ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login
    1. Topics
    2. stacksofplates
    3. Posts
    • Profile
    • Following 0
    • Followers 13
    • Topics 145
    • Posts 7,946
    • Groups 0

    Posts

    Recent Best Controversial
    • RE: Macbook Air for College

      @jasgot said in Macbook Air for College:

      @scottalanmiller said in Macbook Air for College:

      What more were you looking for?

      Air or Pro?

      It depends. If you need the extra 100 nits of brightness, touchbar, and you know you need the fan from extended compute then get the pro. Otherwise save the couple hundred and get the air.

      You can still get the 8 core cpu and 8 core gpu in the air. It's pretty much the same minus the stuff mentioned above. The battery is also a tiny bit smaller and I think the microphone is less "studio quality".

      posted in IT Discussion
      stacksofplatesS
      stacksofplates
    • RE: Macbook Air for College

      @jasgot said in Macbook Air for College:

      @scottalanmiller said in Macbook Air for College:

      Make sure it has the M1 chip.

      Info like this is what I was looking for. Max Ram is sad, though.

      You prob won't notice the smaller RAM.

      posted in IT Discussion
      stacksofplatesS
      stacksofplates
    • RE: Macbook Air for College

      @dashrender said in Macbook Air for College:

      @scottalanmiller said in Macbook Air for College:

      @gjacobse said in Macbook Air for College:

      Uh-
      Don’t?

      What is the need for having the MacBook?

      Why wouldn't you? The new MacBook crushes almost everything else. It's pricey, but really cheap given its performance.

      Can the M1 run ALL - 100% all mac software? if not, then I wouldn't buy it, but that's just me.

      Yes. Rosetta will translate any Intel based apps for the m1. You won't notice any performance penalties. It really is blazing fast.

      It's really nice to have fanless (or minimum fan with the pro) and have a real terminal to work with.

      posted in IT Discussion
      stacksofplatesS
      stacksofplates
    • RE: Macbook Air for College

      @jasgot said in Macbook Air for College:

      @stacksofplates said in Macbook Air for College:

      @jasgot said in Macbook Air for College:

      Daughter wants a Mac laptop for college. Any suggestions?

      What is she going for?

      Biochemistry and Molecular Biotechnology

      IMO a Mac makes sense in that field. My wife's cousin went for something similar and they did a good bit of programming. Mostly Python but I think it's a good fit.

      posted in IT Discussion
      stacksofplatesS
      stacksofplates
    • RE: Macbook Air for College

      @jasgot said in Macbook Air for College:

      Daughter wants a Mac laptop for college. Any suggestions?

      What is she going for?

      posted in IT Discussion
      stacksofplatesS
      stacksofplates
    • RE: Macbook Air for College

      @eddiejennings said in Macbook Air for College:

      @stacksofplates said in Macbook Air for College:

      But the touchbar is going away from what I've seen.

      Good. Near the end of my previous job, I was issued a MacBook Pro, and that touch bar was underwhelming at best as far as usefulness.

      I kind of like it. It's nice to have app specific buttons sometimes. And I like the slider for volume and brightness vs just buttons. But to each their own. Would be nice if they offered a version of each.

      posted in IT Discussion
      stacksofplatesS
      stacksofplates
    • RE: Macbook Air for College

      My wife has a 13" MacBook Pro M1 and it's really nice, also cheaper than the Intel versions. If you want a Mac you might wait until the fall of this year. They are refreshing the line and looks like you get extra IO ports (HDMI, etc). But the touchbar is going away from what I've seen. So if you want the touchbar then you might need to order this gen.

      posted in IT Discussion
      stacksofplatesS
      stacksofplates
    • RE: Office chair suggestions?

      I have this one and I think it's pretty comfortable.

      https://www.amazon.com/dp/B00XBC3BF0/ref=cm_sw_r_cp_apa_glt_fabc_FY0Y16PM8GY448RET2A1?_encoding=UTF8&psc=1

      posted in IT Discussion
      stacksofplatesS
      stacksofplates
    • RE: Need to Purchase a New Switch What Cisco Family?

      @dashrender said in Need to Purchase a New Switch What Cisco Family?:

      yes - why Cisco?

      Personally, unless there is a specific need, Netgear could do you fine, or an Edgeswitch.

      Can't stack edgeswitches.

      posted in IT Discussion
      stacksofplatesS
      stacksofplates
    • RE: Anyone using ssh certificates for logins instead of keys?

