|
 I was super bored at the tiny-rear end MSP that I used to work at. Topped out as sysadmin/PM/architect (for 30-seat offices  ) and I could deploy our environments with my eyes closed. Quit my job, traveled for 9 months. In less than a month since my return I landed a gig at a brand new MSP. Going to be the only technical guy there until they grow, which has me a little antsy, but I got a 40% raise and building a technical organization from the ground up would be quite the feather in my hat.I'm impostering so hard right now. edit: YOTJ is the best new page snipe
|
#
?
Oct 27, 2017 20:41
|
|
|
|
| # ? May 20, 2024 15:45 |
|
|
Happiness Commando posted:
I hope my return is just as smooth. I’ve been off work for 7 months now. Hiked the AT and am currently fumbling around Europe. I’m definitely getting antsy and just want to work again and make money.
|
|
#
?
Oct 27, 2017 20:57
|
|
|
Proteus Jones posted:Pleas include dissertation either supporting or refuting the theory that Alexander Dumas' later works were produced by a stable of ghost writers. Time to reread Club Dumas
|
|
#
?
Oct 28, 2017 00:13
|
|
|
Vulture Culture posted:Some of the very specific product-oriented ones like /r/kubernetes are not terrible but in general Reddit is a horrible thing and should be avoided Sometimes I am very bored at work and reddit has a lot of things to read and all I have learned is crowd sourcing your quality control makes for extremely boring content. Also that layout is balls.
|
|
#
?
Oct 28, 2017 00:25
|
|
|
I hate bringing my work bag through TSA. Every drat time I get flagged for extra screening. This time I took all the weird poo poo out but forgot I had 20 optics rolled up in a rubber band.
|
|
#
?
Oct 28, 2017 01:03
|
|
|
hihifellow posted:Sometimes I am very bored at work and reddit has a lot of things to read and all I have learned is crowd sourcing your quality control makes for extremely boring content. Reddit is the true definition of 'quantity, not quality'. Sometimes interesting discussions or effort posts appear, but good luck finding them under an avalanche of memes and no content garbage.
|
|
#
?
Oct 28, 2017 01:42
|
|
|
Dick Trauma posted:Screw this dumb world; I'm just going to read fiction! Kinda shocked that almost zero people in this thread use twitter.
|
|
#
?
Oct 28, 2017 06:56
|
|
|
Hey let’s spend all this money on a Nexus 9k/3k/2k setup with all this nice 40Gb connectivity and forget that the IPS it goes through only supports 3Gb - aggregated.
|
|
#
?
Oct 28, 2017 12:58
|
|
|
If your data centre traffic goes anywhere near an ips you've already hosed up the topology somewhere
|
|
#
?
Oct 28, 2017 13:53
|
|
|
abigserve posted:If your data centre traffic goes anywhere near an ips you've already hosed up the topology somewhere It’s not in the data center- this is between the 9k and another 9k before that (I should have been more clear) OhDearGodNo fucked around with this message at 14:10 on Oct 28, 2017 |
|
#
?
Oct 28, 2017 13:59
|
|
|
abigserve posted:If your data centre traffic goes anywhere near an ips you've already hosed up the topology somewhere This is not true, but it depends on what you're doing in the datacenter. My project has numbers that horrify network engineers.
|
|
#
?
Oct 28, 2017 21:03
|
|
|
anthonypants posted:I, too, enjoy a nice TheDailyWTF from time to time. I've attempted twitter a few times now, and every time I give up because I have problems filtering out the signal from the noise. I'm still light years ahead of most of my coworkers as far as tech new goes just from reading these threads and a couple podcasts.
|
|
#
?
Oct 28, 2017 21:12
|
|
|
I use Twitter a lot for new and interesting stuff. Follow @SwiftOnSecurity and @Munin then everyone they retweet. I pretty much only check it once or a day, it's not much of a time investment.
|
|
#
?
Oct 28, 2017 22:39
|
|
|
Paladine_PSoT posted:This is not true, but it depends on what you're doing in the datacenter. My project has numbers that horrify network engineers. We push a lot of scientific data and plan around not having an ips anywhere near it (check out "science DMZ") . There is no ips on the market that is suitable for a data centre environment, they all have severe performance limitations. If you have a bunch of tenants I can imagine you'd be stuck having to do it though, though at that point I'd probably say stick to basic firewalling if performance is a concern.
|
|
#
?
