What Are You Doing Right Now
-
@Dashrender said in What Are You Doing Right Now:
If you are afraid of an audit, then you probably shouldn't work there.
I actually (despite my griping) liked having a SAM license engagement one time. It gave weight to my "f0 r3@lz, properly licensing software matters."
-
@DustinB3403 said in What Are You Doing Right Now:
@scottalanmiller said in What Are You Doing Right Now:
Isn't poor docs doing something wrong
Not if you've just started with the business. I'm on a month at my new job, and would hate having to go through an audit right now as I'm working to get things cleaned up, organized and documented.
But in that case, you'd not care that you were audited, either.
-
@DustinB3403 said in What Are You Doing Right Now:
No you don't, you'll schedule it at will, not be blind sided by an audit. This is completely different than what is described.
Did he get blindsided? I didn't notice that part.
-
@scottalanmiller said in What Are You Doing Right Now:
@DustinB3403 said in What Are You Doing Right Now:
@scottalanmiller said in What Are You Doing Right Now:
Isn't poor docs doing something wrong
Not if you've just started with the business. I'm on a month at my new job, and would hate having to go through an audit right now as I'm working to get things cleaned up, organized and documented.
But in that case, you'd not care that you were audited, either.
While true, I still wouldn't want to have to go through an audit.
-
@DustinB3403 said in What Are You Doing Right Now:
@scottalanmiller said in What Are You Doing Right Now:
Isn't poor docs doing something wrong
Not if you've just started with the business. I'm on a month at my new job, and would hate having to go through an audit right now as I'm working to get things cleaned up, organized and documented.
@scottalanmiller said in What Are You Doing Right Now:
Sure we do. Good departments should want audited.
President of Brasil literally demanded he be audited yesterday!
No you don't, you'll schedule it at will, not be blind sided by an audit. This is completely different than what is described.
in your case I would want an audit on day one. Someone else to show the bosses the state of the system before you took over. then audited again later to show how things have improved.
-
Just booked my Air BnB in Toronto... and check out the decor:
-
@EddieJennings said in What Are You Doing Right Now:
@Dashrender said in What Are You Doing Right Now:
If you are afraid of an audit, then you probably shouldn't work there.
I actually (despite my griping) liked having a SAM license engagement one time. It gave weight to my "f0 r3@lz, properly licensing software matters."
Yep, some times the only way to get management to "do the right thing" is when they have external pressure basically making them.
-
@DustinB3403 said in What Are You Doing Right Now:
@scottalanmiller said in What Are You Doing Right Now:
@DustinB3403 said in What Are You Doing Right Now:
@scottalanmiller said in What Are You Doing Right Now:
Isn't poor docs doing something wrong
Not if you've just started with the business. I'm on a month at my new job, and would hate having to go through an audit right now as I'm working to get things cleaned up, organized and documented.
But in that case, you'd not care that you were audited, either.
While true, I still wouldn't want to have to go through an audit.
Not wanting vs afraid are two different things. You shouldn't be fearful of an audit.
-
@Dashrender said in What Are You Doing Right Now:
@DustinB3403 said in What Are You Doing Right Now:
@scottalanmiller said in What Are You Doing Right Now:
Isn't poor docs doing something wrong
Not if you've just started with the business. I'm on a month at my new job, and would hate having to go through an audit right now as I'm working to get things cleaned up, organized and documented.
@scottalanmiller said in What Are You Doing Right Now:
Sure we do. Good departments should want audited.
President of Brasil literally demanded he be audited yesterday!
No you don't, you'll schedule it at will, not be blind sided by an audit. This is completely different than what is described.
in your case I would want an audit on day one. Someone else to show the bosses the state of the system before you took over. then audited again later to show how things have improved.
While having value in that (I agree) how would you get the business to pay for an audit as soon as you've started?
-
@DustinB3403 said in What Are You Doing Right Now:
@Dashrender said in What Are You Doing Right Now:
@DustinB3403 said in What Are You Doing Right Now:
@scottalanmiller said in What Are You Doing Right Now:
Isn't poor docs doing something wrong
Not if you've just started with the business. I'm on a month at my new job, and would hate having to go through an audit right now as I'm working to get things cleaned up, organized and documented.
@scottalanmiller said in What Are You Doing Right Now:
Sure we do. Good departments should want audited.
President of Brasil literally demanded he be audited yesterday!
No you don't, you'll schedule it at will, not be blind sided by an audit. This is completely different than what is described.
in your case I would want an audit on day one. Someone else to show the bosses the state of the system before you took over. then audited again later to show how things have improved.
While having value in that (I agree) how would you get the business to pay for an audit as soon as you've started?
By telling the company about the value it brings to both you and them.
They learn the current condition of the setup. It gives you and the company the easy ability to set goals for improvement. Tell them that a person can rarely audit themselves unbiasly. having it be external means the auditors have no skin in the game other than to show you how good or bad the environment is.
Then a future audit will show how good of a job you are doing, and might point out some suggestions on how somethings can be done better, etc.
-
@DustinB3403 said in What Are You Doing Right Now:
@Dashrender said in What Are You Doing Right Now:
@DustinB3403 said in What Are You Doing Right Now:
@scottalanmiller said in What Are You Doing Right Now:
Isn't poor docs doing something wrong
Not if you've just started with the business. I'm on a month at my new job, and would hate having to go through an audit right now as I'm working to get things cleaned up, organized and documented.
@scottalanmiller said in What Are You Doing Right Now:
Sure we do. Good departments should want audited.