      This is the main way Vault handles SSH creds. It will act as your CA and assign dynamic certs for you.

      posted in IT Discussion
      stacksofplatesS
      stacksofplates
    • RE: Mattermost –Open source, self-hosted Slack-alternative

      @scottalanmiller said in Mattermost –Open source, self-hosted Slack-alternative:

      @williamsdanielle said in Mattermost –Open source, self-hosted Slack-alternative:

      Similar to mattermost you could try Clariti

      Edited. No links to products for new members.

      $5000/mo compared to free. Doesn't seem like much of a deal.

      Where did you get that number from?

      posted in IT Discussion
      stacksofplatesS
      stacksofplates
    • RE: Bring order into IT environment in chaos

      I really enjoy using Notion. Everything is a "page" so you can link pages and embed pages. They have templates for a ton of stuff. It's a really powerful tool.

      posted in IT Discussion
      stacksofplatesS
      stacksofplates
    • RE: Looking for Security camera options

      @dashrender said in Looking for Security camera options:

      @irj said in Looking for Security camera options:

      @dashrender said in Looking for Security camera options:

      @irj said in Looking for Security camera options:

      @pete-s said in Looking for Security camera options:

      I would guess though, that you could use a reverse proxy and still put most of these things directly online - especially if you put your own logon page in front of the proxy's redirect to the camera system.

      Yes, the cameras or NVR would be accessible through the reverse proxy only.

      When you authenticate with SAML, the users are authenticated against a third party "login" service (called Identity Provider). So you are basically outsourcing 2FA and the login process to someone who has the resources to secure it. It's how enterprises do it.

      Kind of...

      Any resource as important as camera system would certainly not be exposed directly. There is no reason for it. You're never gonna say "Customer please login and check the camera system." So why publicly expose at all.

      Require VPN and make it internal only resource.

      You're right about using SAML for authentication and using groups to maintain.

      wow - I don't know what customers you're talking about - but the two I had that have cameras absolutely demanded an app on their phone to watch their cameras from anywhere.

      Where they enterprises or hobby businesses?

      @Pete-S stated specifically enterprises and that is what I am answering. Nobody in an enterprise needs to check a camera while out to dinner. In real businesses CEOs don't have access to cameras nor do they care.

      @Dashrender you've misinterpreted nearly every reply on this thread and frankly everyone else is not understanding your replies like your sarcasm.

      You know, not many on this forum have the luxury of working for enterprise customers, not even Scott. Most of our clients are going to those hobby businesses as we call them around here. So that is the context I generally live in. Since you're fortunate to be in that enterprise space, you generally come from that context, so I get it....

      I don't work for an enterprise. We have around 45 employees.

      Also enterprise or not has nothing to do with securing correctly. It takes a small amount of time to segment correctly. You can still give them app access to cams without exposing directly to the internet.

      posted in IT Discussion
      stacksofplatesS
      stacksofplates
    • RE: Looking for Security camera options

      @pete-s said in Looking for Security camera options:

      @stacksofplates said in Looking for Security camera options:

      @dashrender said in Looking for Security camera options:

      @jaredbusch said in Looking for Security camera options:

      @dashrender said in Looking for Security camera options:

      @stacksofplates said in Looking for Security camera options:

      @dashrender said in Looking for Security camera options:

      @pete-s said in Looking for Security camera options:

      @jasgot said in Looking for Security camera options:

      @travisdh1 said in Looking for Security camera options:

      @voip_n00b said in Looking for Security camera options:

      I have no experience with them but I keep seeing hikvision everywhere.

      https://us.hikvision.com/en

      I see those everywhere as well. I think because they're cheap. I was very annoyed by the only system I ever worked with (required IE, 8 years ago now, but still, yuck.)

      Hikvision was very popular because of price until it was discovered they had a backdoor to monitor every camera that had a route to the internet.

      https://ipvm.com/reports/hik-backdoor

      Good to know.
      But on the other hand it's not wise to open your security cameras to the internet - ever. All devices are filled with backdoors and vulnerabilities. Some are known, most are not.

      so the only way you'd ever have cameras is with local access, or VPN access to that local network?

      A common way is with VLANs, like mentioned in another thread.

      I don't think this really gets to the heart of what most people want.

      I'm guessing JB's client wants to view these cameras while they are at home, etc.
      It's more about the remote access than the LAN based protection... but yeah, sure - Using a VLAN and ACLs is probably a good idea to help keep things separated.

