|
Defenestrategy posted:is everyone else going through steps to rearchitecting their jobs network to a more "zero trust based" network or is it just me? We're rolling out a greenfield underlay network based on SR-MPLS for all our OT poo poo, then moving all our existing poo poo over to that network piece by piece. We can only do this because we have spare fibre capacity going literally everywhere, and I am eternally grateful for that fact. Trying to "do it live" would have sucked so hard.
|
#
¿
Nov 17, 2022 19:02
|
|
|
|
| # ¿ May 11, 2024 17:15 |
|
|
BlankSystemDaemon posted:KeePass and SyncThing work extremely well together if you have at least one machine you can leave running all the time. I use KeePass with Dropbox, seems to work fine. Work has 1password, so I get a free personal account there, I should probably switch.
|
|
#
¿
Dec 26, 2022 11:27
|
|
|
Thanks Ants posted:I know because it happened to us this week, someone got phished, we reset their password and authentication methods and then they set their password back to the same thing it was before, and someone submitted a bunch of emails through it Oh for fucks sake 
|
|
#
¿
Feb 10, 2023 18:39
|
|
|
I blocked 445 outbound from my WiFi segment just in case. Don't use outlook on my personal machines anyway.
|
|
#
¿
Mar 15, 2023 19:58
|
|
|
This should be a fun one to deal with  https://twitter.com/ItsSimonTime/status/1636857478263750656
|
|
#
¿
Mar 18, 2023 21:48
|
|
|
BlankSystemDaemon posted:The one thing Edge got right, is that it implements a sandbox that's enforced from a higher privilege (ie. by using VMENTER/VMEXIT for hardware-assisted virtualization). That is literally the only thing they got right. Beyond that it's full of Microsoft bullshit.
|
|
#
¿
Apr 9, 2023 12:16
|
|
|
RFC2324 posted:Its a home lab for my partner and me, between my system overengineering, and her network overengineering, it's pretty rare for us not to have something broken. That's why you have a separate uSFF box for the stuff that you actually need online 
|
|
#
¿
Apr 9, 2023 14:05
|
|
|
jaegerx posted:Don’t use google authenticator sync to cloud 
|
|
#
¿
Apr 27, 2023 23:15
|
|
|
some kinda jackal posted:MOVEit the gently caress off your network 
|
|
#
¿
Jun 16, 2023 09:28
|
|
|
KS posted:gently caress Cisco. 
|
|
#
¿
Jun 24, 2023 13:32
|
|
|
Thanks Ants posted:No you see to be compliant with what this third party says we have to give up our passwordless identity platform and return to enforced password complexity with 30 day expiration. Yeet the third party out a window.
|
|
#
¿
Jun 29, 2023 23:05
|
|
|
It's time to move off Azure, y'all https://www.wiz.io/blog/storm-0558-compromised-microsoft-key-enables-authentication-of-countless-micr 
|
|
#
¿
Jul 22, 2023 00:46
|
|
|
Head Bee Guy posted:Do you guys like your jobs? Most days of the week. Not the days of the week I have to be in meetings to deal with Azure Stack HCI though. Seems pretty hollow to implement full network micro-segmentation and spending stupid amounts of money on Palo Alto firewalls, only to have IT move our SCADA VM stack from VMware to Azure Stack HCI ... that requires all VMs to talk to the loving cloud
|
|
#
¿
Aug 16, 2023 05:29
|
|
|
They say it keeps working, but we obviously lose all the fancy functionality.
|
|
#
¿
Aug 16, 2023 07:08
|
|
|
i am a moron posted:Stack has nothing to do with Azure regions being available afaik. I’ve been doing azure consulting for… I dunno a decade or something but I’ve never actually implemented it so I could be wrong. That would be counter to the entire premise of using it. It’s dumb for a billion other reasons though Stack will run up to 30 days offline, yeah. It's still really dumb.
|
|
#
¿
Aug 16, 2023 14:35
|
|
|
Internet Explorer posted:But please don't turn this into a troubleshooting thread. These poor infosec folks have been abused enough. Thank you  I got a mail from a consultant on the way home from work today, they want all the things opened to the internet from one of our SCADA zones because of Azure bullshit. Of course it has to happen yesterday. I want to strangle someone. A stiff drink feels very tempting at this point.
|
|
#
¿
Aug 16, 2023 17:16
|
|
|
I have a well stocked liquor cabinet ... that I have to refill regularly.
