Looking for an IT management tool that brings everything together (asset management, MDM, SSO)
We’re using a mix of different tools for device management, SSO, and asset tracking, and it’s getting messy as we grow. Our IT manager wants to centralize everything because we’ve started running into issues like assets not being reclaimed after offboarding and users keeping access to apps longer than they should.
We’ve got around 478 employees across three regions, and roughly 500-600 laptops plus phones and peripherals to track. The IT team is 5 people, so we’re trying to avoid something that needs tons of custom setup or noscripting.
We’d like a solution that combines MDM, asset management, and SSO under one platform, or at least integrates cleanly with what we already use. Currently looking at Allwhere, Workwize, NinjaOne and Kandji but I’m curious what others are using for this kind of setup and whether it’s actually reduced your manual workload.
https://redd.it/1ofq10w
@r_systemadmin
We’re using a mix of different tools for device management, SSO, and asset tracking, and it’s getting messy as we grow. Our IT manager wants to centralize everything because we’ve started running into issues like assets not being reclaimed after offboarding and users keeping access to apps longer than they should.
We’ve got around 478 employees across three regions, and roughly 500-600 laptops plus phones and peripherals to track. The IT team is 5 people, so we’re trying to avoid something that needs tons of custom setup or noscripting.
We’d like a solution that combines MDM, asset management, and SSO under one platform, or at least integrates cleanly with what we already use. Currently looking at Allwhere, Workwize, NinjaOne and Kandji but I’m curious what others are using for this kind of setup and whether it’s actually reduced your manual workload.
https://redd.it/1ofq10w
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
Just a reminder: Redis is not a database
Redis is a caching service. Not a database. Stop using it like a database.
Once again a team using this as a database has bit me. It annoys me every time.
https://redd.it/1ofzaq7
@r_systemadmin
Redis is a caching service. Not a database. Stop using it like a database.
Once again a team using this as a database has bit me. It annoys me every time.
https://redd.it/1ofzaq7
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
How to get tough with vendors without being an asshole?
I do not confrontation, and I try to be as nice as possible with everyone. Lately there have been 2 incidents where that is kind of biting me and some users are getting annoyed at their issue.
One is I had asked our Verizon rep a month ago about seeing if 4 lines we use for ipads can be set on their backend to use a certain DNS as the team that uses those ipads have a app that will not work with native Verizon 5G settings, and the ipad you cannot manually set a DNS. The rep told me they would check with their engineers and get back with me. I let it go 2 weeks and did not hear anything. I sent a follow up email touching base. Did not get a response to that, but instead got a sales email from the rep the next day asking about upgrading hotspots.
I waited another week and sent another followup email and no response to that. At this point the ipad team is getting annoyed that they cannot use their app. They told me to email every single day until I get a response. To me that is excessive and rude. But I did send one more follow up email, and I did finally get a response the next day saying that they were going to have a meeting with the engineer the next morning and will have info for me then.
It has now been 3 days since that email and I heard nothing.
Other one was we got a new piece of software last year for 2 users to replace a 20 year old piece of software they had been using. From day one this new software has not worked correctly. Every time the vendor fixes a bug they make a new one that directly impacts how these users use the software. 3 weeks ago the vendor sent a fix that fixed a big issue, but it then created another big issue. Our users were pissed and sent a email directly to the vendor account manager saying how garbage their software was and that it actively makes their job harder. They also twisted my words a bit and said in the email that they do not contact me for days when I submit a ticket, but what I told the user was that it would take days for the vendor to fix the issue.
So I felt bad for their support team who have been very nice, but I also kind of get it from the user perspective and if you are trying to do your job and crap keeps bugging out on software you are paying thousands for, that's not good.
I was told I need to put my foot down more with these vendors but not sure how to do that without coming across as an asshole.
https://redd.it/1og0grn
@r_systemadmin
I do not confrontation, and I try to be as nice as possible with everyone. Lately there have been 2 incidents where that is kind of biting me and some users are getting annoyed at their issue.
