Consolidated Business & Enterprise Computing Rant Thread

Discussion in 'Business & Enterprise Computing' started by elvis, Jul 1, 2008.

  1. OP
    OP
    elvis

    elvis Old school old fool

    Joined:
    Jun 27, 2001
    Messages:
    45,385
    Location:
    Brisbane
    Yeah it's worded oddly. The job talks about being a member of "Offensive team, defensive team, all teams".

    Like... are you one person who pretends to be in all teams?
     
  2. GumbyNoTalent

    GumbyNoTalent Member

    Joined:
    Jan 8, 2003
    Messages:
    10,230
    Location:
    Briz Vegas
    Sorry forgot the <SARCASM> tags.

    I'm a JP fan but this interview is blowing my mind, especially the middle class socialist issues.


    Also check this one out (yeah yeah Joe Rogan interviews are new to my feed).
     
    Last edited: Jul 29, 2020
  3. cvidler

    cvidler Member

    Joined:
    Jun 29, 2001
    Messages:
    15,473
    Location:
    Canberra
    well if there's still a couple horses left....

    /hopefullunicornworldhaton maybe they're serious (more so than Toll) about not being hit again.
     
  4. Gunna

    Gunna Member

    Joined:
    Dec 25, 2001
    Messages:
    7,917
    Location:
    Brisbane
    Trying to explain this to my U.S counterparts. We are trying to get governance for O365\Teams\Sharepoint after we deployed it globally................trying to explain why guests accounts\anonymous access are not required for One drive has taken 6 hours so far.
     
    bcann likes this.
  5. Hive

    Hive Member

    Joined:
    Jul 8, 2010
    Messages:
    6,381
    Location:
    AvE
    Even more so since the breach, cause nobody can access it
     
    BurningFeetMan likes this.
  6. Cape_Horn

    Cape_Horn Member

    Joined:
    Dec 23, 2001
    Messages:
    2,485
    Location:
    Shooting Baker
    "Thank Evil Corp, as they safely encrypted your data so it would be safe from prying eyes?"
     
    BurningFeetMan and Hive like this.
  7. bcann

    bcann Member

    Joined:
    Feb 26, 2006
    Messages:
    6,125
    Location:
    NSW
    Given the amount of pwned sharepoint sites we get that get caught up in our AV filter for our email system, that should be enough (and it was the first thing i disabled at this job) was write access by default for guest level access to sharepoint and onedrive. If you want to dump shit in there, that should be by exception, not default, and linked to an auditable account.
     
  8. BurningFeetMan

    BurningFeetMan Member

    Joined:
    Apr 22, 2003
    Messages:
    9,647
    Location:
    Veg City
  9. Hive

    Hive Member

    Joined:
    Jul 8, 2010
    Messages:
    6,381
    Location:
    AvE
    Yes we let staff access their PCs outside of office using windows r d p
     
  10. PabloEscobar

    PabloEscobar Member

    Joined:
    Jan 28, 2008
    Messages:
    14,638
    The problem with exposed RDP is nothing to do with RDP itself.

    Bad practices are bad practices.

    If you let Karen login with a password of 'password' then, thats gonna be valid whatever you use to provide remote access... The problem isn't the method, its that you let Karen set her password to 'password'
     
  11. cvidler

    cvidler Member

    Joined:
    Jun 29, 2001
    Messages:
    15,473
    Location:
    Canberra
    RDP still sucks, numerous exploits over the years - coupled with businesses trends of not patching, and doesn't matter what the password is.

    stick you're shit behind a VPN.

    layers.

    at least with layers an exploit will only get you so far.
     
    Gunna, Hive and elvis like this.
  12. Hive

    Hive Member

    Joined:
    Jul 8, 2010
    Messages:
    6,381
    Location:
    AvE
    Ah yes, the shrek approach to network security
     
  13. PabloEscobar

    PabloEscobar Member

    Joined:
    Jan 28, 2008
    Messages:
    14,638
    Please provide me with your UnicornVPN that has never had an exploit
     
  14. NSanity

    NSanity Member

    Joined:
    Mar 11, 2002
    Messages:
    18,441
    Location:
    Brisbane
    Haven't seen shit exploited w/ RDGW and WAF. Maybe you should get people who don't suck to do IT.

    VPN has a place, but its twenty fucking twenty - that place isn't unwashed masses remoting into a terminal server or desktop.

    The solution has existed 6 fucking versions of windows now - just because you work with muppets who think adding 3389 to an external firewall is a good idea, doesn't mean RDP is bad.
     
    bcann and Hive like this.
  15. cvidler

    cvidler Member

    Joined:
    Jun 29, 2001
    Messages:
    15,473
    Location:
    Canberra
    don't be facetious. everything has exploits that's why there's....

    layers
     
    elvis likes this.
  16. DavidRa

    DavidRa Member

    Joined:
    Jun 8, 2002
    Messages:
    3,091
    Location:
    NSW Central Coast
    That'll do, Donkey, that'll do...
     
    ir0nhide and Hive like this.
  17. OP
    OP
    elvis

    elvis Old school old fool

    Joined:
    Jun 27, 2001
    Messages:
    45,385
    Location:
    Brisbane
    As above.

    RDP is vulnerable ~1 day out of 365.
    VPN is vulnerable ~1 day out of 365.

    Likelihood that both are vulnerable on the same day? Exponentially lower than either of the above being exploitable separately (particularly if you're getting scanned on a frequent basis, and folks have noted you've got RDP listening live on the Internets, saved in their little database for that fortuitous day).

    Defence in depth 101. None of that is mutually exclusive to your points above - don't let Karen use "password123" as her password. Also part of the picture. But none of these are the whole picture in and of themselves.
     
    bcann likes this.
  18. PabloEscobar

    PabloEscobar Member

    Joined:
    Jan 28, 2008
    Messages:
    14,638

    It's not facetiousness, it's clarify, that the issue with exposed RDP isn't RDP, its bad IT practices.
    Switching from RDP to <Insert any other remote access solution here> isn't a solution for those.

    People that come in and say 'herp derp, exposed RDP is bad' are more than likely doing so because they (or whoever taught them) remember MS08-067... the 08 Meaning 2008, when it was still relevant.
     
    GumbyNoTalent likes this.
  19. OP
    OP
    elvis

    elvis Old school old fool

    Joined:
    Jun 27, 2001
    Messages:
    45,385
    Location:
    Brisbane
    It's not switching. It's layering. You're not substituting RDP for VPN. You're wrapping one in the other to protect both.

    The challenge of course is if your users are too stupid to understand they need to click the VPN button before they can click the RDP button. But you know my opinion on untrainable users.
     
  20. DavidRa

    DavidRa Member

    Joined:
    Jun 8, 2002
    Messages:
    3,091
    Location:
    NSW Central Coast
    Definitely gravitating to disposing of them, now, rather than education. It's been fifty fucking years with widespread access to computers in business (e.g. Vaxen from the 70's), and about 40 with PCs - so that's more than an entire career. If you can't do basic shit by now you're not trying; go work on a farm pulling carrots or something and leave the adults to productive work.
     
    Aetherone likes this.

Share This Page

Advertisement: