@irj I know there were some rafting places that took people rafting in the area. My honeymoon was in January so they, of course, weren't operating. I didn't think it was that cold, to be honest, and probably would have been fine in a boat on a river or lake, maybe not rafting.

@dustinb3403 said in Training for policies, procedures, and standards:

@irj said in Training for policies, procedures, and standards:

@dustinb3403 said in Training for policies, procedures, and standards:

@irj said in Training for policies, procedures, and standards:

@dustinb3403 said in Training for policies, procedures, and standards:

@irj said in Training for policies, procedures, and standards:

I want to create these documents for something that is not implemented yet. So basically I am starting from scratch.

You still start with the system documentation, how things are setup, the reasoning for setting them up like that, known or foreseen issues with the configuration, limitations of the system, recovery procedures etc.

It isn't setup yet. I need to create this documentation first. I am looking at best practices which give me some great ideas for implementation. However, I will need to create my own variations. I will need to have everything in place before getting the support I need and FTEs from upper management.

But as you set it up, you document it. This isnt a chicken or egg scenario. . .

Not in this case since NIST clearly defines what the program needs to be. We need to be in compliance and in an enterprise the only way these things carry any weight is having a policy signed by C level.

Then the only PPS you can create is to pull information out of your ass, if you can't see and work on a system how can you possibly draft documentation on it?

I guess you should just rip a copy of the owners manual for any solution you want to use, and have the C level sign off on that.

When it comes to compliance plagiarism is encouraged. You want to be as spot on as possible. I have all the information needed in the form of guidelines. I need to format into policy and procedure.

My question was about learning how to format and create the documentation the correct way. I want it to look as professional as possible.

Possibly due to your contributions here, which are usually great.
Thanks

@scottalanmiller
Yeah, lower bar to reach 🙂

@bnrstnr said in Every other post on here is about Sodium...:

@quixoticjeremy yours is about the only one. Anybody joining the community has no idea what SAM has vested interest in. Everybody here suggests products, it would be much better to be able to tell who sells what they're promoting. I can't remember the name of the company, but the WordPress provider convo last week was ridiculously long and heated trying to figure out the truth, when in fact it could have all been easily avoided if there was somewhere that listed who sells what...

Well no, not in that case. If you looked, there was no recommendation. That was a disgruntled ex-community member making things up to make trouble. The "making recommendations" part of was made up. That the web host wasn't public yet was the issue and I had made a joke about it and he seized on the fact that it was mentioned to try to make it look like I was making loads of recommendations (he never produced any) and that I was hiding something (I was, I was hiding the company completely because the website wasn't even done yet.) So that would not resolve issues like, unfortuantely.

Funny enough, that Hostadillo thread was going on during a Sodium announcement.

What would have been handy would have been if the person making the fake accounts had said who they were. That was the actual part that was hidden. They were using a VPN to hide their location and make fake accounts under fake names and never admitted who they were. That's the bigger issue, really, that they had someone making false claims (he / she claimed to work for Grove Social in the past, but had not) and never admitted who they were or who they represented.

Seems unlikely, but hey, Microsoft keeps making chat bots that bash Microsoft. So, very possible.

Is there an updated copy for us to see?

@jaredbusch said in I grabbed an Android TV box...:

I also know a few addicts who lost spouses.

That's... a lot of Everquest.

@irj

Hey everyone thanks for the input. It looks like we may just deploy the patch everywhere, wait until a majority of the clients install the patch, then create the registry key on the DCs. Also, since the reg change does not require a reboot you can switch values on the fly with ease.

@Dashrender said in Splitting one display into two virtual displays:

@JaredBusch said in Splitting one display into two virtual displays:

@Dashrender said in Splitting one display into two virtual displays:

I'm still curious how this helps you?

Dense much? It gives you discrete real estate for your windows.

It is much easier to maximize a window on a fixed display than to actually manage window sizing for everything.

Windows built split screen windowing in in Windows 8, so I'm still not really sure what you're on about.

But if you have a 40" single screen, yeah I do like the behavior of a dual screens instead of just a single one.

But you - @JaredBusch aren't the one asking - so let the OP answer.

Just much easier to drag and expand various windows. I also like the fact that DF let's you change, remove, or add additional displays on the fly.

@coliver I went through all of the drive/sync solutions recently and Sharefile was surprisingly the best. That does not include Nextcloud as I never got around to trying it.

I did try the tool @coliver mentions and a few others, but the lag on my large dataset was too much to deal with.

I do agree the web UI for ODfB is slow and buggy, definitely not something I would prefer to browsing a network drive. The sync was the worst of all tested (Dropbox, Google Drive, etc).