One is I had asked our Verizon rep a month ago about seeing if 4 lines we use for ipads can be set on their backend to use a certain DNS as the team that uses those ipads have a app that will not work with native Verizon 5G settings, and the ipad you cannot manually set a DNS. The rep told me they would check with their engineers and get back with me. I let it go 2 weeks and did not hear anything. I sent a follow up email touching base. Did not get a response to that, but instead got a sales email from the rep the next day asking about upgrading hotspots.
I waited another week and sent another followup email and no response to that. At this point the ipad team is getting annoyed that they cannot use their app. They told me to email every single day until I get a response. To me that is excessive and rude. But I did send one more follow up email, and I did finally get a response the next day saying that they were going to have a meeting with the engineer the next morning and will have info for me then.
It has now been 3 days since that email and I heard nothing.
Other one was we got a new piece of software last year for 2 users to replace a 20 year old piece of software they had been using. From day one this new software has not worked correctly. Every time the vendor fixes a bug they make a new one that directly impacts how these users use the software. 3 weeks ago the vendor sent a fix that fixed a big issue, but it then created another big issue. Our users were pissed and sent a email directly to the vendor account manager saying how garbage their software was and that it actively makes their job harder. They also twisted my words a bit and said in the email that they do not contact me for days when I submit a ticket, but what I told the user was that it would take days for the vendor to fix the issue.
So I felt bad for their support team who have been very nice, but I also kind of get it from the user perspective and if you are trying to do your job and crap keeps bugging out on software you are paying thousands for, that's not good.
I was told I need to put my foot down more with these vendors but not sure how to do that without coming across as an asshole.
https://redd.it/1og0grn
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
Compliance wants CIS-hardened containers but Alpine/Distroless don't have the packages we need. What's your strategy for minimal + customizable images?
Compliance is breathing down my neck for CIS-hardened containers but our Alpine/distroless approach breaks when devs need specific packages. We're stuck between bloated "compliant" images that balloon our CVE count and minimal images that can't pass audit requirements.
Anyone found a middle ground? Looking at options that let us start minimal but add necessary packages without losing hardening posture. Daily rebuilds help with patch currency but doesn't solve the base compatibility issue.
What's worked for your org when auditors want both minimal attack surface AND specific compliance benchmarks?
https://redd.it/1og0w1j
@r_systemadmin
Compliance is breathing down my neck for CIS-hardened containers but our Alpine/distroless approach breaks when devs need specific packages. We're stuck between bloated "compliant" images that balloon our CVE count and minimal images that can't pass audit requirements.
Anyone found a middle ground? Looking at options that let us start minimal but add necessary packages without losing hardening posture. Daily rebuilds help with patch currency but doesn't solve the base compatibility issue.
What's worked for your org when auditors want both minimal attack surface AND specific compliance benchmarks?
https://redd.it/1og0w1j
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
YubiKey/U2F/Fido: where do I start ?
Hello there!
I have a few leftover Yubikeys from my previous employer. I would like to learn how to use them both for my personal use as well as for use with some work stuff (eg: logging into the AWS console).
My end goal is to push the adoption of this kind of security keys (might be yubikey, might be some other vendor) at work. Ideally, I think at the very least high-profile/high-privileges people should be provided with such tool and be ~~asked~~ required to use it.
I'm getting lost between yubikey-specific docs, U2F, FIDO standards, WebAuthn and all these things.
Can somebody please enlighten me on this topics?
Ideally, I'd like to have a series of documents to read one after another in order to:
1. Understand what's going on
2. Understand, when hardware tokens are involved, what are the actors at play and how they interact
3. Learn the relevant standards so that I can then integrate it in our security systems (eg: our SSO solution).
I know this is a big ask, thank you to whomever will help me out!
https://redd.it/1og1jl0
@r_systemadmin
Hello there!
I have a few leftover Yubikeys from my previous employer. I would like to learn how to use them both for my personal use as well as for use with some work stuff (eg: logging into the AWS console).
My end goal is to push the adoption of this kind of security keys (might be yubikey, might be some other vendor) at work. Ideally, I think at the very least high-profile/high-privileges people should be provided with such tool and be ~~asked~~ required to use it.
I'm getting lost between yubikey-specific docs, U2F, FIDO standards, WebAuthn and all these things.
Can somebody please enlighten me on this topics?
