|
spankmeister posted:That's why you should block outbound 445 at the perimeter, not on individual machines.
|
# ? Mar 15, 2023 19:54 |
|
|
# ? May 25, 2024 04:45 |
|
You say "oh block SMB at the perimeter" but Azure Files is a thing https://learn.microsoft.com/en-us/azure/storage/files/storage-files-identity-auth-azure-active-directory-enable?tabs=azure-portal You can argue whether people should be using it I guess, but it's a valid use case.
|
# ? Mar 15, 2023 19:56 |
|
I blocked 445 outbound from my WiFi segment just in case. Don't use outlook on my personal machines anyway.
|
# ? Mar 15, 2023 19:58 |
|
Internet Explorer posted:How does blocking at the perimeter work when 90% of your userbase is at home? Some ISPs do, but that's obviously not something you want to rely on. InfoSec isn't my area of speciality, but to me, relying on the perimeter seems old and dated. User laptops locked to a VPN, if properly managed with policy and certificates and whatnot it's pretty hard to break the machine out of the tunnel.
|
# ? Mar 15, 2023 19:58 |
|
absolutely not [will I use laptops on VPN]
|
# ? Mar 15, 2023 20:00 |
|
Full tunnel is great if you want the user experience to be poo poo
|
# ? Mar 15, 2023 20:01 |
|
Its like I am in a time machine and its 2010 all over again.
|
# ? Mar 15, 2023 20:02 |
|
Thanks Ants posted:Full tunnel is great if you want the user experience to be poo poo Oh poo poo we never even considered the user experience.
|
# ? Mar 15, 2023 20:03 |
|
Another thing, by NO means is this the first or only way of getting NTLM authentications out of a network. This just happens to be nasty due to it being a really low bar, not requiring user interaction at all, and works on any user with an email address (not 100% sure on this requirement). Other examples include dropping a malicious .lnk file on a network share where the icon points to your evil server, or putting a file:// link in a word document. Stuff like that. Inside the network this specific outlook vulnerability is way more powerful though because you can relay it against other services (IF they have SMB signing disabled) so for example you can use this bug to get a domain admin to authenticate against you, and if you can relay that to the domain controller, and the admins are dumb enough to have signing disabled.... you can do a DCSync and dump all the NTLM hashes for all the users. And not only that but you have the kerberos keys including the KRBTGT which allows you to forge any ticket for any user for any service. Even if everyone changes their password, you can still impersonate them. Windows Active Directory is hilariously broken in a lot of ways that can't be fixed. Most or all of these problems have mitigations but it takes one mistake and you have the keys to the kingdom.
|
# ? Mar 15, 2023 20:06 |
|
Thanks Ants posted:You say "oh block SMB at the perimeter" but Azure Files is a thing Cool, I'm glad this exists, our Managed IT provider told us last year this didn't really work and it looks like they're still working on it.
|
# ? Mar 15, 2023 20:18 |
|
You need a few things in place (synced AAD, Kerberos cloud trust) and I am not using it at scale, but it does work.
|
# ? Mar 15, 2023 20:51 |
|
the perimeter is dead
|
# ? Mar 15, 2023 20:59 |
|
CLAM DOWN posted:the perimeter is dead Long live the cloud! (The threats are also in the cloud)
|
# ? Mar 15, 2023 21:01 |
|
Sickening posted:Its something that is easy to say but not easy to actually do. Workstation firewall management can be a lot of loving pain in the rear end poo poo to configure and support. I would say a lot of companies end up with results of being too restrictive and creating too many support tickets, or not being restrictive enough and getting into these situations. Yeah, I guess there's a reason it's not common. The firewall is probably not the place to make qualitative determinations of a bit of traffic's threat via dumb attributes like port.
|
# ? Mar 15, 2023 21:18 |
|
Thanks Ants posted:Full tunnel is great if you want the user experience to be poo poo I'm sure this single T1 line out of our data center is fine for our 10,000 employees working from home. Wireguard? That sounds new and is therefore scary. PPTP has been around a long time and I'm sure is fine.
|
# ? Mar 15, 2023 21:36 |
|
I'm sure there's people using Zscaler or Cloudflare Magic WAN or whatever but for every one company doing that there's probably 10 with an always-on PPTP VPN routing all their traffic through a Windows 2008 server on a cable modem and messing geolocation up for everybody.
|
# ? Mar 15, 2023 21:40 |
|
Thanks Ants posted:I'm sure there's people using Zscaler or Cloudflare Magic WAN or whatever but for every one company doing that there's probably 10 with an always-on PPTP VPN routing all their traffic through a Windows 2008 server on a cable modem and messing geolocation up for everybody. 2008? Shodan has ISA servers currently active running srv 2003. https://www.shodan.io/host/181.225.240.230
|
# ? Mar 15, 2023 22:01 |
|
Thanks Ants posted:Full tunnel is great if you want the user experience to be poo poo Sickening posted:Its like I am in a time machine and its 2010 all over again. My company's terrible remote IT strategy over the last few years is being called out.
|
# ? Mar 15, 2023 22:01 |
|
CLAM DOWN posted:the perimeter is dead Its definitely a phrase that when someone says it in a meeting I automatically thing they are a dinosaur or at the very least suspect.
|
# ? Mar 15, 2023 22:18 |
|
spankmeister posted:That's why you should block outbound 445 at the perimeter, not on individual machines. The issue with blocking at the perimeter is that it's obviously less effective at preventing pivots.
