ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login
    1. Topics
    2. Tags
    3. security
    Log in to post
    • All categories
    • OksanaO

      Stay Secure with OSConfig in Windows Server 2025

      Watching Ignoring Scheduled Pinned Locked Moved Starwind starwind windows server 2025 security
      1
      0 Votes
      1 Posts
      248 Views
      No one has replied
    • OksanaO

      Purpose-Built Backup Appliance in a Nutshell

      Watching Ignoring Scheduled Pinned Locked Moved Starwind starwind backups security data protection
      1
      0 Votes
      1 Posts
      175 Views
      No one has replied
    • scottalanmillerS

      SAMIT: Never Read SPAM!

      Watching Ignoring Scheduled Pinned Locked Moved IT Discussion spam email security
      1
      0 Votes
      1 Posts
      484 Views
      No one has replied
    • scottalanmillerS

      QBX, Priorietary Dashcams and Hacked Police Departments

      Watching Ignoring Scheduled Pinned Locked Moved IT Discussion security qbx video dashcam chain of custody rootkit virus trojan flashback
      4
      2 Votes
      4 Posts
      732 Views
      scottalanmillerS

      @DustinB3403 said in QBX, Priorietary Dashcams and Hacked Police Departments:

      @scottalanmiller Yea I've had to deal with this in the past, the software is just awful to deal with, and literally makes nothing more secure, for either the prosecution, defendant(s) or the public attempting to view the material.

      Simple answer is, that it just proves how vulnerable police departments are with such horrible software requirements.

      Not aware of any requirement. They just choose this kind of equipment over other options.

    • Reid CooperR

      SSL Decryption of American K12 School in Connecticut: Legality?

      Watching Ignoring Scheduled Pinned Locked Moved IT Discussion security ssl ssl decryption
      3
      1 Votes
      3 Posts
      706 Views
      scottalanmillerS

      @Obsolesce said in SSL Decryption of American K12 School in Connecticut: Legality?:

      Here are some points to consider:

      Consent and Notification: It's essential to have explicit consent from parents or legal guardians if students are minors. Even if students are not employees, they still have privacy rights. Proper notification to both students and parents is crucial.

      FERPA Compliance: The Family Educational Rights and Privacy Act (FERPA) protects the privacy of student education records. Any monitoring should be in compliance with FERPA regulations to avoid violations.

      Children's Online Privacy Protection Act (COPPA): If the school is providing online services or websites to students under the age of 13, COPPA may come into play. It requires obtaining parental consent for collecting personal information from children.

      Vendor Liability: If a breach of student private communications occurs due to IT or vendor mistakes, there could be potential liability issues. Schools should have agreements in place with vendors that address data security and liability.

      Local and State Laws: Laws regarding electronic surveillance, data privacy, and education can vary by state and locality. It's important to consult with legal experts who are knowledgeable about local regulations.

      Balancing Security and Privacy: Schools must strike a balance between ensuring network security and respecting student privacy. An overly intrusive monitoring system could raise concerns.

      Ultimately, it's crucial to consult with legal counsel who specializes in education law and data privacy to ensure that the school system's practices comply with all applicable laws and regulations. Additionally, a transparent and well-documented approach to monitoring, including clear notification to students and parents, can help mitigate potential legal risks.

      This is good input. Ultimately liability is going to come down to primarily local laws and statutes and what the legal department of the district has done to ensure safety and indemnification, and of course what transparency, notification and consent has been granted. That students are required to attend school, are not employees or at will, and are minors make this not just different, but essentially the opposite, of an employment situation. Any breach of privacy (not meaning a breach of IT systems, but the IT systems themselves) could violate constitutional rights as well as international human rights...

      From a law firm on US right to privacy... "The right to privacy is a fundamental human right, and it is recognized by international treaties and many countries’ Constitutions. The Universal Declaration of Human Rights recognizes the right to privacy in Article 12, and the International Covenant on Civil and Political Rights further elaborates on the right to privacy in Article 17.

      At the same time, different countries have different laws and regulations when it comes to privacy. In the United States, for example, the Fourth Amendment to the Constitution protects citizens from unreasonable searches and seizures by the government. This has been interpreted by the courts to include the right to privacy."

      Even if students are not minors, the question is whether this constitutes unreasonable search leading to violation of privacy. And of course if it puts minors at risk, that's an additional concern.

