Well as I have been on the autism scale myself since I was born and I have read quite a bit about it in an effort to understand what my differences are, I perhaps have a radically different view of it than you do. It is not a disorder unless someone is severely autistic. It is, in fact, an evolutionary advantage that has become more prevalent in humans for the simple and obvious reason that it gives people who have "mild" cases of it the ability to be highly successful with technology and machinery as well as music and the arts. As humans have become more civilized, people with the genetic group that causes autism have out competed people that lack this. Einstein for example is a textbook example. I've worked in high tech since 1994 and the most successful programmers, engineers, it people, - the "techies" of the world - are all on the scale. That is after all what the word nerd was coined to describe. So I am actually rather proud of being on the scale and I DONT regard having it negatively. I'm sorry you do and I hope you can eventually realize your view of it being a disorder is discriminatory. IMHO the biggest proponents of the idea that mild autism is a disorder are old school educators who's main goal in life is getting kids in school to sit down and shut up. Happily that view is gradually changing but it's clear we still have a lot of work to do.
Get Outlook for Android<https://aka.ms/AAb9ysg> ________________________________ From: PLUG <plug-boun...@pdxlinux.org> on behalf of Ben Koenig <techkoe...@protonmail.com> Sent: Saturday, April 22, 2023 5:29:40 PM To: Portland Linux/Unix Group <plug@pdxlinux.org> Subject: Re: [PLUG] 3rd party vpn Defense evasion ------- Original Message ------- On Tuesday, April 18th, 2023 at 8:38 AM, Ishak Micheil <isaa...@gmail.com> wrote: > Greetings, > I am tasked to identify a solution to detecting users obfuscating their ip, > using verity of VPN services. > > What we've done > - Prevent users from installing software (VPN Cliens) > > - Possibly having a code on endpoints, to collect ip addresses tied to wifi > or LAN connection prior to attaching to VPN service, > > any other ideas? Some people want to debate this ass some sort of political issue, but it's pretty straight forward. This usually is more of a concern at SMBs that don't want to splurge for company managed hardware and ask their employees to BYoD. This then creates anxiety among managers that gets projected down to IT. If you control the VDI system, then you have the ability to see who is connecting. At most companies the VPN software used to connect to the VDI is ALSO company managed, so you can see that too. So, you log all accesses to the VPN on the server side and monitor for trends. You may not be able to stop an employee from giving out access credentials, but you can see when the IP address used to connect the VPN changes. From here, you implement Zero-trust policies where only known IP addresses are able to access the network because you know the IP address, but may not have logged it effectively until now. There are additional layers of control you can add but it ultimately comes down to what a given company is willing to provide for their employees/contractors. I've worked with systems that would make the kind of subcontracting you describe very difficult but in those cases you end up with the employer buying a special wifi router for their staff. A lot of managers will ask for a magical fix without understanding how much effort it takes to lock this down. For us in IT sometimes we just need to map out all the things that would need to be implemented and assign a $$$ value to them. Most companies will decide not to bother at that point. Think of it like an arms race, at what point does your user have to jump through so many hoops that the act of enabling a subcontractor becomes more work than the actual job? Or, we could be Ted and go off on abusive rants about how IT people are autistic for even considering this type of solution. ;) -Ben P.S. Hey Denis, I would have posted this info sooner since it's a pretty interesting question but was discouraged from doing so because Ted was trying to shit on everyone. May the Facts be with me :)
