SSH clients that you have”

“Err OK.. What kind of client?”

“I’m comfortable with Putty. But that’s me lah. I do not know about you?”

“Err OK. But there’s no reply when I tried to ping.. How to identify whether the monitoring servers can retrieve the logs or not?”

“Of course there’ll be no reply. Haven’t you listen what I’ve said just now? Use netstat and tcpdump then. Quite easy.”

“Net what? tcp what?”

“Never mind, I’ll call office telling them I have to miss that meeting…”

It seems that most of the young apprentice in my department using google for other things.. Sigh…

*The conversations above are purely fiction OK? It didn’t happen… …Exactly like that lah.. Hahaha

When I joined the current company, I was sent to a client site and spent 3 years there. I’ve learned a lot of things in those 3 wonderful years and yeah including starting a blog as well. At that particular place I think I’ve developed my technical and soft skills especially when dealing with people like how to scold people without letting them feel that they are being scolded. Also from that place I learned on the importance of team work and you are not Superman..

After that 3 years, I transferred to the HQ and again I saw that as an opportunity for me to enhance whatever I had (of course the opportunity to travel to other places as well

And now after 3 years spent at the HQ, I was given a task to establish and setup security monitoring & response team and facilities for one of our clients here in Petaling Jaya. I will spend the next two years here and even at this early stage of my tour of duty, I’ve gained and learned a lot of new things…

Kinda deja vu actually. It seems that all the things that I’ve faced/experienced/complained at the previous client site is happening again. You know the usual thing like how to improve your staff, how to be diplomatic, and yeah nowadays I need to juggle few tasks at my hand at one time. Maybe I should google and look for any vacancies at circus…

img source:http://mandycandy.wordpress.com/category/dating-rules/

I’ve read this from this websites and as I am a father of two wonderful daughters, I think I might apply this set of rules as well

(more…)

It seems that my previous posting did offend some people. I want to take this opportunity to say sorry to whoever offended either directly or indirectly by that post and there are no malicious intentions in it. As most of the people in this particular industry I can call them as my friends and professional colleagues. But with that in mind, these people also entitled for their comments, views and opinions.

(more…)

http://www.dailystrength.org/people/110944/photos-videos/item/293887

As usual, Monday is a very bad day for me. Dun ask me why but perhaps I’m watching /reading too much Garfield and influenced by this fat lazy but adorable cat obsession on hating Mondays . So while doing my usual Monday activities (this of cause after reading my emails especially the ones in the inbox as I’ve filtered other emails to their respective mailing list folders, so the ones arrived in the Inbox are usually meant for me personally:)), one of my friends “buzzing” me via one of the Internet Messenger clients.

(more…)

My friend’s gave a presentation on the mod_security usage last few weeks to a group of users from the government. In his presentation he gave a demo on how mod_security managed to prevent “blind sql injection” attacks on the application run on mod_security enabled web engine. He even received a thunderous applaud from the audience once he concluded his presentation. However one of the attendees asked one good question afterward.

“My friend said you do not need to installed any WAF (web application firewall). All you need to do is fine tune the firewall filtering policies and that’s it.”

(more…)

Well the time for me to spend on blogging is getting lesser (and lesser). To be honest, there are plenty of things that I want to blog about but either I’m consumed with the works or I do suffer some blogger’s block when sitting in front of my laptop. Anyway somehow I managed to drag my hands and force my brain to come out with something, hence this posting

TRAINING

I just finished conducting Penetration Testing to our clients. Actually this is the first training for me in 2009 and frankly speaking, I do feel lil bit rusty. Anyway along the way I managed to get into my instructor mode again . I also have another training session at the end of this month as well. This time it will be more on system hardening. I think there are few adjustments needed for the module and slides which I plan to undertake some time around next week.

PRESENTATION

Ahh last week I’ve done one presentation titled Apache hardening to a group of users from the government agencies. Well for my performance, there’s always “could do better” excuses and this time it is no different. But next time I have to make sure that my VMware will be in good condition for live demo before my presentation. This laptop is getting older faster than me. Sigh.

Abg Zain in action

NEW HOUSE

Yeah, I just bought a new house (a second hand house actually) at PUJ 2, puncak Jalil. The house size is bit smaller than the one that we live currently (22 x 70 against 18 x 65) but then this place is where at least we can trully called home. The house is renovated by the previous owner where he extend the kitchen (now have wet and dry), simple modification that create a store room under the stairs, plastered ceilling, changed the gate and the fences as well. Every bedroom has their own ceilling fan and the master bedroom has its own water heater All of these costs us about RM 194.5K for the house price. Like my father said, “It is a good start.” Yeah if everything goes well and according to plan, in 5 years time, me or wifey might get a bigger one Insya Allah.

Home Sweet Home (soon)

CURRENTLY

I’m in the midst of preparing the framework or concept paper or whatever it is for our own MSS. I had the idea when discussing with my good friend Mr. Halizain or fondly known as Abg (due to his OLD age). If my idea/concept/framework accepted and fully adhered to, I believe it will increase our service quality and capability and perhaps inject the elements of fun and challenge for our own SAs. (Hopefully)

I guess those are few of the reasons why the blog is getting few updates recently… Poor me eh

Dun know about you guys but during my time (not that long ago lah), the only avenues for me to test my newly acquired skills and tools (most of the time to test the tools and scripts -yeah I used to be a script kiddie ) are servers, websites, routers belong to other people. Ahh forgot to mention that I used to test these tools on other PCs in the CyberCafe as well . In that time also IRC chatrooms can be the testing ground and learning centre as well. Mind you that at that time, VMWare just founded and the first product (VMWare Workstation) only delivered a year later Nowadays  you only need a PC/laptop, internet browser (for WIMP users, no worries on this part) and you dun even have to be connected. Thanks to OWASP’s WebGoat Project

(more…)

Ok, ok. This post is not a rebuttal, condemning or criticizing anyone. It is more on knowledge sharing for those who didn’t know or perhaps who didn’t get the clear picture on the topic Btw I hope this post will indicate where I do stand and the reason why on recently hotly debated matters with this group of talented people here. So, what the hell is Full Disclosure?

(more…)

miztres.wordpress.com

I am scheduled to conduct one knowledge sharing session within my department today but due to health reason, I decided to postpone it to next Friday. Yeah, recently I’ve encountered some problems with my health that also reminds me that I need to take it easy on myself. The burnout rate turnover is quite fast compared to few years back. OK maybe due to my age and my lifestyle . However still I managed to give some fast presentation to few guys regarding TCP/IP and its usage in doing analysis.

(more…)