|
I'm not a lawyer, but the words "may" and "shall" have very specific meanings.
|
#
?
Oct 20, 2015 20:48
|
|
|
|
| # ? May 18, 2024 08:15 |
|
|
I'm not surprised that they are trying something like that. I wonder if some companies just bet they will make more money off of people obeying than they will lose on lawsuits.
|
|
#
?
Oct 20, 2015 21:18
|
|
|
22 Eargesplitten posted:I'm not surprised that they are trying something like that. I wonder if some companies just bet they will make more money off of people obeying than they will lose on lawsuits. I would bet you're somewhat correct, risk analysis and all that, same poo poo as with car recalls and things like that. Although I would think a financial institution would have enough lawyers on staff that know employment law well enough that they're figuring either A) any lawsuits will get thrown out for some reason or B) this is not illegal for some reason. *edit* v-- yeah, I mean, they could just be accepting the risk that they will get sued. Perhaps getting sued < $savings from outsourcing + a few people actually helping for free MF_James fucked around with this message at 23:01 on Oct 20, 2015 |
|
#
?
Oct 20, 2015 21:43
|
|
|
MF_James posted:I would bet you're somewhat correct, risk analysis and all that, same poo poo as with car recalls and things like that. Although I would think a financial institution would have enough lawyers on staff that know employment law well enough that they're figuring either A) any lawsuits will get thrown out for some reason or B) this is not illegal for some reason. Well if there's one thing financial institutions are known for, it's definitely following the law.
|
|
#
?
Oct 20, 2015 22:32
|
|
|
Methanar posted:I suppose you could call this internal documentation. I feel like I should freak out about this. Should I freak out about this? Guest and Internal traffic co-mingling on the same VLAN with nothing but a subnet, DNS, DHCP and happy thoughts to separate them? ... or does the AP have 2 LAN interfaces? "we do not want to allow any threat." - Then ya put 'em on their own goddamned VLAN!!!!
|
|
#
?
Oct 20, 2015 23:07
|
|
|
I guess doing it this way means the load of enforcing ACLs can be done on the AP rather than carried back to a switch/router. I would prefer to keep all my firewall rules in one place but I've had to put APs on other people's networks where their side wasn't interested in sorting out VLANs and firewalls etc. so the guest access and rate limiting was done on the AP.
|
|
#
?
Oct 20, 2015 23:13
|
|
|
My last company, with contracts with some of the biggest retail stores and insurance companies in the country, tried to force people to work unpaid. I'm currently trying to get in on that class-action lawsuit.
|
|
#
?
Oct 20, 2015 23:14
|
|
|
Lord Dudeguy posted:I feel like I should freak out about this.  Maybe this is still stupid and wrong, if it is please tell me. Each SSID is on it's own subnet. As in people who authenticate to Guest get 192.168.1.0/24 and people who authenticate to Users get 192.168.10.0/24. People in Guest cannot communicate to other people connected to Guest either. The AP, the default gateway for both subnets in both SSIDs, passes both to the firewall and the firewall has these allowances - anyone to get out to the WAN - LAN SSID to get to the production network - production network to get to the LAN SSID Then the denies prevents the guest network from doing anything other than going right to the internet. 
Methanar fucked around with this message at 23:56 on Oct 20, 2015 |
|
#
?
Oct 20, 2015 23:45
|
|
|
I'm no network engineer but I'm don't think the use of the phrase "Each SSID is own it's own subnet" is correct. If the default gateway of the Guest Wireless Network is to the internet/firewall that seems secure but I think you'd still want to have separate VLANs?
|
|
#
?
Oct 20, 2015 23:50
|
|
|
my guess is that it uses snooping, arp inspection, and client isolation to protect the networks from each other.
|
|
#
?
Oct 20, 2015 23:53
|
|
|
Separating SSIDs onto separate subnets/VLANs is normal. Using a firewall to physically segment each subnet on your network is adorably 1994, though. Don't worry guys, our firewall supports routing and has a bunch of interfaces so we don't need a core switch anymore!
|
|
#
?
Oct 21, 2015 00:20
|
|
|
psydude posted:Separating SSIDs onto separate subnets/VLANs is normal. Using a firewall to physically segment each subnet on your network is adorably 1994, though. Don't worry guys, our firewall supports routing and has a bunch of interfaces so we don't need a core switch anymore! 
|
|
#
?
