|
Serious Hardware / Software Crap › RE: A ticket came in: We must perform the ritual of An'tigh-Vyrus
|
# ? May 6, 2016 08:40 |
|
|
# ? May 31, 2024 14:16 |
|
divabot posted:All antivirus are as good as each other at the task of dealing with malware Are all antivirus also malware themselves because all the ones that cost money sure as hell are (for any reasonable definition of malware)?
|
# ? May 6, 2016 08:54 |
|
ErIog posted:Serious Hardware / Software Crap › RE: A ticket came in: We must perform the ritual of An'tigh-Vyrus Do this, thanks in advance.
|
# ? May 6, 2016 13:05 |
|
ErIog posted:Serious Hardware / Software Crap › RE: A ticket came in: We must perform the ritual of An'tigh-Vyrus Please do the needful and revert back
|
# ? May 6, 2016 13:18 |
|
You want him to change the thread title and then undo the change?
|
# ? May 6, 2016 13:23 |
|
I gotta say, Proventia XGS is a pretty fuckin sweet security solution. In addition to an antivirus, firewall, and web filter, ofc. Assuming you don't want to go full SIEM, which is ridiculous unless you have a team of 20 people sorting out your initial configs on any moderate to large size network.
|
# ? May 6, 2016 13:36 |
|
Colorfinger posted:So I noticed you guys liked the VOD of us performing this so I recorded it properly (without me making a bunch of mistakes in the piano) and then I got real ambitious and made a lyric video, here it is Everyone should listen to this because it's amazing
|
# ? May 6, 2016 13:57 |
|
Speaking of user training and Knowbe4, I'm just finishing up some of our baseline testing and the results are kind of scary. We did a simple test, from cmnnews@cmn.info.eu or something with a link to "Prince Death Video". That had a click through rate of 15%. Some stupid coupon toolbar had a click through rate of 5%. I'm really glad we got approval from management to do some training on this. Upper level management has been hell bent on all things security after a competitor got hit with a fake wire transfer a while back. Hopefully this will pay for itself in just limiting the number of re-images help desk has to do for users.
|
# ? May 6, 2016 14:01 |
|
I'm a little late to the party, but I just got an invite to this webinar about Malvertising https://webinar.darkreading.com/2063/ quote:This webinar give the audience a better understanding of the impact of malvertising and ransomware. It will also tackle some of the biggest misconceptions, latest tactics/incidents, how these attacks are delivered and why your company may be at risk without you even knowing it. It could be mildly entertaining to see what they have to say. It could also be good propaganda to show some higher ups if you're worried about crypto variants. I hope this doesn't earn me a red title
|
# ? May 6, 2016 14:13 |
|
BaseballPCHiker posted:Speaking of user training and Knowbe4, I'm just finishing up some of our baseline testing and the results are kind of scary.
|
# ? May 6, 2016 14:15 |
|
Thanks Ants posted:Are you doing it all yourself or have you run up a VM with one of the phishing toolkits on it? No we're using KnowBe4s service to handle everything. We just pick the templates and customize as needed, handle the scheduling and then send it off. We've been very impressed with the service and it was dirt cheap. I've had a ton of fun creating the phishing emails, its a nice break from my normal day to day work. We do have a cuckoo VM setup just to inspect real attachments our users are getting to try and at least educate them on how they are being targeted.
