|
Moey posted:Disable the windows update service. Problem solved. Please patch.
|
# ? Sep 7, 2019 15:20 |
|
|
# ? Jun 5, 2024 16:39 |
|
... nah. Security as informed by populism. Cause we aaaaaallll know, populism is where it's at, right?
|
# ? Sep 8, 2019 21:47 |
|
Tapedump posted:... nah. Security as informed by populism. ... what?
|
# ? Sep 8, 2019 21:55 |
|
mllaneza posted:We didn't so much disable it as have WSUS and SCCM 2003 just loving die on our legacy infrastructure. Since we have a couple thousand machines in that domain, any one of which could cure the common cold tomorrow, we've spent almost a year using my Powershell to deploy the stuff (Dell KACE) that can actually push Microsoft patches to lab machines. Dear lord, this entire block of text hurts my insides. CommieGIR posted:Please patch. Competing to host the largest botnet currently.
|
# ? Sep 8, 2019 22:06 |
|
Internet Explorer posted:... what? "I'll turn Updates off because I/we/the unwashed masses know far better than thousands of industry engineers" is strikingly like populist notions. (I know Moey didn't mean it.)
|
# ? Sep 8, 2019 22:19 |
|
Moey posted:Dear lord, this entire block of text hurts my insides. I'm actively terrified on at least a weekly basis, but this is great resume fodder.
|
# ? Sep 9, 2019 01:06 |
|
We got a motorola AP6532 for our wifi AP and it's a pain to work with. What would be a good replacement?
|
# ? Sep 9, 2019 20:29 |
|
Revalis Enai posted:We got a motorola AP6532 for our wifi AP and it's a pain to work with. What would be a good replacement? I really like Unifi AC APs for small sites. The pros can handle a few dozen devices easily, the lite is perfect for phone use only, or 2-4 laptops depending on what you are doing if it's low bandwidth you can get more but don't think people wont start streaming music. It's really easy to add multiple access points as well and have them work as a single network. I use lites at home and pros at work.
|
# ? Sep 9, 2019 20:52 |
|
Unifi is definitely easy to manage, but there have been a variety of quality issues with their AP's. I'm not saying don't use them, but if you do keep that and mind and overbuild your network so that if you do have issues the impact is minimized.
|
# ? Sep 9, 2019 20:56 |
|
The Fool posted:Unifi is definitely easy to manage, but there have been a variety of quality issues with their AP's. The quality issues were from a run a few years ago, as long as you don't buy used, you should be fine. Obviously there could be a new bad run I haven't heard of...
|
# ? Sep 9, 2019 21:14 |
|
I took a quick look at it and it seems to be pretty easy to setup and it's cheap enough I can get it without my manager bitching.
|
# ? Sep 9, 2019 21:33 |
|
Also look at Aruba Instant On. It's a version of Aruba Instant for really small deployments, with free online management. The APs are really cheap, and the mounting brackets are significantly better than on Ubiquiti's APs.
|
# ? Sep 10, 2019 11:02 |
|
Aruba has been my standard for both SMB and enterprise for years. If youre doing a small office deployment the IAP models run a built in virtual controller and the smaller APs are pretty cost effective.
|
# ? Sep 10, 2019 12:57 |
|
Tapedump posted:(I know Moey didn't mean it.) I'm actually pretty up to date on patching all across my environment. Sometimes I impress myself.
|
# ? Sep 10, 2019 23:25 |
|
What does everyone think of crowdstrike
|
# ? Sep 10, 2019 23:32 |
|
I like the Meraki AP's. Cloud managed, no controller needed, once you build the network you can deploy new ones in seconds, and if you watch one of their videos they'll send you a test one for free*. However, if the license lapses they stop working entirely. *For 3 years.
|
# ? Sep 11, 2019 01:35 |
|
Yeah, the Meraki AP's are super nice. My environment is 100% Meraki and while there are some things that I butt heads with occasionallynon-meraki site-site vpns are a disaster, they are super easy to manage. Expanding to another floor this summer was just a matter of registering the new switch and AP's. They are not cheap though
|
# ? Sep 11, 2019 16:50 |
|
I got the Unifi AC AP PRO today and it was really easy to setup. I have it placed facing upwards on top of our walk-in cooler, and it covers about 85% of our floor. I see they have the Unifi Mesh that supposedly expands the AP, is it worth getting?