      It is remote access to a NVR never a specific camera. Cameras never need to be open to the internet.

      yeah, cause an NVR's are always super hardened to be on the internet 😉

      I'm confused. The NVR doesn't have to be directly exposed to the internet? And even if it was, you're saying that since an NVR might not be "hardened" you might as well expose every camera? I don't get the argument.

      I think he's saying that the NVR is not better than any camera - from a security point of view.

      So don't expose the NVR directly to the internet.

      Yeah I think that depends on a lot though. If it's just software you control it's a different story than a black box nvr. However, all of it should be on a VLAN with no internet access and only access to the NVR from specific networks and only from established connections.

      I wasn't trying to argue about cameras/nvr when initially posting. Just that another thread flat networks was a recommendation ignoring the security issues that were mentioned in this thread.

      posted in IT Discussion
      stacksofplatesS
      stacksofplates
    • RE: Looking for Security camera options

      @dashrender said in Looking for Security camera options:

      @jaredbusch said in Looking for Security camera options:

      @dashrender said in Looking for Security camera options:

      @stacksofplates said in Looking for Security camera options:

      @dashrender said in Looking for Security camera options:

      @pete-s said in Looking for Security camera options:

      @jasgot said in Looking for Security camera options:

      @travisdh1 said in Looking for Security camera options:

      @voip_n00b said in Looking for Security camera options:

      I have no experience with them but I keep seeing hikvision everywhere.

      https://us.hikvision.com/en

      I see those everywhere as well. I think because they're cheap. I was very annoyed by the only system I ever worked with (required IE, 8 years ago now, but still, yuck.)

      Hikvision was very popular because of price until it was discovered they had a backdoor to monitor every camera that had a route to the internet.

      https://ipvm.com/reports/hik-backdoor

      Good to know.
      But on the other hand it's not wise to open your security cameras to the internet - ever. All devices are filled with backdoors and vulnerabilities. Some are known, most are not.

      so the only way you'd ever have cameras is with local access, or VPN access to that local network?

      A common way is with VLANs, like mentioned in another thread.

      I don't think this really gets to the heart of what most people want.

      I'm guessing JB's client wants to view these cameras while they are at home, etc.
      It's more about the remote access than the LAN based protection... but yeah, sure - Using a VLAN and ACLs is probably a good idea to help keep things separated.

      It is remote access to a NVR never a specific camera. Cameras never need to be open to the internet.

      yeah, cause an NVR's are always super hardened to be on the internet 😉

      I'm confused. The NVR doesn't have to be directly exposed to the internet? And even if it was, you're saying that since an NVR might not be "hardened" you might as well expose every camera? I don't get the argument.

      posted in IT Discussion
      stacksofplatesS
      stacksofplates
    • RE: Looking for Security camera options

      @dashrender said in Looking for Security camera options:

      @stacksofplates said in Looking for Security camera options:

      @dashrender said in Looking for Security camera options:

      @pete-s said in Looking for Security camera options:

      @jasgot said in Looking for Security camera options:

      @travisdh1 said in Looking for Security camera options:

      @voip_n00b said in Looking for Security camera options:

      I have no experience with them but I keep seeing hikvision everywhere.

      https://us.hikvision.com/en

      I see those everywhere as well. I think because they're cheap. I was very annoyed by the only system I ever worked with (required IE, 8 years ago now, but still, yuck.)

      Hikvision was very popular because of price until it was discovered they had a backdoor to monitor every camera that had a route to the internet.

      https://ipvm.com/reports/hik-backdoor

      Good to know.
      But on the other hand it's not wise to open your security cameras to the internet - ever. All devices are filled with backdoors and vulnerabilities. Some are known, most are not.

      so the only way you'd ever have cameras is with local access, or VPN access to that local network?

      A common way is with VLANs, like mentioned in another thread.

      I don't think this really gets to the heart of what most people want.

      I'm guessing JB's client wants to view these cameras while they are at home, etc.
      It's more about the remote access than the LAN based protection... but yeah, sure - Using a VLAN and ACLs is probably a good idea to help keep things separated.

      As Jared said, separating the cameras onto a separate VLAN doesn't stop people from viewing them out of the office.

      Let me rephrase that, it doesnt stop the people you want to view it who are out of the office. It does stop the cameras from tunneling out of your network or allowing backdoor viewers.

      posted in IT Discussion
      stacksofplatesS
      stacksofplates
    • RE: Looking for Security camera options

      @dashrender said in Looking for Security camera options:

      @pete-s said in Looking for Security camera options:

      @jasgot said in Looking for Security camera options:

      @travisdh1 said in Looking for Security camera options:

      @voip_n00b said in Looking for Security camera options:

      I have no experience with them but I keep seeing hikvision everywhere.

      https://us.hikvision.com/en

      I see those everywhere as well. I think because they're cheap. I was very annoyed by the only system I ever worked with (required IE, 8 years ago now, but still, yuck.)

