ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Can it end now? \rant

    Water Closet
    6
    22
    3.1k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      bbigford @zuphzuph
      last edited by

      @zuphzuph said in Can it end now? \rant:

      @BBigford said in Can it end now? \rant:

      If it makes you feel any better I'm trying to combine 19 PSTs into one archive mailbox for a user. Some are broken, some are password protected, and they're all "super important". FFS

      Yeah... glad I'm not you rn.

      Dude, you have nf idea. 😐

      1 Reply Last reply Reply Quote 0
      • S
        scottalanmiller
        last edited by

        Sorry that your day is sucking.

        Z 1 Reply Last reply Reply Quote 2
        • Z
          zuphzuph Banned @scottalanmiller
          last edited by

          @scottalanmiller I came in today to find a production web server my boss built had the windows firewall on and was stopping all messages from RabbitMQ for one of our apps. Just a back week overall. Thanks though duder!

          D S M 3 Replies Last reply Reply Quote 2
          • D
            DustinB3403 @zuphzuph
            last edited by

            @zuphzuph said in Can it end now? \rant:

            @scottalanmiller I came in today to find a production web server my boss built had the windows firewall on and was stopping all messages from RabbitMQ for one of our apps. Just a back week overall. Thanks though duder!

            Why is the production web server using Windows, and more importantly, Windows Firewall?

            S 1 Reply Last reply Reply Quote 1
            • S
              scottalanmiller @DustinB3403
              last edited by

              @DustinB3403 said in Can it end now? \rant:

              @zuphzuph said in Can it end now? \rant:

              @scottalanmiller I came in today to find a production web server my boss built had the windows firewall on and was stopping all messages from RabbitMQ for one of our apps. Just a back week overall. Thanks though duder!

              Why is the production web server using Windows, and more importantly, Windows Firewall?

              Once you are using Windows, why would you ever disable the Windows firewall?

              D B 2 Replies Last reply Reply Quote 0
              • D
                DustinB3403 @scottalanmiller
                last edited by

                @scottalanmiller said in Can it end now? \rant:

                @DustinB3403 said in Can it end now? \rant:

                @zuphzuph said in Can it end now? \rant:

                @scottalanmiller I came in today to find a production web server my boss built had the windows firewall on and was stopping all messages from RabbitMQ for one of our apps. Just a back week overall. Thanks though duder!

                Why is the production web server using Windows, and more importantly, Windows Firewall?

                Once you are using Windows, why would you ever disable the Windows firewall?

                Fair point....

                1 Reply Last reply Reply Quote 0
                • S
                  scottalanmiller @zuphzuph
                  last edited by

                  @zuphzuph said in Can it end now? \rant:

                  @scottalanmiller I came in today to find a production web server my boss built had the windows firewall on and was stopping all messages from RabbitMQ for one of our apps. Just a back week overall. Thanks though duder!

                  Firewall on: good.
                  Firewall misconfigured: bad.

                  1 Reply Last reply Reply Quote 1
                  • M
                    MattSpeller @zuphzuph
                    last edited by

                    @zuphzuph What does not kill you will look great on a resume! Keep up the good fight man.

                    1 Reply Last reply Reply Quote 2
                    • B
                      bbigford @scottalanmiller
                      last edited by bbigford

                      @scottalanmiller said in Can it end now? \rant:

                      @DustinB3403 said in Can it end now? \rant:

                      @zuphzuph said in Can it end now? \rant:

                      @scottalanmiller I came in today to find a production web server my boss built had the windows firewall on and was stopping all messages from RabbitMQ for one of our apps. Just a back week overall. Thanks though duder!

                      Why is the production web server using Windows, and more importantly, Windows Firewall?

                      Once you are using Windows, why would you ever disable the Windows firewall?

                      We disable it (for internal-only machines, domain only. Public and private are active) because there are many other layers of security in place. Having it on and risking compromise is outweighed by the added headaches of figuring out why the firewall is blocking something. Anything external facing has maximum security though (web servers/etc).

                      So I guess reading back through @zuphzuph's comment about it being on and it's a web server, it should be on and configured properly.

                      T S 2 Replies Last reply Reply Quote 1
                      • T
                        thwr @bbigford
                        last edited by thwr

                        @BBigford said in Can it end now? \rant:

                        We disable it (for internal-only machines, domain only. Public and private are active) because there are many other layers of security in place. Having it on and risking compromise is outweighed by the added headaches of figuring out why the firewall is blocking something. Anything external facing has maximum security though (web servers/etc).

                        You know that one of the most dangerous attack vectors is the one from within your network? No more IDS/IPS or UTM to pass, it's the free wild. I would leave it on, better some protection than no protection. Adding a new rule for a webserver is a one-liner.

                        B 1 Reply Last reply Reply Quote 3
                        • S
                          scottalanmiller @bbigford
                          last edited by

                          @BBigford said in Can it end now? \rant:

                          @scottalanmiller said in Can it end now? \rant:

                          @DustinB3403 said in Can it end now? \rant:

                          @zuphzuph said in Can it end now? \rant:

                          @scottalanmiller I came in today to find a production web server my boss built had the windows firewall on and was stopping all messages from RabbitMQ for one of our apps. Just a back week overall. Thanks though duder!

                          Why is the production web server using Windows, and more importantly, Windows Firewall?

                          Once you are using Windows, why would you ever disable the Windows firewall?

                          We disable it (for internal-only machines, domain only. Public and private are active) because there are many other layers of security in place. Having it on and risking compromise is outweighed by the added headaches of figuring out why the firewall is blocking something. Anything external facing has maximum security though (web servers/etc).

