@wrcombs You too buddy!

we had a complete outage last night. a trucker decided to drive through our campus around midnight,I guess he was lost, and knocked down a telephone poll which took out transformers and our fiber. So we had no power or connectivity until very recently

@wrcombs Oh tacos. I need. As an aiside, I forgot my lunch today too lol. Happy Tuesday to you too!

@dafyre said in How to Layer Your Security Needs:

@scottalanmiller said in How to Layer Your Security Needs:

UTMs to avoid...

My feeling here is that the only real UTM worth considering is Palo Alto. Deploying anything less just doesn't make sense. UTMs are full of problems and their value comes from being insanely comprehensive, which is what PA does. Other UTM products that are cheaper tend to be from unreliable vendors and of questionable value.

Speaking from experience here, I will agree with this statement. I've run some UTM setups that came Prepckaged (Fortinet, Smoothwall, Untangle), and I have built some around Suricata (or Snort), Squid, DansGuardian, ClamAV and Shorewall.

These things are not easy to build right and do well. They all did Firewalling and routing right, but something screwy with other things like Traffic shaping or application filtering. Even tweaking them for your environment can be more of a pain than it's worth.

Yeah I don't know about all of those but Snort and Untangle can be difficult if you don;t have a lot of experience with using them. Not that they can't be figured out but its as you said, a pain...

@dafyre Lol you are correct, I was just being lazy

@dashrender said in How to Layer Your Security Needs:

@scottalanmiller said in How to Layer Your Security Needs:

@jmoore said in How to Layer Your Security Needs:

@scottalanmiller said in How to Layer Your Security Needs:

AV....

There are several decent AV vendors, and tons of terrible ones. In most cases, I would just stick with Windows Defender. If you are going to get into the Windows ecosystem and don't trust Windows security, you need to rethink what you are doing.

Understandably getting a central console for AV can be important, so products like Webroot can be great. They are one of the few AV companies that haven't done something to make me really question their integrity or quality.

that makes a lot of sense. I read in lots of places when people ask for AV recommendations it is always somethign different and Defender is barely mentioned. Why is that then?

Because no one makes money pushing Defender.

Plus people are MS haters.

You are right on that. I mean I don't like a lot of things either but if your business is built around Microsoft products then it really does make sense to use Defender for most people

@wrcombs Morning to you as well!

@scottalanmiller said in How to Layer Your Security Needs:

@jmoore said in How to Layer Your Security Needs:

@travisdh1 said in How to Layer Your Security Needs:

@jmoore said in How to Layer Your Security Needs:

@travisdh1 said in How to Layer Your Security Needs:

My preferred config?

Firewall -> Local Anti-Virus and ransomeware prevention.
IDS/IPS at the network level along with asset monitoring.

Depending on the needs of the organization, more can be added on, but I'd consider that the starting point to not be without.

I have used Snort before and i think it did those functions. What do you recommend using for IDS/IPS protection on Windows and on Linux?

I'm going to be installing Wazah here this week. While it'll be the first time I've used that specific software setup, it has OSSEC as it's base which I have used quite often. I'm looking forward to seeing how Wazah compares to some of the paid solutions out there.

Also, like @scottalanmiller already said, IDS/IPS exists at the network level, not the OS.

Ok that is what I am confused about. Where does IDS sit at physically on the network? firewall?

Nothing should ever sit on the firewall, nothing. Proper "anything network" should be a VM that may or may not get all network traffic, depending on the task.

Oh I see now, thanks

@rojoloco I recently did that and am mostly done. If anything pops up you have questions about Ill help if I can

@storageninja said in Do You Need Two AD Domain Controllers? SAMIT Video:

Any RMM worth it's salt (get it, a SALT joke)

Hilarious!

@zachary715 We have Chipotle's here. I tried once a long time ago but was not a fan. Everythign is so unseasoned. Very bland to me so I don't like it.

Where is a good place to get Ubiquity products, Baltic?

@wrcombs Oh taco tuesday, you got me!