Oct 21, 2015 01:54
|
|
|
Anyone ever feel like you kinda "chose wrong"? I love being a sys admin. I love projects. VMware is still the greatest thing in the world. But I work so closely with developers that I always feel like they're actually creating a product and I just throw servers at a problem. I don't know, I'm 33, I guess it's too late to change course (because I am not starting over at square one), but I do find myself wishing that I created something rather than just provided the infrastructure.
|
|
#
?
Oct 21, 2015 02:35
|
|
|
MC Fruit Stripe posted:Anyone ever feel like you kinda "chose wrong"? I love being a sys admin. I love projects. VMware is still the greatest thing in the world. That feeling is why I try my hand at woodworking and motorcycle-wrenching. You get the satisfaction of creating something, and it's a distraction from work at the same time.
|
|
#
?
Oct 21, 2015 02:45
|
|
|
MC Fruit Stripe posted:Anyone ever feel like you kinda "chose wrong"? I love being a sys admin. I love projects. VMware is still the greatest thing in the world. Sure but on the other hand doing programming and math all day is the most gruesomely boring poo poo in the universe. If I ever want to create something I'm gonna moonlight as a Kickstarter inventor.
|
|
#
?
Oct 21, 2015 02:46
|
|
|
MC Fruit Stripe posted:Anyone ever feel like you kinda "chose wrong"? I love being a sys admin. I love projects. VMware is still the greatest thing in the world. Why would you start over at square one? Learn dev, do one of them devops jobs for a bit so you can leverage your sysadmin experience into a decent position that also gives you dev type experience, then stop the ops part out when you change jobs again.
|
|
#
?
Oct 21, 2015 02:55
|
|
|
The real problem would be if the guest and LAN ssids were the same broadcast domain. So, if you can tcpdump after authenticating as a guest and see arps and poo poo from people in lan you might have an issue. I've only ever configured cisco aironets for wireless stuff, but as long as in the process of creating two separate "ssids" you have two separate "interfaces" (they can be logical instead of physical), you're probably fine. I believe you're allowed to configure multiple ssids on top of the same interface in an aironet (IIRC it goes intDot11Radios have ssids which have vlans), but that may not be the case with fortigate stuff. At least in the cisco world, in my experience, you generally have to try and/or know what you're doing to extend a vlan across two discrete subnets. I highly doubt that fortigate would just casually let you do this, and I imagine the issue stems from idiosyncrasies in documentation or names of things that you click on in a GUI. So, I guess what I'm saying is, (in my experience) people tend to really extremely feel that vlan = subnet = ssid. That isn't necessarily true, but the wording of the documentation doesn't instill a ton of confidence in me that the writer actually knows about what the problem might be. You can use policy-based routing to control some facsimile of "permissions", yeah, but that doesn't mean that somebody sitting in the same broadcast domain can't just sit there and look at all your (broadcast) poo poo. 12 rats tied together fucked around with this message at 03:41 on Oct 21, 2015 |
|
#
?
Oct 21, 2015 03:32
|
|
|
RFC2324 posted:Why would you start over at square one? Learn dev, do one of them devops jobs for a bit so you can leverage your sysadmin experience into a decent position that also gives you dev type experience, then stop the ops part out when you change jobs again. I switched at 30. Your skills at doing systems stuff make you more valuable. Definitely not square one.
|
|
#
?
Oct 21, 2015 04:19
|
|
|
Enabling network isolation on the guest wifi is pretty much plenty for most scenarios, and every wifi router in the past 5 years should support that. Still, I had an old school boss at my last job who didn't trust that. Not only did he not trust network isolation, he didn't trust VLANs. He insisted on putting the guest wifi on an entirely different cable modem and switch. I can't fault him for it though, it wasn't much extra expense and there's nothing to gently caress up. --- In other network news, I'm trying to write up a job description for a remote site in the UK. I need one person to do half CCNA-level fixing up of our switching/routing/wifi/VPN over there (and have them remote in to our other sites and admin those too), and half sysadmin / computer janitor stuff. Is there any way I can attract someone with a solid networking background and self-reliant, but not have them get resentful when they're stuck ghosting/inventorying laptops or some other drudgery? I'm just trying to decide what tack I can take to get the right applicant excited but not have it turn out as a bait-and-switch for them.
|
|
#
?
