Stay away from text messages for the second factor.guess who's enabling two-factor authentication on the company's Office 365 accounts because our users keep falling for phishing emails, which allows their accounts to be compromised and send more malicious **** out to the entire company and our business partners
every complaint i get about it being too many steps or too cumbersome will be met with a hearty chuckle.
-
Be sure to read this post! Beware of scammers. https://www.indianagunowners.com/threads/classifieds-new-online-payment-guidelines-rules-paypal-venmo-zelle-etc.511734/
The General Technology Thread
- Thread starter ArcadiaGP
- Start date
The #1 community for Gun Owners in Indiana
Member Benefits:
Fewer Ads! Discuss all aspects of firearm ownership Discuss anti-gun legislation Buy, sell, and trade in the classified section Chat with Local gun shops, ranges, trainers & other businesses Discover free outdoor shooting areas View up to date on firearm-related events Share photos & video with other members ...and so much more!
Member Benefits:
You think IT professional's have any clue about security? Using IT professional is worse than just saying lawyer. While lawyers all study come common law before possibly specializing, IT professionals generally know something about their area of expertise and little to nothing about any others. Our IT staff fails our test at close to the same rate as the rest of the company. If you take out those of us who actually know about security, it is probably the same.
We used to use a company that made some really good tests. The kind that you would receive if someone was actually actively targeting your company. The company failure rate got as high as 40%. In fact it was so bad, that sadly the next year the tests got mush easier.
I was amazed at what I learned when I studied for the Security+ exam shortly after getting an InfoSec position. I'd worked IT for 15+ years prior to that. I told a previous manager of mine that I thought it would be good for lower level desktop and network people to have to get Security+ certified because of the info that could be learned that would be useful. I shudder to think of some of the things I did as an IT guy...
I was amazed at what I learned when I studied for the Security+ exam shortly after getting an InfoSec position. I'd worked IT for 15+ years prior to that. I told a previous manager of mine that I thought it would be good for lower level desktop and network people to have to get Security+ certified because of the info that could be learned that would be useful. I shudder to think of some of the things I did as an IT guy...
As a network/security engineer it truly amazes me how little others in IT know about what I do. I wonder how many can even spell IP sometimes.
As a network/security engineer it truly amazes me how little others in IT know about what I do. I wonder how many can even spell IP sometimes.
Yep. I agree. It has to do with companies not wanting to pay IT people worth a crap, at least support personnel. Everyone says support people are a dime a dozen, but that's not true. Good support people are hard to find and worth extra $$, but they tend to get
everywhere they go. The Security+ and Network+ are great certs to get when you're starting out in IT. I like both much better than A+ which I found not overly worthwhile.
Yep. The best and final one was about a fake merger or something. The C levels had a fit.
As a network/security engineer it truly amazes me how little others in IT know about what I do. I wonder how many can even spell IP sometimes.
You sit around on your ass all day scanning for silly vulnerabilities in code written by people like me (who sits on his ass all day writing code that doesn't have silly vulnerabilities, I hope)?
Yep. I agree. It has to do with companies not wanting to pay IT people worth a crap, at least support personnel. Everyone says support people are a dime a dozen, but that's not true. Good support people are hard to find and worth extra $$, but they tend to get
A friend of mine who did our support got let go awhile back. Millennial dude. Tattoos. Piercings. Stretched out ears. He wasn't let go because of that or performance. His position was eliminated. Sorry to see him go because on the job he was a tenacious grinder, and someone I could talk to about guns and comics.
No no. Not compliance. Operations
I am the one that configures the routers, switches, firewalls, and anything else that moves or filters traffic on the network.
I used to do that, but for the last 4 years I've done third party risk. Much more exciting...
Always sucks when someone who is good at their job (and good to talk to) gets let go. I've had it happen to me and I've seen it happens to others. No bueno.
Every year we go through a third party vulnerability assessment. Some consultants come in and run a bunch of automated canned scans, then give us a spreadsheet with a ****load of "vulnerabilities". No thought is put into what actual risk is associated with that vulnerability on said device. Everything is treated like it is sitting unprotected connected to the Internet. Such a colossal waste of time.I used to do that, but for the last 4 years I've done third party risk. Much more exciting...
Always sucks when someone who is good at their job (and good to talk to) gets let go. I've had it happen to me and I've seen it happens to others. No bueno.
It was different when I did Vulnerability Management, as we were internal to the company and worked with the infrastructure group responsible for the equipment to come up with what needed to be patched or configured differently, what the priority was and how it should be completed. If they said something couldn't be done, we researched to verify, documented and ran up to management on both sides to authorize leaving as is, or putting mitigating controls in place if needed. I'm sure there were times when infrastructure hated us, but for the most part we had a good working relationship and tried to make sure we weren't just throwing lists and them saying "fix it".
Patching vulnerabilities is great.
Telling me I have a slew of critical vulnerabilities because my switches and routers use self-signed certs for management, not so much.
The self signed cert thing is bad. Most IT people don't even understand PKI let alone consumers bombarded by overly protective but ineffective web browsers.Patching vulnerabilities is great.
Telling me I have a slew of critical vulnerabilities because my switches and routers use self-signed certs for management, not so much.
My current favorite is when the security/policy office claims that a 0 day vulnerability must be patched on all windows systems immediately and pushes out the patch without even communicating to system owners before the patch goes out.
Cisco updated some info on a vulnerability we ran into this week.
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-asaftd
Remote reboot of firewalls via web interface exploit.
Not a good feeling when three of your offices ASAs reboot in the same day. Thankfully it just looks like a denial-of-service sort of exploit, and not a compromise of data.
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-asaftd
Remote reboot of firewalls via web interface exploit.
Not a good feeling when three of your offices ASAs reboot in the same day. Thankfully it just looks like a denial-of-service sort of exploit, and not a compromise of data.
For a website sure, but not when you are using it for an SSH session into a switch that is only accessible from the internal network.
What, you want some testing or something before you patch?
