ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login
    1. Topics
    2. Carnival Boy
    3. Posts
    C
    • Profile
    • Following 1
    • Followers 4
    • Topics 101
    • Posts 2,994
    • Groups 0

    Posts

    Recent Best Controversial
    • RE: Burned by Eschewing Best Practices

      I would imagine so, yes.

      posted in IT Discussion
      C
      Carnival Boy
    • RE: Burned by Eschewing Best Practices

      I can see why you woudn't want to bundle different services together into one contract. But that's not the same thing as having the same provider for different, independent services.

      posted in IT Discussion
      C
      Carnival Boy
    • RE: Burned by Eschewing Best Practices

      Why would it affect the other? They're separate services, that just happened to be with the same provider.

      posted in IT Discussion
      C
      Carnival Boy
    • RE: Burned by Eschewing Best Practices

      @dafyre said in Burned by Eschewing Best Practices:

      Is BT also your internet provider?

      Yes. Leased line provider / internet provider is the same thing, right?

      posted in IT Discussion
      C
      Carnival Boy
    • RE: Burned by Eschewing Best Practices

      @Dashrender said in Burned by Eschewing Best Practices:

      I wonder what the difference between your SIP contract and your Phonecalls contract is? For most people it's one in the same.

      It may well be.

      posted in IT Discussion
      C
      Carnival Boy
    • RE: Burned by Eschewing Best Practices

      @Dashrender said in Burned by Eschewing Best Practices:

      I'd really call these Scott Allan Miller rules - though there is credibility there.

      That could explain why I haven't heard it before πŸ™‚

      I've found and read the thread, but don't really get it. But phone systems aren't my area. I don't even know exactly what he means by "phone system". We have contract with BT for a leased line, and we have another contract with BT for SIP trunks, and we have another contract with BT for phonecalls (if that's the right term). The first two contracts are not related, and as far as I'm aware, there is nothing to stop us from dropping one contract but keeping the other. The phonecalls are related to the SIP trunks, as all our calls are free based on us renting the SIP trunks.

      Obviously telecoms various work differently in different countries, so maybe there isn't a standard rule?

      posted in IT Discussion
      C
      Carnival Boy
    • RE: Burned by Eschewing Best Practices

      @scottalanmiller said in Burned by Eschewing Best Practices:

      Violated the "First Rule of VoIP"... he went to his ISP for his SIP trunk. Big time burned

      I've never heard of this rule. I've had the same ISP and SIP trunk provider for the last few years (BT). Can you expand, please?

      posted in IT Discussion
      C
      Carnival Boy
    • RE: Best MDM for SMB

      Udate: I'm sticking with Meraki for at least another year. But I'm only using it for iPhones and iPads to keep cost down. I'll not be using it to manage our Windows laptops anymore.

      posted in IT Discussion
      C
      Carnival Boy
    • RE: Best MDM for SMB

      There you go, @DustinB3403 , that's two people you now know who have used it. πŸ™‚

      posted in IT Discussion
      C
      Carnival Boy
    • RE: Best MDM for SMB

      Anyone use Microsoft's free offering? I used to use Intune, but never got on with it.

      posted in IT Discussion
      C
      Carnival Boy
    • RE: Best MDM for SMB

      Only free for less than 25 devices. Otherwise it's $1845 for up to 100.

      Not cheap, but cheaper than Meraki (I now have pricing and it's a bit eye watering), and considerably cheaper than MaaS360.

      posted in IT Discussion
      C
      Carnival Boy
    • RE: Best MDM for SMB

      Indeed. I was expecting to be grandfathered in, but it turns out that I originally created my Meraki account via one of those free APs they send out and so they actually gave me a free 3 year enterprise licence, which has now expired. I never even used the AP, which is annoying.

      That said, I'm surprised you haven't got any notification, since I get:
      "You are using the legacy version of Systems Manager. Many features are unavailable in the legacy version of Systems Manager. Purchase a license for access to the new features and for access to 24/7 phone & email support."

