Re: Jenkins amplification

On Tue, Feb 4, 2020 at 11:15 AM Mike Meredith wrote: > > On Mon, 3 Feb 2020 16:13:34 -0500, Christopher Morrow > may have written: > > My experience, and granted it's fairly scoped, is that this sort of thing > > works fine for a relatively small set of 'persons' and 'resources'. > > Seeing as ma

Re: Jenkins amplification

On Mon, 3 Feb 2020 16:13:34 -0500, Christopher Morrow may have written: > My experience, and granted it's fairly scoped, is that this sort of thing > works fine for a relatively small set of 'persons' and 'resources'. Seeing as managing this sort of thing is my primary job these days ... > it en

Re: Jenkins amplification

On Mon, 3 Feb 2020 10:55:35 -0800 (PST) Sabri Berisha wrote: > - On Feb 3, 2020, at 10:35 AM, Christopher Morrow > morrowc.li...@gmail.com wrote: > > > On Mon, Feb 3, 2020 at 1:26 PM William Herrin > > wrote: > > >> VPN. > > > > I love it when my home network gets full access to the c

Re: Jenkins amplification

It really depends on how much control the employer really needs. In a tightly-knit two-site company where the tech guy probably is the reason the boss hired the grunt half way across the province, friends don't generally let friends down like that, and you really don't have to have that sort of

Re: Jenkins amplification

>>> good golly, so glad everyone's enterprise is a hard candy version of same. >>> no need for these remote workers, or discontiguous offices, or >>> 'internet centric workforces'. >> >> VPN. > > I love it when my home network gets full access to the corporate network! make things simpler and L2

Re: Jenkins amplification

https://en.wikipedia.org/wiki/PfSense In November 2017, a World Intellectual Property Organization panel found that Netgate, the copyright holder of pfSense, had been using the domain opnsense.com in bad faith to discredi

Re: Jenkins amplification

On Mon, Feb 3, 2020 at 2:34 PM Matt Harris wrote: > > On Mon, Feb 3, 2020 at 12:50 PM Christopher Morrow < > morrowc.li...@gmail.com> wrote: > >> >> Sorry, to be a little less flippant and a bit more productive: >> "I don't think every remote endpoint needs full access (or even some >> compromi

Re: Jenkins amplification

Jean, Do you have facts to support this claim? Signed, A happy pfSense user. On Mon, Feb 3, 2020, 12:42 PM Jean | ddostest.me via NANOG wrote: > Netgate bought Pfsense and they already started to destroy it. > > You should consider to switch to Opnsense. > > On 2020-02-03 14:34, Matt Harris

Re: Jenkins amplification

Netgate bought Pfsense and they already started to destroy it. You should consider to switch to Opnsense. On 2020-02-03 14:34, Matt Harris wrote: fSense on a VM with relatively minimal resources running your VPNs works very well

Re: Jenkins amplification

On 2/3/20 10:48 AM, Christopher Morrow wrote: Sorry, to be a little less flippant and a bit more productive: "I don't think every remote endpoint needs full access (or even some compromise based on how well you can/can't scale your VPN box's policies) access to the internal network. I think

Re: Jenkins amplification

On Mon, Feb 3, 2020 at 12:50 PM Christopher Morrow wrote: > > Sorry, to be a little less flippant and a bit more productive: > "I don't think every remote endpoint needs full access (or even some > compromise based on how well you can/can't scale your VPN box's > policies) access to the interna

Re: Jenkins amplification

On Mon, Feb 3, 2020 at 1:55 PM Sabri Berisha wrote: > > - On Feb 3, 2020, at 10:35 AM, Christopher Morrow morrowc.li...@gmail.com > wrote: > > > On Mon, Feb 3, 2020 at 1:26 PM William Herrin wrote: > > >> VPN. > > > > I love it when my home network gets full access to the corporate network!

Re: Jenkins amplification

On Mon, Feb 3, 2020 at 12:50 PM Christopher Morrow wrote: > On Mon, Feb 3, 2020 at 1:35 PM Christopher Morrow Matt Harris|CIO 816-256-5446|Direct Looking for something? Helpdesk Portal|Email Support|Billing Portal We build and deliver innovative IT solutions. > wrote: > > > > On Mon, Feb 3, 202

Re: Jenkins amplification

- On Feb 3, 2020, at 10:35 AM, Christopher Morrow morrowc.li...@gmail.com wrote: > On Mon, Feb 3, 2020 at 1:26 PM William Herrin wrote: >> VPN. > > I love it when my home network gets full access to the corporate network! Most places I've worked at issue company controlled laptops with co

Re: Jenkins amplification

On Mon, Feb 3, 2020 at 1:35 PM Christopher Morrow wrote: > > On Mon, Feb 3, 2020 at 1:26 PM William Herrin wrote: > > > > On Mon, Feb 3, 2020 at 10:24 AM Christopher Morrow > > wrote: > > > On Mon, Feb 3, 2020 at 11:45 AM Harald Koch wrote: > > > > Jenkins, like a zillion other developer-orient

Re: Jenkins amplification

On Mon, Feb 3, 2020 at 1:26 PM William Herrin wrote: > > On Mon, Feb 3, 2020 at 10:24 AM Christopher Morrow > wrote: > > On Mon, Feb 3, 2020 at 11:45 AM Harald Koch wrote: > > > Jenkins, like a zillion other developer-oriented tools, should never be > > > deployed Internet-facing. > > > Reflect

Re: Jenkins amplification

On Mon, Feb 3, 2020 at 10:24 AM Christopher Morrow wrote: > On Mon, Feb 3, 2020 at 11:45 AM Harald Koch wrote: > > Jenkins, like a zillion other developer-oriented tools, should never be > > deployed Internet-facing. > > Reflection attacks inside an enterprise are handled by HR. :) > > good goll

Re: Jenkins amplification

On Mon, Feb 3, 2020 at 11:45 AM Harald Koch wrote: > > Jenkins, like a zillion other developer-oriented tools, should never be > deployed Internet-facing. > > Reflection attacks inside an enterprise are handled by HR. :) good golly, so glad everyone's enterprise is a hard candy version of same.

Re: Jenkins amplification

Jenkins, like a zillion other developer-oriented tools, should never be deployed Internet-facing. Reflection attacks inside an enterprise are handled by HR. :) -- Harald Koch c...@pobox.com

Jenkins amplification

FYI https://nvd.nist.gov/vuln/detail/CVE-2020-2100 A nice description: https://mobile.twitter.com/Foone/status/1223063275996213248 May you live in interesting times. Do not postpone a software update if Jenkins is deployed somewhere in your network. -- Töma