|
# ? Sep 12, 2019 01:53 |
|
Methanar posted:What does everyone think of crowdstrike I want to know what everyone thinks about endpoint security in general. currently using webroot. I feel like windows defender + cisco umbrella should be good enough though and don't need another thing.
|
# ? Sep 12, 2019 01:58 |
|
I guess should've asked this thread before deciding between Unifi and Tp-link APs, although I've had zero complaints about the tp-links at the other place I deployed them when budget was more of an issue, and they also were easy to set up.
|
# ? Sep 12, 2019 02:05 |
|
NevergirlsOFFICIAL posted:I want to know what everyone thinks about endpoint security in general. currently using webroot. I feel like windows defender + cisco umbrella should be good enough though and don't need another thing. I'd agree with defender + umbrella being good. Anything else would be app whitelisting, patching, and doing other stuff to reduce vulnerablity.
|
# ? Sep 12, 2019 03:16 |
|
Internet Explorer posted:I'd agree with defender + umbrella being good. Anything else would be app whitelisting, patching, and doing other stuff to reduce vulnerablity. Do you manage w/ InTune?
|
# ? Sep 12, 2019 14:56 |
|
NevergirlsOFFICIAL posted:Do you manage w/ InTune? We don't today, still SCCM. I put Umbrella in at my last place and was very happy with it. Been happy with my interactions with Defender. I think they just added tamper protection, which is a necessity, but I think you have to manage in InTune. Trying to get my current place to jump on board with that and hybrid domain join. Umbrella was a huge help. Good spam filtering (Mimecast) was a huge help. Like I said, the rest to me is just being good about updates, not having local admins, endpoint and server firewalls, then doing SIEM stuff to have some visibility into any issues. [Edit: regarding Crowdstrike, I think the concept of this stuff being super interconnected is good, but I don't see the point, especially for an SMB, of doing that over Umbrella / Defender ATP / mail filter that is doing the same. All of these services are 'global services with lots of data that looks at global trends and reacts quickly'.] Internet Explorer fucked around with this message at 15:25 on Sep 12, 2019 |
# ? Sep 12, 2019 15:22 |
|
Ok got a reallll dumb/novice level question here. This is my first time ever fooling with a VPN. And our company has no IT guy/service. We have a QNAP NAS in the office. We also just opened up a remote office on the coast. So they need to be able to access our client files from there. VPN! QNAP has a built in QVPN service. I've installed that and setup the L2TP/IPsec server. Took just a couple of clicks. So, now I go into the native Windows 10 "Add a VPN connection" setup. Everything makes sense except for "server name or address" What goes there? For every other server setup type in the QVPN app (QBelt, OpenVPN, etc) they have port/ip information. But not for L2TP/IPsec. I'm guessing because the server name is just the WAN for the whole business? But then I would need some port information it would seem, correct?
|
# ? Sep 12, 2019 17:25 |
|
Wow. O365 kicked my rear end with how easily it handled everything. I thought I had to do way more but nope, it handled everything on its own basically. Thank you for the guidance!
|
# ? Sep 12, 2019 18:27 |
|
BonoMan posted:Ok got a reallll dumb/novice level question here. This is my first time ever fooling with a VPN. And our company has no IT guy/service. VPNs suck, especially client to site VPNs, and you should find a better solution.
|
# ? Sep 12, 2019 19:22 |
|
Internet Explorer posted:VPNs suck, especially client to site VPNs, and you should find a better solution. I'm up for anything! Essentially we're an ad agency that has about 6 tb of assets that need to be accessed via both locations. Ultimately I'd love to have physical servers at both locations that are file synced every hour or so. But there's likely not money for that yet, so right now just an easy "fast" way for the coast office to access our creatives files.
|
# ? Sep 12, 2019 19:45 |
|
BonoMan posted:I'm up for anything! Essentially we're an ad agency that has about 6 tb of assets that need to be accessed via both locations. Ultimately I'd love to have physical servers at both locations that are file synced every hour or so. But there's likely not money for that yet, so right now just an easy "fast" way for the coast office to access our creatives files. You want site to site VPN so both are on the same network, you do this with your firewall / router you may require additional licensing depending on what you are using.
|
# ? Sep 12, 2019 19:47 |
|
BonoMan posted:I'm up for anything! Essentially we're an ad agency that has about 6 tb of assets that need to be accessed via both locations. Ultimately I'd love to have physical servers at both locations that are file synced every hour or so. But there's likely not money for that yet, so right now just an easy "fast" way for the coast office to access our creatives files. Holy poo poo. Your QNAP's VPN is not the solution. You need edge devices doing a site-to-site VPN. What is your current router/firewall/edge appliance at both locations?
