|
RFC2324 posted:it was actually unplanned, and I forgot to open a ticket specifically for it. Server was unresponsive, so I rebooted and they wanted to know why I was in the console(checking for the black screen)
|
# ? Feb 28, 2021 23:54 |
|
|
# ? Mar 29, 2024 13:54 |
|
Arquinsiel posted:Ah, I didn't connect "unplanned event" with what I'd think of as "undocumented incident". Checking that it was actually you who did that as well as you having not gone rogue is security's job there. I am not complaining in the slightest, and it was documented in the log we maintain for stuff done relevant to monitoring. I just failed to create a ticket, and so they reached out to make sure it was legit. Point being that documentation was enforced
|
# ? Mar 1, 2021 00:29 |
|
90% of my SOC checks were: "Is that you?" "Yup." "Okay so." *close incident* It's the other 10% where things got interesting.
|
# ? Mar 1, 2021 00:49 |
|
Arquinsiel posted:90% of my SOC checks were: its my first time working under FedRAMP controls. Most things feel the same but every now and then security pops up and clears their throat at me.
|
# ? Mar 1, 2021 01:06 |
|
You should get your next shell with something from Metasploit and tell them you're just testing their response time and they passed. That'll win you lots of friends!
|
# ? Mar 1, 2021 01:22 |
|
Arquinsiel posted:You should get your next shell with something from Metasploit and tell them you're just testing their response time and they passed. That'll win you lots of friends! noooo, I kinda am thinking security might be my way out of being directly customer facing based on the number of my coworkers who openly admit to text files full of passwords, so I am not going to annoy them more than I have to
|
# ? Mar 1, 2021 01:49 |
|
Find out what you can do that triggers a SIEM alert for them and start dropping them an email to their security@your.job address before you do it. They will treasure you. If you have a ticket you can throw in there too their minds will be blown.
|
# ? Mar 1, 2021 02:46 |
|
"I'm about to invoke X on Y machines via Z" is sometimes a quick phone call to the soc lead on duty saves me the trouble of X getting interrupted on the back half of set Y
|
# ? Mar 1, 2021 10:04 |
|
My boss is a moron and forwards SOC alerts to me all the time SOME PC'S ARE HAVING PASSWORD FAILURES GO INVESTIGATE ASAP Well...those dummies are typing their passwords wrong. We aren't being bruteforced.
|
# ? Mar 1, 2021 14:48 |
|
Bob Morales posted:My boss is a moron and forwards SOC alerts to me all the time Might be worth a cursory look for any patterns just for peace-of-mind (Sequential IP addresses, going down alphabetical usernames like a.aname, a.namf, a.anamg, etc) just to be able to throw it back that there's nothing to actually indicate anything other than user error.
|
# ? Mar 1, 2021 15:25 |
|
I am typically not at my desk and I am not allowed my mobile My boss doesn't work here and the network is subject to monitoring is not remotely accessible. It causes some difficulties with getting a quick response to tickets. My boss suggested taking a radio so they can ring the control room who could summon me, I just laughed at him.
|
# ? Mar 1, 2021 15:25 |
|
Bob Morales posted:My boss is a moron and forwards SOC alerts to me all the time jfc. I thought my siem was underdeveloped. I'm so sorry
|
# ? Mar 1, 2021 15:46 |
|
We just setup a new (managed by the vendor) SIEM and I’m getting blasted with alerts for every little change I make in Azure.
|
# ? Mar 1, 2021 16:42 |
|
Spring Heeled Jack posted:We just setup a new (managed by the vendor) SIEM and I’m getting blasted with alerts for every little change I make in Azure. Azure audit events are important. For some orgs, its the only place where any communication on changes happen at all.
