What Are You Doing Right Now
-
@DustinB3403 said in What Are You Doing Right Now:
@Dashrender said in What Are You Doing Right Now:
@DustinB3403 said in What Are You Doing Right Now:
@scottalanmiller said in What Are You Doing Right Now:
Isn't poor docs doing something wrong
Not if you've just started with the business. I'm on a month at my new job, and would hate having to go through an audit right now as I'm working to get things cleaned up, organized and documented.
@scottalanmiller said in What Are You Doing Right Now:
Sure we do. Good departments should want audited.
President of Brasil literally demanded he be audited yesterday!
No you don't, you'll schedule it at will, not be blind sided by an audit. This is completely different than what is described.
in your case I would want an audit on day one. Someone else to show the bosses the state of the system before you took over. then audited again later to show how things have improved.
While having value in that (I agree) how would you get the business to pay for an audit as soon as you've started?
I've talked to a place just yesterday that is looking for a CIO and plans an audit the moment that the CIO starts. They are waiting on the CIO to start so that they can have the audit with him (or her) there to review it.
-
I think the OP of https://community.spiceworks.com/topic/1997727-outside-auditor-is-requesting-firewall-configuration-files-is-this-safe
Would be right to bring his concerns to management. However, I also do not see an issue with sending the file as-is -- if management approves and understands that if passwords are in that file, they can ultimately be recovered by various means. I'd get that in writing from everybody as high up in the chain it needs to go before sending that file out.
Of course, my recommendation would be to redact the passwords, and in the config file, they would clearly be labelled *REDACTED* . If I can redact the passwords, I'd see no problems with sending out the config files to a third party.
Either way, the auditors would get what they need.
-
@Dashrender said in What Are You Doing Right Now:
in your case I would want an audit on day one. Someone else to show the bosses the state of the system before you took over. then audited again later to show how things have improved.
I agree, that's great to do.
-
@dafyre said in What Are You Doing Right Now:
Would be right to bring his concerns to management. However, I also do not see an issue with sending the file as-is -- if management approves and understands that if passwords are in that file, they can ultimately be recovered by various means. I'd get that in writing from everybody as high up in the chain it needs to go before sending that file out.
You think his network config file has passwords in it? If so, hiding that woudl be a BIG deal. How do passwords even get ni there?
-
@scottalanmiller said in What Are You Doing Right Now:
@dafyre said in What Are You Doing Right Now:
Would be right to bring his concerns to management. However, I also do not see an issue with sending the file as-is -- if management approves and understands that if passwords are in that file, they can ultimately be recovered by various means. I'd get that in writing from everybody as high up in the chain it needs to go before sending that file out.
You think his network config file has passwords in it? If so, hiding that woudl be a BIG deal. How do passwords even get ni there?
It's been a while since I've looked, but the last Cisco router I worked on had them encrypted. My HP Networking gear (much more recently) had them encrypted. My Fortigate 110C and 500D also had passwords encrypted in the config file. So yes, I consider that a strong possibility.
-
@dafyre said in What Are You Doing Right Now:
@scottalanmiller said in What Are You Doing Right Now:
@dafyre said in What Are You Doing Right Now:
Would be right to bring his concerns to management. However, I also do not see an issue with sending the file as-is -- if management approves and understands that if passwords are in that file, they can ultimately be recovered by various means. I'd get that in writing from everybody as high up in the chain it needs to go before sending that file out.
You think his network config file has passwords in it? If so, hiding that woudl be a BIG deal. How do passwords even get ni there?
It's been a while since I've looked, but the last Cisco router I worked on had them encrypted. My HP Networking gear (much more recently) had them encrypted. So yes, the last time I worked on devices and checked, my config files did have the password in the configuration files, encrypted, fortunately.
Wow, so glad I'm on Ubiquiti When I output the config, definitely nothing to redact.
