|
Whoops killed our VPN access by installing the Azure NPS extension. Scrambled for a bit trying to figure out how to unfuck that one. The documentation on it just briefly mentions "oh yea all authentications using radius will force MFA if you turn this on" which I wish was a bit bigger of a warning. Kind of a problem when no one is registered for MFA
|
# ? Jul 30, 2020 21:23 |
|
|
# ? Apr 20, 2024 01:53 |
|
I wish they'd just host a RADIUS server for you and auth against Azure AD.
|
# ? Jul 30, 2020 21:42 |
|
Thanks Ants posted:I wish they'd just host a RADIUS server for you and auth against Azure AD. Seriously.
|
# ? Jul 30, 2020 22:55 |
|
NPR Journalizard posted:It wasn't that bad. It's all multiple choice questions, apparently the number can vary but mine was 32 in total. The difficult bit is remembering what azure functions do what. Like I had one question where you had to know exactly where a network security group and a firewall differed. Sweet. Thank you very much, good citizen!
|
# ? Jul 30, 2020 23:20 |
|
Internet Explorer posted:come for the ISP chat, stay for the communism Does it still smell like TF in there? I am apparently in the top 3 for the job I interviewed for today, which is good because I felt like my technical interview could have gone better. I should hear back tomorrow or Monday. With any luck by partway through August I'll be making half again as much doing actually interesting poo poo.
|
# ? Jul 31, 2020 01:17 |
|
Thanks Ants posted:I wish they'd just host a RADIUS server for you and auth against Azure AD. Wait what the gently caress? It's 2020 why isn't this a thing? How is maintaining a lovely app any better than just
|
# ? Jul 31, 2020 01:37 |
|
There’s an agent thing you can set up so you can have an nps server use aad mfa, but you still need a full ad setup and aadconnect for it all to work. No fully cloud option.
|
# ? Jul 31, 2020 01:52 |
|
Azure MFA on the whole is still so much worse than something like Duo in almost every aspect. I’d like to have a single solution and not pay extra for a 3rd party MFA but here we are.
|
# ? Jul 31, 2020 02:05 |
Spring Heeled Jack posted:Azure MFA on the whole is still so much worse than something like Duo in almost every aspect. I’d like to have a single solution and not pay extra for a 3rd party MFA but here we are. My company is pushing out MFA through azure. Is there anywhere where I can get more details on why its bad?
|
|
# ? Jul 31, 2020 02:11 |
|
NPR Journalizard posted:My company is pushing out MFA through azure. Is there anywhere where I can get more details on why its bad? Coming from Duo the user ‘MFA’ management interface is bad, like they never updated the UI from the old Azure design spec. That and the hosed up RD Gateway integration mentioned above colored my view of it pretty quick. End user enrollment is also nowhere near as seamless as Duo’s. Basically my complaint is that it’s not Duo. If you’re coming in fresh to MFA you probably won’t notice many of the problems I have with it.
|
# ? Jul 31, 2020 03:11 |
|
Agreed, my biggest complaint with Azure MFA is that user enrollment is garbage. You will have to help every user.
|
# ? Jul 31, 2020 03:25 |
|
As an end user, Azure MFA is great. The Microsoft authenticator app prompts are so nice.
|
# ? Jul 31, 2020 04:34 |
|
CLAM DOWN posted:As an end user, Azure MFA is great. The Microsoft authenticator app prompts are so nice. I mean, it's just a push notification. Is there something special about it I'm missing? Lots of auths do that.
|
# ? Jul 31, 2020 05:30 |
|
So we’re migrating from on prem exchange to 365 and putting in duo at the same time. Glad to hear it’s not rear end. We’re also putting in AMP but shrug.
|
# ? Jul 31, 2020 05:49 |
|
The Fool posted:There’s an agent thing you can set up so you can have an nps server use aad mfa, but you still need a full ad setup and aadconnect for it all to work. No fully cloud option. That's what I'm saying. What's the point of putting your whole AD in the cloud if you still have to run your own Auth server?
|
# ? Jul 31, 2020 07:37 |
|
You're meant to ignore the old looking MFA portal and do everything through conditional access now.
|
# ? Jul 31, 2020 14:51 |
|
Yea, old MFA portal is old and busted. Conditional Access Policies are the new hotness.
|
# ? Jul 31, 2020 15:27 |
|
Yeah, and if you're not transitioned over yet don't trust anything you read in Microsoft docs regarding MFA or modern access, because that old MFA will gently caress you over.