Oct 29, 2017 01:12
|
|
|
What do I need to know about working on Sharepoint, aside from increasing my alcohol budget? I would be junior on it, probably mostly doing coding grunt work.
|
|
#
?
Oct 29, 2017 02:47
|
|
|
abigserve posted:If your data centre traffic goes anywhere near an ips you've already hosed up the topology somewhere Ask me about S3 topology... in a single AZ. 
|
|
#
?
Oct 29, 2017 04:58
|
|
|
abigserve posted:We push a lot of scientific data and plan around not having an ips anywhere near it (check out "science DMZ") . There is no ips on the market that is suitable for a data centre environment, they all have severe performance limitations. If your firewall is anything more than a glorified ACL, you’ll hit the same performance concerns. You don’t put an IPS internal within a segmented tenant, but I’ll be drat sure I do when facing an untrusted zone.
|
|
#
?
Oct 29, 2017 05:03
|
|
|
Agrikk posted:Ask me about S3 topology... in a single AZ. Tell me about S3 topology. I want to know
|
|
#
?
Oct 29, 2017 05:08
|
|
|
Methanar posted:Tell me about S3 topology. I want to know After reflection, Im not too sure how much I can share in a public forum. That said, AWS had to basically write it’s own protocol stack because TCP/IP was too slow and too inefficient. This heavily customized version of TCP/IP runs on our own custom switches that are our own hardware and software design that is tailored to our network traffic. The actual storage and retrieval of an object occurs like a hard disk, with a controller on the disk coordinating read/writes to a platter, but in our case the controller is a PC and the platters are other storage PCs and the writes are to multiple storage PCs and reads are pulled from multiple machines and assembled by the controller to be sent to the originator of the request. Let’s just say that some of Netflix’s patterns are things to behold.
|
|
#
?
Oct 29, 2017 05:24
|
|
|
Agrikk posted:After reflection, Im not too sure how much I can share in a public forum. Go on...
|
|
#
?
Oct 29, 2017 05:55
|
|
|
OhDearGodNo posted:If your firewall is anything more than a glorified ACL, you’ll hit the same performance concerns. Yeah of course. The issue is people generally classify untrusted zones too broadly and these causes so many problems when you start putting IPS's/NGFWs in the way. I had one place that classified every department as their own security zone and it's like that's fine but you need to accept the issues with doing so. You could also reasonably make a case that IPS systems are no way worth the tradeoffs in anything other than a gateway (i.e internet facing) environment but to each their own!
|
|
#
?
Oct 29, 2017 05:57
|
|
|
Agrikk posted:After reflection, Im not too sure how much I can share in a public forum. FYI anyone interested in this, Barefoot networks is starting to build the silicon so theoretically anyone will be able to do this, not just the big boys with enough money and people to throw at it
|
|
#
?
Oct 29, 2017 06:03
|
|
|
abigserve posted:FYI anyone interested in this, Barefoot networks is starting to build the silicon so theoretically anyone will be able to do this, not just the big boys with enough money and people to throw at it Companies like OVH, DreamHost, and Backblaze do it (block storage) with off the shelf networking don’t they?
|
|
#
?
Oct 29, 2017 11:51
|
|
|
abigserve posted:Yeah of course. The issue is people generally classify untrusted zones too broadly and these causes so many problems when you start putting IPS's/NGFWs in the way. I had one place that classified every department as their own security zone and it's like that's fine but you need to accept the issues with doing so. I love asking people, “where do you think the DMZ ends?” Because I always get a different answer. Where do you want to implicitly trust communications on a tiered environment? There are so many answers that span specific requirements. How is the domain structured? How do different domains (if more than one) communicate, and what level of trust is there? Who are you federated with? So when people say a NGFW or network IPS/IDS doesn’t have value, I often wonder what is being used to come to the conclusion. When it comes to a data breach, the RO should be zero. Look at the impact of Equifax. Why was there no DAM solution to make sure the queries weren’t out of the ordinary? How many times can you let a breach happen? One time- so it’s such a tricky sell to put these in place when many responses are always, “are these necessary when we have never been owned?” You don’t always need to have an IPS potentially throttling traffic. If you worry about the aggregate throughput, just span the poo poo and use orchestration (or better yet pxGrid/openDXL) to tie in with a host agent. Run that as well as a good data access management solution, and that would have no real impact on east-west traffic but would mitigate the ability of a compromising entity to travel within a trusted zone. It’s still an IPS solution, however more targeted.
|
|
#
?
