@scottalanmiller said in How to Layer Your Security Needs:

InTune pricing is $72 - $144 per user, per year.

wow thats expensive for reporting

@travisdh1 said in How to Layer Your Security Needs:

My preferred config?

Firewall -> Local Anti-Virus and ransomeware prevention.
IDS/IPS at the network level along with asset monitoring.

Depending on the needs of the organization, more can be added on, but I'd consider that the starting point to not be without.

I have used Snort before and i think it did those functions. What do you recommend using for IDS/IPS protection on Windows and on Linux?

@scottalanmiller said in How to Layer Your Security Needs:

@jmoore said in How to Layer Your Security Needs:

@scottalanmiller said in How to Layer Your Security Needs:

@jmoore said in How to Layer Your Security Needs:

@scottalanmiller said in How to Layer Your Security Needs:

@jmoore said in How to Layer Your Security Needs:

Any brands of firewalls or AV to avoid?

Loads and loads. It's more the other way around, which make sense to consider.

For firewalls, first you can't lump firewalls and UTM together. Different animals from different vendors.

I thought UTM's were firewalls with a lot more features. Kind of like, a do everything security box?

They are, sort of. UTM means "firewall plus loads of applications." It's a silly thing. The firewall is still the firewall, the UTM functionality is apps running on top of the firewall's processor.

ok I see. I have never liked designs like that. I do prefer the independent designs as things just seem to work better and easier by configuring each functionality separately as you need it.

And your firewall you want to be 100% screaming fast and 100% reliable. Putting UTM functions on there is just asking things to fail.

yeah that whole concept sounds like putting a gui, email client, and a music app on your fedora server. just not needed.

@dashrender said in How to Layer Your Security Needs:

@scottalanmiller said in How to Layer Your Security Needs:

@jmoore said in How to Layer Your Security Needs:

@scottalanmiller said in How to Layer Your Security Needs:

AV....

There are several decent AV vendors, and tons of terrible ones. In most cases, I would just stick with Windows Defender. If you are going to get into the Windows ecosystem and don't trust Windows security, you need to rethink what you are doing.

Understandably getting a central console for AV can be important, so products like Webroot can be great. They are one of the few AV companies that haven't done something to make me really question their integrity or quality.

that makes a lot of sense. I read in lots of places when people ask for AV recommendations it is always somethign different and Defender is barely mentioned. Why is that then?

Because no one makes money pushing Defender.

Plus people are MS haters.

You are right on that. I mean I don't like a lot of things either but if your business is built around Microsoft products then it really does make sense to use Defender for most people

@scottalanmiller said in How to Layer Your Security Needs:

@jmoore said in How to Layer Your Security Needs:

@scottalanmiller said in How to Layer Your Security Needs:

@jmoore said in How to Layer Your Security Needs:

Any brands of firewalls or AV to avoid?

Loads and loads. It's more the other way around, which make sense to consider.

For firewalls, first you can't lump firewalls and UTM together. Different animals from different vendors.

I thought UTM's were firewalls with a lot more features. Kind of like, a do everything security box?

They are, sort of. UTM means "firewall plus loads of applications." It's a silly thing. The firewall is still the firewall, the UTM functionality is apps running on top of the firewall's processor.

ok I see. I have never liked designs like that. I do prefer the independent designs as things just seem to work better and easier by configuring each functionality separately as you need it.

@dashrender said in How to Layer Your Security Needs:

@scottalanmiller said in How to Layer Your Security Needs:

AV....

There are several decent AV vendors, and tons of terrible ones. In most cases, I would just stick with Windows Defender. If you are going to get into the Windows ecosystem and don't trust Windows security, you need to rethink what you are doing.

Understandably getting a central console for AV can be important, so products like Webroot can be great. They are one of the few AV companies that haven't done something to make me really question their integrity or quality.

If you need centralized reporting on Windows Defender, you can purchase Intune.

I have not used it yet but I heard it was pretty cool. Thanks I will look into it more

@dafyre said in How to Layer Your Security Needs:

@scottalanmiller said in How to Layer Your Security Needs:

UTMs to avoid...

My feeling here is that the only real UTM worth considering is Palo Alto. Deploying anything less just doesn't make sense. UTMs are full of problems and their value comes from being insanely comprehensive, which is what PA does. Other UTM products that are cheaper tend to be from unreliable vendors and of questionable value.

Speaking from experience here, I will agree with this statement. I've run some UTM setups that came Prepckaged (Fortinet, Smoothwall, Untangle), and I have built some around Suricata (or Snort), Squid, DansGuardian, ClamAV and Shorewall.

