Only so serious, it's in D-Link gear. Bwahaha

@travisdh1 just use the UK for now
https://www.support.hp.com/gb-en/drivers

It works

@dyasny said in Diving into a completely new tech stack:

@flaxking said in Diving into a completely new tech stack:

@dyasny So far my only complaint is that they are lacking in kubernetes related courses

There are WAY too many k8s related resources out there. Openshift is harder to come by, but only marginally

Yeah, K8s is not a place generally lacking in resources today. If PS lacks them, that can be easily remedied.

@emad-r said in Proxies as VPN?:

@emad-r

They are using reverse proxy squid on a PFsense router as VPN. or to access company resources.

For example, I think they made LAN 7.7.7.* and put company resource like http://web/company
and only 7.7.7.* can access it in the config on PFsense.

It does not work 100% of course. As you can bypass it if you do http://web/company?32141 and access it from WAN

That works only if the resources are web only. In which case, a VPN was never appropriate in the first place. So in this case, a VPN would actually allow you to access unpublished web resources. But the reverse proxy will publish them.

Now the presumed difference to most people is that the VPN will add a layer or protection in the form of authentication, and the proxy will not. This is not correct, however, because you can add that to the proxy, too.

So, in reality, you are correct, in this specific case, the reverse proxy is actually making a VPN for just those specific web resources. It's a special case VPN, assuming you are using it as an SSL point.

@marcinozga said in W10 VPN connection via iPhone = Grrr:

I've been battling with VPN on Windows 10 ever since the latter came out. And if you do a quick google search, you'll find thousands with all kind of VPN issues on 10. Here's the only thing that worked so far, and I only discovered it yesterday.

In registry, find HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PolicyAgent, then add AssumeUDPEncapsulationContextOnSendRule DWORD key, and change value to 2 and reboot.

Yes, that from here:
https://support.microsoft.com/en-us/help/926179/how-to-configure-an-l2tp-ipsec-server-behind-a-nat-t-device-in-windows

I had been holding off on doing this as I was under the impression that it was an issue elsewhere.

I'll give that a go and see what happens ... ..... .... .... ...

No, that didn't help.

Off to moan to the telco.

@donahue said in Synology High-Availability Cluster:

Ah, I misread because I use NFS to plug mine into ESXi. That is the danger with synology HA. Your standard OS generally wont care of the file drop out for a time while the second synology realizes it has to become the active member. A hypervisor running VM's from it will certainly care though.

Right, it's the hypervisor not looking the time to fail over. Will hit you if you use iSCSI on the Synology, too.

I found a post where someone blamed the way chrome uses BITS for updates.

They claimed that removing chrome, then resetting BITS would solve it.

I didn’t have time to test before my trip.

@scottalanmiller said in PVLAN (private VLAN) in the switch - are you using it?:

PVLAN, or Port Isolation as I think most of us know it, is one of the better uses of VLAN tech. The idea is for extreme environments (not really SMB generally) when normal security measures are not enough, that you make an individual VLAN for every single device on the network so that you control via central firewall a second layer of access for every single port that there is.

There are certainly legit cases for this. And I've worked for one of those places. But it's super rare. It is a lot of work, requires gear that supports it, and adds a lot of complication that you have to consider. It also adds a good deal of security.

In the SMB, most places have over the top security already and zero day threats rarely threaten OS level firewalls. So PVLAN, while legit, rarely has appreciable value to an SMB. But when you need that "second firewall per device", then yes, it's definitely the way to go.

Makes sense, but I'm thinking it doesn't have to be that much more work if you can apply automation to switch management as well.

I think you can do port isolation on the virtual switches in VM hosts in the same way as the physical ones. I understand that at least VMware has had it for a long time so assume other have it now as well.

Classic Curtis.

@jaredbusch said in You know any IT Security Awareness (from Home Users to Enterprise) resource?:

@irj said in You know any IT Security Awareness (from Home Users to Enterprise) resource?:

@jaredbusch said in You know any IT Security Awareness (from Home Users to Enterprise) resource?:

@irj said in You know any IT Security Awareness (from Home Users to Enterprise) resource?:

I guess we were wrong... This course has about $80k in sales. I would assume it was bought mostly by employers, but maybe home users are interested in it as well.

