@dashrender said in Volume Management Device (VMD) on HP devices:

Anyone seen this newer Volume Management Device BIOS/UEFI feature on newer machine?

Several of the new HP's I've purchased have this option and it's enabled by default - and when you try to install an image on it- the storage isn't seen by the system.
VMD requires the use of Intel Rapid Storage Technology driver - aka fake RAID.

That's not entirely correct. VMD is a NVMe hardware controller (secondary PCIe host bridge) that sits inside newer CPUs, starting with Intel's Scalable. It adds hotplug for NVMe, LED support and support for OS independent NVMe software RAID (Intel VROC). It also allows you to connect more NVMe drives to the CPU.

To use it you need a device driver. Just like everything else.

The BIOS has a UEFI driver embedded so it can boot.
Then the OS needs a driver as well. If your image doesn't have a vmd compatible driver it will not see the device.

Intel RST is a whole bundle of things. But what is needed on Windows I think is the Intel RSTe NVMe UEFI driver. Intel has a tendency to intertwine their software, hardware and drivers in a big mess.

On linux you have the vmd module in the kernel. ESXi also have drivers.

@gjacobse

Right now Trend Micro doesn't have a clue what emails their user are classifying as spam or phishing attempts. Because that happens way after the email has passed through their gateway.

I believe that using the email providers spam and fraud detection has the potential to be better than any external gateway.

Assume that most users also use the providers email app.

In Zoho for example, I believe that when users mark email as spam/fraud, it automatically trains Zoho's detection algorithms. After a while it will have learned how to detect those emails.

I don't think that's possible when the email filtering solution never will get the users feedback.

@gjacobse said in Whack a mole: Dealing with Spam/Phishing:

@pete-s said in Whack a mole: Dealing with Spam/Phishing:

@gjacobse said in Whack a mole: Dealing with Spam/Phishing:

@scottalanmiller said in Whack a mole: Dealing with Spam/Phishing:

The problem is the process... why would someone be reporting spam and why is someone blocking it? That doesn't make sense. Get a good spam filter, configure, train people how to delete, done

"But this is the way we (they) have always done it... "

You mean they are "reporting" as in actually reporting it to someone? And not by marking it as spam in the email client?

Yeah, that doesn't make any sense. Far too time consuming.

Outlook Toolbar.. Reporting

OK, but that just ends up sending an alert email to the designated phishing mail contact, which is IT right?

It would have made more sense if those emails had been forwarded to Trend Micro automatically and their adaptive algorithm would have learned how to detect them.

Right now Trend Micro doesn't have a clue what emails their user are classifying as spam or phishing attempts. Because that happens way after the email has passed through their gateway.

@gjacobse said in Whack a mole: Dealing with Spam/Phishing:

@scottalanmiller said in Whack a mole: Dealing with Spam/Phishing:

The problem is the process... why would someone be reporting spam and why is someone blocking it? That doesn't make sense. Get a good spam filter, configure, train people how to delete, done

"But this is the way we (they) have always done it... "

You mean they are "reporting" as in actually reporting it to someone? And not by marking it as spam in the email client?

Yeah, that doesn't make any sense. Far too time consuming.

@scottalanmiller said in What Are You Watching Now:

Two nights ago view from our place. Just walked out with a beer (shown) and chilled on the beach with @CCWTech .... one hour of the sunset on the beach in 4K.

Sleep Eat Enjoy Repeat.

@dave247 said in Looking for simplest/secure setup for connecting a domain joined computer to corporate network when remote:

@voip_n00b said in Looking for simplest/secure setup for connecting a domain joined computer to corporate network when remote:

@dave247 I use certificates to only allow company owned and managed devices to connect.

Interesting, can you elaborate more on how you achieve that?

It's common to have certificates with VPN.

A OpenVPN client for example without any MFA is usually setup so that it needs a client certificate and a username and a password as well as the connection info. The same goes for Cisco AnyConnect and others.

The VPN connection uses mutual authentication so the client authenticate that the server is who he is suppose to be and the server authenticate the client is who he says he is.

If you install the certificate on your company devices you can't connect to the VPN just by downloading and installing the client on another computer and enter the credentials. Because you don't have the certificate.

So that's how you can control what device is allowed to connect. For more security the certificates can also be stored on smart cards, hardware devices or even the TPM module inside the computer.

You should have something similar on NetExtender. Look for client certificate or client authentication.

Another thing with certificates is that you can prevent VPN access by revoking the client's certificate. And also certificates expire so you can give someone a short term access if you like.

