Saik0

you would realise security even without the cloud is critical to protecting systems

Wazuh, the software I specifically called out. Is not “cloud”. They offer a cloud service, yes (that’s how they make money, on lazy admins or orgs that are too small to house their own infra). But it is self-hosted and designed to be run within the network.

You clearly have no idea what the current security market looks like. Nor what half of the terms you use actually mean.

Edit: Forgot to address this too

Virtualising every single system endpoint is practically impossible, which Wazuh seems to rely on.

No. The agent can be installed on ANY system. They recommend you install the orchestration/control node virtualized, which you don’t have to do. You can install it on a raw system though that would be a huge waste of resources. You seem to have missed that.

It is clear what you engaged in was attempting to malign all Lemmy.ml and lemmygrad.ml users

By pointing out the correct answer to a persons question?

Are you okay? You realize that my answer was basically the same as the other answer given by the lemmy.ml user in a different part of the thread. Just not an essay’s worth of content when a sentence is sufficient.

You are a piece of shit. If Kiwifarms goes after people like you

So a call to action to dox people? Why are you threatening people and calling them names? Aren’t you a mod? I mean you might have a case or argument if the votes weren’t kept on the platform itself.

The latter is beyond lacking in open source ecosystem

And yet software like Wazuh (https://github.com/wazuh) exist… Which are complete SIEM and XDR platform. Which does more than any antivirus could ever dream to do. But somehow OSS security is lacking? Sounds like you haven’t looked at the security field seriously in decades. Kaspersky doesn’t lead the pack in anything and it isn’t in a “level field”. Quite the contrary Antivirus as a concept has been commodified in IT. They’re all generally drop in replacements for each other and are not what is actually used to prove to security auditors that systems are secure. You may get %1 detection differences between platforms or maybe an update 30 minutes or an hour earlier. This is generally meaningless and the modern tools actually used to prove security go way deeper than an antivirus.

Lying to yourself is never going to solve problems.

Seems to work for you though?

Nothing you do on ANY activitypub-based platform is “private”. This platform is outright public. A bit disappointing that you still haven’t figured it out, especially as someone who purports to care about privacy in any capacity.

Removed by mod

Because being critical of a Russian company = racism. At least according to lemmy.ml and lemmygrad.ml users.

Removed by mod

Well that’s a bit of the point of my post… why are you making it out like disabling the 2fa app matters?

Edit: Swype typos!

What a great addition to the conversation. Congratulations! You’ve still addressed nothing!

Because that shit only works in fantasy land.

Glad to know my company, and the companies I contract for are fantasy land then.

employees WILL expect support

And they will get it if they use the company default options.

Nothing about this is losing. I’m CIO for 3 separate companies (2 by contract). None of them have issues with this type of policy. We do bare minimum to not limit the toolset they can use and support a specific set of tools that we like the best. That’s it. Those who are smart enough to use their own tools clearly know enough about IT to make good decisions that we can trust. The rest use the default tools… and we support those tools explicitly.

More importantly, we’re not shitting on those who ARE making good decisions overall, but just have a preference. That makes the employees feel heard and keeps them happy. Keeping them happier keeps everyone more productive.

This is disingenuous though… You can simply reset the TOTP seed on any account to achieve the same operation. We use AuthLite on a local domain… I can disable an account domain-wide by simply resetting the TOTP seed or disabling the account. Using an Azure domain and MS app doesn’t add any value in that regards. All of the online office stuff can be linked onto a local domain as well and would also be disabled.

I’m pushing to make us exclusive because I’m sick of the IT support guys trying to support a dozen apps.

While I understand this… Why not just refuse to support and NOT remove the capability for all those who don’t need support and work just fine with their own? It’s not like TOTP isn’t a solved problem at this point.

Eg. “we only support MS auth, If you choose to use your own you will not receive any company support.”

Not sure I understand what the faraday cage would accomplish. It’s the companies device. You’d be skipping this presumption outlined earlier in the thread

they are entitled and expected to track it as much as my work laptop or any other company equipment.

Leaving the work phone at work is a valid answer to me. Assuming that doesn’t actually come with any other downsides (working offsite and having to return to the office on unpaid time just to drop off the phone for example).

Or I brought up a point that you didn’t consider, and rather than addressing it you need to resort to low level ad hominem. You contradicted yourself. Either explain the contradiction or move on. There’s no point in this comment unless you’re attempting to discredit me without reason which just makes you look bad.

Your point is illogical.

You stated

they are entitled and expected to track it

Just to turn around and back-peddle

If I don’t want them tracking me I just turn it off

Are they entitled to it or not? If they’re entitled, then why do you have a right to cut it off? I’d argue they have no right to it to track me off hours at all… regardless of the device used. u2f tokens like yubikey would be just as sufficient for 2fa with none of the tracking.

The point is that the phone will be tracking 24/7 regardless of your actual availability.

This whole discussion is about a government forcing Proton mail to take actions. Telling me to “read up on pfs” is irrelevant by your own admission. ProtonMail can be compelled to give up their keys, or to hand them over for all current/future transactions.

So once again…

“read up on pfs”
“Pfs doesn’t matter”
Literally this post.

You cannot rely on MTAs to transmit ANYTHING securely in the context of this discussion. Period. There is no E2E when there’s an MTA involved unless you’re doing GPG/PGP or S/MIME. Nobody does this though… Like literally nobody. I’ve got both setup and have NEVER had an encrypted email go through because nobody else does it. It doesn’t matter what Proton claims to support.

That’s it. Telling anyone to read up on anything when they’re 100% correct is asinine.

Email in transit is not encrypted. At least not encrypted by anything that the government can’t compel the company to hand over.

Edit:

Email in transit is not encrypted. At least not encrypted by anything that the government can’t compel the company to hand over.

This is what I originally said. It was clear. I don’t know why you’re arguing otherwise.

“read up on pfs”
“Pfs doesn’t matter”

Literally this post.

Proton would have the key. A government that is already compelling them to hand over your account can simply be compelled to provide the TLS keys. The point is that government doesn’t have to compel proton for at rest storage, but can compel for in transit interception.

Email in transit is not encrypted. At least not encrypted by anything that the government can’t compel the company to hand over. Your password as best can only lockdown the mailbox itself. Not the receipt/sending of emails.

Edit: The point being is that if you’re a person of interest, the government can just watch your activity until they get what they want. And Proton doesn’t really have anything they can do about it other than a canary page I suppose.

Edit2: to make it even more clear, I’m talking about MTAs communicating with each other. Proton being one party would have the keys to their side of the communication which is sufficient to decode the whole lot.