|
Wrath of the Bitch King posted:Reading these last couple pages about crazy network setups where 802.1x and NPS aren't being leveraged makes me really sad. ISE lets you permit PXE and DHCP traffic before the 802.1X handshake so you don't even need to do that.
|
# ? Feb 19, 2016 17:51 |
|
|
# ? Jun 9, 2024 16:45 |
|
I just had to walk senior admin through installing the group policy management module. He's never once looked at the policies, didn't know the module existed, and couldn't figure out how to get it
|
# ? Feb 19, 2016 17:56 |
|
Re: 802.1X it's not a perfect solution. Someone who knows what they're doing and has physical access to an authenticated computer can circumvent it with relative ease. But usually you're not looking to keep Mr Professional Blackhat out, you're mainly looking to keep Salesperson J. Bumblefuck from plugging in a rogue access point.
|
# ? Feb 19, 2016 17:56 |
|
Collateral Damage posted:But usually you're not looking to keep Mr Professional Blackhat out, you're mainly looking to keep Salesperson J. Bumblefuck from plugging in a rogue access point. This is exactly right; it's especially easy to get around if you have IP phones that you use with network passthrough. The goal is to catch the low-hanging fruit. psydude posted:ISE lets you permit PXE and DHCP traffic before the 802.1X handshake so you don't even need to do that. I'll have to do a little research, but that sounds cool. I'm on the Systems side, not Networking, but our Network guys are pretty notorious for being dreadfully behind the times with everything. We've had to drag them into the modern age kicking and screaming (switching from MAC Sticky to 802.1x only happened about two years ago, for perspective). The business has had to buffer their lack of skillset with professional services an embarrassing number of times, I'm not really sure what the deal is.
|
# ? Feb 19, 2016 18:01 |
|
Collateral Damage posted:But usually you're not looking to keep Mr Professional Blackhat out, you're mainly looking to keep Salesperson J. Bumblefuck from plugging in a rogue access point. What do I do if I'm trying to keep out Feculent Q. Pus-Crust of the Society for Cornholing Unsuspecting Children?
|
# ? Feb 19, 2016 18:16 |
|
KillHour posted:What do I do if I'm trying to keep out Feculent Q. Pus-Crust of the Society for Cornholing Unsuspecting Children? uhhhhhhhhhhhhhhhhhhhhhhhhhh
|
# ? Feb 19, 2016 18:24 |
|
God all these stories of incompetent senior level systems admins makes me really want to jump into management and ride the Peter principle as far as it will take me
|
# ? Feb 19, 2016 18:24 |
|
SaltLick posted:God all these stories of incompetent senior level systems admins makes me really want to jump into management and ride the Peter principle as far as it will take me It makes me really mad because they're doing (poorly/wrongly) the poo poo that I want to be doing and yet here I am still with Helpdesk Associate in my title and having just gotten "Answer the door for deliveries" added to my loving job responsibilities.
|
# ? Feb 19, 2016 18:29 |
|
Judge Schnoopy posted:I just had to walk senior admin through installing the group policy management module. He's never once looked at the policies, didn't know the module existed, and couldn't figure out how to get it I refuse to believe this. How did he, ya know, MANAGE GPOs before?
|
# ? Feb 19, 2016 18:33 |
|
GnarlyCharlie4u posted:I refuse to believe this. On the domain controller through remote desktop.
|
# ? Feb 19, 2016 18:34 |
|
SaltLick posted:God all these stories of incompetent senior level systems admins makes me really want to jump into management and ride the Peter principle as far as it will take me Nothing like getting 7 primadonnas in a room, none of who think that patching servers is their responsibility because that's not what a senior does. Ugh, you're 27, shut up and go patch.
|
# ? Feb 19, 2016 18:35 |
|
Sickening posted:On the domain controller through remote desktop. I'm still guilty of this from time to time and I'm very ashamed of it. It's mostly because I'm too lazy to run the tools as my secondary, more elevated domain account.
|
# ? Feb 19, 2016 18:35 |
|
MC Fruit Stripe posted:My director only hires senior sys admins. Regardless of their skillset or experience, everyone he hires gets a senior title.
|
# ? Feb 19, 2016 18:42 |
|
CLAM DOWN posted:uhhhhhhhhhhhhhhhhhhhhhhhhhh I may have been reading popehat while writing that.
|
# ? Feb 19, 2016 18:50 |
|
Wrath of the Bitch King posted:I'm still guilty of this from time to time and I'm very ashamed of it. It would be nice if there was a way to use those tools without needing to be on a domain-joined machine - e.g. if you do work for a bunch of clients. I guess a random VM at each site would do the trick but I feel like I'm missing something.
|
# ? Feb 19, 2016 18:52 |
|
MC Fruit Stripe posted:My director only hires senior sys admins. Regardless of their skillset or experience, everyone he hires gets a senior title. Just assign the task to two of them on a permanent basis and be done with it. Patching can be a pain in the rear end but its loving critical.
