Can it end now? \rant

zuphzuph

My day:

Dev french toasted a web app build last night... showed up an hour early to correct an SSRS report they fudged.

We all stand at my desk as they watch me update stuff.

An hour later an internal application breaks (user did a hard reset with app open and hosed it on her machine).

Another user grabbed me about an hour later (Outlook views messed up).

Setup new user with laptop after imaging... (AD, Mailbox, Phone and Desk setup).

Mail queue in another application has emails hung... spent about 30 mins rebooting and restarting services to flush it out.

My boss expects me to migrate our file server in the next week as well as migrate exchange from 2013 CU13 to 2016 and setup MDT images (Server I setup to begin with).

Boss updated Opsview last night and I came in this morning to a ton of I/O errors on Ubuntu as he took today off aka no monitoring alerts.

I'm frustrated and feel as though at this point he's taking credit for what I do while he sits back.

Is it bad to feel like I should just walk?

bbigford

@zuphzuph said in Can it end now? /rant:

Boss updated Opsview last night and I came in this morning to a ton of I/O errors on Ubuntu as he took today off aka no monitoring alerts.

Yeah, DON'T touch stuff when you aren't going to be there the next day. I'd quit on principle.

bbigford

@zuphzuph said in Can it end now? /rant:

I'm frustrated and feel as though at this point he's taking credit for what I do while he sits back.

That's just management, man. You're gonna have to get used to that.

bbigford

If it makes you feel any better I'm trying to combine 19 PSTs into one archive mailbox for a user. Some are broken, some are password protected, and they're all "super important". FFS

zuphzuph

@BBigford said in Can it end now? \rant:

@zuphzuph said in Can it end now? /rant:

I'm frustrated and feel as though at this point he's taking credit for what I do while he sits back.

That's just management, man. You're gonna have to get used to that.

Hey now, not for too much longer. ;D

zuphzuph

@BBigford said in Can it end now? \rant:

If it makes you feel any better I'm trying to combine 19 PSTs into one archive mailbox for a user. Some are broken, some are password protected, and they're all "super important". FFS

Yeah... glad I'm not you rn.

bbigford

@zuphzuph said in Can it end now? \rant:

@BBigford said in Can it end now? \rant:

If it makes you feel any better I'm trying to combine 19 PSTs into one archive mailbox for a user. Some are broken, some are password protected, and they're all "super important". FFS

Yeah... glad I'm not you rn.

Dude, you have nf idea.

scottalanmiller

Sorry that your day is sucking.

zuphzuph

@scottalanmiller I came in today to find a production web server my boss built had the windows firewall on and was stopping all messages from RabbitMQ for one of our apps. Just a back week overall. Thanks though duder!

DustinB3403

@zuphzuph said in Can it end now? \rant:

@scottalanmiller I came in today to find a production web server my boss built had the windows firewall on and was stopping all messages from RabbitMQ for one of our apps. Just a back week overall. Thanks though duder!

Why is the production web server using Windows, and more importantly, Windows Firewall?

scottalanmiller

@DustinB3403 said in Can it end now? \rant:

@zuphzuph said in Can it end now? \rant:

@scottalanmiller I came in today to find a production web server my boss built had the windows firewall on and was stopping all messages from RabbitMQ for one of our apps. Just a back week overall. Thanks though duder!

Why is the production web server using Windows, and more importantly, Windows Firewall?

Once you are using Windows, why would you ever disable the Windows firewall?

DustinB3403

@scottalanmiller said in Can it end now? \rant:

@DustinB3403 said in Can it end now? \rant:

@zuphzuph said in Can it end now? \rant:

@scottalanmiller I came in today to find a production web server my boss built had the windows firewall on and was stopping all messages from RabbitMQ for one of our apps. Just a back week overall. Thanks though duder!

Why is the production web server using Windows, and more importantly, Windows Firewall?

Once you are using Windows, why would you ever disable the Windows firewall?

Fair point....

scottalanmiller

@zuphzuph said in Can it end now? \rant:

@scottalanmiller I came in today to find a production web server my boss built had the windows firewall on and was stopping all messages from RabbitMQ for one of our apps. Just a back week overall. Thanks though duder!

Firewall on: good.
Firewall misconfigured: bad.

MattSpeller

@zuphzuph What does not kill you will look great on a resume! Keep up the good fight man.

bbigford

@scottalanmiller said in Can it end now? \rant:

@DustinB3403 said in Can it end now? \rant:

@zuphzuph said in Can it end now? \rant:

@scottalanmiller I came in today to find a production web server my boss built had the windows firewall on and was stopping all messages from RabbitMQ for one of our apps. Just a back week overall. Thanks though duder!

Why is the production web server using Windows, and more importantly, Windows Firewall?

Once you are using Windows, why would you ever disable the Windows firewall?

We disable it (for internal-only machines, domain only. Public and private are active) because there are many other layers of security in place. Having it on and risking compromise is outweighed by the added headaches of figuring out why the firewall is blocking something. Anything external facing has maximum security though (web servers/etc).

