What Are You Doing Right Now
-
@EddieJennings said in What Are You Doing Right Now:
Down the rabbit hole I go. Further playing around with AD authentication and Dokuwiki, thanks to Wireshark, I found my test account's credentials being sent in the clear. Now I'm curious, and will see what the traffic looks like when a person logs onto a regular workstation.
Epic fail.
-
@NerdyDad No, epic win. I was curious to see how Dokuwiki was receiving group information, so I put Wireshark on to view the traffic and try to gain some insight. What I discovered was the aforementioned credentials-in-the-clear problem. Had I not been curious about something else, it would've probably taken me a while to realize this problem was happening.
-
@EddieJennings said in What Are You Doing Right Now:
@NerdyDad No, epic win. I was curious to see how Dokuwiki was receiving group information, so I put Wireshark on to view the traffic and try to gain some insight. What I discovered was the aforementioned credentials-in-the-clear problem. Had I not been curious about something else, it would've probably taken me a while to realize this problem was happening.
Win for you, fail for Dokuwiki for not properly setting up encryption before sending authentication credentials, such as SSL.
-
@NerdyDad said in What Are You Doing Right Now:
@EddieJennings said in What Are You Doing Right Now:
@NerdyDad No, epic win. I was curious to see how Dokuwiki was receiving group information, so I put Wireshark on to view the traffic and try to gain some insight. What I discovered was the aforementioned credentials-in-the-clear problem. Had I not been curious about something else, it would've probably taken me a while to realize this problem was happening.
Win for you, fail for Dokuwiki for not properly setting up encryption before sending authentication credentials, such as SSL.
Now that being said, I'm not using https right now. I think even if I did configure SSL, which would encrypt traffic from me to dokuwiki, traffic from dokuwiki to my domain controller would still be unencrypted.
-
@EddieJennings said in What Are You Doing Right Now:
@NerdyDad said in What Are You Doing Right Now:
@EddieJennings said in What Are You Doing Right Now:
@NerdyDad No, epic win. I was curious to see how Dokuwiki was receiving group information, so I put Wireshark on to view the traffic and try to gain some insight. What I discovered was the aforementioned credentials-in-the-clear problem. Had I not been curious about something else, it would've probably taken me a while to realize this problem was happening.
Win for you, fail for Dokuwiki for not properly setting up encryption before sending authentication credentials, such as SSL.
Now that being said, I'm not using https right now. I think even if I did configure SSL, which would encrypt traffic from me to dokuwiki, traffic from dokuwiki to my domain controller would still be unencrypted.
That is true. However, with Kerberos, it would be one more level of security instead of open creds. But lets look at the bigger picture here. We're inside of your network already. What is being kept on this wiki? How-to's? Not really that important. So probably don't need Kerberos security on a bunch of security manuals. If your users are using wireshark to try to get them into your wiki, then you either need to hire them into the IT dept or fire them. Your choice.
-
@NerdyDad said in What Are You Doing Right Now:
@EddieJennings said in What Are You Doing Right Now:
@NerdyDad said in What Are You Doing Right Now:
@EddieJennings said in What Are You Doing Right Now:
@NerdyDad No, epic win. I was curious to see how Dokuwiki was receiving group information, so I put Wireshark on to view the traffic and try to gain some insight. What I discovered was the aforementioned credentials-in-the-clear problem. Had I not been curious about something else, it would've probably taken me a while to realize this problem was happening.
Win for you, fail for Dokuwiki for not properly setting up encryption before sending authentication credentials, such as SSL.
Now that being said, I'm not using https right now. I think even if I did configure SSL, which would encrypt traffic from me to dokuwiki, traffic from dokuwiki to my domain controller would still be unencrypted.
That is true. However, with Kerberos, it would be one more level of security instead of open creds. But lets look at the bigger picture here. We're inside of your network already. What is being kept on this wiki? How-to's? Not really that important. So probably don't need Kerberos security on a bunch of security manuals. If your users are using wireshark to try to get them into your wiki, then you either need to hire them into the IT dept or fire them. Your choice.
