|
I've been air dropped into a flailing corporate InTune project and from what I understand Microsoft "recommends" installing a teamviewer intune connector to allow "hands on" remote assistance/administration of remote PCs? I can't even type that sentence without screwing up my face. https://docs.microsoft.com/en-us/mem/intune/remote-actions/teamviewer-support I 100% can't or don't want to believe that there isn't some way to do this over RDP or something without relying on teamviewer as a third party...
|
# ? Aug 4, 2021 21:24 |
|
|
# ? May 25, 2024 23:23 |
|
Yup, that's correct. I'll save you some time and say that the integration between MEM and TeamViewer is garbage and that you're better off just using the remote tool of your choice. RDP doesn't give you access to a user's session, so it's a non-starter. You can use QuickAssist, if your users can handle it, but it won't get you admin access and will disconnect you if you log off the user session.
|
# ? Aug 4, 2021 21:47 |
|
Sanity check on my personal backup strategy, Been thinking about how well I could recover from a ransomware attack and made some design changes. Home environment: 2 desktops 3 laptops ESXi host with a couple VMs All of the above are being protected via Veeam image level backups to an SMB share on my unRaid server. I recognized that this veeam repo would easily be compromised as well so I attached a big USB drive to my unraid box and am mirroring that repo to it weekly via a duplicati instance running on unRaids docker environment. The USB drive isnt share in anyway and is basically passed right to the duplicati instance. Off the top of my head I can't picture a way a drive by malware infection would be able to attack that USB drive as it's not really exposed anywhere. Am I missing something obvious? Also - Didnt we used to have a dedicated backup thread?
|
# ? Aug 4, 2021 22:03 |
|
cr0y posted:All of the above are being protected via Veeam image level backups to an SMB share on my unRaid server. I recognized that this veeam repo would easily be compromised as well so I attached a big USB drive to my unraid box and am mirroring that repo to it weekly via a duplicati instance running on unRaids docker environment. The USB drive isnt share in anyway and is basically passed right to the duplicati instance. Off the top of my head I can't picture a way a drive by malware infection would be able to attack that USB drive as it's not really exposed anywhere. Am I missing something obvious? If you wanted to either simplify out the extra USB drive, or add another layer of security, a quick google says that veeam can save different SMB credentials. So it doesn't have to backup to a share that the normal logged-in user has access to. You could set up your NAS such that the share space that holds backups doesn't have write permissions for your regular usernames. An intelligent hacker might discover the keys veeam has saved, but no normal malware is likely to make that leap. cr0y posted:Also - Didnt we used to have a dedicated backup thread? https://forums.somethingawful.com/showthread.php?threadid=3869710
|
# ? Aug 4, 2021 23:16 |
|
Martytoof posted:I've been air dropped into a flailing corporate InTune project and from what I understand Microsoft "recommends" installing a teamviewer intune connector to allow "hands on" remote assistance/administration of remote PCs? We sidestep this by using quickassist (and a few GPO to make UAC go thru), the teamviewer connector is pretty much a link generatorn, not much else.
|
# ? Aug 5, 2021 12:44 |
|
I presume the policies to make UAC work is just to disable the prompt being displayed on a secure desktop, rather than anything specific to QuickAssist
|
# ? Aug 5, 2021 13:00 |
|
Has anyone had any real concerns with turning on remote to remote symbolic links on windows 10 workstations? Everything I can find over this subject has to do with the nature of symlink/smb fuckery, but nothing specifically with turning remote to remote setting on. It doesn't seem like a change that has zero risk, but not a risk that I can easily quantify.
|
# ? Aug 5, 2021 15:05 |
|
A public service announcement from LMR: Your ICS/SCADA is on fire. Your castles are ash. Firmware with no path to update besides UART/JTAG speak loudly to individual ears. Quiet and generic traffic over Swiss Cheese ACLs. Poorly implemented DMZs held behind Fortigates and Checkpoints contain VMs touching your LAN. Skiddie's and patsies pivot into critical infrastructure which hold many bones in tiny closets, they supply a ring of keys at little cost. BLDC's and actuators halt when PLCs and ESCs cannot speak in new three wire langues. CONUS or OCONUS, it does not matter. Grep -Ev your logs to ensure you can enjoy your weekend. Your SIEM is a blind liar. Your airgaps have no gaps. Your factory floor and generator rooms hold no steam. Caterpillars, Miss Westinghouse, and Mister Schneider do not have fix actions. We build castles, we burn castles. We do not do this for profit, personal gain, or personal safety. CORIUM FIELDS are singing a new tune. ATB-JW BEAT GOLD BONE PASS
|
# ? Aug 5, 2021 19:00 |
|
whimsicaltelegraph posted:A public service announcement from LMR: Truer words have not been spoken. Did an IR last week with an industrial client. We found at least 3 different threat actors in their environment.