|
# ? Mar 1, 2021 16:50 |
Thread, is there a point where you just said "I'm done learning stuff I suck at" and if so, what did it do to your career? I've bashed my head against the wall to get better at Powershell and ARM templates for almost a year now, in my current role. I can look at a template/script and identify what stuff does, troubleshoot it, etc., and maybe even take its elements and use them for something I'm working on. But I just can't make these complex scripts and templates on my own. I'm not a coder, I'm only really into IT because it's what I do well, and I do far better on troubleshooting/figuring out stuff that I can see or feel. Code and scripting just doesn't come together for me. My worry is that the attitude of "IT is always learning new things and if you don't do that, you might as well go dig ditches for a living" is something that's so broad and indistinct as to lose meaning. Over the years of getting certs, getting vertical movements, and even doing well enough to get overall positive reviews and feedback, I worry that since I just don't CARE about this stuff, I'll never be able to learn it, and if it's code-related, I won't be able to sustain a career for long enough until I can retire. Is it ever OK to just say "I'm really good at Windows Server and sysadmin stuff, I can maybe do a bit of Powershell if it'll take less time to create and the script than the aggregate time of just manually doing the work" out loud? It feels like taboo to admit "I am not really good at this or interested in it, I struggle with it, and even if I ask for help I can't process it" at most points.
|
|
# ? Mar 1, 2021 16:56 |
It’s not taboo to admit that scripting sometimes takes longer than solving the issue by hand - you become a dipshit when you have to do that thing more than once or on tons of machines and rely on your mouse instead of scripting it. I’d argue PowerShell is no more code than any IAC or YAML is, I certainly can’t develop my way out of a paper bag but those things are all just performing actions for me using the three-tiers-of-abstraction-away-from-real-code instructions I can feed various systems to make my life easier. No idea if this will help but when I was sysadminning Windows servers I stopped using the GUI entirely unless a service forced it on me. Helped me understand I was just replacing mouse clicks with commands in PS. Also ARM is for loving assholes imo and Bicep is a sick joke. I don’t know how much longer people will be hiring folks who can’t speak to PS/automation of some kind. But I do know 90% of the people who claim they know PS/automation either know Jack poo poo about it or rarely use it for anything so I wouldn’t worry too much just make sure you keep putting it on a resume.
|
|
# ? Mar 1, 2021 17:07 |
|
Neddy Seagoon posted:Might be worth a cursory look for any patterns just for peace-of-mind (Sequential IP addresses, going down alphabetical usernames like a.aname, a.namf, a.anamg, etc) just to be able to throw it back that there's nothing to actually indicate anything other than user error. You are locking out after, say, five failures, right?
|
# ? Mar 1, 2021 17:41 |
|
i am a moron posted:It’s not taboo to admit that scripting sometimes takes longer than solving the issue by hand - you become a dipshit when you have to do that thing more than once or on tons of machines and rely on your mouse instead of scripting it. I’d argue PowerShell is no more code than any IAC or YAML is, I certainly can’t develop my way out of a paper bag but those things are all just performing actions for me using the three-tiers-of-abstraction-away-from-real-code instructions I can feed various systems to make my life easier. No idea if this will help but when I was sysadminning Windows servers I stopped using the GUI entirely unless a service forced it on me. Helped me understand I was just replacing mouse clicks with commands in PS. Also ARM is for loving assholes imo and Bicep is a sick joke. You misunderstood the question. They are if there is a point you can just say 'gently caress it, I'm good at what I do, stop making me learn anything else' Which is valid. As I get older I have lost that love of learning that constantly drove me when I was in my 20s and 30s, and wish I could just stop being defined by my profession and could take a year to just do something else. Clock in, do my thing, clock out and go paint til bedtime every day or something to enrich me as a person, instead of learning poo poo so I can enrich someone else's bank account
|
# ? Mar 1, 2021 17:58 |
|
If you have a good password policy, you can actually set that lockout number really high without much risk. Compliance rules might require something lower, though.
|
# ? Mar 1, 2021 17:58 |
|
It’s five or six? Annoying as gently caress because you can hit enter 2/3 times before you even realize you are trying to login and failing
|
# ? Mar 1, 2021 18:20 |
RFC2324 posted:You misunderstood the question. I don’t think I did. I’m saying use it when you should and slap that poo poo on a resume and move on. Learn it or don’t, it doesn’t matter just make sure you tell people you did and you care about it
|
|
# ? Mar 1, 2021 18:34 |
|
A complex password can mitigate risk of collision from 10 requests per hour, 100 requests/hour, whatever; the math on collision risk as a function of password entropy is well established.
