@IRJ said in I am thinking about getting into Security:

I heard on the grapevine that their might be a new position soon where I am working for a IT security person. I am unsure of the exact job title, but the job function will basically be trying to hack our own network then send a report to the IT team.

The position will entail penetration scanning, testing, and looking for any possible vulnerabilities on the network. I am told the position will not be in the IT department since it is trying to break into what IT is actually doing.

I have recently been tasked with doing scanning and testing. I am still a rookie, but I am learning fast. So far I have been able to fix a few holes in our network. My boss has given me the Go Ahead to attend 5 days of training with ECC Council. This is the training that I will be taking. https://iclass.eccouncil.org/?p=719

How would you feel about stepping into a new role like this when you're whole career has been based on Windows Server Administration?

A lot, almost all, of the pen testing tools are *nix based and are setup through the command line. So one of the big things you'll need to learn is working in and around a Linux environment and the tools that go along with it. Downloading Kali Linux and getting a testing environment up and running could go a long way.

The other thing, and I think it is vastly understated, is how important social engineering is to a successful attack. Learning some of the common social engineering methods and understanding how people think is huge when pen testing.

Relevant.

So... what are the requirements, fees, etc?

@Dashrender said in No exception of privacy on computers...:

@scottalanmiller said in No exception of privacy on computers...:

@stacksofplates said in No exception of privacy on computers...:

This, he posits, is because we all voluntarily give up our IP addresses to third parties everyday, such as internet service providers.

Umm that's not how that works.

Like you know, how we give out the address of our house.

I know - I couldn't believe that the judge felt that exfiltrating the username of a computer was the same as getting the IP address - what world does he live in?

America... where you don't need to understand technology to legislate or rule against it.

@BBigford said in SMB resources on the move:

• Do they need central email? If they don't need central email like Exchange, but want their email to appear like a business email, with their domain. Whoever is hosting their domain, usually provides email services at an extra cost.

Zoho provides free email with a custom domain for up to 10 users. Anything more then that and Exchange Online is the way to go.

@travisdh1 said in What Are You Doing Right Now:

@MattSpeller said in What Are You Doing Right Now:

@scottalanmiller said in What Are You Doing Right Now:

@MattSpeller said in What Are You Doing Right Now:

Stoked to head out early today and get my long weekend rolling. Hope "y'all" have a good one too on Monday

Wow, super long weekend.

I wish

I figured most of you would be shooting guns, getting drunk and BBQ'ing on Monday so best wishes in advance from a cheeky Canadian

Despite what everyone is always claiming, very few people actually celebrate by wildly shooting guns. I may take a 50 pack to the range during the day, but that's just because I need to keep in practice. Part of that whole being responsible for the things you own thing.

They let you drink on the range in such quantity?

@garak0410 said in Most Workstations Don't Ping But Are Connected - Some Network Apps Are Locking Up:

Users already reporting lockups in that one program which extensively writes to a network share. These problems have only occurred since removing Symantec Endpoint from our servers when we migrated to WebRoot. I did not load WebRoot (as of yet) on servers.

Symantec! Oh that's not good it has been known for destroying workstations when it is removed.

I enjoyed this more then I probably should.

I think the answer is yes to all of these questions. Cisco does use a proprietary VPN for the client connections but, if I remember correctly, their site-to-site stuff is using IPSEC or L2TP.

Haha. The last panel.

It depends on your location. You can check with your local code enforcer, if they are competent. Around here as long as the cable is plenum rated it doesn't need to be in a conduit, although I would generally put it in one so I can easily add more cables if need be.

@MattSpeller said in What Are You Doing Right Now:

@scottalanmiller said in What Are You Doing Right Now:

A giant iced coffee has suddenly appeared.

Holy shit Scott!! Look out behind you!!!!!!!!

steals iced coffee

It wasn't very effective.

This seems like the use case Ryzen was developed for. Haven't worked with them in a while but at the last place I worked the AMD pro cards were better then the Nvidia pro cards.

@DustinB3403 said in The Other Side is not dumb:

The issue comes from the mindset of no child left behind, college is the "dream" a better life by being educated.

People confuse education at college, and education from the workforce.

You can get a great education by working at an electricians for example, and become a licensed electrician in only 2 years, while getting paid to be there the entire time.

In college, you pay to be there, are forced to study things which likely have no real world bearing on your future career and are often saying "WTF am I doing here this is STUPID"

Yes aren't motivated to go find a job.

I'd argue that those other things have a lot more value then the actual career training you get from college. An intermediate economics and psychology course can go a long way. If you want to be formally educated for education sake then those courses are fantastic. College is good for that but not good for career advancement and expertise, unless it is a requirement for those careers.

@BBigford said in "You don't just restore a server":

@coliver said in "You don't just restore a server":

Is person the boss? Or a coworker?

Without airing dirty laundry... I'll just say they are in a technical, non-managerial role.

Then I would explain that restoring from backup is the least costly and most effective means of ensuring that the server is clean when you are done. Sanitizing and decryption leave you with a dirty server that you can't trust.

There is a significant difference between being secure and being lazy.

@thwr said in Weekend Plans:

@RojoLoco said in Weekend Plans:

@thwr said in Weekend Plans:

Weekend plans... Meeting a friend and his family on Friday at some party, birthday BBQ with friends on Saturday, BBQ at my parents place. Another carnivore weekend, so much for trying to not eat meat. BTW: The party on friday probably includes a BBQ...

Why would you try to not eat meat??? Are you some kind of hippie or something?

Me? A hippie? No, we just had so much meat in the past. And really, BBQ on three days in a row is a bit hard

Haha... that's basically what our family reunion is. Three days of meat, alcohol, cards, and lawn games.

@scottalanmiller said in Free SharePoint?:

@coliver said in Free SharePoint?:

@scottalanmiller said in Free SharePoint?:

@coliver said in Free SharePoint?:

Sharepoint Foundation 2013 was the last "free" version of Sharepoint. Although it had some major limitations associated with it. You can still download it here.

https://www.microsoft.com/en-us/download/details.aspx?id=42039

The free versions always did. Did they get worse?

Nope still the same stringent limitations just wanted to make mention of it.

LOL, okay. Is there a user limit? I don't think that there ever was.

No, no user limits. But there a limits on pretty much every feature of Sharepoint. Even searching gets hit.

@mlnews said in Non-IT News Thread:

http://www.wcvb.com/national/teacher-shows-up-drunk-pantless-to-1st-day-of-school/27352322

USA! USA! USA!

Rocket.chat or MatterMost both can integrate with AD.

Gene Wilder as The Doctor... one can dream.