Houston, we have a problem!

If you need consult for IT projects, I can help you with my friends 10+ years of experience specializing in their field. Even though I continue my work mainly IT  security but I may give support on system architecture. What am I doing it?

pyramid_launch

System Engineering – Data Center Projects

  • Establish high and mid-level IT projects on time!
  • Business Continuity – Regulations – Certifications (ISO 27001) Projects
  • Virtualization – Cloud Migrating (VmWare, HyperV, VDI, Azure, Amazon, Migrate to Office 365)
  • Enterprise Servers (Active Directory, Exchange, Lync, Wsus, SCCM)
  • SAN & NAS, Storage Data Replication & DR Projects (EMC, Recover Point, VMware SRM, F5)
  • Backup (Networker, Avamar, Veem, Acronis), Mail Archiving (Evault, Azure)
  • OS – Server Install (Windows – Linux)
  • Network Design & Setup (Cisco, HP, Wireless, Guest Networks) (CCIE)
  • VoIP – Video Conference Projects (Cisco Call Manager, VCS), LYNC PBX Integration
  • System / Network Monitoring Projects (PRTG, Whastup)
  • End User Solutions (Desktop Central, Powershell Scripting)

IT Security Projects

  • Make Secure Existing Topology, Optimise and Apply Best Practices
  • Forensics Investigation
  • Industiral IT Security (ICS, SCADA, DCS Systems)
  • Normshield Setup, Nessus, Netsparker, Acunetix, Vulnerability Analysis
  • IT Security Projects (Firewall, IPS, NAC, Proxy, VPN, APT, Mail Security, SSL Visibility, Endpoint)
  • SIEM (Elastic Search – Kibana), Prepare to SOC
  • Rule Analysis (Firewall, IPS, VPN Devices, Network Devices)
  • Antivirus, Endpoint Setups (SEP), Disk Encryption (Bitlocker)
  • Pentest (With My Friends)

kurbikPlease do not hesitate to contact.

I am available for global support (TR, EU – Onside/Remote | US, CA – Remote Only)

Mail: helpdesk@mysystem.org | Skype: serdar.sarioglu | Linkedin : serdarsarioglu

Houston, we have a problem!

IT projeniz var ve bir bilen’e danışmak istiyorsanız, 10+ yıl tecrübe ve kendi alanında uzmanlaşmış dostlarımla size yardımcı olabilirim. Şu an güvenlik ağırlıklı çalışmalarıma devam etsem de, sistem mimari konusunda da destek veriyorum. Neler mi yapıyorum?

pyramid_launch

Sistem – Altyapı – Süreç Projeleri

  • Anahtar Teslim (Küçük/Orta/Büyük Çaplı, Endüstriyel Dahil) IT Projeleri
  • İş Sürekliği – Süreç Yönetimi, Regülasyon (ISO 27001) Projeleri
  • Sanallaştırma & Bulut Geçişleri (Vmware, HyperV, VDI, Azure, Amazon, Office 365 Geçişleri)
  • Enterprise Bileşenler (Active Directory, Exchange, Lync, Wsus, SCCM)
  • SAN & NAS, Storage Data Replikasyon & DR Kurulumları (EMC, Recover Point, Vmware SRM, F5)
  • Yedekleme (Networker, Avamar, Veem, Acronis), Mail Arşivleme (Evault, Azure)
  • İşletim Sistemleri & Sunucu Kurulumları (Windows – Linux)
  • Network Tasarım ve Kurulum (Cisco, HP, Wireless, Misafir Ağ Kurulumları) (CCIE)
  • VoIP – Video Konferans Projeleri (Cisco Call Manager, VCS), LYNC Santral Entegrasyon
  • Sistem / Network İzleme Projeleri (PRTG, Whastup)
  • Son Kullanıcı Çözümleri (Desktop Central, Powershell Scriptleri, İhtiyaca Göre Geliştirme)
  • PowerShell – Bash Script Geliştirme

