Preview Mode Links will not work in preview mode

Jun 6, 2018

Ms. Berlin’s mega tweet on protecting your network


Utica College CYB617

    I tweeted “utica university” many pardons


Mr. Childress’ high school class

Laurens, South Carolina


Probably spent as much as a daily coffee at Starbucks… makes all the difference.


CTF Club, and book club (summer reading series)



SeaSec East





Here are 50 FREE things you can do to improve the security of most environments:



Access control lists are your friend (deny all first)

Disable ports that are unused, & setup port security

DMZ behind separate firewall

Egress Filtering (should be just as strict as Ingress)


Segment with Vlans

Restrict access to backups

Role based servers only! DNS servers/DCs are just that

Network device backups


AD delegation of rights

Best practice GPO (NIST GPO templates)

Disable LLMNR/NetBios

EMET (when OSes prior to 10 are present)

Get rid of open shares



** run as a standard user ** no ‘localadmin’


App Whitelisting

Block browsing from servers. Not all machines need internet access

Change ilo settings/passwords

Use Bitlocker/encryption

Patch *nix boxes

Remove unneeded software

Upgrade firmware


Diff. local admin passwords (LAPS)

Setup centralized logins for network devices. Use TACACS+ or radius

Least privileges EVERYWHERE

Separation of rights - Domain Admin use should be sparse & audited

Logging Monitoring:

Force advanced file auditing (ransomware detection)

Log successful and unsuccessful logins - Windows/Linux logging cheatsheets



For the love of god implement TLS 1.2/3


Ensure web logins use HTTPS

Mod security



Block Dns zone transfers

Close open mail relays

Disable telnet & other insecure protocols or alert on use

DNS servers should not be openly recursive

Don't forget your printers (saved creds aren't good)

Locate and destroy plain text passwords

No open wi-fi, use WPA2 + AES

Password safes


Incident Response drills

Incident Response Runbook & Bugout bag

Incident Response tabletops


Purple Team:

Internal & OSINT honeypots

User Education exercises

MITRE ATT&CK Matrix is your friend

Vulnerability Scanner


Join our #Slack Channel! Email us at

or DM us on Twitter @brakesec



#Youtube Channel:

#iTunes Store Link:

#Google Play Store:

Our main site:

#iHeartRadio App:


Comments, Questions, Feedback:

Support Brakeing Down Security Podcast by using our #Paypal OR our #Patreon

#Twitter@brakesec @boettcherpwned @bryanbrake @infosystir

#Player.FM :

#Stitcher Network:

#TuneIn Radio App: