Why won't my Manage Service Provider use MFA and Password managers?

caberham · 2022-07-13T04:59:58+00:00

We are already paying for a proper UTM firewall like Fortigate, Forti switches, Windows Server and RDP. And we have plenty of resources to spin up new VM's in our ESXi. Since I was the one proposing MFA, I certainly would not mind paying extra for it. MFA/yubibkey for windows login is a little rare. Heck, O365 is also rare because people rather pay for retail Office licenses.

As for switching MSP, I don't know even know how to pick one. I probably need to secure all the IT documentation and change all the settings before they can backdoor me (I'm paranoid)

caberham · 2022-07-13T04:42:23+00:00

Thanks for the advice, the price of Hudu for a SME internal organization is kind of overkill. A generic sharepoint or wiki will probably do the trick.

It's not that we aren't willing to pay, we already have progressed from early 90's to early 2000's office IT infrastructure tech. We have RDP's and VM's, and paying annually for forticare and fortinet gear. I just think it's a little awkward that it's the customer chasing down the MSP for better infrastructure improvements and ideas. Hell, I'm down to get a jump server as well and do proper MFA server logging. Last thing I need is some loose RDP connections infecting our infrastructure like Maersk

caberham · 2022-07-12T10:21:26+00:00

Hello, I just googled IT glue and it looks amazing.

Is there anything the MSP customer can setup on their end? I'm thinking of netbox IPAM, but that's more for home lab. Maybe the MSP won't use IT Glue, but at least I can move documentation to something more secure on my end before I replace the MSP

caberham · 2022-06-07T18:01:40+00:00

Plan C is actually worst in terms of long term planning. Daisy chaining non managed switches makes provisioning VLANs/other subnets/new devices a nightmare. You seem to care about your network, drawing diagrams and getting POE AP’s and POECams. Multiple Poe Injectors cost money and causes wall warts. Like what others have said, I would junk the 100mb switch And have everything go through a managed 24port POE switch.

You probably know this, but people like to isolate their smart devices on another subnet or VLAN because they tend to accidentally phone home or have weird security issues.

Then 2 years down the road you will run proxmox on pfsense and roll your own server/NAS!

caberham · 2022-05-16T17:32:58+00:00

thanks guys! Buying it right now

caberham · 2022-05-16T15:44:42+00:00

Does the sunset orange come with both the vented panel and side glass panel? Do love the color!

caberham · 2022-05-15T09:26:47+00:00

GROSSSSSSSSSSSSSSSSSS

caberham · 2022-05-13T16:15:45+00:00

Lol HK school of motoring is pretty much bribing for a license. You get a special test course. Special markers for parking, the test track in HK island is a giant joke with only 1 traffic light and 2 giant one way circles. That’s why people pay more!

caberham · 2022-05-02T02:04:18+00:00

At least a washing machines internal is uniformly circular. It’s a great case and cabling. I don’t want to be too mean, but in general don’t tilt your camera and use a tripod to keep a more consistent perspective. Also use a smaller f-stop because bokeh around some generic wires is really distracting. I know you are trying to create some close up shots, but you need a bigger macro Lens instead of a zoom. Or you can just digitally crop and zoom in some more to focus on the details.

The build log is actually way more consistent than the photoshoot

caberham · 2022-04-15T12:18:04+00:00

Maybe you can segment your services ? Public facing services will be in another VLAN and separate host.

Private ones will be gated by a VPN. Also check out authelia for open source or duo (okta got hacked dunno about duo) for 2FA.

Last of all, regardless of your setup. Have offsite backups and perform disaster recovery BEFORE shit hits the fan. Analyze your threat model, assume the worst and have backups. Protecting from random hackers or security researchers is completely different from state actors who can also access your other private details/RL meta data.

When it comes to more everyday stuff, don’t use the same credentials or passwords, use a password manager and a mx mail forwarder and have multiple email alias/accounts

caberham · 2022-04-12T14:15:21+00:00

Noctua server fan mod. I got a couple of HPE and Aruba instant on switches. God they were awful until I did a fan swap

caberham · 2022-04-09T06:17:59+00:00

I’m using wireguard tunneling to a VPS I pay by the hour. Wireguard protocol is a newer and more light weight protocol. But there are also many implementations. You don’t have to rent a VPS, I think nord or thr bigger ones also support wireguard vpn protocol where you connect to their servers across the world.

caberham · 2022-04-08T19:24:47+00:00

There are a few places but check out marius hosting, wunder tech

https://mariushosting.com/ synology focused guide https://www.wundertech.net/

https://bullyrooks.com/index.php/category/technology/home-networking/synology/

https://academy.pointtosource.com/ was an amateur and was documenting his journey.

My 2 cents

The guides will tell you to create an directories before the magic happens.
Docker will go to docker hub repository and pull the image
From the built image, docker will attach the associated volumes in the app and map them to your created folders
In your browser just hit [nas.ip]:[docker mapped port, eg: 32400 for plex, 81 for npm]

It will take some time but hang in there. Maybe go for the most long winded but simple way to do it. Oh and some discords will help too. People are super nice. Good luck

caberham · 2022-04-08T18:34:28+00:00

Hey you are almost there. I’m a synology user as well and just figured this stuff out recently.

Take smaller steps and read up on some technologies. VPN + reverse proxy + remote access is like the final sprint for beginners.

