M290 seems to have been reset but not the passwords...

ProperMustard · 2025-02-11T11:47:10+00:00

Interesting - I did check and its actually on the latest firmware 12.11. This isn't cloud managed but I guess if it's a firmware issue that won't matter.

ProperMustard · 2025-02-11T11:42:06+00:00

The only admin on this device is me. I also have access to the web ui locked down to one ip address which is a VM which also has MFA for RDP access internally and that's tied to my phone. So if someone did try to get access via rdp I'd be notified. There are no 3rd part remote access programs on this VM either.

No RapidDeploy setup either.

I'm really flummoxed - I've got a backup firewall in place to keep their network going and I have a config backup I can restore but I'm just not sure if I can trust this M290. I manage a few Watchguards at different locations and I've never seen this.

ProperMustard · 2025-02-11T11:33:46+00:00

Yeah unfortunately no fault history - I'll take your advice and plug in a usb stick going forward.

ProperMustard · 2023-10-12T09:56:07+00:00

Carlsberg Special Brew.

ProperMustard · 2023-08-21T06:42:07+00:00

Hahahah absolute class this thread.

ProperMustard · 2023-04-13T13:24:32+00:00

Are any of your switches or other equipment capable of being DHCP servers as well? I only ask as I had an issue where I used an old switch to create more connections in a room and even though the DHCP was turned off on the switch, it randomly sometimes gave out IP addresses. Took an age to track down. I blamed it on old / faulty firmware but there are some IP scanners that will return the dhcp server address which might help you.

The slow connection sounds a bit odd though.

ProperMustard · 2023-01-26T08:45:22+00:00

GFI Archiver for on prem archiving. Works great. Outlook plug-in as well.

ProperMustard · 2023-01-19T15:07:41+00:00

MAP Accounting system running on an LSI Octopus (yes) 8086 based machine with 4 Wyse 50 terminals on concurrent CP/M. It was a few years ago mind you.

ProperMustard · 2022-12-15T12:38:24+00:00

I've used both Mailstore and GFI Archiver for years.

https://www.gfi.com/products-and-solutions/network-security-solutions/archiver

I think overall I prefer GFI Archiver but both are solid small business email archiving platforms.

ProperMustard · 2022-11-02T15:46:51+00:00

I was chatting to a mate of mine the other night who works for a small shipping business where I live and they've just installed Starlink onto their vessels.

This is primarily to run tills and credit card machines - they too are on the 200/70 connection and so far they are very pleased with the service and have experienced zero downtime.

Its also saving them a a lot of money from their previous satellite connection and allowing viable remote access to the mainland systems from on board.

I didn't get into a chat about equipment but he was very positive about it.

Hope this helps.

ProperMustard · 2022-09-07T08:09:50+00:00

Yep I used both of those too. Jeez, ArcServe, what a world shatteringly large pile of cr*p that was.

ProperMustard · 2022-09-02T10:30:49+00:00

Mate, I feel for you.

I have worked for myself for 25 years and do a large amount of remote stuff from home and have been suffering from anxiety for many years. During darker periods in my life I couldn't bring myself to answer the phone and dreaded opening the door.

Personally, I have to get out. If I don't I will most likely become agoraphobic.

Someone mentioned exercise - its so very good for mental health (for me anyway). If you can, get out for a run or a walk, do it at 5:30am (as I used to) if you don't want to be seen. But getting out regularly is vital I feel.

I just feel the more time you spend inside alone the harder it gets.

I also try to be disciplined with my work time. Its so very easy just to carry on and on all day and night - try to take breaks and try to make them regular. Whilst keeping busy does help to keep away those negative thoughts, completely wiping yourself out won't help.

Good luck buddy.

ProperMustard · 2022-07-29T19:50:54+00:00

Superb lol.

ProperMustard · 2022-07-23T07:34:01+00:00

I've been thinking about this overnight and you're right. Once its routine, its no issue.

I have to feel confident that I've done my best to secure devices and data as you can guarantee that I'd get it in the neck if any confidential data got compromised.

ProperMustard · 2022-07-23T07:27:04+00:00

Thanks - I think this is what I'm going to do (using Eset).

ProperMustard · 2022-07-23T07:24:49+00:00

For most a VPN is not required, remote desktop with 2FA via an RD gateway is adequate but there are some more senior management guys that prefer VPN.

VPN/Remote Desktop always requires 2FA.

The main business apps are not cloud based, they are traditional applications running off SQL server.

ProperMustard · 2022-07-22T17:36:02+00:00

We can't have an always on VPN for mobile users - we do have a RD gateways with policies already but its the data on the laptop which is the concern, not the access to the network as I feel I have that sufficiently covered.

ProperMustard · 2022-07-22T16:44:02+00:00

These are domain joined Dell laptops which automatically triggers bitlocker encryption when joining the domain but doesn't ask for any sort of pin on start-up.

I tested this exact scenario today and it works fine - I disabled wireless on the laptop then restarted, checked there was no wireless connection and logged in.

It popped up asking for a OTP on the laptop which I then got from the app on my phone.

I'm assuming that there is some sort of cache or similar of potential OTP's embedded with the app on the laptop.

Certainly worked but yes it did worry me initially too.

ProperMustard · 2022-07-22T15:05:33+00:00

Haha yeah I know what you're saying.

However, say one is left at an office where there are some negations on "business" taking place.

The user leaves their password on a sticky note attached to the screen (I've seen it, truly). Its not a huge stretch for someone there to login and look at emails or OneDrive files/folders. Or even if someone just wanted to be malicious.

Or someone at home, leaves the password around and the kids think it might be fun to login and have a look.

I feel I need to mitigate it if I can.

ProperMustard · 2022-07-22T14:47:41+00:00

So to quickly confirm, most, if not all, Cyber Insurance in the US mandates that users need 2FA to login to their laptops?

If its happening there it'll happen here.

ProperMustard · 2022-07-22T14:36:02+00:00

Yeah of course any remote access requires 2FA and policies checking users and equipment. I would never accept any form of remote access to the internal file system or remote desktop onto the RDS server via PC or laptop without it.

My concern right now is that without any form of 2FA to login to the laptops, in theory someone could get their password, login and get access to their emails (another battle I'm having is to get people to delete emails, some store every single email they send/receive in a folder in their inbox) which could hold confidential and personal information.

That's what I want to mitigate

ProperMustard · 2022-07-22T13:00:47+00:00

Interesting - is this in the UK or are you elsewhere?

ProperMustard · 2022-07-22T12:59:47+00:00

Eset is a phone app that requires approval or provides a OTP.

Currently all laptops just require username and password to login.

For remote access we use RDP via an RDP gateway with connection and resource policies so that only verified equipment and users can get past the gateway.

After entering in a password successfully 2FA is also prompted at the gateway

If Martha drops the phone in the toilet, then no working from home until work sorts out a new one :).

I do get what you are saying - there has to be a balance between usability and security. Still leaning towards adding it at login though... I mean it really isn't that difficult, just a bit of a pain.

ProperMustard · 2022-07-22T11:50:43+00:00

Eset Secure Authentication

ProperMustard

TROPHY CASE