Listen Up!
IPv6 is here to stay. Removing it can break networking. Do not remove it.
SMBv1is a security hole and has been removed from Windows 7 & above, Server 2008 & up.
SMBv1 has been removed meaning you cannot connect to old operating system, old NAS devices and old printer/scanners.
SMBv1 is a security hole. Do not enable it.
Window 10 is going to update. Get used to it. The people who turned Windows 7 updates off and then blamed Microsoft when their operating got hacked and hosed caused this.
Home group has gone (Windows 10 V1803 and up). Get used to Password Protected sharing and learn how to use it. I wrote an article about this (look in my Articles for Folder Sharing on modern computers). Do not turn passwords off.
Windows 10 is not Windows 7, does not work like Windows 7 and has dispensed with some old Windows 7 ideas. There is no going back. Get used to it.
You got ransomware from people opening email from strangers. Get a Spam Filter. Train Employees, keep Off-Site backups. It is not a technology problem - it is a management problem.
Amortize expensive software and hardware to create cash for new equipment. "I am stuck on XP because the equipment is too expensive to upgrade" is not an option. Get your accountant to explain this to you.
IPv6 is here to stay. Removing it can break networking. Do not remove it.
SMBv1is a security hole and has been removed from Windows 7 & above, Server 2008 & up.
SMBv1 has been removed meaning you cannot connect to old operating system, old NAS devices and old printer/scanners.
SMBv1 is a security hole. Do not enable it.
Window 10 is going to update. Get used to it. The people who turned Windows 7 updates off and then blamed Microsoft when their operating got hacked and hosed caused this.
Home group has gone (Windows 10 V1803 and up). Get used to Password Protected sharing and learn how to use it. I wrote an article about this (look in my Articles for Folder Sharing on modern computers). Do not turn passwords off.
Windows 10 is not Windows 7, does not work like Windows 7 and has dispensed with some old Windows 7 ideas. There is no going back. Get used to it.
You got ransomware from people opening email from strangers. Get a Spam Filter. Train Employees, keep Off-Site backups. It is not a technology problem - it is a management problem.
Amortize expensive software and hardware to create cash for new equipment. "I am stuck on XP because the equipment is too expensive to upgrade" is not an option. Get your accountant to explain this to you.
13 Comments
Active today
Hi John,
Firstly, thanks for making this interesting post. I have a few comments if you don't mind?
I have removed (disabled) IPv6 on "at least" a dozen of various clients workstations because it was causing problems for them by having it enabled in their network adapter.
Disabling IPv6 (not removing it) by just unticking it in the network adapters is not likely (and in my experience) never causes any problems, so I'm not sure if you're referring to removal of the protocol from the adapter completely (ie: uninstalling) or just disabling.
If uninstalling, then I agree it's a bad idea because eventually it will be widely needed, however, if you're referring to just disabling the protocol in adapters, I totally disagree because I've yet to see doing that cause a problem - indeed, as I mentioned earlier, disabling it often solves problems.
Which did you mean?
Classic Shell - 100% free, easy to install, configure and use and works just as well as Start10. I've installed both to client machines dozens of times since Windows 10 was released and they all thanked me for it. Never a problem.
The majority of them are hopeless with anything computer related than what they personally use - Ie: Their practice management software. Helping them is where the bulk of my companies earnings are generated from yearly :)
Cheers... Andrew
Firstly, thanks for making this interesting post. I have a few comments if you don't mind?
IPv6 is here to stay. Removing it can break networking. Do not remove it.
I have removed (disabled) IPv6 on "at least" a dozen of various clients workstations because it was causing problems for them by having it enabled in their network adapter.
Disabling IPv6 (not removing it) by just unticking it in the network adapters is not likely (and in my experience) never causes any problems, so I'm not sure if you're referring to removal of the protocol from the adapter completely (ie: uninstalling) or just disabling.
If uninstalling, then I agree it's a bad idea because eventually it will be widely needed, however, if you're referring to just disabling the protocol in adapters, I totally disagree because I've yet to see doing that cause a problem - indeed, as I mentioned earlier, disabling it often solves problems.