@jaredbusch said in The Basics of VoIP SAMIT Video:

Details for those that want more: https://mangolassi.it/topic/11322/jared-busch-voip

Really enjoyed this video session. I understand there are many business advantages but out of curiosity are there any cool things you can do at home with voip that are unusual and you can't do with cell service?

@wrcombs Good morning!

I have used Dashlane for years personally and always liked it. We have a few people on LastPass at work but I don't like it as much but it still does the job. I didn't article yet though so hope they made the list.

Lunch. Brahms with a double bacon cheeseburger, fries, and peanut butter cup shake.
Other than that it is early registration and users have chosen today to do all their stupid stuff at once. Also been programming our new dorm locks for keyless entry

@scottalanmiller said in Thoughts on how I could improve my network security?:

But, like all things of this nature, I've presented my side as to "why" keeping firewalls and the things considered "UTM functions" in separate places.

Now, some feel the opposite. For those that want to say that UTMs (putting lots of applications together onto the router/firewall box) is better than the normal industry standard practice of keeping applications isolated, please present your reasons for wanting that. I've presented solid reasons, that you might not agree with, for why I'd follow industry best practice here. I don't remember anyone saying why they'd do the opposite, only questioning why I'd not do it, which isn't the same as presenting a reason.

So I'm asking... what's the reasons for going against the grain in this one case? There are exceptions to most every rule, but I've not seen anyone anywhere ever present an argument for UTMs, only that they'd use them despite the reasons against them.

It is not only the IT industry that does this. The audio/video industry does this also, maybe others do too. In a business or enterprise setup we never use equipment that contains all the functions in a single box, which is analogous to UTM's in the IT space. We separate out all the functions because it is more versatile, more reliable, usually more cost effective, and easier to troubleshoot issues. Do companies make boxes that include a pre-amp, amp, tuner, networking, storage, disc players, switchting, video processors and sound processors? Yes they do. Should you ever use one if your a business? Absolutely not if you can avoid it. If you have no other choice, like if someone else bought it and its your job to support then you just have to make do. If you have the budget then use separates, whether vm's or physical devices if you can't use a vm.

Good luck buddy wherever you end up at!

@dashrender said in Thoughts on how I could improve my network security?:

@jmoore said in Thoughts on how I could improve my network security?:

@scottalanmiller said in Thoughts on how I could improve my network security?:

But, like all things of this nature, I've presented my side as to "why" keeping firewalls and the things considered "UTM functions" in separate places.

Now, some feel the opposite. For those that want to say that UTMs (putting lots of applications together onto the router/firewall box) is better than the normal industry standard practice of keeping applications isolated, please present your reasons for wanting that. I've presented solid reasons, that you might not agree with, for why I'd follow industry best practice here. I don't remember anyone saying why they'd do the opposite, only questioning why I'd not do it, which isn't the same as presenting a reason.

So I'm asking... what's the reasons for going against the grain in this one case? There are exceptions to most every rule, but I've not seen anyone anywhere ever present an argument for UTMs, only that they'd use them despite the reasons against them.

It is not only the IT industry that does this. The audio/video industry does this also, maybe others do too. In a business or enterprise setup we never use equipment that contains all the functions in a single box, which is analogous to UTM's in the IT space. We separate out all the functions because it is more versatile, more reliable, usually more cost effective, and easier to troubleshoot issues. Do companies make boxes that include a pre-amp, amp, tuner, networking, storage, disc players, switchting, video processors and sound processors? Yes they do. Should you ever use one if your a business? Absolutely not if you can avoid it. If you have no other choice, like if someone else bought it and its your job to support then you just have to make do. If you have the budget then use separates, whether vm's or physical devices if you can't use a vm.

I take it you don't like audio receivers then?

I do not. They will work but the sound is always better if you use separates. If something breaks in the receiver then you fix or replace the whole unit so its usually more expensive. If you want to mix and match components you can't do that either with a receiver or with any other multifunction boxes. Just my opinion.