Bilgi Güvenliği Projeleri

  • Mevcut Yapıyı Güvenli Hale Getirme, Topoloji Optimizasyon, Best Practice Uygulama
  • Adli Vaka İnceleme – Simülasyon, Forensic, Olay Sonrası Müdahale
  • Endüstriyel Güvenlik (ICS, SCADA, DCS Sistemleri)
  • Normshield Konumlandırma, Nessus, Netsparker, Acunetix Risk Seviyesi Çıkartma
  • Güvenlik Projeleri (Firewall, IPS, NAC, Proxy, VPN, APT, Mail Security, SSL Visibility, Endpoint)
  • 5651 Loglama & SIEM (Elastic Search – Kibana), SOC Öncesi Hazırlık
  • Kural Analizi (Firewall, IPS, VPN Cihazları, Network Cihazları)
  • Antivirus, Endpoint Kurulumları (SEP), Disk Şifreleme (Bitlocker)
  • Pentest (Destek Alarak Yapıyorum)

kurbik

Lütfen iletişime geçmekten çekinmeyin.

Global destek verebiliyorum. (TR, EU – Yerinde/Uzaktan, US, CA – Uzaktan)

Mail: helpdesk@mysystem.org | Skype: serdar.sarioglu | Linkedin : serdarsarioglu

it_for_dummies

I have just started a new series called “IT Terminologies 4 Dummies” I will try to explain complex IT Terminologies as easy as possible =) Here are subjects!

SANS 20 Critical Security Controls

SANS 20 Critical Security Controls

  1. Inventory of Authorized and Unauthorized Devices
  2. Inventory of Authorized and Unauthorized Software
  3. Secure Configurations for Hardware/Software on Mobile Devices, Laptops, Workstations, & Servers
  4. Continuous Vulnerability Assessment and Remediation
  5. Malware Defenses
  6. Application Software Security
  7. Wireless Device Control
  8. Data Recovery Capability
  9. Security Skills Assessment and Appropriate Training to Fill Gaps
  10. Secure Configurations for Network Devices such as Firewalls, Routers, and Switches
  11. Limitation and Control for Network Ports, Protocols, and Services
  12. Controlled Use of Administrative Privileges
  13. Boundary Defense
  14. Maintenance, Monitoring, and Analysis of Audit Logs
  15. Controlled Access Based on the Need to Know
  16. Account Monitoring and Control
  17. Data Loss Prevention
  18. Incident Response and Management
  19. Secure Network Engineering
  20. Penetration Tests and Red Team Exercises

 

Wireless security is a whole different animal than wired network security. Since WiFi is a wireless technology, intrusion attempts are much easier because they are possible without physical access to the network or building. Therefore, this is one area of IT security where you don’t want to make any mistakes.

Here are five common WiFi security mistakes you should avoid when deploying wireless networks:

Using Pre-Shared Key (PSK) WiFi Security
The personal mode of WiFi Protected Access (WPA or WPA2) security is much easier to initially set up than the enterprise mode with 802.1X authentication, which requires a RADIUS server or hosted RADIUS service. However, the enterprise mode is designed much better for business networks. It provides greater security in business environments and will actually take less time in the long run to manage if you compare to the effort required to securely utilize personal mode.

When you use the personal mode of WPA or WPA2 security, you set a passphrase that’s used by all users in order to connect to the WiFi. This passphrase is stored in all those devices, so if one becomes lost or stolen or if an employee leaves the organisation, you would need to change the passphrase on the APs and on all the wireless devices in order to keep the network secure.

Yazının Devamı “Wireless Security Check List” »

VPN!

vpn

Blackhat 2016: Videos Online

  1. Developers need secure coding environments
  2. How to pick a lock
  3. Risk management: Picking the right tool for the job
  4. Black Hat 2016 wrap-up: Same stuff, different year?
  5. Why some risk assessments fail
  6. Social engineering tricks and why CEO fraud emails work
  7. How to wade through the flood of security buzzwords and hype
  8. The changing economics of cybercrime
  9. Threat actors: Who you should really worry about
  10. The advanced security techniques of criminal hackers
  11. How much do developers really care about security?
  12. Could this hacker’s tool slow down phishing?
  13. Why compliance is a necessary evil

Vacation Relaxation

stress

IT or ICT?

