|
Question: I have inherited some cloud networks that were set up by horribly overworked employees and vendors of some absolute garbage-tier software, so I don't trust them to be configured anywhere close to securely. If I have time, is there a reason not to nmap every single one of them just basically as a security audit? Keep an eye out for ports that shouldn't be open, devices that we don't have in our inventory?
|
#
?
Dec 7, 2021 22:31
|
|
|
|
| # ? May 28, 2024 18:37 |
|
|
22 Eargesplitten posted:Question: I have inherited some cloud networks that were set up by horribly overworked employees and vendors of some absolute garbage-tier software, so I don't trust them to be configured anywhere close to securely. If I have time, is there a reason not to nmap every single one of them just basically as a security audit? Keep an eye out for ports that shouldn't be open, devices that we don't have in our inventory? Yeah dude run an external nmap. I've used hackertarget to scan once a day and send an email about any changes
|
|
#
?
Dec 7, 2021 22:40
|
|
|
skipdogg posted:I just feel this thread can set some unrealistic expectations sometimes, and for the lurkers and other non-regulars we should maybe try to temper those. Sometimes we make it seem like there's just 150K a year jobs out there everywhere to be had and if you're not making figgies well you are less than, or you shouldn't need a resume because people are bombarding your inbox with job offers. Those things happen, but they're not the norm. I joined this forum over 15 years ago (so old). Like I was a stupid kid doing desktop support. A lot of us are well into our careers at this point and it shows. Everyone has to start somewhere, important to keep in mind. I will say that these threads have been hugely beneficial to my career as well. I got a lot of advice over the years, and seeing other people be successful doing similar work was always helpful in motivating me to take that next cert of get into something I thought was over my head.
|
|
#
?
Dec 7, 2021 22:41
|
|
|
Agrikk posted:VoIP in the home question: When you say "landline", do you mean actual copper wires? I know Verizon would be perfectly happy to sell me VoIP service through the fiber, and it'd bill probably about the same. But I have good cell signal, and I turned on wifi calling within my phone. skipdogg posted:Oh I agree 100% thats the goal That's very true. I'm doing well for myself because I've worked hard and gotten lucky. I know my poo poo (Windows, AD, Infrastructural Azure), and I can demonstrate it with hard numbers and specific examples. I'm also obviously a cishet WASP man, and my picture on LinkedIn shows that. With ~20 years of experience, I'm got a comfortable, good income. That hasn't always been the case. My goal has been to offer a hand to those behind me and show where they can be, not trying to brag about how great I currently am. Do I always succeed? Probably not. But it's good to explicitly state that objective, I think. 22 Eargesplitten posted:Question: I have inherited some cloud networks that were set up by horribly overworked employees and vendors of some absolute garbage-tier software, so I don't trust them to be configured anywhere close to securely. If I have time, is there a reason not to nmap every single one of them just basically as a security audit? Keep an eye out for ports that shouldn't be open, devices that we don't have in our inventory? It probably won't hurt, but I'd be more concerned about intentional back-doors the vendors may have created. They may be well-intentioned, but that doesn't mean they're secure or a good idea. For Azure, I'd go over Conditional Access Policies and their associated exceptions, as well as network access policies applied to VMs, vNets, and services. Not sure what the associated concepts are on AWS. Wizard of the Deep fucked around with this message at 22:54 on Dec 7, 2021 |
|
#
?
Dec 7, 2021 22:49
|
|
|
Yeah, I was gifted this account from a co-worker back when I was making 13 bucks an hour doing DSL tech support. Shoutout to my former 2Wire peeps if there are any left around here. I turned 40 this year. 
|
|
#
?
Dec 7, 2021 22:51
|
|
|
This AWS business is lasting real long, basically the entire workday. How many of their 'nines' are going to be affected by this and I wonder about the contractual liability?
|
|
#
?
Dec 7, 2021 22:58
|
|
|
Inner Light posted:This AWS business is lasting real long, basically the entire workday. How many of their 'nines' are going to be affected by this and I wonder about the contractual liability? More like nine fives, amirite?
|
|
#
?
Dec 7, 2021 23:02
|
|
|
I'm impressed with the amount of services that have imploded as a result.
|
|
#
?