                          So I guess reading back through @zuphzuph's comment about it being on and it's a web server, it should be on and configured properly.

                          It only exists for internal only (that's why it was made) because internal machines should always have a firewall. There is no other layer that protects what the system firewall does. Without it, you rely on "LAN security."

                          B 1 Reply Last reply Reply Quote 1
                          • B
                            bbigford @scottalanmiller
                            last edited by

                            @scottalanmiller said in Can it end now? \rant:

                            @BBigford said in Can it end now? \rant:

                            @scottalanmiller said in Can it end now? \rant:

                            @DustinB3403 said in Can it end now? \rant:

                            @zuphzuph said in Can it end now? \rant:

                            @scottalanmiller I came in today to find a production web server my boss built had the windows firewall on and was stopping all messages from RabbitMQ for one of our apps. Just a back week overall. Thanks though duder!

                            Why is the production web server using Windows, and more importantly, Windows Firewall?

                            Once you are using Windows, why would you ever disable the Windows firewall?

                            We disable it (for internal-only machines, domain only. Public and private are active) because there are many other layers of security in place. Having it on and risking compromise is outweighed by the added headaches of figuring out why the firewall is blocking something. Anything external facing has maximum security though (web servers/etc).

                            So I guess reading back through @zuphzuph's comment about it being on and it's a web server, it should be on and configured properly.

                            It only exists for internal only (that's why it was made) because internal machines should always have a firewall. There is no other layer that protects what the system firewall does. Without it, you rely on "LAN security."

                            We put our servers on their own vlan among other things. But unfortunately that's not my call even if I wanted to change it. I brought it up my first couple weeks and was told nope, not gonna happen.

                            T 1 Reply Last reply Reply Quote 0
                            • B
                              bbigford @thwr
                              last edited by

                              @thwr said in Can it end now? \rant:

                              @BBigford said in Can it end now? \rant:

                              We disable it (for internal-only machines, domain only. Public and private are active) because there are many other layers of security in place. Having it on and risking compromise is outweighed by the added headaches of figuring out why the firewall is blocking something. Anything external facing has maximum security though (web servers/etc).

                              You know that one of the most dangerous attack vectors is the one from within your network? No more IDS/IPS or UTM to pass, it's the free wild. I would leave it on, better some protection than no protection. Adding a new rule for a webserver is a one-liner.

                              Valid point. I was told not to enable any of them. So maybe they are going based on trust. 😄

                              T S 2 Replies Last reply Reply Quote 1
                              • T
                                thwr @bbigford
                                last edited by

                                @BBigford said in Can it end now? \rant:

                                @scottalanmiller said in Can it end now? \rant:

                                @BBigford said in Can it end now? \rant:

                                @scottalanmiller said in Can it end now? \rant:

                                @DustinB3403 said in Can it end now? \rant:

                                @zuphzuph said in Can it end now? \rant:

                                @scottalanmiller I came in today to find a production web server my boss built had the windows firewall on and was stopping all messages from RabbitMQ for one of our apps. Just a back week overall. Thanks though duder!

                                Why is the production web server using Windows, and more importantly, Windows Firewall?

                                Once you are using Windows, why would you ever disable the Windows firewall?

                                We disable it (for internal-only machines, domain only. Public and private are active) because there are many other layers of security in place. Having it on and risking compromise is outweighed by the added headaches of figuring out why the firewall is blocking something. Anything external facing has maximum security though (web servers/etc).

                                So I guess reading back through @zuphzuph's comment about it being on and it's a web server, it should be on and configured properly.

                                It only exists for internal only (that's why it was made) because internal machines should always have a firewall. There is no other layer that protects what the system firewall does. Without it, you rely on "LAN security."

                                We put our servers on their own vlan among other things. But unfortunately that's not my call even if I wanted to change it. I brought it up my first couple weeks and was told nope, not gonna happen.

                                Uhm, that's bad. Always hard to see people misunderstanding VLAN as a security feature - it's not. It helps in organizing your network, but it adds not much - if any - security.

                                1 Reply Last reply Reply Quote 0
                                • T
                                  thwr @bbigford
                                  last edited by

                                  @BBigford said in Can it end now? \rant:

                                  @thwr said in Can it end now? \rant:

                                  @BBigford said in Can it end now? \rant:

                                  We disable it (for internal-only machines, domain only. Public and private are active) because there are many other layers of security in place. Having it on and risking compromise is outweighed by the added headaches of figuring out why the firewall is blocking something. Anything external facing has maximum security though (web servers/etc).

                                  You know that one of the most dangerous attack vectors is the one from within your network? No more IDS/IPS or UTM to pass, it's the free wild. I would leave it on, better some protection than no protection. Adding a new rule for a webserver is a one-liner.

                                  Valid point. I was told not to enable any of them. So maybe they are going based on trust. 😄

                                  Well, ... uhm, just make sure that no one points at you when things go south.

                                  1 Reply Last reply Reply Quote 1
                                  • S
                                    scottalanmiller @bbigford
                                    last edited by

                                    @BBigford said in Can it end now? \rant:

                                    Valid point. I was told not to enable any of them. So maybe they are going based on trust. 😄

                                    By someone working in an IT department? If someone told me that I'd ask a manager to look into if they were socially engineering me. That sounds like someone testing you.

                                    1 Reply Last reply Reply Quote 1
                                    • 1
                                    • 2
                                    • 1 / 2
                                    • First post
                                      Last post