Thank you so much for considering giving HelpWire a try! We truly appreciate your interest. I'm here not to spam, but to address your concerns directly.

Concerning the "too good to be true" perception, I understand that this often stems from privacy concerns related to using a free (and new) product. So, what's the catch, you might wonder?

Initially, we launched HelpWire as a free service to establish a foothold in a market where competitors offer a broader range of features. That's the entire story.

I assure you, we do not sell any private information to third parties to cover our expenses. Instead, HelpWire is supported by our parent company, Electronic Team, Inc., which has a range of successful products generating revenue to support HelpWire's post-launch phase.

Will there be a paid tier in the future? Yes, but that's still a long way off. Even then, HelpWire will continue to offer a comprehensive set of features for free. Currently, every feature and functionality is available for extensive use, free of any limitations.

I hope this clears up any concerns! If you have more questions or need further clarification, feel free to post them here (I'll keep an eye on this thread) or contact our support team at support(at)electronic(dot)us.

@notverypunny said in Self-Signed certs for LDAPS:

So I'll start off by acknowledging that self-signed certs are less than ideal for most purposes.

Right now my goal is to get rid of plain-text LDAP on the network and want to make sure that I'm not trading one security hole for another.

I've found a couple of sets of instructions online and figured I'd run the idea past the assembled brain-power before going too far down the rabbit hole.

https://anandthearchitect.com/2019/10/10/active-directory-self-signed-certificate-for-ldaps/

https://social.technet.microsoft.com/Forums/en-US/667ec29d-d83a-49b4-9280-308964359154/best-way-to-enable-ldaps-self-signed-certificate?forum=winserversecurity

https://www.javaxt.com/wiki/Tutorials/Windows/How_to_Enable_LDAPS_in_Active_Directory

Open to other suggestions to move from LDAP to LDAPS, but I'm in an environment that has too much legacy stuff to scrap it and / or AD so that whole possible course of action is the non-starter to end all non-starters.

In an on-prem only AD environment, no problem using self signed.

I missed the memo on this 😂

@notverypunny said in OT / IoT asset management:

My main concern for the present effort is getting an accurate picture of what SCADA / OT etc devices we've got in the environment so that I know if action has to be taken or flagged to the appropriate controls group when vulnerabilities are flagged online.

Sounds like your needs are primarily security centric.

Give cyberx a look then. It's now called Microsoft Defender for IoT but it covers SCADA and other OT tech as well. https://azure.microsoft.com/en-us/services/iot-defender/#features

I do have a lot of experience with documentation of these kinds of system in a variety of industries, like manufacturing industry, pulp and paper, chemical plants etc.

In a lot of cases automatic discovery can be problematic and won't work.

If you have a lot of control systems, most of the manufacturers will have tools that can keep track of their own devices. Especially when it comes to DCS systems that you'll find in larger installations.

You will likely need some kind of hybrid approach.

@pete-s said in ZeroTier & Security:

@scottalanmiller said in ZeroTier & Security:

@pete-s said in ZeroTier & Security:

@notverypunny

If you assume that being connected to an ZeroTier network is the same as having the host sitting directly on the internet, you'll be fine.

That is the basic premise of the zero trust security model - assuming that the network is hostile.

Ding ding, exactly. It's a connectivity tool, not a security tool. The security has to be provided normally. Any ZT provided security, is purely extra.

Yes, and when it comes to security ZeroTier, as any other VPN, shows up as a virtual network adapter. So you can apply the OS' firewall like you could on any network adapter.

And the ZeroTier network itself also has some limited L2 rules to control the traffic, similar to a switch. It lacks tcp sessions and other things though so it's not like a real router/firewall.

There is also the possibility to connect ZeroTier to a compatible firewall and not the host directly.

I'm running OPNSense at home and have the plugin working and connected to a client's PC's from my house.

Works great.

@gjacobse It is not compatible. There was another project out there that was ARM compatible. I think it fizzled or was bought by Google several years ago now. Sigh

@dustinb3403 said in TacticalRMM issue today, anyone else?:

Sounds like you're using this in production, correct?

Truth. It's not the only remote tool that we're using, but it's a nice backup / complement to our other options.

@hobbit666 said in NG AV / Endpoint Protection in 2021:

So in simple terms, people are saying dump the AV products like Webroot/Bitdefender/Eset and move over to a more SIEM orientated setup whether that's in house or externally managed (we wouldn't have the resources internally)

By and large, just dump them. If you need SIEM, that's a different discussion. But definitely dump those. ESET is outright evil, they are an active threat. We've had actual criminal activity from them. They are nothing like the others.

Bitdefender and Webroot, they just don't add value over what is included, but do have some pretty significant negatives (not only cost.) Performance and, especially with Bitdefender, all kinds of application breakages.

The upside to customers who keep installing Bitdefender against our advice... boy does it rack up the billable hours to fix issues that it introduces.

@notverypunny said in Wazuh Setup:

@scottalanmiller said in Wazuh Setup:

ElasticSearch is no longer open. I won't touch them. Look at OpenSearch now instead.

Looks like they're already using elasticsearch-oss and opendistroforelasticsearch instead of the closed source stuff. https://documentation.wazuh.com/current/installation-guide/open-distro/distributed-deployment/step-by-step-installation/elasticsearch-cluster/elasticsearch-single-node-cluster.html#elasticsearch-single-node-cluster

That's good.

@notverypunny said in FortiMail 7.0:

Damn, nobody else on here uses these guys?

Nope, why would we? LOL I don't know anyone much running in house email anymore. Those that do just use a mail filtering service, not an appliance. This is a device for a very different era. Not the kind of thing you'd expect to see still deployed.

@notverypunny said in FIM, FAAM, details & False Positives:

The only commercial product that I've seen that discusses or seems to leverage this is Rapid7's InsightIDR.

Keep in mind that Greylog is a commercial product and is not open source. It used to be open source, now it is not. They claim to be, but they don't qualify.

f3ab13d3-c5d6-4e2d-802e-13e119a26dfe-image.png

@notverypunny said in Discovery of the week:

@coliver said in Discovery of the week:

@notverypunny said in Discovery of the week:

If anyone else needs something for IPAM / network documentation I've just fallen in love with phpipam (https://phpipam.net/)

I'd tried netbox in the past but this just seems to work better for me. You can also set up polling / discovery of the configured ranges (on a per-range basis) either from the central server or from remote agents.

Anyways, it's rare that I'll advocate for something out of the blue, but I'm almost enjoying moving our horrible excel spreadsheet documentation over to this.

Happy Friday all 🙂

Yeah, we've been using it for a year or more. It has a nice API that @stacksofplates helped me dig into to automate DHCP reservations.

That sounds sexy.... windows server DHCP or something else?

dhcpd. The developers are working on built in Kea integration, although that's been on the table for a while.

@scottalanmiller said in RDP Security / Hardening:

Let's start with understanding the need. Why is RDP open at all? Is it only open to the LAN, or is it open to the world?

Yeah that is a much bigger concern than simultaneous connections.