Dec 7, 2021 23:02
|
|
|
BaseballPCHiker posted:I joined this forum over 15 years ago (so old). Like I was a stupid kid doing desktop support. A lot of us are well into our careers at this point and it shows. Everyone has to start somewhere, important to keep in mind. I find threads like these now are immensely helpful, but the rest of the forums maybe not so conducive to hard work or career planning lol. I was a literal child in high school when I joined and spent a LOT of time on here and various IRC channels. At least for me, I didn't start really taking my career seriously until I was nearly 30. And outside of some setbacks of being let go out of the blue from two of my last 3 jobs it's been a lot of fun and has made me wish I would have just put this work in when I was younger. But, I had no plans, aspirations, interests, hobbies, or anything out of high school and for like 5-7 years. Just coasting and failing school many times, think I'm on school number 5 or 6 and it's finally clicked. But I do also think that the struggles we go through with ourselves as we grow up are what lead us to where we are at when we're happy. Sure, I might not enjoy my job now but I have completed a half dozen professional certs, nearly done with college, and finally have some motivation to better my life even outside of my professions. I thought for so long I just was never going to do school or certs and I'd be fine. For the first time in my life I am seeing the fruits of my labor, and have a career path starting to take shape. But, it's really loving hard to undo all of the past bad habits I had lived with for my life. I think though it'll just help me teach it to my kids though as my parents didn't push me too hard. Either way, I am very appreciative of the advice posted here. A lot of you are fantastic people and I hope I can be that sort of person to others as well.
|
|
#
?
Dec 7, 2021 23:07
|
|
|
cage-free egghead posted:At least for me, I didn't start really taking my career seriously until I was nearly 30. And outside of some setbacks of being let go out of the blue from two of my last 3 jobs it's been a lot of fun and has made me wish I would have just put this work in when I was younger. But, I had no plans, aspirations, interests, hobbies, or anything out of high school and for like 5-7 years. Just coasting and failing school many times, think I'm on school number 5 or 6 and it's finally clicked. But I do also think that the struggles we go through with ourselves as we grow up are what lead us to where we are at when we're happy. Sure, I might not enjoy my job now but I have completed a half dozen professional certs, nearly done with college, and finally have some motivation to better my life even outside of my professions. I thought for so long I just was never going to do school or certs and I'd be fine. For the most part this is the path that I’m currently on. School didn’t click for me till 29/30 and I’ll be finishing with that now in June. As far as the IT stuff goes I feel like I lucked out and got a job with the school I’m at doing helpdesk work. It’s fun sometimes when I get to mess with real stuff but a lot of it is just like password resets and stupid stuff with projectors or printers and that does drag it down. Hell today I’m fried with all the folks asking me for stuff when I’m trying to get other things worked on. It’s one of those things I just chalk up to “paying my dues” to some degree. I really need to buckle down and stop thinking I need to graduate first before getting certs. I’m being extremely lazy about that. Don’t want to stay in a helpdesk role forever.
|
|
#
?
Dec 7, 2021 23:25
|
|
|
Agrikk posted:VoIP in the home question: I'm a 3CX fan so that's what I'm gonna recommend as I believe they still have a permanent free tier of some sort and as I recall you have a full rack of equipment hanging out for side gigs so spinning up a Debian instance would be a piece of cake (3CX in fact has an ISO that fires the 3CX install after installing Debian, though they're still using Debian 10). You'd need a SIP trunk which isn't necessarily gonna be free but to be quite frank I don't think it's a worthwhile use of time to try and get free SIP trunking from somewhere - most providers charge a dollar a month for a DID and the usage cost is fractions of pennies unless you're calling international. I use Flowroute for mine and last I checked the autoreimbursement for $30 (after balance drops below $20) was hitting maybe once a year. edit: yeah Standard remains free perpetually - https://www.3cx.com/phone-system/ edit2: and I still like having a physical desk phone so I use a Yealink T46 with Plantronics DECT headset, but 3CX actually has come to the point where the DESK phones are the second class citizens and the most functionality is in the Windows desktop application or the web client, so a decent USB headset should do fine for your needs if you don't want to set up a voice VLAN (and firewall off the phone from China). SyNack Sassimov fucked around with this message at 23:39 on Dec 7, 2021 |
|
#
?
Dec 7, 2021 23:29
|
|
|
Agrikk posted:VoIP in the home question: WiFi calling? Should be a setting on your phone already. quote:
From Verizon
|
|
#
?
