I agree with @scottalanmiller on this. I would definitely consider appliances as linux servers because they are 100% servers.
A server is:
a computer or computer program that manages access to a centralized resource or service in a network.
They are generally running an offshoot of a major distro, so how aren't they servers?
@Dashrender said in What percentage of servers in your organization are Microsoft?:
@IRJ said in What percentage of servers in your organization are Microsoft?:
I agree with @scottalanmiller on this. I would definitely consider appliances as linux servers because they are 100% servers.
A server is:
a computer or computer program that manages access to a centralized resource or service in a network.They are generally running an offshoot of a major distro, so how aren't they servers?
well, if we're going to go down this road, than many of us have dozens of servers, and most of us probably find that we have 'nix that Windows by a long shot!.
Is that what the OP was looking for? eh @IRJ? is that what you wanted to know?
I guess I have to add XS server and ESXi server and my Buffalo NAS, and my Mitel VOIP server (no clue, but I would assume a 'nix unpinning), etc.
I was just curious to see what other environments looked like. I didn't need anything in particular answered.
An appliance ALWAYS acts as a server. You can debate whatever else you want, but what everyone considers as an appliance functions as a server.
@art_of_shred said in What Makes Something An Appliance:
@scottalanmiller said in What Makes Something An Appliance:
@IRJ said in What Makes Something An Appliance:
The big question for me is do you have to install an operating system and/or use an operating system license?
That's useful but, often the answer is yes or no in nearly all cases. I can't think of any uniformity there.
If it comes as an appliance by the terms I described, no you would never have to install or license an OS.
so is Windows ruled out as an appliance OS?
Oh I almost forgot. There is another project called Sentora which is fork from zpanel. Kind of like the owncloud and nextcloud fork.
Encryptr looks like an interesting password management tool. It's 100% free and open source.
@travisdh1 said in NextCloud / Owncloud User registration:
How I want to do it: Send them a temp password via another form of communication.
I was hoping for something a little more elegant.. lol
@JaredBusch said in NextCloud / Owncloud User registration:
I sent this email yesterday.
I saw that was a "resolution" listed on a thread. Tell the user to reset their password using the link. It really seems unnecessary. I would think this kind of functionality would be baked into version 1.0, but here we are years later and something so simple has not been implemented.
@JaredBusch said in NextCloud / Owncloud User registration:
@IRJ said in NextCloud / Owncloud User registration:
I saw that was a "resolution" listed on a thread. Tell the user to reset their password using the link. It really seems unnecessary. I would think this kind of functionality would be baked into version 1.0, but here we are years later and something so simple has not been implemented.
User creation, by an admin, has pretty much never changed or been addressed in the life of the product form what I can tell.
Yeah. I also thought it was odd that email address is not a default user field.
@JaredBusch said in NextCloud / Owncloud User registration:
@JaredBusch said in NextCloud / Owncloud User registration:
Might be a way to restrict it to certain domains or something.
Yup,
Purrrrfect
I setup canned responses for a local pool service on OSticket. Their customers loving getting an email notification everytime their pool is serviced.
There isn't too many variants when doing pool cleaning. I believe we made about 10 different responses.
@momurda said in CISSP vs CASP:
Doesnt the cissp require you to have and demonstrate at least 5 years security job xp to be able to even register to take the test?
Yeah, but right now I have 6 years total experience.
@momurda said in CISSP vs CASP:
Doesnt the cissp require you to have and demonstrate at least 5 years security job xp to be able to even register to take the test?
and not quite. You just have to have experience in 2 out of the 8 domains. Even a physical security guard is eligible to claim experience as physical security is one of the domains. Also you can substitue certs such as CEH, MCSA, MCSE, Security +, etc.
This is why USB control is so important. It's isn't too difficult to make your own malicious USB drives, and even easier to use one like this.
@scottalanmiller said in Scam Of The Week: The Evil Airline Phishing Attack:
@IRJ said in Scam Of The Week: The Evil Airline Phishing Attack:
@RojoLoco said in Scam Of The Week: The Evil Airline Phishing Attack:
@scottalanmiller said in Scam Of The Week: The Evil Airline Phishing Attack:
@IRJ said in Scam Of The Week: The Evil Airline Phishing Attack:
@mlnews said in Scam Of The Week: The Evil Airline Phishing Attack:
@IRJ said in Scam Of The Week: The Evil Airline Phishing Attack:
Is there an actual blog link so I can share?
https://mangolassi.it/topic/13150/scam-of-the-week-the-evil-airline-phishing-attack/
Believe me I love mangolassi, but sending management to a forum to read a security article, probably won't be as effective as sending them to a blog link.
btw
https://blog.knowbe4.com/scam-of-the-week-the-evil-airline-phishing-attackWhat makes management respond to one form of blogging in one way and not the other? That reaction should be a security concern. The difference between a blog and a forum is only one of perception.
Sure, but if an individual knows that their boss would prefer blog post A to forum post B, then you give them the blog post instead of trying to convince them that their perception is skewed. That's called "keeping your job 101".
It has to do with legitimacy. Sure anyone can build a corporate style website, but it's quite a bit of effort compared to making a post on a forum and acting like an expert. Also, KnowBe4 is a known player and they produce regular, reputable content.
But it was KnowBe4 making the post here. I was taking that into account.
right, but my manager wouldn't have known. That is all I was saying
@scottalanmiller said in Scam Of The Week: The Evil Airline Phishing Attack:
@JaredBusch said in Scam Of The Week: The Evil Airline Phishing Attack:
@IRJ said in Scam Of The Week: The Evil Airline Phishing Attack:
What it boils down to is Knowbe4.com is a known security source, and ML is not a well known source. I enjoy ML and learn more about security from ML than any single blog, but in the instance of sharing information with higher up managers it is much easier to have easily verifiable source.
And a thread that does not get overrun by @scottalanmiller's ego.
Just pointing out the logic that both are blogs/communities. Feeling that blog is good and community is bad is not a good security practice since it is purely an impression alone that separates the two.
I never once said the community was bad. As you already know I am on here nearly everyday and probably 10-15 times a day. All I said that it is better to share a the original source link for this specific instance.
I have shared specific ML threads when showing resolutions to problems before.
As I explained earlier, I would never use SW as a news source due to the nature of forums. Even though SW is well known.
You wouldn't send your boss an email about server 2008 r2 EOL from a post on Microsoft Answers. You would send the official Microsoft page. In this instance both sites are run by MS, but due to the nature of forums almost anyone would share the official source.
I get their emails everyday and have to act on them as part of my job. All their emails are classified at a different level.
This looks like a cool open source tool that is meant for tracking security vulnerabilities among customers. Since there quite a few MSPs on here, I figure somebody may already be using it.
Is anyone using it?
