@dbeato said in Protek Support MSP Ransomware Hits Customers in Salt Lake City, Utah:
I think that if it was VPN, still bad practice to have VPN from MSP or any other systems that unprotected. MSPs should not need to have VPN to customers at all.
And vendors wonder why I wonโt let them VPN into my network.... ha
Last week was fantastic!
Drove to Greeley, CO - ok that was boring.
Drove to Moab - visited Arches National Park - drove a 4x4 trail - my friend nearly freaked out.. It was awesome!
Drove to Zion National park - walked The Narrows! - man, can't wait to go back.
Drove to Las Vegas - at at Gordan Ramsey's Steak - had the tasting menu - the Beef Wellington was meh at best, the rest was fantastic!!!
Drove to Hoover Dam took some dam pictures
Drove to Grand Canyon Skywalk - paid for the skywalk - was a let down!!! visit other viewing point in that area - SO MUCH BETTER than the over priced, no pictures allowed skywalk...
Drove to AZ south rim Grand Canyon - hiked the 3 mile trail, very scenic!
Visited Bedrock - Fred Flinstone's home town and watched a raptor show - and got to hold the raptor (on a a glove of course).
Drove to Four Corners - it was exactly what I expected - a plaque marking where the four states meet, took a picture and continued on...
Drove back to Greeley, CO -
and lastly,
Drove home.
58 hours in the car, 3200 miles, 5 states, 3 National Parks, a million pictures - great time!
As some might recall, I ran into Wiztree a month ago. I asked the author to look into adding it to Chocolatey.
And he did.
https://chocolatey.org/packages/wiztree/3.17
It's been a good year for Dashrender - down 40 Lbs since January!
Brought my mile time from 8:29 to 6:47.
Only bad thing - good cholesterol is a bit low (but bad cholesterol is in the good range). Doc suggested I drink Red Wine to improve the good Cholesterol.
Just read about this free book on that other site, thought i would share a link to it here.
I was restoring some files from our backups when I ran across this.
These files have been sitting there for a month plus. Unbelievably it appears that non of my other network shares were affected by this.
OMG - I think we some how dodged this bullet.
@krzykat said in Mobile Range Extender:
Yes, they want carrier independent. As for WIFI it is either there or can be, but then there is the issue of MMS doesn't work over WIFI. That is something they are looking for. The one's that I've done in the past were for specific use cases that were locked to the carrier (but that's not the use case here).
You're definitely going to be looking at an expensive system - you have to be able to receive and rebroadcast a whole host of frequencies to cover all carriers - have fun with that project.
@scottalanmiller said in Mobile Range Extender:
@krzykat said in Mobile Range Extender:
Yes, they want carrier independent. As for WIFI it is either there or can be, but then there is the issue of MMS doesn't work over WIFI. That is something they are looking for. The one's that I've done in the past were for specific use cases that were locked to the carrier (but that's not the use case here).
MMS doesn't work over wifi? It works here over wifi.
I could have sworn YOU were the one who told me SMS/MMS doesn't work over WiFi.
So the long and the short of it is - Scott is saying - no filtering is worth it, either on the employee side or the guest side.
i.e. the firewall is not a place to provide filtering (via either IP blocking or DNS website blocking) - there is not enough value if it has any cost.
Doing something simplish like Cloudflare's DNS filtering is worthwhile because there's no cost.
@scottalanmiller said in New customer - greenfield setup:
@dashrender said in New customer - greenfield setup:
@scottalanmiller said in New customer - greenfield setup:
@dashrender said in New customer - greenfield setup:
but SSL inspection on guest - nope, not interested... Hell I'd be more worried about being sue for breach of privacy.
Well you CAN'T do it without seriously breaking the law (and pulling some magic super computing stuff.) It's federally criminal to attempt without the customer voluntarily handing over their computer to you which absolutely no one will do. And it's a lot of work for someone just sitting in an office trying to watch porn.
You missed the reality of what I was saying -
I've been on guest wifi networks that sent you to a captive portal and required you to install their SSL cert so you could surf, and they could intercept all your traffic.
I was saying I was unwilling to make that a requirement on this client's network (they haven't asked for it, and I as their current IT wouldn't recommend it if they did).
I thought that that WAS what they were asking for as it is the only means of doing the thing that they requested. Requesting web monitoring and filtering, and demanding the end users (guests) install a cert are one and the same in this case.
no - web filtering simply based on DNS query was MY thinking on the guests.
SSL interception would only be for employee devices.
Yeah - either WiFi calling - or get a femtocell from the carrier.
I'm guessing this person wants a carrier-less solution though? Those that I have seen that work are very expensive.
@jaredbusch said in Import a QCOW2 Into Proxmox:
@dashrender said in Import a QCOW2 Into Proxmox:
@scottalanmiller said in Import a QCOW2 Into Proxmox:
@jaredbusch good point, Linux doesn't "detect non-local" like Windows does.
ug.. what a pain that is!
ummm wut?
that windows detects SMB shares as remote.
@scottalanmiller said in New customer - greenfield setup:
@jaredbusch said in New customer - greenfield setup:
@scottalanmiller said in New customer - greenfield setup:
Well you CAN'T do it without seriously breaking the law (and pulling some magic super computing stuff.) It's federally criminal to attempt without the customer voluntarily handing over their computer to you which absolutely no one will do. And it's a lot of work for someone just sitting in an office trying to watch porn.
Most common people will simply get the portal, tap anything it says and thus agree to it all. So yeah, you are wrong that no one does it.
Is that all that it takes to get the phone or computer to install the certs and hand over man in the middle access? I've not done it, because... only a crazy person would.... but I thought it took several steps and a lot of warnings from most mobile devices.
Yeah - there are a few warnings... but most people will simply accept it and start surfing - it's crazy... they have no clue what they are giving up. and even worse a surprising number wouldn't care even if you got them to actually understand it.
@jaredbusch said in New customer - greenfield setup:
@scottalanmiller said in New customer - greenfield setup:
Well you CAN'T do it without seriously breaking the law (and pulling some magic super computing stuff.) It's federally criminal to attempt without the customer voluntarily handing over their computer to you which absolutely no one will do. And it's a lot of work for someone just sitting in an office trying to watch porn.
Most common people will simply get the portal, tap anything it says and thus agree to it all. So yeah, you are wrong that no one does it.
Exactly - I have seen this - exactly once - and myself just walked away from that access point.
@scottalanmiller said in New customer - greenfield setup:
@dashrender said in New customer - greenfield setup:
but SSL inspection on guest - nope, not interested... Hell I'd be more worried about being sue for breach of privacy.
Well you CAN'T do it without seriously breaking the law (and pulling some magic super computing stuff.) It's federally criminal to attempt without the customer voluntarily handing over their computer to you which absolutely no one will do. And it's a lot of work for someone just sitting in an office trying to watch porn.
You missed the reality of what I was saying -
I've been on guest wifi networks that sent you to a captive portal and required you to install their SSL cert so you could surf, and they could intercept all your traffic.
I was saying I was unwilling to make that a requirement on this client's network (they haven't asked for it, and I as their current IT wouldn't recommend it if they did).
@jaredbusch said in New customer - greenfield setup:
@dashrender said in New customer - greenfield setup:
These are my thoughts as well, it's one of the draw backs to Ubiquiti gear - limited to 4 VLANs on WiFi (at least used to be).
The limit is 4 SSID. Of course that also means 4 VLAN max, since the VLAN is tied to the SSID. But the limit is not VLAN.
aww - yes, you're starting it right... but clearly you understood my end point. 
Thanks for the correction.
