|
Not sure where else to go with this. I work for a small Mom n Pop IT shop doing work for business clients. Yesterday, we had some strange behavior going on a client's server. It turned out that someone had RDP'd into it using an old account with a weak password. Well, this person did not cover their tracks and left a web browser window up with many tabs open. Most of these tabs were dating sites. The intruder was phishing for information from these women, and by the looks of it, he was doing pretty well for himself. One of the tabs was an email, evidently sent to himself, with information from one of the women he was targeting including name, address, routing info, bank, username, password, and security questions and answers. It is not entirely clear from this email if this is legit information and how he got it, but it would appear to me he is sending himself that information to an email account for archive purposes. Long story short, we did some research based on a few key pieces of information in the email and believe we have tracked this gentleman down. I have his Facebook page, "hacking" website, Twitter account, and full name and location (city). I have IP addresses leading to his home country but have no way of verifying those are legit or proxies. What should I do with this information? I'm not into counter-terrorism and I don't have the time or desire to further this investigation myself. Turn the information into local police? FBI? Do nothing?
|
# ¿ Jun 11, 2015 23:13 |
|
|
# ¿ Apr 28, 2024 21:05 |
|
We've decided to give it to the local detective. If they want to run it up the chain, they can. This guy's a pretty small fish but if he's scamming routing information from someone he is racking up some fed charges, who knows maybe someone already has a case on him and our evidence could help. Thanks for the advice everyone.
|
# ¿ Jun 12, 2015 15:57 |
|
Thants for this thread. Anyone using GoTo Connect for IP phones? I have a client with issues with it and I assume it's the configuration-limited Spectrum router, but if it's just a bad service overall I might recommend something else. I can turn SIP ALG on or off, that's it (it's off).
|
# ¿ Apr 12, 2022 00:19 |
|
wolrah posted:What kind of issues are you experiencing? I recently helped diagnose an issue with a partner's client who had a whitelabeled version of that service and it was a NAT timeout thing. I've also seen talk recently about Spectrum enabling SIP rate limiting in some areas, though happily I haven't actually seen that myself. The two main issues that have been reported are one side can't hear the other, and 1-2 second delay before audio starts being picked up when a call begins. The issues are intermittent.
|
# ¿ Apr 13, 2022 01:56 |
|
wolrah posted:The technical idealist part of me wants to defend SIP as being a perfectly reasonable protocol for reasonable networks where devices have real IP addresses, and point out that NAT is the real problem. ALG devices only exist because of NAT, so we should just get rid of the actual problem. Thanks! I'm likely going to have to swap out the router to get it working, they have a Sagemcom from Spectrum and it's severely limited in what can be changed. They're convinced the Spectrum equipment will work and haven't come to grips yet.
|
# ¿ Apr 14, 2022 16:49 |
|
wolrah posted:Definitely check your UDP timeout settings, that definitely sounds like NAT problems. Cisco tends to want 300+ second timeouts for their hosted voice products and most firewalls will default to somewhere between 30 and 60 seconds. Gorson posted:The two main issues that have been reported are one side can't hear the other, and 1-2 second delay before audio starts being picked up when a call begins. The issues are intermittent. Update on this I've convinced them we need to test with non-Spectrum equipment so I've got a Ubiquiti I had lying around configured with all the settings I wasn't able to get to on the Spectrum. Those Spectrum Sagemcoms are pure unfiltered trash. I'm still waiting back to hear if there are any improvements. I see their support has been rolling out the same document since they were "Jive" communications: • DNS Servers: 8.8.8.8 and 8.8.4.4. • Ports: 5060 & 5061 must be open • SIP ALG: Must be disabled. • UDP Timeout: Must be increased to at least 300 seconds. • SIP Transformations: Must be disabled. • Consistent NAT: Must be enabled IIRC SIP Transformations and Consistent NAT are Sonicwall proprietary?
|
# ¿ Apr 28, 2022 12:01 |
|
Anyone have a HIPAA compliance guideline that's easy for clients to understand? Something I can quickly quote or copy/paste from instead of having to explain every time?
|
# ¿ Jun 1, 2022 14:44 |
|
carlcarlson posted:uhh, anything more specific than that? HIPAA compliance covers a very wide range depending on how an entity is covered. HIPAA compliance focuses on three types of controls: physical, administrative, and technical, but there is an almost infinite amount of nuance beyond that. Happiness Commando posted:Customer: we need to be compliant. Please walk through this audit for us Yeah this, basically. Every once in a while I'll get a call from a client that just talked to their lawyer, or attended a business seminar, whatever, and they'll be suddenly up in a tizzy about HIPAA compliance. So I say the same things I always say: "HIPAA requires that you follow all possible best IT security practices, there is no cut and dried rulebook specifically written by them. The rules in IT change often so it is something that constantly needs to be verified and adjusted. I'd be happy to look over every one of your IT processes to determine any weak areas, but everything that I can currently control follows their guidelines" (CYA). They don't want to pay for HIPAA compliance, I think they're just looking for something to sign or print out and sign or to hang on the wall. As outside support I don't have the power to force them to do anything, only warn them. However if there's a good checklist that lets them know in black and white what they need to do, I can use it to help them both increase their security AND make myself some revenue instead of the routine of answering the same email over and over. Even better if it's straight from the HHS or other gov't entity. Even better if bullet pointed *sigh*.
|
# ¿ Jun 2, 2022 15:23 |
|
|
# ¿ Apr 28, 2024 21:05 |
|
I moved up to 500GB SSD minimum ever since my users began testing the theoretical limits of .pst file sizes (incidentally, it's 50GB): I generally just use 365 for email hosting for clients since it keeps everything in one place and everyone uses Outlook, but is there somewhere else I should be looking?
|
# ¿ Aug 3, 2022 12:56 |