Is Spectrum's modem really bridged?

Fredtx

@scottalanmiller said in Is Spectrum's modem really bridged?:

This means that management is clueless and is working from "security theater." They don't understand what happened and instead of securing the system are trying to make a show of "changing things" without really securing anything.

A lot of it is politics and liability reasons. There's a lot of limits of what we "can" and "can't" do when it comes to providing solutions for our customers. One of the reasons why I'm here in this community is to look at things from "outside" the box and hopefully utilize the knowledge I gain from a group of IT professionals and implement it in my current job or somewhere else where ever the rabbit hole takes me (red pill )

scottalanmiller

@Fredtx said in Is Spectrum's modem really bridged?:

@scottalanmiller said in Is Spectrum's modem really bridged?:

This means that management is clueless and is working from "security theater." They don't understand what happened and instead of securing the system are trying to make a show of "changing things" without really securing anything.

A lot of it is politics and liability reasons. There's a lot of limits of what we "can" and "can't" do when it comes to providing solutions for our customers. One of the reasons why I'm here in this community is to look at things from "outside" the box and hopefully utilize the knowledge I gain from a group of IT professionals and implement it in my current job or somewhere else where ever the rabbit hole takes me (red pill )

Most companies prioritize politics over profits. It's sad, but the average business is driven by emotion not "doing business"

Dashrender

Scott is of course right in his explanation - but he's glossing over something. Many VPN clients allow you to save that savage password into the VPN client so it never has to be typed again.

So management might not want more complex passwords (or simply longer ones) that the staff (and themselves) have to use. instead they want to protect the border to the network with the VPN and it's client that holds the password. I don't believe the default Windows based RDP client will save the password - not that that alone would solve the problem, again, management likely doesn't want to type in a 18+ char password everytime they unlock their computer.

scottalanmiller

@Dashrender said in Is Spectrum's modem really bridged?:

Scott is of course right in his explanation - but he's glossing over something. Many VPN clients allow you to save that savage password into the VPN client so it never has to be typed again.

So management might not want more complex passwords (or simply longer ones) that the staff (and themselves) have to use. instead they want to protect the border to the network with the VPN and it's client that holds the password. I don't believe the default Windows based RDP client will save the password - not that that alone would solve the problem, again, management likely doesn't want to type in a 18+ char password everytime they unlock their computer.

But you are comparing a third party "option" vs. a perceived lack of first party option. To make this argument valid, you have to assume that you aren't using a specific VPN or using it in the same way as the RDP. Then you have to assume RDP done with a specific client in a specific way. So it isn't VPNs and RPD that are being compared, but using the full range of options of one, and limiting the other to one assumption.

In the real world, a specific VPN implementation might not allow saving passwords, and RDP most certainly does allow it (I use that feature all of the time.)

There is a false perception here of what a VPN will do and what RDP will do based on how the are "commonly seen", but it's really all myth.

But it is no the VPN or the RDP that creates the artefacts. We are confusing the means with the ends.

scottalanmiller

Even the Windows RDP client does allow saving creds, it's a commonly used setup.

https://www.nextofwindows.com/how-to-save-password-in-a-remote-desktop-connection-in-windows-8

Dashrender

@scottalanmiller said in Is Spectrum's modem really bridged?:

Even the Windows RDP client does allow saving creds, it's a commonly used setup.

https://www.nextofwindows.com/how-to-save-password-in-a-remote-desktop-connection-in-windows-8

lol I looked for that, but forgot to click advanced.

Still doesn't solve the problem using using a horrible password (length along is horrible to some) each time you want to log into your box.

Dashrender

@scottalanmiller said in Is Spectrum's modem really bridged?:

@Dashrender said in Is Spectrum's modem really bridged?:

Scott is of course right in his explanation - but he's glossing over something. Many VPN clients allow you to save that savage password into the VPN client so it never has to be typed again.

So management might not want more complex passwords (or simply longer ones) that the staff (and themselves) have to use. instead they want to protect the border to the network with the VPN and it's client that holds the password. I don't believe the default Windows based RDP client will save the password - not that that alone would solve the problem, again, management likely doesn't want to type in a 18+ char password everytime they unlock their computer.

But you are comparing a third party "option" vs. a perceived lack of first party option. To make this argument valid, you have to assume that you aren't using a specific VPN or using it in the same way as the RDP. Then you have to assume RDP done with a specific client in a specific way. So it isn't VPNs and RPD that are being compared, but using the full range of options of one, and limiting the other to one assumption.

In the real world, a specific VPN implementation might not allow saving passwords, and RDP most certainly does allow it (I use that feature all of the time.)

There is a false perception here of what a VPN will do and what RDP will do based on how the are "commonly seen", but it's really all myth.

But it is no the VPN or the RDP that creates the artefacts. We are confusing the means with the ends.

Sure - you're absolutely right - sadly.. that's a managers typical playground.

scottalanmiller

@Dashrender said in Is Spectrum's modem really bridged?:

@scottalanmiller said in Is Spectrum's modem really bridged?:

Even the Windows RDP client does allow saving creds, it's a commonly used setup.

https://www.nextofwindows.com/how-to-save-password-in-a-remote-desktop-connection-in-windows-8

lol I looked for that, but forgot to click advanced.

Still doesn't solve the problem using using a horrible password (length along is horrible to some) each time you want to log into your box.

Sure, but neither does a VPN. You can control the passwords in either case, or you can let the end user use horrible passwords in either case. The VPN doesn't change the basic issue.

Dashrender

@scottalanmiller said in Is Spectrum's modem really bridged?:

@Dashrender said in Is Spectrum's modem really bridged?:

@scottalanmiller said in Is Spectrum's modem really bridged?:

Even the Windows RDP client does allow saving creds, it's a commonly used setup.

https://www.nextofwindows.com/how-to-save-password-in-a-remote-desktop-connection-in-windows-8

lol I looked for that, but forgot to click advanced.

Still doesn't solve the problem using using a horrible password (length along is horrible to some) each time you want to log into your box.

Sure, but neither does a VPN. You can control the passwords in either case, or you can let the end user use horrible passwords in either case. The VPN doesn't change the basic issue.

Sure. and now we're just running in circles.

I did start by saying you are correct.

scottalanmiller

@Dashrender said in Is Spectrum's modem really bridged?:

@scottalanmiller said in Is Spectrum's modem really bridged?:

@Dashrender said in Is Spectrum's modem really bridged?:

@scottalanmiller said in Is Spectrum's modem really bridged?:

Even the Windows RDP client does allow saving creds, it's a commonly used setup.

https://www.nextofwindows.com/how-to-save-password-in-a-remote-desktop-connection-in-windows-8

lol I looked for that, but forgot to click advanced.

Still doesn't solve the problem using using a horrible password (length along is horrible to some) each time you want to log into your box.

Sure, but neither does a VPN. You can control the passwords in either case, or you can let the end user use horrible passwords in either case. The VPN doesn't change the basic issue.

Sure. and now we're just running in circles.

I did start by saying you are correct.

At the end, VPNs just don't solve those problems. A VPN's benefit is only in having a second mechanism, if it is kept completely decoupled from the original. But it's a poor approach when it is used to cover up a lack of security applied to the core protocol.