When you think about information, do you use the term “IT”, as in Information Technology, or “ICT” as in Information and Communication Technologies?

According to Wiki IT is considered a subset of ICT and ICT is an extended term for IT which stresses the role of unified communications and the integration of telecommunications (telephone lines and wireless signals), computers as well as necessary enterprise software, middleware, storage, and audio-visual systems, which enable users to access, store, transmit, and manipulate information.

Comic_Characters_Operator_Computer_Clipart_PicturesIT refers to an entire industry that uses computers, networking, software and other equipment to manage information. Generally, IT departments are responsible for storing, processing, retrieving and protecting digital information of the company. For achieving these tasks, they are equipped with computers, DBMS, servers and security mechanisms, etc. Professionals working in IT departments range from system administrators, database administrators to programmers, network engineers and IT managers. When executing a business, IT facilitates the business by providing four sets of core services. These core services are providing information, providing tools to improve productivity, business process automation and providing means to connect with customers. Currently, IT has become an essential part in business operations and has provided lot of job opportunities worldwide. Knowledge in IT has become essential to succeed in the workplace. Typically, IT professionals are responsible for a range of duties including simple tasks such as installing software to complex tasks such as designing and building networks and managing databases.

As mentioned earlier, ICT is a term widely used in the context of education. Even though there is no universally accepted definition for ICT, it mainly refers to utilising digital technologies such as computers, television, email, etc to help individuals or organisations to work with digital information. ICT can be seen as an extended synonym for IT. Therefore, ICT can be seen as an integration of IT with media broadcasting technologies, audio/ video processing and transmission and telephony. The term ICT first came in to picture in 1997 in a report prepared by Dennis Stevenson for the UK government. Recently, the term ICT has been used to refer to integrating telephone and audio/ visual networks with computer networks. This integration has provided large savings of costs due to the elimination of telephone networks.

What is the difference between IT and ICT?

IT refers to an entire industry that uses computers, networking, software and other equipment to manage information, whereas ICT can be seen as an integration of IT with media broadcasting technologies, audio/ video processing and transmission and telephony. Therefore, ICT can be seen as an extended acronym for IT. The term ICT is widely used in the context of education, whereas IT is a term widely used in the industry. In addition, recently, ICT is also used to refer to the integration of telephone and audio/ visual networks with computer networks. In simplest terms, ICT can be seen as the integration of information technology with communication technology.

dummy_ssmalWe basically ask a question to person who we want to speak in the crowd. “Are you there?” Machines ask question with PING requests if target is alive. To ping a computeri type command line “ping IP address” (an IP address is the network number of target machine) Here is a ping sample for google.com

C:\Windows\system32>ping google.com

Pinging google.com [216.58.209.174] with 32 bytes of data:
Reply from 216.58.209.174: bytes=32 time=71ms TTL=54
Reply from 216.58.209.174: bytes=32 time=91ms TTL=54
Reply from 216.58.209.174: bytes=32 time=78ms TTL=54
Reply from 216.58.209.174: bytes=32 time=183ms TTL=54

Ping statistics for 216.58.209.174:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 71ms, Maximum = 183ms, Average = 105ms

Evolution of System Engineers

evolution-of-your-work-space

dummy_ssmalNTP (Network Time Protocol): We use watch or cell phones to learn the time. In machine world, computers ask other computers which have clock role. The asking method is called as Network Time Protocol (NTP). There are several authorized (because we need correct time) time servers (atomic time) on the internet. Here is list of some NTP servers you may use;

pool.ntp.org –> The biggest NTP project in the world.
africa.pool.ntp.org
asia.pool.ntp.org
europe.pool.ntp.org
north-america.pool.ntp.org
oceania.pool.ntp.org
south-america.pool.ntp.org
time.windows.com –> Windows uses by default