@dashrender said in New customer - greenfield setup:

@pmoncho said in New customer - greenfield setup:

@dashrender said in New customer - greenfield setup:

User education is next thing - and we do provide user education at hiring and then once a year. I really wonder - for the average worker - how effective is it? I think the answer to this comes down to your employees themselves. Again, someone also already mentioned that as well.

In my company, KnowBe4 has been really good. Users get yearly and quarterly videos and are encouraged to ask questions. Plus I setup a random monthly phishing scam test in addition to my very targeted bi-annual spear phishing tests I setup.

I really like it when users ask for help to decipher whether an email is phishing or not. We go over the potential red flags and if it is a Phishing test, I will let the user decide whether to click the link or not. 99% of the time they pass. If they click it, we have a small chat right then and there about what just happened.

Management only gets serious about it when they hear something in the news or through the client grapevine. Then its all hands on deck until.....

IMHO, it has been pretty effective when they see demonstrations of what is possible as compared to letting them read a PowerPoint, answer a couple questions and move on. Kind of like the great Medical - Fraud, Waste and Abuse presentation. All I hear is, "Ugh, anyone have the answers?" or similar statements.

Yeah, I've been asking for a solution like this for years. I even did one of their free tests, and the amount of people (and the specific people) who failed it was staggering (OK not really - come on, we know users). But the board just said - come on, can't you just train them? which I replied - no, I can't. it's not my skillset and the other features included in these packages would take ages for someone like me to develop, etc - they still said no.

Now fast forward to now - new CEO, new board members - those two groups have decided to buy into training solution because of other reasons.. and this solution does include some computer smarts type training.

We have KB4 Gold package that is good enough for us. No need to go above that for the medical field IMHO.

@scottalanmiller said in Whack a mole: Dealing with Spam/Phishing:

@dashrender said in Whack a mole: Dealing with Spam/Phishing:

@scottalanmiller said in Whack a mole: Dealing with Spam/Phishing:

@dashrender said in Whack a mole: Dealing with Spam/Phishing:

@scottalanmiller said in Whack a mole: Dealing with Spam/Phishing:

@dashrender said in Whack a mole: Dealing with Spam/Phishing:

@pete-s said in Whack a mole: Dealing with Spam/Phishing:

@gjacobse said in Whack a mole: Dealing with Spam/Phishing:

@pete-s said in Whack a mole: Dealing with Spam/Phishing:

@gjacobse said in Whack a mole: Dealing with Spam/Phishing:

@scottalanmiller said in Whack a mole: Dealing with Spam/Phishing:

The problem is the process... why would someone be reporting spam and why is someone blocking it? That doesn't make sense. Get a good spam filter, configure, train people how to delete, done

"But this is the way we (they) have always done it... "

You mean they are "reporting" as in actually reporting it to someone? And not by marking it as spam in the email client?

Yeah, that doesn't make any sense. Far too time consuming.

Outlook Toolbar.. Reporting
d4517c20-ac54-44fd-a195-1b6ef87caf87-image.png

OK, but that just ends up sending an alert email to the designated phishing mail contact, which is IT right?

It would have made more sense if those emails had been forwarded to Trend Micro automatically and their adaptive algorithm would have learned how to detect them.

Right now Trend Micro doesn't have a clue what emails their user are classifying as spam or phishing attempts. Because that happens way after the email has passed through their gateway.

That's interesting.

With Appriver - we forward emails to [email protected] and appriver deals with it. Other than constantly reminding people that's where the report needs to go - I don't really deal with it.

Thought as Scott mentioned - so much spam is a once and done situation - so reporting it is often pointless.

That's not a bad process. But still a bit more than just "mark as spam" which is really simple.

oh, that most definitely is. and it's an option we have in O365.... but we now have two layers of spam filtering - appriver and MS...

So people have to report to O365 AND AppRIver? Do they really catch enough different to justify filtering twice?

no, they don't - and likely they aren't. I've shown nearly no one how to report to MS - so that's the one that's skipped. Everyone has been told about forwarding email to spam@appriver - and yes, it's more work than just right click - mark as spam, but not so much so that people don't do it.

Why report to that one when O365 is the important one and the one that's like 10x more likely to be permanent instead of being clearly in the "should be removed" category? Less work, better results, less long term risk.

Time, the old process is already in place. It's just a matter of informing people at this point - it just hasn't happened yet.

@travisdh1 said in sending custom CDR from FreePBX:

@dashrender said in sending custom CDR from FreePBX:

@travisdh1 said in sending custom CDR from FreePBX:

@dashrender said in sending custom CDR from FreePBX:

@pete-s said in sending custom CDR from FreePBX:

@travisdh1 said in sending custom CDR from FreePBX:

@pete-s said in sending custom CDR from FreePBX:

@jaredbusch said in sending custom CDR from FreePBX:

@pete-s said in sending custom CDR from FreePBX:

Long time since I saw that one 🙂
It had a name but I have forgotten it. What was it called?

7486da1c-22aa-415c-8db4-3a991a471da4-image.png

I was serious this time.

