@Mike-Davis said in Zabbix gone wild:

@dafyre said in Zabbix gone wild:

From your Zabbix server...

try to run this command a few times and see if it returns everything like it should:

zabbix_get -s ipofyourhost -k "vfs.fs.size[C:,pfree]"

Run it a few times back-to-back and see what you get... and then compare with the results of...

zabbix_get -s ipofyourhost -k "vfs.fs.size[C:,free]"

Where do I find the zabbix_get command? I tried it and got "-bash: zabbix_get: command not found"

and then I googled it and ran:
yum install -y zabbix-get

@dafyre said in Zabbix gone wild:

From your Zabbix server...

try to run this command a few times and see if it returns everything like it should:

zabbix_get -s ipofyourhost -k "vfs.fs.size[C:,pfree]"

Run it a few times back-to-back and see what you get... and then compare with the results of...

zabbix_get -s ipofyourhost -k "vfs.fs.size[C:,free]"

Where do I find the zabbix_get command? I tried it and got "-bash: zabbix_get: command not found"
I did:
sudo find -name "zabbix_get"
and it returned nothing.

In my experience I have to agree with Scott. It's the only office where everyone can read everyone else's email and the file server is a free for all.

I would ask them what regulatory requirements they have.

Has anyone used a dual screen laptop? I tried to google it, but it kept coming back with the traditional laptop + external monitor, and a few rouge brands I have never heard of.

@scottalanmiller Must be legacy stuff on the website. When I last worked with the owner, he was mostly doing HIPAA audit and security stuff. With that said, I don't know all the members of his team.

The same would be true of NTG. The addition or removal of one team member could make a big change in the services NTG could offer.

I found a pro that I have worked with years ago that specializes in this kind of thing. For anyone that is interested:
http://optimalteck.com

I had a lawyer that is a client of mine ask me about being an expert witness. He has a client that says he sent a message on facebook and then deleted it. He thought he could use the "Download a copy" of your Facebook data feature, but I don't think that's going to work because on this page, it says:

https://www.facebook.com/help/405183566203254
Messages Messages you’ve sent and received on Facebook. Note, if you've deleted a message it won't be included in your download as it has been deleted from your account.

In addition to that, I don't have any experience in criminal justice and things like "chain of custody." Can someone recommend a company that has experience in this area? This would be in the Auburn, NY area.

@Breffni-Potter said in Are Servers on VMs are Safe from Ransomware ?:

Different alerts have been posted on this site guys, This is why we update and patch and watch for notices from vendors.

Exploits have and are found on a regular basis, the vendors then patch like lightning to prevent it.

https://arstechnica.co.uk/security/2015/05/extremely-serious-virtual-machine-bug-threatens-cloud-providers-everywhere/

You can do your research and google your hypervisor of choice to see previous patched vulnerabilities.

Thanks for sharing that. It seems an unpatched system is a vulnerability no matter where it is.

@Breffni-Potter Can you show some examples? I would have thought there would have been all out data center panic. Can you imagine one Azure VM having access to all the VMs on that host? I'm thinking that would be front page news.

In the case that someone shared from reddit yesterday, the hacker got on one system and then installed a password cracking tool on the VM to scan for other passwords on the network. To answer @openit 's question, it makes no difference physical or virtual.

So far we haven't seen a case where if a VM gets hacked the attacker gains access to the hyper visor unless passwords are shared, etc.

I've seen two virtual machines get cryptoed, so no, it makes no difference. The recovery was quicker, but that's about it.

After a bit more reading it looks like a disjoint namespace is when you have an exchange server in the domain: domainA.local and your computers are in the domain: domainB.local

If they are going to be your only client like this, I would just do the VPN thing. The fixed costs and overhead of some of the other tools are not going to be worth it.

I was reading an article about Exchange 2013 and they mentioned that if you have a "disjoint namespace" you need to do some additional work. It suggested using a GPO to specify and DNS suffix if your internal domain name is different than your external domain name. Is there anything wrong with just adding the external domain to your DNS server like you do with a split DNS configuration?

Whenever I have had a domain.local and a domain.com I just create a zone for each of them on the internal DNS server and that seems to work fine. Any reason not to do that? Is this "disjoint namespace" the same thing?

@Dashrender said in hide yo kids, hide yo wife - with a VPN:

Wait - huh? Your load balancer didn't keep all the traffic to a given session on the same outbound IP? I guess I just assumed each browsing session to say, google.com or bankrus.com would stay on a single interface unless that interface went down. Sure two different sights might be access via two of your outgoing IPs, but that normally doesn't matter.

yes. This was with a SonicWall NSA250. The second time I had the issue, I contacted the business that had the payment site that wouldn't work. I asked him for the IP of the payment server so I could write a route statement. He said the IP was private for security reasons. I got it from nslookup and asked him to let me know if he ever changes it.

@Dashrender I think along the same lines as you. In addition, if some cookies are dropped google has more information than you can imagine, so does it really make a difference if your ISP can see the urls you connect to? My concern supporting it professionally is that their banking site might not work if they are behind a VPN. For a client that I have that was using a load balancer, I had to write rules so that traffic to that site would only go out one interface. Their site couldn't handle the fact that our connecting IP might change. I imagine with the VPN it would be the same type of problems.

So now that the general public thinks they need a VPN to hide their browsing, does anyone have any recommendations? Does anyone have any clients that put their entire site behind a VPN?

@njbair Thanks for joining the community to share your appreciation. I'm glad I posted the steps I took to resolve the issue because if you would have asked me today how I fixed it I'm not sure I could have remembered.

@scottalanmiller I agree. Looking at it like auto insurance where cars can be replaced for a price and medical bills can be paid just doesn't have parallels in IT.

I've read over a few "Cyber Insurance" policies. Some of them only seem to be concerned with how many credit card/social security numbers are stolen and covers you when you get sued for that. Those policies seem to offer no coverage if you get cryptolockered and lose all your data.

I was asked to review one for my own business as an example. Basically it's $2,753 a year and offers the following coverage:

I'm thinking the only way you're going to "recover" from something like a crypto infection is to restore from backup or pay the ransom. I think the cost of the insurance is way more expensive than either one of those, and you have to have good backups regardless of whether you have insurance or not.

Does anyone have any experience making a "cyber insurance" claim?