Oct 21, 2015 04:44
|
|
|
I know I posted something earlier and I'm just on to a new topic, but I have to just share this. One of our network engineers could do the DBAs job, the sys admin's job, the manager's job, my job, your job, your dad's job. But he is VERY heavily accented. If you haven't known him for 3 years like I have, he is incredibly difficult to understand. This leads to people who aren't in our department treating him like, or assuming he is, an idiot. And I just find this to be uproarious, because holy poo poo dude do you even know who you are talking to? DO YOU EVEN KNOW? Basic reminder, Americans: if someone is speaking your language, but has a heavy accent, they were at least smart enough to learn two languages, so why don't you check yourself.
|
|
#
?
Oct 21, 2015 06:51
|
|
|
Zero VGS posted:Is there any way I can attract someone with a solid networking background and self-reliant, but not have them get resentful when they're stuck ghosting/inventorying laptops or some other drudgery? Be up front about it, and offer a bunch of money.
|
|
#
?
Oct 21, 2015 07:01
|
|
|
Zero VGS posted:In other network news, I'm trying to write up a job description for a remote site in the UK. I need one person to do half CCNA-level fixing up of our switching/routing/wifi/VPN over there (and have them remote in to our other sites and admin those too), and half sysadmin / computer janitor stuff. Is there any way I can attract someone with a solid networking background and self-reliant, but not have them get resentful when they're stuck ghosting/inventorying laptops or some other drudgery? I'm just trying to decide what tack I can take to get the right applicant excited but not have it turn out as a bait-and-switch for them. How much freedom is there for better solutions? If you got a motivated person who wanted to implement a more modern imaging system, would that be okay?
|
|
#
?
Oct 21, 2015 07:43
|
|
|
Zero VGS posted:Enabling network isolation on the guest wifi is pretty much plenty for most scenarios, and every wifi router in the past 5 years should support that.
|
|
#
?
Oct 21, 2015 18:49
|
|
|
Zero VGS posted:In other network news, I'm trying to write up a job description for a remote site in the UK. I need one person to do half CCNA-level fixing up of our switching/routing/wifi/VPN over there (and have them remote in to our other sites and admin those too), and half sysadmin / computer janitor stuff. Is there any way I can attract someone with a solid networking background and self-reliant, but not have them get resentful when they're stuck ghosting/inventorying laptops or some other drudgery? I'm just trying to decide what tack I can take to get the right applicant excited but not have it turn out as a bait-and-switch for them. I'll fly in on a FFP contract and overhaul the network piece for you so you don't have to pay a full time person to do it. Then you can hire a MSP to provide a desktop guy to do the rest.
|
|
#
?
Oct 21, 2015 18:59
|
|
|
I'm interviewing for a junior network administrator position on Friday. Is there any sort of list of "Know This poo poo" I should look at for networking? I have been studying for the CCNA, but I'm still on the CCENT section, so I don't know anything about (for example) Spanning Tree Protocol.
|
|
#
?
Oct 21, 2015 23:14
|
|
|
22 Eargesplitten posted:I'm interviewing for a junior network administrator position on Friday. Is there any sort of list of "Know This poo poo" I should look at for networking? I have been studying for the CCNA, but I'm still on the CCENT section, so I don't know anything about (for example) Spanning Tree Protocol. Know basic networking. What's a frame? What's a packet? Where do they fit on the OSI model? What is the OSI model? What's a MAC address and an IP address? What are the 3 RFC1918 private address spaces? How does a layer 3 device resolve a MAC address to an IP address and vice versa? How does a packet move through a network? What are different types of network devices and what do they do? What's a routing protocol? What's a route? What's NAT? I've recently interviewed a couple people people who claim they are "working on their CCNA" and couldn't answer some of those basic questions. It did not do them any favors. e: Probably know some poo poo about systems administration as well. What's Active Directory? What's Group Policy? What's LDAP? What is the client-server model? psydude fucked around with this message at 23:26 on Oct 21, 2015 |
|
#
?