Ha! Alas, most of my users (other than the IT folks themselves) who'd be using this probably don't know Wireshark exists. Stuff that in a bunch of text files on our IT share is going into the wiki, and I can control access to pages from within Dokuwiki, as I don't think the average sales person needs to the see a document of "How to configure the web server."
At this point, my quest is more of curiosity and learning of what traffic is visible when folks authenticate on their workstations against AD.
-
I really could spent all day going through a Wireshark capture and not become bored, but in 10 minutes, my office day ends, and I go teach a percussion lesson.
-
@EddieJennings make sure you are using ldaps and not straight ldap. This doesn't sound like a failure of the application just not using the correct authentication mechanism.
-
@coliver said in What Are You Doing Right Now:
@EddieJennings make sure you are using ldaps and not straight ldap. This doesn't sound like a failure of the application just not using the correct authentication mechanism.
Yeah. I'll see what options I have.
-
Just not digging the new logo.
-
-
@scottalanmiller said in What Are You Doing Right Now:
@NerdyDad said in What Are You Doing Right Now:
Just not digging the new logo.
Whose?
SW
-
@NerdyDad said in What Are You Doing Right Now:
@scottalanmiller said in What Are You Doing Right Now:
@NerdyDad said in What Are You Doing Right Now:
Just not digging the new logo.
Whose?
SW
Oh. I really liked it.
-
@scottalanmiller said in What Are You Doing Right Now:
@NerdyDad said in What Are You Doing Right Now:
@scottalanmiller said in What Are You Doing Right Now:
@NerdyDad said in What Are You Doing Right Now:
Just not digging the new logo.
Whose?
SW
Oh. I really liked it.
Maybe it just needs to grow on me.
-
@NerdyDad said in What Are You Doing Right Now:
@scottalanmiller said in What Are You Doing Right Now:
@NerdyDad said in What Are You Doing Right Now:
@scottalanmiller said in What Are You Doing Right Now:
@NerdyDad said in What Are You Doing Right Now:
Just not digging the new logo.
Whose?
SW
Oh. I really liked it.
Maybe it just needs to grow on me.
I was ambivalent until they started putting it everywhere. Now the mosh duck is just annoying.
-
Watching a show while @scottalanmiller and the kids play Minecraft
-
Playing with Qubes OS. Have me an IT qube, a HAM qube, and working on a Kali qube. Unfortunately its all in debian instead of fedora. Oh well.
-
@NerdyDad said in What Are You Doing Right Now:
Playing with Qubes OS. Have me an IT qube, a HAM qube, and working on a Kali qube. Unfortunately its all in debian instead of fedora. Oh well.
Why not just use KVM?
-
@scottalanmiller said in What Are You Doing Right Now:
@NerdyDad said in What Are You Doing Right Now:
Playing with Qubes OS. Have me an IT qube, a HAM qube, and working on a Kali qube. Unfortunately its all in debian instead of fedora. Oh well.
Why not just use KVM?
I like the idea of segregation and security. Would it be possible to install KVM on a qube? That way I could potentially run CentOS and the other servers that I am wanting to explore.
Or is this going back to the idea "If you're going to learn enterprise-level server linux OS, might as well run it on enterprise-level hardware, such as vultr or something"?
-
@NerdyDad said in What Are You Doing Right Now:
@scottalanmiller said in What Are You Doing Right Now:
@NerdyDad said in What Are You Doing Right Now:
Playing with Qubes OS. Have me an IT qube, a HAM qube, and working on a Kali qube. Unfortunately its all in debian instead of fedora. Oh well.
Why not just use KVM?
I like the idea of segregation and security. Would it be possible to install KVM on a qube? That way I could potentially run CentOS and the other servers that I am wanting to explore.
Or is this going back to the idea "If you're going to learn enterprise-level server linux OS, might as well run it on enterprise-level hardware, such as vultr or something"?
That doesn't explain the why though. Why Qubes instead of KVM. And why would you want KVM on top? What is Qubes adding here?