Oct 29, 2017 14:46
|
|
|
OhDearGodNo posted:I love asking people, “where do you think the DMZ ends?” Because I always get a different answer. Where do you want to implicitly trust communications on a tiered environment? There are so many answers that span specific requirements. How is the domain structured? How do different domains (if more than one) communicate, and what level of trust is there? Who are you federated with? Yeah there are a million different variables that can impact how you want to segment your network. However, using an IPS as a piece of that segmentation rarely yields useful results because all network-based IPS's are signature and sandboxing based, and they are best at detecting attacks that are unlikely to be seen as part of an east-west vector unless you are in a hosting position where multiple networks are basically seperate entities and share no infrastructure or management with each other. My biggest point I try to stress to people is that it is no longer solely the job of the network to keep the clients secure - as engineers (or architects) we can contribute to it through smart design and the use of relevant technologies but the underlying responsibility is with the application owners. If your server is vulnerable to Attack A, it is up to you to ensure that threat is remedied, not relying on network elements to prevent the threat from ever making it to you in the first place. Your example of DAM is perfect as one of many ways app owners can be proactive in the protection of their own servers, and it's way more powerful than anything we can implement on the network. And if people can't be bothered implementing these sorts of fixes (and hoo boy I'm sure you get as much "we can't patch this server because it'll break everything" as I do) then ripperoni pepperoni, I'm not designing my topology around your poorly designed stuff.
|
|
#
?
Oct 29, 2017 23:54
|
|
|
Bob Morales posted:Companies like OVH, DreamHost, and Backblaze do it (block storage) with off the shelf networking don’t they?
|
|
#
?
Oct 30, 2017 00:41
|
|
|
Conference presentations are a good source. Most webscale organizations are facing the same infrastructure problems as far as distributed systems are concerned. Some are just further along the maturity curve than others.
|
|
#
?
Oct 30, 2017 00:49
|
|
|
MC Fruit Stripe posted:This is the kind of knowledge where I just have to ask, where does one learn this? I mean that these companies are doing X Y and Z. I feel so out of the loop compared to you guys. Go to YouTube and search for an AWS service. You will find all manner of interesting stuff at the 300-400 level that was presented at various re:Invents over the years. That’s a good place to start.
|
|
#
?
Oct 30, 2017 05:33
|
|
|
So strangely enough I'm being fast-tracked for a DevOps role even though I possess none of the skillset. I know powershell fairly well and have written some fairly complicated scripts, but I'm pretty far from what anyone would consider a coder. Since "DevOps" is broad as hell, this is focused on automation and Azure Pack, which will eventually transition to Azure proper. The team that spearheads all of this utilizes (from what I've been able to glean) Packer and Terraform for most of their rollouts. Not sure what they're using for actual provisioning yet. Feeling a little overwhelmed because I don't really know where to start. I've begun messing around with Packer/Vagrant to get a feel for certain things, but I'd appreciate any direction you ~*Cloud Architects*~ can provide. I'm sure I can get it, but this is absolutely outside of my wheelhouse. Is there a place that would be best for me to start at?
|
|
#
?
Oct 30, 2017 05:37
|
|
|
DevOps is confusing but I can say Azure Pack is now Azure Stack. It’s basically hyper-converged infrastructure but runs Microsoft Azure PaaS solutions but on your own hardware.
|
|
#
?
Oct 30, 2017 06:04
|
|
|
I'm in a powershell slack group. where I mostly absorb and test the stuff they talk about. But that and this forum is where I read up on IT stuff.
|
|
#
?
Oct 30, 2017 11:48
|
|
|
HR just invited me to a meeting to talk about my employment contract. It's this friday. This is going to be a long week.  I had kicked this off by asking my boss. whether or not my contract gets extended. My boss and the CEO have said yes. So I hope this is just to sign the contract with HR to extend it. This reasoning leads me to believe it's positive, but I can't shake the feeling that it may not be extended.
|
|
#
?
Oct 30, 2017 12:11
|
|
|
Sefal posted:HR just invited me to a meeting to talk about my employment contract. It's this friday. This is going to be a long week. Not to try and scare you, but if you didn’t have to worry they probably would’ve told you what the meeting would be for. Like: “Hey I scheduled a meeting with HR to get you the extension you asked me about”. Start looking so you don’t get caught with your pants down and hope you don’t need it. Unannounced meetings with HR usually don’t mean good news.
|
|
#
?
