LemLems<p>I don’t have sensitive or financial information on my PC, I only use it for playing games & the occasional web search and almost never download anything that isn’t from my game library - so I don’t think I need the beefiest security available. </p><p>I just want something that will go “oops should probably change your email password” rather than behaving like it’s trying to sell double glazing to my gran</p><p><a href="https://mastodon.social/tags/PCSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PCSecurity</span></a> <a href="https://mastodon.social/tags/VirusProtection" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>VirusProtection</span></a> <a href="https://mastodon.social/tags/MalwareProtection" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>MalwareProtection</span></a> <a href="https://mastodon.social/tags/ITAdvice" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ITAdvice</span></a></p>
Recent searches
No recent searches
Search options
Not available on me.dm.
me.dm is part of the decentralized social network powered by Mastodon.
Ideas and information to deepen your understanding of the world. Run by the folks at Medium.
Administered by:
Server stats:
1.6Kactive users
Learn more
me.dm: About · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.2.18
#itadvice
0 posts · 0 participants · 0 posts today
Phillip<p>Long toot, but TL;DR I’m looking for advice from fellow IT and network managers/maintainers 🥹</p><p>Planning a network overhaul for my ~20 person employer for a few months from now. Likely going Unifi for as much as possible for the tight integration and simple management for this poor solo IT guy. I’m not looking for input on that decision at this time, unless you have a really good reason. </p><p>Unfortunately, everyone is used to a BYOD system when it comes to WFH. They download the NetExtender VPN on their personal machine and RDP into their workstation in the office. I am trying to figure out how best to lock this down without pissing everyone off (yet). </p><p>Obvious measures already in effect include MFA for VPN access and geo-based IP blocking. I’d love to lock it down further though, and for that I am looking into an RDP gateway in combination with VPN. </p><p>For off-site company-owned devices, those would use the Unifi VPN authenticated via AD and MFA. Connections would be based on an allowlist of known safe workstations and they would be allowed normal network access. </p><p>For personal devices, I’m considering an RDP gateway (with MFA?) to monitor and limit connections from personal devices to employee workstations only (I.e. no server access). I _could_ expose that publicly and ensure it’s locked down with MFA and give the host server minimal permissions and access. However, I’m wondering if it would make sense to place that behind the VPN as well.</p><p>Untrusted VPN connections could go to their own VLAN, only allowed access to the RDP gateway and nothing else. Both would authenticate with the same LDAP credentials, so not much benefit there. My main consideration is 0 days and other vulns. A 2 layered approach would ensure that a vulnerability in one system is still mitigated by the other. </p><p>I could see this creating unnecessary overhead for employees to connect though, and may not be worth the perceived extra security. </p><p>Anyone have any input? I’d love some advice here!</p><p><a href="https://infosec.exchange/tags/it" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>it</span></a> <a href="https://infosec.exchange/tags/networking" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>networking</span></a> <a href="https://infosec.exchange/tags/networksecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>networksecurity</span></a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>security</span></a> <a href="https://infosec.exchange/tags/infrastructure" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infrastructure</span></a> <a href="https://infosec.exchange/tags/ITAdvice" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ITAdvice</span></a> <a href="https://infosec.exchange/tags/tech" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>tech</span></a></p>
Viktor Nagornyy<p>Has anyone switched from Google Workspace to <a href="https://me.dm/tags/Nextcloud" class="mention hashtag" rel="tag">#<span>Nextcloud</span></a>? Any tips or advice about the migration would be appreciated.</p><p><a href="https://me.dm/tags/opensource" class="mention hashtag" rel="tag">#<span>opensource</span></a> <a href="https://me.dm/tags/foss" class="mention hashtag" rel="tag">#<span>foss</span></a> <a href="https://me.dm/tags/email" class="mention hashtag" rel="tag">#<span>email</span></a> <a href="https://me.dm/tags/documents" class="mention hashtag" rel="tag">#<span>documents</span></a> <a href="https://me.dm/tags/buildinpublic" class="mention hashtag" rel="tag">#<span>buildinpublic</span></a> <a href="https://me.dm/tags/business" class="mention hashtag" rel="tag">#<span>business</span></a> <a href="https://me.dm/tags/smallbusiness" class="mention hashtag" rel="tag">#<span>smallbusiness</span></a> <a href="https://me.dm/tags/itadvice" class="mention hashtag" rel="tag">#<span>itadvice</span></a></p>
ExploreLive feeds
Login to follow profiles or hashtags, favorite, share and reply to posts. You can also interact from your account on a different server.
LoginDrag & drop to upload