What Are You Doing Right Now
-
@JaredBusch I honestly assumed that it was no longer a good idea in terms of security. I have done it before with a NAT mapping and it worked fine. What is your view on this?
-
@brandon220 said in What Are You Doing Right Now:
@JaredBusch I honestly assumed that it was no longer a good idea in terms of security. I have done it before with a NAT mapping and it worked fine. What is your view on this?
We just had a thread on this last week about how RDP already is inside a VPN and the whole "need another VPN" thing is mostly just security theater based off of fake threats. Essentially all RDP risks come from having the port "too open" and leaving users exposed with really insecure passwords. No one every breaks into RDP, they always just guess the password. And if the VPN is secured the same, it's equally risky.
-
Here is a thread on RDP Security specifically.
https://mangolassi.it/topic/16698/the-myth-of-rdp-insecurity/
-
@scottalanmiller said in What Are You Doing Right Now:
@brandon220 said in What Are You Doing Right Now:
@JaredBusch I honestly assumed that it was no longer a good idea in terms of security. I have done it before with a NAT mapping and it worked fine. What is your view on this?
We just had a thread on this last week about how RDP already is inside a VPN and the whole "need another VPN" thing is mostly just security theater based off of fake threats. Essentially all RDP risks come from having the port "too open" and leaving users exposed with really insecure passwords. No one every breaks into RDP, they always just guess the password. And if the VPN is secured the same, it's equally risky.
Right, I have a client that had a locally hosted LOB application. The main office users used a normal thick desktop app. The branch office users used RDP. The RDP was over the interoffice VPN that was already in place. Then their remote users used RDP over public internet. But I used basic firewall rules on the router to only allow RDP from their known IP blocks (I did a lookup on their home ISP and allowed from those entire CIDR blocks. A risk, but a very small one.
Password policy was minimum of 14 characters.
-
@JaredBusch said in What Are You Doing Right Now:
@scottalanmiller said in What Are You Doing Right Now:
@brandon220 said in What Are You Doing Right Now:
@JaredBusch I honestly assumed that it was no longer a good idea in terms of security. I have done it before with a NAT mapping and it worked fine. What is your view on this?
We just had a thread on this last week about how RDP already is inside a VPN and the whole "need another VPN" thing is mostly just security theater based off of fake threats. Essentially all RDP risks come from having the port "too open" and leaving users exposed with really insecure passwords. No one every breaks into RDP, they always just guess the password. And if the VPN is secured the same, it's equally risky.
Right, I have a client that had a locally hosted LOB application. The main office users used a normal thick desktop app. The branch office users used RDP. The RDP was over the interoffice VPN that was already in place. Then their remote users used RDP over public internet. But I used basic firewall rules on the router to only allow RDP from their known IP blocks (I did a lookup on their home ISP and allowed from those entire CIDR blocks. A risk, but a very small one.
Password policy was minimum of 14 characters.
And you can add extra controls like two factor authentication or brute force attack mitigation as well, if you feel the need.
-
@JaredBusch said in What Are You Doing Right Now:
On the phone with a Mitel tech trying to make it talk over the SIP trunk we have setup.
what's different from the setup I got working?
-
@Dashrender said in What Are You Doing Right Now:
@JaredBusch said in What Are You Doing Right Now:
On the phone with a Mitel tech trying to make it talk over the SIP trunk we have setup.
what's different from the setup I got working?
Yours works?
jajaja
-
@scottalanmiller said in What Are You Doing Right Now:
@Dashrender said in What Are You Doing Right Now:
@JaredBusch said in What Are You Doing Right Now:
On the phone with a Mitel tech trying to make it talk over the SIP trunk we have setup.
what's different from the setup I got working?
Yours works?
jajaja
You're a funny guy.
-
Halfway through Coffee Number 4, And water number 2.
Debating on what's for lunch... -
@WrCombs said in What Are You Doing Right Now:
Halfway through Coffee Number 4, And water number 2.
Debating on what's for lunch...Probably a bathroom break, lol.