Oct 21, 2015 23:23
|
|
|
22 Eargesplitten posted:I'm interviewing for a junior network administrator position on Friday. Is there any sort of list of "Know This poo poo" I should look at for networking? I have been studying for the CCNA, but I'm still on the CCENT section, so I don't know anything about (for example) Spanning Tree Protocol. Do you mean STP? Because you're going to need to use the right acronym here or flosofl will come after you. And god help you if you think that means shielded twisted pair, because in that case you're fired and will never be allowed to hold an IT job ever again.
|
|
#
?
Oct 21, 2015 23:25
|
|
|
RFC2324 posted:Be up front about it, and offer a bunch of money. That's the plan, I'm aiming for the generous side of competitive and doing my best communicating in the job listing that you're gonna have to turn some screwdrivers and not just do everything over telnet. Dr. Arbitrary posted:How much freedom is there for better solutions? If you got a motivated person who wanted to implement a more modern imaging system, would that be okay? I'm all for improvements as long as they can be exported to the home office as well. We have 300 Wintel users here and 50 there, the only problem is we have a few tech saavy sales engineers reinventing the wheel over there since there's no dedicated support. Each step I take to unify our process is undone by their wild-west stuff. Vulture Culture posted:Contract to an MSP. Get one of their contractors to handle the network stuff on a project basis and their CJ team to handle basic day-to-day operational stuff. You're not going to find anyone over 21 able and willing to do this job. We have an MSP there, each year they cost us $200k in wages and $200k in equipment, they are on-site for maybe an hour a week if I'm lucky (their net engineer tells me himself they're just slave-driving him from site to site and spreading him too thin to be effective), and their boss seems to be a salesman so he's constantly pushing gear/systems that are overkill yet don't mesh with anything we're trying to accomplish. I'm sure I can at least halve both of those figures and improve the quality and cohesion of everything if I can just get someone dedicated to us. But mostly the MSP just shows no pride in their work. Over here I treat my place like it was my ship back in the Navy; over there it's just all an afterthought to the contractors. psydude posted:I'll fly in on a FFP contract and overhaul the network piece for you so you don't have to pay a full time person to do it. Then you can hire a MSP to provide a desktop guy to do the rest. I would but I'm afraid like I'll still need additional network fixing and improvements frequently enough that we'd get better ROI with a permanent employee, especially since overall wages are lower in that part of the UK than our other sites and I can keep them plenty busy with remote administration on our sides. It's really close on the fence between getting some desktop schmo or having someone good in our pocket that we have to work to keep busy. We're approved to hire someone fancy so I want to go for it for a change. Zero VGS fucked around with this message at 23:54 on Oct 21, 2015 |
|
#
?
Oct 21, 2015 23:52
|
|
|
$200k to an MSP sounds slightly insane.
|
|
#
?
Oct 21, 2015 23:59
|
|
|
Which one of you info sec goons wrote a PowerPoint featuring a HIPAA hippo because drat that was corny. And also lost on nearly everyone because this is a sales department orientation, brah!
|
|
#
?
Oct 22, 2015 00:04
|
|
|
Zero VGS posted:I would but I'm afraid like I'll still need additional network fixing and improvements frequently enough that we'd get better ROI with a permanent employee, especially since overall wages are lower in that part of the UK than our other sites and I can keep them plenty busy with remote administration on our sides. It's really close on the fence between getting some desktop schmo or having someone good in our pocket that we have to work to keep busy. We're approved to hire someone fancy so I want to go for it for a change. New offer: I'll be your remote office bitch in the UK for $150k in wages, $100k in equipment, and relocation and promise super duper hard I will be on site at least 25 hours a week.
|
|
#
?
Oct 22, 2015 00:08
|
|
|
psydude posted:Know basic networking. What's a frame? What's a packet? Where do they fit on the OSI model? What is the OSI model? What's a MAC address and an IP address? What are the 3 RFC1918 private address spaces? How does a layer 3 device resolve a MAC address to an IP address and vice versa? How does a packet move through a network? What are different types of network devices and what do they do? What's a routing protocol? What's a route? What's NAT? Interviewed a guy from HP to come in and work with ArcSight content who was failing so hard despite a baller resume we threw him a bone with "what's RFC1918". Didn't know. It's almost like the real dude couldn't make the interview so they grabbed somebody from HP Accounting.
|
|
#
?
