@scottalanmiller said in Microsoft plans on retiring the MCSA,MCSD,MCSE certifications in June 30,2020:

@IRJ said in Microsoft plans on retiring the MCSA,MCSD,MCSE certifications in June 30,2020:

@scottalanmiller said in Microsoft plans on retiring the MCSA,MCSD,MCSE certifications in June 30,2020:

From the looks of it, Microsoft isn't seeing their career path as being very serious anymore. Replacing an MCSE with "learning Teams"? WTF

Everything is cloud on Microsoft's certification tracts now. You can't be Windows Server certified anymore
. It's been a phase out, that's been happening for a couple of years and is no surprise

Not a surprise. But doesn't change what a statement it is.

I don't know. I see windows server having an update strategy like Windows 10. We aren't expecting a Windows 11 anytime soon.

Plus Microsoft has been pushing for Linux really hard for a couple years now. Right around the time of phasing out of these certs.

They've been really SQL for Linux especially. Since SQL is a very profitable product line, this is interesting and shows that they believe linux is a better platform to run their database.

@stacksofplates said in Securing SSH:

@coliver said in Securing SSH:

@wirestyle22 said in Securing SSH:

@JaredBusch said in Securing SSH:

@hobbit666 said in Securing SSH:

@Dashrender To be honest that's my next step is now to make some keys for my laptop, and see how and where they go
but my guess is in the same authorized_keys file on a separate line

This is your friend.

ssh-copy-id -i ~/.ssh/id_ed25519.pub user@ip

if you only have a single public key you can simplify it to

ssh-copy-id user@ip

I specify because my desktop has a few different generated keys.

How does this fit into disaster recovery plans when you have many hundreds of ssh keys and a large IT team? If one person has 100 keys to various servers and their laptop dies, are you guys using a script to copy the keys per user? Also new user creation or deleting keys when someone leaves

There is also a way to do a trusted key broker. So you have a single CA that verifies your identity.

Right there's a few ways to do this. Key management through LDAP, SSH certs with a CA, rotating credentials with something like Vault, etc.

You can do this something like Okta ASA as well.

https://help.okta.com/en/prod/Content/Topics/Adv_Server_Access/docs/asa-overview.htm

It's been noted here a million times that the ones without the licensing are responsible. If someone tells you to rob a bank, and you rob a bank you can't say well this random dude told me to do it.

Make an AD group called workstation_admins and add that group to local administrators account on each desktop. This group does not need any AD rights and nobody's account should be in there except for IT admin accounts. Even those IT admin accounts should not be used on local desktops to login on a regular basis. Only when elevation is actually needed, and even then you should use run as.

I have this same exact model Dell XPS 2018 13inch . I use an after market charger. I use a 60W charger, but you can use 45W as well. They are cheap and universal as @gjacobse . You will have you pick of thousands on amazon.

For reference (since I have the same model)

Here is the charger I bought. (I guess it is 65W not 60W):
https://www.amazon.com/gp/product/B07F1MJ24L

I am also using this dock at home in addition to USB 3.0 hub:
https://www.amazon.com/RDII-Ethernet-Charging-Matebook-Chromebook/dp/B07VT3NDGG

I use this dock at work, and I do not like it! I must remove and reinsert USB devices on it every time I plug it in. It also can be finicky with the display:
https://www.amazon.com/Anker-Adapter-Ethernet-MacBook-ChromeBook/dp/B071G83L1J

@Pete-S said in RDP to RDP to RDP?:

Is there a smarter way to connect through several RDP sessions instead of doing each one manually?

So if you want to go:
host1 -> host2 -> host3

Is there a way to do this in one step instead of first connecting to host1 then from there start a connection to host2 and then from there start a connection to host3?

Why can't you just connect to host 3?

I am assuming host 1 is a public IP and host2 and host3 are internal?

Event: Kr00k Wi-Fi Encryption Vulnerability Affects Over a Billion Devices

Summary:

This Kr00k vulnerability, assigned to CVE-2019-15126, triggers vulnerable Wi-Fi devices to use an all-zero encryption key to encrypt part of the user's communication. In a successful exploit, this vulnerability allows an adversary to decrypt wireless network packets transmitted by a vulnerable device. Prior to patching, affected devices totaled well over a billion endpoints, including mobile devices, laptops, computers and Wi-Fi routers. Several manufacturers have released patches for Kr00k.

