General Discussion
  >> Fibre Broadband


Register (or login) on our website and you will not see this ad.


Pages in this thread: 1 | [2] | 3 | 4 | (show all)   Print Thread
Standard User simon194
(experienced) Thu 10-Jan-19 08:52:51
Print Post

Re: Vodafone insisting I use Windows?


[re: RobertoS] [link to this post]
 
The laptops my employer provides can't be booted into safe mode because of the the way the security is set up on them. To access safe mode you need to have a proper IT admin username and password.
Standard User Michael_Chare
(fountain of knowledge) Thu 10-Jan-19 11:51:54
Print Post

Re: Vodafone insisting I use Windows?


[re: deleted] [link to this post]
 
In reply to a post by Dogdiego:
So where do I stand? I'm struggling to believe Vodafone's tech support begins and ends at Windows devices.

From other posts it is clear that Vodafone support staff are able to tell how congested their backhaul links are. You could just ask them about the status of your backhaul and whether it is bad enough for them tom release you from your contract.

Michael Chare
Standard User deleted
(deleted) Thu 10-Jan-19 12:33:52
Print Post

Re: Vodafone insisting I use Windows?


[re: Michael_Chare] [link to this post]
 
This is the angle I originally wanted to go at. I suppose it's fortunate (!) that my sync speeds are below minimum otherwise I'd be feeling pretty stuck.

When they do get in touch though, I'll definitely be asking them. Not sure whether they'll be up front and honest enough to state I'm allowed to leave the contract though.


Register (or login) on our website and you will not see this ad.

Standard User fredfox
(experienced) Thu 10-Jan-19 21:42:14
Print Post

Re: Vodafone insisting I use Windows?


[re: RobertoS] [link to this post]
 
Many, many companies have their own build of Windows, many manufactures will load a build developed by the company on the devices straight from the plant, I've done it with Dell, HP and IBM (Lenovo now). There are so many reasons to install a customised / locked down version of Windows on kit your employees will be used.

Turning off safe mode access is trivial.

Pipex
Nildram
UKFSN
Be *
Xilo / Uno
Now -> Zen and BT

Fibre is here ! FTTP smile
Standard User RobertoS
(elder) Thu 10-Jan-19 21:47:40
Print Post

Re: Vodafone insisting I use Windows?


[re: fredfox] [link to this post]
 
Seeing as I'm more that slightly over-ruled, and don't doubt that I'm wrong, I shan't be arguing smile.

My broadband basic info/help site - www.robertos.me.uk. Domains, site and mail hosting - Tsohost.
Connection - Three 4G, tbb tests 35-45Mpbs down, 9-15 up.
==================================================
If you never think of anything off the wall, you'll never think of anything original.
Standard User ukhardy07
(knowledge is power) Fri 11-Jan-19 01:09:53
Print Post

Re: Vodafone insisting I use Windows?


[re: RobertoS] [link to this post]
 
I go into 10 to 20+ major orgs per year for various reasons in the cybersecurity field. The larger organisations (think companies as big as Microsoft):

Standard build would include:
1) Bios lock of some sorts
2) Bitlocker startup key mandatory on first boot - user must setup a personal PIN. The OS will not even launch if the PIN is not entered correct.
3) Bitlocker full disk encryption
4) Group policy "displaybootmenu" set to no - disables safe mode etc. Also no bootable options from CD/USB/Network.
5) Location tracking of some sorts.
6) No local administrator accounts or other default / generic user accounts. All login is over AD. Privileged user accounts are accessible only via a toolset e.g. cyberark, and must be checked-in and checked-out with a ticket raised. All privileged sessions are recorded and data stored in the vault for audit purposes.
7) WiFi selection preference if a corp network SSID is in range. E.g. some users try to use mobile hotspots (especially in US with unlimited mobile data) to avoid corporate filtering. The device will auto connect to corp SSID whenever in range... This was largely implemented to ensure corp policies + mandatory patching could be applied.
8) Two factor authentication to login to the OS, either fingerprint or an app texting a token in addition to your password (increasing since Win 10 built in this functionality).
9) Increasing use of Windows 10 Windows Information Protection (WIP) / other DLP techs to transparently encrypt business vs personal data.
10) Application whitelisting (often via device guard), to enable only X applications to launch. Non-trusted applications require a service now ticket to be raised, with a managers approval, business justification attached and a periodic recertification required (e.g. after 30 days the user will need to re-request to use the app).
11) USB disabled - increasingly common. Some orgs provide bluetooth mice, keyboards etc only rendering USB useless. Where USB devices are required, flash memory e.g. memory sticks, external HDDs are disabled per group policy. A business justification can be presented, but again periodic recertification is required.
12) unnecessary apps + services disabled
13) No CD/Disk drive and no ability to use external drive via USB
14) Baselining: measuring a standard users data throughput, times online (e.g. 9am to 6pm), website usage etc, flagging where throughput is high e.g. 1Gb data transmission to fileshare site e.g. dropbox would raise an incident ticket, likewise logging in at 1AM may raise an incident ticket to be investigated by a line manager, suspicious website usage e.g. browsing job sites combined with emails containing swear words and buzzwords such as "HR" may raise a flag as a potential disgruntled employee who is a "possible malicious threat actor."

