Is this guy full of It?

[+Warwagon MVC]

Watched this video .. he's sells intrusion prevention systems but when has he started to talk about Roblox he sounded full of **** ... sounded like fear mongering, but I'm not that familiar with Roblox .. so I thought I would ask.

 

Edited June 5, 2022 by Jason S.
Changed Thread TItle

[jnelsoninjax]

Yes he is full of it. My niece has been playing RoBlox for many years and we have never had any problems. He is just fearmongering, nothing more.

[+Warwagon MVC]

On 05/06/2022 at 10:00, jnelsoninjax said:

Yes he is full of shi*. My niece has been playing RoBlox for many years and we have never had any problems. He is just fearmongering, nothing more.

After she started spewing that ####, I couldn't take anything else he had to say seriously.

[+mram Subscriber²]

He is full of it, absolutely, 105%.

[jnelsoninjax]

What is the device he was trying to sell?

[+Warwagon MVC]

On 05/06/2022 at 10:10, jnelsoninjax said:

What is the device he was trying to sell?

Not sure, I know he sells ubiquity .. so maybe one of their products.

 

I'm always worried I'm going to state something incorrectly as fact. Then there is this guy lol . He recently started up a cyber security business in my area. After that video I can't take anything he says seriously.

[jnelsoninjax]

On 05/06/2022 at 11:11, warwagon said:

Not sure, I know he sells ubiquity .. so maybe one of their products.

 

I'm always worried I'm going to state something incorrectly as fact. Then there is this guy lol . He recently started up a cyber security business in my area. After that video I lost all respect for him.

Competition?

[+Warwagon MVC]

On 05/06/2022 at 10:18, jnelsoninjax said:

Competition?

Not really, he focuses on Cyber Security and IT for business, I'm more on the consumer side of things, with a little business work.

[+E.Worm Jimmy Subscriber¹]

On 05/06/2022 at 11:18, warwagon said:

Not really, he focuses on Cyber Security and IT for business, I'm more on the consumer side of things, with a little business work.

Cybersecurity for business and yet he is talking about Roblox????

 

Hmm. Clearly he is aiming for consumer!

 

Pretty sure that does make him your competition 😜

[+BudMan MVC]

Full of ###### - plan and simple..

[goretsky Supervisor]

Hello,

 

A few thoughts, in no particular order:

 

1. Yes, there is fraud, scams and malicious software on the Roblox platform, but even the malicious software (malware) is not recursively self-replicating (i.e., a bona fide computer virus). 
    
2. Computer viruses (that is to say, recursively self-replicating malicious code) are almost extinct, with just a few families such as Ramnit, Sality and Virut accounting for what your security vendor sees on a daily basis.  Most malware these days consists of adware, agents, bots, information stealers, multi-stage downloaders, and other various forms which are non-replicating (non-viral) in nature.  Outside of very specific environments such as test labs, the likelihood of coming across a computer virus these days is vanishingly small due to the successful proliferation of other types of malware.
    
3. Intrusion detection systems (IDS) are useful for telling you a host on your network is being attacked, but in the case of a specific application being targeted, I would think that you would want to go with host-based intrusion detection in order to get more precise information about the exact nature of the threat and its targeting, as well as to avoid false positive alarms and fatigue from just monitoring all the traffic on the entire network.  Likewise, intrusion protection systems (IPS) are great for blocking unwanted access to resources, secrets and other security information, but in this scenario, I think they would work better on the actual host, as opposed to trying to detect and block malign network traffic.

Now, there are situations and environments where both host- and network-based IDS and IPS systems are useful and it is a good idea to implement both of them as a layered approach, but in the given scenario it seems to me you are performing a large amount of effort for minimal gains, and the amount of effort to configure, tune and then maintain such protection is going to be high as operating systems and existing applications get patched, new applications get installed and so forth.

I think regular antivirus/antimalware/internet security/{insert vendor's marketing term du jour here} here, coupled with network segmentation for a "kid's network," ensuring that kid's run as standard (non-admin) users, and keeping all software patched and up-to-date would be things I would be looking at doing before I started playing around with wholesale network traffic analysis for IDS/IPS.

Regards,

Aryeh Goretsky
 

[neufuse Veteran]

I have a pretty advanced IPS / IDS system at my house and I've NEVER seen anything get stopped by it going to any of my kids systems that play roblox...

