|
One would upload themselves to the cloud, too.
|
# ? May 12, 2015 15:07 |
|
|
# ? Jun 5, 2024 20:48 |
|
Yay, it looks like the spiceworks install is completely ruined. Some file or another got partly overwritten and now it can't be restored. Thankfully, my boss is set to do a call with the MSP about this behavior, so maybe somewhere they have an offsite backup we don't know about. Like everything else they've never told us. Edit: MJP posted:lovely MSP? Washington, DC. I don't want to lay out exactly what I do, but we're a nonprofit and the MSP we have is a nonprofit as well, which you'd think would keep them a little more honest. The Muffinlord fucked around with this message at 15:12 on May 12, 2015 |
# ? May 12, 2015 15:10 |
|
Why do people have such a hard time grasping that "the cloud" actually just means "someone else's computers"?
|
# ? May 12, 2015 15:22 |
|
Entropic posted:Why do people have such a hard time grasping that "the cloud" actually just means "someone else's computers"? Because it's always sold as "literally magic"
|
# ? May 12, 2015 15:40 |
|
Vicas posted:Because it's always sold as "literally magic" It Just Works* *except when it doesn't and we're not going to tell you that because look at how many nines we have
|
# ? May 12, 2015 15:42 |
|
Because look at how much money Amazon makes because of The Cloud! We gotta get in on that!
|
# ? May 12, 2015 15:42 |
|
Just look at this little guy! Who doesn't want to be a part of that?
|
# ? May 12, 2015 15:44 |
The Muffinlord posted:Yay, it looks like the spiceworks install is completely ruined. Some file or another got partly overwritten and now it can't be restored. Thankfully, my boss is set to do a call with the MSP about this behavior, so maybe somewhere they have an offsite backup we don't know about. Like everything else they've never told us. Dang, not my two-jobs-former employer. Chronically understaffed and with more turnover than a Hostess factory.
|
|
# ? May 12, 2015 15:57 |
|
sfwarlock posted:"Why haven't we downloaded ourselves to the cloud yet?" "Goddammit, we were supposed to have the Singularity ready by last quarter!"
|
# ? May 12, 2015 15:58 |
|
bitterandtwisted posted:A colleague of mine visited a potential new client... Good thing they're only "Potential" still. Vicas posted:Because it's always sold as "literally magic" I'm so glad my company has a combination of a CIO too cheap to spend money on anything, and a head IT guy too smart to believe in any of the cloud's bullshit. We have enough problems when office 365's mail decides to just not work for the day.
|
# ? May 12, 2015 16:09 |
|
sfwarlock posted:doesn't know what the cloud is or does, other than it's that thing that all the successful companies are using This is unironically 95% of openstack deployments. Then they realize they have no idea how to make it work and it slowly withers away until they sell the hardware on eBay.
|
# ? May 12, 2015 16:20 |
|
bitterandtwisted posted:A colleague of mine visited a potential new client... I hope he was all "yeah, contact our accounting department about this, I can't do any more work here, I'm out"
|
# ? May 12, 2015 18:27 |
|
m.hache posted:I am. Get a USB key and toss on Superantispyware, Malwarebytes, Norton Power Eraser and ADWCleaner. Scan with all of them, clean whatever garbage is on the machine, then rename/rebuild the profile - after you do the profile rename (especially if you have any users with folder redirection), go into the registry and blow away the key for the old profile to be safe so it doesn't try to create a TEMP profile when the user logs in. Keys for user profiles are in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList if you haven't messed with them before. Saved me from a 2-3 hour wipe and reload MANY times, only exceptions have been particularly nasty viruses that affect the entire OS or MBR rather than just a single profile.