      Hikvision was very popular because of price until it was discovered they had a backdoor to monitor every camera that had a route to the internet.

      https://ipvm.com/reports/hik-backdoor

      Good to know.
      But on the other hand it's not wise to open your security cameras to the internet - ever. All devices are filled with backdoors and vulnerabilities. Some are known, most are not.

      so the only way you'd ever have cameras is with local access, or VPN access to that local network?

      A common way is with VLANs, like mentioned in another thread.

      posted in IT Discussion
      stacksofplatesS
      stacksofplates
    • RE: Changing subnet mask?

      @stacksofplates said in Changing subnet mask?:

      @dashrender said in Changing subnet mask?:

      @travisdh1 said in Changing subnet mask?:

      @jaredbusch said in Changing subnet mask?:

      @travisdh1 said in Changing subnet mask?:

      You're conflating VLANs with security.

      You need to realize who you are talking to.

      @IRJ is probably the most skilled security person on the community.

      I know this, and statements like he made give me headaches after having to explain to other people that VLAN does nothing for security if you don't have firewall/access rules as well.

      The types of places @IRJ has worked at, I agree that it would be insane to have a flat network.

      This is my thoughts - most small businesses don't need/want more complexity than a flat network.

      Most small businesses don't want to deal with ransomware. What they want is immaterial. They should be doing what they need.

      Not really sure what the argument is here? No one is disagreeing with what you said.

      But the businesses that decide they need their infrastructure on prem, should 100% be separating networks. It takes little time/effort to set up properly.

      posted in IT Discussion
      stacksofplatesS
      stacksofplates
    • RE: Changing subnet mask?

      @dashrender said in Changing subnet mask?:

      @travisdh1 said in Changing subnet mask?:

      @jaredbusch said in Changing subnet mask?:

      @travisdh1 said in Changing subnet mask?:

      You're conflating VLANs with security.

      You need to realize who you are talking to.

      @IRJ is probably the most skilled security person on the community.

      I know this, and statements like he made give me headaches after having to explain to other people that VLAN does nothing for security if you don't have firewall/access rules as well.

      The types of places @IRJ has worked at, I agree that it would be insane to have a flat network.

      This is my thoughts - most small businesses don't need/want more complexity than a flat network.

      Most small businesses don't want to deal with ransomware. What they want is immaterial. They should be doing what they need.

      posted in IT Discussion
      stacksofplatesS
      stacksofplates
    • RE: Changing subnet mask?

      @travisdh1 said in Changing subnet mask?:

      @irj said in Changing subnet mask?:

      @travisdh1 said in Changing subnet mask?:

      @irj said in Changing subnet mask?:

      @siringo said in Changing subnet mask?:

      Sorry if this is a dumb question but ...

      Inherited an old SBS network which has been upgraded, but is still using the 10.0.0.0 /8 setup.

      I was thinking of changing the subnet to /24.

      Currently all devices still have 10.0.0.x addresses.

      Some of the their network gear is managed and I need to arrange with them to change settings within their Cisco gear to /24.

      If I get the Cisco gear changed, prior to me changing the servers, PCs, printers etc to /24 will everything remain working??

      For example, If I get the Cisco gear changed to /24 on weekend 1, will everything still communicate & work fine until I can change the other gear on weekend 2??

      I know the subnets are different, but with all devices having 10.0.0.x addresses I'm thinking they still may be seen by the /24 devices????

      Does that make sense?

      Create /24 VLANs. Separate severs, printers, workstations with different VLANs. Then you can block workstations from even seeing server VLAN.

      Seems like a lot of work with no business need from what we know.

      Can you expand on this?

      How is this alot of work and how is there no business need to segregate important data?

      Because in my experience data security is pretty damn important from a business perspective.

      You're conflating VLANs with security. VLANs themselves provide zero additional security, just network segmentation. It takes seconds for someone with network access to scan for any active VLAN and tag packets with different ones.

      If you want additional security, you need to move to a zero trust model.

      Pretty sure it was assumed when he said VLANs he meant also setting firewall rules between them.

      posted in IT Discussion
      stacksofplatesS
      stacksofplates
    • 1
    • 2
    • 12
    • 13
    • 14
    • 15
    • 16
    • 397
    • 398
    • 14 / 398