More and more common are "thin clients" or entirely locked down end user laptops, with no functionality other than opening a Citrix VDI instance on boot-up. From here a user will connect utilising an AD credential and a two-factor authentication token, into a VDI instance, from where they access corp resources. Data copying between citrix and the base OS is disabled. For accessing email from home, webmail facility is increasingly disabled, with email access only over the Citrix instance.

BYOD is increasingly common, although in major organisations this is effectively "use any machine to access our Citrix VDI" - hence the user ends up on a corp imaged Windows Box of some sorts, and their BYOD is effectively a "thin client" type scenario. No data will ever reside locally on the BYOD.

Overall, in large organisations it really is big brother is watching. Industry standards such as NIST-CSF are increasingly pushing organisations to invest more and more, as the board sets a risk appetite of "risk averse" and the organisation begins huge investment to reach a 3 / 4 on the NIST-CSF maturity scale.

I work for a major consulting firm, and we have had a vast majority of the above since around 2014. Booting a CD/USB/Ethernet, entering a boot menu, entering the bios, and bitlocker PIN to unlock the hard-drive at all has been mandated since 2015. When I press the power button on my work laptop I am greeted with this: https://www.howtogeek.com/262720/how-to-enable-a-pre...

Enter the PW wrong 3 times, you are locked out, and a service desk call is required, alongside some "proof" you are a genuine user. Often HR verification or a manager to approve you are in-fact locked out. Once you type in the bitlocker pin, it is all secureboot etc, so you can only go into the standard OS.

Absence of knowledge of the PIN / ability for service desk to unlock the device, you can do literally nothing. There is not a single key that will do anything.

Edited by ukhardy07 (Fri 11-Jan-19 01:19:22)

Standard User deleted
(deleted) Fri 11-Jan-19 07:44:16
Print Post

Re: Vodafone insisting I use Windows?


[re: deleted] [link to this post]
 
Just as way of an update, Tech2 have agreed to send an engineer on Monday to look at why my sync speed is lower than the minimum guaranteed.

I tried to talk to them about congestion/slow single thread downloads but she wasn't interested/she didn't know, so that will have to wait for another time.
Standard User fredfox
(experienced) Fri 11-Jan-19 11:22:20
Print Post

Re: Vodafone insisting I use Windows?


[re: ukhardy07] [link to this post]
 
If there was a "like" button I'd click it smile

Pipex
Nildram
UKFSN
Be *
Xilo / Uno
Now -> Zen and BT

Fibre is here ! FTTP smile
Standard User kitcat
(experienced) Fri 11-Jan-19 14:34:49
Print Post

Re: Vodafone insisting I use Windows?


[re: ukhardy07] [link to this post]
 
ukhardy0.

Sound very familiar!

My work laptops were like this from circa 2010 except the USB bar. We had to have bitlocker on the USB sticks as well as we needed to occasionally move data from a secure ( ringfenced) device to the corporate network for analysis. ( if you forgot the USB pin it wiped itself of all data!)

It was a disciplinary offence to connect a machine to both networks (Red and green side) at once..
Standard User deleted
(deleted) Mon 14-Jan-19 09:25:20
Print Post

Re: Vodafone insisting I use Windows?


[re: deleted] [link to this post]
 
So Openreach came round this morning. Told me there's no fault on the line and it still sits at 53.1mb, so below the 54mb guaranteed.

I could tell he was mega annoyed at having to come out and waste time at trying to problem solve 0.9mb worth of dropped speed but - that isn't my problem.

I also mentioned to him congestion on an evening in the hope of getting a sympathetic ear - wow - I wish I hadn't. He then gave me this analogy about buying a car that could do 70mph, but when I went on a busy motorway I could only do 20mph... If I took it back to the garage, what would they say?

Speechless.
Pages in this thread: 1 | [2] | 3 | 4 | (show all)   Print Thread

Jump to