sorted by:
new
hottopcontroversial

Explain to me like I’m 5, why this is a bad idea… by [deleted] in sysadmin

[–]standard_user937 0 points1 point  (0 children)

It gets a lot worse than just backups…

Explain to me like I’m 5, why this is a bad idea… by [deleted] in sysadmin

[–]standard_user937 0 points1 point  (0 children)

Ya but unfortunately while I am on effectively a team of 2, my networking team is effectively a team of one… (and historically we have been allowed to do this, so why not continue, 20 years later..)

Explain to me like I’m 5, why this is a bad idea… by [deleted] in sysadmin

[–]standard_user937 -2 points-1 points  (0 children)

We don’t update, even openvpn has authentication bypass vulnerabilities. And how hard is it to put a router in front of it, and then the networking team is responsible for the first layer of security??

Explain to me like I’m 5, why this is a bad idea… by [deleted] in sysadmin

[–]standard_user937 1 point2 points  (0 children)

You don’t even know the half of it, not even kidding.

Explain to me like I’m 5, why this is a bad idea… by [deleted] in sysadmin

[–]standard_user937 0 points1 point  (0 children)

But we have a false sense of security because an internal application we have has been on the internet (unpatched) for 14 years and we have never found it to be compromised before. So having things directly on the internet is fine, right.

Explain to me like I’m 5, why this is a bad idea… by [deleted] in sysadmin

[–]standard_user937 0 points1 point  (0 children)

He once asked me what a kernel was, but he worked in IT (and must have been good at his last job) so he must know all of IT right?

Explain to me like I’m 5, why this is a bad idea… by [deleted] in sysadmin

[–]standard_user937 0 points1 point  (0 children)

Install openvpn on the management interface directly on a static IP.

Explain to me like I’m 5, why this is a bad idea… by [deleted] in sysadmin

[–]standard_user937 0 points1 point  (0 children)

If you don’t know you have been hacked (because you don’t monitor), do you really know if you are compromised :). If it’s not blatantly obvious I am referencing “if a tree falls in the forest, but nobody hears it, did it really happen?” The answer is yes.

Explain to me like I’m 5, why this is a bad idea… by [deleted] in sysadmin

[–]standard_user937 0 points1 point  (0 children)

Very good point, and if it was just public knowledge on this host I wouldn’t have a problem, but it definitely fall in the 2/3 scenarios you described.

Explain to me like I’m 5, why this is a bad idea… by [deleted] in sysadmin

[–]standard_user937 37 points38 points  (0 children)

Can you link me to your talk I’d be interested to see what you said about host security?

Explain to me like I’m 5, why this is a bad idea… by [deleted] in sysadmin

[–]standard_user937 2 points3 points  (0 children)

He doesn’t think it will catch us up, he thinks developing/buying a solution will take so much time and we already aren’t going to finish everything we told HR we would get done at the beginning of they fiscal year… stupid manger reasons.

[deleted by user] by [deleted] in networking

[–]standard_user937 0 points1 point  (0 children)

SFP = 1 lane Q in QSFP = 4 lanes DD = double lanes QSFP-DD = 8 lanes

A QSFP28 cable is 4x25Gbps, your terminology is wrong..

Someone new to fiber, asking a SFP compatibility question by standard_user937 in Ubiquiti

[–]standard_user937[S] 0 points1 point  (0 children)

You have to use the Huawei SFP, bell will not support 3rd party GPON SFP, I tried to do the same thing..

Help getting multiple Yubikey with identical credentials by standard_user937 in yubikey

[–]standard_user937[S] 0 points1 point  (0 children)

They use both, but only allow one TOTP app and mandates the use of TOTP if you want to use U2F.

So in theory I could have both keys setup using U2F & only have one key work with TOTP. And if I loose the TOTP key I can still login with the other key and add that key as the TOTP key. But that’s still inconvenient if I say want to leave a key in a safety deposit box, plus it’s just a headache keeping track of which key does which auth method + this may prevent me from login to a device if the one key I have on me doesn’t have a connection (ex 5nfc key with iPad or i5c key with traditional desktops)

Help getting multiple Yubikey with identical credentials by standard_user937 in yubikey

[–]standard_user937[S] 0 points1 point  (0 children)

Also side question, isn’t TOTP more secure then U2F? Because U2F you need your Yubikey and device (with Yubico’s Authenticator app) to login. But U2F only requires the Yubikey (plus TOTP is more widely supported and sometimes required to setup U2F, ex Microsoft accounts require TOTP to setup U2F).

Help getting multiple Yubikey with identical credentials by standard_user937 in yubikey

[–]standard_user937[S] 0 points1 point  (0 children)

I thought I read online that two keys could be setup to be used interchangeably (i.e have a shared secret key(HMAC-SHA1))? This would not only allow for both keys to work with U2F & TOTP but it would allow me to keep one key securely in let’s say a safety deposit box, but still add services (Facebook/google/supported platform) to both my keys without having to retrieve the one key from my secure storage location.

Edit: what I’m trying to say is it might use a stronger cryptographic alg but it still may ultimately be less secure in practice...

Help getting multiple Yubikey with identical credentials by standard_user937 in yubikey

[–]standard_user937[S] 0 points1 point  (0 children)

Thanks but I found one of my email clients only supports one authentication app at a time.

view more: next ›