Ideally, I'd like to have a series of documents to read one after another in order to:
1. Understand what's going on
2. Understand, when hardware tokens are involved, what are the actors at play and how they interact
3. Learn the relevant standards so that I can then integrate it in our security systems (eg: our SSO solution).
I know this is a big ask, thank you to whomever will help me out!
https://redd.it/1og1jl0
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
Networking VM options
Not sure if this is a better r/networking or r/vmware question but I'm going to be recabling a pair of VM hosts. They have 2x 1g ports and 2x 10g ports. Switches have a couple but limited 10G ports.
They are currently hooked up with all 4 ports just providing redundancy to the same switch. Any wisdom or possible danger in hooking the pair of machines up to each other with 1/2 the ports? So one 10G link to each other, with a 1G as a standby and the other 10G links to the rack switch with the 1G links as standby there.
Current networking is simple, one Vswitch and everything is tied into that. Anything I should lookup or read before I try something like that?
https://redd.it/1og32x7
@r_systemadmin
Not sure if this is a better r/networking or r/vmware question but I'm going to be recabling a pair of VM hosts. They have 2x 1g ports and 2x 10g ports. Switches have a couple but limited 10G ports.
They are currently hooked up with all 4 ports just providing redundancy to the same switch. Any wisdom or possible danger in hooking the pair of machines up to each other with 1/2 the ports? So one 10G link to each other, with a 1G as a standby and the other 10G links to the rack switch with the 1G links as standby there.
Current networking is simple, one Vswitch and everything is tied into that. Anything I should lookup or read before I try something like that?
https://redd.it/1og32x7
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
As a system administrator, do you ever feel like your brain never stops thinking?
I’ve been working as a system administrator for some time, and lately I’ve noticed something — my brain never seems to take a break. Even when I’m off work, it keeps thinking about servers, networks, backups, updates, or possible problems that might happen.
It’s like my mind is always running in the background, just like the systems we maintain. Sometimes it feels good because I’m always alert and ready to fix things. But other times, it’s really tiring because I can’t fully relax or stop thinking about work.
I’m just curious — how many of you feel the same way? Do your thoughts keep running all the time, even when you’re trying to rest or sleep? How do you deal with it and give your brain some real peace?
https://redd.it/1og7rj1
@r_systemadmin
I’ve been working as a system administrator for some time, and lately I’ve noticed something — my brain never seems to take a break. Even when I’m off work, it keeps thinking about servers, networks, backups, updates, or possible problems that might happen.
It’s like my mind is always running in the background, just like the systems we maintain. Sometimes it feels good because I’m always alert and ready to fix things. But other times, it’s really tiring because I can’t fully relax or stop thinking about work.
I’m just curious — how many of you feel the same way? Do your thoughts keep running all the time, even when you’re trying to rest or sleep? How do you deal with it and give your brain some real peace?
https://redd.it/1og7rj1
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
Microsoft 365 Business Premium
Do you know any course to learn implement, hardening, manage m365 business premium? Especially intune and defender.
https://redd.it/1og4gb7
@r_systemadmin
Do you know any course to learn implement, hardening, manage m365 business premium? Especially intune and defender.
https://redd.it/1og4gb7
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
As a systems admin, how do you deal with third party vendors always screwing up and then claiming you are in the wrong?
I can count so many occasions over the first 2 years as a network admin where we have third party vendors come in and do work and have no idea how their own products/software work and I have to with limited knowledge try to guide them through how to do their own jobs. It’s infuriating. Listen, I don’t expect end users to know everything about technical stuff, we’re here to help them with that. But I am sick of people who should definitely know about their own specific technologies, the technology/software/product of the company they are employed by to do work with not knowing what the hell is going on like 80 to 90 percent of the time. Is this normal? Am I dreaming? Someone tell me I’m not going crazy and this is something regularly experienced? At least then I wouldn’t feel so alone in experiencing this.
https://redd.it/1ogas2q
@r_systemadmin
I can count so many occasions over the first 2 years as a network admin where we have third party vendors come in and do work and have no idea how their own products/software work and I have to with limited knowledge try to guide them through how to do their own jobs. It’s infuriating. Listen, I don’t expect end users to know everything about technical stuff, we’re here to help them with that. But I am sick of people who should definitely know about their own specific technologies, the technology/software/product of the company they are employed by to do work with not knowing what the hell is going on like 80 to 90 percent of the time. Is this normal? Am I dreaming? Someone tell me I’m not going crazy and this is something regularly experienced? At least then I wouldn’t feel so alone in experiencing this.
https://redd.it/1ogas2q
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
As a parent and experienced system administrator, how would you teach your son to master this field from zero?
