1. This goes without saying but VLAN them unto a separate network and allow whitelist only traffic.

2. Setup a bastion host in this network to administer them. So setup a Windows Server 2019 server only allow incoming RDP traffic to that. Then specifically allow that server exclusively to RDP to your 2008R2 servers

3. Setup some type of tool that completely locks down processes and doesnt allow any files to be created on the instances

https://www.symantec.com/products/data-center-security

4. You could also setup an alternate directory for this domain and create a trust (or dont).

This is right in my backyard. I work and live only a few miles from Kennedy Space Center.

https://www.theguardian.com/us-news/2016/sep/01/spacex-explosion-launch-site-florida

WP 5.3 and earlier has vulnerabilities that could lead to attacker control of website.

https://wordpress.org/news/2019/12/wordpress-5-3-1-security-and-maintenance-release/

@scottalanmiller said in Seagate Sued by Own Employees Over Security Breach:

Tagging @stus

I read the Knowbe4 Blog Daily. I love it!

I saw this attack on there this morning.

I just hope he is not thinking about hosting it for others

https://wikileaks.org/vault7/#Angelfire

CIA is at it again

@dave247 said in Looking for some insight/input for setting up a "hot site"/fail-over environment:

We have a few locations that are all relatively close by

That is probably the craziest thing about going through all this hassle and being in the same geographic region. I would seriously consider a colo outside of the area. I mean you do all that work and put in all these expenses and you have an area wide disaster and its potentially gone.
Colocation costs are not much more than hosting at your own facility.

I also love how she used the Hurricane as a reason to reach out as a sales person.

Because the day after a hurricane hits, you want to reach out to a sales person about buying security software....

Create a new file in /etc/pm/sleep.d

vi /etc/pm/sleep.d/bluetooth_restart

Add the following contents to the file. You will want to replace sudo service restart bluetooth section with your own commands or point to your own script

#!/bin/sh
case "$1" in
    thaw|resume)
        sudo service bluetooth restart
        ;;
esac

Now when you system wakes up it will automatically perform this action.

@DustinB3403 said in Why big ISPs aren’t happy about Google’s plans for encrypted DNS:

@IRJ said in Why big ISPs aren’t happy about Google’s plans for encrypted DNS:

@JasGot said in Why big ISPs aren’t happy about Google’s plans for encrypted DNS:

@IRJ said in Why big ISPs aren’t happy about Google’s plans for encrypted DNS:

this makes search engine data much more valuable

Follow the money, right? Good catch!

Definitely a good thing overall, but as expected something is always in it for Google

It's called money, yes Google is a for profit company. Get over it.

The people that use duckduckgo are the true winners here

https://aws.amazon.com/blogs/compute/configuring-and-using-monitoring-and-notifications-in-amazon-lightsail/

https://www.coalfire.com/News-and-Events/Press-Releases/Coalfire-CEO-Tom-McAndrew-statement

They should be required to do audits and pen testing yearly due to requirements of government systems. It sounds like solar winds worked with pen testing firms that that just gave passing grades. Sometimes organizations purposely hire bad security talent so they don't get exposed as doing a bad job. Some security firms are just happy to get a big customer's pay check, especially when they just give a thumbs up with no work being done.

https://ubuntu.com/blog/introducing-the-ubuntu-aws-rolling-kernel-2

Going LANless has a ton of advantages

I have owned a firestick since it was first released. I ordered it the first day it was available only to prime members. I absolutely love it.

One thing I really like about the firestick and firetv is that you can easlily remotely install android apk files (apps). I have installed several emulators (SNES, NES, and N64.) and copied over games. They have all worked great minus N64. The only reason I don't like N64 is because there isn't enough buttons on the gamepad to properly play most games.

I have also installed NFL apps, browsers, and some other various apps. Basically you can install anything as long as there is an android apk available for download (free apps of course).

I am getting the shakes reading this. I know it's a customer, but fuck I guess their data isn't remotely important to them. I'm surprised it lasted to 2020. Maybe they will learn a valuable lesson from this and not fuck up again this bad.

Good luck this is going to be an annoying task. I would have told the customer good luck as they obviously don't value their data at all! That's not a customer I'd actively choose. This is going to cost them thousands of dollars in support hours. Too bad they didn't migrate 10 years ago when they were supposed to do that.

I guess this brings up another point. At what point do you tell a customer to pound sand? I'm not sure many MSPs or consultants would even take this job.

@Dashrender said in encrypted email options?:

Then Scott posts that real secure/encrypted email is basically nothing more more than TLS based transit encrypted delivery.

I wouldn't worry about Scott's definition of things. OME is well accepted as email encryption, even though Scott will argue that it technically isn't. We could get into the weeds about things technically and start an argument that doesnt matter or we could ask ourselves a few important questions.

1.) Is the data actually encrypted?
2.) Is authentication required to access the data?
3.) Is this an accepted industry standard?
4.) Can I bring my own key to ensure no one else can read the data, if I dont trust Microsoft?
5.) Will it easily integrate with my current solution?

The answer to all those is Yes from OME. Why would you setup a more complicated solution just so it can be technically encrypted email? Who gives a shit about the email itself? It is the data you are trying to protect.

No IT department that I have ever seen functions as Scott claims. I have known a few IT people that like to argue about things like this, but in the end they end up wasting time and actually hurting the business. Bringing a more complicated solution in this case solves nothing and only creates issues.