Normally, readers just create the new topic to discuss the particular news. While this topics is for digest love/hate type of feedback
-
- Chief Product Officer
- Posts: 31806
- Liked: 7300 times
- Joined: Jan 01, 2006 1:01 am
- Location: Baar, Switzerland
- Contact:
Re: Gostev's forum digest
-
- Enthusiast
- Posts: 32
- Liked: 5 times
- Joined: Oct 16, 2014 11:29 am
- Contact:
Re: Gostev's forum digest
In the last weeks, i‘m not receiving the mail with the digest anymore
I checked my preferences and all checked, but no mail for my monday morning coffee
I checked my preferences and all checked, but no mail for my monday morning coffee
-
- Enthusiast
- Posts: 76
- Liked: 16 times
- Joined: Oct 27, 2017 5:42 pm
- Full Name: Nick
- Contact:
Re: Gostev's forum digest
FWIW I received mine last night: Sent Sun 1/5/2020 7:38 PM EST
Spam filter maybe?
Spam filter maybe?
-
- Chief Product Officer
- Posts: 31806
- Liked: 7300 times
- Joined: Jan 01, 2006 1:01 am
- Location: Baar, Switzerland
- Contact:
Re: Gostev's forum digest
@ottl05 it would appear the email was erroneously rejected by your email server (despite that it contains valid signature and the server is present in SPF). I will DM your the log. Thanks!
-
- Service Provider
- Posts: 76
- Liked: 7 times
- Joined: Dec 17, 2012 4:39 pm
- Full Name: Lasse Osterild
- Location: Denmark
- Contact:
Re: Gostev's forum digest
Yet more Linux b.s. from Gostev in today's forum digest.
"Microsoft has released Sysmon for Linux last week and this is a big deal. Many security experts agree that Linux is a security visibility blackhole, which is something smart hackers know and leverage in their attacks. It's too easy to hack some unpatched and/or poorly secured 3rd party virtual or physical appliance and use that box as the "forward base" to study the entire environment while remaining undetected for as long as needed. Compare that with Windows, where detection capabilities are very strong and every worthwhile admin knows how to use Sysinternals tools to ensure their systems are clean from malicious inhabitants."
Who are these alleged security experts?
"It's too easy to hack some unpatched and/or poorly secured 3rd party virtual or physical appliance"
Doesn't matter which operating system it is - if the vendor is a muppet then you may have an issue. Also, just because it's an appliance doesn't mean it's poorly patched, unsecured or unable to be patched easily. From previous forum threads it's obvious Veeam struggles to build Linux appliances, but it's really not that complicated.
Using eBPF to monitor your Linux system in terms of security is nothing new, there are lots of products and companies using eBPF for this purpose. Hopefully Microsofts Sysinternals for Linux will have less security holes than their Azure OMI agents.
That being said, if people would use SELinux instead of disabling it, you have a VERY secure system, it doesn't help that Veeam themselves literally tell their customers that it's ok to disable SELinux https://www.veeam.com/kb2986 .
It may be that detection capability in Windows are strong, but it hardly matters because the average Windows admin has no clue so it goes unsused and unnoticed. And yes I agree that "worthwhile admin knows how to use Sysinternals tools", it's just a shame there are so few of them.
"Microsoft has released Sysmon for Linux last week and this is a big deal. Many security experts agree that Linux is a security visibility blackhole, which is something smart hackers know and leverage in their attacks. It's too easy to hack some unpatched and/or poorly secured 3rd party virtual or physical appliance and use that box as the "forward base" to study the entire environment while remaining undetected for as long as needed. Compare that with Windows, where detection capabilities are very strong and every worthwhile admin knows how to use Sysinternals tools to ensure their systems are clean from malicious inhabitants."
Who are these alleged security experts?
"It's too easy to hack some unpatched and/or poorly secured 3rd party virtual or physical appliance"
Doesn't matter which operating system it is - if the vendor is a muppet then you may have an issue. Also, just because it's an appliance doesn't mean it's poorly patched, unsecured or unable to be patched easily. From previous forum threads it's obvious Veeam struggles to build Linux appliances, but it's really not that complicated.
Using eBPF to monitor your Linux system in terms of security is nothing new, there are lots of products and companies using eBPF for this purpose. Hopefully Microsofts Sysinternals for Linux will have less security holes than their Azure OMI agents.
That being said, if people would use SELinux instead of disabling it, you have a VERY secure system, it doesn't help that Veeam themselves literally tell their customers that it's ok to disable SELinux https://www.veeam.com/kb2986 .
It may be that detection capability in Windows are strong, but it hardly matters because the average Windows admin has no clue so it goes unsused and unnoticed. And yes I agree that "worthwhile admin knows how to use Sysinternals tools", it's just a shame there are so few of them.
-
- Lurker
- Posts: 2
- Liked: never
- Joined: Jul 01, 2020 11:51 am
- Full Name: Mark Seaton-Fry
- Contact:
Re: Gostev's forum digest
Hearing that the most popular cheap NAS has issues with data loss, would this be Synology by any chance? Don't want to not know when we have some of those units out there holding backups!
-
- Service Provider
- Posts: 372
- Liked: 120 times
- Joined: Nov 25, 2016 1:56 pm
- Full Name: Mihkel Soomere
- Contact:
Re: Gostev's forum digest
Probably Gostev is referring to this tweet: https://twitter.com/GossiTheDog/status/ ... 79489?s=20
I think you missed the point a bit. Or to add a bit to your last paragraph:
Windows has pretty user/admin friendly detection tools. eBPF is a cool but hard to approach without some kind of intermediate tool to simplify the interface. Tools exist but aren't that well known and IMHO much less used than similar interfaces on Windows. Often Linux is blindly assumed to be safe by default, regardless of how it's configured - Windows is known target for threat actors so it's often better defended.
