Burned by Eschewing Best Practices
-
"proxying internet traffic when people are connected to VPN"
I don't do this. Should I? I recall looking into it a few years ago and deciding it wasn't necessary, but I can't remember now.
-
To run a proxy depends on if you need it or not.
I don't ever really have a need for it, and therefore don't.
-
@Carnival-Boy said in Burned by Eschewing Best Practices:
"proxying internet traffic when people are connected to VPN"
This makes no sense to me. Either you run a proxy or you do not, weather or not they are connected via a VPN shouldn't make a difference. The only thing I can think of is doing something weird like a caching proxy for the VPN.
-
I guess that if your LAN has web filtering it is protected from malicious websites (in theory), so any devices connected to it (via VPN) should go through that filtered connection rather than through the unfiltered connection of the remote users (which might be McDonald's Wifi). So when you're not connected to the VPN you're free to browse Russian porn, but when you're connected to the VPN (and hence exposing the LAN) you're blocked from Russian porn. Does that make sense?
We run web filtering via our Trend anti-virus software installed on every client, so this doesn't apply to us. I think we probably should start running a proxy, if for no other reason than to provide an audit trail when bad things happen.
-
@Carnival-Boy I think we're saying the same thing in different ways.
If they are connected to the local network via a VPN and you run a proxy for the network, then they have to use the proxy, just like everyone else.
Weather they are connected to the local network or via VPN makes no difference to the proxy server. Which is why I said that the original statement makes no sense to me.
When they're connected to some random open wifi and not the VPN, then yeah, no proxy, but they're also not on the network.
I'd argue that using a proxy for web filtering isn't needed. Either your users are trustworthy or their not, either way they are management's problem. If management has asked you to add that ability then do it, otherwise it's in the "not my problem field". Now if you have bad internet connection options and want to speed loading popular pages up, then a proxy can make all kinds of sense.
I'd not want to let people into the local network anymore anyway. Yes, you should have a VPN for when they want to use public wifi spots (the lack of security on most of them is horrendous.) Everyone here has convinced me that moving to a LANless design is a better way to do things moving forward.
-
@travisdh1 said in Burned by Eschewing Best Practices:
I'd argue that using a proxy for web filtering isn't needed. Either your users are trustworthy or their not, either way they are management's problem. If management has asked you to add that ability then do it, otherwise it's in the "not my problem field".
I agree. I'd make management aware of the risks (by writing them an e-mail, not by installing actual malware on a VM!) and give my recommendations and if they decided not to take my advise then fine. Then if the **** hits the fan, it's their problem.
-
I find it hard to believe that web-filtering is going to reduce the risk of malware that much anyway, if at all. Unless your filtering is so strict that users struggle to even use the internet. I think it just creates a false sense of security. And when the **** hits the fan management are going to turn around and say "but you told us your proxy would stop this!" and suddenly it's your problem big time.
-
Sadly, we are in emergency/security fatigue mode now. Every day when you turn on the news there's some huge crisis somewhere. Crypto virus, Brexit, Greece collapsing, etc. Most just stick their heads in the sand.
Showing what these viruii do might be the only way to really show management how screwed their network is if they don't pay attention to these threats and find mitigations for them.
-
So I don't think this one is here either, but this guy has a failing RAID 5 which he knows is bad, but he wants to power off the server when he has blind swap capabilities to replace the drive.
Um... why buddy... why....
-
@DustinB3403 said in Burned by Eschewing Best Practices:
So I don't think this one is here either, but this guy has a failing RAID 5 which he knows is bad, but he wants to power off the server when he has blind swap capabilities to replace the drive.
Um... why buddy... why....
uh doesn't know any better.
-
We have a how to do a swap somewhere here on ML. Anyone know the link?
-
-
This jackoff wants to replace every drive in an already FAILED RAID5 array, which would be similar to replacing the heart of a transplant patient over and over again as many times as there are drives in the server.
What the hell is wrong with these people....
-
@DustinB3403 said in Burned by Eschewing Best Practices:
This jackoff wants to replace every drive in an already FAILED RAID5 array, which would be similar to replacing the heart of a transplant patient over and over again as many times as there are drives in the server.
What the hell is wrong with these people....
No EXP, must level up IT knowledge.
-
@DustinB3403 said in Burned by Eschewing Best Practices:
This jackoff wants to replace every drive in an already FAILED RAID5 array, which would be similar to replacing the heart of a transplant patient over and over again as many times as there are drives in the server.
What the hell is wrong with these people....
At so many businesses, the one arsehole who had the gumption to change a toner cartridge gets to be the de facto server admin. It's the equivalent of saying "I put some washer fluid in my car, now I'm a certified expert auto mechanic!!!"
-
@RojoLoco said in Burned by Eschewing Best Practices:
@DustinB3403 said in Burned by Eschewing Best Practices:
This jackoff wants to replace every drive in an already FAILED RAID5 array, which would be similar to replacing the heart of a transplant patient over and over again as many times as there are drives in the server.
What the hell is wrong with these people....
At so many businesses, the one arsehole who had the gumption to change a toner cartridge gets to be the de facto server admin. It's the equivalent of saying "I put some washer fluid in my car, now I'm a certified expert auto mechanic!!!"
Wait... so you're saying I'm not an automechanic? It was so hard to find that little washer reservoir.
-
At the same time they do say 2000 hours of experience makes you an expert.... lol.....
So many failed systems in this guys future....
-
@DustinB3403 said in Burned by Eschewing Best Practices:
At the same time they do say 2000 hours of experience makes you an expert.... lol.....
So many failed systems in this guys future....
I thought it was 10k hours....
-
You're right it is 10,000.
I must need more practice, Another heart transplant patient please....
-
@DustinB3403 said in Burned by Eschewing Best Practices:
You're right it is 10,000.
I must need more practice, Another heart transplant patient please....
Yep, just grind it 'till ya find it. Repeat as needed.