Public Service Announcement:

Have you checked out Sophos XG Firewall for home use lately?

It's basically an enterprise firewall fully licensed for personal use.

• All the firewall stuff
• Normal IPS
• Built-In easy transparent SSL/TLS proxy
• Web Application Firewall

I like it better than PF/Open Sense right now.

https://youtu.be/Ui8UC8-MeJU

If I understand this article correctly, instead of working out of the Governor's mansion, which is already maintained by our tax money, and is close to the offices Braun is forcing everyone back into, let's put a pin in that, and it already has quarters for state police details...

he's spending more of our tax money on his private residence, planning to work from home, and wants to get flown in a fucking helicopter?

Couple things:

• helicopters cost 2-4 thousand dollars per flight hour depending on aircraft
• He made everyone return to offices
• Some offices or rented floors in the downtown Sheridan cost about a million per year to rent (I need to fact check this, I just heard from an insider)

Am I misunderstanding wats going and I'm at fault for thinking he's a huge fucking douche bag and hypocrite?

I know this place is a bit of an echo chamber not favoring republican politics, but this seems more bipartisan and plainly fucking stupid?

I consider myself slightly in a conservative, Christian viewpoint camp. I say slightly because as I get past middle age, all those views or opinions have shifted.

I'm not a huge fan of abortion, but my opinion is slightly more nuanced and that's not a topic I think will be fruitfully discussed online.

Button line, seeing things like this however make me slightly lose my fucking mind.

Insert huge rant here about hypocrisy and unreasonable people, laced with outrage and much profanity.

I know others in my circle who also feel similarly. My hope is that people might know even church going conservative people think this is fucking bullshit and that piece of shit attorney general need to go. Fuck him.

After reading this article, I had a few dissenting thoughts, maybe someone will provide their perspective?

The article suggests not running critical workloads virtually based on a failure scenario of the hosting environment (such as ransomware on hypervisor).

That does allow using the 'all your eggs in one basket' phrase, so I agree that running at least one instance of a service physically could be justified, but threat actors will be trying to time execution of attacks against both if possible. Adding complexity works both ways here.

I don't really agree with the comments about not patching however. The premise that the physical workload or instance would be patched or updated more than the virtual one seems unrelated. A hesitance to patch systems is more about up time vs downtime vs breaking vs risk in my opinion.

Is your organization running critical workloads virtual like anything else, combination physical and virtual, or combination of all previous plus cloud solutions (o

I've seen companies do all sorts of home grown things.

One uses a spreadsheet that is just the configuration row by row, they turn it I to text file and copy to startup, reload.

I have used git servers to do the same thing, but with obvious change tracking history of git.

What real or home grown things are you using?

Currently using an ISR4461x. Now 17.7+ supports ssl VPN.

Should we learn flexvpn or do ssl VPN?

This is a network defense design scheme question.

In a scenario where your organization is designing multi-layered firewall deployment and management, how granular  do you create rules at each of these three layers?

Example site is a main/HQ site that also houses your data center (basic 3 tier model).

1. Site has your main internet gateway and VPN termination point. As am example, it's a Cisco or other ZBF. It has four zones: (1) Internet, (2) VPNs from other sites/clients, (3) your corporate LAN including data center, (4) Guest/untrusted/Iot.
2. Between your gateway and the rest of your corporate network/datacenter, you have transparent proxy firewall/IPS/monitor. It's bridging traffic between gateway and data center.
3. Within data center, hosts have software host based firewalls, all centrally managed by management product.

Questions:

• How granular do you make ZBF policies at gateway? Limit it to broad zones, subnets, etc? Get granular by source/destination? Further g

What sources of technical controls does your organization use?

Do you base device/operating system configurations on:

• CIS workbench?
• NIST/STIG?
• Microsoft best practice?
• Google searches and 'that looks good'?

How closely rigorously does your organization enforce change management for policies or settings?

• Can you change GPOs/Linux/Network device settings as needed?
• During maintenance window?
• After a group meeting with code/change review and some sort of approval authority?