@zachary715 said in You know any IT Security Awareness (from Home Users to Enterprise) resource?:

I have not gone through it, but KnowBe4 has a "Home Course" I assume designed for what you're looking for.

Neither of these are designed originally for the consumer. They are successful businesses that add this component on as a "perk" for the few random consumers that do it.

There will never be a successful business model for this kind of security for consumers that is not forced on them by external factors.

Knoebe4 surely focuses on businesses, but I'm not so sure that is the case with the instructor on udemy. The 3 courses he offers seems to be focused on home users.

Consumers are still not going to just buy into this.

I would bet most of his stuff business paid for.

I would assume you are probably right. I have bought a few udemy courses for my mother in law. One of them was how to use an iphone. This course explained how to turn it on and do really simple stuff like reply to a text message, etc.

@obsolesce said in SSL Certs:

@wls-itguy said in SSL Certs:

OK. So if I have 3 servers that have the following:

pbxserver.site1.org at x.x.x.1
secserv.site1.org at x.x.x.2
weather.site1.org at x.x.x.3

I could use one wildcard cert for all three servers, correct?

IP addresses have nothing to do with it.

I knew that - I was just making sure people knew they were indeed on 3 separate servers.

Where I work, I dont have control over my colleagues. I am sure most places suffer from those people that are just there to stay in their lane and keep the status quo, at least everywhere I have ever worked. This sometimes applies to department heads and those people that should be taking charge of things like training. Generally, I find myself training users on specific tasks that they need to do their job, but a lot of times it comes down to how to process a specific task within our ERP, or somehow relating to how they use the technology we provide. I dont train our estimators how to make an estimation, but I will show them how to enter that into our ERP, or show then where to put all related documents. In a company our size, if there is no one that will take charge and try and force some sort of consistency and order, there will be chaos. A great example is the idea of a classic file server, whether it is a NAS or something else. Without proper permissions and forethought, you will end up with multiple users trying to share the same resources in multiple ways, that are often mutually exclusive. It also doesnt help, when talking about training, that some 'department managers' or other mid level managers are not really managing as much as they are just the most senior person in that department. We have a lot of these types of managers where their workload is still doing the primary task of the department, instead of managing their workers who do the actual work. It makes it hard to have consistency for training, when no one seems to even have the time to train any properly, let along work up any training materials and document any procedures ahead of time. It pays off in the end when it happens, but its never an organic thing that happens, that's not how entripy works. This is one of the primary struggles for our company, and I have taken on some of this (not all of it mind you), possibly because I happen to be able to find a solution that fits our variables, and other people are not as well suited to the task.

@black3dynamite said in Outlook Out of Memory to Open Large Folder:

Email/Mailbox hoarder!

Definitely

I got a 2-year SSL cert from NameCheap for $15 (it's Comodo). Installed and working great. No need for a $200/year cert lol.

@kelly last year it was Sunday or Monday evening. I forget which. I played that one.

I wasn't available this year.

@travisdh1 I thought that was the issue as well and temporarily disabled selinux and it did not fix my issue.

@momurda Great! Thanks for posting!

@scottalanmiller said in GDPR Requiring Centralized Password Management:

@pete-s said in GDPR Requiring Centralized Password Management:

This is the GDPR. You can check yourself what it says. It's only 88 pages.
https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32016R0679&from=EN

Every countries in the European Union are required to make it national law.

Yeah, I've read most of it. But anything 88 pages is long enough to make creating FUD pretty easy to do.

Yeah, FUD is how the big boys make their money. If it's not fear, uncertainty and doubt then it's complexity. Make something that could have been simple, as complex and convoluted as possible so that you absolutely need lots of consultants and experts helping you. Which of course the supplier can offer. And finish of the cocktail of deception with a big chunk of vendor lock-in on top.