What Are You Doing Right Now
-
Trying to get back into a switch after locking myself out with some erroneous vlan config. Hooked up to the console port now.
-
@Pete-S said in What Are You Doing Right Now:
Trying to get back into a switch after locking myself out with some erroneous vlan config. Hooked up to the console port now.
-
EASILY convinced a new client not to place a new server directly on a public IP with port 3389 open. I thought it was going to be a battle. Have them on board for a VPN.
-
@brandon220 said in What Are You Doing Right Now:
EASILY convinced a new client not to place a new server directly on a public IP with port 3389 open. I thought it was going to be a battle. Have them on board for a VPN.
Why complicate it? Or is this not something that really needs to be public?
-
@Pete-S said in What Are You Doing Right Now:
Trying to get back into a switch after locking myself out with some erroneous vlan config. Hooked up to the console port now.
Whoops
-
@JaredBusch I honestly assumed that it was no longer a good idea in terms of security. I have done it before with a NAT mapping and it worked fine. What is your view on this?
-
@brandon220 said in What Are You Doing Right Now:
@JaredBusch I honestly assumed that it was no longer a good idea in terms of security. I have done it before with a NAT mapping and it worked fine. What is your view on this?
We just had a thread on this last week about how RDP already is inside a VPN and the whole "need another VPN" thing is mostly just security theater based off of fake threats. Essentially all RDP risks come from having the port "too open" and leaving users exposed with really insecure passwords. No one every breaks into RDP, they always just guess the password. And if the VPN is secured the same, it's equally risky.
-
Here is a thread on RDP Security specifically.
https://mangolassi.it/topic/16698/the-myth-of-rdp-insecurity/
-
@scottalanmiller said in What Are You Doing Right Now:
@brandon220 said in What Are You Doing Right Now:
@JaredBusch I honestly assumed that it was no longer a good idea in terms of security. I have done it before with a NAT mapping and it worked fine. What is your view on this?
We just had a thread on this last week about how RDP already is inside a VPN and the whole "need another VPN" thing is mostly just security theater based off of fake threats. Essentially all RDP risks come from having the port "too open" and leaving users exposed with really insecure passwords. No one every breaks into RDP, they always just guess the password. And if the VPN is secured the same, it's equally risky.
Right, I have a client that had a locally hosted LOB application. The main office users used a normal thick desktop app. The branch office users used RDP. The RDP was over the interoffice VPN that was already in place. Then their remote users used RDP over public internet. But I used basic firewall rules on the router to only allow RDP from their known IP blocks (I did a lookup on their home ISP and allowed from those entire CIDR blocks. A risk, but a very small one.
Password policy was minimum of 14 characters.
-
@JaredBusch said in What Are You Doing Right Now:
@scottalanmiller said in What Are You Doing Right Now:
@brandon220 said in What Are You Doing Right Now:
@JaredBusch I honestly assumed that it was no longer a good idea in terms of security. I have done it before with a NAT mapping and it worked fine. What is your view on this?
We just had a thread on this last week about how RDP already is inside a VPN and the whole "need another VPN" thing is mostly just security theater based off of fake threats. Essentially all RDP risks come from having the port "too open" and leaving users exposed with really insecure passwords. No one every breaks into RDP, they always just guess the password. And if the VPN is secured the same, it's equally risky.
Right, I have a client that had a locally hosted LOB application. The main office users used a normal thick desktop app. The branch office users used RDP. The RDP was over the interoffice VPN that was already in place. Then their remote users used RDP over public internet. But I used basic firewall rules on the router to only allow RDP from their known IP blocks (I did a lookup on their home ISP and allowed from those entire CIDR blocks. A risk, but a very small one.
Password policy was minimum of 14 characters.
And you can add extra controls like two factor authentication or brute force attack mitigation as well, if you feel the need.
-
@JaredBusch said in What Are You Doing Right Now:
On the phone with a Mitel tech trying to make it talk over the SIP trunk we have setup.
what's different from the setup I got working?
-
@Dashrender said in What Are You Doing Right Now:
@JaredBusch said in What Are You Doing Right Now:
On the phone with a Mitel tech trying to make it talk over the SIP trunk we have setup.
what's different from the setup I got working?
Yours works?
jajaja
-
@scottalanmiller said in What Are You Doing Right Now:
@Dashrender said in What Are You Doing Right Now:
@JaredBusch said in What Are You Doing Right Now:
On the phone with a Mitel tech trying to make it talk over the SIP trunk we have setup.
what's different from the setup I got working?
Yours works?
jajaja
You're a funny guy.
-
Halfway through Coffee Number 4, And water number 2.
Debating on what's for lunch... -
@WrCombs said in What Are You Doing Right Now:
Halfway through Coffee Number 4, And water number 2.
Debating on what's for lunch...Probably a bathroom break, lol.
-
@scottalanmiller said in What Are You Doing Right Now:
@WrCombs said in What Are You Doing Right Now:
Halfway through Coffee Number 4, And water number 2.
Debating on what's for lunch...Probably a bathroom break, lol.
I've had a few... LOL
-
@Dashrender said in What Are You Doing Right Now:
@JaredBusch said in What Are You Doing Right Now:
On the phone with a Mitel tech trying to make it talk over the SIP trunk we have setup.
what's different from the setup I got working?
Not a SIP trunk to the outside. THis is using a SIP trunk to interconnect a FreePBX install to a Mitel.
-
Kids are still asleep here!
-
@JaredBusch said in What Are You Doing Right Now:
@Dashrender said in What Are You Doing Right Now:
@JaredBusch said in What Are You Doing Right Now:
On the phone with a Mitel tech trying to make it talk over the SIP trunk we have setup.
what's different from the setup I got working?
Not a SIP trunk to the outside. THis is using a SIP trunk to interconnect a FreePBX install to a Mitel.
How is it coming?
-
As we migrate from 1:1 physical servers to Hyper-V (yay, me!), I should have known these 1U little bastards wouldn't go quietly. Had to swap both drives from 1 machine with a borked RAID card to another that has been idle. Luckily it only took 2 reboots to sort the foreign config, and the devs have been given a stern "hurry up and move that data" warning.