|
# ? Jul 31, 2020 15:31 |
|
Wizard of the Deep posted:Yea, old MFA portal is old and busted. Conditional Access Policies are the new hotness. Its not even new hotness. Its basically been competing services in their own loving space.
|
# ? Jul 31, 2020 15:41 |
|
Sickening posted:Its not even new hotness. Its basically been competing services in their own loving space. I guess Microsoft has finally noticed how successful Google really is.
|
# ? Jul 31, 2020 16:23 |
|
Just discovered the isometric template I use in Visio diagrams for documentation is slightly off 30 degrees so none of my lines match up. I must've hosed it up somewhere along the line
|
# ? Jul 31, 2020 17:45 |
|
Middle manager Armageddon is happening next week. Any avp, vp, and svp without substantial direct reports are heading into the nether. I was told this to prepare my team for the departures. I was told that I was on the safe list but times are weird and you can't believe anyone. What a time to be alive.
|
# ? Jul 31, 2020 23:36 |
|
Don’t you work for some insane VP? Maybe he’s getting the ax
|
# ? Jul 31, 2020 23:43 |
|
George H.W. oval office posted:Don’t you work for some insane VP? Maybe he’s getting the ax Nah, last job. Just to put things in perspective, it appears they are getting rid of their entire compliance department for every hospital in the org. Seems pretty scorched earth for a hospital.
|
# ? Jul 31, 2020 23:48 |
|
Sickening posted:Nah, last job. Money reasons or complete renovation for legal reasons or something?
|
# ? Aug 1, 2020 00:20 |
|
Sprechensiesexy posted:Money reasons or complete renovation for legal reasons or something? Money I assume. We aren’t on the black for the first month in the hospitals existence and the powers that be will not have that. Livelihoods need to come into question before losses continue. All the vps that survive get to have their salary cut by 50% until things turn around which is actually surprising. Our ceo will get his bonus though so things are on the up and up.
|
# ? Aug 1, 2020 00:43 |
|
My company (Enterprise software) cut about 5% but I'm in the "Cloud Division" which is now a big focus of the org so my job has gotten very very busy and very very secure. We had some downtime in April so me and a few others started scripting some small tasks which then lead to automation of basic stuff and that caught the eye of a few C levels and they want us to work on this full time for about 6 months, maybe more. From what they are now asking us to automate, I get the feeling they want drastically cut customer service and contact renewals staff. I do realize how fortunate I am but know all to well what is feels like to be unemployed for 9-18 months. I nearly lost my house and everything else in '08-'09 . There was a 6 month stretch where I and my wife were out of work so we did things like paper routes to try and make extra money. And yes, stay far far far away from the Legal Industry. An associate of mine told me about a big firm he worked for, that barely gave him the afternoon off for his father's funeral. Even then he said he got a BBM asking "where are you??" while standing at the grave during the ceremony.
|
# ? Aug 1, 2020 03:55 |
|
Internet Explorer posted:Yeah, and if you're not transitioned over yet don't trust anything you read in Microsoft docs regarding MFA or modern access, because that old MFA will gently caress you over. Good to know. I put a policy in place a few weeks ago to disable modern auth because it broke skype and we needed a quick fix. No plans to move to MS MFA at the moment but who knows what the future holds. It's already been stated that it will be a requirement for anyone who needs OWA if we ever get around to implementing that. Duo is cool and good though.
|
# ? Aug 1, 2020 05:18 |
|
My experience with MFA is DUO > MS MFA > RSA. Seriously gently caress RSA. One client has two RSA consoles and you need to check both for a ton of different things. Duo is so easy to set up, and work within. MS MFA is close but not quite as good as Duo.
|
# ? Aug 1, 2020 14:51 |
|
Zotix posted:My experience with MFA is DUO > MS MFA > RSA. Seriously gently caress RSA. One client has two RSA consoles and you need to check both for a ton of different things. Duo is so easy to set up, and work within. MS MFA is close but not quite as good as Duo. two consoles? MFA - Multi Factor Administration.
|
# ? Aug 1, 2020 15:47 |
|
GnarlyCharlie4u posted:two consoles? Yeah for some reason they have the older traditional RSA console that has the token information, and the monitoring page where you can monitor login attempts to get more info. Then they have the second RSA console which is SecurID. The second console shows account lockouts, and also allows you to enroll new devices and issue emergency codes. It's just convoluted and a pain compared to DUO. I don't know about a lot of the back end stuff with configuring it, but for help desk work where you need to enroll new devices, unlock accounts, and assist end users, DUO is just streets ahead.
