Register a SA Forums Account here!
JOINING THE SA FORUMS WILL REMOVE THIS BIG AD, THE ANNOYING UNDERLINED ADS, AND STUPID INTERSTITIAL ADS!!!

You can: log in, read the tech support FAQ, or request your lost password. This dumb message (and those ads) will appear on every screen until you register! Get rid of this crap by registering your own SA Forums Account and joining roughly 150,000 Goons, for the one-time price of $9.95! We charge money because it costs us $3,400 per month for bandwidth bills alone, and since we don't believe in shoving popup ads to our registered users, we try to make the money back through forum registrations.
«1707 »
  • Post
  • Reply
George H.W. Cunt
Oct 6, 2010



Whoops killed our VPN access by installing the Azure NPS extension. Scrambled for a bit trying to figure out how to unfuck that one. The documentation on it just briefly mentions "oh yea all authentications using radius will force MFA if you turn this on" which I wish was a bit bigger of a warning. Kind of a problem when no one is registered for MFA

Adbot
ADBOT LOVES YOU

Thanks Ants
May 21, 2004

Bless You Ants, Blants



Fun Shoe

I wish they'd just host a RADIUS server for you and auth against Azure AD.

Internet Explorer
Jun 1, 2005





Oven Wrangler

Thanks Ants posted:

I wish they'd just host a RADIUS server for you and auth against Azure AD.

Seriously.

Darchangel
Feb 12, 2009

Tell him about the blower!



NPR Journalizard posted:

It wasn't that bad. It's all multiple choice questions, apparently the number can vary but mine was 32 in total. The difficult bit is remembering what azure functions do what. Like I had one question where you had to know exactly where a network security group and a firewall differed.

https://www.examtopics.com/exams/microsoft/az-900/

That site has a lot of the questions that were in the test.

Went into a centre to do it. I can get distracted very easily, plus I don't have a webcam and you need one to do it online


The examtopics link above helped me a lot, and the free stuff from MS covers everything you need.

https://vladtalkstech.com/az-900-st...re-fundamentals

The bottom of that has a breakdown of what's covered and where you can read more about specific topics.

Sweet. Thank you very much, good citizen!

22 Eargesplitten
Oct 10, 2010

Also sexism, religious bias, jingoism, and so on. Don't do it, people!

Dogs, don't do it either, even if the police man really tries to train you to do it.



Internet Explorer posted:

come for the ISP chat, stay for the communism

Does it still smell like TF in there?

I am apparently in the top 3 for the job I interviewed for today, which is good because I felt like my technical interview could have gone better. I should hear back tomorrow or Monday. With any luck by partway through August I'll be making half again as much doing actually interesting poo poo.

GnarlyCharlie4u
Sep 23, 2007

I have an unhealthy obsession with motorcycles.

Proof


Thanks Ants posted:

I wish they'd just host a RADIUS server for you and auth against Azure AD.

Wait what the gently caress? It's 2020 why isn't this a thing? How is maintaining a lovely app any better than just chargingincluding in your licensing hosting for an authentication server?

The Fool
Oct 16, 2003



There’s an agent thing you can set up so you can have an nps server use aad mfa, but you still need a full ad setup and aadconnect for it all to work. No fully cloud option.

Spring Heeled Jack
Feb 25, 2007


Azure MFA on the whole is still so much worse than something like Duo in almost every aspect. I’d like to have a single solution and not pay extra for a 3rd party MFA but here we are.

NPR Journalizard
Feb 14, 2008



Spring Heeled Jack posted:

Azure MFA on the whole is still so much worse than something like Duo in almost every aspect. I’d like to have a single solution and not pay extra for a 3rd party MFA but here we are.

My company is pushing out MFA through azure. Is there anywhere where I can get more details on why its bad?

Spring Heeled Jack
Feb 25, 2007


NPR Journalizard posted:

My company is pushing out MFA through azure. Is there anywhere where I can get more details on why its bad?

Coming from Duo the user ‘MFA’ management interface is bad, like they never updated the UI from the old Azure design spec. That and the hosed up RD Gateway integration mentioned above colored my view of it pretty quick. End user enrollment is also nowhere near as seamless as Duo’s.