Oct 30, 2017 12:27
|
|
|
LochNessMonster posted:Not to try and scare you, but if you didn’t have to worry they probably would’ve told you what the meeting would be for. Like: Thank you for this post. I was feeling uneasy about it. So I gathered up my courage and went to HR to see what this was about. Turns out it's all fine. The contract will be extended. Just need to sit down with HR, my boss and sign it this Friday.
|
|
#
?
Oct 30, 2017 14:16
|
|
|
Anybody have any ideas on how to force Outlook 2016 to prompt for credentials? I've got a user who wants "an extra layer of security" when she accesses her e-mails. I've tried deleting all stored credentials in Credential Manager but that doesn't have any effect. I also tried to check the "always prompt for login credentials" box in the e-mail profile settings, but that is grayed out. I'm on Office 365 if that makes any difference.
|
|
#
?
Oct 30, 2017 15:23
|
|
|
Scheduling meetings that directly involve your career for days in advance without telling you the meeting content is one of the things I hate the most about HR. Gee assholes, maybe take a moment to think about the implications of a blind, surprise meeting with a subject of “your contract”. Now think of the tailspin you might cause if you schedule that meeting for five, seven, ten days from now. What would it have taken to send a meeting invite with a title of “your contract” and a body of “this is a routine meeting to renew your contract. You are doing great here and we’d like to extend it.”
|
|
#
?
Oct 30, 2017 15:29
|
|
|
Agrikk posted:Go to YouTube and search for an AWS service. You will find all manner of interesting stuff at the 300-400 level that was presented at various re:Invents over the years. Yeah AWS posts all their webinars on youtube https://www.youtube.com/watch?v=channel?UCT-nPlVzJI-ccQXlxjSvJmw Basically signing up for a free account and playing around helps if you don't have actual infrastructure currently. Also reading the blog helps to learn what is new and hot you can learn about how services work https://aws.amazon.com/blogs/aws/
|
|
#
?
Oct 30, 2017 15:33
|
|
|
Sefal posted:Thank you for this post. I was feeling uneasy about it. So I gathered up my courage and went to HR to see what this was about. Glad it turned out to be nothing and congrats on your extension!
|
|
#
?
Oct 30, 2017 15:49
|
|
|
MF_James posted:Has anyone used Egnyte or heard from someone that does? My fiancée's work currently uses google drive for filesharing needs, they are a 10 person company, no domain or anything, hosted VOIP solution blah blah blah. They fall under HIPAA (google is compliant apparently, I have never looked) and the owner + another person complain that google drive is hard and want something more user friendly, Egnyte came up and I'm trying to ask around since I have no loving clue. Hey, this is old, but we looked at it a few years ago and Box just beat the poo poo out of it on every level.
|
|
#
?
Oct 30, 2017 19:13
|
|
|
|
| # ? May 20, 2024 15:45 |
|
|
Today I witnessed a Christmas miracle. Phishing attempts have been pretty consistent lately. User gets random attachment, that user open attachment, that user then gives the internet their office 365 user information. The fake office 365 pages they have fell for are awful. Attackers are even putting in effort anymore. Some of them have looked like MSpaint jobs. Last week we went through extensive user education. Users were shown examples of lots of phishing emails and the general attack types. The training was well thought out and executed. People were told that real consequences were going to happen if they leak their sign on information this way. Everyone attended from the CEO down. The CEO even sent out an email saying his patience was exhausted. Fast forward to this morning where we find out someone has been compromised. I put together the timeline of events. The employee changed his password at 9:30 that morning as required of his entire department. The employee attends training at 10. The employee then after training at 12:30 open an attachment with a phishing hyperlink. Visits the webpage, enters his credentials. The employee then gets an email from the company with the compromised account that sent him the previous phishing email he fell for saying that they had sent out the compromised link and apologized. The employee then read the email, deleted it, and then deleted it from his trashcan. The employee never tells another soul and goes about his week like nothing happened. They walked him out with all his poo poo about 30 minutes ago. Apparently he admitted to falling for the phishing attack and then not telling anyone.
|
|
#
?
Oct 30, 2017 19:49
|
|
