You have a front-facing service that has a login prompt. Random automated login attempts are just part of life. What can you do?

1. Setup Fail2Ban. (Smart botnets split the load across lots of IP's).

2. ~Geo Blocking~ useless, as bots are all over the place (many in the US)

3. Double Check your password policy (make sure they can't use easily guessable passwords).

4. If you actually have users with highly valuable data in their email, force MDM agents on their mobile devices, if they want to use mobile access Exchange, can be configured to do this. Alternative use a whitelist for remote/mobile devices (Exchange 2010 on has a ActiveSync device quarantine options where devices even if they can authenticate don't get email till you approve them).

5. I've seen it done with AirWatch so only Boxer as a mail client will work as it has a device-specific VPN.

6. Disable unneeded and insecure protocols. IMAP and POP3 shouldn't be externally facing it's 2017...

Lastly, who still uses Zimbra? We used to own it, but now just use O365 (and have Microsoft's billion dollars of security spending and IDS in front of it).

@dashrender said in Ubiquiti Security Gateway:

@fateknollogee said in Ubiquiti Security Gateway:

Old school VPN usage (eg, site-to-site) can be a problem
but
New school VPN usage (eg, ZeroTier) is not a problem.

Is this a correct statement?

ZeroTier isn't about a new VPN, it's about making a borderless LAN, i.e. transparent access to the LAN regardless of where you are. And while ZT is newer, this idea is not new at all.

Agent based network abstraction is an interesting alternative to traditional VPN. For IoT stuff it's pretty handy (have device bridge itself into a stretched VxLAN), but for other stuff (accessing Citrix) it's kind of an unnecessary kludge vs. an external SSL broker.

@scottalanmiller said in Is Tintri Heading for Pure and Nutanix Territory Financially?:

Anything that CAN run in public cloud would be enough, even if only used in private cloud. Public vs private isn't the real issue, but cloud vs non-cloud.

Which is what VMware CLoud on AWS is. Running ESXi on bare metal servers in AWS. Fully automated and managed vCenter, NSX, vSAN and elastic DRS (hosts added to the cluster), with in AZ connectivity (nice on the meter) to EC2 and other services. It's basically a private cloud embedded inside a public cloud.

@scottalanmiller said in Weekend Plans:

2.5 hour flight on Spirit. About the best deal around. Best prices, biggest and most comfy seats, newest planes. It's a huge win.

Spirit? Best prices if you fly naked. If you travel with bags the fee's are crazy.

28-inch pitch on their A320 vs. 31 inches on SW

@marcinozga said in What Industry Apps Are Awful and You Are Stuck With?:

One more, UPS Worldship. While you can do your shipments online, interface is just terrible. While this app supports remote clients, you cannot install it on Windows server, at least it's unsupported, I haven't personally tried.

So Terrible.

@jaredbusch said in SW Roomate?:

Re-book at the Hampton.
Seriously. You will pay more in Uber/taxi than you will save.

I can expense Uber (automatically loads into my expense report).

@texkonc said in SW Roomate?:

I will need a roomate to split the room at the Hyatt or I wouldn't be able to attend SW. Anyone still looking for a room?

Why don't you just book an AirBnB. You can get some cheap places.

@nerdydad said in Hurricane Harvey:

@storageninja Nice, but its just for Houston. Got anything for Big D?

The Big D can go... Sigh, I'll be nice to Dallas... use local weather

@gjacobse said in Hurricane Harvey:

Local ( Lexington, Ky) company ready to send 1,200 lineman to repair damage,..

We had this after IKE. Like 30 states worth of lineman and electrical workers. IT was some boys from TN who fixed the lines outside my office.

If you want Hype Free weather, I STRONGLY recommend Space City Weather.

http://spacecityweather.com

These guys have one sponsor for the entire season so no incentive to do stupid scare tactics.

Running jokes around Hurricanes in Houston tend to revolve around failed storms that never make it here (Pictures of patio furniture knocked over and meme's about "WE WILL REBUILD") Telling people in Katy they should evacuate (They are so far east so it's stupid, and they are the first to leave and clog the roads for the inlanders), and strawberry poptarts (#1 food purchased in hurricanes).

@gjacobse said in Hurricane Harvey:

@jmoore said in Hurricane Harvey:

@nerdydad I am in Waco as well so will report anything of significance that might help others be safe.

Well, hope it won't be to much of a trouble for the area.

Corpus will take a beating, as will Port Aransas. THe worst case is the bastard bounces off them, and comes to park over Galveston and the surge on the west bay COMBINED with the bayou's trying to drain turns into a cluster f*** that breaches the levees around the ship channel turning the ship channel into a toxic cluster f***. the likes of the world has never seen (Seriously a Cat 4 direct, or sustained Cat 3 will basically turn the ship channel into the mother of all Superfund sites, we are way under spec'd for it).

@brandon220 said in Hurricane Harvey:

I'm west of Houston. I've never witnessed the amount of rain projected for us.

I was camping in West Columbia when Allison parked over us. You will survive (I had no warning, roads out got washed out).