|
# ? May 12, 2015 19:39 |
|
Ozz81 posted:Get a USB key and toss on Superantispyware, Malwarebytes, Norton Power Eraser and ADWCleaner. Scan with all of them, clean whatever garbage is on the machine, then rename/rebuild the profile - after you do the profile rename (especially if you have any users with folder redirection), go into the registry and blow away the key for the old profile to be safe so it doesn't try to create a TEMP profile when the user logs in. Keys for user profiles are in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList if you haven't messed with them before. Thanks for this. Looks like combofix found a few tampered files and a trojan. User reports no problems today.
|
# ? May 12, 2015 19:48 |
|
Ozz81 posted:Get a USB key and toss on Superantispyware, Malwarebytes, Norton Power Eraser and ADWCleaner. Scan with all of them, clean whatever garbage is on the machine, then rename/rebuild the profile - after you do the profile rename (especially if you have any users with folder redirection), go into the registry and blow away the key for the old profile to be safe so it doesn't try to create a TEMP profile when the user logs in. Keys for user profiles are in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList if you haven't messed with them before. Step 5: Throw away USB key
|
# ? May 12, 2015 20:23 |
|
hihifellow posted:Sophos SafeGuard relies on a synchronized AD structure for policy assignments and uses AD authentication for all modules. The only user management done outside of AD would entail manual assignment of encryption keys if that user had need of one not automatically assigned to them. It also integrates with bitlocker.
|
# ? May 12, 2015 20:31 |
|
Knormal posted:We use Sophos and it's a nightmare, but I think that's mostly because the guys running the server don't really have it as integrated with AD as it should be, and don't really know what they're doing. At our place it's set to lock up the laptop after 3 failed logins, at which point we have to go through this annoying unlock procedure over the phone, which involves the user reading off a 30-character alphanumeric key generated by the laptop, then entering a 60-character key generated by the server. We have to go through this at least three times a week, and it sucks. And according to our server guys you can't export the encryption cert off the server so offline decryption/recovery is impossible, but I'm almost certain they just don't know how. Lockout: that's set way too drat low and they should have enabled the self-help questions. If it's good enough for a bank, it's good enough here. Cert: the tools are obtuse and require a usb PXE key but yes it can be done.
|
# ? May 12, 2015 20:54 |
|
nexxai posted:Step 5: Throw away USB key I use a SDHC card with reader for it, still portable as heck, but can easily be made read only. Someone showed me a Kanguru drive that's an USB3 flash stick with a write protect switch.
|
# ? May 12, 2015 20:56 |
|
deimos posted:I use a SDHC card with reader for it, still portable as heck, but can easily be made read only. Someone showed me a Kanguru drive that's an USB3 flash stick with a write protect switch. I thought I was the only person who did this anymore. loving works a treat, but I'll have to look into the USB stick.
|
# ? May 12, 2015 21:42 |
|
hihifellow posted:Lockout: that's set way too drat low and they should have enabled the self-help questions. If it's good enough for a bank, it's good enough here. Even the NSA has, as their recommendation, 10 failed for very high security machines and 50 for everything else. You're trying to prevent dictionary and brute-force attacks, not fat-finger employee attacks.