Dec 8, 2021 00:13
|
|
|
I'll pile onto the tugfest (sorry for the vulgarity been watching a lot of Succession) and this thread is one of the best career resources I've encountered on the internet. I feel welcome to come in here with any manner of dumb question or sensitive important topic and know that I'll come out of it with a thoughtful discussion. Thanks for being you, everybody.
|
|
#
?
Dec 8, 2021 00:41
|
|
|
https://twitter.com/kiwapebretech/status/1468372987107692545?s=20
|
|
#
?
Dec 8, 2021 01:18
|
|
|
skipdogg posted:Yeah, I was gifted this account from a co-worker back when I was making 13 bucks an hour doing DSL tech support. Shoutout to my former 2Wire peeps if there are any left around here. I wasn't 2Wire, but I started off similar. DSL tech support for Verizon after dropping out of college. Now I'm in InfoSec, still lacking a college degree. I turn 36 next year.
|
|
#
?
Dec 8, 2021 03:17
|
|
|
You all make this such a great thread. Thank you to everyone who calls it home. I really don't know what I would do without it.
|
|
#
?
Dec 8, 2021 03:32
|
|
|
Internet Explorer posted:You all make this such a great thread. Thank you to everyone who calls it home. I really don't know what I would do without it. Your ugly and have a small penis. E: That was supposed to be a dm. jaegerx fucked around with this message at 03:37 on Dec 8, 2021 |
|
#
?
Dec 8, 2021 03:34
|
|
|
Wizard of the Deep posted:It probably won't hurt, but I'd be more concerned about intentional back-doors the vendors may have created. They may be well-intentioned, but that doesn't mean they're secure or a good idea. For Azure, I'd go over Conditional Access Policies and their associated exceptions, as well as network access policies applied to VMs, vNets, and services. Not sure what the associated concepts are on AWS. That's a good idea, I'll check on those as well. One vendor at least has an account to access the relevant sections, which nobody is happy about but we can't just migrate to something else at the drop of a hat.
|
|
#
?
Dec 8, 2021 03:43
|
|
|
Thanks for all of the responses about VoIP, folks. I think thirty year old me would have loved a new project to set up a telephony system, but fifty year old me said "Oh! WiFi calling! Right!" Also, anyone want to purchase a us-east-1? Qty one (1). Non-functioning. For parts only. It's been a hell of a day, yes. Thanks for asking. Inner Light posted:This AWS business is lasting real long, basically the entire workday. How many of their 'nines' are going to be affected by this and I wonder about the contractual liability? I'm pretty sure AWS doesn't offer contracts with stipulations about liability for uptime. There's that whole "design for failure" thing that AWS espouses so freely.
|
|
#
?
Dec 8, 2021 03:53
|
|
|
Internet Explorer posted:You all make this such a great thread. Thank you to everyone who calls it home. I really don't know what I would do without it. Same. I'm cranky sometimes but appreciate you all a lot.
|
|
#
?
Dec 8, 2021 04:10
|
|
|
I attribute my career to this thread, straight up. Thanks, goons. Going on 9 years now, for better or worse I enjoy working for an MSP much more than others here apparently have.
|
|
#
?
Dec 8, 2021 04:25
|
|
|
As long as your happy that’s what’s important. What’s right for one person doesn’t have to be right for you.
|
|
#
?
Dec 8, 2021 04:26
|
|
|
Coolnezzz posted:I attribute my career to this thread, straight up. There are good MSPs and bad MSPs. In my experience, the difference is made in the quality of product they're trying to offer, from blue chip to just good enough that the suckers feel like they're getting something for their money, and the quality of the people you directly report to. All of the bosses are scum. Also chiming in as a person who started out a long time ago doing outsourced tech support for Belkin and BFG at a lovely call center and is now eyeing a director role with no college: this thread is fantastic. Not only full of helpful people and community, but gives the range of the IT worker experience, which can be hard to have any real context for in the grand scheme of things.
|
|
#
?
Dec 8, 2021 04:31
|
|
|
I can be ignored for the rest of the thread forever if you only take 1 thing from me. Imaginary tlds with your own made up CA is a loving bad idea and you should never ever do it. I loving beg you. Just pay the $10 and buy a real domain and cert. please.
|
|
#
?
