What Are You Doing Right Now

dbeato

@dafyre said in What Are You Doing Right Now:

@dbeato said in What Are You Doing Right Now:

Working from home today

Snow day?

yes, it hasn't started but all kids are home.

DustinB3403

@dbeato said in What Are You Doing Right Now:

yes, it hasn't started but all kids are home.

When I was a kid we didn't get snow days unless there was a snowmageddon! And that was because our parents would drive us.

dbeato

@DustinB3403 said in What Are You Doing Right Now:

@dbeato said in What Are You Doing Right Now:

yes, it hasn't started but all kids are home.

When I was a kid we didn't get snow days unless there was a snowmageddon! And that was because our parents would drive us.

I still drive my kids to school, but there is no point when the schools are closed

WrCombs

@DustinB3403 said in What Are You Doing Right Now:

@dbeato said in What Are You Doing Right Now:

yes, it hasn't started but all kids are home.

When I was a kid we didn't get snow days unless there was a snowmageddon! And that was because our parents would drive us.

Well when you were a kid - to when I was a kid -to kids these days.
A lot has changed.

JaredBusch

Heading downtown to work on the migration some more.

I will be posting Later on how to pull shit out of a dual plan export 100% garunteed.

DustinB3403

Swapped a user back to their daily driver, have another user I'm waiting to come and collect a loaner. Have performed server updates and restarts.

Coffee, breakfast - done
User issues - continuing
Headache - gone

So far it's been a productive day.

JaredBusch

On the phone with a Mitel tech trying to make it talk over the SIP trunk we have setup.

1337

Trying to get back into a switch after locking myself out with some erroneous vlan config. Hooked up to the console port now.

JaredBusch

@Pete-S said in What Are You Doing Right Now:

Trying to get back into a switch after locking myself out with some erroneous vlan config. Hooked up to the console port now.

brandon220

EASILY convinced a new client not to place a new server directly on a public IP with port 3389 open. I thought it was going to be a battle. Have them on board for a VPN.

JaredBusch

@brandon220 said in What Are You Doing Right Now:

EASILY convinced a new client not to place a new server directly on a public IP with port 3389 open. I thought it was going to be a battle. Have them on board for a VPN.

Why complicate it? Or is this not something that really needs to be public?

scottalanmiller

@Pete-S said in What Are You Doing Right Now:

Trying to get back into a switch after locking myself out with some erroneous vlan config. Hooked up to the console port now.

Whoops

brandon220

@JaredBusch I honestly assumed that it was no longer a good idea in terms of security. I have done it before with a NAT mapping and it worked fine. What is your view on this?

scottalanmiller

@brandon220 said in What Are You Doing Right Now:

@JaredBusch I honestly assumed that it was no longer a good idea in terms of security. I have done it before with a NAT mapping and it worked fine. What is your view on this?

We just had a thread on this last week about how RDP already is inside a VPN and the whole "need another VPN" thing is mostly just security theater based off of fake threats. Essentially all RDP risks come from having the port "too open" and leaving users exposed with really insecure passwords. No one every breaks into RDP, they always just guess the password. And if the VPN is secured the same, it's equally risky.

scottalanmiller

Here is a thread on RDP Security specifically.

https://mangolassi.it/topic/16698/the-myth-of-rdp-insecurity/

JaredBusch

@scottalanmiller said in What Are You Doing Right Now:

@brandon220 said in What Are You Doing Right Now:

@JaredBusch I honestly assumed that it was no longer a good idea in terms of security. I have done it before with a NAT mapping and it worked fine. What is your view on this?

We just had a thread on this last week about how RDP already is inside a VPN and the whole "need another VPN" thing is mostly just security theater based off of fake threats. Essentially all RDP risks come from having the port "too open" and leaving users exposed with really insecure passwords. No one every breaks into RDP, they always just guess the password. And if the VPN is secured the same, it's equally risky.

Right, I have a client that had a locally hosted LOB application. The main office users used a normal thick desktop app. The branch office users used RDP. The RDP was over the interoffice VPN that was already in place. Then their remote users used RDP over public internet. But I used basic firewall rules on the router to only allow RDP from their known IP blocks (I did a lookup on their home ISP and allowed from those entire CIDR blocks. A risk, but a very small one.

Password policy was minimum of 14 characters.

scottalanmiller

@JaredBusch said in What Are You Doing Right Now:

@scottalanmiller said in What Are You Doing Right Now:

@brandon220 said in What Are You Doing Right Now:

@JaredBusch I honestly assumed that it was no longer a good idea in terms of security. I have done it before with a NAT mapping and it worked fine. What is your view on this?

We just had a thread on this last week about how RDP already is inside a VPN and the whole "need another VPN" thing is mostly just security theater based off of fake threats. Essentially all RDP risks come from having the port "too open" and leaving users exposed with really insecure passwords. No one every breaks into RDP, they always just guess the password. And if the VPN is secured the same, it's equally risky.

Right, I have a client that had a locally hosted LOB application. The main office users used a normal thick desktop app. The branch office users used RDP. The RDP was over the interoffice VPN that was already in place. Then their remote users used RDP over public internet. But I used basic firewall rules on the router to only allow RDP from their known IP blocks (I did a lookup on their home ISP and allowed from those entire CIDR blocks. A risk, but a very small one.

Password policy was minimum of 14 characters.

And you can add extra controls like two factor authentication or brute force attack mitigation as well, if you feel the need.

Dashrender

@JaredBusch said in What Are You Doing Right Now:

On the phone with a Mitel tech trying to make it talk over the SIP trunk we have setup.

what's different from the setup I got working?

scottalanmiller

@Dashrender said in What Are You Doing Right Now:

@JaredBusch said in What Are You Doing Right Now:

On the phone with a Mitel tech trying to make it talk over the SIP trunk we have setup.

what's different from the setup I got working?

Yours works?

jajaja

Dashrender

@scottalanmiller said in What Are You Doing Right Now:

@Dashrender said in What Are You Doing Right Now:

@JaredBusch said in What Are You Doing Right Now:

On the phone with a Mitel tech trying to make it talk over the SIP trunk we have setup.

what's different from the setup I got working?

Yours works?

jajaja

You're a funny guy.