|
# ? Sep 12, 2019 19:48 |
|
Can you just put all that in the cloud? How big are the files, how fast is your internet, how many users, etc?
|
# ? Sep 12, 2019 19:52 |
|
Internet Explorer posted:Can you just put all that in the cloud? How big are the files, how fast is your internet, how many users, etc? Yeah, these are all super important concerns. Your 'remote' office will have a very poor experience if your internet connection can't handle the number of users and the size of the files.
|
# ? Sep 12, 2019 19:54 |
|
The Fool posted:Holy poo poo. I'm at home for the second so I'll get this all when I get back to the office but I should note that the ONLY thing they need access to is the files served on the very QNAP that is running the VPN. And that they won't "work" from it. Only pull files from time to time when they need a logo or reference to something we've done in the past. They don't need access to anything else on our network. Just the QNAP. Is the QVPN still a bad solution for that? Basically "hey I need the Illustrator project for this" "oh it's on the client drive in their folder." That kinda thing. The Fool posted:Yeah, these are all super important concerns. See above. It's generally just for file grabs when they need some work we've done in the past. I'm inquiring about the internet at the new office (it's literally in the process of being setup) and here we have AT&T fiber at 50/50. There will be 2 or 3 users that will need to access everything. edit: OH hey a pertinent piece of information I posted in the other thread but not here: quote:I've been pestering them for years to please dear god please hire a sys admin before everything goes totally south. BonoMan fucked around with this message at 20:06 on Sep 12, 2019 |
# ? Sep 12, 2019 20:00 |
|
BonoMan posted:Is the QVPN still a bad solution for that? Yes. quote:edit: OH hey a pertinent piece of information I posted in the other thread but not here: You may not need a fulltime sysadmin, it might be worthwhile to find a decent MSP to handle these kinds of issues for you.
|
# ? Sep 12, 2019 20:10 |
|
The Fool posted:Yes. They won't spend the money for that. Womp womp.
|
# ? Sep 12, 2019 20:26 |
|
BonoMan posted:They won't spend the money for that. Womp womp.
|
# ? Sep 12, 2019 20:27 |
|
The Fool posted:Holy poo poo. Ok coming back to this. So, knowing I'm not a sysadmin, when you say edge devices. Are you referring to EdgeRouter? Same brand as our EdgeSwitch?
|
# ? Sep 12, 2019 20:28 |
|
And actually, now that we have a new office, and there will need to be actual equipment and professional setups done... they might finally splurge for it. I probably wont' have as much leverage in the future as I do now to get this poo poo off mah drat back.
|
# ? Sep 12, 2019 20:31 |
|
BonoMan posted:Ok coming back to this. So, knowing I'm not a sysadmin, when you say edge devices. Are you referring to EdgeRouter? Same brand as our EdgeSwitch? Your edge devices are the network devices on the "edge" of your network - the first devices incoming traffic hits before continuing on further into your network, and the last device outgoing traffic goes through that you control. For small businesses it's often a firewall/router combo, and from the list of network items you provided it's probably your PFSense box. Another way to ask the question - what device that you control is connected to the AT&T provided equipment? Actuarial Fables fucked around with this message at 20:47 on Sep 12, 2019 |
# ? Sep 12, 2019 20:43 |
|
Actuarial Fables posted:Your edge devices are the network devices on the "edge" of your network - the first devices incoming traffic hits before continuing on further into your network, and the last device outgoing traffic goes through that you control. For small businesses it's often a firewall/router combo, and from the list of network items you provided it's probably your PFSense box. Gotcha, that's sort of what I thought as well (inre: edge devices). As far as the AT&T equipment. Looks like it plugs into one of our three Supermicro servers (each one is a Proxmox node). It's got a PFsense VM on it. I can log into that and see all my VPN settings.
|
# ? Sep 12, 2019 20:56 |
|
|
# ? Jun 5, 2024 16:39 |
|
That pfSense VM is your edge device for the main office. You'll also need to know what the remote office's edge device is.BonoMan posted:And actually, now that we have a new office, and there will need to be actual equipment and professional setups done... they might finally splurge for it. I probably wont' have as much leverage in the future as I do now to get this poo poo off mah drat back. This is probably the best option. I assume you're not being paid extra to do IT work in addition to your regular work, right?
|
# ? Sep 12, 2019 21:16 |