Security, IT
Jason MIller
EDR Testing and Evaluation is a PITA
General, Security
Jason MIller
If you don’t have IAM(Identity Access ...

IAM (Identity and Access Management) is important because it helps organizations control who has access to their resources, and what actions those users can perform. This is essential for maintaining the security and integrity of sensitive data, and for complying with regulatory requirements. IAM also makes it easier for organizations to manage user access across multiple systems and services, and to quickly revoke access when necessary. Additionally, IAM enables organizations to implement a "least privilege" model, where users only have the permissions they need to do their jobs, which can help prevent accidental or malicious breaches.

If you don’t have IAM(Identity Access Management system) get one!
Culture
Jason MIller
Angry, hurt, and sad

Black lives matter and these are a few of my thoughts

Image credit:[George Floyd’s Death At The Hands Of Police Is A Terrible Echo Of The Past: Code Switch: NPR](https://www.npr.org/2020/05/29/865261916/a-decade-of-watching-black-people-die)

Angry, hurt, and sad
Recaps, General
Jason MIller
2018 A year in review

A 2018 review of my year.

General
Jason MIller
Be wary when traveling

General

,

If you don’t have IAM(Identity Access Management system) get one!

,
If you don’t have IAM(Identity Access Management system) get one!

IAM (Identity and Access Management) is important because it helps organizations control who has access to their resources, and what actions those users can perform. This is essential for maintaining the security and integrity of sensitive data, and for complying with regulatory requirements. IAM also makes it easier for organizations to manage user access across multiple systems and services, and to quickly revoke access when necessary. Additionally, IAM enables organizations to implement a "least privilege" model, where users only have the permissions they need to do their jobs, which can help prevent accidental or malicious breaches.

Be wary when traveling

🛩 🚎 🚆

During this holiday season, people will travel by bus, boat, car, or plane to visit friend and family. While this is the time to turn off work and re-charge your batteries not everyone is afforded that luxury. If you are not afforded that luxury or feel so inclined that you need to use a work or personal device while in such a public space, please use your devices with caution.

Public spaces are precise as stated public. Many people hop on public wifi

  • Airport
  • Bus
  • Train
  • Coffee Shop

First I will address working in these spaces. If possible just don’t do it. The risk associated with connecting to the wrong network, someone shoulder surfing your screen, Laptop or Tablet are high. A simple glance by a stranger they could see a confidential email, spreadsheet, or presentation. While most people are just curious and harmless, traveling themselves to see family and friends, because you don’t know the people involved why risk leaking data accidentally. If you must work, there are mitigation’s to help keep your company and personal data safe.

  • VPN
  • Privacy Screen
  • Adjust Screen Brightness
  • Limit work/browsing session

Virtual Private Network(VPN) is a critical piece of software to ask your IT department to implement or for access if you travel. At a high level, a VPN will help provide encryption of data leaving and coming to your machine. This is important because VPN can make it harder for a malicious individual to view information going or coming into your device.

A privacy screen will help reduce the shoulder surfaces from viewing your screen. Privacy screens make your screen hard to see from certain angles. A privacy screen will not protect every viewing angle but will protect most. Computers today are smart enough to adjust the lighting of your display in comparison with the ambient light in the room. While this is great when you are at home or in the office, dimming your screen will reduce a person’s ability to eavesdrop on your screen.

Keeping your brightness at 50% or less will help protect you. Lastly, limit the type of things you work on in public. Can the presentation about financials or HR related topics wait until you are your destination? Think of the fallout of having someone report seeing that information to your company or worst the media.

Non-sensitive email or research/searching are some of the items safe to check in public places. Meaning checking out cnn.com without logging into your account, or ESPN.com for sports news without logging into your account. Never log into any service while on public wifi. Lastly, not managing payroll, updating Github repos, checking bank statements are particular items to skip while traveling or on untrusted networks. Finally, as safe browser tip is ensuring all websites you visit are HTTPS. While HTTPS does not guarantee a website is it safe it is better than visiting any site that is HTTP. HTTPS Everywhere, by the EFF, is a great tool to help with this.