These things are not easy to build right and do well. They all did Firewalling and routing right, but something screwy with other things like Traffic shaping or application filtering. Even tweaking them for your environment can be more of a pain than it's worth.

Yeah I don't know about all of those but Snort and Untangle can be difficult if you don;t have a lot of experience with using them. Not that they can't be figured out but its as you said, a pain...

@scottalanmiller said in How to Layer Your Security Needs:

@jmoore said in How to Layer Your Security Needs:

Lastly, how do you layer your security if its different than usual?

I'm totally focused on LANless design. Nothing on my network should be protected by something at the network level. Not that network protection should not exist, but it should never matter. Most attacks come from the LAN, not the WAN, and if your protection sits at the WAN barrier, most attacks will have already bypassed it.

Every device that we have, we treat as if it is going to sit directly on the Internet. Nothing is exposed, nothing trusts the LAN. There are exceptions for non-LAN networks like a pure play SAN or cluster interconnects.

So by lanless you mean it is protected as much as possible at the workstation level and not relying on a UTM to do all the work for it instead?

@scottalanmiller said in How to Layer Your Security Needs:

AV....

There are several decent AV vendors, and tons of terrible ones. In most cases, I would just stick with Windows Defender. If you are going to get into the Windows ecosystem and don't trust Windows security, you need to rethink what you are doing.

Understandably getting a central console for AV can be important, so products like Webroot can be great. They are one of the few AV companies that haven't done something to make me really question their integrity or quality.

that makes a lot of sense. I read in lots of places when people ask for AV recommendations it is always somethign different and Defender is barely mentioned. Why is that then?

@scottalanmiller said in How to Layer Your Security Needs:

UTMs to avoid...

My feeling here is that the only real UTM worth considering is Palo Alto. Deploying anything less just doesn't make sense. UTMs are full of problems and their value comes from being insanely comprehensive, which is what PA does. Other UTM products that are cheaper tend to be from unreliable vendors and of questionable value.

I knew Palo Alto made good stuff but did not know they did not have hardly any competition. Good info

@scottalanmiller said in How to Layer Your Security Needs:

@jmoore said in How to Layer Your Security Needs:

Any brands of firewalls or AV to avoid?

Loads and loads. It's more the other way around, which make sense to consider.

For firewalls, first you can't lump firewalls and UTM together. Different animals from different vendors.

I thought UTM's were firewalls with a lot more features. Kind of like, a do everything security box?

@scottalanmiller said in How to Layer Your Security Needs:

@jmoore said in How to Layer Your Security Needs:

Is it helpful to learn how to host our own DNS( thinking Bind) instead of using something like OpenDns?

That's not usually an either/or scenario. If you are a tiny shop, having no DNS is fine and normal. But once you hit any size, you typically want something for DNS.

OpenDNS or Strongarm.io are a different kind of thing, they are DNS-based security mechanisms for your external access. BIND is for your internal DNS.

Oh got it, I see I was using those terms wrong.

@scottalanmiller said in Amazon AWS Leaving Xen for KVM:

KVM is Linux virtualization, Xen is not.

What is Xen then?

@dafyre said in Would You Hire Someone in IT Who Does Not Have a Home Lab:

@scottalanmiller said in Would You Hire Someone in IT Who Does Not Have a Home Lab:

@jmoore said in Would You Hire Someone in IT Who Does Not Have a Home Lab:

@scottalanmiller said in Would You Hire Someone in IT Who Does Not Have a Home Lab:

@jmoore said in Would You Hire Someone in IT Who Does Not Have a Home Lab:

@scottalanmiller said in Would You Hire Someone in IT Who Does Not Have a Home Lab:

@dashrender said in Would You Hire Someone in IT Who Does Not Have a Home Lab:

What I'm taking away from this is that I don't really have much family time with my wife at all.

Most people don't, nothing wrong with that. I don't either. But not because we don't enjoy shared things, we actually do. But in our case it is because my wife is an extreme introvert and needs to be alone over 90% of the time to be happy and functional. That's something I've just had to learn to come to term with. She doesn't not want to hang out with me, she doesn't want anyone at all near her.

So the kids and I are together way more than my wife and I are together. My kids want to be in close proximity 90% of the time and alone 10%. My wife is the flip side. So now, for example, that my wife is done cooking breakfast, she is back hiding across the house alone, while me and the two kids are hanging out together.

That is exactly how my home life is too. My wife doesn't like doing anything with me or the kids either. We used to do the same things but hardly do anymore. She does but I can tell she isn't happy being around someone all the time. She calls herself an extreme introvert. I really wonder how we got married sometimes. I think she has got worse over the years though, she wasn't so bad when we first met. She did have cancer though so i am sure that affects her still too so I can't be hard on her because of that. I am still trying to adjust to her personality change myself and it hasn't been easy. She would rather be by herself and she regularly says she hates her life and family. She will then backtrack so i don;t think she means it. Its just the way she is. The only friends she has are people that are as miserable as she is.