Basically my complaint is that it’s not Duo. If you’re coming in fresh to MFA you probably won’t notice many of the problems I have with it.

Internet Explorer
Jun 1, 2005





Oven Wrangler

Agreed, my biggest complaint with Azure MFA is that user enrollment is garbage. You will have to help every user.

CLAM DOWN
Feb 13, 2007


RICKARUS

It's Moot baby!




As an end user, Azure MFA is great. The Microsoft authenticator app prompts are so nice.

Internet Explorer
Jun 1, 2005





Oven Wrangler

CLAM DOWN posted:

As an end user, Azure MFA is great. The Microsoft authenticator app prompts are so nice.

I mean, it's just a push notification. Is there something special about it I'm missing? Lots of auths do that.

GreenNight
Feb 19, 2006
Turning the light on the darkest places, you and I know we got to face this now. We got to face this now.

So we’re migrating from on prem exchange to 365 and putting in duo at the same time. Glad to hear it’s not rear end. We’re also putting in AMP but shrug.

GnarlyCharlie4u
Sep 23, 2007

I have an unhealthy obsession with motorcycles.

Proof


The Fool posted:

There’s an agent thing you can set up so you can have an nps server use aad mfa, but you still need a full ad setup and aadconnect for it all to work. No fully cloud option.

That's what I'm saying. What's the point of putting your whole AD in the cloud if you still have to run your own Auth server?

Thanks Ants
May 21, 2004

Bless You Ants, Blants



Fun Shoe

You're meant to ignore the old looking MFA portal and do everything through conditional access now.

Wizard of the Deep
Sep 25, 2005


Yea, old MFA portal is old and busted. Conditional Access Policies are the new hotness.

Internet Explorer
Jun 1, 2005





Oven Wrangler

Yeah, and if you're not transitioned over yet don't trust anything you read in Microsoft docs regarding MFA or modern access, because that old MFA will gently caress you over.

Sickening
Jul 15, 2007

BLack Summer was the Best Summer

Wizard of the Deep posted:

Yea, old MFA portal is old and busted. Conditional Access Policies are the new hotness.

Its not even new hotness. Its basically been competing services in their own loving space.

Wizard of the Deep
Sep 25, 2005


Sickening posted:

Its not even new hotness. Its basically been competing services in their own loving space.

I guess Microsoft has finally noticed how successful Google really is.

uhhhhahhhhohahhh
Oct 9, 2012


Just discovered the isometric template I use in Visio diagrams for documentation is slightly off 30 degrees so none of my lines match up. I must've hosed it up somewhere along the line

Sickening
Jul 15, 2007

BLack Summer was the Best Summer

Middle manager Armageddon is happening next week. Any avp, vp, and svp without substantial direct reports are heading into the nether. I was told this to prepare my team for the departures. I was told that I was on the safe list but times are weird and you can't believe anyone.

What a time to be alive.

George H.W. Cunt
Oct 6, 2010



Don’t you work for some insane VP? Maybe he’s getting the ax

Sickening
Jul 15, 2007

BLack Summer was the Best Summer

George H.W. stinkyhole posted:

Don’t you work for some insane VP? Maybe he’s getting the ax

Nah, last job.

Just to put things in perspective, it appears they are getting rid of their entire compliance department for every hospital in the org. Seems pretty scorched earth for a hospital.

Sprechensiesexy
Dec 26, 2010

Tetten? Tetten? Tetten? Tetten?


Sickening posted:

Nah, last job.

Just to put things in perspective, it appears they are getting rid of their entire compliance department for every hospital in the org. Seems pretty scorched earth for a hospital.

Money reasons or complete renovation for legal reasons or something?

Sickening
Jul 15, 2007

BLack Summer was the Best Summer

Sprechensiesexy posted:

Money reasons or complete renovation for legal reasons or something?
.

Money I assume. We aren’t on the black for the first month in the hospitals existence and the powers that be will not have that. Livelihoods need to come into question before losses continue. All the vps that survive get to have their salary cut by 50% until things turn around which is actually surprising. Our ceo will get his bonus though so things are on the up and up.

