26 Jun 2022 |
0.Eth3rnal_ | HMmmm | 22:27:08 |
0.Eth3rnal_ | Meee | 22:27:10 |
hinata08 | In reply to @Dezponia:matrix.org I mean what kind of nutjob wouldn't run a local firewall on every device, even internally? :P Companies that consider that the threat is outside | 22:27:25 |
Dezponia | 0.Eth3rnal_: Firewall all the things at all time. Run a local firewall on all devices. Segment the network in VLANs with firewalls inbetween if you're doing anything serious, etc etc :) | 22:28:06 |
hinata08 | Remember notpetya and related attacks on smb v1 ? | 22:28:35 |
hinata08 | Wannacry too | 22:28:35 |
Dezponia | Oh, and KEEP YOUR GOSH DARN MANAGEMENT NETWORK PHYSICALLY SEPARATED AND DISCONNECTED FROM THE INTERNET... you know... unless you hate owning your hardware and would like to donate it to someone else | 22:28:47 |
| * Dezponia wants to slap a lot of people who hook IPMI up to the internet | 22:29:17 |
0.Eth3rnal_ | In reply to @Dezponia:matrix.org 0.Eth3rnal_: Firewall all the things at all time. Run a local firewall on all devices. Segment the network in VLANs with firewalls inbetween if you're doing anything serious, etc etc :) I want to segment any untrusted IOT devices into a diff network with a firewall in between | 22:29:29 |
0.Eth3rnal_ | If i can do that | 22:29:41 |
0.Eth3rnal_ | * If I can do that | 22:29:54 |
0.Eth3rnal_ | I don't have a local firewall on my computer since it was quite annoying to deal with it | 22:30:07 |
0.Eth3rnal_ | So I just disabled it | 22:30:12 |
0.Eth3rnal_ | I am keeping the default firewall in the mikrotik tho | 22:30:24 |
Dezponia | In reply to @klugmathias:matrix.org I want to segment any untrusted IOT devices into a diff network with a firewall in between Neat. You can either do that by having a "personal" and a "IOT" interface on your Mikrotik router, and then plugging them into physically different switches. Or you can invest in a switch that can handle VLANS :) | 22:30:28 |
Dezponia | In reply to @klugmathias:matrix.org So I just disabled it Lul :P | 22:30:45 |
0.Eth3rnal_ | Hmm | 22:30:46 |
Dezponia | That is the stupidity of disabling the MAC system taken to a whole new level, the firewall :P | 22:31:30 |
Dezponia | "File permissions where annoying so I just chmod 777 everything!" :P | 22:31:47 |
Dezponia | * "File permissions were annoying so I just chmod 777 everything!" :P | 22:32:05 |
0.Eth3rnal_ | In reply to @Dezponia:matrix.org That is the stupidity of disabling the MAC system taken to a whole new level, the firewall :P Heh, what does the MAC system do? | 22:33:55 |
Dezponia | Mandatory Access Control. Think SELinux or AppArmor | 22:34:11 |
Dezponia | Not MAC as in the network MAC :) | 22:34:49 |
Dezponia | And not Mac as in the Apple computer :P | 22:34:56 |
Dezponia | The IT world really needs to stop using MAC as an acronym :P | 22:35:12 |
hinata08 | Macbe | 22:37:47 |
0.Eth3rnal_ | In reply to @Dezponia:matrix.org Mandatory Access Control. Think SELinux or AppArmor Well SELinux is annoying and most people turn it off | 22:39:37 |
Dezponia | In reply to @klugmathias:matrix.org Well SELinux is annoying and most people turn it off And most people are stupid :P | 22:39:56 |
0.Eth3rnal_ | And the reason why I disabled the firewall is cuz I have the router firewall | 22:40:09 |
0.Eth3rnal_ | So I know which ports the outside has access to | 22:40:33 |