|
# ? Mar 15, 2023 22:48 |
|
CLAM DOWN posted:the perimeter is dead LMAO no its not. Even the emphasis on Edge computing doesn't really end edge firewalls. evil_bunnY posted:I literally don't know of a current/past employer/customer where users could SMB to public IP space, and I've consulted for *janky* places. Segmentation and carefully auditing of internal firewall rules is critical for stuff like that. SMB is going away in some places, but its still an effective filesharing method and NFS hasn't really replaced it outside pure linux environments.
|
# ? Mar 15, 2023 23:30 |
|
Internet Explorer posted:How does blocking at the perimeter work when 90% of your userbase is at home? Some ISPs do, but that's obviously not something you want to rely on. InfoSec isn't my area of speciality, but to me, relying on the perimeter seems old and dated. While the user base is "at home" is this number assuming that there is a close representation of people using hardware not provided by the company?
|
# ? Mar 16, 2023 00:04 |
|
.... no? No. Why?
|
# ? Mar 16, 2023 00:11 |
Doesn't a mounted SharePoint site use SMB? Lots of places are ran by the business and will have things like that.
|
|
# ? Mar 16, 2023 00:50 |
|
Submarine Sandpaper posted:Doesn't a mounted SharePoint site use SMB? Lots of places are ran by the business and will have things like that. Yes but they've added One Drive compatibility.
|
# ? Mar 16, 2023 01:06 |
If the clients I setup a onedrive sync using .lnk files for offsite backups won't pay for real backups, they won't abide an infrastructure lead block of external SMBs and a change in process, or god forbid, an expense. I'll be curious if a law firm gets hit soon.
|
|
# ? Mar 16, 2023 01:17 |
|
"This house is protected by Ring Security" .......well poo poo.
|
# ? Mar 16, 2023 02:10 |
|
Takes No Damage posted:"This house is protected by Ring Security" Who could have ever predicted this
|
# ? Mar 16, 2023 02:34 |
|
ring ring ring ring ring ring ring THE RANSOM PHONE
|
# ? Mar 16, 2023 02:43 |
|
Ring ring ring goes the ransom/ Ding ding ding you've been hacked/ Bling bling bling went your money/ From the moment your system was cracked
|
# ? Mar 16, 2023 02:50 |
|
Takes No Damage posted:"This house is protected by Ring Security" lol great.
|
# ? Mar 16, 2023 03:06 |
|
Shumagorath posted:ring ring ring ding dong ding dong ding dong ding THE RANSOM HOOME
|
# ? Mar 16, 2023 03:15 |
|
Perimeters are dead Rings are dead When will the war on circles end
|
# ? Mar 16, 2023 03:50 |
|
Somewhere in a lonely basement room There's a guy starting to realize That eternal fate has turned its back on him It's two A.M It's two A.M., the password's gone (It's two A.M., the password's gone) I'm sitting here waitin', the camera's warm (I'm sitting here waitin', the camera's warm) Maybe my connection is tired of takin' chances Yeah, there's a storm on the loose, sirens in my head Wrapped up in ransom, all circuits are dead Cannot decode, my whole life spins into a frenzy Help, I'm steppin' into the IoT Zone Place is a madhouse, data's being cloned My bacon's been moved under moon and star Where am I to go now that I've gone too far?
|
# ? Mar 16, 2023 04:01 |
|
loving good, ring is gross
|
# ? Mar 16, 2023 04:12 |
|
Kesper North posted:loving good, ring is gross Get your partner to wash it and it tastes fine?
|
# ? Mar 16, 2023 04:22 |
|
To the tune of ring of fire by Johny cash I hear the doorbell ringing, it's late at night I check my Ring app to see what's in sight But something's wrong, it's not what it seems My Ring's been hacked, it's like a bad dream It's the hack of the Ring, the hack of the Ring My smart doorbell's been compromised, it's a terrible thing The breach of my privacy, the danger it brings Oh, no, it's the hack of the Ring I thought I was safe, with my high-tech device But hackers, they found a way to break in, so precise My heart starts racing, my face turning white As my Ring of fire turns into a Ring of fright It's the hack of the Ring, the hack of the Ring My smart doorbell's been compromised, it's a terrible thing The breach of my privacy, the danger it brings Oh, no, it's the hack of the Ring In this digital age, we're surrounded by screens But with every new gadget, there's a risk unforeseen So be cautious and careful, protect what you hold dear Or the hack of the Ring may bring you to tears It's the hack of the Ring, the hack of the Ring My smart doorbell's been compromised, it's a terrible thing The breach of my privacy, the danger it brings Oh, no, it's the hack of the Ring
|
# ? Mar 16, 2023 04:41 |
|
I fell into a burning Ring fire They went down, down, down, and the flames went higher And it burns, burns, burns, Ring garbage fire, Ring garbage fire
|
# ? Mar 16, 2023 04:47 |
|
Takes No Damage posted:Somewhere in a lonely basement room hell yeah
|
# ? Mar 16, 2023 13:23 |
|
|
# ? May 25, 2024 04:45 |
|
Klyith posted:1Password if you can afford $3 per month and want to be done with this poo poo forever. Dumb question - but I came across this post from somewhere in business, finance etc given Lastpass's incredible idiocy these last few years. I've migrated over to 1password but I saw digital cruft mentioned here. How can I go about closing accounts that I no longer use, or is it just a whack-a-mole of emailing websites to close my account, or stop using accounts at service x, y, z and pray they eventually rot away?
|
# ? Mar 18, 2023 00:00 |