It looks like you'd probably want ZRS

https://docs.microsoft.com/en-us/azure/storage/common/storage-redundancy

As far as Wasabi, I think it has proved to me not to be an enterprise solution over the outages. The pricing is so low in comparison to AWS and Azure, that it isn't much of a surprise they cut corners.

@Pete-S said in Want some Wasabi with that Azure Cloud?:

@IRJ said in Want some Wasabi with that Azure Cloud?:

@Pete-S said in Want some Wasabi with that Azure Cloud?:

@IRJ said in Want some Wasabi with that Azure Cloud?:

@Pete-S said in Want some Wasabi with that Azure Cloud?:

Different regions are there for a reason and it's not just geo-redundancy.
Fewer hops to your customers means faster service.

So putting you VMs in another region is not the same as having them where you want them to be.

So you can also use Azure CDN to resolve this even if you have instance in West, you can use their CDN to make it faster for use in East customers.

True, but that is only for static web content. Who knows what people are using their cloud instances for. Every workload is not a server running wordpress

Thats for alot more than wordpress. Nearly every web app has static content.

Yes, but there are a hundred millions things that are not web apps and has nothing to do with the web at all.

Yes, but it does way more than web apps. Mobile apps, streaming services, API, etc. Pretty much anyone interacting with data can use it. I agree it isnt a one size fits all, but it does handle ALOT of services.

I am in an all linux environment and I would really like to be able to view sql audit files from Linux. I tried opening the audit file with Azure Data Studio with no joy.

Does anyone know how I can view these audits in linux or if it is possible? MS says you need SSMS 2019 which isnt available for linux : /

@WrCombs said in how does this work? Modems/IPs/PCI Scans:

@IRJ said in how does this work? Modems/IPs/PCI Scans:

@WrCombs said in how does this work? Modems/IPs/PCI Scans:

@WrCombs said in how does this work? Modems/IPs/PCI Scans:

@pmoncho said in how does this work? Modems/IPs/PCI Scans:

@WrCombs said in how does this work? Modems/IPs/PCI Scans:

@pmoncho said in how does this work? Modems/IPs/PCI Scans:

@WrCombs said in how does this work? Modems/IPs/PCI Scans:

@WrCombs said in how does this work? Modems/IPs/PCI Scans:

@pmoncho said in how does this work? Modems/IPs/PCI Scans:

@WrCombs said in how does this work? Modems/IPs/PCI Scans:

Forgive the newbness ; But the way I understand this is: the Modem gives off the public IP - right?
then the devices behind the modem are under that public IP - right?
and then the firewall (router) give the Devices Private IP's.

For example; PCI scans scan the public IP ; not individual device IPs- Right?
so if there are 2 computers in an office; one handles credit cards, is behind a hardware firewall (is as compliant as you can be for this example ) and the other is not behind the hardware firewall (that the other Device is behind) but behind it's own. They scan the Public Ip and get a response from That PC - Right?
fail their test and then blame the other device (because thats the one they want to scan) and we have to some how magically fix it.

If this is wrong, I apologize. this is the way I understand it, and this is the way it's been explained to me.

Configuration of the FW means everything in this situation.

Very simple setup with only a single IP assigned from ISP.

Internet -> ISP modem -> Your Firewall (Your first assigned Public IP address they give you) -> Internal devices (LAN IP address).

In this situation, typically you will have many devices behind a single FW/Router and they will use a NAT mode called 1-to-many. To the world all devices will have your FW Public IP if you google "Whats my IP"

If this is your situation, without any other configuration, when PCI scans your Public IP it will hit your FW, not an internal device, computer one or two.

The configuration can go a bunch of different ways from the above and without knowing that, it is hard to tell you when or if (in your question) computer 2 will be scanned by PCI.

So the question is, does your FW/Router setup to do any other form of Network Address Translation (NAT) or Port Address Translation (PAT) or both?

If they want to scan your computer 2, your FW (if there is one) in front of computer 2 needs to be configured properly.

I have no way to check that;
I will keep that in mind.

in this situation, the 2nd PC (computer 2) is not behind any firewall, but a ISP provided modem and store bought router, not used for credit cards, but using the same modem.

side note I know that this is bad practice ; absolutely ridiculous that both of them are on the same network and one is not using the firewall; I understand this. My boss said this is how we do things, Because we protect our PC (for credit cards) even though I know it's wrong, It is what my boss said..

That's fine. They just have the networks separated (I was a little confused but understand a little more now).

Are one of these Firewalls or Routers wireless?
Is there wireless on the ISP modem?
If neither of the above, does the ISP modem have two separate cables going from WAN to LAN?