|
|
#
¿
Aug 16, 2023 18:01
|
|
|
BonHair posted:Be sure that the guys understand that you can't solve everything with automation, you gotta think a bit too. And also make sure they can talk to people, even in kinda hostile situations. You don't want introvert nerds who will break to any stupid demand unless you have someone to take all the battles for them. I dunno, try lightly teasing the candidates about their education or something and see if they fight back or just agree with your dumb opinions. But they also gotta be flexible, so don't get too arrogant young white men. The. What? E: ok now that my brain has had some time to simmer down from that, here's some actual content: When you lead a team, they work for you, they're your people. Your job is to make them the best they can be, and to shield them from the inevitable bullshit that comes from (upper) management. If you take care of your people, they will take care of you.
|
|
#
¿
Aug 21, 2023 19:02
|
|
|
GrunkleStalin posted:Thank y’all for the advice. It helped me calm down and recover from my doom spiral. The fact that you're worried means you'll more than likely be fine.
|
|
#
¿
Aug 23, 2023 11:14
|
|
|
I had no meetings today 
|
|
#
¿
Sep 20, 2023 15:11
|
|
|
BonHair posted:Preferably, get a buddy you can set up fake meetings with, since calendar time marked "busy" will often just get ignored by the meeting people. Be ruthless when declining meetings. They'll get the point sooner or later. Or they'll make do without you in that meeting. Diva Cupcake posted:What's it like being on vacation? I'm not on vacation (See also: the above).
|
|
#
¿
Sep 20, 2023 16:29
|
|
|
cr0y posted:I just had an OT engineer shocked, SHOCKED that we run CrowdStrike on our industrial control servers. He had an unrelated issue, and is now making enough noise that we should: I'm an OT (networking) engineer, and I would fire this person. some kinda jackal posted:If this is part of an active incident with operational impact then help triage and trouibleshoot and disable with proper incident management approval. If he's just making noise then feed him a security policy exception form to get signed off by the CIO or whoever. Let them explain why they don't need to follow policy. This is the only exception I will allow, it's been several days since the last time we had to do it 
|
|
#
¿
Sep 28, 2023 18:41
|
|
|
We recently implemented geofiltering and cut down on inbound crap by a lot. 10/10 would recommend.
|
|
#
¿
Oct 4, 2023 19:18
|
|
|
BonHair posted:It's true, buying a pentest is a one time, measurable and budgetable action which does something related to security. Having a guy just telling you what the test would find is nebulous in all the important ways, especially since the recommendations are gonna include stuff like "keep things updated regularly" which is just gonna keep being nebulously expensive forever. We ran a pentest, literally everyone went  , now we're spending millions on upgrades, and plan on running another pentest after we're done fixing the major issues.We're 100% going to find a bunch of new poo poo that the old test didn't find, I just know it. But I also know that our networks will be in much better shape, with new firewalls and a lot of work put into re-establishing proper segmentation that had eroded over years of "gently caress it stopped working, we gotta fix it now now now" type maintenance.
|
|
#
¿
Oct 16, 2023 17:12
|
|
|
MustardFacial posted:Vibe check this statement for me: It checks out.
|
|
#
¿
Feb 15, 2024 21:13
|
|
|
I feel seen. I jumped from railway-oriented industrial automation to being an OT network engineer at a metro transit authority in January 2022. Now I am basically the principal engineer responsible for four separate city-wide OT networks, and while I have a reasonably good grasp of how things work, and we're doing a pretty good job of designing and rolling out a new SPBm/fabric based consolidated OT network, the additional workload from also dealing with network security, particularly for the OT virtualization stack (because IT dropped the ball, those fuckers) is quickly proving to be too much. At least we're adding headcount, but it takes time to get people up to speed.
|
|
#
¿
Mar 19, 2024 18:32
|
|
|
We infosec'ed so hard that a redundant pair of PA firewalls that all traffic in the environment has to pass through failed in an odd way and took down everything for an hour because it didn't fail over as designed.
|
|
#
¿
Mar 27, 2024 00:50
|
|
|
Potato Salad posted:do you work in my NOC, we had a bad PA fw failover during updates mess us up for a good hour when everyone started filtering back from lunch No, I'm an OT network engineer at a metro transit authority  ... also on vacation! We also have a change freeze in place for Easter, so it was just normal operations... I'm looking forward to the post mortem.
|
|
#
¿
Mar 27, 2024 01:21
|
|
|
Testing out KASM as a poor man's PAW solution. For the whopping two hours I spent setting it up, it works well. Latency and performance is nowhere near citrix vdi though...
|
|
#
¿
Apr 11, 2024 22:57
|
|
|
|
| # ¿ May 11, 2024 17:15 |
|
|
Cannon_Fodder posted:Apparently Stuxnet 2 electric boogaloo is now being leveraged against Russian targets by Ukraine and called fuxnet Do you have a link to more info about this?
|
|
#
¿
Apr 17, 2024 10:16
|
|