I can see RSTP is enabled on the stack. I presume this should mean I can connect stack member B to the firewall and the stack will put that in to a sort of disabled state, and will use should the link in switch A fail?

@tim_g said in Virtual Firewall:

@scottalanmiller said in Virtual Firewall:

Why two firewalls?

DMZ --> Perimeter Network --> LAN?

That's how it used to be. The DMZ meant the area between the firewalls.

@jimmy9008 said in Office 365/Read Receipt/iPhone:

e rule is still in place, but read receipts are now automatically being sent by the iPhone as emails are opened. Previously, it

I too use the Outlook app - it's very usable. I definitely like it better than the all the separate apps with icons all over the place!
The biggest pain is contacts syncing into the phone contact list - but no painful enough for me to solve it yet.

@jimmy9008 said in Ubuntu/shred?:

@gjacobse said in Ubuntu/shred?:

Nothing wrong with doing a multi pass as well... I have heard of people going so far as to create a 'dumb text' file of junk text and copying it to fill the drive, then doing the DBAN. Also - if it is a physical ARRAY - by killing it, you add another layer of obscurity...

I generally have just pulled drives and kept them. They are cheap and easy enough to replace, and can be found new, refurb or used...

We're donating with the drives, so will be wiping them to a reasonable standard.
Just trying to find out id one pass of 0's is actually a reasonable standard....

No it's not. DoD wiping is done with 7 passes. This is a very old standard and has been around a long time.

You need to test with raw equipment on each end of the line, not things going to the outside world. But leased lines have a line speed, there's really no need to test. Since there is nothing shared, you know you are getting the speed.

@jaredbusch said in Disk2VHD/SQLServer:

@dashrender said in Disk2VHD/SQLServer:

It seems weird to me that the driver would have anything to do with it, but I do agree that the Network Profile is like different - i.e. The server thinks it's on a public network now instead of a domain or private network, so the firewall settings changed to match the new network profile.

Why would this be weird? Every time you change the network card you get new adapters. That is how windows has always worked.

What's weird is (was) that simply a new NIC would cause this issue. That's all I was saying. If the new NIC came up on the Domain Network Profile, you would assume all would stay the same. It's not weird that a new NIC would come up on a different Network Profile, i.e. prehaps it didn't detect the network link correctly - I've seen this many times.

This is standard We had (ugh) Windstream fiber in our Greensboro, NC office delivered by AT&T. Was a 24 port switch with a fiber conected on port 24 and we used port 1 for our handoff. They wall mounted it so it wasn't a big deal

My wife has one and really likes it. She had an Apple Watch for a day, replaced it once and returned replacement promptly. Battery wouldn't last as advertised and fitness tracker was way inaccurate, showing something like 200kcal burned during entire day. No such issues with Fitbit.

@Jimmy9008 said in Dell N2048 Switch and IP ACL - I just killed part of my network...:

Yes, I see what you mean. I was being crass about the windows server. Perhaps for specific servers the ACL on the switch would be useful for an added layer, but will have a think.

It's certainly an extra layer. But a complicated one (not just today, this will be complicated to support for forever) but it is one that is fully redundant with a more power and flexible one that you should be trusting pretty strongly (or removing that vendor.) I'm pretty confident that the Windows firewall has never been breached, ever. Having the switch ACLs would add a risk that someone might not enable the Windows firewall, as well. But at a minimum, it will take you to triple firewalls and all kinds of network overhead for simple stuff.

To put it another way, hospitals, government or Wall St. banks would never consider this degree of network lockdown. Unless you have a need for security greatly exceeding things like the CIA or sovereign funds, don't do this 😉

Also, anywhere that needs security even a fraction of this level can never run their own network but would have to move to Amazon (where they actually do this) and would not run Windows.

Otherwise, the level of effort here is disproportionate to the rest of the environment.

@irj said in Pentest - Who would you recommend?:

Security needs a top down approach in order to be successful

This is important for IT to understand. Business needs to drive security, and IT enable it. IT can't be the driver of security. If you have to convince people that they want to be secure, they don't really want to be secure.

@Jimmy9008 said in Disk2VHD M.2:

@tim_G what OS was your Host where it worked?

2012 R2 and 2016, both Hyper-V Server and Windows Server.

I've also done it with Hyper-V on Windows 10.

It's always worked for me. When it hasn't, it's because of not paying attention and using incorrect options.

The comments on this article are ridiculous: https://www.wordfence.com/blog/2017/05/how-to-protect-yourself-against-wannacry/?utm_source=list&utm_medium=email&utm_campaign=051417

If your excuse is that your software only supports Windows XP, then it's time to find a new vendor that supports OSs from the present decade.

Easier said than done. I know... but rather that than people dieing.

The organization I work for has some proprietary (PROM or EPROM i think) programming software (forget exactly what it is) that requires a specific processor (due to the timing/frequency of the CPU crystal) that can't run anything greater than 98.. but that computer is off the network. There are ways...

@Jimmy9008 said in New Project - Thoughts? (CentOS, HAProxy, Load Balance)...:

In Windows, Remote Access/RDP etc is not enabled OOB. I assume the same in Linux? Unless you can connect to each through a command line/ssh or something, which maybe needs to be enabled/disabled etc...

Linux has no default, it is the distros here that would have a default. CentOS defaults to SSH enabled. Most places leave it enabled. But certainly not all.

@travisdh1 said in Dell Quote... good price?:

@MattSpeller said in Dell Quote... good price?:

@travisdh1 said in Dell Quote... good price?:

@MattSpeller said in Dell Quote... good price?:

@Jimmy9008 For the pull out 1U KMM/KVM - make sure you have lots of room behind you / in the isle to pull it out. We have one and it always hits me square in the nuts when I pull it out.

😆 😆 😆
Oh wait, I mean... that sucks..........

It's no joke man, I need to reshuffle the rack so it's higher.

This is what happens when you work with all women lol no respect for common decency 😉 😛 😄

(yes, that was a joke, the two ladies I work with really are truly awesome!)

Are you positive that situation wasn't pre-meditated by one of them?

lol - they are both less vertically gifted than myself, so the answer is actually yes

Next renewal we will either get perpetual so we own, or go cloud where the price of the OS is included in the rental.

It is purely American, that's for certain.

The whole of carpet sounds weird - typically what I've seen is carpet in the walkways.. if you want it in the booth, you pay for that.

Unions are one of the things killing pricing. Of course you can't blame them for the internet fees - that's just them holding you hostage because they can.

While the convention center at Denver Comic Con does provide WiFi, it's so saturated that it's useless. Hell, during Dragon Con, even outside on the street it's nearly impossible to make a phone call or a SMS message with the 90K people in a 4 block area. I'm guessing the phone companies could fix this (how else do you service football stadiums with 140K people?)

@BRRABill said in Argh! Windows 10 Updates...:

@scottalanmiller said in Argh! Windows 10 Updates...:

I patched mine with the Ubuntu 16.10 patch and it seems to work beautifully now.

You're like the Android people who keep talking about having a removable battery.

@BRRABill Even more annoying, I have a Lumia 950 XL Windows 10 Mobile phone and it has a removable battery too. :thumbsup_tone2:

Just saying ...