-
@scottalanmiller said in What Are You Doing Right Now:
@dafyre said in What Are You Doing Right Now:
@scottalanmiller said in What Are You Doing Right Now:
@dafyre said in What Are You Doing Right Now:
Would be right to bring his concerns to management. However, I also do not see an issue with sending the file as-is -- if management approves and understands that if passwords are in that file, they can ultimately be recovered by various means. I'd get that in writing from everybody as high up in the chain it needs to go before sending that file out.
You think his network config file has passwords in it? If so, hiding that woudl be a BIG deal. How do passwords even get ni there?
It's been a while since I've looked, but the last Cisco router I worked on had them encrypted. My HP Networking gear (much more recently) had them encrypted. So yes, the last time I worked on devices and checked, my config files did have the password in the configuration files, encrypted, fortunately.
Wow, so glad I'm on Ubiquiti When I output the config, definitely nothing to redact.
All the more reason to switch, ha ha.
-
@dafyre said in What Are You Doing Right Now:
@scottalanmiller said in What Are You Doing Right Now:
@dafyre said in What Are You Doing Right Now:
@scottalanmiller said in What Are You Doing Right Now:
@dafyre said in What Are You Doing Right Now:
Would be right to bring his concerns to management. However, I also do not see an issue with sending the file as-is -- if management approves and understands that if passwords are in that file, they can ultimately be recovered by various means. I'd get that in writing from everybody as high up in the chain it needs to go before sending that file out.
You think his network config file has passwords in it? If so, hiding that woudl be a BIG deal. How do passwords even get ni there?
It's been a while since I've looked, but the last Cisco router I worked on had them encrypted. My HP Networking gear (much more recently) had them encrypted. So yes, the last time I worked on devices and checked, my config files did have the password in the configuration files, encrypted, fortunately.
Wow, so glad I'm on Ubiquiti When I output the config, definitely nothing to redact.
All the more reason to switch, ha ha.
To "switch". I see what you did there.
-
I'm raging at Bodum. How do you take a perfectly good 1 liter beaker with a plunger and screw it up? Add useless plastic! WTF!?! GARBAGE!
-
@MattSpeller Just use a Chemex
-
*sips coffee from under the table*
-
Restoring Domain Controller from backup (testing) take 2.
-
@MattSpeller said in What Are You Doing Right Now:
I'm raging at Bodum. How do you take a perfectly good 1 liter beaker with a plunger and screw it up? Add useless plastic! WTF!?! GARBAGE!
You don't like the taste of plastic?
-
@fuznutz04 said in What Are You Doing Right Now:
@MattSpeller said in What Are You Doing Right Now:
I'm raging at Bodum. How do you take a perfectly good 1 liter beaker with a plunger and screw it up? Add useless plastic! WTF!?! GARBAGE!
You don't like the taste of plastic?
Plastic is fine but they made it so that the handle at the top requires a cut out which means you put the plunger in at an angle and then spill grounds down the front of it into the bottom plastic bit which means you have to clean the frigging thing every time you use it. RAWR
-
@MattSpeller wait why do you need to put the plunger in at an angle. . . .
-
@DustinB3403 said in What Are You Doing Right Now:
@MattSpeller wait why do you need to put the plunger in at an angle. . . .
Bad design. I believe he said that.
-
@DustinB3403 said in What Are You Doing Right Now:
@MattSpeller wait why do you need to put the plunger in at an angle. . . .
There's a tab that sticks out where the handle attaches at the top
-
@JaredBusch Yeah no I got that, but I'm not seeing it with how the picture above shows.
Maybe I'm just misunderstanding what he's trying to say.
-
@DustinB3403 said in What Are You Doing Right Now:
@MattSpeller wait why do you need to put the plunger in at an angle. . . .
Because that's how she likes it!!!
-
@MattSpeller said in What Are You Doing Right Now:
@DustinB3403 said in What Are You Doing Right Now:
@MattSpeller wait why do you need to put the plunger in at an angle. . . .
There's a tab that sticks out where the handle attaches at the top
Still not understanding why that causes you to have to clean the unit every time. .