 Thursday February 16th vlog update we've decided like I don't know a few hours ago Maybe like less than 12. Yeah, we're gonna start doing vlog updates on Thursdays and we picked Thursday for a very specific reason We did one last Thursday. Yeah, and this is Thursday again. So that makes sense to us And I want to become more regular on a channel because it helps me talk through ideas And I'm gonna someday go back through different videos because it's fun, you know, I have a personal YouTube channel I mostly use it just for uploading junk over the years But it's really neat to go back and say wow I was doing that nine years ago, which is just kind of interesting but we're gonna keep this one more focused on the company stuff that we do and Business talks and I hopefully we improve the audio because we have this really cool boom mic now. Yeah Well, it's the same mic. It's just on a boom Which makes it completely different it sees it it becomes it goes from a desk mic to a boom mic Yeah, it's just pretty cool pretty cool. So I finished the video of The big project and I call it the big project because it was actually just a big pain Ongoing project for such a long time because there were so many delays in it We're so happy to become finally billable and of course the best thing is we always are very critical as our clients Are you happy because in the end we'll make sure the clients happy and they actually thanked us They were really happy to work with us and we worked around the delays because we bid that in March of 2016 and we just finished it in February of 2017 now It is not our fault that I'm not just trying to duck blame They literally got rid of the general contractor and part of the middle of the project and he changed architectural firms so Things happened and it was a big project to begin with they were going from a basically empty warehouse space Concrete floor nothing on the walls to a pretty cool office space. Yeah With two cube farms and a middle section with Conference rooms and offices and then offices on the side I mean, it's it's one of the coolest office spaces you're likely to see. Yeah So we're it was really cool to showcase it was a fun project now that is like a project That's not the project we do. I always struggle with content in terms of showcasing our work Especially when it comes to a marketing standpoint because reality is I mean my PF sense videos are popular because people want to talk about Firewalls and technical stuff that we do and that's cool. That's fun Someone asked me about capacity planning on that project. We worked with their IT company So they technically did or another IT internal people because they don't have an external They just don't do physical wiring, but no, that might be an interesting topic of how we decide some of the capacity planning for it But it's a little bit less scientific. I mean it's scientific, but it's not as complicated I should say as people think it is but that is some of the things we do like we had the bridge bridge project And we only had to get the Wi-Fi of a connection between there fast enough to facilitate the fastest predicted connection speed that they had I mean we could have put an even faster connection on there, but we know they're never gonna We we're not gonna go to 2 gig of it They're never gonna get more than about 30 megs because it just runs credit cards over there I mean our connections way faster than 30 megs But the endpoint for their internet is 30 megs and it wires across the bridge there But there's lots of little projects we do in between and you know We do one drop here one drop there for the wiring most of the day My other technicians spend time doing you know my printer doesn't print we remote into businesses You know we start with the same thing is your printer turned on Have you tried turning it off and on again? Yeah I mean it's like there's it's hard to make videos about that because reality is the desktop support is a huge necessity But less exciting, but what I will do is I was just a guest on the podcast recently And I'm learning more and more because I I'm not saying I worked in a bubble But I designed things the way I thought was most secure from my background working in corporate a lot of that means internal Documentation for us is all run on internal servers that are locked down without public accessibility And I don't mean like file servers like we created our own wiki server and our own point of sale system that we self host on a server stack on a separate network that's you know only has accessibility from our Internal network via certain firewall rules and ACLs and then externally it's only accessible from a two-factor VPN We don't just use username password on our VPN It's username password certificate that way the VPN just can't be brute-forced I mean guess the passwords all day and without the cert without the internal certificate downloaded onto your computer You're not getting into our VPN So we're really really security minded Maybe tinfoil hat mind it a little bit You know Marvin's learned some of that here because like he's like hey I can't get to this or this and it's like everything just setting up computer for me means building each rule set So he's allowed to access those things internally And makes a great excuse for like why I didn't get something done Yeah, because he didn't have access to it because we have to grant his computer access And he still needs a username and password after that So there's still another layer and all the traffic even internal traffic is SSL traffic Internal extra which brings you to another SSL mean secure socket layer which technically is an old term because everything now is TLS So which is Transport layer security go with it. Nobody else knows either. Yeah. Yeah, someone's gonna correct me. Someone's gonna tell me wrong Why don't you know I? You know, I can explain to something like a look to purve encryption, but I can't remember what all the acronyms mean You know, there may be some people watching who don't know what these letters are I'll like I'll just put words over my whatever it actually stands for it. I think that's I