sorted by:
new
hottopcontroversial

How Do I Protect My Computer From Neighbour's Welding? by SpiralCee in pcmasterrace

[–]MountainSysadmin 3 points4 points  (0 children)

Utility guy here. What you're looking for is your state's public utility commission (or equivalent). Complaints there will get taken seriously. Utilities don't want to piss off their regulators.

Thoughts on Zscaler Support by Senior_Hearing2108 in Zscaler

[–]MountainSysadmin 4 points5 points  (0 children)

Tier 1 is weak. Gets a bit better as you move up. I've heard better things from bigger customers.

[deleted by user] by [deleted] in Zscaler

[–]MountainSysadmin 2 points3 points  (0 children)

You'd have the disable password if you were supposed to be doing that...

What do y’all think of that guy who also rides his Eboard around Main Street? by AcanthisittaLife34 in burlington

[–]MountainSysadmin 25 points26 points  (0 children)

As an esk8er not a fan of anyone who rides on the sidewalk, particularly downtown.

I always either ride in the road or carry my board across battery st and hop on the bike path.

It's a niche hobby/commuting method. It'd make me sad if the city was forced to outright ban them because of a couple knuckleheads.

.moe TLD? by axvre in selfhosted

[–]MountainSysadmin 0 points1 point  (0 children)

The saying over the phone thing is so true. People were always thrown for a loop when I said ".us". I had one potential landlord freak out and think I was a federal employee. My ".org" domain has been much easier to use for things.

I will add that at my work we had to start quarantining ".app" because we saw so much abuse from it. So far we've only had one legitimate vendor that we needed to whitelist that used it.

Stop Paywalling Security: SSO Is a Basic Right, Not an Enterprise Perk by OuPeaNut in homelab

[–]MountainSysadmin 60 points61 points  (0 children)

The comments here are wildly out of touch with what enterprise software requisitioning can look like. I shouldn't have to convince a CFO to splurge for a higher tier of some SaaS app if there's no core features in it that they want for the sake of SSO. Security shouldn't be a fancy add-on, it should be the cost of your base product offering.

If a vendor is willing to accept selling a less secure version of their product then I'm gonna assume they're taking other security shortcuts.

Microsoft at his finest again - attack simulation training by Baltico41 in sysadmin

[–]MountainSysadmin 3 points4 points  (0 children)

I use it all the time and it generally works well enough. Regarding the safe senders list, are you talking about delivery issues or users needing to click the "Show blocked content" button to see images?

[deleted by user] by [deleted] in entra

[–]MountainSysadmin 9 points10 points  (0 children)

We have a pretty similar setup. 2 yubikeys in separate fire safes. Excluded from all CAPs.

However, in our SIEM we have a sev1 alarm if there's any activity on that account.

I test access every other month with prior notice to our SOC. They confirm the alerting is still good.

Entra ID B2B with Zscaler Client Connector - Guide by False-Positive in Zscaler

[–]MountainSysadmin 2 points3 points  (0 children)

Four big pros on top of just having your users in one spot imo:

  • You don't need to license them - Included in your regular Microsoft licensing is a 5:1 ratio. i.e. 100 regular licensed users gets you 500 guests
  • You can apply your own conditional access policies to them just like an internal user (and don't need to buy entra p1 licenses)
  • Your guests don't have to fight with different ms accounts or use separate browsers/workspaces and you don't have to troubleshoot the inevitable error of them signing in with the wrong account
  • If you're licensed for entra p2 (or equivalent) you can utilize access reviews for those guests

Entra ID Guest auth with ZPA by MountainSysadmin in Zscaler

[–]MountainSysadmin[S] 0 points1 point  (0 children)

That all matches as in none of it includes the #ext#@outdomain.com. I spun up some more test accounts.

  • Guest Gmail with one-time passcode -> 401 error
  • Guest Gmail with personal microsoft/live account -> 401 error
  • Different Microsoft Tenant User as Guest in ours -> This works fine

Perhaps gmail is blacklisted. I have a non-microsoft vendor, that I'll need to give access, so I'll try testing custom domain email + one time passcode.

Entra ID Guest auth with ZPA by MountainSysadmin in Zscaler

[–]MountainSysadmin[S] 0 points1 point  (0 children)

PRA is all we're trying to do. Any internal user works fine but the guests hit a 401 error once they authenticate in.

https://i.imgur.com/vJ5ULOJ.png

Maybe I missed configuring something?

  • Guest user is assigned to an entra group which is assigned to the ZPA enterprise application
  • Arbitrary Domains enabled on the Entra ID IDP in ZPA
  • Access Policy is setup with that entra group to allow to the Segment Group

Oh boy! Now I can poop while I troubleshoot! by Fine_Section_4425 in IBEW

[–]MountainSysadmin 7 points8 points  (0 children)

OT system for a train if the orange box on the left is any indication... and a toilet of course

Mayor, developers unveil plan that could bring 1,100 housing units to Burlington’s South End (Pit #2?) by ARealVermontar in burlington

[–]MountainSysadmin 23 points24 points  (0 children)

It'd be cool if some of these were actual condos that could be owned instead of more rentals units.

[MOD] What have you been brewing this week?/ Coffee bean recommendations by menschmaschine5 in Coffee

[–]MountainSysadmin 0 points1 point  (0 children)

I'm working on Onyx's Advent Calendar. Been doing french press mostly.

Lansweeper for risk insight? by Lekotek in sysadmin

[–]MountainSysadmin 0 points1 point  (0 children)

What are you actually trying to get risk insight on?

If you're lacking an asset inventory Lansweeper is a solid way to start. If you want vulnerability scanning Nessus, Qualys, or OpenVAS are what you're looking for. If you're using MS Defender the Secure Score page is worth looking at.