redfox

After reading this article, I had a few dissenting thoughts, maybe someone will provide their perspective?

The article suggests not running critical workloads virtually based on a failure scenario of the hosting environment (such as ransomware on hypervisor).

That does allow using the 'all your eggs in one basket' phrase, so I agree that running at least one instance of a service physically could be justified, but threat actors will be trying to time execution of attacks against both if possible. Adding complexity works both ways here.

I don't really agree with the comments about not patching however. The premise that the physical workload or instance would be patched or updated more than the virtual one seems unrelated. A hesitance to patch systems is more about up time vs downtime vs breaking vs risk in my opinion.

Is your organization running critical workloads virtual like anything else, combination physical and virtual, or combination of all previous plus cloud solutions (off prem)?

The author of this article asserts some of the recent complaints I've either personally heard from others or some of my own opinions regarding the costs of higher education.

Scott Galloway has recently become well known for additional criticism of higher education creating artificial constraints on admissions or acceptance of potential students.

Do you believe any of these points have merit?

Do you believe the current costs of higher education either in the US or other first world countries provides appropriate return on investment?

Do you believe the assertion that senior lecturers don't have the same teaching skill requirements as primary education in addition to their subspecialty or focus?

How could higher education be improved or is the current model working well enough?

I've seen companies do all sorts of home grown things.

One uses a spreadsheet that is just the configuration row by row, they turn it I to text file and copy to startup, reload.

I have used git servers to do the same thing, but with obvious change tracking history of git.

What real or home grown things are you using?

Currently using an ISR4461x. Now 17.7+ supports ssl VPN.

Should we learn flexvpn or do ssl VPN?

This is a network defense design scheme question.

In a scenario where your organization is designing multi-layered firewall deployment and management, how granular  do you create rules at each of these three layers?

Example site is a main/HQ site that also houses your data center (basic 3 tier model).

1. Site has your main internet gateway and VPN termination point. As am example, it's a Cisco or other ZBF. It has four zones: (1) Internet, (2) VPNs from other sites/clients, (3) your corporate LAN including data center, (4) Guest/untrusted/Iot.

2. Between your gateway and the rest of your corporate network/datacenter, you have transparent proxy firewall/IPS/monitor. It's bridging traffic between gateway and data center.

3. Within data center, hosts have software host based firewalls, all centrally managed by management product.

Questions:

• How granular do you make ZBF policies at gateway? Limit it to broad zones, subnets, etc? Get granular by source/destination? Further granular by source/destination/port?

• How granular do you make rules for transparent proxies between segments? Src/dst? Src/dst/port?

• How granular do you make rules for host based firewalls? Src/dst? Src/dst/port? Src/dst/port/application/executable?

• How have organizations you've worked for implemented these strategies?

• Were they manageable vs effective?

• Did the organization detect/prevent lateral movement if any unauthorized access happened?

• What would you change about your organization's firewall related designs?

What sources of technical controls does your organization use?

Do you base device/operating system configurations on:

• CIS workbench?
• NIST/STIG?
• Microsoft best practice?
• Google searches and 'that looks good'?

How closely rigorously does your organization enforce change management for policies or settings?

• Can you change GPOs/Linux/Network device settings as needed?
• During maintenance window?
• After a group meeting with code/change review and some sort of approval authority?

Does anyone fully implement workstation and server logon restrictions, and priviledged access workstations (PAW) as prescribed by NIST/STIG/CIS?

The URL is Microsoft's long description of the same concepts.

Specifically from the above, there's a few things like:

• Establishing asset/systems tiers (domain controllers or entire org compromise tier 0, moving towards less consequence in the event of system compromise)
• Accounts with the Active Directory Domain Admins or equivalent are supposed to be blocked from logging into lower tier assets
• Workstations that have access to log into these super sensitive assets like Domain controllers for management are considered PAWs, and are blocked from internet access, highly locked down, might have extra hoops or management plane assets are air gapped?

Question:

Does anyone actually do any of this at their organization?

If so, to what degree?