think it's transport layer security We'll figure it out. Yeah. Yeah. No, I know what TCPI means. Anyways Anyways back to the firewall video. So a lot of the requests we get for firewalls are constantly I want to see all the traffic on my network. Well, that's fine But because everything's moving towards a HTTPS world. Hey, thanks, Edward Stoden Everyone's encrypting everything and even we use because well, they're free if I if it's non-critical so to speak And I just want the traffic encrypted on things we use let's encrypt works great. It's an awesome Encryption system to make everything SSL. Well, that means you lose visibility and you can't see inside the traffic Now that creates a lot of problems for businesses and what they've been doing to combat this is installing certificates on a per computer basis because of that I'm not the biggest fan of like setting it up in a home environment and things like that or even small business environment Unless someone understands how to maintain all those certificates You have to understand that each device needs one that you have to redirect the traffic There's not that I can't be done. It's just a lot of extra effort I have a lot of people what I know are just setting up home labs for it I tell them like it's it's kind of experimental. We really focus With our clients on end point security, which installs a web filtering package as part of our managed solutions And that filters it at the computer level directly because it's an antivirus and it's opening up the traffic on there So instead of each device and we just set up separated networks for things to help protect stuff So it's not always I mean it depends what they want a whole UTM solution But I just made you a video and just to show you like through packet captures what it looks like for SSL data What it looks like for non SSL data, so that's one of the one of the topics I think people that maybe just don't have enough clear understanding of how that works and why just because you're at the firewall You can't see it and I seen someone in the discussion the other day. They didn't understand IP Access point acts AP access point isolation and how that works and the smarter companies when you set up a guest network They you can look but you'll only ever see yourself on the guest network Even though they have two hundred three hundred people and the reason why is that way you can't just jump between computers That way for every access point out and there's only being granted internet access instead of full access Invisibility to other computers on that network for Wi-Fi. So can we back up for a second? Sure Can you give a 500 word or less explanation of a firewall and what its purpose is? Ah? firewall purpose. Yes, so Firewalls serve two things and they're actually two separate things But they've been really combined into one thing so you have firewall and that pretty much all your firewalls provide NAT services now Network address translation network address translation is to solve the problem of we don't have enough IP addresses to give out So you hit the firewall and then then you have a separate network behind the firewall now That's technically only NAT the firewall itself is a series of rules now you can have and One of the colleges locally here is kind of interesting They don't have to use NAT, but they still have to use firewalls They happen to have a massive block of IP addresses that allow they actually have a lot of things publicly assigned But then the firewall stops external traffic from different sources that they don't want from getting through there So the firewall really is a control list and can control different ports and what can and not pass So you that would be the definition of firewall But pretty much all of them pfSense and anything you buy consumer grade you about a little link sys or Cisco routers They provide simultaneous firewall and NAT and they blend them together in one device Because the NAT is the routing portion of it versus the firewall is just the rule part of it. So I Don't know if that helps any at all How does it help keep my network safe the way it keeps your network safe is as your computer makes connections from the inside To the outside world Those connections are sent through and it can come back through because you said I'm requesting this data The firewall and then the NAT translates that and go Marvin requested the data from that website Go ahead and bring it back through but If that website just comes to the firewall and go I want to see what's in your network It just says no there's no rule that lets you in here now where you can change the firewall As you can open up a rule so to speak and say I want to be able to have traffic flow through the firewall and in here Then it works, but for the most part the firewall just the default like if a consumer firewall just block everything That's the default rules Of course, there's been a lot of controversy because companies like netgear who are supposed to be following those rules Didn't block anything and allow remote access and all kinds of yeah lots of flaws and other things like that But ideally the firewall by default in pf sense for example Out of the box does not open up any ports and does not let anything through now consumer firewalls kind of make an exception to this by Fault most consumer firewalls have a really cool feature. Well kind of cool Called UP and P for universal plug-and-play. So in the early days of gaming there was always a Configuration guide and how to get your game to work because you had to open up rules in the firewall to connect to servers and host a game You know, this was like the late 90s early 2000s Then they came up with UP and P which says the game through software can access the firewall and say open up these ports And the firewall listens to things on the inside of it and just opens the ports right up for you Well, it turns out mailware is Exploiting a lot of this because it's just a signal and it says open up the port open up the floodgates and let things in This is where pf sense has an advantage because the default install if you did nothing But next in yes your