I've seen a few different projects / services built around Apache Guacamole that might suit your needs.
Basically the user connects to the Guacamole / jump box but you would have to administratively create the "bookmarks" or connections that their user would be able to use from there.
For the life of me, I can't seem to find anything today, but unless I was imagining things I'd come across a couple of setups that could possibly meet your needs about a month or 2 ago.
I know that there probably aren't too many folks on here using the full MS security platform but I figure it's worth checking in.
For the life of me, I can't get the below Attack Surface Reduction rules to apply, regardless of the method... Is there some sort of spell, incantation or sacred offering that must be performed for this to work?
As usual, Microsoft's "documentation" isn't exactly straightforward and direct. I tried configuring via the custom MEM OMA-URI method this morning, I'll have to wait until Monday to see if it's actually going to take this time. I've already got the same restrictions set via Endpoint Security with no success.
We're still in a hybrid AD scenario, so I could technically try to use GPO, but we're trying to do as much via Intune / cloud as possible.
Any known issues that folks have come across with this stuff?
Or just create another SSID for them? I'm not for SSID sprawl, but most gear should be able to handle 3 SSIDs without too much trouble.
@scottalanmiller FWIW they (BeeLink, don't know model) were being seriously looked at for digital signage controllers at my previous employer. Don't know how far they went with them but if they're competing in that space then the reliability should be decent as they wouldn't get any traction if they were causing issues and warranty claims on signage (boom truck and signage installer calls aren't cheap)
@pattonb said in ups battery life:
thanks for all the replies. I have a client that replaces the batteries about every 2 years, they test the batteries every month, ( the test on the APC 2U unit) what would explain the short life ? The UPS is about 14 years old.
Do you know if they're going with brand new or remanufactured / refurbished? My experience with refurbished batteries would have a 2 yr replacement interval be more or less expected.
@ITivan80 said in ups battery life:
It is been my experience that battery usually need replacements after 5 Years. Inspection and test every 6 months.
5Yrs seems to be what we're getting in our env too.
@scottalanmiller Yeah, it all depends on what kind of effort is going to be put into setup / maintenance / use.... also might be just a regulatory checkmark that has to be satisfied.... The comment about graphing is what got me thinking about the "why" and that a monitoring solution like Zabbix might be more in line with what would actually be appropriate.
I'd looked at SIEMonster a couple of times over the years and while the idea seemed interesting the execution and setup struck me as a bit over the top and gimicky.
Wazuh might fit the bill but any SIEM or log management / aggregation / alerting setup is going to take a while to get up and running.... not necessarily to stand-up the server(s) and start collecting data, but to tune the alerts, dashboards etc so that there's value in the data that you're collecting.
What kind of information / monitoring are you looking to get?
So I'll start off by acknowledging that self-signed certs are less than ideal for most purposes.
Right now my goal is to get rid of plain-text LDAP on the network and want to make sure that I'm not trading one security hole for another.
I've found a couple of sets of instructions online and figured I'd run the idea past the assembled brain-power before going too far down the rabbit hole.
https://anandthearchitect.com/2019/10/10/active-directory-self-signed-certificate-for-ldaps/
https://www.javaxt.com/wiki/Tutorials/Windows/How_to_Enable_LDAPS_in_Active_Directory
Open to other suggestions to move from LDAP to LDAPS, but I'm in an environment that has too much legacy stuff to scrap it and / or AD so that whole possible course of action is the non-starter to end all non-starters.
I'm a fan of Jabra for work and home.
They can do wired and wireless models.
I tried the Evolve2 85 and went back to an Elite 85h for work. I've also got a couple of wired USB around as well for work.
At home I've got a set of Elite85h for over the ear and a set of Active75t for earbuds.
The only thing I've seen as a down for Jabra was that some of the lower-end stuff didn't stand up too well to user abuse, but what ever does?
One thing to consider that I didn't see mentioned is noise-cancelling (yes/no, active/passive) and hear-through as well as side-tone configuration (how much of your own voice you hear when using the headset on something like a teams or zoom call, you might end up shouting into the void if you aren't careful)
All good points.... I've been sitting alone with my thoughts for too long, good thing it's Friday.... Just an hour left
Is there a general consensus with regards to the "appropriateness" of using Tactical in a production setting? I've setup a quick install to test and evaluate but I was unaware of the whole monero issue https://www.reddit.com/r/msp/comments/rqm0go/a_statement_from_the_founder_of_tacticalrmm/
Given the increasing costs of everything we're being asked for possible ways to cut opex but wouldn't want to put my head on the chopping block in the event that things go south.
Darktrace does some pretty cool stuff. I've had some experience with the detection part, the automated response wasn't part of the package that was in use but the potential looked interesting.
FieldEffect has some interesting looking stuff too, not sure if they offer an automated response piece or not.
@Pete-S said in OT / IoT asset management:
You also need to consider what it is you want the documentation to actually be used for and by whom.
If you have different roles you might have network, security and sysadmin/tech (servers, devices etc). Their documentation needs are probably quite different.
For example:
- physical network layout
- switch configuration
- cabinets, racks drawings, locations and wiring
- optical fiber runs, type, length, usage/spares
- physical servers, location, warranty information
- device location, type, firmware level, IPs
- workload inventory
- application settings and configuration
- application data flow between devices, IPs and ports
- application support, contracts
- security zone config, firewall settings
- security compliance documentation
etc, etc...
Yeah, I hear you...
One of the other guys is lead-ish on the user endpoint stuff for now and there's a product in place to help with that.
My main concern for the present effort is getting an accurate picture of what SCADA / OT etc devices we've got in the environment so that I know if action has to be taken or flagged to the appropriate controls group when vulnerabilities are flagged online.
Ideally it'd be something like Nedi but for OT-type devices.
Netbox is great for static documentation and the sky seems to be the limit with regards to how much it can be expanded.
There is an integration with the fusioninventory plugin and agent that I'm already familiar with for GLPI, just haven't taken the time to investigate it.
Equally, GLPI has a lot of potential for some of this but couldn't do what I needed to with regards to documentation for our site-to-site networking.
Anyone have any thoughts / recommendations / experience with regards to keeping tabs on an OT environment? The only thing that seems to be out there from a discovery and management perspective seems to be OT-BASE https://www.langner.com/
Does anyone know of any alternatives beyond a network scanner and some spreadsheets?
Without knowing more details: https://www.supergrubdisk.org/
@gjacobse said in Application error -:
Try
SFC /scannow
If corruption is suspected, there's no harm in running chkdsk against the filesystem too.
@scottalanmiller said in Website down, but only for organization Network:
@dafyre said in Website down, but only for organization Network:
The website goes down, or appears to for about 5 minutes. Hosting Provider assures me there is no PHP issues and everything looks to be in order.
Tricky thing is, if I take my phone off of our organizations WiFi, the site is still operational. In fact, the site never really goes down to the rest of the world.Putting these two things together, I'm going to say it's almost certainly Fail2Ban. I bet something on your network is sending a bad password automatically and causing an auto-ban for a few minutes,.
Could be a password, could just be some of the actions actions that your editor / editing is performing that are triggering rules, depending on what the setup is like on the other end. See if they can either whitelist your corp IP(s) or tune out the false-positive rule.
