@matteo-nunziati said in Why you don't need a VPN or not?:
I know big corps that have been killed by vpn .
A serious attach at 1 site killed all the services world wide. While this is mostly bad networking design this is also vpn propagating s**t
Yes, but that misleading to attribute that to VPN. You could just as easily argue that big corps have been killed by cat 6 cables as well.
@irj said in What's in your bag?:
One of the best ways to identify a veteran fisherman vs an inexperienced one is by the size of his tackle box. Less is more. The better fisherman I become the less lures I carry. It's the opposite of what most people think..
What do you need other than a laptop to make connector whatever you need to access?
That's pretty funny. Except that a real fisherman has a frickin' boat and nets. Tackle box is for amateurs. :grinning_face_with_smiling_eyes:
Also regarding LAN-centric security trust. All I see in modern installations are security zones where traffic get firewalled between different type of things on different VLANs. Just because something is connected on the LAN doesn't mean it's trusted or have full access to everything else.
But maybe what I come in contact with is not what is commonly done. That's entirely possible.
To me VPN is just a secure connection. It doesn't mean the end-points are secure.
And we don't need to extend the LAN if we don't have network resources on the LAN that we need to access, or we can access them in another way.
Regarding LAN or not, that's just a matter of speed. Speed is time and time is money.
If we could get local LAN speed on the WAN (internet) then there would be little point in having any resources on the LAN. Unless they need to local - like a printer, ip phone, manufacturing equipment for instance
But we are far from that point. I consider gigabit LAN to be standard and very few have gigabit speed from end-point to server when the server is not on the LAN.
For some things it doesn't matter because it's fast enough. Like office files that are often a few meg at most.
And then we have site-to-site VPN. What is the problem? It's office to office connections so clients in one office can access resources on the LAN in the other. Firewalls limits traffic in both directions.
It's unlikely that the link itself is compromised and the security has the same layers as it has as if you are in one of the security zones on the LAN.
I have trouble understanding the problems you refer too (as typical VPN problems) as these are not typical uses that I have come into contact with.
For example, I use a VPN client to connect into customers networks. Does that put my computer on their LAN? No, it puts my computer into their firewall where my access is heavily restricted to a few IP addresses and a few ports, specific to my actual needs. And my computer has to follow a long set of rules to be allowed to connect and customers also have their own VPN client (and 2FA) - which means I set up one VM for each customer I need to connect to.
Secure access to server management would make sense to secure with a VPN and 2FA.
@scottalanmiller how do you not have VPN now?
Nope, none.
Methinks he's looking for an explanation of how you guys got rid of VPN.
Me too.
Just no need for it. Try it in reverse, what do you have that makes you want a VPN?
Files on the LAN, for the LAN users?
I put a regular 2.5" SSD in an USB3 enclosure years ago to get several hundreds MB/sec.
Today maybe a portable SSD drive would a great thing to buy instead of inventing the wheel. Like Samsung T5 below.
I switched to backpacks many years ago.
https://us.targus.com/products/checkpoint-friendly-air-traveler-16-inch-laptop-backpack-tbb012us
I usually have:
I'd cut down or remove the "Part Time Instructor | National College of Business and Arts" section.
Only thing I can think of when reading that, is what kind of real job you had if you could work part time simultaneously.
I'd also put your education last in the list because as an employer I would be more interested to check your skills and where you worked (what kind of projects did you do, what kind of clients) before looking at your education. Just the principle of showing your strongest selling points first. But maybe that's just me.
Ransomware is not fun.
NotPetya damages were in the 10 billion range. One enterprise I work for at times was down for weeks. Having backup is not enough - you need to be able to access your backup too. When everything is down you don't have any computers to access anything with. Sure you can reinstall but where are your image files? When you do have computers you have no DHCP, no DNS, no AD etc. You have no internet access, no email, no phones. Yeah, backup is not enough. You need an elaborate emergency plan.
@jaredbusch So then it's not in 2012 R2 either?
Just for fun I ran this on a VM, on our inhouse Xenserver - 4 vCPU.
It's a Haswell gen CPU, so well before Skylake. Surprisingly good single core performance.
@jaredbusch said in How to install and run Geekbench 4 on linux:
Does not need to run as root, or even need
sudo.
Thanks, I figured as much but I was too lazy to check. I'll update my post.
@obsolesce said in How to install and run Geekbench 4 on linux:
Just used this guide and posted results here!
Awesome!
Alright, I have some updates now that I have two identical machines but with different CPU configurations.
Machine 1: 2 x E5-2630v2, 6 cores each = 12 cores @ 2.60 GHz, 64GB RAM
Geekbench: ~29000
Idle power: ~60 Watt
Machine 2: 1 x E5-2670v2, 10 cores @ 2.50 GHz, 64GB RAM
Geekbench: ~27000
Idle power: ~30 Watt
The dual CPU machine is slightly faster but results are within 10% and there are some variation in the test when repeated.
The big difference however is in power consumption. Dual CPUs requires about twice the power when idling.
The machines both have the same dual socket motherboard, but the single CPU has fewer memory sockets but bigger (4x16GB) versus the dual CPU machine (8x8GB). But that is the reality as well - you need to populate more sockets with two CPUs.
If you want to run Geekbench 4 on a linux server, this is how to install and run it.
Note that you need to have a working internet connection on the server.
You can run it as root or as any other user.
Let's start from the home directory and put the files there.
cd
Download the files from geekbench.com:
(change version number if needed for latest version)
wget http://cdn.geekbench.com/Geekbench-4.3.3-Linux.tar.gz
Extract the downloaded files:
tar -zxvf Geekbench-4.3.3-Linux.tar.gz
Go to the extracted folder:
cd Geekbench-4.3.3-Linux
Run the test in tryout mode, results are uploaded automatically:
./geekbench_x86_64
After a few minutes the test is completed and you'll see a link to a webpage which is unique for each test.
Upload succeeded. Visit the following link and view your results online:
https://browser.geekbench.com/v4/cpu/1234567
Just enter the link in any browser and you'll see the results of the test.
HP used to say it was OK way back in the days because of authentication, encryption etc. What they say today I don't know.
But this is what the security researches says:
https://www.synacktiv.com/posts/exploit/rce-vulnerability-in-hp-ilo.html
HP iLO is an administration tool, and as such should only be accessible from an isolated VLAN, different from the users' VLAN.
More specifically:
- Do not connect iLO to your network if the interface is not actually used;
- Do not expose any iLO interface to any untrusted network;
- Use strong, randomly generated passwords for each server instance.
As a reminder, HP iLO 4 also exposes the IPMI interface on port 623. The IPMI v2 authentication protocol is affected by a design weakness that allows an attacker to retrieve a hash of the password, provided only the username is known. The hash can later be brute-forced off-line. This can not be patched or mitigated, except by proper network isolation.
Finally, as for every service running on a corporate network, iLO event logs should be centralized and monitored to detect unauthorized connections.
This is how easy it is to hack the iLO 4 if the server is running version < 2.54.
Version 2.54 was released September 2017. How many keep their ILO firmware up to date?
iLO 4 runs on G8 and G9 servers.