https://pi-hole.net/2020/01/19/announcing-a-beta-test-of-pi-hole-5-0/

@DustinB3403 said in Break-Glass Access Control For Business Owners:

@NashBrydges said in Break-Glass Access Control For Business Owners:

That would work but would not provide the "notification" that it was used. Ideally, I would setup some kind of process so that I can be notified when they actually "break the glass". I think that's an important piece of the puzzle I'm trying to solve is to be notified when they access the credentials storage/file.

Break-glass would in my mind, be used because you had an emergency (like firing your IT personal) a notification to that same person or group seems worthless in my opinion.

In my case, if my clients accessed this storage/file, it would be important to know. Not only would that mean they are potentially looking to terminate relationship (not too worrying since this is part of doing business...the majority of my clients are from other IT service providers who have screwed the pooch) or that there was some reason for someone to access the credentials and, provided I'm still the service provider of choice, would now need to closely evaluate what was done and what caused them to need to access those credentials.

*edited for spelling

@DustinB3403 said in Break-Glass Access Control For Business Owners:

@NashBrydges said in Break-Glass Access Control For Business Owners:

As stated here, wondering what process/tools people use for this process.

https://www.mangolassi.it/post/497853

A set of one time credentials setup and not managed by the leaving IT party/personnel that are put into a vault at the time of creation and only used for that case.

The creator of the credentials doesn't actually set the password(s).

That would work but would not provide the "notification" that it was used. Ideally, I would setup some kind of process so that I can be notified when they actually "break the glass". I think that's an important piece of the puzzle I'm trying to solve is to be notified when they access the credentials storage/file.

As stated here, wondering what process/tools people use for this process.

https://www.mangolassi.it/post/497853

In my inbox this morning...

@JasGot said in Best Plex player to use with a non smart tv or as a portable HDMI player?:

@NashBrydges I looked at these. The Rokus do not present themselves as a mobile device, so this means I cannot use the Plex SYNC feature. This wouldn't really be that bad if it had internal storage it can play from. Managing everything from Plex would be nice, but I wouldn't mind copying stuff to an SD card or USB stick if I needed to.

Do you know if any of the Rokus can play from local storage while offline?

No, you're correct. While I haven't tried, they are supposed to be able to play content from a USB connected drive. That being sai, if you're looking at Plex, I'm assuming you have a Plex server installed. I have my Plex server in the datacenter and I can play content from that server from anywhere in the world using my Roku device. No transcoding required from the Plex server since the Roku handles all of that heavy lifting. The only thing required is to make sure your outbound bandwidth would allow full feed of your video files via internet from your Plex server. If you want this to run like this, you'll need to expose port 32400 (or other custom port you designate) to the internet otherwise all playback is handled through the Plex.tv servers and your playback will be throttled to 2Mbps max. I've been able to play a 70Mbps 4k HDR10 video from a remote location at full bandwidth this way.

I've always loved Roku for this. In fact, I own 3 of them. They are powerful enough that my Plex server doesn't have to do any transcoding at all so the server doesn't need to choke on my 4k HDR10 movies.

@nadnerB said in Random Thread - Anything Goes:

Rickrolled! lol

https://investor.logmeininc.com/about-us/investors/news/press-release-details/2019/LogMeIn-Enters-into-Definitive-Agreement-to-be-Acquired-by-Affiliates-of-Francisco-Partners-and-Evergreen-Coast-Capital-for-8605-per-Share-in-Cash/default.aspx

I've just setup a client's Hyper-V server at a local datacenter. I've also setup Veeam in a VM and pointed it to a local (in the DC) backup repository. All of that is working beautifully. Next step is that we need to setup an offsite backup. Client has asked that we use his Synology NAS that's located in his office as the remote backup repository. We were going to use Wasabi which would have made my life significantly easier however the $150/month price tag for 25TB is more than he's willing to spend.

Wondering is anyone here has setup a backup repository for Veeam on a remote server or NAS. I could connect the NAS to the DC Veeam server via VPN and use split DNS so that not all of the NAS traffic would go over the VPN but just not sure if that's the ideal solution.

Anyone have a better idea?

@scottalanmiller said in Voip.ms Fax To Email:

@NashBrydges said in Voip.ms Fax To Email:

Were they able to send faxes via their own email client? I noticed the wiki shows how to use the service by logging into the portal.

What would their "own client" be? You'd need a fax protocol in order to do that.

Their own email client like MS Outlook desktop. This service leverages email to send/receive faxes so no fax protocol needed at that level, only at voip.ms which takes the email and converts it to fax, as I understand this process to work.

Were they able to send faxes via their own email client? I noticed the wiki shows how to use the service by logging into the portal.

Curious if anyone here has used voip.ms' fax to email service? Wonder if there's any feedback.

So many attorneys on mangolassi. I’m impressed

Yeah I got the haveibeenpwned notification email. Grrrrr.

@scottalanmiller Yep, happening quite a lot actually.

https://linuxsecurity.com/features/features/nextcry-ransomware-targets-nextcloud-linux-servers-and-remains-undetected

Yeah they have key fob access so I assume access to building and rooms is logged. I’ve also spotted UniFi cameras facing every aisle.

So it turns out that a new client I picked up has their gear colocated at the datacenter in Waterloo that is the same as the CloudAtCost datacenter. In fact, the datacenter website "sells" cloud servers called "CloudPRO" and is showing pretty much the same video on their site as on the CloudAtCost site.

Client is renting a 1/4 rack at this datacenter and the racks do not have separate sectioned off space so if another customer rents a 1/4 rack for example, their gear would be in the same rack as my new client's gear with no physical separation between the 2. Customers who rent 1/4 rack or more are allowed to come and go as they please 24/7 unescorted however they aren't provided any locking capabilities since they share the rack space with other clients. I know when renting a single U or 2U space, that's typically how they're setup but for those instances, I believe the standard practice is that you need to be escorted as this is how they provide physical security.

I've only really dealt with 3z in Toronto and they have the lockable 1/8, 1/4 and 1/2 rack options. Am I wrong in thinking this should be an alarm bell? What's common practice across colo locations you have worked in? Are shared racks allowed unescorted access?

Agreed. Make it public and encourage accountability.