    • OksanaO

      Microsoft Defender For DevOps: DevSecOps in Azure

      Watching Ignoring Scheduled Pinned Locked Moved Starwind starwind microsoft defender azure devops security
      1
      0 Votes
      1 Posts
      341 Views
      No one has replied
    • scottalanmillerS

      Get Alert Whenever There is MS SQL Server Access

      Watching Ignoring Scheduled Pinned Locked Moved IT Discussion ms sql server database security
      6
      0 Votes
      6 Posts
      874 Views
      JaredBuschJ

      @scottalanmiller said in Get Alert Whenever There is MS SQL Server Access:

      It's a production database so there should be an email when the application connects and absolutely no user should ever, ever, ever be able to log in unless it's an admin doing an emergency backup and/or restore (likely alerts would be off during a restore.)

      I cannot imagine a MS SQL Server based client-server application that does not make a billion DB calls all day long. So you will have to exclude that system user from being audited.

      @scottalanmiller said in Get Alert Whenever There is MS SQL Server Access:

      There's no user ever authorized to just connect.

      The application user is always connecting. Repeatedly.

    • OksanaO

      Secure Connectivity, Azure Bastion, and Azure VWAN

      Watching Ignoring Scheduled Pinned Locked Moved Starwind starwind azure virtual machines vwan security
      1
      1 Votes
      1 Posts
      286 Views
      No one has replied
    • scottalanmillerS

      Email 101: How It Really Works SAMIT Series

      Watching Ignoring Scheduled Pinned Locked Moved Self Promotion email smtp pop pop3 imap imap4 zimbra mailcow exchange security bbs bulletin board system
      5
      1 Votes
      5 Posts
      826 Views
      scottalanmillerS

      @travisdh1 thanks! 🙂

    • OksanaO

      How to Improve Network Infrastructure Security — Part 1

      Watching Ignoring Scheduled Pinned Locked Moved Starwind starwind microsoft azure azure azure vwan vwan security networking
      1
      1 Votes
      1 Posts
      297 Views
      No one has replied
    • JaredBuschJ

      Proxmox hates security

      Watching Ignoring Scheduled Pinned Locked Moved IT Discussion proxmox proxmox 7 security
      12
      1 Votes
      12 Posts
      1k Views
      1

      @scottalanmiller said in Proxmox hates security:

      @Pete-S said in Proxmox hates security:

      @scottalanmiller said in Proxmox hates security:

      @Pete-S said in Proxmox hates security:

      I'm not saying Proxmox is insecure, I'm just saying it wasn't designed with security as it's primary focus.
      KVM by default for instance is managed by libvirt and by default doesn't open any tcp ports at all. That gives the administrator the option to decide what level of security versus convenience they want.

      Ignoring "by default" in that, ProxMox can be the same. You can close everything up and only manage however you like. You don't have to use the web interface on it, it can be totally shut down. Obviously defeating lots of the purpose, but plausible.

      I spend far more time on ProxMox via command line via MeshCentral than via the web interface and the web interface, while we don't lock it down from the LAN in most cases (we run a LOT of ProxMox these days) we primarily access it from the PM host itself from a jump box running on top of it for the cases when the web interface is needed. So while we don't go to the degree of locking it off from the LAN, we could and we wouldn't notice the difference most of the time.

      That's not a default, so obviously totally different. But it's a really simple setting.

      That's good to know.

      We don't use gui anymore either but we're moving away from pre-packaged hypervisors and to pure KVM with libvirt compatible management tools.

      We have found that to be the best solution for our use case (high degree of automation and customization).

      I'd like to see that for sure. There's a lot of benefit to that, potentially at least.

      We're automating a lot.

      But the real problem is not the automation itself. The real problem is that automation and standardization is time consuming.

    • scottalanmillerS

      SAMIT: Stop Using Secure Email

      Watching Ignoring Scheduled Pinned Locked Moved Self Promotion bbs email smtp security samit
      16
      1 Votes
      16 Posts
      2k Views
      JaredBuschJ

      @scottalanmiller said in SAMIT: Stop Using Secure Email:

      @JaredBusch said in SAMIT: Stop Using Secure Email:

      Also, accepting insecure email is different than allowing your organization to send insecure email.

      Very true. Accepting things insecurely is better than sending them.

      I accept email in any way that it is sent. But all sent email is required to be TLS or it will not send. I have a couple of people that the boss cannot email because of it, as well as one prior customer that is still running an ancient ass GroupWise 6 email server. They email asking for one off support for their routers sometimes.

