121·
1 day agoI don’t deal with hardware much anymore, but I’d take Aruba over Cisco any day. But for everything else, yeah fuck HP.
- 0 Posts
- 4 Comments
Joined 2 years ago
Cake day: June 15th, 2023
You are not logged in. If you use a Fediverse account that is able to follow users, you can follow this user.
13·4 days agoI’m Ron Burgundy?
6·4 days agoNothing you said is wrong, in fact it’s all good advice. But none of what you listed implicitly provides protection against ransomware either.
For that you need backups that are immutable. That is, even you as the admin cannot alter, encrypt, or delete them because your threat model should assume full admin account compromise. There are several onprem solutions for it and most of the cloud providers offer immutable storage now too.
And at the very least, remove AD SSO from your backup software admin portals (and hypervisors); make your admins use a password safe.
This is a good answer.
To add, for Linux kernels, the maintainer use a shim EFI package with the distro’s keys (e.g., Canonical’s keys for Ubuntu) which loads the maintainer-signed kernel. And Microsoft signs the shim to keep the chain intact.