Comprehensive data protection for all workloads
Gostev
Chief Product Officer
Posts: 31806
Liked: 7300 times
Joined: Jan 01, 2006 1:01 am
Location: Baar, Switzerland
Contact:

Re: Gostev's forum digest

Post by Gostev »

Anguel wrote: Dec 13, 2019 3:58 pmBtw, is there any "official" feedback channel if there is something really important regarding the digest? Or is this thread the right place?
Normally, readers just create the new topic to discuss the particular news. While this topics is for digest love/hate type of feedback :D
ottl05
Enthusiast
Posts: 32
Liked: 5 times
Joined: Oct 16, 2014 11:29 am
Contact:

Re: Gostev's forum digest

Post by ottl05 »

In the last weeks, i‘m not receiving the mail with the digest anymore 😳
I checked my preferences and all checked, but no mail for my monday morning coffee :-(
Nick-SAC
Enthusiast
Posts: 76
Liked: 16 times
Joined: Oct 27, 2017 5:42 pm
Full Name: Nick
Contact:

Re: Gostev's forum digest

Post by Nick-SAC »

FWIW I received mine last night: Sent Sun 1/5/2020 7:38 PM EST

Spam filter maybe?
Gostev
Chief Product Officer
Posts: 31806
Liked: 7300 times
Joined: Jan 01, 2006 1:01 am
Location: Baar, Switzerland
Contact:

Re: Gostev's forum digest

Post by Gostev »

@ottl05 it would appear the email was erroneously rejected by your email server (despite that it contains valid signature and the server is present in SPF). I will DM your the log. Thanks!
lasseoe
Service Provider
Posts: 76
Liked: 7 times
Joined: Dec 17, 2012 4:39 pm
Full Name: Lasse Osterild
Location: Denmark
Contact:

Re: Gostev's forum digest

Post by lasseoe »

Yet more Linux b.s. from Gostev in today's forum digest.

"Microsoft has released Sysmon for Linux last week and this is a big deal. Many security experts agree that Linux is a security visibility blackhole, which is something smart hackers know and leverage in their attacks. It's too easy to hack some unpatched and/or poorly secured 3rd party virtual or physical appliance and use that box as the "forward base" to study the entire environment while remaining undetected for as long as needed. Compare that with Windows, where detection capabilities are very strong and every worthwhile admin knows how to use Sysinternals tools to ensure their systems are clean from malicious inhabitants."

Who are these alleged security experts?

"It's too easy to hack some unpatched and/or poorly secured 3rd party virtual or physical appliance"
Doesn't matter which operating system it is - if the vendor is a muppet then you may have an issue. Also, just because it's an appliance doesn't mean it's poorly patched, unsecured or unable to be patched easily. From previous forum threads it's obvious Veeam struggles to build Linux appliances, but it's really not that complicated.

Using eBPF to monitor your Linux system in terms of security is nothing new, there are lots of products and companies using eBPF for this purpose. Hopefully Microsofts Sysinternals for Linux will have less security holes than their Azure OMI agents.
That being said, if people would use SELinux instead of disabling it, you have a VERY secure system, it doesn't help that Veeam themselves literally tell their customers that it's ok to disable SELinux https://www.veeam.com/kb2986 .

It may be that detection capability in Windows are strong, but it hardly matters because the average Windows admin has no clue so it goes unsused and unnoticed. And yes I agree that "worthwhile admin knows how to use Sysinternals tools", it's just a shame there are so few of them.
marksf
Lurker
Posts: 2
Liked: never
Joined: Jul 01, 2020 11:51 am
Full Name: Mark Seaton-Fry
Contact:

Re: Gostev's forum digest

Post by marksf »

Hearing that the most popular cheap NAS has issues with data loss, would this be Synology by any chance? Don't want to not know when we have some of those units out there holding backups!
DonZoomik
Service Provider
Posts: 372
Liked: 120 times
Joined: Nov 25, 2016 1:56 pm
Full Name: Mihkel Soomere
Contact:

Re: Gostev's forum digest

Post by DonZoomik » 1 person likes this post

Probably Gostev is referring to this tweet: https://twitter.com/GossiTheDog/status/ ... 79489?s=20
I think you missed the point a bit. Or to add a bit to your last paragraph:
Windows has pretty user/admin friendly detection tools. eBPF is a cool but hard to approach without some kind of intermediate tool to simplify the interface. Tools exist but aren't that well known and IMHO much less used than similar interfaces on Windows. Often Linux is blindly assumed to be safe by default, regardless of how it's configured - Windows is known target for threat actors so it's often better defended.
soncscy
Veteran
Posts: 643
Liked: 312 times
Joined: Aug 04, 2019 2:57 pm
Full Name: Harvey
Contact:

Re: Gostev's forum digest

Post by soncscy »

> Windows is known target for threat actors so it's often better defended.

I'd argue this I guess. Constantly with clients, we inherit Windows environments that don't even have rudimentary security practices or monitoring in place, and even after implementing them in a hardening series, my team comes back a month or two later to find all the changes reverted because "it was too difficult to use Windows like this."

Windows' permissions handling is a mess and not even Microsoft themselves seems to fully understand their model well. Combine this with opaque GPOs, and it's no wonder people just turn a lot of this stuff off. For workstations, it's mostly enough to lock it down since the users aren't running infrastructure anyways and don't need wide permissions, but for servers, System Admins themselves often cannot figure out a balance of usability and security. I think this is further stressed by licensing and too many multipurpose servers, with IT teams trying to squeeze as much out of every Windows license they can to keep costs down. When this happens, you end ups with far too many competing security levels from the different roles for a server, it becomes a nightmare to manage, and eventually people just give up trying to make it work.

With Linux at least, you can more easily isolate systems since there isn't an inherent license cost in just spinning up another linux box (in most cases). That proper linux security and linux admins are pretty rare is another story entirely.

But I would not say that Windows is better defended; quite the opposite. I think in general it ends up pretty open just because security in Windows makes it inoperable for a lot of people.
DonZoomik
Service Provider
Posts: 372
Liked: 120 times
Joined: Nov 25, 2016 1:56 pm
Full Name: Mihkel Soomere
Contact:

Re: Gostev's forum digest

Post by DonZoomik »

Yeah... can't argue with that. But I guess our prespectives are different. Most small shops do squeeze everything into one box, no so much in larger enterprises (Datacenter licensing etc). IMHO enterprise Windows systems are far more often closely monitored and guarded than Linux ones. In my experience there's a minimum company size threshold when you start caring about security at all and when you do, focus is mostly on Windows. Smaller shops may also use Linux but these systems are IMHO basically neglected.
In context of original argument: I know quite a few places that run Sysmon on clients and/or servers, however I know no place that would run anything similar on Linux (even much larger places than those running Sysmon).
alesovodvojce
Enthusiast
Posts: 63
Liked: 9 times
Joined: Nov 29, 2016 10:09 pm
Contact:

Re: Gostev's forum digest

Post by alesovodvojce »

Gostev said
"So if this does not convince you to finally stop deploying low-end NAS for your backup storage, then I don't know what else will. Honestly, I don't even know why they are still on the table after so many years of us recommending against using them... especially when our users admit that the cost difference of going with a general-purpose server is negligible but the benefits go well beyond just having a storage you can trust"
But mentioned the data losses seems unrelated to backup role. Or are they? And if not, is low-end NAS evil for any data storage, because it corrupts stored data?
Gostev
Chief Product Officer
Posts: 31806
Liked: 7300 times
Joined: Jan 01, 2006 1:01 am
Location: Baar, Switzerland
Contact:

Re: Gostev's forum digest

Post by Gostev »

Of course. However, on most of the file formats low-end NAS typically store, these silent data corruptions are completely unnoticeable.
alesovodvojce
Enthusiast
Posts: 63
Liked: 9 times
Joined: Nov 29, 2016 10:09 pm
Contact:

Re: Gostev's forum digest

Post by alesovodvojce » 1 person likes this post

This is disturbing as such info really changes the general way how to look on lowend NASes. I used to look on their RAID with trust. Thanks
Post Reply

Who is online

Users browsing this forum: esteven and 330 guests