|
# ? Aug 1, 2020 15:49 |
|
I think _anything_ beats RSA, even free TOTP with no vendor and you just store the seeds somewhere. I loving hate RSA/SecurID. And SMS 2FA is not 2FA and should not exist.
|
# ? Aug 1, 2020 23:12 |
|
While there are glaring issues with SMS 2FA, saying it shouldn't exist is a bit much.
|
# ? Aug 1, 2020 23:19 |
|
Sickening posted:While there are glaring issues with SMS 2FA, saying it shouldn't exist is a bit much. Let's just call it implementation detail problems stemming from SMS 2FA being used as anything more than "additional factor", creating massive new backdoors. If the absolute only thing that SMS MFA is used for is one additional token delivery, then the worst it is would be not much additional security or some theatre. But this is never the case. Basically, the second it's used as anything more than "one more factor" (which is really more like 1.5FA), you end up with problems where the phone number is easily hijacked in seconds, reused by the phone company, the implementer uses SMS for other details (if it isn't purely internal) - see Facebook using explicitly-MFA-only phone numbers for advertising and profile inclusion, ability to disable actual device/token-based MFA by using SMS/call as a backdoor, various delivery failures (the SMS arriving is based on factors outside of your control, while TOTP just requires a working clock or not even that), all sorts of poo poo. Vendors that block VOIP implicitly block parts of Sprint/Tmobile and Google Fi and a ton of other carriers now that aren't "traditional postpaid". In a past life I helped some YouTubers out with security, and this was the biggest entry hole for everything, hands down, nothing else was as big of a compromise problem. Impotence fucked around with this message at 23:26 on Aug 1, 2020 |
# ? Aug 1, 2020 23:22 |
|
Biowarfare posted:Let's just call it implementation detail problems stemming from SMS 2FA being used as anything more than "additional factor", creating massive new backdoors. Having SMS mfa is infinitely better than no mfa. The weaknesses of backdooring so many systems because of cell phone provider lax security extends far beyond just the issues of SMS mfa. Taking over a phone number alone might mean you now have a backdoor into everything, sms or not. Totally removing recovery options from email and sms from the population at large isn't really practical. The support issues involved with doing so for the average person would be pretty high. The normal technology IQ of the average user just isn't there yet.
|
# ? Aug 1, 2020 23:34 |
|
Haha. Yeah I was gonna say, I was definitely an EarthLink customer at one time. But it was on a dial up modem in like 1995. Surprised to hear that brand still even exists in some form. Happiness Commando posted:Come to the Denver thread in LAN and start an ISP slap fight. There are a few wifi providers in Denver, but if you're in the suburbs between Denver and Boulder that's less likely. There's some CTL fiber in some places that's great, CTL DSL is absolute bullshit. I was a sysadmin for what is now Rise Broadband 10 years ago, when they were a lot smaller
|
# ? Aug 2, 2020 03:52 |
|
Does anyone know if there's any real benefit to "gaming" packages from ISPs?
|
# ? Aug 2, 2020 05:52 |
|
Gabriel S. posted:Does anyone know if there's any real benefit to "gaming" packages from ISPs? Yeah your bits are gonna be filled with incredible gamer energy as a result, no one will dare face you
|
# ? Aug 2, 2020 06:08 |
|
Gabriel S. posted:Does anyone know if there's any real benefit to "gaming" packages from ISPs? You’ll whip the llamas rear end. A veritable LPB.
|
# ? Aug 2, 2020 06:15 |
|
|
# ? Apr 20, 2024 01:53 |
Zotix posted:Has anyone had experience with TekSystems? As a dev - There’s a spectrum of recruiting firms and their knowledge of the field. One side, there’s devs that have side businesses placing people, (or vice versa) On the other side there’s TekSystems their recruiters are consistently the youngest and most inexperienced. All those badly written job descriptions? They’re just matching a resume with exact wording of that. Got 5 years experience in technology Y but they’re looking for competitor technology X? They’ll have no idea the experience is transferable. I tell them I found a job elsewhere at $SAAS_FIRM and “Oh I’ve never heard of them? What do they do?” They have an office with a big sign out front two blocks outside your regional office, and were founded in town fifteen years ago, and you don’t know who they are?
|
|
# ? Aug 2, 2020 07:34 |