|
# ? May 12, 2015 21:45 |
|
You don't have to make it nearly that complicated. Let users know that you are not responsible for any files they don't put on a network share, and at the first sign of malware (or hell, any configuration issue that takes more than a few minutes to troubleshoot) just rebuild the computer. If your environment is set up appropriately you can just PXE boot when the user leaves for the day and it'll be good to go in the morning. Sure, it takes more time for the computer to do this, but don't look at it that way. It takes less of your time (not to mention effort) that could be spent on productive stuff that affects more than a single workstation. e: Post got in between - referring to the virus scanning USB setups folks were referring to upthread. AreWeDrunkYet fucked around with this message at 21:56 on May 12, 2015 |
# ? May 12, 2015 21:49 |
|
GPF posted:Even the NSA has, as their recommendation, 10 failed for very high security machines and 50 for everything else. You're trying to prevent dictionary and brute-force attacks, not fat-finger employee attacks. Microsoft's recommendation is to use other means to mitigate it instead of lockout (they recommend 5-50): http://blogs.technet.com/b/secguide/archive/2014/08/13/configuring-account-lockout.aspx Here's NSA's guidelines but they are from 2009: https://www.nsa.gov/ia/_files/factsheets/133-fs-011-2009.pdf The new "standard with highest security/convenience considerations" seems to be: quote:We have selected a threshold of 10 bad attempts, a 15 minute lockout duration, and counter reset after 15 minutes (10/15/15). That threshold value is a change from the Windows 8.1 / Windows Server 2012 R2 beta guidance as well as from past baselines. The Win 8 and 2012 (non R2) was 5/15/15 and: quote:our support engineers have seen many accidental lockouts, particularly with the increase in devices per user deimos fucked around with this message at 22:12 on May 12, 2015 |
# ? May 12, 2015 22:07 |
|
AreWeDrunkYet posted:You don't have to make it nearly that complicated. Let users know that you are not responsible for any files they don't put on a network share, and at the first sign of malware (or hell, any configuration issue that takes more than a few minutes to troubleshoot) just rebuild the computer. If your environment is set up appropriately you can just PXE boot when the user leaves for the day and it'll be good to go in the morning. The whole scenario was brought up because they don't have a proper image setup for that particular machine.
|
# ? May 12, 2015 22:15 |
|
deimos posted:Microsoft's recommendation is to use other means to mitigate it instead of lockout (they recommend 5-50): http://blogs.technet.com/b/secguide/archive/2014/08/13/configuring-account-lockout.aspx We used to do 5-30 (up to 10-30 now) but the helpdesk didn't have the ability to unlock accounts. A few months back I was given the go-ahead to refactor rights in AD and the sound of joy I got from the helpdesk when I told them they could unlock accounts now was beautiful
|
# ? May 12, 2015 23:14 |
|
Entropic posted:Why do people have such a hard time grasping that "the cloud" actually just means "someone else's computers"? https://www.youtube.com/watch?v=9GP0KDuzgBc Just watch this. It's what people think.
|
# ? May 13, 2015 00:40 |
|
It's like that dilbert bit where they have to come up with the name of the product before they actually know what the product does.
|
# ? May 13, 2015 00:55 |
|
deimos posted:Microsoft's recommendation is to use other means to mitigate it instead of lockout (they recommend 5-50): http://blogs.technet.com/b/secguide/archive/2014/08/13/configuring-account-lockout.aspx The downside is that they also recommend 14 character passwords. I don't think it's safe to go down to 10 attempts w/ 15 minute lockouts unless you increase the password complexity to 14.
|
# ? May 13, 2015 01:10 |
|
A monthly team-wide metric report came in... On a team of roughly 30 people: -Average in calls. -Average in ticket closure. -Most emails processed (1 in 4). -Most alerts & events processed (half overall). And people find the thought of me taking a long weekend off unfathomable. In other news; quote:Hi I was wondering if you could give me administrator rights so I can install iTunes and other programs on my computer. It seems like a hassle to call so I think this would be better if I could do it myslef! A valiant effort, but...
|
# ? May 13, 2015 02:53 |
|
Once people figure out how to implement DFSR on their servers, SMBs wont need cloud backup services anymore...
|
# ? May 13, 2015 03:01 |
|
Entropic posted:Why do people have such a hard time grasping that "the cloud" actually just means "someone else's computers"? Because non-it people fundamentally don't understand the concept of virtualization. "The cloud" doesn't mean "someone else's computers", just like it doesn't mean "the cloud svg in visio that goes between networks". It's IaaS or SaaS or PaaS
|
# ? May 13, 2015 03:03 |
|
Priss In Plate posted:A monthly team-wide metric report came in... uh, good job and all but we're going to need you to improve the number of calls and ticket closures to bring them in line with company expectations. We expect all employees to be 20% above average.