Just imagine a situation — you have a son who unfortunately didn’t study anything seriously during his education. He somehow holds an engineering degree, but he doesn’t have communication skills, interpersonal skills, or any real technical knowledge.
He’s now 33 years old, has no job experience, no bank balance, and feels like he has already wasted 75% of his life.
But there’s one thing special about him — he has a fresh brain that can still learn anything if someone explains it clearly. He has the ability to find perfect solutions for complex problems if he gets proper answers to his questions. He’s curious and ready to learn, but he struggles to understand theory or book-based concepts unless he knows their real purpose and need.
Now, he comes to you and says:
> “Dad, please teach me the system administrator job. I really want to enter this field, learn everything step by step, and build a good career. I’m ready to learn, but I want to go in an easier, more practical way — not by reading confusing books or putting too much pressure on myself.”
As a parent who’s an experienced system administrator and has mastered the field through years of work, what would you say to him?
How would you guide him from zero — from turning on a computer to handling servers, networks, backups, and troubleshooting?
What would be your full plan to teach him:
(Step-by-step skills and tools to start with)
Please share your thoughts.
This could be a real-life situation for many people who started late but still want to learn and build a stable career in IT — especially those who have the mind to learn but never got the right guidance.
https://redd.it/1ogb44b
@r_systemadmin
Just imagine a situation — you have a son who unfortunately didn’t study anything seriously during his education. He somehow holds an engineering degree, but he doesn’t have communication skills, interpersonal skills, or any real technical knowledge.
He’s now 33 years old, has no job experience, no bank balance, and feels like he has already wasted 75% of his life.
But there’s one thing special about him — he has a fresh brain that can still learn anything if someone explains it clearly. He has the ability to find perfect solutions for complex problems if he gets proper answers to his questions. He’s curious and ready to learn, but he struggles to understand theory or book-based concepts unless he knows their real purpose and need.
Now, he comes to you and says:
> “Dad, please teach me the system administrator job. I really want to enter this field, learn everything step by step, and build a good career. I’m ready to learn, but I want to go in an easier, more practical way — not by reading confusing books or putting too much pressure on myself.”
As a parent who’s an experienced system administrator and has mastered the field through years of work, what would you say to him?
How would you guide him from zero — from turning on a computer to handling servers, networks, backups, and troubleshooting?
What would be your full plan to teach him:
(Step-by-step skills and tools to start with)
Please share your thoughts.
This could be a real-life situation for many people who started late but still want to learn and build a stable career in IT — especially those who have the mind to learn but never got the right guidance.
https://redd.it/1ogb44b
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
Ever noticed how the Microsoft support is shit ?
Hey all !
When ever I ask a MS 365 question with them they are clueless or give me mis information.
I would say i got more experience about MS 365 than them ( which is bad)
Back in 2011 - 2014 they used to be good!
But has gone down hill.
Most of the time their Infosys or some IT company that work for Microsoft.
Also the Microsoft tech professionals aren't any better either that work for Microsoft themselves.
Anyone noticed ?
https://redd.it/1ogc7a4
@r_systemadmin
Hey all !
When ever I ask a MS 365 question with them they are clueless or give me mis information.
I would say i got more experience about MS 365 than them ( which is bad)
Back in 2011 - 2014 they used to be good!
But has gone down hill.
Most of the time their Infosys or some IT company that work for Microsoft.
Also the Microsoft tech professionals aren't any better either that work for Microsoft themselves.
Anyone noticed ?
https://redd.it/1ogc7a4
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
Onboarding is killing IT desks. How do you cut the tickets?
Hey everyone
We're auditing a client's onboarding process and found that IT spends almost 60% of their time answering repeat setup questions like "where's the police doc", "how do I access the CRM", etc.