Dec 8, 2021 04:39
|
|
|
jaegerx posted:I can be ignored for the rest of the thread forever if you only take 1 thing from me. Imaginary tlds with your own made up CA is a loving bad idea and you should never ever do it. I loving beg you. Just pay the $10 and buy a real domain and cert. please. .local and .internal 4eva!
|
|
#
?
Dec 8, 2021 04:42
|
|
|
skipdogg posted:.local and .internal 4eva! I’ll scoop out your eyeballs with a melon baller
|
|
#
?
Dec 8, 2021 04:50
|
|
|
jaegerx posted:I can be ignored for the rest of the thread forever if you only take 1 thing from me. Imaginary tlds with your own made up CA is a loving bad idea and you should never ever do it. I loving beg you. Just pay the $10 and buy a real domain and cert. please. and never loving ever do split horizon DNS
|
|
#
?
Dec 8, 2021 04:53
|
|
|
jaegerx posted:I can be ignored for the rest of the thread forever if you only take 1 thing from me. Imaginary tlds with your own made up CA is a loving bad idea and you should never ever do it. I loving beg you. Just pay the $10 and buy a real domain and cert. please. Who the gently caress even understands this? Certainly not the folks I work with. What even is domain ownership? What the gently caress is split-brain DNS? I think that's the marketing dept's responsibility! *public website goes down*
|
|
#
?
Dec 8, 2021 04:54
|
|
|
luminalflux posted:and never loving ever do split horizon DNS Fuckin jinx.
|
|
#
?
Dec 8, 2021 04:55
|
|
|
jaegerx posted:I can be ignored for the rest of the thread forever if you only take 1 thing from me. Imaginary tlds with your own made up CA is a loving bad idea and you should never ever do it. I loving beg you. Just pay the $10 and buy a real domain and cert. please. Yea. We do this and I hate it to my core. I have spent way too many hours dealing with containers and code not trusting our CA and all the annoying ways to fix it.
|
|
#
?
Dec 8, 2021 04:59
|
|
|
. local and .internal were "best practices" for so long. We are all going to be dealing with that poo poo until the day we die.
|
|
#
?
Dec 8, 2021 05:04
|
|
|
Internet Explorer posted:. local and .internal were "best practices" for so long. We are all going to be dealing with that poo poo until the day we die. Recent find in the field was a "corp.domain.local" in use. Some folks follow things to the letter I guess.
|
|
#
?
Dec 8, 2021 05:18
|
|
|
Internet Explorer posted:. local and .internal were "best practices" for so long. We are all going to be dealing with that poo poo until the day we die. What's best practice now?
|
|
#
?
Dec 8, 2021 05:22
|
|
|
Flip side is the utter atomization of domain names into something like foo.bar.smell.region.provider.dev.internal.dev-company-name.io And having to deal with ssl certs to cover all the nonsense. And then people getting really upset if the dev domain isn’t on the prod servers for stupid reasons.
|
|
#
?
Dec 8, 2021 05:31
|
|
|
scott zoloft posted:What's best practice now? Keeping all your DNS records in one authoritative location?
|
|
#
?
Dec 8, 2021 05:34
|
|
|
jaegerx posted:I can be ignored for the rest of the thread forever if you only take 1 thing from me. Imaginary tlds with your own made up CA is a loving bad idea and you should never ever do it. I loving beg you. Just pay the $10 and buy a real domain and cert. please. My balls are still on fire and I don't have a plan for putting them out
|
|
#
?
Dec 8, 2021 05:37
|
|
|
We had a .local for ages but about 15 years ago we moved our domain to a .com when we purchased two other companies. Now I’m telling our AWS team to use AWS certs and gently caress off with bugging me about GoDaddy certs.
|
|
#
?
Dec 8, 2021 05:43
|
|
|
CloFan posted:My balls are still on fire and I don't have a plan for putting them out You need a therapist
|
|
#
?
Dec 8, 2021 05:44
|
|
|
I’m guilty of deploying .local in my msp days, but that was in the time it was still best practice My last job did the thing where their ad domain and primary website were the same, which was occasionally infuriating Current job does the addomain.company.com
|
|
#
?
Dec 8, 2021 06:30
|
|
|
|
| # ? May 28, 2024 18:37 |
|
|
Santa is making a list and checking it twice and three times in this thread, none of you are getting Christmas bonuses.
|
|
#
?
Dec 8, 2021 06:36
|
|