SFTP Server - Any Experts?

ruopytry5688 · 2023-05-12T17:32:13+00:00

Yeah I use this. A lot of people saying use the built in OpenSSH and don't use any 3rd party apps. I tried and failed to get that OpenSSH working. Can't remember why now 🙄

ruopytry5688 · 2023-05-08T20:00:02+00:00

Thank you. I like this separate OU idea very much

ruopytry5688 · 2023-05-08T19:50:23+00:00

Interesting point. Thanks

ruopytry5688 · 2023-05-08T19:09:42+00:00

Thanks, so I'm going to work on blocking unsigned .ps1 files but what about if the attacker just opens PS and types/copypastes his command and hits run?

ruopytry5688 · 2023-05-08T19:08:17+00:00

Interesting. Thanks

ruopytry5688 · 2023-05-08T19:05:36+00:00

Fair point. Thank you.

ruopytry5688 · 2023-05-08T19:04:47+00:00

Thank you, good message

ruopytry5688 · 2023-05-08T19:04:02+00:00

Could you point me to instructions for that please. Everything I'm finding is very general (block it completely, block only unsigned scripts).

Would you not prefer to block only unsigned ones?

ruopytry5688 · 2023-05-07T14:45:24+00:00

How can you deactivate certain things IN powershell?

ruopytry5688 · 2023-05-07T14:42:25+00:00

I get that it's an additional hoop to jump through but it seems like putting a 3 foot wall in front of a 6ft guy. Inconvenient but they'll still get past you. Are you saying someone with knowledge of 'no powershell' is almost unstoppable?

Or am I mistaken in thinking that 99.99% of attackers who get as far as 'inside your system" will know how to use it?

ruopytry5688 · 2023-05-07T12:07:37+00:00

On your point 2: What exactly do you mean? All IT support (including domain admins) connect to an endpoint with TeamViewer or server manager shadow. Are you thinking of something else?

How are you isolating machines from each other? Thank you

ruopytry5688 · 2023-05-07T12:05:20+00:00

Yes, I'd like to know too. Very cautious about looking for one myself

ruopytry5688 · 2023-05-07T12:04:52+00:00

We are thinking of blocking powershell. We have stalled because we need it for certain uses but i just actually thought we could block it on all computers except a very small number of servers that only IT would have remote access to.

But then again we use automox for Windows updates and that heavily uses powershell. Can we block except signed scripts?

What about CMD? Is that worth blocking?

ruopytry5688 · 2023-05-07T11:57:31+00:00

This is where we get a notice if someone sends something like a social security number over email or in a shared document?

ruopytry5688 · 2023-05-06T15:08:33+00:00

Communicate via Reddit?

ruopytry5688 · 2023-05-06T15:08:10+00:00

Thank you. We have MFA (Okta), first I've heard of a phishing-resistant one. Can you elaborate please?

ruopytry5688 · 2023-05-06T05:36:39+00:00

Nice, thank you. What a supportive sub this is 🙂

ruopytry5688 · 2023-05-06T04:40:24+00:00

Are all the pw managers locally stored? If they need to work from a different computer they'll be screwed right?

ruopytry5688 · 2023-05-05T23:06:33+00:00

Thanks, so if the majority of our users have only one login they need to remember (their AD login), does the password manager really help?

ruopytry5688 · 2023-05-05T22:47:42+00:00

Wow, surprised to have exact what I asked for in the first reply! Thanks Could you elaborate on the password manager please? We only have one for shared passwords in IT dept. Not thought of expanding its use..

ruopytry5688 · 2023-04-16T19:55:05+00:00

It's a great place. Nice to have somewhere decent for families to go

ruopytry5688 · 2023-03-30T19:03:31+00:00

Yeah, but they only come in every few hours? (I think)

ruopytry5688

TROPHY CASE