There are multitudes of other items that you could do to keep yourself safe. But the things I have listed out are just a start. Don’t have someone looking at your sales pitch, potential client list or talking points, or access to any financial information during this holiday season.

The light amount of information I have provided is helpful to a point. Choosing a VPN service or privacy screen can be troublesome. I will say I am a fan of 3M privacy screen with tabs. Tabs allow you to remove the privacy screen at your leisure, say sharing a screen during a meeting or once you get to your final destination. A VPN service is a bit more challenging. There is a multitude of things to be worried about with VPN, where are the servers located, are they really encrypting your data, how many devices can I use, connection speed, plus a plethora of other topics. I do not have a suggestion, but I will say it never hurts to do a bit of light reading:

Articles for reading:

Safe travels Cheers✌🏽

Win the day: Evolve

My involvement with the Mac community is about to hit double digits. One of the reasons why I love the community is it indeed feels like a community. Individuals are getting together to support one another knowing that the IT department for specific companies is a single individual or a collection of individuals. No matter the size of the team or the skillset of the person, the community is always willing to try to offer the best solution in which the team can use manager here in now. Still leaving room for people to grow. The same community is also there as a sounding board when it feels like everything is going wrong. Lastly, when it is time for a change the community is there to help support that change. While I have been primarily involved with the community via Macbrained and speaking at Mac conferences, I have noticed over the last few years a difference with chatting at times with the community. Endpoint management and ideologies around how to manage the Apple ecosystem are abundant.

A trend with Mac the administration is if your organization has enough resources Jamf Pro was the tool, but depending on your needs it could require custom code to effectively manage your fleet. If a company was requiring IT be scrappy,(my favorite IT term by management) Jamf Pro usually wasn’t an option therefore Munki is the tool of choice. Lastly, for those companies who had a team of Endpoint engineers usually deployed tools like Puppet or Chef. All of the previously listed tools are great options depending on the make and composition of your team and company. While the Mac management tools may not be as old as Active Directory, the tools at all of our disposals are more than capable of managing our fleets. Depending on the size on an administrators company a Mac administrator may have to manage Windows. The choice is usually not to manage Windows or barely support Windows, due to a lack of experience or a claim of Windows isn’t better. This is always a matter of opinion but, one that I would like to address.

Administrators of macOS usually do not work on Windows or Windows Administration. I say usually as some do not care and for those admins this is not for you, I think. A comment I’ve heard before is “Windows administrators just don’t get it. Mac is different.” While this rings true on the surface, if you start to dig deeper into the last statement, I know it does not ring true. At it’s core Windows and Mac environments are endpoints. Both operating systems have management tools which perform modifications to ensure a device is compliant based on a companies requirements. Both platforms have advantages depending on an individuals role and responsibility. We all know the finance loves Windows. But many Mac administrators either refuse or are not comfortable or willing enough to take the leap into Windows management. They are not interested with Windows management because they do not know the environment or unsure of who, what, where, and why of Windows management. Well I am here to say Mac Endpoint Engineers, need to come out of the dark and learn how to manage Windows on a miminal level.

Part of evolving and becoming a better administrator is taking on new and challenging tasks or projects. Learning Windows administration will frustrate, challenge, enlighten, prove some similarities in managing both operating systems. Managing Windows is very challenging as the amount of ways to apply a setting are vast. The amount of Windows logging alone is overwhelming. Even though Windows management does require a different skill set, managing the endpoint keeps the same philosophy as Mac management. Over my next few posts, I will begin to show how managing Windows is eerily similar to managing Macs. I hope to provide guidance to Mac administrators who have to manage windows or Mac admins who want to embrace Windows in their environment. It’s time for evolution of the Mac admin.