I looked it up - it was called Clippy (or officially Clippit).
https://en.wikipedia.org/wiki/Office_Assistant

You're too young to remember the horror of Clippy?

Get off my lawn! Consider yourself lucky!

I am lucky! Not because I'm too young but because I'm too old - too old to remember every irritating thing Microsoft managed to come up with...

Clippy - how could you possibly forget about Clippy? Now - if you said you forgot about MS Bob - that I could understand.

You just had to bring up MS Bob, didn't you! I spent an evening while working as an intern for my high-school installing that **** ******* piece of **** software in an entire classroom. Nobody could figure out how to use it, even with the teacher's manual to refence.

What's even funnier - I have no clue what MS Bob is - other than quite possibly the worse piece of software MS ever put out. and I only know that by reputation.

Youtube Video

thanks, I'll kill 10 mins another time.

SAM-SD anyone?

@pete-s said in Looking for simplest/secure setup for connecting a domain joined computer to corporate network when remote:

@dave247 said in Looking for simplest/secure setup for connecting a domain joined computer to corporate network when remote:

@voip_n00b said in Looking for simplest/secure setup for connecting a domain joined computer to corporate network when remote:

@dave247 I use certificates to only allow company owned and managed devices to connect.

Interesting, can you elaborate more on how you achieve that?

It's common to have certificates with VPN.

A OpenVPN client for example without any MFA is usually setup so that it needs a client certificate and a username and a password as well as the connection info. The same goes for Cisco AnyConnect and others.

The VPN connection uses mutual authentication so the client authenticate that the server is who he is suppose to be and the server authenticate the client is who he says he is.

If you install the certificate on your company devices you can't connect to the VPN just by downloading and installing the client on another computer and enter the credentials. Because you don't have the certificate.

So that's how you can control what device is allowed to connect. For more security the certificates can also be stored on smart cards, hardware devices or even the TPM module inside the computer.

You should have something similar on NetExtender. Look for client certificate or client authentication.

Another thing with certificates is that you can prevent VPN access by revoking the client's certificate. And also certificates expire so you can give someone a short term access if you like.

Nice, I will check it out. I have opened a few tickets and asked around other places regarding NetExtender and nobody has said anything about this, so I don't know if its possible with the Sonicwall NSA / NetExtender setup, but I will find out.

@gjacobse said in Launching Windows settings, screen shot etc from URI:

Interesting - I created a batch file that launches all of my daily applications in the office. It'll be interesting to see what I can move to this method...

You can look at what URI are registered to what applications by searching for protocol and you'll find "Choose default application by protocol".

That's how Windows knows what program to launch when it finds something like mailto:

You can also add your own URI to launch whatever app you want. That's done in the registry.

BTW, ubuntu and others have the same capability to handle URIs.

@pete-s said in What do you think about .app domain names?:

@scottalanmiller said in What do you think about .app domain names?:

If it is under the hood, why bother. If it isn't under the hood, I think customers get confused.

So you mean if it's customer facing it's better to stick to .com and there will be no confusion?

That is the only aspect that matters tbh, what people / customers think of it. All other aspects have zero impact.

If you upgrade to FreePBX 16, the script handler needs updated to reflect PHP7.

The git repository is updated, but if you have an existing install, this will fix it for you

sudo sed -i "s/php5/php7/" /etc/httpd/conf.d/yealink.conf sudo systemctl restart httpd

If you upgrade to FreePBX 16, the script handler needs updated to reflect PHP7.

The git repository is updated, but if you have an existing install, this will fix it for you

sudo sed -i "s/php5/php7/" /etc/httpd/conf.d/yealink.conf sudo systemctl restart httpd

Scale Down

###################################### ## Save Deployment State (excludes kube,mongo,k8 pods) ###################################### kubectl get deploy -A --no-headers | grep -v -E 'kube|mongo|k8s-api-proxy' > deploy_state_before_scale.txt ###################################### ## Copy Deployment State to GCS Bucket ###################################### gsutil cp deploy_state_before_scale.txt gs://app1 ####################################### ## Scale Deployments to zero ####################################### kubectl get deploy -A --no-headers | grep -v -E 'kube|mongo|k8s-api-proxy' | awk '{print \$1,\$2}' | while read NS DEPLOY; do kubectl scale --replicas=0 deployment/\$DEPLOY -n \$NS; done ####################################### ## Scale Daemons to zero ####################################### kubectl -n <namespace> patch daemonset <name-of-daemon-set> -p '{"spec": {"template": {"spec": {"nodeSelector": {"non-existing": "true"}}}}}' ####################################### ## Turn off Autoscaler on GKE nodepools ####################################### gcloud container clusters update <app1-cluster> --no-enable-autoscaling --region <region> --node-pool <app1nodepool1> gcloud container clusters update <app1-cluster> --no-enable-autoscaling --region <region> --node-pool <app1nodepool2> ####################################### ## Resize Node Pools to zero ####################################### gcloud container clusters update <app1-cluster> --num-nodes 0 --region <region> --node-pool <app1nodepool1> gcloud container clusters update <app1-cluster> --num-nodes 0 --region <region> --node-pool <app1nodepool2>