way through a pf sense install UP and P is off And even if you did want to turn it on you have to go through a couple steps And you can go a step further and I thought about doing a video just about this you can create a control list and say Here's my certain iot device and I want this device to have access to UP and P and it can't I can implicitly allow this that we Have someone else brings on a device of my network And I give them my Wi-Fi password that device doesn't get it and there was a great story maybe I'll link to it and know it's about a School that had their vending machines attack them They There's like maximum overdrive remember that movie from yes exactly They were attacked by their someone a botnet had taken over and Got inside their network and then it caused entire well They got the help that started called from kids going Hey, the internet's going slow and it turned out it was going slow because it was a massive attack and it just beat It was a flood attack because all the I think it was 5,000 internal devices got affected on our internal network Because of the way iot works a lot of times It's the same device as a controller the design part of it and it connects to whatever the bigger device is So once they've compromised the device whether it's a refrigerator or a toaster Both of them may be buying from the same manufacturer the actual control chip So they have to find a flaw in a control chip which is often a default username and password of like admin admin And once they infect one it says find all the other devices that match this manufacturer and they make a giant mess So this is a danger of the internet of things. Yes internet of things There's a reason that one I actually flipped the light switch on and off in our building There is no internet of things here. There is no remote control light switch if I ever were to Do something like that it would be on a separate network. It would not be part of our current network We would just create yet another network just for it that way if it ever got infected we could just turn it off It will also not have access to the other networks that we have internally where customer network or our business that work inside of here You also notice that Tom's not really a gadget guy because of this I have enough listening devices people like oh you're gonna review the Amazon Echo or the Google thing No, my phone is plenty enough listening device and I know where it's at I can go put it somewhere else. So just adding some random listening device to my home not really so Yeah, that's all I do Take security. It's kind of serious at least I hope I do. I'm always looking for best practice I talk about what I do because I don't want it to be security through obscurity I want someone to call me out and say you're an idiot for doing it this way And I even bring in my one of my friends is devops guy for a big company And he's I have him review things once in a while just to make sure I got them configured right to make sure All my SSH Configurations are right that my Apache configurations are right that my crypto for our remote support software is configured, right? I have third-party review of this because I don't know everything. I'm pretty good at this. I think I feel better Yeah, I think not everything that it's up there But it's something I think a lot of people don't take the time to do and uh, so that's why I'm always out there talking about it Trying to encourage it Um, uh less technical topics are I did some more public speaking that is one of my I don't know if I want to call it hobby passion or whatever I like public speaking While I'll do deeply technical videos in here. I did post my video on social media Here, uh, it's a couple videos ago. The video was about social media. It's very it's very meta. He posted about social media on social media Exactly and we call it my 2017 how to turn clicks in the clients Is because I study marketing, uh, and I study things like that and I speak A couple times a year to u of m business school over in jeer born has me come in for their marketing class and I give a class that day on it. So it's kind of fun. I'm actually Speaking at goldman sacks next friday on a similar talk. I'm part of a seven person panel on that We're going to be helping other small businesses and do that. It's it's by golden sacks in terms of sponsorship It's not a I'm not speaking to the goldman sacks people. Someone says I can't believe you're selling out The goldman sacks. I'm like, this is something different. This is because golden I'm not going to speak ill of them, but uh, we all know they had something to do with some of the housing stuff But whatever they have put a lot of money into the small business program that I'm a part of And what they do is they sponsor and they really do just hand money over to the colleges like babson colleges and locally here wait states involved and Promote small businesses. They give us tools to help do the business. It's actually a really great course I did a video review on it. Um, and I even kind of video view I have not been offered or sold anything by goldman sacks. They just put money and investing in Businesses and helping them out, which is really awesome in my opinion So I have your opinion if you want about how they make their money, but uh, it I was kind of impressed with Well, that's what those kind of novel The other thing I did was I launched well relaunched and you'll see that the updates aren't from very recent Thomas Lawrence calm as I don't know where to put other information So me and him had a discussion about the philosophy channel that I don't know how many hours did you spend watching? Oh, yeah I found it last night. I was up pretty late last night. I got through Oh, jeez. I don't know probably a dozen of their videos. Yeah, they're not very long videos But they're really eight to 12, but they pack a lot into those minutes Yeah, and it's a science and life youtube channel So I don't know where to put some of the data like for things I like and things I write about So I have an internal documents. I call my brain doodles where I just write this stuff And then