|
# ? Feb 19, 2016 18:53 |
|
Sefal posted:I need to Not necessarily. Some companies only adjust salary budgets once per year, so if your company's fiscal year is July-July that could be legit
|
# ? Feb 19, 2016 18:59 |
|
SaltLick posted:God all these stories of incompetent senior level systems admins makes me really want to jump into management and ride the Peter principle as far as it will take me
|
# ? Feb 19, 2016 19:01 |
|
GnarlyCharlie4u posted:I refuse to believe this. He didn't! GPOs fell under the it department managers duties before I helped take it off her plate. The senior admin literally never once looked at them before today and didn't know how. When we were discussing mapped drives policies he asked if I was looking at AD.
|
# ? Feb 19, 2016 19:04 |
|
this thread is giving me lots of pain today.
|
# ? Feb 19, 2016 19:04 |
|
Sickening posted:Just assign the task to two of them on a permanent basis and be done with it. Patching can be a pain in the rear end but its loving critical. People need to get on board with automated patch cycles, even for servers. I get that it's a huge pain in the rear end, but System Center has the tools to get it done between Config Manager and Orchestrator. Push for that patching SOP based on service/category of server (Dev, Test, Prod), just keep in mind that getting there is going to be one hell of a fight. Not to mention all the conditional poo poo you'll have to plug into your Orchestrator runbook. I'm sure there are other platforms that do it just as well, but Orchestrator is my go-to for this sort of thing and most enterprises with an EA agreement get CM and Orch. for free.
|
# ? Feb 19, 2016 19:19 |
|
I involuntarily twitch when someone pronounces SQL as "S-Q-L" rather than "sequel". Anyone else itt?
|
# ? Feb 19, 2016 19:41 |
|
Wrath of the Bitch King posted:People need to get on board with automated patch cycles, even for servers. I get that it's a huge pain in the rear end, but System Center has the tools to get it done between Config Manager and Orchestrator. We are finally switching from WSUS to N-Able for patching since upgrading to N-Able 10 (9 patching was straight hosed on it), and I believe the plan is to automate patching all our DV/QA systems so that a week after patch tuesday, QA can do their QA thing and provided QA goes well we can update all of our PD systems with the click of a couple buttons. Hopefully this goes smoothly and we can somewhat automate our backend patching as well, because our current process is time consuming and awful.
|
# ? Feb 19, 2016 19:46 |
|
MF_James posted:We are finally switching from WSUS to N-Able for patching since upgrading to N-Able 10 (9 patching was straight hosed on it), and I believe the plan is to automate patching all our DV/QA systems so that a week after patch tuesday, QA can do their QA thing and provided QA goes well we can update all of our PD systems with the click of a couple buttons. Hopefully this goes smoothly and we can somewhat automate our backend patching as well, because our current process is time consuming and awful. We don't even use WSUS where I am right now and it loving kills me. Physically walking to every computer in our office and manually kicking off Windows Updates is not an acceptable course of action as far as I'm concerned. CLAM DOWN posted:I involuntarily twitch when someone pronounces SQL as "S-Q-L" rather than "sequel". Anyone else itt? Does it make you want to...squeal? *put on sunglasses*
|
# ? Feb 19, 2016 19:49 |
|
CLAM DOWN posted:I involuntarily twitch when someone pronounces SQL as "S-Q-L" rather than "sequel". Anyone else itt? I'm happy when I can understand what people are talking about, TBH.
|
# ? Feb 19, 2016 19:49 |
|
Go into consulting and never be responsible for patching or routine day to day stuff again.
|
# ? Feb 19, 2016 20:11 |
|
NippleFloss posted:Go into consulting and never be responsible for patching or routine day to day stuff again. And discover just how un-patched and decrepit your customers' environments are!
|
# ? Feb 19, 2016 20:12 |
|
It's stories like these that make me think to myself maybe I'm not as worthless of an sysadmin as I fear. There is always something you don't know about and then you study it and learn more and just learn that you know even less than you thought and so you keep learning and the cycle just repeats itself until you think you are the least knowledgeable guy around. But nope, real worthless mouth breathers are still out there making bank. All I have to do is keep my head down and keep learning.
|
# ? Feb 19, 2016 20:27 |
|
CLAM DOWN posted:I involuntarily twitch when someone pronounces SQL as "S-Q-L" rather than "sequel". Anyone else itt? Do you trigger on the product names as it is supposed to be Microsoft Sequel server and My S-Q-L server?
|
# ? Feb 19, 2016 20:33 |
|
psydude posted:And discover just how un-patched and decrepit your customers' environments are! Yes, but then it's not your problem so who cares! It's nice to be able to throw "hey, maybe patch your poo poo" in a project report and then walk away.
|
# ? Feb 19, 2016 20:55 |
|
No one cares about patching for its own sake, and certainly not the security. They only care about compliance and what kind of fine an audit will impose if poo poo doesn't change very quickly. Our Information Security guys get very salty when we call them the "Audit Checklist Committee."
|
# ? Feb 19, 2016 20:57 |
|
Wrath of the Bitch King posted:No one cares about patching for its own sake, and certainly not the security. They only care about compliance and what kind of fine an audit will impose if poo poo doesn't change very quickly. This is bullshit, patching and keeping software/applications/etc up to date is an incredibly basic component of system security.