Analysis:

As data packets are transferred over Wi-Fi, these packets are encrypted using a unique key via a 4-way handshake. During the 4-way handshake, the client and wireless access points are generating and installing cryptographic keys. The relevant component to the Kr00k vulnerability is the 128-bit Temporal Key (TK), which is used to encrypt data frames transmitted during the specific client-AP session.

Disconnection in Wi-Fi networks is a common phenomenon that occurs on a constant basis due to a weak internet signal and frequency interference. While disconnecting, the session-specific TK value is cleared from memory and is subsequently set to an all zero value. However, and accidentally, all data frames that were left in the vulnerable network chip’s buffer are transmitted after being encrypted with this all-zero Temporal Key.

Malicious actors can exploit this weak encryption offload by manually triggering disassociations and intercepting the remaining packets on the network chip.

Revealed at the RSA 2020 Conference in February, Kr00k impacts devices with Broadcom and Cypress Wi-Fi chips using both WPA2-Personal and WPA2-Enterprise protocols, along with AES-CCMP encryption.

ESET, the discoverer of the security issue, privately and responsibly disclosed the exploit to the respective manufacturers and companies utilizing the vulnerable Wi-Fi chipsets in the Fall of 2019.

While the vulnerability affects the disassociation procedure of the implanted chip, it can be mitigated through software or firmware updates.

Several manufacturers and companies have released security advisories regarding Kr00k in the last four months, which are listed below:

· Aruba Networks

· Huawei

· Sonicwall

· Apple iOS & IPadOS

· Apple macOS (Catalina, Mojave, & High Sierra)

· Cisco

· Mist

ESET Lab-Tested Affected Devices & Access Points (Not Limited To):

Below is a list of devices confirmed by ESET Labs that revert the Temporal Key to the all-zero value for packet interception and encryption. While this is not a complete list, the list should give system administrators/managers an idea about the type of devices susceptible to the attack.

· Amazon Echo 2nd gen

· Amazon Kindle 8th gen

· Apple iPad Mini 2

· Apple iPhone 6, 6S, 8, XR

· Apple MacBook Air Retina 13-inch 2018

· Google Nexus 5, 6 , 6P

· Raspberry Pi 3

· Samsung Galaxy S4 GT-I9505

· Samsung Galaxy S8

· Xiaomi Redmi 3S

· Asus RT-N12

· Huawei B612S-25d

· Huawei EchoLife HG8245H

· Huawei E5577Cs-321

Recommended Actions:

Health-ISAC recommends immediate patches of affected devices utilizing Cypress and Broadcom chips by keeping software and firmware in their latest version.

Health-ISAC additionally recommends initiating updates on wireless access points that require manual activation. While this may result in a temporary loss of service, the prevention of packet interception will result in a significantly more secure environment for all users.

References:

CVE-2019-15126 National Vulnerability Database
https://nvd.nist.gov/vuln/detail/CVE-2019-15126
ESET: KR00K - CVE-2019-15126 Serious Vulnerability Deep Inside Your Wi-Fi Encryption
https://www.welivesecurity.com/wp-content/uploads/2020/02/ESET_Kr00k.pdf
RSA Conference: Kr00k: How KRACKing Amazon Echo Exposed a Billion+ Vulnerable WiFi Devices
https://www.rsaconference.com/usa/agenda/kr00k-how-kracking-amazon-echo-exposed-a-billion-vulnerable-wifi-devices
Bleeping Computer: Kr00k Bug in Broadcom, Cypress WiFi Chips Leaks Sensitive Info
https://www.bleepingcomputer.com/news/security/kr00k-bug-in-broadcom-cypress-wifi-chips-leaks-sensitive-info/

My daily driver is having issues every hour or me where I need to restart network-manager and gnome-shell . Should I wipe the system completely? or Do you think I can somehow solve this instability.

@black3dynamite said in Ubuntu 18.04 Gnome - unstable asf:

@IRJ Has this always been an issue from day one?

Nope. and yes @dbeato I have to use LTS as there are some things not supported on 19.10.

