Info Tech Security via Intrusion Prevention / Detection and Penetration testing

Whilst IT security must considered part of every networking and development throught it's become a dicipline in it's own right so I've included a specific section on it.

Intrustion Detection and Prevention

1) Through observation, IT monitoring and Development

Graphs, Nagios, Software testing and good practice development to avodinf first and second order SQL injection

2) Specific systems

Snort as an IPS at layer 2 using regex to provide an additional layer of protection, without the complexity of a application firewall / proxy to mitigate data loss (DLP) alert on a higher OSI level compromise 

Active / Dynamic Firewalling

In 2019/20 I became very interested in dynamic firewalling (particularly in light of the COVID-19 pandemic where services that might otherwise be limited to LAN access moved to public acess).

Null routing IP addresses from FireHOL Cybercrime IP Feeds is a good start.  Null routing is more efficient than using a packet inspection firewall. 

(Automated) log analysis is used to detect and dynamically block abusive traffic.  NXLog (installed with PowerShell) was used to get windows logs to central point.

Penetration Testing

Familiarity with Kali Linux automated Web pentesting tools and OBD-II / Canbus hacking (latter in a personal capacity only)