|
evol262 posted:Real talk - 99% odds they're not doing it either, and they think "sysadmin+config management" (or maybe sysadmin+scripting) means "DevOps environment!" Don't sweat it. I got into this stupid argument with a coworker the other day. He said something like "the moment you talk puppet we're in devops..." and it was a hell of a labor to explain that Puppet is configuration management not Devops and he wouldn't say that stupid poo poo if we were talking about VMware Configuration Manager.. I'm glad he's going to be gone soon. He keeps wearing me down with that type of poo poo.
|
# ? Oct 8, 2015 03:16 |
|
|
# ? Jun 2, 2024 03:53 |
|
Danith posted:Real talk - I wiki'd it. Guess it has something to do with Agile development. Congratulations, you are now familiar with devops!
|
# ? Oct 8, 2015 04:06 |
|
One of my 7 or so titles is devops engineer. This means I understand how our product works. We are not in any way a devops shop, despite what our director thinks.
|
# ? Oct 8, 2015 04:06 |
|
Danith posted:What is a DevOps environment? I have an interview coming up and in the job description it says "...familiar with a DevOps environment." At my current place we have a dev team and an ops team on the opposite side of the building and interactions are basically "Hey (dev), blah broke here's the log, ticket number XX" and "hey ops, restart failed job". Am I working in DevOps? http://forums.somethingawful.com/showthread.php?threadid=3467608&pagenumber=191&perpage=40#post446464725
|
# ? Oct 8, 2015 04:09 |
|
Vulture Culture posted:Not going to copy and paste the whole thing again, but here's everything you need to know to not be a dingus for your interview: It deserves to be said again -- this is a great post.
|
# ? Oct 8, 2015 06:12 |
|
go3 posted:Fortinet has the worst GUI ever designed CLI. It takes some getting used to, but the FortiOS CLI is a lot better than the GUI and a lot better documented. In fact, I rarely use GUI on any device. That may be my age or coming from a UNIX background, but I've always found CLI easier to work with and better to do troubleshooting. Doubly so for Cisco and Junipers, both of whom rank very high on my "what the gently caress is this poo poo" as far as GUIs go.
|
# ? Oct 8, 2015 07:35 |
|
.
Chickenwalker fucked around with this message at 03:02 on Mar 1, 2019 |
# ? Oct 8, 2015 11:22 |
|
Chickenwalker posted:I don't really give a poo poo about the interface. Palo Alto's interface is supposed to be good but even that seemed like an overwhelming mess when I demoed it. Whatever I get I'll have to familiarize myself with, I just want to make sure that all the IPS and definitions are up to snuff and that it'll actually catch stuff reliably. Sourcefire is probably still the best IPS on the market, but it requires the installation of the management server and is a lot more complex to manage than simply setting it up and forgetting about it. I typically don't recommend them unless you have someone whose time is going to be at least partially dedicated to security. It's also worth mentioning that Sourcefire isn't fully integrated into the ASA yet. Yeah, it exists as a module and does a good job, but it's still a completely separate part of the box and doesn't even share the same UI or CLI. Cisco plans on doing away with ASDM and integrating it into the Sourcefire web interface sometime in the near future, but it's probably not going to be until Q4 next year at the earliest.
|
# ? Oct 8, 2015 13:06 |
|
We put in Sourcefire a few months ago and while it's pretty cool (hey you who used the Spotify app to get past our web filter, now that's blocked too), it isn't the easiest to configure.
|
# ? Oct 8, 2015 14:36 |
|
GreenNight posted:We put in Sourcefire a few months ago and while it's pretty cool (hey you who used the Spotify app to get past our web filter, now that's blocked too), it isn't the easiest to configure. Wow, glad I don't work at whatever dystopian hellhole you work at.
|
# ? Oct 8, 2015 14:39 |
|
Yeah blocking a legal music streaming service in 2015 does seem a bit... sad. I understand places have rules and bandwidth limitations and am not gonna insult you or your company but, also glad I don't work there.