Bonzo
Mar 11, 2004

Just like Mama used to make it!


Dinosaur Gum

My company (Enterprise software) cut about 5% but I'm in the "Cloud Division" which is now a big focus of the org so my job has gotten very very busy and very very secure. We had some downtime in April so me and a few others started scripting some small tasks which then lead to automation of basic stuff and that caught the eye of a few C levels and they want us to work on this full time for about 6 months, maybe more. From what they are now asking us to automate, I get the feeling they want drastically cut customer service and contact renewals staff.

I do realize how fortunate I am but know all to well what is feels like to be unemployed for 9-18 months. I nearly lost my house and everything else in '08-'09 . There was a 6 month stretch where I and my wife were out of work so we did things like paper routes to try and make extra money.

And yes, stay far far far away from the Legal Industry. An associate of mine told me about a big firm he worked for, that barely gave him the afternoon off for his father's funeral. Even then he said he got a BBM asking "where are you??" while standing at the grave during the ceremony.

GnarlyCharlie4u
Sep 23, 2007

I have an unhealthy obsession with motorcycles.

Proof


Internet Explorer posted:

Yeah, and if you're not transitioned over yet don't trust anything you read in Microsoft docs regarding MFA or modern access, because that old MFA will gently caress you over.

Good to know. I put a policy in place a few weeks ago to disable modern auth because it broke skype and we needed a quick fix. No plans to move to MS MFA at the moment but who knows what the future holds. It's already been stated that it will be a requirement for anyone who needs OWA if we ever get around to implementing that.

Duo is cool and good though.

Zotix
Aug 14, 2011





My experience with MFA is DUO > MS MFA > RSA. Seriously gently caress RSA. One client has two RSA consoles and you need to check both for a ton of different things. Duo is so easy to set up, and work within. MS MFA is close but not quite as good as Duo.

GnarlyCharlie4u
Sep 23, 2007

I have an unhealthy obsession with motorcycles.

Proof


Zotix posted:

My experience with MFA is DUO > MS MFA > RSA. Seriously gently caress RSA. One client has two RSA consoles and you need to check both for a ton of different things. Duo is so easy to set up, and work within. MS MFA is close but not quite as good as Duo.

two consoles?
MFA - Multi Factor Administration.

Zotix
Aug 14, 2011





GnarlyCharlie4u posted:

two consoles?
MFA - Multi Factor Administration.

Yeah for some reason they have the older traditional RSA console that has the token information, and the monitoring page where you can monitor login attempts to get more info. Then they have the second RSA console which is SecurID. The second console shows account lockouts, and also allows you to enroll new devices and issue emergency codes. It's just convoluted and a pain compared to DUO. I don't know about a lot of the back end stuff with configuring it, but for help desk work where you need to enroll new devices, unlock accounts, and assist end users, DUO is just streets ahead.

Biowarfare
Nov 8, 2010

I JUST WISH THIS WAS A PONY SO I COULD JERK IT WHILE I PLAY WOW

I think _anything_ beats RSA, even free TOTP with no vendor and you just store the seeds somewhere. I loving hate RSA/SecurID. And SMS 2FA is not 2FA and should not exist.

Sickening
Jul 15, 2007

BLack Summer was the Best Summer

While there are glaring issues with SMS 2FA, saying it shouldn't exist is a bit much.

Biowarfare
Nov 8, 2010

I JUST WISH THIS WAS A PONY SO I COULD JERK IT WHILE I PLAY WOW

Sickening posted:

While there are glaring issues with SMS 2FA, saying it shouldn't exist is a bit much.

Let's just call it implementation detail problems stemming from SMS 2FA being used as anything more than "additional factor", creating massive new backdoors. If the absolute only thing that SMS MFA is used for is one additional token delivery, then the worst it is would be not much additional security or some theatre. But this is never the case.

