We have a new technology coming online with all the popular web browsers. It is called DNS over HTTPS or DoH. The concept is instead of using your internal DNS to resolve web pages, the web browser goes back to an external DNS site to resolve the page.
“Treat your password like your toothbrush. Don’t let anyone else use it and change it every six months” -Clifford Stoll Password security is always on our minds. The NYS Comptroller’s Office technology audits love to list this in audit reports as an area that needs improvement.
I wanted to update you on the Microsoft authentication issues caused by the May patches. This only potentially affects Microsoft Domain Controllers. More specifically it only affects Domain Controllers that are using certificates in any way for some form of authentication.
Last week I talked about the importance of Cloud Backup in our new remote teaching and learning and back-office school environments. This week I am going to talk about secure and reliable communications. The reality is that the number one threat to your network is your users clicking on attachments or web links that lead […]
Disk encryption is growing in popularity as a means of better-securing laptops and desktops. Microsoft is offering BitLocker natively in Windows 10. Microsoft Endpoint Configuration Manager has a built-in BitLocker Administration console. If you don’t have SCCM, then Microsoft offers the MBAM console to manage encryption.
For the last few years Microsoft has been talking about “Modern” this or “Modern” that. In the quest for improved security they are agressively trying to move everyone to more modern protocols. The impending LDAPS changes are an example of this. However, there are more processes and protocols that they are urging you to retire.
I constantly harp on denying the bad guys access to your network, and if they are inside already, denying lateral movement. At the last Tech Talk, I mentioned that I am watching many of the Paladin Sentinel Monitoring sites just RDP into all the servers with the true Domain Admin Administrator ID – just like […]
We have spent two decades linking all sorts of servers and processes to Active Directory for “ease of use”. Sadly ease of use now can also mean “ease of hacking”. Therefore, we must be much more critical of when integration is genuinely helpful (LDAP for instance), vs.
The reality of many K-12 school districts is that you either have handed out or are handing out laptops to teachers and critical staff to get through this quarantine. All those great tools you had been using: WSUS, SCCM, and KACE are now functionally useless for those remote users.