|
# ? Oct 8, 2015 14:43 |
|
GreenNight posted:We put in Sourcefire a few months ago and while it's pretty cool (hey you who used the Spotify app to get past our web filter, now that's blocked too), it isn't the easiest to configure. Yeah even the stingiest of companies typically get professional services to help them get set up. I've had to lean on our proposals team to stop letting customers demand that we put it in full blocking mode right away, though.
|
# ? Oct 8, 2015 14:45 |
|
Yeah exactly, we had a services company install and set it all up. I just monitor it, and open TAC cases when I can't figure something out. Also, I have zero issues working here. Just steaming music is banned, which is fine. Use your cell phone data plan if you want to stream.
|
# ? Oct 8, 2015 14:53 |
|
If you ever want to know what is not blocked, find the least technical employee in your area. They'll know. Where I'm at, things are under mega-lockdown. No video/audio streaming (including YouTube), no Imgur, nothing that even remotely looks like a social site, even if it's something like a tech blog full of code snippets. However, our ancient semi-retired lady on the night shift grabbed me before I left last night to fix her sound so she could watch Amazon Instant Video.
|
# ? Oct 8, 2015 14:59 |
|
Vulture Culture posted:Not going to copy and paste the whole thing again, but here's everything you need to know to not be a dingus for your interview: I'll second that, just sent to my entire team. Awesome post.
|
# ? Oct 8, 2015 15:05 |
|
Toshimo posted:If you ever want to know what is not blocked, find the least technical employee in your area. They'll know. Guarantee it's a loophole put in there by some C-level person who wanted to shop on Amazon.
|
# ? Oct 8, 2015 15:05 |
|
I'm not sure I could do my job without imgur and this place as a micro-timewaster and steam reliever.
|
# ? Oct 8, 2015 15:20 |
|
psydude posted:Guarantee it's a loophole put in there by some C-level person who wanted to shop on Amazon.
|
# ? Oct 8, 2015 15:30 |
|
I still haven't figured out our company's blocking rules. They block things like Pandora, Spotify, Imgur, stackoverflow and some other stuff, but they allow things like Youtube, Facebook, Amazon, etc. Ironically, facebook is blocked on the guest network (Thank you VPN for bypassing that poo poo), but not on the employee network.
|
# ? Oct 8, 2015 15:53 |
|
It's a bit trickier to block Facebook now that many sites are using Facebook login to authenticate users.
|
# ? Oct 8, 2015 16:01 |
|
Also it's a pain in the rear end to block sites granularity that use https. Cisco Web Security can do it if you want to push down certs to everyone.
|
# ? Oct 8, 2015 16:04 |
|
Vulture Culture posted:It's a bit trickier to block Facebook now that many sites are using Facebook login to authenticate users. Basically this.
|
# ? Oct 8, 2015 16:07 |
|
GreenNight posted:Also it's a pain in the rear end to block sites granularity that use https. Cisco Web Security can do it if you want to push down certs to everyone. Full SSL proxies usually involve talks with the general counsel due to the potential legal ramifications of proxying connections to medical and financial sites, though, so you have to be careful using them. With Facebook and other social media sites permitting credit card and bank transactions, it's gotten even trickier.
|
# ? Oct 8, 2015 16:49 |
|
That is also extremely important. It's even more of a headache here in Canada. Know your laws regarding what traffic you can and cannot intercept and look at.
|
# ? Oct 8, 2015 16:51 |
|
Vulture Culture posted:Gartner? What's wrong with Gartner? Not that I'm trying to imply it's perfect but I will say that a lot of what's I've read is awfully thorough and easy to read even if you aren't in tech. The magic quadrant seems a little meh but again it's still pretty good overall.
|
# ? Oct 8, 2015 17:14 |
|
psydude posted:Full SSL proxies usually involve talks with the general counsel due to the potential legal ramifications of proxying connections to medical and financial sites, though, so you have to be careful using them. Yeah that's why we only manage port 80 traffic and not 443.