|
# ? Mar 1, 2021 18:41 |
|
MJP posted:Thread, is there a point where you just said "I'm done learning stuff I suck at" and if so, what did it do to your career? As a general concept, that can be fine. I'm not super good at a few things and teammates do that stuff when it comes up for me while I make up for it by doing the things I'm better at when it comes up for them. As long as you work on a team, that can be fine. However - your specific example is going to be a serious issue going forward with systems administration. Scripting/config management (puppet, chef, ansible, etc) is pretty much the path forward right now for most places, and where it isn't yet it's probably going to become so over the next few years. There are going to be outlier jobs that still do everything by hand and such, but it's absolutely going to limit career opportunities if you're unable to do more than operator-level tasks when it comes to basic scripting and config management. With that said, I have a suspicion you're overthinking this stuff. As another poster said, powershell isn't exactly "programming" and neither is most config management. It's generally a series of commands (or conditions to achieve) with some logic branches, usually not much more complicated than if-then-else or a case statement kind of thing. I'm somewhat oversimplifying, but you should be able to get 90% of what you need from looking at other code or searching on Stack Overflow or whatever.
|
# ? Mar 1, 2021 19:04 |
|
Potato Salad posted:A complex password can mitigate risk of collision from 10 requests per hour, 100 requests/hour, whatever; the math on collision risk as a function of password entropy is well established. Its also a great way to increase your risk in other areas to the point I don't think there is much, if any overall security benefit. Brute force protections are so basic and standard that you have to be really loving up to make them a threat and password complexity rules at large are putting perfume on a turd.
|
# ? Mar 1, 2021 19:05 |
|
Sickening posted:Its also a great way to increase your risk in other areas to the point I don't think there is much, if any overall security benefit. Brute force protections are so basic and standard that you have to be really loving up to make them a threat and password complexity rules at large are putting perfume on a turd. Completely agreed. One can spend a lunch going over some of the math in 800-63b, implement a password and lockout policy more than adequate for your clients needs, and move on to more important things without getting hung up on user creds.
|
# ? Mar 1, 2021 19:11 |
|
Bob Morales posted:It’s five or six? Annoying as gently caress because you can hit enter 2/3 times before you even realize you are trying to login and failing shortspecialbus posted:With that said, I have a suspicion you're overthinking this stuff. As another poster said, powershell isn't exactly "programming" and neither is most config management. It's generally a series of commands (or conditions to achieve) with some logic branches, usually not much more complicated than if-then-else or a case statement kind of thing.
|
# ? Mar 1, 2021 20:14 |
Yeah, it's all those things: is it OK to suck at coding, is it OK to say "I do what I do well, and that's it", and overthinking my own failures/issues. In the past I've thought that I could make my way through the next 15ish years of the workforce and retire, but as I've come up against the limit of my skills and where I need to take my career, it's looked scarier and scarier. The "scripting and IaC are the future of infrastructure" school of thought is true, and it's really intimidating. At least recently I've started to give thought to non-sysadmin/engineering roles that at least allow me to still take my technical skills and put 'em with problem solving. It's just a really big scary unknown and if COVID wasn't real I'd be trying to talk this out with trusted peers.
|
|
# ? Mar 1, 2021 22:53 |
|
I think you are scaring yourself unnecessarily.
|
# ? Mar 1, 2021 23:35 |
|
PowerShell sucks.
|
# ? Mar 2, 2021 00:22 |
PowerShell more like PowerSmell amirite? It’s actually amazing for Windows, and if your beef is with Windows then yes PS sucks because so does Windows. If you work in Windows all the time and you think it’s no good I have some bad news for you.
|
|
# ? Mar 2, 2021 00:24 |
|
PowerShell is terrific in the sense that it has a lot of very powerful cmdlets that can do a lot of great stuff quickly and at scale. I also hate it because the syntax is very different from most of the other programming I do and I don't like it.