-
@scottalanmiller said in What Are You Doing Right Now:
@WrCombs said in What Are You Doing Right Now:
Halfway through Coffee Number 4, And water number 2.
Debating on what's for lunch...Probably a bathroom break, lol.
I've had a few... LOL
-
@Dashrender said in What Are You Doing Right Now:
@JaredBusch said in What Are You Doing Right Now:
On the phone with a Mitel tech trying to make it talk over the SIP trunk we have setup.
what's different from the setup I got working?
Not a SIP trunk to the outside. THis is using a SIP trunk to interconnect a FreePBX install to a Mitel.
-
Kids are still asleep here!
-
@JaredBusch said in What Are You Doing Right Now:
@Dashrender said in What Are You Doing Right Now:
@JaredBusch said in What Are You Doing Right Now:
On the phone with a Mitel tech trying to make it talk over the SIP trunk we have setup.
what's different from the setup I got working?
Not a SIP trunk to the outside. THis is using a SIP trunk to interconnect a FreePBX install to a Mitel.
How is it coming?
-
As we migrate from 1:1 physical servers to Hyper-V (yay, me!), I should have known these 1U little bastards wouldn't go quietly. Had to swap both drives from 1 machine with a borked RAID card to another that has been idle. Luckily it only took 2 reboots to sort the foreign config, and the devs have been given a stern "hurry up and move that data" warning.
-
@RojoLoco said in What Are You Doing Right Now:
As we migrate from 1:1 physical servers to Hyper-V (yay, me!), I should have known these 1U little bastards wouldn't go quietly. Had to swap both drives from 1 machine with a borked RAID card to another that has been idle. Luckily it only took 2 reboots to sort the foreign config, and the devs have been given a stern "hurry up and move that data" warning.
You should give them a timeline. In 14 days it becomes your data is gone.
-
@dafyre said in What Are You Doing Right Now:
@RojoLoco said in What Are You Doing Right Now:
As we migrate from 1:1 physical servers to Hyper-V (yay, me!), I should have known these 1U little bastards wouldn't go quietly. Had to swap both drives from 1 machine with a borked RAID card to another that has been idle. Luckily it only took 2 reboots to sort the foreign config, and the devs have been given a stern "hurry up and move that data" warning.
You should give them a timeline. In 14 days it becomes your data is gone.
These VMs have been ready since October. The owner gave them a deadline of xmas, then 1st of the year, now it's no real deadline. I really wish I could enforce any of what they have been told to do.
-
@RojoLoco said in What Are You Doing Right Now:
@dafyre said in What Are You Doing Right Now:
@RojoLoco said in What Are You Doing Right Now:
As we migrate from 1:1 physical servers to Hyper-V (yay, me!), I should have known these 1U little bastards wouldn't go quietly. Had to swap both drives from 1 machine with a borked RAID card to another that has been idle. Luckily it only took 2 reboots to sort the foreign config, and the devs have been given a stern "hurry up and move that data" warning.
You should give them a timeline. In 14 days it becomes your data is gone.
These VMs have been ready since October. The owner gave them a deadline of xmas, then 1st of the year, now it's no real deadline. I really wish I could enforce any of what they have been told to do.
I'm sure you could arrange an unfortunate accident for them.
-
@Dashrender said in What Are You Doing Right Now:
@JaredBusch said in What Are You Doing Right Now:
@Dashrender said in What Are You Doing Right Now:
@JaredBusch said in What Are You Doing Right Now:
On the phone with a Mitel tech trying to make it talk over the SIP trunk we have setup.
what's different from the setup I got working?
Not a SIP trunk to the outside. THis is using a SIP trunk to interconnect a FreePBX install to a Mitel.
How is it coming?
After a 1 hour and 20 minute call, the tech hung up to go bring it to an engineer.
Planning a call on Friday now. -
@dafyre said in What Are You Doing Right Now:
I'm sure you could arrange an unfortunate accident for them.
All of your data is encrypted, if you want it back pay us $5 Million in bitcoin at this address . . ..
Welp guys, those VM's seem to be the only thing that got hit, we got lucky.