I am curious, have you automated or "visualised' the onboarding so employees can self-serve without constantly overwhelming IT?
https://redd.it/1ogevgr
@r_systemadmin
Hey everyone
We're auditing a client's onboarding process and found that IT spends almost 60% of their time answering repeat setup questions like "where's the police doc", "how do I access the CRM", etc.
I am curious, have you automated or "visualised' the onboarding so employees can self-serve without constantly overwhelming IT?
https://redd.it/1ogevgr
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
Techies — how are you storing and managing all your cables, adapters, and peripherals at home?
Hey all,
Looking for some inspiration for cable and tech accessory storage at home — not the usual under-desk cable trays or conduit stuff, but more about how you store all the spare cables, adapters, chargers, and random tech bits that seem to multiply over time.
I’ve got everything from USB-C, HDMI, and power cables to hubs, adapters, and peripherals — basically a tech drawer that’s turned into chaos. I’m thinking of making a small storage area in a spare room or bedroom, but I want something clean, organised, and modern-looking — not just plastic tubs stacked everywhere.
So I’m curious:
What are you using — drawer systems, clear boxes, pegboards, label setups?
Are you going for something like an IKEA or tool-chest style drawer system (like for garage tools but for cables)?
Do you label each cable type or just bundle and group them?
Any cool or clever DIY ideas you’ve tried?
I’d love to see photos or links to setups that work for you — especially if you’ve made it look neat enough for a home office or bedroom rather than a workshop.
https://redd.it/1oggtny
@r_systemadmin
Hey all,
Looking for some inspiration for cable and tech accessory storage at home — not the usual under-desk cable trays or conduit stuff, but more about how you store all the spare cables, adapters, chargers, and random tech bits that seem to multiply over time.
I’ve got everything from USB-C, HDMI, and power cables to hubs, adapters, and peripherals — basically a tech drawer that’s turned into chaos. I’m thinking of making a small storage area in a spare room or bedroom, but I want something clean, organised, and modern-looking — not just plastic tubs stacked everywhere.
So I’m curious:
What are you using — drawer systems, clear boxes, pegboards, label setups?
Are you going for something like an IKEA or tool-chest style drawer system (like for garage tools but for cables)?
Do you label each cable type or just bundle and group them?
Any cool or clever DIY ideas you’ve tried?
I’d love to see photos or links to setups that work for you — especially if you’ve made it look neat enough for a home office or bedroom rather than a workshop.
https://redd.it/1oggtny
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
W11 license to install on Parallels
Anyone can give me some pointers on this? Have someone with Mac and they need Windows 11 for their job. They have M365 Business Premium license as well. Any recommendations on sourcing W11 license besides Microsoft Store?
thanks!
https://redd.it/1ogj4o7
@r_systemadmin
Anyone can give me some pointers on this? Have someone with Mac and they need Windows 11 for their job. They have M365 Business Premium license as well. Any recommendations on sourcing W11 license besides Microsoft Store?
thanks!
https://redd.it/1ogj4o7
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
Critical BIND9 DNS Cache Poisoning Vulnerability CVE-2025-40778 - 706K+ Instances Affected, PoC Public
Heads up sysadmins - critical BIND9 vulnerability disclosed.
Summary:
- CVE-2025-40778 (CVSS 8.6)
- 706,000+ exposed BIND9 resolver instances vulnerable
- Cache poisoning attack - allows traffic redirection to malicious sites
- PoC exploit publicly available on GitHub
- Disclosed: October 22, 2025
Affected Versions:
- BIND 9.11.0 through 9.16.50
- BIND 9.18.0 to 9.18.39
- BIND 9.20.0 to 9.20.13
- BIND 9.21.0 to 9.21.12
Patched Versions:
- 9.18.41
- 9.20.15
- 9.21.14 or later
Technical Details:
The vulnerability allows off-path attackers to inject forged DNS records into resolver caches without direct network access. BIND9 accepts unsolicited resource records that weren't part of the original query, violating bailiwick principles.
Immediate Actions:
1. Patch BIND9 to latest version
2. Restrict recursion to trusted clients via ACLs
3. Enable DNSSEC validation
4. Monitor cache contents for anomalies
5. Scan your network for vulnerable instances
Source: https://cyberupdates365.com/bind9-resolver-cache-poisoning-vulnerability/
Anyone already patched their infrastructure? Would appreciate hearing about deployment experiences.
https://redd.it/1ogjvq9
@r_systemadmin
Heads up sysadmins - critical BIND9 vulnerability disclosed.
