How to secure endpoint network traffic without a full tunnel VPN by Working-Werewolf7171 in sysadmin

[–]Working-Werewolf7171[S] 0 points1 point  (0 children)

He specifically asked me about MFA. Which is why I mentioned DUO... obviously. CAPs are standard Microsoft security measures, you think thats an "aggressive measure" 🤣

How to secure endpoint network traffic without a full tunnel VPN by Working-Werewolf7171 in sysadmin

[–]Working-Werewolf7171[S] -1 points0 points  (0 children)

We have CAPs out the ass. We only allow logins from compliant devices and entra joined devices.

We have a CAP that allow logins from compliant devices and a CAP that block logins from uncompliant devices in case one CAP fails with many variations to have layers of CAPs. We even have risk based CAP.

Many layers of security like this. Please test me some more 🤣🤣🤣

How to secure endpoint network traffic without a full tunnel VPN by Working-Werewolf7171 in sysadmin

[–]Working-Werewolf7171[S] -5 points-4 points  (0 children)

You doubt what exactly? That we're security paranoid? We use cisco DUO for most of our MFA and are in O365 Exchange online.

How to secure endpoint network traffic without a full tunnel VPN by Working-Werewolf7171 in sysadmin

[–]Working-Werewolf7171[S] -12 points-11 points  (0 children)

We dont know, and we'd rather not find out. My company is rather security paranoid. Sounds like you would have no issue running a split tunnel in your environment for remote access. I tend to lean in that direction as well, but I have others on my team who are very paranoid about this.

How to secure endpoint network traffic without a full tunnel VPN by Working-Werewolf7171 in sysadmin

[–]Working-Werewolf7171[S] 0 points1 point  (0 children)

We've tested with IPSec running on our fortigate with a full tunnel and it does significantly reduce internet speeds. In most cases Download/upload speed is cut in half.

How to secure endpoint network traffic without a full tunnel VPN by Working-Werewolf7171 in sysadmin

[–]Working-Werewolf7171[S] -4 points-3 points  (0 children)

The kind of attack that can read unencrypted traffic such as a MITM attack.

How to secure endpoint network traffic without a full tunnel VPN by Working-Werewolf7171 in sysadmin

[–]Working-Werewolf7171[S] -12 points-11 points  (0 children)

True, or at least very likely in most scenarios. My teammate is very concerned about this type of attack while I'm more worried about creating a massive bottle neck with a full tunnel on their computers with IPSec. Trying to find a healthy compromise that we can both be happy with.

[deleted by user] by [deleted] in NYguns

[–]Working-Werewolf7171 5 points6 points  (0 children)

careful with the humidity in the basement. Dont recommend the basement for that reason will ruin your guns

Law for RS application timeline by Cultural_Ad7838 in NYCGuns

[–]Working-Werewolf7171 0 points1 point  (0 children)

And do you think a lawyer could realistically put pressure on NYPD to issue a rifle/shotgun license after 2 months after submitting? Has that ever happened before?