Which did you mean?
SMBv1 is a security hole. Do not enable it.When connected to the Internet, I agree with you there 100%!
Get used to Password Protected sharing and learn how to use it. I wrote an article about this (look in my Articles for Folder Sharing on modern computers). Do not turn passwords off.Again agreed and great advice.
Windows 10 is not Windows 7, does not work like Windows 7 and has dispensed with some old Windows 7 ideas. There is no going back. Get used to it.Workarounds are still available and widely used. Ie: Start10, (Not free but very cheap and works extremely well.
Classic Shell - 100% free, easy to install, configure and use and works just as well as Start10. I've installed both to client machines dozens of times since Windows 10 was released and they all thanked me for it. Never a problem.
You got ransomware from people opening email from strangers. Get a Spam Filter. Train Employees, keep Off-Site backups. It is not a technology problem - it is a management problem.Agreed and again, excellent advice.
Amortize expensive software and hardware to create cash for new equipment. "I am stuck on XP because the equipment is too expensive to upgrade" is not an option. Get your accountant to explain this to you.That's not always possible and as the majority of my client base are Accounting firms, I can tell you from personal experience that an Accountant is the last person you should ask for computer-related advice.
The majority of them are hopeless with anything computer related than what they personally use - Ie: Their practice management software. Helping them is where the bulk of my companies earnings are generated from yearly :)
Cheers... Andrew
Active today
Thank you, Andrew, for your comments.
IPv6 - Here is one article (of many) that supports keeping. We have not removed it at any client on any workstation or any server
https://www.reddit.com/r/sysadmin/comments/138xo2/friendly_reminder_do_not_uncheck_ipv6_on_your/
Windows 7 - I just adapted to and use the new Windows 10 Start menu. Works fine. All our Windows 10 users are very comfortable with it.
Old software / hardware - I have helped clients off old gear. None left. My ISP (large in my area) is slow getting off Windows 7 to manage their infrastructure boxes, but they are slowly getting it done. I do not have much sympathy. I help clients move off old gear and we are all happy.
IPv6 - Here is one article (of many) that supports keeping. We have not removed it at any client on any workstation or any server
https://www.reddit.com/r/sysadmin/comments/138xo2/friendly_reminder_do_not_uncheck_ipv6_on_your/
Windows 7 - I just adapted to and use the new Windows 10 Start menu. Works fine. All our Windows 10 users are very comfortable with it.
Old software / hardware - I have helped clients off old gear. None left. My ISP (large in my area) is slow getting off Windows 7 to manage their infrastructure boxes, but they are slowly getting it done. I do not have much sympathy. I help clients move off old gear and we are all happy.
Active today
Hi John,
Thanks for the article link. I have a paid premium membership I maintain at reddit but that article you've pointed me to has never come up in my feed and I do follow the sysadmin sub-reddit - though I guess it's always possible that I just missed it. I'll be sure to give it a read later on when I have bit more free time. There are a few article submissions in the queue ready for editing at the moment that I want to deal with first.
If you could give me an example website or two to go to, that will cause issues while I have IPv6 disabled, I'd be very grateful because I'd like to see first hand the issues that you say disabling it causes?
I'm always very upfront about costs for workarounds as opposed to just replacing or upgrading hardware and software too, but they still choose the latter and are determined to keep what they've already got. Go figure?
Regards, Andrew
Thanks for the article link. I have a paid premium membership I maintain at reddit but that article you've pointed me to has never come up in my feed and I do follow the sysadmin sub-reddit - though I guess it's always possible that I just missed it. I'll be sure to give it a read later on when I have bit more free time. There are a few article submissions in the queue ready for editing at the moment that I want to deal with first.
We have not removed it at any client on any workstation or any serverI'd say that it's highly likely you've never struck the issues my clients were having or if you did, found and used a different workaround. I can honestly say, however, that unticking the IPv6 option has "never" caused a problem for me or my clients.