IKE didn't rain much but the cat 3 winds destroyed the grid. We will at least be spared of that. (I was keeping a datacenter online in that. Got to work on 3 phase power in the storm outside, and had a shotgun to defend my generator).

@scottalanmiller said in Hurricane Harvey:

@nerdydad said in Hurricane Harvey:

@dafyre said in Hurricane Harvey:

What about @StorageNinja ? Did he make it out of Houston the other day?

I would assume that he has either vacated or is bunkering down because he hasn't been active for the last day or so.

He mentioned escaping like yesterday. But I spoke to him within the last hour on IM.

Plane got delayed but I'm out and safely in Vegas (about to take a nap for an hour or so it was a late night in Jamaica beach locking down the boats). Left the wife and dog with water, beef jerky, cliff bars, and some twinkies. She's tagged as essentials personal for some stupid reason for Katy (which she will not be able to reach from midtown, and they don't have a bed for her so she's told to wait at home).

@scottalanmiller said in Port - How to go about setting up a client to be virtualized?:

A VPN adds overhead and latency

You sir, have not seen what a pair of Brocade MLXe's can do with a dark fiber connection. A fully loaded chassis could push 1.2Tbps of IPSEC traffic at wire speed.

Shitty consumer grade, no crypto ASIC stuff? Yah, there are limits. The latency your complaining about? That's likely from trying to run UDP real time protocols WITHOUT configuring datagram TLS? OUCH. Yah that's gonna suck. Use a real VPN appliance that will support dTLS.

@dustinb3403 said in Port - How to go about setting up a client to be virtualized?:

SBS2008 setup

BURN IT WITH FIRE

Virtual gives you more options for migration later. It gives you more options for backup and recovery.

@dashrender said in Is Most IT Really Corrupt?:

Then I'm lost how you say IT cares more about the business than the owner/CEO does? They don't know the IT side of things, so they more or less have to rely on others to help them, if they choose not to follow those recommendations is another matter.

Lifestyle businesses where they don't care about making money beyond xxx amount to maintain their lifestyle. Pretty common in SMB.

@dashrender said in Is Most IT Really Corrupt?:

I'm trying to find the name of the job that supports the technical stuff in a company without being a decision maker - because according to you, IT= the business, basically makes them a C level part of the company along with CEO and COO, etc. So what do you call the people in the trenches doing the work after the decisions are made?

Going from a typical oil/gas major 3 tier's of fun...

Architects make design decisions, engineers do the implementations, operations keep things... running.

@scottalanmiller said in Just How Hard is University to Overcome:

@storageninja said in Just How Hard is University to Overcome:

@scottalanmiller said in Just How Hard is University to Overcome:

Personally, I wish I'd taken a skip year. Would have been more valuable to go work for a little bit, and go backpacking Asia for 6 months to figure out what I wanted to do in life.

Also highly recommended, they say (I have no stats on this, but I've been told this a bit) that a skip year spent meaningfully traveling (that's not subjective, is it?) is more likely to positively impact lifetime income than finishing a degree will.

Another thing to point out is that The unexamined life is not worth living...
If it's just about wealth, but the quality of life.

Could I make more money in some blue collar trade doing 80 hour weeks in physically demanding labor? Sure. But I like what I do, and the travel has secondary benefits and that carries some value. There's always a way to make more money. If there's anything I've learned from internet forums is MANY people have reasons (some are dumb to me, whatever) to not make more money.

@scottalanmiller said in Just How Hard is University to Overcome:

@storageninja said in Just How Hard is University to Overcome:

@scottalanmiller said in Just How Hard is University to Overcome:

Unfortunately, truly meaningful stats are impossible to get

The Integrated post secondary Education Data System is pretty damn comprehensive.

One metric, Default rates for a school are a HELL of a good proxy for expected outcome.
Laurus College has a 20% default rate. I can't tell you that someone who didn't go to SUNY would not have made MORE than the 895K 20 Year Net ROI (compared to 24 years, less the cost of school), but that's still a damn impressive number above average.

The Department of Education actually has income by major stats for schools.
https://collegescorecard.ed.gov/school/?380438-Provo-College

The problem isn't that there aren't stats for those schools, but that there aren't stats for the alternatives. So knowing what an isolated university outcome is likely to be is great, but only tells one side of the story and leaves us with zero information about the other side.

You can find proxies for success that have statistic significance. Economic background, SAT scores, etc. Economists have been studying "why are rich people rich, and poor people poor" for a REALLY long damn time.

@scottalanmiller said in Just How Hard is University to Overcome:

"bail" options like starting at a community college and going for an AS/AA first and a BS/BA only after completing the Associates degree. This gives a milestone, a resume boost, and an academic checkpoint and bailpoint halfway through the degree.

Personally, I wish I'd taken a skip year. Would have been more valuable to go work for a little bit, and go backpacking Asia for 6 months to figure out what I wanted to do in life.

I never put really any faith in associate degrees. I thought the stats are a lot worse on them?

They do save money, but you cut a lot of the networking shorter coming in as a junior into upper-level classes. My network (that helped me get my first job, and some other key connections) came from those first 2 years of easier classes and more time for.... non-studying activities.