So yeah my office is covered in toy trucks, cars, flying dragons and books because the two boys spend a lot of time in there with me at nights after work. I love spending time with them. We play games, talk, takes naps together and wrestle so the 2 year old can jump on me and win. He loves that. He hold onto my neck while laughing and playing.

My wife loves her life... as long as we leave her to herself most of the time.

But given that scenario, one of the good things is that we are all home together all of the time. So when she wants to be around us, we are there. So we get the maximum potential time together. She really hates if I go to an office or travel, as she does want to see me every day, just not nearly as much time as I want to see her.

Yeah I used to go out a lot more at night and work or just find things to do but she hated that too. So I was confused. Finally I figured out that she wanted me somewhat near to help her but not to interact with. She's just weird like that

I think that that is common for introverts. They need to be isolated in some ways, but it isn't that they don't want you there.

They have a larger bubble of personal space.

My wife has become an extreme introvert. She wants people in the room with her, but not close. I fluctuate heavily in either direction. When I'm alone, I want to stay that way. When I'm around people, I want to hang out with them for a while.

thats a good way to put it

@scottalanmiller said in Would You Hire Someone in IT Who Does Not Have a Home Lab:

@dashrender said in Would You Hire Someone in IT Who Does Not Have a Home Lab:

@scottalanmiller said in Would You Hire Someone in IT Who Does Not Have a Home Lab:

@dashrender said in Would You Hire Someone in IT Who Does Not Have a Home Lab:

What I'm taking away from this is that I don't really have much family time with my wife at all.

Most people don't, nothing wrong with that. I don't either. But not because we don't enjoy shared things, we actually do. But in our case it is because my wife is an extreme introvert and needs to be alone over 90% of the time to be happy and functional. That's something I've just had to learn to come to term with. She doesn't not want to hang out with me, she doesn't want anyone at all near her.

So the kids and I are together way more than my wife and I are together. My kids want to be in close proximity 90% of the time and alone 10%. My wife is the flip side. So now, for example, that my wife is done cooking breakfast, she is back hiding across the house alone, while me and the two kids are hanging out together.

Sounds like the flip from my house - though I don't want/need anywhere near 90% alone time.. 40%+ alonish time would be completely OK. But for her, if it's possible for me to be in the same room, she wants that. It's to the point that she will suffer something she doesn't like just to be in the same room, though there are a few things that will send her screaming.. the bird when she's being loud for example.

I'll stop by where my wife is and she'll be like "go away, I've seen you enough today."

lol women are so weird! my wife included

@scottalanmiller said in Would You Hire Someone in IT Who Does Not Have a Home Lab:

@jmoore said in Would You Hire Someone in IT Who Does Not Have a Home Lab:

@scottalanmiller said in Would You Hire Someone in IT Who Does Not Have a Home Lab:

@dashrender said in Would You Hire Someone in IT Who Does Not Have a Home Lab:

What I'm taking away from this is that I don't really have much family time with my wife at all.

Most people don't, nothing wrong with that. I don't either. But not because we don't enjoy shared things, we actually do. But in our case it is because my wife is an extreme introvert and needs to be alone over 90% of the time to be happy and functional. That's something I've just had to learn to come to term with. She doesn't not want to hang out with me, she doesn't want anyone at all near her.

So the kids and I are together way more than my wife and I are together. My kids want to be in close proximity 90% of the time and alone 10%. My wife is the flip side. So now, for example, that my wife is done cooking breakfast, she is back hiding across the house alone, while me and the two kids are hanging out together.

That is exactly how my home life is too. My wife doesn't like doing anything with me or the kids either. We used to do the same things but hardly do anymore. She does but I can tell she isn't happy being around someone all the time. She calls herself an extreme introvert. I really wonder how we got married sometimes. I think she has got worse over the years though, she wasn't so bad when we first met. She did have cancer though so i am sure that affects her still too so I can't be hard on her because of that. I am still trying to adjust to her personality change myself and it hasn't been easy. She would rather be by herself and she regularly says she hates her life and family. She will then backtrack so i don;t think she means it. Its just the way she is. The only friends she has are people that are as miserable as she is.

So yeah my office is covered in toy trucks, cars, flying dragons and books because the two boys spend a lot of time in there with me at nights after work. I love spending time with them. We play games, talk, takes naps together and wrestle so the 2 year old can jump on me and win. He loves that. He hold onto my neck while laughing and playing.

My wife loves her life... as long as we leave her to herself most of the time.