I I share it back out and I'm like, you know, I should just put all this on a website I own Thomas Lawrence calm Maybe someone wants to know something personal about me and it's not relevant to my channel because I also want I have a video with thousands and thousands of views. That's about my bicycle That's on my personal channel And I'm like, well, I should probably post that somewhere because people ask me questions about The recombinant bicycle that I ride and I don't think there's any relevance to put that on this channel So we put it on that channel So that's uh, that's what if you're curious to me personally because I'm pretty open about things I do Uh and talk about them or hobbies I have which are very bicycling. Sorry. That's it and some photography and youtube But I'm putting I'm posting stuff on Thomas Lawrence calm and it's uh, like I finished a pendulets book Presto how I made a few hundred pounds disappear. I probably got the title wrong But I like the book I have no relevance to this channel for me to do a book review on it But I'll probably post something my personal channel and then I'll write something up on my personal web page about Why I like the book because it was good and I like pendulum. He's funny and he entertains me So You should probably start updating mine a little more often too. Yep. This guy's got one too. I went to marvin muses marvin marvin muses.com I used to update it a lot, but yeah life gets in the way. I suppose but uh, yeah But there's there's there's entertainment on there Yeah, and it's all those things that we don't know where else to put it So we're gonna put it there So if you're curious about stuff about us personally You can find it you can uh dig through it But uh back to lauren systems. Um, yeah, we're just gonna try and do this every thursday I'm also considering a news thing and the reason I see this because there's a lot going on in the news And I'm gonna probably do another one maybe after this about the news Uh in specifically technology news security news because I cover these topics on my smlr podcast, uh, which in case you didn't know I co-host a podcast on linux But we have our security topics now our security topics are generally more linux slanted But they do we do get into how breaches happen and things like that So I thought well, I take all the time to put show notes together for that and I may not have exactly the same audience Listening to smlr is I do right here smlr being sunday morning linux review sunday morning linux review Loves acronyms. I like acronyms. I know what that one means So you know it's it's something about the it world We love acronyms the it and military just everything's an acronym because we're so busy We don't have time to to speak in full words and sentences. There's too many syllables and everything Plus it keeps things Sort of esoteric like we were talking while setting up about putting a dead cat on a blimp If you're if you're in video production, you know what that means and it actually is not cruel to anybody Yeah, it's a dead cat on a blimp Look it up. Look it up because we were talking about getting a dead planet blimp to make the audio better. Yeah Yeah, there it is Look at that. I'll be your homework is to find out what what we met by that. Yeah, exactly So, uh, that was our vlog update. Um, oh, uh, I will be doing we we're doing a golf course And uh, that's kind of fun. So we're putting a wi-fi. We're we're putting wi-fi in some of the golf course here We it may extend out more on a golf course. We're putting different proposals in But it's also going to be excuse to use my drone We've already redid the entire internals of the golf course. So that project's uh coming up and we also have a really interesting project I don't see how much We can document it because we're putting wi-fi on a really really old house that doesn't allow us for Modification of the house or drilling and the house is what we're just going to call it an estate The the thing is with uh places like that We very very very much respect anyone's privacy and because of that that means we don't always uh film or post detailed information We try to obscure some of that. Um, and we always ask permission before we film So it's just something very important to us. So they always know golf course. They're cool They don't mind because this is going to be a really cool estate residence The guy may be very private about it and uh, so we have to let him know at a time We'll still document the project and how we did it and how we came up with it because it's interesting if it's all works We're going to do a test on saturday Uh for providing wireless there, but it's a little bit different concept and I'll still lay out how we did it functionally Uh, because it's going to make some it's kind of interesting It's it's a way to get wi-fi at a very large area Using some mesh network stuff if all that works. So it's all proposal stuff We don't know if these even going to buy into it. So we got to figure out what his budget is But uh, that's it for our vlog update until next thursday But we'll still try to post some other videos and of course, of course. That's what we do So yeah, maybe maybe next thursday though. We try to keep it off the cuff. I don't know if you noticed Yeah, but this was not scripted. No, but maybe maybe part of the fun, right? But maybe next week we'll maybe we'll go a little more in depth into the social media thing Yeah, maybe just just you know a little tease of tom's talk. So you'll go, uh, maybe check it out if uh But you know, we'll see that could totally change by next week. You change your mind. It's not scripted All right, thanks for watching if you like the content here like and subscribe if you think we should keep doing this Uh, let us know if we did it wrong. I'm sure you let me know You're never as wrong as when you're wrong on the internet. Oh, isn't that true? Oh my goodness, but yeah, let us know if you like it and we'll keep doing it If you don't want us to keep doing it. Oh, well, we'll probably keep doing it So thanks for watching like and subscribe if you made it this far. Thank you again. Yeah