Does anyone fully implement workstation and server logon restrictions, and priviledged access workstations (PAW) as prescribed by NIST/STIG/CIS?

The URL is Microsoft's long description of the same concepts.

Specifically from the above, there's a few things like:

• Establishing asset/systems tiers (domain controllers or entire org compromise tier 0, moving towards less consequence in the event of system compromise)
• Accounts with the Active Directory Domain Admins or equivalent are supposed to be blocked from logging into lower tier assets
• Workstations that have access to log into these super sensitive assets like Domain controllers for management are considered PAWs, and are blocked from internet access, highly locked down, might have extra hoops or management plane assets are air gapped?

Question:

Does anyone actually do any of this at their organization?

If so, to what degree?

People hated red forest because it was a whole other set of infrastructure to baby sit.

People h

I don't even know where to begin with some of the quotes in this article, good or bad.

The topic of politics can be aggausting, but I wonder if there isn't merit to this idea?

If we'll have republican local reps regardless based on trends, should people jump party and vote for more moderate candidates, if any exist?

Even if you know your candidate isn't likely to win, do you vote them on principle to vote metrics and data, or do you vote for the lesser evil opponent, even if you feel dirty for it?

I'm not taking or endorsing a side or suggesting anyone should, just curious. Pretend it's the opposite parties than Indiana if it helps thinking through it.

My reason for posting this question is to get some perspective, since I don't live further west than Indiana.

Indiana has a lot of conservative tendencies, usually opposes progressive policies, and a little old school bigotry in the form of religion based disagreement with people's life styles, like letter community.

From an outsiders perspective, TX, OK, MO etc are even more extreme.

This permalink above from a comment from a person referencing recently proposed legislation against letter community people specifically, though there's tons of examples of bigotry like the school principal getting sued for discrimination due to a kid's hair (black hair).

We know Lemmy is a bit more populated with left than right thinkers, but regardless, what's going on in these western plains states? Is it as bad as it looks?

Do you personally know some sweet old church ladies who 'hate the gays because they'll going to hell' or are there just more extreme law makers being elected that don't repre

This is not an ad.

Does anyone have experience with Tenable products?

I'm interested in real world experience regarding:

• cost
• effectiveness
• ease of use

I'm playing with Tenable Security Center and Nessus Scanner. I'm early in the deployment, just looking for pointers and whether anyone has used it?

What alternatives is your org using if not?

Can you compare?

Edit, if anyone is interested, I can post results and opinions here also.

INDIANAPOLIS – Angry reaction from community leaders continue to pour in after a controversial punishment was handed down to the man who was convicted of killing Indianapolis Metropolitan Police Department officer Breann Leath.

Dorsey was sentenced on Thursday to 25 years in prison after he was found guilty but mentally ill on the following charges:

One count of reckless homicide Three counts of criminal recklessness committed with a deadly weapon One count of attempted murder One count of criminal confinement Dorsey was not convicted of murder by the jury. That charge was reduced to the lesser reckless homicide charge.

...

Snyder, who is the president of the Indianapolis FOP, said during a Friday afternoon news conference that residents of Indianapolis, as well as Indiana residents and those throughout the country, saw a “miscarriage of justice” through Stoner’s sentencing.

In response, Snyder said the maximum sentence of 63 years should have been implemented for Dorsey in thi

INDIANAPOLIS — A traffic stop ended up leading investigators to a restaurant on Indy’s east side where police uncovered cocaine, methamphetamine, marijuana, fentanyl and enough firepower for a shootout.

William Collins, 45, was arrested by the Indianapolis Metropolitan Police Department on Monday for his role in the alleged drug trafficking. Collins also isn’t permitted to own a firearm due to being a convicted felon.

Police said Collins was arrested during a traffic stop after detectives witnessed a “hand-to-hand drug transaction” in a parking lot in the 3200 block of N. Emerson. During the traffic stop, police found a handgun in Collins’ possession.

The investigation eventually led police to 1313 Eatery, a chicken wing shop located at 5299 E. 38th Street. Detectives searched the business and seized approximately 600 grams of cocaine, five pounds of meth, one pound of marijuana and 70 grams of fentanyl pills.