Basically, the second it's used as anything more than "one more factor" (which is really more like 1.5FA), you end up with problems where the phone number is easily hijacked in seconds, reused by the phone company, the implementer uses SMS for other details (if it isn't purely internal) - see Facebook using explicitly-MFA-only phone numbers for advertising and profile inclusion, ability to disable actual device/token-based MFA by using SMS/call as a backdoor, various delivery failures (the SMS arriving is based on factors outside of your control, while TOTP just requires a working clock or not even that), all sorts of poo poo. Vendors that block VOIP implicitly block parts of Sprint/Tmobile and Google Fi and a ton of other carriers now that aren't "traditional postpaid".

In a past life I helped some YouTubers out with security, and this was the biggest entry hole for everything, hands down, nothing else was as big of a compromise problem.

Biowarfare fucked around with this message at 22:26 on Aug 1, 2020

Sickening
Jul 15, 2007

BLack Summer was the Best Summer

Biowarfare posted:

Let's just call it implementation detail problems stemming from SMS 2FA being used as anything more than "additional factor", creating massive new backdoors.

Basically, the second it's used as anything more than "one more factor" (which is really more like 1.5FA), you end up with problems where the phone number is easily hijacked in seconds, reused by the phone company, the implementor uses SMS for other details (if it isn't purely internal) - see Facebook using explicitly-MFA-only phone numbers for advertising and profile inclusion, ability to disable actual device/token-based MFA by using SMS/call as a backdoor, all sorts of poo poo.

In a past life I helped some YouTubers out with security, and this was the biggest entry hole for everything.

Having SMS mfa is infinitely better than no mfa. The weaknesses of backdooring so many systems because of cell phone provider lax security extends far beyond just the issues of SMS mfa. Taking over a phone number alone might mean you now have a backdoor into everything, sms or not. Totally removing recovery options from email and sms from the population at large isn't really practical. The support issues involved with doing so for the average person would be pretty high. The normal technology IQ of the average user just isn't there yet.

Docjowles
Apr 9, 2009




Haha. Yeah I was gonna say, I was definitely an EarthLink customer at one time. But it was on a dial up modem in like 1995. Surprised to hear that brand still even exists in some form.

Happiness Commando posted:

Come to the Denver thread in LAN and start an ISP slap fight. There are a few wifi providers in Denver, but if you're in the suburbs between Denver and Boulder that's less likely. There's some CTL fiber in some places that's great, CTL DSL is absolute bullshit.

I was a sysadmin for what is now Rise Broadband 10 years ago, when they were a lot smaller

Gabriel S.
May 20, 2006

I WILL KEEP IMMIGRANT CHILDREN IN A LOCKBOX, AND THAT PAYS DOWN THE NATIONAL DEBT.

Put this Nazi Scientist fuck on ignore immediately!


Does anyone know if there's any real benefit to "gaming" packages from ISPs?

CLAM DOWN
Feb 13, 2007


RICKARUS

It's Moot baby!




Gabriel S. posted:

Does anyone know if there's any real benefit to "gaming" packages from ISPs?

Yeah your bits are gonna be filled with incredible gamer energy as a result, no one will dare face you

Agrikk
Oct 17, 2003

Take care with that! We have not fully ascertained its function, and the ticking is accelerating.


Gabriel S. posted:

Does anyone know if there's any real benefit to "gaming" packages from ISPs?

You’ll whip the llamas rear end. A veritable LPB.

Adbot
ADBOT LOVES YOU

Coffee Jones
Jul 4, 2004



Zotix posted:

Has anyone had experience with TekSystems?

As a dev - There’s a spectrum of recruiting firms and their knowledge of the field.
One side, there’s devs that have side businesses placing people, (or vice versa)
On the other side there’s TekSystems
their recruiters are consistently the youngest and most inexperienced. All those badly written job descriptions?
They’re just matching a resume with exact wording of that.
Got 5 years experience in technology Y but they’re looking for competitor technology X? They’ll have no idea the experience is transferable.

I tell them I found a job elsewhere at $SAAS_FIRM and “Oh I’ve never heard of them? What do they do?”

They have an office with a big sign out front two blocks outside your regional office, and were founded in town fifteen years ago, and you don’t know who they are?

  • 1
  • 2
  • 3
  • 4
  • 5
  • Post
  • Reply
«1707 »