All of this is fine and will dictate how and external device (PCI scanner) gets correctly routed to the 1st and 2nd PC's as it seems like they are on separate networks.

i think one of them in wireless, and from my understanding they're are 2 cables from ISP Modem.

Wireless would explain it then (best guess here). The 2 cables may be one in and one out (WAN side and LAN side).

Are both of the PC's on the same network (e.g. 192.168.1.x/24)? (should have asked this first)

not to my knowledge.

expanding:

1. is on 192.168.168.x

2. is on 10.1.100.x (i believe)

Separate networks or vlans is common for wireless and wired networks.

I think your actual question is about how a single public IP address can be used for many private IP addresses? Is this your question?

The question Im thinking of is : Does a Modem give off a single IP , that when scanned could pick up other Devices that are not behind a dedicated firewall? (i.e. another device on the network that is not considered PCI compliant)

When scanning from the internet, you will only be able to see public IPs

192.168.x.x and 10.x .x.x wil always be private IPs and not accessible through the internet. However, through NAT through are about communicate outbound through the public IP located at the modem. You can also expose them inbound by using port forwarding.

It's starting not too look good. It looks like this may be more than a spear phishing attack at this point. Are you using any type of centralized logging? I would start looking for strange logs.

If you dont have a SIEM it might be a good time to deploy wazuh agents and ELK on your network.

Terminator is my favorite. Not sure if there is a Mac version.

@jmoore said in Looking For Alternate IT roles:

So I just need a plan then . I was thinking to just keep learning and get certifications about Microsoft stuff(mcsa), storage, VoIP, Linux of course, virtualization, and probably databases too. Does that sound like a good plan?

No it doesn't. It sounds like a shotgun approach. You need to pick a general area of expertise and specialize in it. Being an IT generalist is fine, but if you want more $$ you need to specialize.

Cloud is really the go to field right now. I know of several fortune 100 companies that are trying to go fully cloud in the next 4-6 years. Cloud is also great because you actually have to learn all the stuff you listed (except VOIP).

DevOps = Cross between IT admin and Engineer. It is almost solely scripting and command line based, which makes it awesome IMO.

It will makes sense of all the alerts and centralize everything

I wouldn't host there if they paid me to do it...

If I was running anything with ColoudAtCost, I would assume its a spot instance. In other words, it could be spun down at literally any time. Sometimes spot instances are ok for some testing functions, but its not something I usually see with colo.

The amount of downtime these guys have had in the past, not to mention the shady business tactics, you cannot trust them at all. I am sure they are cheap as hell.

I wouldn't trust their physical security at all. They have blatantly lied to customers before and they'll do it again. Just because they have cameras doesn't mean they give a shit. If something bad happened, I doubt they would disclose anyway. When you are a crook legal contracts mean nothing.

It was found that apt-key in apt, all versions, do not correctly validate gpg keys with the master keyring, leading to a potential man-in-the-middle attack.

https://nvd.nist.gov/vuln/detail/CVE-2011-3374

Note: This does not affect Ubuntu just certain downstream versions of Debian. Ubuntu uses a separate package manager. You can read the email thread about it here

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480

Elk stack integrates with wazuh and does an amazing job of correlating events. You get custom security dashboards and can monitor literally everything. The rule sets are very extensive with many correlations built in.

It's FOSS and well supported by the community

https://wazuh.com/

Are you seeing logs to confirm AVG is actually deleting the files?

You dont really need AAD, though.

You could ditch AD and just get SSO like Okta or Jumpcloud.

If you use a service like jumpcloud you can require MFA to do things like login to systems with separate accounts (just like ad) systems need to have an agent installed, but you get the same centralized management and its done locally.

If you want even more features you integrate that with something even more advanced like Okta Advance Server Access which creates groups and sets permission on fly from a centralized location. It is certficate based and allow you to authenticate once with short lived cert, but anytime you call action it reaches out to directory to make sure account still has appropriate permissions.

@Fredtx said in AVG deleting data:

@IRJ

I did not find any logs that show the files being removed. I did find logs that show when AVG reported the disk space was less than what it was that morning. It appears Scan Reports are not enabled by default though, which is a setting you must enable. This one was not. I also found we have a 3rd instance of these happening to another customer. The tech removed AVG with the removal tool. Then, boom. Files are all gone. We are trying to mitigate the problem in our lab. Hopefully we find out something.

Setup FIM to see what is causing it 100%

After using LibreOffice for a few years now, I can say that MS Office is worth the $$$

This part of the reason we are seeing more SaaS based solutions, and part of a reason the Online Office discussion was so important. If you are using SaaS based apps and a suite like Office Online or Zoho you basically have very little risk.

Workspaces become disposable and a variety of different, more secure platforms can be introduced like Unix based systems.