I havent had any issues since reinstalling gnome which I should have done earlier. It's been an issue the past month or two on a daily basis, but has gotten worse. Hopefully a reinstall fixed it. We shall see.

Posted On: Apr 1, 2020

Starting today, Amazon Elastic File System (Amazon EFS) General Purpose mode file systems support up to 35,000 read operations per second, a 400% increase from the previous limit of 7,000. Maximum write operations are unchanged at 7,000 per second.

General Purpose mode (GP mode) is the default performance mode for Amazon EFS. It offers the lowest per-operation latency and is the recommended choice for most applications. Amazon EFS also offers the Max I/O performance mode which can scale to higher levels of aggregate throughput and supports over 500,000 operations per second with slightly higher metadata latencies than GP mode.

Full Text here

I use Bitwarden's generator and just save my passwords. I dont really care about readability

@WLS-ITGuy said in Zoom meeting access::

@scottalanmiller said in Zoom meeting access::

@WLS-ITGuy said in Zoom meeting access::

Not to mention get them trained on it while still using zoom until they're comfortable.

that professors need training on how to use basic tools like this... it's unthinkable.

1/3 of the profs here are in their early 60's so technology isn't as easy for them. Making the changes in a zoom account to require a password, change settings, etc isn't as easy for them.

These are not the people we need teaching our children if they cannot figure out how to operate a zoom call. How can we expect them to teach our kids anything of value if they cannot do simple tech tasks? School is supposed to prepare kids for the real world (which last time I checked, has a ton of technology).

1.) No

2.) Why would you want separate virtualization platforms on the same subnet, anyway? Managing traffic by subnet is MUCH easier than trying to manage it by host. Flat networks are frowned upon these days because they are much more difficult to manage traffic.

What is the data? Is it basically just a dump from a file server?

You could also restore in the cloud, if restoring fast is important to you. In the event of a disaster, you could provision an ec2 server and get extremely fast speed to S3.

You don't have to run this sever all the time, you script and only build it when you need it. So if a server costs you $150 a month to run in the cloud you may only need to run it for 3 days at $5 a day. Certainly worth the convince to the company.

There's some effort scripting it, but you can do most of the scripting locally. AWS has Cloudformation for scripting the actual infrastructure part, and it's pretty easy once you do it.

@Pete-S said in What's the status on DMARC?:

DMARC records for email in 2020...
Is it:

1. a must have
2. nice to have, can't hurt
3. don't bother
4. absolutely not!

Either one or two. If you can it's highly recommended.

@notverypunny said in SAS to USB:

I've got a bunch of 2.5" drives that we pulled when swapping SSDs into a few servers. We're using them as spares to replace dead drives in other machines for which they're compatible but they have to be cleared / blanked before being used as replacements in order for the RAID controller to properly accept the drive and rebuild.

Why would you use old drives as replacements? Hard drives are cheap and data is expensive. Spend the money on new drives for swapping.

A couple weeks ago, I posted a thread about intermittent issues I was having on Ubuntu 18.04. Since RC came out yesterday, I decide to upgrade to the Beta a few days before as I figured Beta issues were mostly ironed out by now.

On my Ubuntu 18.04 host I began the update process via CLI which download 2G or so and began to run. Near the end of the upgrade my screen went gray and was unresponsive. I waited in this state for approximately an hour, before forcibly rebooting the system. After the reboot, the system did not come, I would just get a gray screen after unlocking the disk.

So off to my other Ubuntu 18.04 laptop to create a 20.04 Live USB. I was able to unlock the drive and copy my files using Live OS. I only needed to grab a few things because I do everything on Office Online.

I grabbed

• User configurations /home/user/.config (mainly for /home/user/chromium/default/Bookmarks)

• Network and VPN connections (very convenient) /etc/NetworkManager/system-connections/

• SSH keys /home/user/.ssh

• Some other things here or there

Clean install went great. I wiped the disk and most of the little nagging issues I had are gone. I have had wireless die on my twice in 4 days. This was fixed my restarting network-manager

Ubuntu 20.04 seems to be an awesome OS. I wish the upgrade would have worked, but I really needed a clean install anyway.

@black3dynamite said in Ubuntu 20.04 Upgrade / Usage Experience:

@IRJ Did you choose a normal or minimal installation?

Normal because I'm lazy