Maybe it will improve with that update in the fall where OneDrive Files on Demand will be integrated in Windows 10.

So here is a list of updates from June 2017, but I need their Bulletin numbers...

https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/40969d56-1b2a-e711-80db-000d3a32fc99

@IRJ said in Can cyber security and IT have the same reports?:

@scottalanmiller said in Can cyber security and IT have the same reports?:

In my experience there is a mix. IT is cyber security to the users, and security is security to IT. Two different C levels.

Does that make sense?

I think you misunderstood.

Should the departments be separated? Should the CISO be a part of IT or compliance?

By definition, I feel, a CISO cannot be under another CxO except for the CEO.

I've got some stuff to catch up on. Thanks for updating this thread, I probably wont get a chance to do this till the end of the week.

@Tim_G said in SMB vs Enterprise:

@John-Nicholson said in SMB vs Enterprise:

@scottalanmiller Always loved CS Lewis's quote on this.

It is a mistake to think that Christians ought all to be teetotallers; Mohammedanism, not Christianity, is the teetotal religion

Actually, alcoholic beverages are forbidden in Christianity. In all of the many different Bibles, old testament and new. The problem is that people see "wine" and think of it as today's alcoholic wine...

And it was. The word used had no other connotations. It's both the word used, and the only one that makes sense in context.

@stacksofplates said in So you want to build a Security Program? Part 1 - Vulnerability Scanning:

@dafyre said in So you want to build a Security Program? Part 1 - Vulnerability Scanning:

@irj said in So you want to build a Security Program? Part 1 - Vulnerability Scanning:

@dafyre said in So you want to build a Security Program? Part 1 - Vulnerability Scanning:

@stacksofplates said in So you want to build a Security Program? Part 1 - Vulnerability Scanning:

I don't have permission to change things on their Nessus system. So I think it's more important that they don't have permissions on mine. If we had to do something, I would craft a sudoers file for them vs just give them root/sudo for everything.

If they're doing real pen testing, they don't need root access to stuff. Hack the box and tell me how you got in!

Vulnerability Scanning and pen testing are not the same. Not all attack surfaces are covered during pen tests and pen testing is much more labor intensive for less information.

I guess I don't see why you would do either without it being blind. I guess it's not a far cry to assume that hackers could get root on your box if they find a vulnerable application.

I can see the merit to a credentialed scan because of insider threats. It will show packages are up to date, file perms that should be set, etc. However I don't see the merit to a plain root access scan. I would at the very least craft sudo perms for the Nessus user.

Edit, initially wrote can't see the merit. Meant to say can.

@JaredBusch said in Nice Concise PDF of common Linux commands:

@Tim_G said in Nice Concise PDF of common Linux commands:

@JaredBusch said in Nice Concise PDF of common Linux commands:

@Tim_G said in Nice Concise PDF of common Linux commands:

@IRJ said in Nice Concise PDF of common Linux commands:

This is a great reference sheet.

https://1drv.ms/b/s!Ar6SLLNOJLHnmkHyMlmbHvg_m8lJ

The link goes here: https://onedrive.live.com/?authkey=!APIyWZse-D-byUk&cid=E7B1244EB32C92BE&id=E7B1244EB32C92BE!3393&parId=root&o=OneUp

I thought that 1drv.ms was the default MS link options now so that users were not posting severe multiline links in documents.

When I first seen the link, I had no idea what it was. I figured I wasn't the only one, so my post was for those people.

Right, I get not trusting third party URL shorteners and such. But this is a MS design and part of the product.

It wasn't about trust. I didn't know what it was. I didn't completely read the link because it didn't look like words at quick glance. Upon further inspection, I could see that 1drive.ms was one drive Microsoft... I get it. But again, when I first seen it, I didn't notice and would have preferred the full link instead...

So, I still posted the long version for those who are like me.

@IRJ Bonam fortunam!

@IRJ said in List Comparison Tool:

I have two very large lists of IPs and I would like to compare the differences between the list. I usually use Notepad ++ Compare for this type of thing, but I believe it only compares line to line.

I also tried using conditional format in excel, but I am not sure if the results are accurate.

Just one command:
diff <(sort list1 | uniq) <(sort list2 | uniq).

For 95% of tasks involving text manipulation (from the easiest like this to mid-complexity), the standard unix tools can do everything in a very quick and concise way.
The other 4.95% (very complex, special stuff) can be handled by Python (but also ruby or perl).
The last 0,05% is HPC/realtime/weird (C, Ada, erlang?).

But please, don't use a giant piece of bloatware just to compare strings 😭.