So I guess reading back through @zuphzuph's comment about it being on and it's a web server, it should be on and configured properly.

thwr

@BBigford said in Can it end now? \rant:

We disable it (for internal-only machines, domain only. Public and private are active) because there are many other layers of security in place. Having it on and risking compromise is outweighed by the added headaches of figuring out why the firewall is blocking something. Anything external facing has maximum security though (web servers/etc).

You know that one of the most dangerous attack vectors is the one from within your network? No more IDS/IPS or UTM to pass, it's the free wild. I would leave it on, better some protection than no protection. Adding a new rule for a webserver is a one-liner.

scottalanmiller

@BBigford said in Can it end now? \rant:

@scottalanmiller said in Can it end now? \rant:

@DustinB3403 said in Can it end now? \rant:

@zuphzuph said in Can it end now? \rant:

@scottalanmiller I came in today to find a production web server my boss built had the windows firewall on and was stopping all messages from RabbitMQ for one of our apps. Just a back week overall. Thanks though duder!

Why is the production web server using Windows, and more importantly, Windows Firewall?

Once you are using Windows, why would you ever disable the Windows firewall?

We disable it (for internal-only machines, domain only. Public and private are active) because there are many other layers of security in place. Having it on and risking compromise is outweighed by the added headaches of figuring out why the firewall is blocking something. Anything external facing has maximum security though (web servers/etc).

So I guess reading back through @zuphzuph's comment about it being on and it's a web server, it should be on and configured properly.

It only exists for internal only (that's why it was made) because internal machines should always have a firewall. There is no other layer that protects what the system firewall does. Without it, you rely on "LAN security."

bbigford

@scottalanmiller said in Can it end now? \rant:

@BBigford said in Can it end now? \rant:

@scottalanmiller said in Can it end now? \rant:

@DustinB3403 said in Can it end now? \rant:

@zuphzuph said in Can it end now? \rant:

@scottalanmiller I came in today to find a production web server my boss built had the windows firewall on and was stopping all messages from RabbitMQ for one of our apps. Just a back week overall. Thanks though duder!

Why is the production web server using Windows, and more importantly, Windows Firewall?

Once you are using Windows, why would you ever disable the Windows firewall?

We disable it (for internal-only machines, domain only. Public and private are active) because there are many other layers of security in place. Having it on and risking compromise is outweighed by the added headaches of figuring out why the firewall is blocking something. Anything external facing has maximum security though (web servers/etc).

So I guess reading back through @zuphzuph's comment about it being on and it's a web server, it should be on and configured properly.

It only exists for internal only (that's why it was made) because internal machines should always have a firewall. There is no other layer that protects what the system firewall does. Without it, you rely on "LAN security."

We put our servers on their own vlan among other things. But unfortunately that's not my call even if I wanted to change it. I brought it up my first couple weeks and was told nope, not gonna happen.

bbigford

@thwr said in Can it end now? \rant:

@BBigford said in Can it end now? \rant:

We disable it (for internal-only machines, domain only. Public and private are active) because there are many other layers of security in place. Having it on and risking compromise is outweighed by the added headaches of figuring out why the firewall is blocking something. Anything external facing has maximum security though (web servers/etc).

You know that one of the most dangerous attack vectors is the one from within your network? No more IDS/IPS or UTM to pass, it's the free wild. I would leave it on, better some protection than no protection. Adding a new rule for a webserver is a one-liner.

Valid point. I was told not to enable any of them. So maybe they are going based on trust.

thwr

@BBigford said in Can it end now? \rant:

@scottalanmiller said in Can it end now? \rant:

@BBigford said in Can it end now? \rant:

@scottalanmiller said in Can it end now? \rant:

@DustinB3403 said in Can it end now? \rant:

@zuphzuph said in Can it end now? \rant:

@scottalanmiller I came in today to find a production web server my boss built had the windows firewall on and was stopping all messages from RabbitMQ for one of our apps. Just a back week overall. Thanks though duder!

Why is the production web server using Windows, and more importantly, Windows Firewall?

Once you are using Windows, why would you ever disable the Windows firewall?

We disable it (for internal-only machines, domain only. Public and private are active) because there are many other layers of security in place. Having it on and risking compromise is outweighed by the added headaches of figuring out why the firewall is blocking something. Anything external facing has maximum security though (web servers/etc).

So I guess reading back through @zuphzuph's comment about it being on and it's a web server, it should be on and configured properly.

It only exists for internal only (that's why it was made) because internal machines should always have a firewall. There is no other layer that protects what the system firewall does. Without it, you rely on "LAN security."

We put our servers on their own vlan among other things. But unfortunately that's not my call even if I wanted to change it. I brought it up my first couple weeks and was told nope, not gonna happen.

Uhm, that's bad. Always hard to see people misunderstanding VLAN as a security feature - it's not. It helps in organizing your network, but it adds not much - if any - security.