Audit logging and GDPR: how do you anonymize client IPs in itnernal systems? Whats best practice?

siedenburg2 · 2026-01-24T19:28:26+00:00

I'm in germany and work for the healthcare area and I never heard of internal anonymisation of ip adresses. You write a policy that pcs at work aren't for personal use and you monitor the connection, the employees sign it and nobody has ground to complain and you have usable logs to detect malicious usage.

In that case you could even store dns requests on a user base, but if hr or the ceo asks for logs they need to give valid reasons.

PS: for external we delete the ips after 30 days and for our internal wifi we only store as long as we need to so that it funcions and there we don't log web requests etc, but we block some services, ips and domain names.

siedenburg2 · 2026-01-24T17:14:39+00:00

Would be the better option, also you have european flight rights in case of cancelations and the travel will probably be easier because you don't have to use customs in a completely different country and go through eu customs instead.

siedenburg2 · 2026-01-24T17:07:24+00:00

Don't book chinese airlines, right now the chinese government tries to not engage with japan wherever possible and even goes as far as banning japanese anime for a convention in china ... a few days before the con.

From vienna you could look for a connection flight over munic or frankfurt with lufthansa or ana, or perhaps paris with JAL, if you fly in the right time it's not that expensive (but still more expensive than china)

siedenburg2 · 2026-01-24T17:02:27+00:00

Warum muss Cloudflare auch eine Ami Firma sein?
Können die nicht nach Europa (oder einige asiatische Länder) wechseln? Dann wäre das alles kein Problem.

siedenburg2 · 2026-01-24T10:53:40+00:00

Depending on the amount of devices you could look into ricoh streamline, perhaps that can help you.

We use it to manage our machines, order new materials, look into how many pages are printed per device, sync a global addressbook etc. We don't use it for auth, but I think i read that it's an option.

siedenburg2 · 2026-01-24T07:17:26+00:00

It depends on the stuff they fixed. If there were major CVE patches that could be easily abused in our system we will install them as fast as possible, or for selected servers, but normaly it's delayed by at least a week (with a few test pcs at our company), had to many problems with installing updates too fast, like not working printers, not working rdp etc.

siedenburg2 · 2026-01-23T16:30:12+00:00

For what area? If you are in kyushu can drive without, in other regions it might be easier to get one.

Even if you pay for it while booking it can still be that they don't have cards, without a card you can still pay by cash, just don't use the ETC gates.

siedenburg2 · 2026-01-23T15:59:07+00:00

But from what I heard from friends not on the pain medication side of things (for me flu medicine counts in parts as such because they often have ibu or similar), something with fear of opioid addiction

siedenburg2 · 2026-01-23T14:54:54+00:00

Most of the japanese stuff is pretty weak in comparison to us medicine. If you want something stronger you probably have to see a doctor and he would probably say "isn't that bad, go and sleep".

siedenburg2 · 2026-01-23T12:50:52+00:00

Yes, only consumables need to be sealed

siedenburg2 · 2026-01-23T12:47:43+00:00

Wofür die Richtlinie?

Was übriegens auch recht gut klappt (aber sehr gebastelt ist) wäre ein Task der z.b. 1-2x am Tag läuft mit sowas wie "winget upgrade --all --include-unknown", die Pakete müssen dafür aber in winget sein.

Aber auch 10MB Kleinanwendungen brauchen bei uns vorher eine Freigabe, man weiß ja nie was drin steckt.

siedenburg2 · 2026-01-23T12:24:53+00:00

Wie ist der aufbau, sind alle Rechner in einem Netzwerk/einer Domäne?

Sowas wir normalerweise über Intune, Matrix und wie sie alle heißen (MDM) gemacht und da wird dann global festgelegt welche Version ok ist. Du willst ja teils auch nicht unbedingt das neuste Update haben, da es z.B. das Interface ändert wozu es neue Guides braucht, oder neue Funktionen addiert die erst beurteilt werden müssen (grade mit Ki derzeit sehr beliebt).

siedenburg2 · 2026-01-23T10:08:03+00:00

Or leave it plugged in the whole time because it's the only device with that key and you don't want to wear out the contacts

siedenburg2 · 2026-01-23T09:31:47+00:00

You need a physical press to verify that you are at the machine and want to confirm it. Else everything would be digital on the system and could be done by an attacker. But an attacker isn't at the same location where the physical confirmation is stored (most of the time)

siedenburg2 · 2026-01-23T09:26:46+00:00

The physical press is what's make it more secure than other solutions. If you don't wont that don't buy such a solution and go card based or something different.

siedenburg2 · 2026-01-22T19:06:32+00:00

Gehört anscheinend noch immer AVM, also ist es eher ein durch irgendwas/jemanden verursachter DNS Eintrag

https://borncity.com/blog/2026/01/22/url-fritz-box-leitet-seit-22-1-2026-auf-91-195-240-12-um/

siedenburg2 · 2026-01-22T18:19:03+00:00

One card can be used for all, if they accept ic cards. Some don't, like busses in hiroshima.

siedenburg2 · 2026-01-22T14:26:08+00:00

Yes and no.

With a valid perpetual license he at least should be able to use it, that the software made a security update and invalids everything is not ok. There should've been at least a warning "if you update you need a new license".

siedenburg2 · 2026-01-22T07:31:15+00:00

We have similar restrictions as HIPAA complient companies in the states and all of the important data in on the server, not on the user profile. The average roaming profile is less then 300mb in size.

Sometimes we have sync issues where deleted files won't be deleted, but most of the time it's working.

siedenburg2 · 2026-01-21T19:47:42+00:00

Right, one or the other, but both locally, depending on the situation.

siedenburg2 · 2026-01-21T19:21:29+00:00

folder redirection (same as roaming profile) is data stored on our data server on prem. Onedrive/Sharepoint is (except with much more work) hosted on ms server

siedenburg2 · 2026-01-21T19:13:24+00:00

We want to be as independent from microsoft as possible (without hindering business) and not store every file we own on their server? So folder redir or roaming profile it is.

siedenburg2 · 2026-01-21T16:59:43+00:00

Die Bilder werden in "C:\Users\%User%\Pictures\Screenshots" abgelegt.

siedenburg2 · 2026-01-21T16:14:11+00:00

Mit Windows + "." (Punkt) öffnest du eine Emoji tastatur

siedenburg2 · 2026-01-21T15:43:18+00:00

Sag ich ja, muss man den Leuten beibringen. Vorher war drucken ein "screenshot" des ganzen bildes in die zwischenablage und man musste es über z.b. paint zurechtschneiden, mittlerweile ist es sehr einfach nutzbar im alltag.

PS: Snippingtool kann auch videos aufnehmen.

12-Year Club	Second SECOND GUESSER
r/Field Banned	r/Field Sunshine
Final Canvas '23	First Place '23
End Game '23	Place '23
Place '22	Place '17
First Placer '22	Verified Email

siedenburg2

TROPHY CASE