[+BudMan MVC]

On 06/06/2022 at 19:56, neufuse said:

I have a pretty advanced IPS / IDS system

Most likely because all of the traffic from client to internet playing that game would be encrypted (which is pretty much the whole internet these days anyway).  So unless your actually doing MITM on all your traffic your IPS/IDS can't even see enough info of the traffic to trigger an alert.

 

The guy is just so full of ###### its not even funny - he is as mentioned fear mongering and trying to scare his way into cash from people that don't know any better.. Scum of the Earth if you ask me!

 

Don't get me wrong - roblox is not some DoD ready application, there are quite a few articles on the net calling them out on some bad security, and for sure there are scammers playing that game to take advantage.  You have mostly young kids playing, robux can be turned into real cash, items in the game can be turned into real cash, etc. etc. Its not just funny money in the game - you take cash and turn it into robux.. I know because I have bought quite a bit of it with real cash for my grandkids   My grand daughter is great at getting robux from her Pa heheh - I even pay $5 a month so she gets robux every month, etc.

 

Where there is cash to be made, there will be scammers for sure..

 

edit: BTW here, I would post a link to this white paper on whatever site or twitter or wherever he posted that, back from 2017 and ask him how he solved the IPS/IDS encryption issue - the net could use such info

https://www.sans.org/white-papers/37735/

 

An intrusion detection system (IDS) can analyze and alert on what it can see, but if the traffic is tunneled into an encrypted connection, the IDS cannot perform its analysis on that traffic. The difficulty of looking into the packet payload makes the encrypted traffic one of the challenging issues...

[neufuse Veteran]

On 11/06/2022 at 02:14, BudMan said:

Most likely because all of the traffic from client to internet playing that game would be encrypted (which is pretty much the whole internet these days anyway).  So unless your actually doing MITM on all your traffic your IPS/IDS can't even see enough info of the traffic to trigger an alert.

 

The guy is just so full of ###### its not even funny - he is as mentioned fear mongering and trying to scare his way into cash from people that don't know any better.. Scum of the Earth if you ask me!

 

Don't get me wrong - roblox is not some DoD ready application, there are quite a few articles on the net calling them out on some bad security, and for sure there are scammers playing that game to take advantage.  You have mostly young kids playing, robux can be turned into real cash, items in the game can be turned into real cash, etc. etc. Its not just funny money in the game - you take cash and turn it into robux.. I know because I have bought quite a bit of it with real cash for my grandkids   My grand daughter is great at getting robux from her Pa heheh - I even pay $5 a month so she gets robux every month, etc.

 

Where there is cash to be made, there will be scammers for sure..

 

edit: BTW here, I would post a link to this white paper on whatever site or twitter or wherever he posted that, back from 2017 and ask him how he solved the IPS/IDS encryption issue - the net could use such info

https://www.sans.org/white-papers/37735/

 

An intrusion detection system (IDS) can analyze and alert on what it can see, but if the traffic is tunneled into an encrypted connection, the IDS cannot perform its analysis on that traffic. The difficulty of looking into the packet payload makes the encrypted traffic one of the challenging issues...

Yes I do have an intermediate cert on the IPS to do decryption and reencryption, it actually was set up for SSL inspection out of the box all I had to do was put a my own named cert with my local CA on it instead of the self signed one it came with

[+BudMan MVC]

On 11/06/2022 at 09:21, neufuse said:

Yes I do have an intermediate cert on the IPS to do decryption and reencryption, it actually was set up for SSL inspection out of the box

So for that to work the OS or application has to trust what created the cert, ie a CA..  Yeah that is a pretty highend setup, and not something some billy bob off the net is going to setup for a home user

 

And it has to do that on the fly for any fqdn..  Good luck getting some devices to trust this CA as well..

 

Its a bit different have a reverse proxy offload the ssl for your domains, So you can then inspect the traffic vs saying getting your PS5 to trust some cert you create on the fly for whatever.domain.tld its trying to create a ssl connection too.

[neufuse Veteran]

On 11/06/2022 at 10:29, BudMan said:

So for that to work the OS or application has to trust what created the cert, ie a CA..  Yeah that is a pretty highend setup, and not something some billy bob off the net is going to setup for a home user

 

And it has to do that on the fly for any fqdn..  Good luck getting some devices to trust this CA as well..

 

Its a bit different have a reverse proxy offload the ssl for your domains, So you can then inspect the traffic vs saying getting your PS5 to trust some cert you create on the fly for whatever.domain.tld its trying to create a ssl connection too.

yeah there are some things that don't like it, so there is a separate VLAN that has internet only no LAN access for devices like that which don't go out the IPS but only have geoblocking