People hated red forest because it was a whole other set of infrastructure to baby sit.

People hate air gapped systems because no remote access or work from home.

The above doesn't work well with cloud, and as a result Microsoft (just as an example) pushed for the new hybrid PIM models replacing their old red forest concept.

I'm just curious.

I don't even know where to begin with some of the quotes in this article, good or bad.

The topic of politics can be aggausting, but I wonder if there isn't merit to this idea?

If we'll have republican local reps regardless based on trends, should people jump party and vote for more moderate candidates, if any exist?

Even if you know your candidate isn't likely to win, do you vote them on principle to vote metrics and data, or do you vote for the lesser evil opponent, even if you feel dirty for it?

I'm not taking or endorsing a side or suggesting anyone should, just curious. Pretend it's the opposite parties than Indiana if it helps thinking through it.

My reason for posting this question is to get some perspective, since I don't live further west than Indiana.

Indiana has a lot of conservative tendencies, usually opposes progressive policies, and a little old school bigotry in the form of religion based disagreement with people's life styles, like letter community.

From an outsiders perspective, TX, OK, MO etc are even more extreme.

This permalink above from a comment from a person referencing recently proposed legislation against letter community people specifically, though there's tons of examples of bigotry like the school principal getting sued for discrimination due to a kid's hair (black hair).

We know Lemmy is a bit more populated with left than right thinkers, but regardless, what's going on in these western plains states? Is it as bad as it looks?

Do you personally know some sweet old church ladies who 'hate the gays because they'll going to hell' or are there just more extreme law makers being elected that don't represent the majority?

EDIT: tried to fix link to a conversation instead of a login page.

This is not an ad.

Does anyone have experience with Tenable products?

I'm interested in real world experience regarding:

• cost
• effectiveness
• ease of use

I'm playing with Tenable Security Center and Nessus Scanner. I'm early in the deployment, just looking for pointers and whether anyone has used it?

What alternatives is your org using if not?

Can you compare?

Edit, if anyone is interested, I can post results and opinions here also.

INDIANAPOLIS – Angry reaction from community leaders continue to pour in after a controversial punishment was handed down to the man who was convicted of killing Indianapolis Metropolitan Police Department officer Breann Leath.

Dorsey was sentenced on Thursday to 25 years in prison after he was found guilty but mentally ill on the following charges:

One count of reckless homicide Three counts of criminal recklessness committed with a deadly weapon One count of attempted murder One count of criminal confinement Dorsey was not convicted of murder by the jury. That charge was reduced to the lesser reckless homicide charge.

...

Snyder, who is the president of the Indianapolis FOP, said during a Friday afternoon news conference that residents of Indianapolis, as well as Indiana residents and those throughout the country, saw a “miscarriage of justice” through Stoner’s sentencing.

In response, Snyder said the maximum sentence of 63 years should have been implemented for Dorsey in this case, which Snyder called an attempt of “cold blooded murder.”

...

“As mayor and as a father, I’m shocked and disappointed in the decision that was handed down yesterday,” said Indianapolis Mayor Joe Hogsett.

INDIANAPOLIS — A traffic stop ended up leading investigators to a restaurant on Indy’s east side where police uncovered cocaine, methamphetamine, marijuana, fentanyl and enough firepower for a shootout.

William Collins, 45, was arrested by the Indianapolis Metropolitan Police Department on Monday for his role in the alleged drug trafficking. Collins also isn’t permitted to own a firearm due to being a convicted felon.

Police said Collins was arrested during a traffic stop after detectives witnessed a “hand-to-hand drug transaction” in a parking lot in the 3200 block of N. Emerson. During the traffic stop, police found a handgun in Collins’ possession.

The investigation eventually led police to 1313 Eatery, a chicken wing shop located at 5299 E. 38th Street. Detectives searched the business and seized approximately 600 grams of cocaine, five pounds of meth, one pound of marijuana and 70 grams of fentanyl pills.

Also found in the restaurant were three firearms, two of which were reported stolen, and nearly 900 rounds of live ammunition.