|
# ? Aug 5, 2021 19:10 |
|
https://www.youtube.com/watch?v=xHVE7L00v-E
|
# ? Aug 5, 2021 19:18 |
|
The biggest threat actors in enterprises right now are the people who run the networks. I mean, or the people who fail to adequately fund the above.
|
# ? Aug 5, 2021 19:27 |
|
Martytoof posted:The biggest threat actors in enterprises right now are the people who run the networks. Its been a long road of network department goals of "having a reliable, highly available network" runs opposite of network security goals. Its incredibly tedious to design a network with security in mind. Why go through the extra time, manpower, complexity, and money when you just have to fight every time a new project comes down the pipe. They are actively rewarded by not having things secured. Projects are easier to implement, the networks are easier to manage, and the manpower involved is so much less expensive. And why should network teams care anyway? When a compromise happens, its not going to come down on them. Sickening fucked around with this message at 19:40 on Aug 5, 2021 |
# ? Aug 5, 2021 19:36 |
|
My old boss a few companies ago told me that I shouldn't worry, if we were breached it wouldn't be my rear end in the newspapers anyway. Yeah, but my resume has the word "security" and the name of the lovely company that so I wouldn't be looking forward to the new few interviews
|
# ? Aug 5, 2021 19:38 |
|
Martytoof posted:My old boss a few companies ago told me that I shouldn't worry, if we were breached it wouldn't be my rear end in the newspapers anyway. I can tell you with absolute confidence that nobody cares that you were working for a company during a time it had a breach. Not even if you were in security. At worst you get docked points if you give the wrong kind of answers when pressed. Maybe leaders get judged, but even high profile CISO's of companies with embarrassing breaches seem to land on their feet so .....
|
# ? Aug 5, 2021 19:43 |
|
Martytoof posted:Yeah, but my resume has the word "security" and the name of the lovely company that so I wouldn't be looking forward to the new few interviews "i told them the risk, escalated appropriately, and they accepted the risk against my recommendation" is a perfectly fine answer. it only looks bad if you're the one that accepted the risk and you don't have a good story about how the benefits of doing so outweighed the obvious costs
|
# ? Aug 5, 2021 19:55 |
|
Sickening posted:I can tell you with absolute confidence that nobody cares that you were working for a company during a time it had a breach. Not even if you were in security. At worst you get docked points if you give the wrong kind of answers when pressed. Everyone is gonna get hacked/breached eventually. The question is what you do when that happens. Nobody should be holding that against you unless you exasperated the issue when it did eventually occur.
|
# ? Aug 5, 2021 20:09 |
|
Thanks Ants posted:I presume the policies to make UAC work is just to disable the prompt being displayed on a secure desktop, rather than anything specific to QuickAssist We originally did that to make SCCM remote control work so it’s not quickassist exclusive. Weirdly enough every remote control option in the intune docs beside teamviewer seems to have issues with uac.
|
# ? Aug 5, 2021 20:20 |
|
CommieGIR posted:Everyone is gonna get hacked/breached eventually. The question is what you do when that happens. Nobody should be holding that against you unless you exasperated the issue when it did eventually occur.
|
# ? Aug 5, 2021 20:37 |
|
Sickening posted:Its been a long road of network department goals of "having a reliable, highly available network" runs opposite of network security goals. Its incredibly tedious to design a network with security in mind. Why go through the extra time, manpower, complexity, and money when you just have to fight every time a new project comes down the pipe. They are actively rewarded by not having things secured. Projects are easier to implement, the networks are easier to manage, and the manpower involved is so much less expensive. And this is why you should have an overall risk assessment of all your business processes, which includes vulnerability assessments of underlying systems and assets. If you can show management that everything is resting on a platform that's ...insecure, and highlight a couple of likely catastrophical scenarios, they will hopefully be much more inclined to actually do something. Incidentally, all the business risks should be assigned to the network guys, so they actually have a reason to care, but also some leverage to get the needed resources. And then you can go play with the unicorn and watch incompetent managers get punished for being terrible. Also no one is falling for phishing emails.
|
# ? Aug 5, 2021 20:53 |
|
BonHair posted:And this is why you should have an overall risk assessment of all your business processes, which includes vulnerability assessments of underlying systems and assets. If you can show management that everything is resting on a platform that's ...insecure, and highlight a couple of likely catastrophical scenarios, they will hopefully be much more inclined to actually do something. Incidentally, all the business risks should be assigned to the network guys, so they actually have a reason to care, but also some leverage to get the needed resources. Aww yes, the risks assessments will surely change their minds. The guilty will be punished and the heroes will save the day.
