GFGJewbacca@lemm.ee to Technology@lemmy.worldEnglish · 7 months agoMicrosoft's latest Windows update breaks VPNs, and there's no fixwww.pcworld.comexternal-linkmessage-square49fedilinkarrow-up1217arrow-down163
arrow-up1154arrow-down1external-linkMicrosoft's latest Windows update breaks VPNs, and there's no fixwww.pcworld.comGFGJewbacca@lemm.ee to Technology@lemmy.worldEnglish · 7 months agomessage-square49fedilink
minus-squareKethal@lemmy.worldlinkfedilinkEnglisharrow-up6arrow-down19·edit-27 months agoMy workplace requires VPN for Web sites that are authenticated, require 2FA and are encrypted. It’s infuriatingly stupid. I feel like someone higher up got sold a useless contract by a good VPN salesperson.
minus-squareRubberDuck@lemmy.worldlinkfedilinkEnglisharrow-up40·7 months agoMost likely all connections are run through the gateway of the company allowing them to apply security to all web traffic on their clients. It might hinder you but there is plenty of method to this madness.
minus-squareAlphaAutist@lemmy.worldlinkfedilinkEnglisharrow-up8arrow-down2·7 months agoYa that just sounds like good practice for internal services. @[email protected] Maybe see if you can use a FIDO2 device like yubikey for 2fa
minus-squareBearOfaTime@lemm.eelinkfedilinkEnglisharrow-up15arrow-down2·7 months agoI applaud your IT leadership/CIO for being willing to do this. Most companies are far too passive and think “aIt won’t happen to us”. I’ve seen companies scammed of $1mil in a single transaction because they sent credentials in email, to a scammer. Had they used a credential management system this wouldn’t have happened. Every layer of security helps.
minus-squareKethal@lemmy.worldlinkfedilinkEnglisharrow-up1arrow-down1·7 months agoYeah, maybe they should encrypt it a third time. You never know.
My workplace requires VPN for Web sites that are authenticated, require 2FA and are encrypted. It’s infuriatingly stupid. I feel like someone higher up got sold a useless contract by a good VPN salesperson.
Most likely all connections are run through the gateway of the company allowing them to apply security to all web traffic on their clients.
It might hinder you but there is plenty of method to this madness.
Ya that just sounds like good practice for internal services.
@[email protected] Maybe see if you can use a FIDO2 device like yubikey for 2fa
I applaud your IT leadership/CIO for being willing to do this.
Most companies are far too passive and think “aIt won’t happen to us”.
I’ve seen companies scammed of $1mil in a single transaction because they sent credentials in email, to a scammer.
Had they used a credential management system this wouldn’t have happened.
Every layer of security helps.
Yeah, maybe they should encrypt it a third time. You never know.