|
# ? May 6, 2016 14:25 |
|
Oh nice, I didn't realise that they let you pick and choose the emails that you felt were most relevant for your org. I ran a trial and got a 25% hit rate which was quite scary, including some people who said they knew it was a phishing test and clicked it anyway, which is worse than people who didn't know. The price of being curious I guess. Anyway the pricing is pretty positive (it's gently caress all really) and I can't see any reason to go for the gold level service as people's email addresses aren't meant to be secrets. I kind of agree with the guy in the infosec thread that decided the training had a dumb name, have you looked at any of it yet and is it as cheesy as the name suggests? In reality I could probably take the earlier advice and run a PowerPoint session and do a couple of test campaigns but having an online portal with web-based training will suit our staff better as they aren't ever going to be in the same place long enough for classroom delivery to work, and having a thing that tracks users progress makes it straightforward to write it into staff terms and conditions and keep tabs on things. We've already got configuring two-factor auth as a step in the induction so the business is quite reasonable about giving IT the framework they need to operate in. Thanks Ants fucked around with this message at 14:37 on May 6, 2016 |
# ? May 6, 2016 14:34 |
|
An email came in, warning me and other staff that people are complaining about cellphone use. After some investigation I find out we have a crotchety old office manager who bitched about everything new employees do. We pay a part of people's plans, let them use exchange on their phones and complain about phone usage? notwithoutmyanus fucked around with this message at 15:46 on May 6, 2016 |
# ? May 6, 2016 14:35 |
|
Thanks Ants posted:Oh nice, I didn't realise that they let you pick and choose the emails that you felt were most relevant for your org. I ran a trial and got a 25% hit rate which was quite scary, including some people who said they knew it was a phishing test and clicked it anyway, which is worse than people who didn't know. The price of being curious I guess. Yeah there are hundreds of emails to choose from, lots of community created ones, and you can make your own. For instance we've made a few based off of real incoming messages that have targeted some of our executives. The training look and feel is pretty cheesy, though not bad by any means. Kind of looks like the creative crew from the set of Hackers just picked up shop and decided to make corporate training videos. They have different level courses that range time wise anywhere from 15 to 45 minutes. The courses are pretty well done, and based on the feedback I've gotten from some users its clear and concise. It does a good job teaching users the basics like checking email message headers and how to hover over links to see the url it's linked to. For us we've decided to have everyone take the quick 15 minute course as time allows. All of the courses are slide based so they can start and stop as needed. The users who click on any phishing email get added to a clickers group and then get automatically enrolled in one of the longer courses. After this initial round of training we plan on sending out monthly security tips emails from KnowBe4 just as a reminder. Those emails are nice too because they give users a heads up on whatever seems to be the latest trending scam email. We've tried the powerpoint in the conference room training before and just found it ineffective. For the people who know better already its a waste of time. For the people who need it only a few get it after sitting through one quick training session. This training is nice because it doesnt tie up someone from IT and they can do it on their own time. The videos seem to be interesting enough to keep peoples attention too which is huge. For the price it's definitely worth it. We went with the gold tier just because it is so cheap. I think at the next level they do like USB drops and phone calls to try and get info from users. We decided to skip that for now, at least until some user starts giving out bank routing info over the phone.
|
# ? May 6, 2016 14:54 |
|
Some of the KnowBe4 training is dumb (there's like four slides of utterly irrelevant stuff in the beginning like "what is spearfishing? What's an APT*") but once you get past the initial stupid slides I thought the 15 minute security training was pretty good - it hit on the major points and broke down some important things like "how to hover over a link to check the destination", "is this sender legit", etc. into something that I could reasonably expect my users to understand. Only gripe with it really is that you have to create accounts for your users to access that stuff and frankly I just cannot be bothered with trying to do that and force compliance, so the videos will pretty much go unused for us. On the upside like everyone says it's dirt cheap and I get my money's worth out of the phishing campaigns alone so whatever. * or some other totally irrelevant jargon that even I forgot, and users definitely don't give a poo poo about or need to know.
|
# ? May 6, 2016 14:55 |
|
Never got a virus on my OS of choice:
|
# ? May 6, 2016 21:47 |
|
Alighieri posted:Never got a virus on my OS of choice: Just dont upgrade to the new testament version or you could get a pox on you like I did.
|
# ? May 6, 2016 21:53 |
|
Don't you have to layeth with a woman to get the pox
|
# ? May 6, 2016 21:56 |
|
mewse posted:Don't you have to layeth with a woman to get the pox I typed "sex with a lady" in Miriam font and here I am.
|
# ? May 6, 2016 21:59 |
|
lol have fun you guys: 12:55 PM • Mary Jo Foley / ZDNet: Microsoft no longer allows administrators to block Windows Store access in Windows 10 Pro
|
# ? May 7, 2016 02:09 |
|
Does it count as yotj if you're just changing teams to same duties, same pay, different servers, and shedding three terrible and severe problems than have been standardized out of the new asset pool? Eh. I'll take it. Because I should never have to hack a password to support our own servers again.
|
# ? May 7, 2016 02:24 |
|
Thanks Ants posted:They're pretty secretive about it on the website, but they do say you just change your DNS records. Does this gently caress things up for clients that are in the office needing to access internal resources since they don't get the internal DNS servers any more, or is there an agent that deals with swapping the servers out? You just change the dns forwarders on your dns servers, and then setup the networks on the OpenDNS side so the traffic is filtered instead of just getting dns results back like non paying users. Then you still get all the same internal dns resolution. For clients that are traveling a lot they have a roaming client to install.
|
# ? May 7, 2016 02:34 |
|
mediaphage posted:lol have fun you guys: Yeah don't run pro, run ent. It's pretty clear which direction ms is taking pro.
|
# ? May 7, 2016 09:49 |
|
We're not paying for ent, we get oem which is pro.
|
# ? May 7, 2016 14:23 |
|
spankmeister posted:Yeah don't run pro, run ent. It's pretty clear which direction ms is taking pro.