|
# ? Oct 8, 2015 17:19 |
|
psydude posted:Full SSL proxies usually involve talks with the general counsel due to the potential legal ramifications of proxying connections to medical and financial sites, though, so you have to be careful using them. Is there any good articles on the legal ramifications of SSL inspection?
|
# ? Oct 8, 2015 17:31 |
|
Japanese Dating Sim posted:Yeah blocking a legal music streaming service in 2015 does seem a bit... sad. I understand places have rules and bandwidth limitations and am not gonna insult you or your company but, also glad I don't work there. My last job blocked users' streaming claiming bandwidth. We had several connections including windstream and 150/50 fios. We never used that much.
|
# ? Oct 8, 2015 17:56 |
|
GnarlyCharlie4u posted:My last job blocked users' streaming claiming bandwidth. We only had 35/5 until recently, and we only block it in the winter when it's busy. Also, picking locks is now apparently a part of IT here (because I know how and have a set).
|
# ? Oct 8, 2015 18:13 |
|
Colonial Air Force posted:Also, picking locks is now apparently a part of IT here (because I know how and have a set). That was your mistake letting people know that you know how.
|
# ? Oct 8, 2015 18:23 |
|
If my employer wants to pay me to do something that's not part of my job description but something I enjoy as a hobby, I'd do it. I don't do lockpicking, but I've been repairing stereos and AV equipment here, which saves them money and it's something I don't mind spending work-hours doing. I also work in a reasonable place and wouldn't get poo poo on if I let that side stuff slide while important work was going on, and if they were a priority they wouldn't heap a bunch of other stuff onto me at the same time.
|
# ? Oct 8, 2015 18:34 |
|
Colonial Air Force posted:We only had 35/5 until recently, and we only block it in the winter when it's busy. This too became part of my job. Most times I'd just vault through the drop ceiling because it's faster. Then again, IT was responsible for cleaning desks, changing lightbulbs, building cubicles, fire safety, office security, process management, business planning, and a sloo of other ridiculous things you probably shouldn't have a trio of computer nerds in charge of. Everyone else in that place was a "sit here, click this, answer this, and don't think" cog.
|
# ? Oct 8, 2015 19:09 |
|
Spent six hours this week setting up single number reach for a client. No matter what I did it kept transferring to voicemail. I was about to lose my mind until he emailed to say it has been transferring to his cell but he hasn't been answering it. Should have been a thirty minute job but the bill is his problem now.
|
# ? Oct 8, 2015 20:17 |
|
Gothmog1065 posted:Is there any good articles on the legal ramifications of SSL inspection? Yeah I'd be interested in this too, I couldn't find any good articles on this after the discussion here.
|
# ? Oct 9, 2015 03:34 |
|
Seeing on how airline WiFi routinely does it, I can't really see how the legal question is that hard when it comes to a company owned computer on a company owned internet connection.
|
# ? Oct 9, 2015 03:47 |
|
fartt
Chickenwalker fucked around with this message at 05:35 on Sep 23, 2018 |
# ? Oct 9, 2015 04:29 |
|
Chickenwalker posted:What's a good freelance consultation/labor rate in NYC? I'm thinking $150/hr, too high? Doing what? What level of expertise?
|
# ? Oct 9, 2015 04:34 |
|
fart
Chickenwalker fucked around with this message at 05:35 on Sep 23, 2018 |
# ? Oct 9, 2015 04:49 |
|
GreenNight posted:Also it's a pain in the rear end to block sites granularity that use https. Cisco Web Security can do it if you want to push down certs to everyone.
|
# ? Oct 9, 2015 04:51 |
|
|
# ? Jun 2, 2024 03:53 |
|
adorai posted:Totally unnecessary. I don't know how other vendors do it, but our fortinet devices are able to inspect the certificate to determine the host name for filtering purposes. It's not a full inspection so we don't get to know the full URL etc.. but it is much better than just allowing all https traffic.
|
# ? Oct 9, 2015 06:09 |