Also found in the restaurant were three firearms, two of which were repo

INDIANAPOLIS — Indiana State Police troopers made 120 traffic stops and cited a majority of those drivers for speeding during a two-hour ticket-writing blitz on the west side of Indianapolis Wednesday.

More than a dozen troopers, warned by lawmen with handheld laser speed detectors, pulled over drivers exceeding the 55-mile-per-hour limits on I-465 between 56th and 38th streets for two hours in the afternoon.

Sgt. John Perrine said troopers were stopping only drivers topping out at 75 MPH and above.

”We’re certainly not out here looking for the people who are minor speeding. We’re looking for the most egregious, most aggressive drivers who are really causing problems,” he said. ”We would like to lower that threshold but it’s really hard to go out and stop the people doing 10 over when we know a few seconds later there is somebody coming who is doing thirty over.”

Perrine said excessive speed is often to blame for road rage incidents.

”We have a group of drivers who want to drive s

Let's Play Date, Marry, Kill...with Roundabouts.

What are your thoughts as Indiana starts adopting these modern traffic control measures (Europe has been doing them since...forever)?

Most people I talk to either love or hate these intersections. For some reason, I can't find people who are indifferent to them very often.

According to the Carmel's city webpage: "Carmel is internationally known for its roundabout network. Since the late 1990’s Carmel has been building and replacing signalized intersections with roundabouts. Carmel now has more than 150 roundabouts, more than any other city in the United States."

"The number of injury accidents in Carmel have reduced by about 80 percent and the number of accidents overall by about 40 percent."

https://www.carmel.in.gov/government/departments-services/engineering/roundabouts#%3A%7E%3Atext=Carmel+is+internationally+known+for%2Ccity+in+the+United+States.

General PROs / CONs

• Up to a 90 percent reduction in fatalities
• 76 per

The actor, who just celebrated his 93rd birthday on March 22, shared his excitement about experiencing the once-in-a-lifetime event. When asked about what to expect from him during the celebration, he said “darkness” with laughter.

“The next one over Indiana will be like a hundred years from now," he said. "We’ll all be dead. I might not be, but you guys are going to be dead the next time. It’s an event, but when you ponder the mystery - if you ponder what’s taking place in the heavens - it’s gargantuan.”

...

William Shatner, known for his iconic role as Captain William T. Kirk in the classic television series "Star Trek," is headed to Bloomington to take part in Indiana University’s “Hoosier Cosmic Celebration.”

...

The pace of violations, recorded since the city restricted turns at 97 downtown intersections, amounts to an average of about seven tickets per month.

Two pedestrian advocates told Mirror Indy they would like to see more enforcement, but city officials said the number of tickets issued is only one metric — and not the most indicative of success when it comes to pedestrian safety measures.

“Their desired effect was not to increase (the) number of tickets issued by IMPD. It was to ensure the safety of pedestrians and bicyclists in the Mile Square,” Vop Osili, the Democratic president of Indianapolis City-County Council, said in an emailed statement to Mirror Indy.

...

The policy change followed a study from the Indianapolis Department of Public Works that looked at a five-year history of pedestrian-related crashes in the downtown area. It found that 57% of were the result of vehicles failing to yield to pedestrians at intersections with traffic signals.

Data also showed that d

INDIANAPOLIS — Senator and Indiana Gubernatorial candidate Mike Braun reportedly missed a spending package vote early Saturday morning.

Braun’s officials also reported that he had a seat on a 9:35 p.m. flight to Washington D.C. The team added that Braun decided to skip the flight and stay in Indiana because no votes were scheduled at the time.

I like this bean. It's smooth, and I usually like roasts with chocolate notes.

I'm also cheap. This is around .50 cents US per once.

Do you have a favorite bean that's medium/smooth, and also in the .50 range that can be ordered online?

My local roasters are all around a dollar per once and I haven't found anything that was so good, I couldn't go back to this for half the cost, so I do them as a special occasion.