|
# ? May 13, 2015 13:00 |
|
Anyone use a yearly clock method for systems maintenance? Any proven plans or templates out there? seems like there isn't a definitive standard.
|
# ? May 13, 2015 13:33 |
|
Renegret posted:We expect all employees to be 20% above average. You should that; if some rear end in a top hat manager strolls by and sees it, or reads it while snooping in the web usage logs, they might get ideas.
|
# ? May 13, 2015 13:50 |
|
Che Delilas posted:You should that; if some rear end in a top hat manager strolls by and sees it, or reads it while snooping in the web usage logs, they might get ideas. Unfortunately I didn't come up with that idea myself. ...since someone's management early on in this thread made that an honest to god rule.
|
# ? May 13, 2015 13:54 |
|
Dr. Arbitrary posted:The downside is that they also recommend 14 character passwords. I don't think it's safe to go down to 10 attempts w/ 15 minute lockouts unless you increase the password complexity to 14. Well, remember they are not using it for domain, they are using it for a laptop that will permanently lockout (no 15 minute lockout) until a complex administrative process. I am pretty sure 10 attempts are enough for that.
|
# ? May 13, 2015 14:50 |
|
m.hache posted:Thanks for this. Looks like combofix found a few tampered files and a trojan. User reports no problems today. Sweet, glad to help out deimos posted:I use a SDHC card with reader for it, still portable as heck, but can easily be made read only. Someone showed me a Kanguru drive that's an USB3 flash stick with a write protect switch. This or tossing the USB into a non-networked PC and doing a format works too - always do it on non-networked machines in case something nasty tries to spread through shared drives and such (e.g. Crypto variants) Priss In Plate posted:A monthly team-wide metric report came in... One of my old contract help desk jobs was like this - I was one of 2 guys that worked the 3pm-12am shift (preferred it at the time) and we had to have an average of 7-8 tickets closed per shift. Day shift guys would usually make that amount no problem, while me and the other night tech were literally averaging double or triple that amount. We'd bring up the list in weekly meetings and day people would have a weekly average around 40-45 tickets each, while I'd have something like 75-80+ for the same week. Some people would bitch about it and tried to say I was inflating numbers, until my boss stayed late one night and saw that yes, while at my desk, I'd have 3-4 remote windows open, or be running between our campus buildings to fix stuff constantly, because I had one guy helping versus the day shift that had something like 10-11 people between 6am-5pm. BOOTY-ADE fucked around with this message at 17:21 on May 13, 2015 |
# ? May 13, 2015 17:13 |
|
Brace yourselves, clouds are coming: http://venom.crowdstrike.comquote:VENOM, CVE-2015-3456, is a security vulnerability in the virtual floppy drive code used by many computer virtualization platforms. This vulnerability may allow an attacker to escape from the confines of an affected virtual machine (VM) guest and potentially obtain code-execution access to the host. Since I know your SysOps are not retarded: quote:And on Xen and QEMU, even if the administrator explicitly disables the virtual floppy drive, an unrelated bug causes the vulnerable FDC code to remain active and exploitable by attackers.
|
# ? May 13, 2015 18:16 |
|
deimos posted:Brace yourselves, clouds are coming: http://venom.crowdstrike.com So glad this is finally public. Said it before, but it bears repeating. Who else is sick of every CVE needing some catchy name since heartbleed?
|
# ? May 13, 2015 18:26 |
|
evol262 posted:So glad this is finally public. If it helps drive it into the brains of people I am all for catchy names. e: As long as using the name doesn't obfuscate the CVE. deimos fucked around with this message at 18:36 on May 13, 2015 |
# ? May 13, 2015 18:34 |
|
|
# ? Jun 5, 2024 20:48 |
|
evol262 posted:So glad this is finally public. I always wondered if there was a way to jump out of the VM, is this the first time this has been discovered?
|
# ? May 13, 2015 18:36 |