Oct 22, 2015 00:19
|
|
|
Thanks Ants posted:$200k to an MSP sounds slightly insane. I thought that looked whack too but everyone in the UK keeps trying to tell me that's just the way things are in the UK. I already saved them a bajillion bucks just by buying a few dozen laptops off eBay ($400 each for me, $1600 for the same exact SKU from their vendor) and flying over there to set them up myself but that's not sustainable for my sanity because their food is loving poo poo over there.
|
|
#
?
Oct 22, 2015 00:20
|
|
|
If you can handle the whole immigration thing, I know a couple of people chomping at the bit to do that Exact Job for like $40k usd. Pretty strange that there aren't people like that in the UK.
|
|
#
?
Oct 22, 2015 00:38
|
|
|
The problem is that the sorts of people happy to image laptops aren't the types that you'd want touching your network. If you found someone who was eager enough to drop into their first IT Manager role from higher support tiers then they'd want to make the role their own and not really just be remote hands for a US team. I don't know who you're listening to but $200k annually for an hour a week definitely isn't the norm. What part of the country are you looking for this to cover?
|
|
#
?
Oct 22, 2015 00:42
|
|
|
Thanks Ants posted:The problem is that the sorts of people happy to image laptops aren't the types that you'd want touching your network. If you found someone who was eager enough to drop into their first IT Manager role from higher support tiers then they'd want to make the role their own and not really just be remote hands for a US team. Berkshire county, and I swear I want to give the person a lot of autonomy, just not when it involves overcomplicating things. I can't count how many three-year contacts we're stuck with for bullshit-as-a-service and either not using whatsoever or cramming somewhere to feel better about the purchase, all because people two years before I got here couldn't show any restraint. Reiz posted:If you can handle the whole immigration thing, I know a couple of people chomping at the bit to do that Exact Job for like $40k usd. Pretty strange that there aren't people like that in the UK. I'd happily double it for a strong CCNA or a new CCNP and that's better than all the listings in the area are offering, the trick is finding someone who's ambition is in line with getting paid more for what they know then what they actually have to do most of the time. The lack of IT talent there is costing us more than the premium to obtain it. Zero VGS fucked around with this message at 01:03 on Oct 22, 2015 |
|
#
?
Oct 22, 2015 00:58
|
|
|
internet jerk posted:"what's RFC1918" This is a surefire way to only end up hiring people exactly like the interviewer and excluding a ton of competent candidates. Try using open ended questions to find out what they know instead of focusing on if they know the specific answer you are looking for.
|
|
#
?
Oct 22, 2015 01:03
|
|
|
Zero VGS posted:Berkshire county, and I swear I want to give the person a lot of autonomy, just not when it involves overcomplicating things. I can't count how many three-year contacts we're stuck with for bullshit-as-a-service and either not using whatsoever or cramming somewhere to feel better about the purchase, all because people two years before I got here couldn't show any restraint. I honestly can't work out how you're spending that sort of cash unless it's got a ton of other services wrapped it in and you went to one of the huge providers like BT, HP etc.
|
|
#
?
Oct 22, 2015 01:03
|
|
|
I know there's a bunch of goons who work on Epic, and our hospital is in the preliminary phases of moving to Epic. I want to kind of be ahead of the game, is there anywhere to talk to goons about it? Their certifications standards and whatnot?
|
|
#
?
Oct 22, 2015 01:10
|
|
|
|
| # ? May 18, 2024 08:15 |
|
|
internet jerk posted:Interviewed a guy from HP to come in and work with ArcSight content who was failing so hard despite a baller resume we threw him a bone with "what's RFC1918". Didn't know. It's almost like the real dude couldn't make the interview so they grabbed somebody from HP Accounting. You and me both know what rfc 1918 is but still a very specific question to know offhand that doesn't mean a whole lot. Asking questions about private address space (what is 172.16.0.0/12 an example of? What is the final usable address? Why is it important?) would be better than just knowing trivia like which rfc defined private address space. That's just my opinion. If the guy was failing the interview entirely that's different. Methanar fucked around with this message at 01:26 on Oct 22, 2015 |
|
#
?
Oct 22, 2015 01:23
|
|