|
# ? May 7, 2016 16:11 |
|
We run education/enterprise, but have a few one-offs with pro. Hopefully you'll still be able to at least uninstall the store via powershell.
|
# ? May 7, 2016 16:41 |
|
I wouldn't count on it. Enterprise is a good product but moving onto it for an organisation that has increased the deployment count of Pro licenses involves a fairly large initial order to get the Enterprise Upgrade for each machine, after that you just need to keep SA active.
|
# ? May 7, 2016 16:44 |
|
Fun Fridays, AVG Cloudcare shat out again causing external E-mails to come in extremely slowly or practically not at all since there were no errors triggering, so the only way I found out was from our agents getting lovely phonecalls about why nobodies responding to their messages. It's always fun having to explain broken clouds.
|
# ? May 7, 2016 23:12 |
|
Super Slash posted:Fun Fridays, AVG Cloudcare shat out again causing external E-mails to come in extremely slowly or practically not at all since there were no errors triggering, so the only way I found out was from our agents getting lovely phonecalls about why nobodies responding to their messages. 'The clouds were raining and dropping all the data.'
|
# ? May 8, 2016 04:12 |
Super Slash posted:Fun Fridays, AVG Buttcare shat out again causing external E-mails to come in extremely slowly or practically not at all since there were no errors triggering, so the only way I found out was from our agents getting lovely phonecalls about why nobodies responding to their messages. Lol, antivirus
|
|
# ? May 8, 2016 04:44 |
|
At least you weren't performing heart catheterization at the time although maybe a hard-realtime life-critical application shouldn't poo poo itself the first time an I/O error is thrown Paul MaudDib fucked around with this message at 04:51 on May 8, 2016 |
# ? May 8, 2016 04:49 |
|
Paul MaudDib posted:At least you weren't performing heart catheterization at the time Or been running on Windows instead of an RTOS
|
# ? May 8, 2016 05:22 |
|
my car doesnt run anti-virus, should I be worried?
|
# ? May 8, 2016 06:24 |
|
I get that everyone is technically right about how useless AV is in 2016 but acting like getting users that aren't people posting in this thread to properly navigate the Internet using No Script/Ad Block is ...frankly possible is insane. Or that forcing it on them isn't going to lead to countless hours of time spent trying to get it tuned right. I know most people don't have to talk to end users anymore but they really really are apathetic about how they use the magical box at their desk to do anything.
|
# ? May 8, 2016 06:51 |
|
LethalGeek posted:I get that everyone is technically right about how useless AV is in 2016 but acting like getting users that aren't people posting in this thread to properly navigate the Internet using No Script/Ad Block is ...frankly possible is insane. Or that forcing it on them isn't going to lead to countless hours of time spent trying to get it tuned right. As long as it doesn't interfere with my coupon toolbars I'm open to installing new stuff.
|
# ? May 8, 2016 06:55 |
LethalGeek posted:I get that everyone is technically right about how useless AV is in 2016 but acting like getting users that aren't people posting in this thread to properly navigate the Internet using No Script/Ad Block is ...frankly possible is insane. Or that forcing it on them isn't going to lead to countless hours of time spent trying to get it tuned right. AV is useless in 2016, but users are also retarded so AV is still required despite it being useless. Alright.
|
|
# ? May 8, 2016 08:45 |
|
Are any of the adblockers able to be centrally managed yet (is central management of extensions even a thing Chrome supports or would the extension writer need to build it themselves?). I know you can install extensions via GPO or through the Google Apps management assuming your users are signed into Chrome, but I'd be wary of rolling out Ublock Origin company-wide unless I could easily drop an exception in for certain sites.
|
# ? May 8, 2016 10:38 |
|
LethalGeek posted:I get that everyone is technically right about how useless AV is in 2016 but acting like getting users that aren't people posting in this thread to properly navigate the Internet using No Script/Ad Block is ...frankly possible is insane. Or that forcing it on them isn't going to lead to countless hours of time spent trying to get it tuned right. uBlock origin is a zero-config option that is what is actually being recommended, not some form of script whitelisting. Pretty sure you can install it on your mom's browser and she'll never know.
|
# ? May 8, 2016 17:12 |
|
Segmentation Fault posted:AV is useless in 2016, but users are also retarded so AV is still required despite it being useless. I'm not telling someone to not run antivirus because then when the lady who opens all her spam email 'just to check if they're actually spam' gets another infection then it's now my fault because I told her antivirus was garbage.
|
# ? May 8, 2016 17:15 |
|
|
# ? May 31, 2024 14:16 |
|
Jesus christ not this derail again
|
# ? May 8, 2016 17:39 |