Summary:
- CVE-2025-40778 (CVSS 8.6)
- 706,000+ exposed BIND9 resolver instances vulnerable
- Cache poisoning attack - allows traffic redirection to malicious sites
- PoC exploit publicly available on GitHub
- Disclosed: October 22, 2025
Affected Versions:
- BIND 9.11.0 through 9.16.50
- BIND 9.18.0 to 9.18.39
- BIND 9.20.0 to 9.20.13
- BIND 9.21.0 to 9.21.12
Patched Versions:
- 9.18.41
- 9.20.15
- 9.21.14 or later
Technical Details:
The vulnerability allows off-path attackers to inject forged DNS records into resolver caches without direct network access. BIND9 accepts unsolicited resource records that weren't part of the original query, violating bailiwick principles.
Immediate Actions:
1. Patch BIND9 to latest version
2. Restrict recursion to trusted clients via ACLs
3. Enable DNSSEC validation
4. Monitor cache contents for anomalies
5. Scan your network for vulnerable instances
Source: https://cyberupdates365.com/bind9-resolver-cache-poisoning-vulnerability/
Anyone already patched their infrastructure? Would appreciate hearing about deployment experiences.
https://redd.it/1ogjvq9
@r_systemadmin
CyberUpdates365
BIND 9 Vulnerability CVE-2025-40778 Affects 706,000+ Instances - CyberUpdates365
BIND 9 vulnerability CVE-2025-40778 affects 706,000+ resolver instances worldwide. CVSS 8.6 cache poisoning flaw allows traffic redirection.
Just inherited a network. No documentation. The admin password is "Password123".
Started a new gig as the "sole IT guy" for a 150-employee company.
The previous admin left 3 weeks ago with zero notice. Today was my first day.
There is no documentation. No network diagrams. No asset list. No password manager.
I spent my morning in the "server room" (a hot closet with a single, dusty rack) trying to trace cables.
The good news: I finally got into the domain controller. The bad news: I got in by guessing. The domain admin password was, I kid you not, "Password123".
It hasn't been changed since the server (a physical 2012 R2 box) was set up.
There are no backups, just an external USB drive plugged into the back of the server with a "Last Modified" date of 2019.
On the bright side, I guess I have job security.
What's the worst thing you've ever inherited on Day 1? I need to feel better about this.
https://redd.it/1ogo9eg
@r_systemadmin
Started a new gig as the "sole IT guy" for a 150-employee company.
The previous admin left 3 weeks ago with zero notice. Today was my first day.
There is no documentation. No network diagrams. No asset list. No password manager.
I spent my morning in the "server room" (a hot closet with a single, dusty rack) trying to trace cables.
The good news: I finally got into the domain controller. The bad news: I got in by guessing. The domain admin password was, I kid you not, "Password123".
It hasn't been changed since the server (a physical 2012 R2 box) was set up.
There are no backups, just an external USB drive plugged into the back of the server with a "Last Modified" date of 2019.
On the bright side, I guess I have job security.
What's the worst thing you've ever inherited on Day 1? I need to feel better about this.
https://redd.it/1ogo9eg
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
What are your thoughts on Encrypted DNS (DoH, DoT, DoQ) ?
Hello community,
Long time lurking network engineer/network security engineer here looking for some thoughts from sysadmins.
Standard DNS runs unencrypted over port 53, which means that an eavesdropper can pick up those DNS requests and see which sites your users are visiting, and may potentially use this information to orchestrate cyberattacks against your organisation.
I see there are various attempts at the IETF level to implement encryption for DNS by using either DoH (DNS over HTTPS), DoT (DNS over TLS) or DoQ (DNS over quick).
https://www.internetsociety.org/resources/doc/2023/fact-sheet-encrypted-dns/
https://blog.apnic.net/2018/10/12/doh-dns-over-https-explained/
What are your thoughts on these solutions ? Have you seen these implemented in practice or has your organisation considered deploying them ? If yes, how did it work out, and do you consider the effort worthwhile to improve your organisation's security posture ?
https://redd.it/1ogmvah
@r_systemadmin
Hello community,
Long time lurking network engineer/network security engineer here looking for some thoughts from sysadmins.