      So even if I was grandfathered in, it would likely only be a temporary relief, since I expect the free version to become outdated pretty quickly.

      posted in IT Discussion
      C
      Carnival Boy
    • RE: Best MDM for SMB

      Not a lot. For Apple devices I think it's just:

      1. require a pin.
      2. remote unlock.
      3. remote wipe.
      4. remote install e-mail profile.
      5. display general info (ie use it as an asset register)

      For laptops, I don't really need any features at all. It's mostly just for an asset register.

      posted in IT Discussion
      C
      Carnival Boy
    • Best MDM for SMB

      Meraki is no longer free :(, so I'm looking at other, paid alternatives. To manage around 60 iPhones & iPads, and ideally around 30 laptops. Suggestions, please? I know there are a few Meraki SM users on ML. I'm happy to stick with Meraki but I haven't got any pricing yet.

      posted in IT Discussion
      C
      Carnival Boy
    • RE: Installing VPN access on Windows Server 2016

      So what do Microsoft mean when they say:

      1.We do not require traffic to be authenticated prior to hitting services in front of Exchange Online.
      2.We do not do any form of pre-authentication of services in front of our corporate, on-premises messaging deployments either.
      We don’t use TMG to protect ourselves any more.

      I'm not sure what I'm missing here. Do they run reverse proxies? What does a reverse proxy protect against, if it isn't doing pre-authentication?

      posted in Starwind
      C
      Carnival Boy
    • RE: Installing VPN access on Windows Server 2016

      @scottalanmiller said in Installing VPN access on Windows Server 2016:

      you felt that because threats were "old" (2004 is recent in security terms) that they didn't warrant immediate concern today because you perceived them as old.

      No I didn't.

      posted in Starwind
      C
      Carnival Boy
    • RE: Installing VPN access on Windows Server 2016

      @Dashrender said in Installing VPN access on Windows Server 2016:

      Exactly.

      My question, which I thought was a simple one, was that have Microsoft products been hardened sufficiently in recent years to a point where best practice in 2004 isn't the same as best practice in 2017. It seems on ML (tough crowd), merely asking the question implies I'm stupid ("do you believe that the entire concept of hacking has been solved and doesn't exist today?").

      I found this blog post by Microsoft interesting and it's kind of where I was coming from
      https://blogs.technet.microsoft.com/exchange/2013/07/17/life-in-a-post-tmg-world-is-it-as-scary-as-you-think/
      eg "We made a lot of progress over those ten years since then. We delivered on the goal that the security of the application can be better managed inside the OS and the application rather than at the network layer."

      I was just asking the question because I though it might have some merit. Sorry I asked and I'll leave it now....

      posted in Starwind
      C
      Carnival Boy
    • RE: Installing VPN access on Windows Server 2016

      @Dashrender said in Installing VPN access on Windows Server 2016:

      @Carnival-Boy said in Installing VPN access on Windows Server 2016:

      @scottalanmiller said in Installing VPN access on Windows Server 2016:

      Or do you believe that the entire concept of hacking has been solved and doesn't exist today?

      Oh, just forget it.

      There's nothing to forget.

      If you want security in depth, you need not only the security provided in Exchange, you also put a SMTP proxy in front to get another layer.

      The same goes for normal port 80/443 stuff. The default settings of Exchange's implementation on IIS is by some considered lax. Install a much more locked down HTML proxy in front of it that prevents specific commands not needed by Exchange, plus a web server that has different flaws than Exchange IIS has, and you've again created a defense in depth.

      You shouldn't just add layers of security just for the sake of it. You're adding complexity. You need to understand the risks, and the probabilities of a compromise, so your additional layers are justified.

      And risks change over time. Scott saying because something was risky in 2004 ergo it will be equally risky forever is just nonsense.

      I'm not saying you don't understand the risks, btw, I'm just trying to understand what they are. As an SMB we have limited funds so need to prioritise our security investments, and how we prioritised in 2004 won't be the same as in 2017.

      Anyway, Exchange was just an example, its Windows VPN that is really what drew me to this thread.

      posted in Starwind
      C
      Carnival Boy
    • RE: Installing VPN access on Windows Server 2016

      @scottalanmiller said in Installing VPN access on Windows Server 2016:

      Or do you believe that the entire concept of hacking has been solved and doesn't exist today?

      Oh, just forget it.

      posted in Starwind
      C
      Carnival Boy
    • RE: Installing VPN access on Windows Server 2016

      I need an example that's not from 2004!

      posted in Starwind
      C
      Carnival Boy
    • 1
    • 2
    • 10
    • 11
    • 12
    • 13
    • 14
    • 149
    • 150
    • 12 / 150