Something to keep in mind is NGFW. Ubiquiti and Meraki, for example, are NGFW.

It looks like much of the market is already starting to cool on the UTM crazy and NGFW is taking off as the "next stage" of popular approaches. Basically a reversal of direction or marketing at least, even from the big players in the UTM space like Palo Alto, Fortinet, Cisco, etc.

@gjacobse said in Security while Traveling -:

Could something like this or similar be supplemental?

Seems pretty silly.

So here is the question....

What threat do you perceive there being? How do you feel this device addresses that thread?

I don't really see any threat in the first place, and so that makes it extra hard to know how to assuage your fears. But how this device is supposed to help, I'm really unsure.

Only so serious, it's in D-Link gear. Bwahaha

@eddiejennings said in Strange PBX CDR Entries:

I've disallowed SIP guests. We'll see if I get future CDR entries like these.

You won't.

@stacksofplates said in Remote management of VMs hosted in colocation:

@dashrender said in Remote management of VMs hosted in colocation:

@stacksofplates said in Remote management of VMs hosted in colocation:

@scottalanmiller said in Remote management of VMs hosted in colocation:

@stacksofplates said in Remote management of VMs hosted in colocation:

@scottalanmiller said in Remote management of VMs hosted in colocation:

@eddiejennings said in Remote management of VMs hosted in colocation:

Allowing an SSH connection to the managementVM from the Internet

I have not tried this approach yet, and it appears more risky than the Screen Connect approach, since SSH to that VM would be open to the Internet. Unless I'm missing some benefit to this approach, I'll not be using it.

Use a strong key, lock to your IP. Very safe. Add Fail2Ban, of course.

Or add Salt and open/close based on need so it doesn't stay open.

Fail2ban doesn't work with keys.

But it would work normally with people attacking using non-keys, would it not? Or am I missing something about what it would do?

Why would you not require keys? Not making them mandatory defeats the purpose of using them.

I think he means - if a hacker is trying to use a password on a system setup to only allow keys - the fail2ban will block those users, or won't it?

No. It's dropped before fail2ban even sees it.

Oh, makes sense. There is no "attempt" like with a password, it is "already blocked."

@pete-s said in SANS SEC401: Security Essentials - alternatives?:

@irj said in SANS SEC401: Security Essentials - alternatives?:

@pete-s said in SANS SEC401: Security Essentials - alternatives?:

@irj said in SANS SEC401: Security Essentials - alternatives?:

I am curious to what SANS training costs?

Around $6000 for the training.

So after travel, etc, it is over budget?

Well, since I'm in Europe it's makes sense to take the training here. With flights, travel costs, hotel, etc the total will be about 8250 EUR, which is $9650. Add to that the loss of billable hours and it adds up.

Most of your standard cert training is like $3000 ,but most of the time it is just a bootcamp which really isnt what you want. I think you are going to be at that $5-6k range for the type of training you are looking at.

I recently attended an O365 workshop that was $4k for 3 days and it was an absolute joke. Alot of time your training, is only as good as your instructor.

So this has been changed in their newest release 2.0.0.25 (not sure if it's publically available), and while the credentials are no longer in plain-text there are a few things you lose the ability to do.

Namely to tell if any given used is logged into a device, and secondly to sign in/out as a user on any given device.

I've provided my feedback to Yealink and hope to hear back soon. Neither of the above 2 issues are deal breakers, as the bigger goal is to be able to set configuration options, screensavers, time servers etc and have the user deal with the login.

Especially since the "Web Sign in" functionality is so simple, there is little reason to need the ability to sign in for a user.

If you ever need to report a Microsoft partner for ethics breaches, you can email [email protected]

This might be useful for some people:

https://mangolassi.it/topic/17197/disable-network-level-authentication-or-nla-remotely-via-powershell

Changed, though I already had login verification setup so no way someone else would get in easily.
0_1525401327754_d65c3f50-c905-47c5-b2b5-903e8bb692f5-image.png

@dafyre said in Drupalgeddon2 Kicks Off:

@dbeato said in Drupalgeddon2 Kicks Off:

@dafyre said in Drupalgeddon2 Kicks Off:

Has everybody else already patched their Drupal setups?

Well, a new customer we needed to patch it 😞

Hopefully it has been patched before they got pwned.

Yeah hopefully .

@psx_defector said in IIS Security setup:

Best practice isn't up to date.

Set it to PCI 1.2, that disables TLS1.0, all the AES stuff, etc. etc. You can also disable them manually in the first screen.

Great, thanks.

http://www.tomshardware.com/news/facebook-match-patient-data-profiles,36839.html#xtor=RSS-181

@aaronstuder said in Delta Airlines and Sears Have Large Credit Card Breach Through Third Party Shared Service Firm:

@harry-lui It is accepted everywhere...

Not true.

That is just funny to read.

https://arstechnica.com/tech-policy/2018/04/facebook-now-says-87-million-people-affected-by-cambridge-analytica-breach/#p3

Could be closer to 87M users. Wow.