|
# ? Mar 2, 2021 01:36 |
|
Winston Churchill posted:
|
# ? Mar 2, 2021 01:58 |
|
PowerShell loving rules until people insist on trying to make it into something it isn't and then they get mad it's not a fully-fledged programming language. As far as pushing boundaries go, I was very up-front in the interview process for my current job that my PS knowledge and skills were in using it for admin and management and not like, pulling in .NET classes and whatnot. But at the same time I think I am actually pretty decent at using PS in those boring confines and I can cite several projects that saved me a ton of time. I'd say if you don't know any PowerShell you're at the very least handcuffing yourself just in terms of efficiency, but I think there's still room in IT for people who don't necessarily want to just be devs, but in a different department from the "real" devs. I think the really cool thing about SDwhatever is that you can theoretically get further by really knowing the fundamentals and not have to spend as much time necessarily learning weird syntactical tricks that will only work on one model line of one vendor's gear. Inspector_666 fucked around with this message at 02:50 on Mar 2, 2021 |
# ? Mar 2, 2021 02:47 |
|
I came dangerously close to owning a thing tonight. I am on the board of directors for my kids’ sportsball teams and tonight was another clowncar of a board meeting. The topic of the night was the amount it cost to store files on the web hosting company (apparently different clubs can upload stuff to it where they will be saved forever and we have stuff in there from 2004). Guy says that we can save a bunch if we delete “old files” which queues up an unmoderated shitshow of a discussion about how to delete them, who is allowed to delete them, when should we delete them, etc. the conversation eventually starts to spiral with people suggesting downloading the old files to an external drive and then backing up THAT to g-drive somewhere. Exasperated, I break in and say, “No, there will not be any downloading, any backing up, and copying or uploading. These documents are to be deleted. Why are we going to back them up more? The bylaws state that all uploaded documents shall be retained for two years, so at two years plus one nanosecond from the creation date the files are getting purged with a script.” Half the group responded with “hell-yeah” the other half looked like I just poo poo on their desks and the president said “sounds like you have some familiarity with this. Could you set something up for us?” Yeah no. “I’d be happy to advise but this is a job for whomever manages our web site. We need to keep all management and functionality of the site in one basket managed by one team.” No loving way am I on that team.
|
# ? Mar 2, 2021 07:08 |
|
Agrikk posted:I came dangerously close to owning a thing tonight. What the gently caress files are being saved for a kids sportsball team? And good job not getting suckered in, that sounds like a nightmare all around. Nothing worse than unpaid volunteer IT work for community organizations, i.e. the same people who post on Nextdoor.
|
# ? Mar 2, 2021 07:12 |
|
SyNack Sassimov posted:What the gently caress files are being saved for a kids sportsball team? And good job not getting suckered in, that sounds like a nightmare all around. Nothing worse than unpaid volunteer IT work for community organizations, i.e. the same people who post on Nextdoor. I can only assume it's liability related either for injury or abuse claims and such. Maybe some sort of financial poo poo to make sure nobody is embezzling from the team funds and/or ensuring that fees are paid and receipted appropriately and such?
|
# ? Mar 2, 2021 13:58 |
|
Entropic posted:It finally happened; I spent most of a day unwittingly reenacting the DNS Haiku. A few pages back, but this made me properly laugh.
|
# ? Mar 2, 2021 14:51 |
|
SyNack Sassimov posted:What the gently caress files are being saved for a kids sportsball team? And good job not getting suckered in, that sounds like a nightmare all around. Nothing worse than unpaid volunteer IT work for community organizations, i.e. the same people who post on Nextdoor. shortspecialbus posted:I can only assume it's liability related either for injury or abuse claims and such. Maybe some sort of financial poo poo to make sure nobody is embezzling from the team funds and/or ensuring that fees are paid and receipted appropriately and such? PII stuff is managed by an online registration company. The stuff here is far, far more mundane: old board meeting transcripts, countless versions and revisions of bylaws, plans for bake-sales and other fundraising activities, etc. Why anyone cares about poo poo like this is beyond me. Also this: https://www.theonion.com/ask-the-minutes-from-a-heated-kiwanis-club-meeting-1819583825
|
# ? Mar 2, 2021 16:17 |
|
boss assigns me a ticket. the ticket is for a completely different department. i unassign it with a note that it's for a different department. he reassigns it to me with no note or message. i unassign it with a teams message that it's for a different department. he reassigns it to me with no note or message. dsfaadsfk ewan fkwjafn adsn aedkcjan ds asdsadsdfdsfdsf if its actually for me tell me tf why, i'm not a mind-reader.
|
# ? Mar 3, 2021 17:39 |
|
|
# ? Mar 29, 2024 13:54 |
|
are they passive aggressively telling you to hand it off to the other department yourself?
|
# ? Mar 3, 2021 17:51 |