If you could give me an example website or two to go to, that will cause issues while I have IPv6 disabled, I'd be very grateful because I'd like to see first hand the issues that you say disabling it causes?
Old software / hardware - I have helped clients off old gear. None left.I have too, but mostly with my business clients. A lot of my home and small business clients are highly price conscious though and very much appreciate when I can find a suitable solution for them that still keeps them secure - and the funny thing is, they'd often rather pay me for an out of the box solution that isn't all that much cheaper than it would have been to just replace the software or hardware they want to keep using.
I'm always very upfront about costs for workarounds as opposed to just replacing or upgrading hardware and software too, but they still choose the latter and are determined to keep what they've already got. Go figure?
I do not have much sympathy.That's where we differ. I listen to them and am sympathetic to their situation and needs. Though I have sacked a few clients in past years because they've refused to accept my recommendations with regards to security so refused to act as administrator for them. In 20+ years of being in business though, I have only ever been sacked by ONE client and I'm quite proud of that :)
I help clients move off old gear and we are all happy.I help them achieve what they want in the best possible way, and they're always happy :-)
Regards, Andrew
Active today
I do not lose clients either. I always work with the Business owner to achieve objectives.
Active today
I do not lose clients either.You're obviously an effective and highly experienced admnistrator and consultant, so that doesn't really surprise me.
Did you notice this request in my last comment though?
If you could give me an example website or two to go to, that will cause issues while I have IPv6 disabled, I'd be very grateful because I'd like to see first hand the issues that you say disabling it causes?
Active today
I saw your comment, but I read through the Reddit article and that influences my thinking. No issues of any kind anywhere keeping IPv6 enabled and no reason at any client anywhere needing to disable it.
Active today
there is a few more things from the past that SHOULD not be used anymore from this century onward:
UNENCRYPTED data transfer
like FTP - use scp or sftp
HTTP - use https
PPTP - use l2tp or better instead
lets not recycle this waste from the 1990's
UNENCRYPTED data transfer
like FTP - use scp or sftp
HTTP - use https
PPTP - use l2tp or better instead
lets not recycle this waste from the 1990's
Active 3 days ago
I've run into trouble with IPv6 before where it was necessary to disable it. The last one I remember was related to some exotic VPN and router conflicts. I agree with Andrew, the on/off switch for IPv6 was a really easy fix and caused no issues. In an ideal world IPv6 would just work. Also in an ideal world buying new equipment might be an option. Alas we don't live in an ideal world.
Active today
We use fairly standard and well known router and VPN boxes and they all seem to work with IPv6. However, all this stuff will evolve over time.
Active today
Instead of disabling it it might be an idea to prioritize IPv4 as a temporary measure. So not remove/disable IPv6, but ask A before AAAA...
Recommended Posts
Formatting a hard drive is enough security if giving a computer away - or is it?
I recently had cause to recount an experience with one of my clients several years ago at another forum.
What's your take? Are you still finding people insist on knowing better? I'm contemplating writing an article on this topic, but it seems so obvious to me that I wonder if it's going to turn out to be a wasted effort?
Regards, Andrew
I recently had cause to recount an experience with one of my clients several years ago at another forum.
A client of mine was once convinced that despite my advice, nothing short of forensic recovery would put his old data at risk when he decided to donate some old workstations to a youth hostel. He wanted me to just delete the partitions the OS was sitting on, format and reinstall Windows. I did that on one machine right in front of him. Then I asked him to give me a few hours with that box on my own.
I returned the machine to him several hours later, with PDF copies of a few of "his" clients Tax Returns (complete with Tax File numbers) and a variety of other highly sensitive data sitting on the computer's desktop ready for the reading on a freshly installed copy of Windows 7 Pro. The entire exercise took about 4 - 5 hours, less than 30 minutes of actual hands-on work on my part. He was so grateful for my taking the time to show him what he was risking that I scored a $200 voucher to a high-end restaurant in Melbourne on top of my fee. Some people just need to physically "see" the proof of the pudding in order to believe.