|
# ? Feb 19, 2016 21:16 |
|
CLAM DOWN posted:This is bullshit, patching and keeping software/applications/etc up to date is an incredibly basic component of system security. Of course it's bullshit, I'm speaking from the perspective of the LOB. And our Information Security guys, who essentially spend all day playing Solitaire and running Nexpose reports. The latter only started to give a poo poo about server patching when they found out we would start getting fined for it if we don't address it. We've been pushing to get it in for years but it took the money angle (and questions from our CTO asking them why they only started asking about security patching recently) to actually give a drat. Wrath of the Bitch King fucked around with this message at 21:21 on Feb 19, 2016 |
# ? Feb 19, 2016 21:18 |
|
We hired a security guy and instructed him that we need to make sure we're always up to date on patching. He installed a bunch of auditing software and started sending patch reports to the sys admins on a near daily basis with the director copied, pointing out what we need to patch next. I'm like, we hired you as the guy who handles security and patches, and you're delegating it to the sys admins, how'd you swing that? I want your job. His job basically consists of running automated scans, and handling all user creation and modification so as to busy himself. Oh, new DBA needs access to something? Throw it to the security guy, might as well. I want to start trying that approach as a sys admin. "For our new build out, we're going to need 2 fully populated UCS chassis and if we don't need new storage, we're certainly going to tap our existing. (Implication: I hope someone contacts a vendor, buys this, installs it, and configures it.)" - Maybe every week or so send out one of those "Team, where are we at on the new build out?" emails that gets under my skin so effectively. MC Fruit Stripe fucked around with this message at 21:26 on Feb 19, 2016 |
# ? Feb 19, 2016 21:22 |
|
Wrath of the Bitch King posted:No one cares about patching for its own sake, and certainly not the security. They only care about compliance and what kind of fine an audit will impose if poo poo doesn't change very quickly. Exactly. IT security governance exists only because lazy infrastructure personnel brought it upon themselves.
|
# ? Feb 19, 2016 21:26 |
|
MC Fruit Stripe posted:We hired a security guy and instructed him that we need to make sure we're always up to date on patching. He installed a bunch of auditing software and started sending patch reports to the sys admins on a near daily basis with the director copied, pointing out what we need to patch next. I'm like, we hired you as the guy who handles security and patches, and you're delegating it to the sys admins, how'd you swing that? I want your job. Thats a every day security job in a nutshell. They press the generate report button and.......... Wrath of the Bitch King posted:No one cares about patching for its own sake, and certainly not the security. They only care about compliance and what kind of fine an audit will impose if poo poo doesn't change very quickly. Plenty of people care and its definitely for the security. Outside of social engineering, compromised systems are mostly done though outdate/unpatched systems it seems like. I am not saying every system patch is equal, but regularly patching systems is just something you should be doing if systems are your responsibility. Not doing so is just lazy and putting your systems at un-needed risk. Sickening fucked around with this message at 21:31 on Feb 19, 2016 |
# ? Feb 19, 2016 21:27 |
|
Ah, to be a Thumb Drive Cop and complain about FreeBSD not being authorized to run on the network.
|
# ? Feb 19, 2016 21:28 |
|
MC Fruit Stripe posted:We hired a security guy and instructed him that we need to make sure we're always up to date on patching. He installed a bunch of auditing software and started sending patch reports to the sys admins on a near daily basis with the director copied, pointing out what we need to patch next. I'm like, we hired you as the guy who handles security and patches, and you're delegating it to the sys admins, how'd you swing that? I want your job. Security is an "advisement" position, not a "take action" one. Our Security group sends out reports from Nexpose and will act as an approval gateway for giving individual users access to typically banned/blocked websites. That's it. Whenever a security intrusion/infection is detected somewhere in the environment they open a ticket and tell our Deskside team to go handle it. It's an incredibly cushy gig. Also, to restate, we've been wanting to get a patch management solution in place for years, but it took the threat of audit/financial impact to actually make it a reality. As said, the Line of Business/Security groups don't actually give much of a poo poo about being hardened, they care about losing face and performing the absolute bare minimum that is required of them.
|
# ? Feb 19, 2016 21:30 |
|
MrMoo posted:Do you trigger on the product names as it is supposed to be Microsoft Sequel server and My S-Q-L server? Postgres-Q-L
|
# ? Feb 19, 2016 21:31 |
|
|
# ? Jun 9, 2024 16:45 |
|
Hey guys, I need to absorb some of your knowledge. I work for a consulting company that sells quite a big spectrum of IT solutions. Due to this wide range of possibilties it's really hard to keep the sales team up to speed on what they can and cannot sell. How do you guys transfer knowledge to your sales team regarding estimating prices, cross-selling, up-selling and about what you can and can not do? I think our sales team has Salesforce, is there a good add-on or something like that? I'm not really responsible for this area (and that's why I don't know much about it) but I think that's a great problem in my company and I want to help fix it.
|
# ? Feb 19, 2016 22:32 |