I think you missed the point a bit. Or to add a bit to your last paragraph:
Windows has pretty user/admin friendly detection tools. eBPF is a cool but hard to approach without some kind of intermediate tool to simplify the interface. Tools exist but aren't that well known and IMHO much less used than similar interfaces on Windows. Often Linux is blindly assumed to be safe by default, regardless of how it's configured - Windows is known target for threat actors so it's often better defended.
-
- Veteran
- Posts: 643
- Liked: 312 times
- Joined: Aug 04, 2019 2:57 pm
- Full Name: Harvey
- Contact:
Re: Gostev's forum digest
> Windows is known target for threat actors so it's often better defended.
I'd argue this I guess. Constantly with clients, we inherit Windows environments that don't even have rudimentary security practices or monitoring in place, and even after implementing them in a hardening series, my team comes back a month or two later to find all the changes reverted because "it was too difficult to use Windows like this."
Windows' permissions handling is a mess and not even Microsoft themselves seems to fully understand their model well. Combine this with opaque GPOs, and it's no wonder people just turn a lot of this stuff off. For workstations, it's mostly enough to lock it down since the users aren't running infrastructure anyways and don't need wide permissions, but for servers, System Admins themselves often cannot figure out a balance of usability and security. I think this is further stressed by licensing and too many multipurpose servers, with IT teams trying to squeeze as much out of every Windows license they can to keep costs down. When this happens, you end ups with far too many competing security levels from the different roles for a server, it becomes a nightmare to manage, and eventually people just give up trying to make it work.
With Linux at least, you can more easily isolate systems since there isn't an inherent license cost in just spinning up another linux box (in most cases). That proper linux security and linux admins are pretty rare is another story entirely.
But I would not say that Windows is better defended; quite the opposite. I think in general it ends up pretty open just because security in Windows makes it inoperable for a lot of people.
I'd argue this I guess. Constantly with clients, we inherit Windows environments that don't even have rudimentary security practices or monitoring in place, and even after implementing them in a hardening series, my team comes back a month or two later to find all the changes reverted because "it was too difficult to use Windows like this."
Windows' permissions handling is a mess and not even Microsoft themselves seems to fully understand their model well. Combine this with opaque GPOs, and it's no wonder people just turn a lot of this stuff off. For workstations, it's mostly enough to lock it down since the users aren't running infrastructure anyways and don't need wide permissions, but for servers, System Admins themselves often cannot figure out a balance of usability and security. I think this is further stressed by licensing and too many multipurpose servers, with IT teams trying to squeeze as much out of every Windows license they can to keep costs down. When this happens, you end ups with far too many competing security levels from the different roles for a server, it becomes a nightmare to manage, and eventually people just give up trying to make it work.
With Linux at least, you can more easily isolate systems since there isn't an inherent license cost in just spinning up another linux box (in most cases). That proper linux security and linux admins are pretty rare is another story entirely.
But I would not say that Windows is better defended; quite the opposite. I think in general it ends up pretty open just because security in Windows makes it inoperable for a lot of people.
-
- Service Provider
- Posts: 372
- Liked: 120 times
- Joined: Nov 25, 2016 1:56 pm
- Full Name: Mihkel Soomere
- Contact:
Re: Gostev's forum digest
Yeah... can't argue with that. But I guess our prespectives are different. Most small shops do squeeze everything into one box, no so much in larger enterprises (Datacenter licensing etc). IMHO enterprise Windows systems are far more often closely monitored and guarded than Linux ones. In my experience there's a minimum company size threshold when you start caring about security at all and when you do, focus is mostly on Windows. Smaller shops may also use Linux but these systems are IMHO basically neglected.
In context of original argument: I know quite a few places that run Sysmon on clients and/or servers, however I know no place that would run anything similar on Linux (even much larger places than those running Sysmon).
In context of original argument: I know quite a few places that run Sysmon on clients and/or servers, however I know no place that would run anything similar on Linux (even much larger places than those running Sysmon).
-
- Enthusiast
- Posts: 63
- Liked: 9 times
- Joined: Nov 29, 2016 10:09 pm
- Contact:
Re: Gostev's forum digest
Gostev said
But mentioned the data losses seems unrelated to backup role. Or are they? And if not, is low-end NAS evil for any data storage, because it corrupts stored data?"So if this does not convince you to finally stop deploying low-end NAS for your backup storage, then I don't know what else will. Honestly, I don't even know why they are still on the table after so many years of us recommending against using them... especially when our users admit that the cost difference of going with a general-purpose server is negligible but the benefits go well beyond just having a storage you can trust"
-
- Chief Product Officer
- Posts: 31806
- Liked: 7300 times
- Joined: Jan 01, 2006 1:01 am
- Location: Baar, Switzerland
- Contact:
Re: Gostev's forum digest
Of course. However, on most of the file formats low-end NAS typically store, these silent data corruptions are completely unnoticeable.
-
- Enthusiast
- Posts: 63
- Liked: 9 times
- Joined: Nov 29, 2016 10:09 pm
- Contact:
Re: Gostev's forum digest
This is disturbing as such info really changes the general way how to look on lowend NASes. I used to look on their RAID with trust. Thanks
Who is online
Users browsing this forum: esteven and 330 guests