I set it up. I ran into some issues as the installation instructions weren't the best, but it is up and running.

Now I am trying to automatically connect my vulnerability scanners.

@dafyre said in Kvasir Security Management:

I'd be interested in hearing if it works with things like OpenVAS and such. The site & github lists a lot of commercial offerings like Nessus and Metasploit pro.

No OpenVas support as of now, but I hear that and Qualys are coming down the pipe.

@scottalanmiller said in Not even Microsoft cares about Windows Mobile:

I'm hoping to get a secondary Android this year, as a second phone I think that it would be ideal for me. I'm considering the Asus ZenFone Go and the ZenPhone 3 Zoom. The dual SIM card thing is a huge factor for me. As is the crazy long battery life.

Is this the apocalypse ?

@JaredBusch said in What do you use for Risk Management?:

@IRJ wow those add ons are not cheap. just reading names they each do not seem like they are worth that cost.

Their basic hosted cost would be more cost effective for many years.

I agree that the hosted version is much better pricewise and of course that is what is pushed by SimpleRisk. However, it's kind of scary having all your vulnerabilities on your network managed off site by a small company.

@JaredBusch said in What do you use for Risk Management?:

@IRJ said in What do you use for Risk Management?:

@JaredBusch said in What do you use for Risk Management?:

@IRJ wow those add ons are not cheap. just reading names they each do not seem like they are worth that cost.

Their basic hosted cost would be more cost effective for many years.

I agree that the hosted version is much better pricewise and of course that is what is pushed by SimpleRisk. However, it's kind of scary having all your vulnerabilities on your network managed off site by a small company.

I totally get that too. I have done software development. I get that it is not cheap. But those prices are just out of line.

Agreed. When we talked to the owner back in December about this we made a big stink about the price. Especially when much more robust Risk Management solutions are cheaper than SimpleRisk.

These other enterprise solutions are very complicated to implement. It would take a team of people to implement because the system is so complicated because it is actually setup to do calculations. SimpleRisk is simply a place to document risks. There is no need to tie them to values, assets, do calculations like ALE style calculations, etc.

Also when you consider you have at least a hundred users extensively using a system, Is $6k really that much? If you use support once or twice you could easily recoup your $6k back in saved time.

Some of the things I am learning from CISSP

Here is the answer this question of whether Microsoft's backup is sufficient:

• BIA needs to be done to assess how much downtime is acceptable.
• We must also determine at what level are restorations necessary (email, mailbox, etc)
• Once the downtime and level is determined, a policy should be made stating acceptable backups for the organization
• At this point, we can assess if Microsoft's Office 365's default retention is acceptable for your organization.

BIA
https://www.ready.gov/business-impact-analysis

I'd also like to add that data retention is usually a C-level policy that IT follows. If it fulfills policy requirements then it is sufficient.

@scottalanmiller said in Unitrends and Office365:

@IRJ said in Unitrends and Office365:

I'd also like to add that data retention is usually a C-level policy that IT follows. If it fulfills policy requirements then it is sufficient.

And in the SMB, many C level requirements come down to things like "does it have a backup", which is how we get into these kinds of problems

I came from SMB and the last two places I worked there was already a BIA done or I worked on one. At a minimum there has to be some type of prioritization for restoration of network services in case of disaster. Acceptable downtime should be defined by service. Which opens up a good discussion of backups on each service.

I get 100% reimbursement from my company on the passing attempt. So if I pass the first time, I will get 100% back.

@Reid-Cooper said in Renaming all user profiles to *.old:

Could always use it as an excuse to re-image the environment as well. Just take backups and do fresh installs.

This is my recommendation. If there is only one DC, you probably don't have more than a 100 domain joined devices, right?

I make slow decisions, but I went with the Asus AC1900

https://www.asus.com/us/Networking/RTAC68U/

I should get it in the mail by the end of this week or early next week.

@RojoLoco said in What router are you using at home?:

@IRJ said in What router are you using at home?:

@RojoLoco said in What router are you using at home?:

@IRJ said in What router are you using at home?:

I make slow decisions, but I went with the Asus AC1900

https://www.asus.com/us/Networking/RTAC68U/

I should get it in the mail by the end of this week or early next week.

I've got a non-AC version of the ASUS router. It has been perfectly stable.

Are you running Merlin?

Nope, dead stock.

So merlin is a fork from stock firmware. It just adds features to the stock firmware and even uses the same config file. So, in other words, you can change firmware from merlin to stock on the fly and nobody would be the wiser.

It also offers some performance updates and is updated more frequently than Asus stock firmware.

For anyone interested in the Asus 1900 at $79 here is a link for the Tmobile version which is the same hardware. You can flash the original firmware without issue.

Tmobile Asus AC1900 - $79
Asus Ac1900 - $144

Same hardware, etc.

https://www.amazon.com/T-Mobile-Wireless-AC1900-Dual-Band-AiProtection-Complete/dp/B01MYTAURW/ref=sr_1_2?ie=UTF8&qid=1494432831&sr=8-2&keywords=asus+ac1900

I'd try to apply the patch if possible, but you can also block port 445.

@Breffni-Potter said in The power of Chat in IT Support:

https://support.darait.co.uk

Live chat is on a best effort basis but quite a few end users love it.

What do you use for you knowledge base backend?

@Francesco-Provino said in Home Anti-virus:

@RojoLoco said in Home Anti-virus:

Webroot is the jam.

I just use a disponsable, self-resetting VM for internet. No problem whatsoever.

I do the same thing. It doesn't even feel much different than just using a browser when using VMWare workstation. Copy and paste, drag and drop work flawlessly between OS(es). Want to copy a file from a windows vm to ubuntu vm? Just drag and drop.

Expect to do work for $1 or $2 an hour. Way too many fake freelancers out there and they really devalue everyone.

You can get work for $10 an hour if you can really STAND OUT among the thousands of other freelancers.

@dafyre said in From where I can find ideal WordPress freelance projects?:

@scottalanmiller said in From where I can find ideal WordPress freelance projects?:

@IRJ said in From where I can find ideal WordPress freelance projects?:

You can get work for $10 an hour if you can really STAND OUT among the thousands of other freelancers.

Yeah, those marketplaces suck.

I went into it with the idea that I can name my price, essentially. Right now, it's just extra income for me, so if folks want to hire the $1 or $2 an hour guys, I'm ok with that. If they want to hire me, despite the fact I'm a little more expensive, that's fine too.

What are your rates? I found that even a low rate like $40 an hour is in the top 5% of what freelancers charge on those sites.

This is a great reference sheet.

https://1drv.ms/b/s!Ar6SLLNOJLHnmkHyMlmbHvg_m8lJ