@gjacobse said in Whack a mole: Dealing with Spam/Phishing:

@pete-s said in Whack a mole: Dealing with Spam/Phishing:

@gjacobse said in Whack a mole: Dealing with Spam/Phishing:

@irj said in Whack a mole: Dealing with Spam/Phishing:

Awareness training and actual testing is thr best way to handle this

We do MONTHly testing - and training during onboarding and as needed (Lunch and Learn)...

Do you receive spam from gmail to your public email addresses or to everyone?

They are received to one to several persons - never 'ALL-Staff'.

OK, well I guess it's really a question of how effective the spam filtering is and how you have configured it.

Just a couple of minutes ago I got one of those gmail scams but it was classified as spam. It was sent from google's servers so looks legit when it comes to IP reputation, SPF, DKIM, DMARC etc. It's only the content that is suspicious when you read it. No links or anything.

Maybe you should have a look at what settings you have in Trend Micro. Perhaps you can make a rule specifically for gmail.com addresses that have stronger spam/phishing detection.

@gjacobse said in Whack a mole: Dealing with Spam/Phishing:

@irj said in Whack a mole: Dealing with Spam/Phishing:

Awareness training and actual testing is thr best way to handle this

We do MONTHly testing - and training during onboarding and as needed (Lunch and Learn)...

Do you receive spam from gmail to your public email addresses or to everyone at the organization?

I assume the email are authenticated (SPF, DKIM, DMARC) and delivered by google as well?

@gjacobse said in Launching Windows settings, screen shot etc from URI:

Interesting - I created a batch file that launches all of my daily applications in the office. It'll be interesting to see what I can move to this method...

You can look at what URI are registered to what applications by searching for protocol and you'll find "Choose default application by protocol".

That's how Windows knows what program to launch when it finds something like mailto:

You can also add your own URI to launch whatever app you want. That's done in the registry.

BTW, ubuntu and others have the same capability to handle URIs.

@siringo said in Simple NAS advice:

School needs a NAS. Only needs about 6TB capacity.
Was thinking of a 4 bay thing & using 2TB disks so disk rebuilds will be as quick as possible.
Any recommendations for the NAS and what disks to get?
Will be going into a Windows environment.

If you need 6TB capacity, 4 bays with 2TB drives is not going to cut it. Well, not unless you want to run RAID-5.

You need 4TB drives if you want to run RAID-6, RAID-10 or have 2 independent RAID-1 arrays. Then you'll end up with about 7.1TB (TiB) of usable storage.

This might be useful for some of you.

It's possible to launch some applications in Windows from a link on a webpage.
For instance open a certain settings page or opening windows snip.

This can be useful for support or when doing instructions on how things should be setup (for example microphone, sound etc).

You do this by using custom URIs instead of https:
For example:

• ms-screenclip:
• ms-settings:network
• ms-settings:printers
• ms-settings:privacy-webcam

Windows 10 & 11 have a bunch of those built in.
https://docs.microsoft.com/en-us/windows/uwp/launch-resume/launch-default-app

It's suppose to work on all browsers.

NodeBB unfortunately doesn't have support for URIs so I can't post a link to show how it works. But you can write the link directly into your browser. For instance ms-screenclip:

@travisdh1 said in sending custom CDR from FreePBX:

@pete-s said in sending custom CDR from FreePBX:

@jaredbusch said in sending custom CDR from FreePBX:

@pete-s said in sending custom CDR from FreePBX:

Long time since I saw that one
It had a name but I have forgotten it. What was it called?

I was serious this time.

I looked it up - it was called Clippy (or officially Clippit).
https://en.wikipedia.org/wiki/Office_Assistant

You're too young to remember the horror of Clippy?

1. Get off my lawn!
2. Consider yourself lucky!

I am lucky! Not because I'm too young but because I'm too old - too old to remember every irritating thing Microsoft managed to come up with...

@jaredbusch said in sending custom CDR from FreePBX:

@pete-s said in sending custom CDR from FreePBX:

Long time since I saw that one
It had a name but I have forgotten it. What was it called?

I was serious this time.

I looked it up - it was called Clippy (or officially Clippit).
https://en.wikipedia.org/wiki/Office_Assistant

@gjacobse said in sending custom CDR from FreePBX:

@dashrender said in sending custom CDR from FreePBX:

Email client isn't reading

Long time since I saw that one
It had a name but I have forgotten it. What was it called?

@beta said in Is xByte still recommended for server purchases around here?:

I was going to put 8 14TB drives (Dell drives bought with the server through xByte if I go that route) in RAID 6 for 84TB raw storage. Is that size array unwise for RAID 6?

It's not unwise but you have to take things like rebuilding time into consideration. RAID 6 will rebuild fast on a server with a standard CPU, about 24 hours with those drives, but only if the array is not in use. If it's in use it can take a really long time.

You can plan for that however and have two arrays. Use both but if one is needed to be rebuilt, use just the other one for backup.