But given that scenario, one of the good things is that we are all home together all of the time. So when she wants to be around us, we are there. So we get the maximum potential time together. She really hates if I go to an office or travel, as she does want to see me every day, just not nearly as much time as I want to see her.

Yeah I used to go out a lot more at night and work or just find things to do but she hated that too. So I was confused. Finally I figured out that she wanted me somewhat near to help her but not to interact with. She's just weird like that

From reading here there are many opinions on how to do certain activities in IT. This topic will be about security and the different ways you protect your network. Physical security should also be a part of that so if anyone has recommendations then please chime in. Lets learn from each other. Everyone has had good points so there is certainly something to be learned from having a discussion about it. feel free to respond to all or certain points here.

We have the obligatory firewall and I put AV on every device that comes into the shop from Dell/HP. I setup the machines so I always have a local admin account I can always use if I need to. That is in my image from SmartDeploy and it evolves as I need it to. I record all machine info into OneNote that is organized by building along with the user and mac address if I know that info at the start. I constantly patch and update applications, Windows OS, and AV from this master list. I am a fanatic about updating. I use a combination of PDQ, Psexec, and Chocolatey to this for me. We have all server rooms and network closets locked. We also use security cameras for all of the buildings. That is a little of my environment.

Everyone uses firewalls but are there certain features you can't live without?
Any firewall features that used to be important but are no longer?
Is it helpful to learn how to host our own DNS( thinking Bind) instead of using something like OpenDns?
What kind of physical security do you employ?
Are there certain types of layering that do not work well together?
Any brands of firewalls or AV to avoid?
Lastly, how do you layer your security if its different than usual?

@scottalanmiller said in Would You Hire Someone in IT Who Does Not Have a Home Lab:

@dashrender said in Would You Hire Someone in IT Who Does Not Have a Home Lab:

What I'm taking away from this is that I don't really have much family time with my wife at all.

Most people don't, nothing wrong with that. I don't either. But not because we don't enjoy shared things, we actually do. But in our case it is because my wife is an extreme introvert and needs to be alone over 90% of the time to be happy and functional. That's something I've just had to learn to come to term with. She doesn't not want to hang out with me, she doesn't want anyone at all near her.

So the kids and I are together way more than my wife and I are together. My kids want to be in close proximity 90% of the time and alone 10%. My wife is the flip side. So now, for example, that my wife is done cooking breakfast, she is back hiding across the house alone, while me and the two kids are hanging out together.

That is exactly how my home life is too. My wife doesn't like doing anything with me or the kids either. We used to do the same things but hardly do anymore. She does but I can tell she isn't happy being around someone all the time. She calls herself an extreme introvert. I really wonder how we got married sometimes. I think she has got worse over the years though, she wasn't so bad when we first met. She did have cancer though so i am sure that affects her still too so I can't be hard on her because of that. I am still trying to adjust to her personality change myself and it hasn't been easy. She would rather be by herself and she regularly says she hates her life and family. She will then backtrack so i don;t think she means it. Its just the way she is. The only friends she has are people that are as miserable as she is.

So yeah my office is covered in toy trucks, cars, flying dragons and books because the two boys spend a lot of time in there with me at nights after work. I love spending time with them. We play games, talk, takes naps together and wrestle so the 2 year old can jump on me and win. He loves that. He hold onto my neck while laughing and playing.

@tim_g said in Arg! The money spent the month before I stated here.:

Good security also consists of all easily identifiable holes being covered the best that can be done for a cost that makes sense for the environment. If we deploy all devices with good AV, but there are still devices without it such as personal devices and those we deploy that stop functioning correctly sometimes, it's not a bad thing to use the built-in AV the SonicWALL provides as an additional protection layer. (or only AV protection layer in some cases)

I do completely understand what you are saying, but you also need to understand that in some places, there are devices that are not controlled by IT and due to some reasons I beyond the scope of this topic, there's nothing that can be done no matter what. In this case the SonicWALL AV and SSL-DPI is very beneficial. It also helps to keep things off the network, not even giving the client devices a chance to get it.

All AVs are not equal. THere are none with a 100% detection rate. The best AVs miss things the mediocre ones catch, and vice versa.

Good points. Maybe we should have a different thread to talk about the best way to layer security? There seems to be many opinions on how to do it. I am sure it would help a few people. I know it will depend on the environment but well laid out template would at least give you places to start. Its just the same as crafting a program, you have lots to consider and you have plans in place for as many situations as possible. Good idea or not?

@black3dynamite said in Would You Hire Someone in IT Who Does Not Have a Home Lab:

Slow down people, I’m trying to read here.

yeah i agree, this is going faster than I can keep up with lol