|
# ? Aug 5, 2021 21:00 |
|
DACK FAYDEN posted:Exacerbated. You were likely exasperated with the issue from day one. Sorry phone posting
|
# ? Aug 5, 2021 23:44 |
|
lol just saw the thread title, it's good
|
# ? Aug 5, 2021 23:55 |
|
Sickening posted:Aww yes, the risks assessments will surely change their minds. The guilty will be punished and the heroes will save the day. That's why I added the unicorns. I have managed to change a few minds in management by laying the risks clearly in front of them though. Having a very clear scenario that connects to the bottom line for each risk is key though, like "it's pretty easy to remotely connect with admin rights. If an admin accidentally or through coercion loses his password, all production will shut down and also a lot of fake bills will get paid. Also no one will trust us to keep anything safe for the next year. If you want to not have this risk, pay $X to implement 2FA". Then give it a pretty red colour to match and maybe some charts. At the very least, you'll have covered your rear end, but hopefully someone will want to avoid losses, and or gets harder to argue against when it's not about IT, but about the bottom line. The hard part is to take all the tech out of the risk assessments and replace it with management stuff.
|
# ? Aug 6, 2021 09:09 |
|
Thought you guys might have an opinion on this one https://m.slashdot.org/story/388671
|
# ? Aug 6, 2021 15:25 |
|
The scanning of your photos already takes place on any modern iPhone or Android anyhow, from what I understand--that's how it helpfully identifies faces and suggest tags and whatnot. But auto-notifying authorities about what it finds there....yeah. Sounds fine for CP, but the people warning about it aren't wrong that there are certain countries who will 100% try to pressure them for more data, more reporting, etc. China would LOVE to get notified about pictures of all sorts of stuff, I'd imagine, and Russia would be right next in line, along with Iran and a bunch of other places. Hell, even in the US it's not a hard stretch to think that some "well meaning" politicians would push for overly broad reporting to authorities. So yeah, not really in favor of this.
|
# ? Aug 6, 2021 18:57 |
|
Wonder how American phones are identified. I can think of any number of events that would also include my Canadian phone by accident, or on purpose.
|
# ? Aug 6, 2021 19:01 |
|
lol if you think the United States government would even hesitate at the opportunity to further spy on its own citizens
|
# ? Aug 6, 2021 19:02 |
|
Martytoof posted:Wonder how American phones are identified. I can think of any number of events that would also include my Canadian phone by accident, or on purpose. Could be as simple as applying it to any personal phone with a US-based payment address. Businesses might be a bit more complex, but I'd imagine they've got a plan of some sort. I also doubt they'd overly care about hitting some Canadian phones with it, anyhow--you'll have to agree to the EULA change so whatever.
|
# ? Aug 6, 2021 19:05 |
|
Are they scanning for file hashes to see if they match an existing database of CP?
|
# ? Aug 6, 2021 19:05 |
|
Bonzo posted:Are they scanning for file hashes to see if they match an existing database of CP? theguardian posted:Apple’s tool, called neuralMatch, will scan images before they are uploaded to the company’s iCloud Photos online storage, comparing them against a database of known child abuse imagery. If a strong enough match is flagged, then Apple staff will be able to manually review the reported images, and, if child abuse is confirmed, the user’s account will be disabled and the National Center for Missing and Exploited Children (NCMEC) notified. So from the sound of it, not just straight file hashes, but probably AI-based image matching against a known DB.
|
# ? Aug 6, 2021 19:10 |
|
There's some technical details in these threads but it's not a direct hash match. https://twitter.com/jonathanmayer/status/1423374351097757697 https://twitter.com/matthew_d_green/status/1423106135935143943
|
# ? Aug 6, 2021 19:12 |
|
it's probably something like photodna
|
# ? Aug 6, 2021 19:34 |
|
klosterdev posted:lol if you think the United States government would even hesitate at the opportunity to further spy on its own citizens All your have to do is listen to whoever is the FBI director at any given time screaming about how Encryption is allowing criminals to evade their traditional methods of spying, which is why companies that don't actively support child porn should allow them to have encryption keys for all conversations. I remember this exact line of attack happening for decades.
|
# ? Aug 7, 2021 02:00 |
|
https://twitter.com/TadeuszGiczan/status/1424734523519025152?s=20
|
# ? Aug 9, 2021 19:41 |
|
Waiting to find out that the way in was via TeamViewer to an unregistered Win7 box.
|
# ? Aug 9, 2021 22:45 |
|
How will we ever stop these highly sophisticated attacks??
|
# ? Aug 9, 2021 22:48 |
|
I'm told something called the "block chain" can assist in that.
|
# ? Aug 10, 2021 17:15 |
Shuu posted:How will we ever stop these highly sophisticated attacks??
|
|
# ? Aug 10, 2021 19:21 |
|
Shuu posted:How will we ever stop these highly sophisticated attacks?? It's impossible, and anyway, this specific Windows 98 machine hasn't been compromised yet and we are working on getting a replacement system, so don't worry about it. Also, did anyone see my notebook? I can't remember my password to the ERP system...
|
# ? Aug 10, 2021 19:33 |
|
|
# ? May 25, 2024 23:23 |
|
BlankSystemDaemon posted:Put an end to Eternal September. The ransomware actors are trying!!
|
# ? Aug 10, 2021 19:43 |