    • JaredBuschJ

      Unable to mark NAS location trusted in Office

      Watching Ignoring Scheduled Pinned Locked Moved Solved IT Discussion microsoft office security trust center
      18
      1 Votes
      18 Posts
      3k Views
      JaredBuschJ

      Tested and it works all the time by hostname instead of IP.

    • scottalanmillerS

      Understanding the Fake Microsoft Support Call Scam on SAMIT

      Watching Ignoring Scheduled Pinned Locked Moved Self Promotion scam security samit youtube microsoft end user
      1
      0 Votes
      1 Posts
      526 Views
      No one has replied
    • gjacobseG

      ManageEngine: Desktop Central - MFA

      Watching Ignoring Scheduled Pinned Locked Moved Unsolved IT Discussion manageengine desktopcentral mfa security annoyance time waster
      5
      0 Votes
      5 Posts
      829 Views
      travisdh1T

      @gjacobse said in ManageEngine: Desktop Central - MFA:

      @scottalanmiller

      It is a gas soaked bonfire waiting for a match.

      Fixed that for you.

    • scottalanmillerS

      Experience with NDR Solutions

      Watching Ignoring Scheduled Pinned Locked Moved IT Discussion ndr security
      34
      0 Votes
      34 Posts
      3k Views
      ObsolesceO

      @stacksofplates said in Experience with NDR Solutions:

      Why is Sally accessing this service from a non work computer at 3 am her time with a chinese IP address? Sure this request has the password but that doesn't sound valid.

      Which means you can automatically perform additional validation with MFA, or straight up deny access.

      There's a lot of options really. You can only allow access to certain systems and/or services via company devices enrolled in MDM, with up to date OS, encryption, and endpoint protection. You can verify endpoints and users with passwordless auth via Beyond Identity and in certain cases use additional MFA via Duo or whatever you want to set up.

      Sally is trying to log in to her company email. She's authenticated via passwordless auth via Beyond Identity on her work computer. Her work computer passes the health check seamlessly through BYID and allows her to access her email. Maybe she's also prompted for MFA always, or maybe only if she's logging in outside her normal geographic area on her work computer. Maybe (e.g. email) access is denied totally if from a non-company device. Options...

    • scottalanmillerS

      What Does the V- Stand for in Microsoft Email Addresses

      Watching Ignoring Scheduled Pinned Locked Moved IT Discussion microsoft security
      7
      5 Votes
      7 Posts
      4k Views
      dbeatoD

      @JaredBusch Yup, and they want to do a audit of devices using a deployment tool that is not even a Microsoft one.

    • 1

      Zoho Mail has new secure sending option

      Watching Ignoring Scheduled Pinned Locked Moved IT Discussion zoho zoho email security
      5
      0 Votes
      5 Posts
      951 Views
      1

      @Dashrender said in Zoho Mail has new secure sending option:

      @Pete-S said in Zoho Mail has new secure sending option:

      @Dashrender Good to know.

      One purpose of the OTP is that you can't forward the email and have another person read it.

      Not directly forward - sure, but you could screen shot it and forward that to someone.

      I assume the OTP is more so that people don't have to create accounts in the Zoho system.

      It looks like Zoho had the forwarding thing specifically in mind since they mentioned that on their website. A lot of people will forward messages without thinking about the sensitive information that is usually longer down in the mail. I've seen that a lot when I get emails forwarded to me with information that is clearly not intended for me.

      In the MS system you have to create an account, same goes for Zix, even if you will only ever read this one message on that system.

      Yeah, I hate that. It's just to get more users. I love OTP though.

      I'll have to check how these secure feature works with sending huge mail attachments as well. Haven't tried it yet.

    • OksanaO

      New Names and Features for Microsoft Security Applications

      Watching Ignoring Scheduled Pinned Locked Moved Starwind starwind microsoft security azure security
      1
      1 Votes
      1 Posts
      400 Views
      No one has replied
    • OksanaO

      How to Automate Azure Playbook Deployment?

      Watching Ignoring Scheduled Pinned Locked Moved Starwind starwind microsoft azure microsoft sentinel security devops
      1
      1 Votes
      1 Posts
      413 Views
      No one has replied
    • 1
    • 2
    • 3
    • 4
    • 5
    • 31
    • 32
    • 1 / 32