Scale Up

####################################### ## Resize Node size to 1 for each node pool ####################################### gcloud container clusters update <app1-cluster> --num-nodes 1 --region <region> --node-pool <app1nodepool1> gcloud container clusters update <app1-cluster> --num-nodes 1 --region <region> --node-pool <app1nodepool2> ####################################### ## Turn Autoscaling Back on ####################################### gcloud container clusters update <app1-cluster> --enable-autoscaling --region <region> --node-pool <app1nodepool1> gcloud container clusters update <app1-cluster> --enable-autoscaling --region <region> --node-pool <app1nodepool2> ##################################################### ## Copy Saved Deployment State from GCS bucket ##################################################### gsutil cp gs://<app1>/deploy_state_before_scale.txt . ##################################################### ## Scale deployments using the previously saved state file ##################################################### awk '{print \$1,\$2,\$4}' deploy_state_before_scale.txt | while read NS DEPLOY SCALE; do kubectl scale --replicas=\$SCALE deployment/\$DEPLOY -n \$NS; done ##################################################### ## Scale Daemons back up ##################################################### kubectl -n <namespace> patch daemonset <name-of-daemon-set> --type json -p='[{"op": "remove", "path": "/spec/template/spec/nodeSelector/non-existing"}]'

@jaredbusch said in Restoring a Windows MS SQL Server Database to Linux With Move SQLCMD:

@scottalanmiller I have not had to do that before with a normal backup to a .bak and then restore. Not some an place move like it seems you are doing.

Happens if going to a space with a different storage layout. If you are coming from Linux you are probably fine. But Windows injects the drive letter into the path (obviously) and so going from one machine to another that doesn't keep identical storage path names causes the issue.

Was wondering if anything like NGINX or HAProxy have a suitable solution we could use. Maybe we could point the public DNS entry to HAProxy hosted somewhere in a datacenter and if the traffic is 80/443 protect with WAF, and if any other suitable port allow through.

The paid HAProxy seems to have a WAF. Not sure on the cost though. As long as we keep citrix/back end patched, and keep it behind our MDR platform, and only allow traffic from the proxy, maybe that will be ok.

2530-8G-PoE+ Switch (J9774A)
5355fe2f-0801-4920-b4f2-e1c01a93ee95-image.png

@krzykat around here everyone's using the same bands, so not really an issue, just hook it up, point in the general direction of a tower and it's good to go. Your experience may vary.

@jaredbusch said in beyond bash shell scripting, what language should I use:

@scottalanmiller said in beyond bash shell scripting, what language should I use:

@jaredbusch said in beyond bash shell scripting, what language should I use:

@stacksofplates said in beyond bash shell scripting, what language should I use:

@jaredbusch said in beyond bash shell scripting, what language should I use:

@scottalanmiller said in beyond bash shell scripting, what language should I use:

Go is great as a language. But like Ruby, not installed generally. And fewer resources. If it was a greenfield new OS, yeah, Go for sure. But for practical reasons, Python I think.

As these are systems that I control, there is no reason Go cannot be installed.

Between your comments and prior ones from @stacksofplates I think I might try Go in order to learn it.

You normally wouldn't install it anyway as it's not a scripting language. You'd just compile your binary and ship that to your systems.

I completely misunderstood that about Go. Okay, I will do a bit of checking and decide what I want to do.

oh sorry, I figured you knew. That's why I never look at it, I don't want to deal with binaries in that way. But nothing wrong with that. Write it on your machine at home, compile, ship binary. Works just fine.

As fixed tasks, this is not a bad solution. So I will keep it in mind.

Right, no big deal in this case.

@jaredbusch said in Import a QCOW2 Into Proxmox:

@dashrender said in Import a QCOW2 Into Proxmox:

@scottalanmiller said in Import a QCOW2 Into Proxmox:

@jaredbusch good point, Linux doesn't "detect non-local" like Windows does.

ug.. what a pain that is!

ummm wut?

that windows detects SMB shares as remote.

@dustinb3403 said in Win 11 Home - install with local account:

@dashrender or just don't install Windows 11 Home if you don't plan to give Microsoft more insight into your personal habits.

This in my opinion makes little sense to work around from an end user or implementator standpoint.

With the online account you get better integration to backup systems (OneDrive).which for a home user is a pretty important feature. Among other features.

If you simply don't want these features for.a home device, why bother with Windows 11 at all?

If not already, not a practical thing for a typical home buyer buying a new computer today, because Win 11 comes on the computer.

But you're right - those people likely are better off using those services than not. God know if they buy a mac they are buying into that ecosystem - if they buy a chromebook, they are buying into that ecosystem.... so it's not really any different.

None the less - not many home users are surfing ML - and those that are should be able to find answer like this.

@dbeato said in any zimbra specialists:

also Ubuntu 16.04 and ZImbra 8.8.12 are old and need to be updated.

General system admin rule of thumb.... always update before troubleshooting. There is a high chance that patching alone will resolve issues.