Or split the storage into to two backup servers for more options on rebuilding, redundancy and updates/upgrades.

@jaredbusch said in Is xByte still recommended for server purchases around here?:

This is what I mean. A quality Synology is only $1000 and it has 4 network ports you can team for better than gigabit throughput.

Buy whatever size disks you need to make whatever level of rdundancy you need and be done.

The DS series is consumer quality so not a valid comparison to a real server. But if you don't need server grade quality and a desktop form factor works fine, then its good value.

The RS series is quality that is comparable to a server and also rack mounted.

But if the OP intend to run it past it's warranty, I suggest getting a server instead. Much easier to source spare parts.

Also better getting a real server if you need do things like swapping out fans or power supplies at a moments notice. The RS3618xs above doesn't have things such as hotplug power supplies or even redundant power. Synology might have a higher grade series for that though.

@dave247 said in New customer - greenfield setup:

@scottalanmiller said in New customer - greenfield setup:

@dashrender said in New customer - greenfield setup:

Of course it's really only worthwhile where we can do SSL inspection (can this be down without installing certs on the clients to allow MiTM inspection?)

Nope, that's physically impossible. These types of devices I see as reckless because they are often poorly maintained, often made by questionable vendors (Sophos is fine, but many others are less respectable) and provide a single point of total egress of your data with nearly all assumed protections removed.

Hey Scott, can you elaborate a bit more on that - I'm talking about the recklessness of SSL inspection. I ask because my company has a Sonicwall NSA appliance and in the past I have attempted using the "DPI-SSL" feature (deep packet inspection) which required installing the Sonicwall cert on all systems and then the traffic would be intercepted and inspected. Despite me following their guide and applying the correct settings and site exceptions, I still had some issues and ended up scrapping the effort for now. I already know your opinion on Sonicwall but I just wanted to get more insight into the whole deep packet inspection effort.

There was a big study a couple of years ago:
https://www.thesslstore.com/blog/https-interception-harming-security/

Basically it's what Scott said.

@stacksofplates said in Staying at your shitty employer is your fault:

GitHub does the same, same with all FAANG. I've also interviewed at other tech companies that did the same. It's very common to pay the employee based on their primary location.

So after you're hired you'll get a raise if you move to a more expensive location?

@travisdh1 said in New customer - greenfield setup:

@pete-s said in New customer - greenfield setup:

@scottalanmiller said in New customer - greenfield setup:

@dashrender said in New customer - greenfield setup:

So the long and the short of it is - Scott is saying - no filtering is worth it, either on the employee side or the guest side.

i.e. the firewall is not a place to provide filtering (via either IP blocking or DNS website blocking) - there is not enough value if it has any cost.

Doing something simplish like Cloudflare's DNS filtering is worthwhile because there's no cost.

Yeah, I think that something simple like CloudFlare or even PiHole (or combine the two) can have good value because the cost is low and the value is basic.

You don't need any PiHole. You can set up DNS filtering policies on your free cloudflare account.

Just block every kind of external DNS queries in the firewall/router. Set the router to forward DNS to Cloudflare's 1.1.1.1. Cloudflare will detect your IP and filter your DNS results based on your policies.

https://developers.cloudflare.com/cloudflare-one/tutorials/secure-dns-network

I haven't played with it yet but there seems to be a lot of filtering options.

Custom filtering without cost? That's news to me. I've known about the 1.1.1.2/1.0.0.2 and 1.1.1.3/1.0.0.3 options of course.

Yes, they have a lot of new stuff beginning 2020. For instance a VPN solution, web application firewall etc. Some thing you need to pay for some but some that are free, depending on how many users etc.

They want to be everywhere on the edge for all traffic. Not just a DNS provider and a CDN solution.

@scottalanmiller said in New customer - greenfield setup:

@dashrender said in New customer - greenfield setup:

So the long and the short of it is - Scott is saying - no filtering is worth it, either on the employee side or the guest side.

i.e. the firewall is not a place to provide filtering (via either IP blocking or DNS website blocking) - there is not enough value if it has any cost.

Doing something simplish like Cloudflare's DNS filtering is worthwhile because there's no cost.

Yeah, I think that something simple like CloudFlare or even PiHole (or combine the two) can have good value because the cost is low and the value is basic.

You don't need any PiHole. You can set up DNS filtering policies on your free cloudflare account.

Just block every kind of external DNS queries in the firewall/router. Set the router to forward DNS to Cloudflare's 1.1.1.1. Cloudflare will detect your IP and filter your DNS results based on your policies.

https://developers.cloudflare.com/cloudflare-one/tutorials/secure-dns-network

I haven't played with it yet but there seems to be a lot of filtering options.