What's your take? Are you still finding people insist on knowing better? I'm contemplating writing an article on this topic, but it seems so obvious to me that I wonder if it's going to turn out to be a wasted effort?
Regards, Andrew
Active today
*plaaters* = platters *expand* = expand.
*retrievethe* = retrieve the
LoL! Don't you hate it when that happens noci? Ya could have just edited your post by the way :)
New Offensive USB Cable Allows Remote Attacks over WiFi
Be careful where you buy your USB cables folks
https://www.bleepingcomputer.com/news/security/new-offensive-usb-cable-allows-remote-attacks-over-wifi/
Be careful where you buy your USB cables folks
https://www.bleepingcomputer.com/news/security/new-offensive-usb-cable-allows-remote-attacks-over-wifi/
Active today
Hopefully not to late to learn... ;-)
Many people considder USB to be some Serial cable like they used to have for Modems, Printers etc.
USB really is a multi-drop networking standard. And it provides for all kind of adapters like Storage Nodes, Network "routers" (=Usb Ethernet ...), Network camera's (photo equipment), ...
So USB sticks are more like a NAS on a private network then a Disk onto a Pata/Sata cable. The difference is they have no configuration items on most USB equipment.
(Rather like the original SCSI standard, only serial).
The Poison Tap (short version) provides a network adapter, with DHCP and it will provision a network with netmask 0 (so ALL packets sent by your system [ except for the local network you PC is connected to ] go to the PoisonTap..). Which also runs a transparant proxy to hijack connections. and will inject code back into the browser to redirect ALL access through another public site. After the PoisonTap is removed the attack still persists. Allowing an attacker to keep on tapping authentication data.
Many people considder USB to be some Serial cable like they used to have for Modems, Printers etc.
USB really is a multi-drop networking standard. And it provides for all kind of adapters like Storage Nodes, Network "routers" (=Usb Ethernet ...), Network camera's (photo equipment), ...
So USB sticks are more like a NAS on a private network then a Disk onto a Pata/Sata cable. The difference is they have no configuration items on most USB equipment.
(Rather like the original SCSI standard, only serial).
The Poison Tap (short version) provides a network adapter, with DHCP and it will provision a network with netmask 0 (so ALL packets sent by your system [ except for the local network you PC is connected to ] go to the PoisonTap..). Which also runs a transparant proxy to hijack connections. and will inject code back into the browser to redirect ALL access through another public site. After the PoisonTap is removed the attack still persists. Allowing an attacker to keep on tapping authentication data.
Stop using Internet Explorer, warns Microsoft's own security chief
https://www.telegraph.co.uk/technology/2019/02/08/stop-using-internet-explorer-warns-microsofts-security-chief/
Heads up for those of you that might be doing so.
https://www.telegraph.co.uk/technology/2019/02/08/stop-using-internet-explorer-warns-microsofts-security-chief/
Heads up for those of you that might be doing so.
Active today
Fuller quote from the bottom of the article (and I have read others like it)
""We want you to use IE for the sites that need it - what I'm trying to say here is that I hope you don't use it for everything else,” Mr Jackson said in a comment on the blog post.
Microsoft will end support for Internet Explorer 10 in January 2020, while Internet Explorer 11 will remain as the final iteration of the software."
Some servers do not have (and have not been able to update to) IE 11. This was not in the article but I have read it along with the statement that Server updates would be revised to use IE 11. I am not sure about Server 2008 but certainly Server 2012.
""We want you to use IE for the sites that need it - what I'm trying to say here is that I hope you don't use it for everything else,” Mr Jackson said in a comment on the blog post.
Microsoft will end support for Internet Explorer 10 in January 2020, while Internet Explorer 11 will remain as the final iteration of the software."
Some servers do not have (and have not been able to update to) IE 11. This was not in the article but I have read it along with the statement that Server updates would be revised to use IE 11. I am not sure about Server 2008 but certainly Server 2012.