Standard DNS runs unencrypted over port 53, which means that an eavesdropper can pick up those DNS requests and see which sites your users are visiting, and may potentially use this information to orchestrate cyberattacks against your organisation.
I see there are various attempts at the IETF level to implement encryption for DNS by using either DoH (DNS over HTTPS), DoT (DNS over TLS) or DoQ (DNS over quick).
https://www.internetsociety.org/resources/doc/2023/fact-sheet-encrypted-dns/
https://blog.apnic.net/2018/10/12/doh-dns-over-https-explained/
What are your thoughts on these solutions ? Have you seen these implemented in practice or has your organisation considered deploying them ? If yes, how did it work out, and do you consider the effort worthwhile to improve your organisation's security posture ?
https://redd.it/1ogmvah
@r_systemadmin
Internet Society
Encrypted DNS Factsheet - Internet Society
The domain name system (DNS) makes the Internet easier for humans to navigate as well as for services online to be highly resilient.
What's the "rookie mistake" you've made dispite your experience?
Let's be honest, we've all made beginner level mistakes that somehow slipped through, even with years of experience.
How did it impact production?
Just a reminder for people who are starting in IT (even for the veterans out there too), that you're going to make mistakes even with years of experience and it's ok.
https://redd.it/1ogsnnx
@r_systemadmin
Let's be honest, we've all made beginner level mistakes that somehow slipped through, even with years of experience.
How did it impact production?
Just a reminder for people who are starting in IT (even for the veterans out there too), that you're going to make mistakes even with years of experience and it's ok.
https://redd.it/1ogsnnx
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
Best way to share service account passwords securely (on-prem only, no cloud tools allowed)
I’ve been looking into ways to securely share service account passwords between admins in an on-prem environment.
Found a few paid solutions (like Password Safe, ManageEngine, etc.), but wondering — are they really worth buying?
Or is this issue not even worth spending money on?
What are you guys using in regulated environments with no cloud access?
Would love to hear some ideas about this.
Thanks,
https://redd.it/1ogudmk
@r_systemadmin
I’ve been looking into ways to securely share service account passwords between admins in an on-prem environment.
Found a few paid solutions (like Password Safe, ManageEngine, etc.), but wondering — are they really worth buying?
Or is this issue not even worth spending money on?
What are you guys using in regulated environments with no cloud access?
Would love to hear some ideas about this.
Thanks,
https://redd.it/1ogudmk
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
Level 1 sd specialist seeking advice
Hey everyone,
I landed a job recently as a level 1 sd specialist. I dont have an IT background.
Let's just say I got served this opportunity on a silver platter. I really don't wanna mess this up.
I was hoping if I could get some general advice from you brainiacs that would help me bring more value and perform better.
Thank you for your time.
https://redd.it/1ogvdvl
@r_systemadmin
Hey everyone,
I landed a job recently as a level 1 sd specialist. I dont have an IT background.
Let's just say I got served this opportunity on a silver platter. I really don't wanna mess this up.
I was hoping if I could get some general advice from you brainiacs that would help me bring more value and perform better.
Thank you for your time.
https://redd.it/1ogvdvl
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
Another M365 Outage?
Located in AUS, currently having the following issues.
\-Slow access to office.com
\-No access to portal.office.com
\-Access to admin.microsoft.com is ok.
Down detector starting to spike
https://downdetector.com.au/status/microsoft-365/
No outages listed in health status
https://status.cloud.microsoft/
https://redd.it/1oh0rmo
@r_systemadmin
Located in AUS, currently having the following issues.
\-Slow access to office.com
\-No access to portal.office.com
\-Access to admin.microsoft.com is ok.
Down detector starting to spike
https://downdetector.com.au/status/microsoft-365/
No outages listed in health status
https://status.cloud.microsoft/
https://redd.it/1oh0rmo
@r_systemadmin
Office
Your Favorite Office Apps—Now Smarter with Copilot
Elevate with Microsoft 365 Copilot—AI at your side to help you create, collaborate, and achieve more across documents, presentations, and data.