President of Brasil literally demanded he be audited yesterday!
No you don't, you'll schedule it at will, not be blind sided by an audit. This is completely different than what is described.
in your case I would want an audit on day one. Someone else to show the bosses the state of the system before you took over. then audited again later to show how things have improved.
While having value in that (I agree) how would you get the business to pay for an audit as soon as you've started?
I've talked to a place just yesterday that is looking for a CIO and plans an audit the moment that the CIO starts. They are waiting on the CIO to start so that they can have the audit with him (or her) there to review it.
-
I think the OP of https://community.spiceworks.com/topic/1997727-outside-auditor-is-requesting-firewall-configuration-files-is-this-safe
Would be right to bring his concerns to management. However, I also do not see an issue with sending the file as-is -- if management approves and understands that if passwords are in that file, they can ultimately be recovered by various means. I'd get that in writing from everybody as high up in the chain it needs to go before sending that file out.
Of course, my recommendation would be to redact the passwords, and in the config file, they would clearly be labelled *REDACTED* . If I can redact the passwords, I'd see no problems with sending out the config files to a third party.
Either way, the auditors would get what they need.
-
@Dashrender said in What Are You Doing Right Now:
in your case I would want an audit on day one. Someone else to show the bosses the state of the system before you took over. then audited again later to show how things have improved.
I agree, that's great to do.
-
@dafyre said in What Are You Doing Right Now:
Would be right to bring his concerns to management. However, I also do not see an issue with sending the file as-is -- if management approves and understands that if passwords are in that file, they can ultimately be recovered by various means. I'd get that in writing from everybody as high up in the chain it needs to go before sending that file out.
You think his network config file has passwords in it? If so, hiding that woudl be a BIG deal. How do passwords even get ni there?
-
@scottalanmiller said in What Are You Doing Right Now:
@dafyre said in What Are You Doing Right Now:
Would be right to bring his concerns to management. However, I also do not see an issue with sending the file as-is -- if management approves and understands that if passwords are in that file, they can ultimately be recovered by various means. I'd get that in writing from everybody as high up in the chain it needs to go before sending that file out.
You think his network config file has passwords in it? If so, hiding that woudl be a BIG deal. How do passwords even get ni there?
It's been a while since I've looked, but the last Cisco router I worked on had them encrypted. My HP Networking gear (much more recently) had them encrypted. My Fortigate 110C and 500D also had passwords encrypted in the config file. So yes, I consider that a strong possibility.
-
@dafyre said in What Are You Doing Right Now:
@scottalanmiller said in What Are You Doing Right Now:
@dafyre said in What Are You Doing Right Now:
Would be right to bring his concerns to management. However, I also do not see an issue with sending the file as-is -- if management approves and understands that if passwords are in that file, they can ultimately be recovered by various means. I'd get that in writing from everybody as high up in the chain it needs to go before sending that file out.
You think his network config file has passwords in it? If so, hiding that woudl be a BIG deal. How do passwords even get ni there?
It's been a while since I've looked, but the last Cisco router I worked on had them encrypted. My HP Networking gear (much more recently) had them encrypted. So yes, the last time I worked on devices and checked, my config files did have the password in the configuration files, encrypted, fortunately.
Wow, so glad I'm on Ubiquiti
When I output the config, definitely nothing to redact. -
@scottalanmiller said in What Are You Doing Right Now:
@dafyre said in What Are You Doing Right Now:
@scottalanmiller said in What Are You Doing Right Now:
@dafyre said in What Are You Doing Right Now:
Would be right to bring his concerns to management. However, I also do not see an issue with sending the file as-is -- if management approves and understands that if passwords are in that file, they can ultimately be recovered by various means. I'd get that in writing from everybody as high up in the chain it needs to go before sending that file out.
You think his network config file has passwords in it? If so, hiding that woudl be a BIG deal. How do passwords even get ni there?
It's been a while since I've looked, but the last Cisco router I worked on had them encrypted. My HP Networking gear (much more recently) had them encrypted. So yes, the last time I worked on devices and checked, my config files did have the password in the configuration files, encrypted, fortunately.
Wow, so glad I'm on Ubiquiti
When I output the config, definitely nothing to redact.All the more reason to switch, ha ha.
-
@dafyre said in What Are You Doing Right Now:
@scottalanmiller said in What Are You Doing Right Now:
@dafyre said in What Are You Doing Right Now:
@scottalanmiller said in What Are You Doing Right Now:
@dafyre said in What Are You Doing Right Now:
Would be right to bring his concerns to management. However, I also do not see an issue with sending the file as-is -- if management approves and understands that if passwords are in that file, they can ultimately be recovered by various means. I'd get that in writing from everybody as high up in the chain it needs to go before sending that file out.
You think his network config file has passwords in it? If so, hiding that woudl be a BIG deal. How do passwords even get ni there?
It's been a while since I've looked, but the last Cisco router I worked on had them encrypted. My HP Networking gear (much more recently) had them encrypted. So yes, the last time I worked on devices and checked, my config files did have the password in the configuration files, encrypted, fortunately.
Wow, so glad I'm on Ubiquiti
When I output the config, definitely nothing to redact.All the more reason to switch, ha ha.
To "switch". I see what you did there.
-
I'm raging at Bodum. How do you take a perfectly good 1 liter beaker with a plunger and screw it up? Add useless plastic! WTF!?! GARBAGE!
-
@MattSpeller Just use a Chemex