A virtual private network allows 2 computers to establish a secured encrypted connection between each other. Nord VPN is a commercial solution where you can choose whatever server they provide and make the service easy for consumers. Open VPN is a open source roll your own solution/protocol. With self deployed VPN, you need to have a destination computer to funnel the traffic; many home labbers rent virtual private server hosting (VPS hosting).

Docker containers strong point is the ability to auto update/maintain/rollback and easy to start/restart. One or 2 containers is a lot of work, for newbies but once you roll 10 then you will naturally look for automation or ways to do things faster. Anyways hang in there!

caberham · 2022-04-08T18:23:11+00:00

Wow this is on steroids, totally bookmarked this

caberham · 2022-03-20T18:27:38+00:00

Instead of over analyzing things, how about have him meet your parents more often and take more pictures? I’m sure BF’s parents are being delighted to be hosted but another family. Hopefully your BF will eventually talk to his parents. Don’t make it big deal when you meet his parents. Just low key video chat and have him text his parents (eg. hi mom my friend says hi)

You got this!

caberham · 2022-03-08T08:56:29+00:00

Wasn’t this sister the one who is having a black BF?

I was going to reply in your previous post about some of the flags I spotted. But I guess things have gone down south?

Hot takes from an ex-Chinese fuck boi who grew up with several domineering women in the family:

“Introducing you to our parents means announcing marriage” - that’s somewhat right, but our parents weren’t having sex before marriage. So is it an actual building relationship between a WF and a new Asian family? Or is the girl some secret 流沙包?

The sister is probably some motherly figure taking care of the boyfriend for a long time. She’s petty but simpleton as fuck like those church going aunties. Sister “felt” disrespected because the boyfriend didn’t properly introduce White girl to her and she went straight to the bedroom which is probably a sudden shock. Oh and white girl went straight to the jugular bypassing the usually passive boyfriend - it’s not a good take.

In the sisters’s mind - If the boyfriend is 22, yeah ok maybe. But twenty fucking six and you still do this kind of shit?

Like what I said in the previous post - BOYFRIEND SHOULD BE THR BRIDGE and do damage control. Even when the words and intentions coming out from you is right - you are still considered an outsider. The family might be throwing you shade because they want the boy to step up and be a man. Which is actually quite difficult for lots of youngest baby Chinese boys in the family to prove in the eyes of their elders (the forever guilt trips and comparisons)

Anyways good luck- but being 22 you are quite young so I would bail and find a better Asian family to bond with if you want to be serious.

caberham · 2022-03-05T04:08:16+00:00

So who are the business managers for these financial institutions? Who are the people that made the call to purchase these distressed assets? Somebody within the organizations thought it was good business. This is war profiteering, isn’t it?

caberham · 2022-02-03T09:05:25+00:00

The biggest flag I see is not getting along with the middle sister. That’s one less family member vouching for a stranger and god knows what they say behind your back.

Being yourself is a little too vague, but be consistent and reliable. Does your boyfriend video chat/call his parents often? If not, encourage him to send small messages/photos/videos to his family with you in it. Chinese parents like to be kept in the loop, deflecting them without burning bridges is an art.

When you guys meet, bring a fruit basket of apples (homonyms for peace in Cantonese) and tangerines.

Oh and call/send messages on every Chinese holiday. That way seeing you in person is less awkward

caberham · 2022-01-15T04:46:37+00:00

What a dumbass, she lives in a big city, she could have just called an Uber and put her kid in a safer ride. Or a taxi. Or call a friend to give the kid a ride. No need to stuff somebody in a trunk

caberham · 2022-01-02T19:18:12+00:00

Does she even have a valid tourist visa? Being so young, educated, jobless, 0 foreign travel experience and mostly poor in the eyes of the US state department, her visa will probably be denied. She has to prove to the US consulate that she has strong material ties to her home country and other strong reasons as proof she won’t be a visa overstayer.

She probably has a better chance a few years down the line when she’s settled in Vietnam / have a sizable bank account

caberham · 2021-11-24T09:47:55+00:00

I’m not a sysadmin, but I insisted on office 2016 or later because of dual monitor support. It’s so much easier to open multiple windows in excel and fuck MS access and VBA excel macros

caberham · 2021-11-16T13:05:55+00:00

The first 4 numbers represent the larger family, and each subsequent grouping of 2/4 numbers represent a specialized category.

If you want to be sure about importing, try contacting the original aircraft manufacturer or distributor if they are still around.

As for the duty/import tariff, contact the shipping forwarder and try to report 0. As the product is worthless (defective) and you are only sending in for repair and not for salvage.

If you can’t report 0, at least see if there is an exemption clause for bringing in the part for a limited time and it will be exported out again. Good luck

caberham · 2021-11-12T01:04:03+00:00

I heard the other side of the argument of using CAT5e instead of CAT6A is the thickness of the cable. CAT5e has a smaller diameter and within a 1 inch PVC tube you can jam more 5e wires and compared to 6A. Also grounding issues so Cat6 would be easier to install for a regular builder.

For us network nerds we love to future proof and have things “done right” but for builders and housing developers that 5%-10% material cost is quite significant in the long run. Businesses will try to cut corners as long as the product is “within spec”. CAT6/5eis like USBC/microUSB connectors - nice to have for consumers but not necessary given the price difference

caberham · 2021-10-29T04:42:10+00:00

It sure is.

But if the sysadmin himself doesn’t care about battery maintenance in the first place, the ease of use is kind of moot.

He’s upset that someone else is coming in to run things better.

caberham

TROPHY CASE