I Would Fire Someone For....
-
@IRJ said in I Would Fire Someone For....:
@Dashrender said in I Would Fire Someone For....:
@Brains said in I Would Fire Someone For....:
@Dashrender said in I Would Fire Someone For....:
@scottalanmiller said in I Would Fire Someone For....:
@Dashrender said in I Would Fire Someone For....:
I'm trying to do the same for things that require Flash or Java.
I think most of us did that long ago
You might have within NTG, but I bet many of your clients didn't.
I cringe when I have to install Java for some outdated AC control unit. We currently have a machine blocked from the internet running some OLD version of Java just so they can still monitor the AC system
LOL - these guys wanted a VPN connection to my network for the HVAC - I told my boss that we might as be Target and just turn off the firewall at that point. She agreed that they would not get remote access.
Our AC maintenance guys installed Wireshark on their server. I was like WTF!
Um.... seriously, WTF!
-
@IRJ said in I Would Fire Someone For....:
@Dashrender said in I Would Fire Someone For....:
@travisdh1 said in I Would Fire Someone For....:
@IRJ said in I Would Fire Someone For....:
@Dashrender said in I Would Fire Someone For....:
@Brains said in I Would Fire Someone For....:
@Dashrender said in I Would Fire Someone For....:
@scottalanmiller said in I Would Fire Someone For....:
@Dashrender said in I Would Fire Someone For....:
I'm trying to do the same for things that require Flash or Java.
I think most of us did that long ago
You might have within NTG, but I bet many of your clients didn't.
I cringe when I have to install Java for some outdated AC control unit. We currently have a machine blocked from the internet running some OLD version of Java just so they can still monitor the AC system
LOL - these guys wanted a VPN connection to my network for the HVAC - I told my boss that we might as be Target and just turn off the firewall at that point. She agreed that they would not get remote access.
Our AC maintenance guys installed Wireshark on their server. I was like WTF!
Did they at least ask first? If they didn't ask, you're off the network and can pay for your own connection.
Why would they ask, it was their (I'm assuming the HVAC's) server.
My question is. how did you know they installed Wireshark? You just happened to walk by and noticed it? lol
But absolutely - you need remote access, you get your own network - have a nice day!Ness us vulnerability scanner caught it as an old version
How did Nessus detect the WS version?
-
@scottalanmiller said in I Would Fire Someone For....:
@IRJ said in I Would Fire Someone For....:
@Dashrender said in I Would Fire Someone For....:
@travisdh1 said in I Would Fire Someone For....:
@IRJ said in I Would Fire Someone For....:
@Dashrender said in I Would Fire Someone For....:
@Brains said in I Would Fire Someone For....:
@Dashrender said in I Would Fire Someone For....:
@scottalanmiller said in I Would Fire Someone For....:
@Dashrender said in I Would Fire Someone For....:
I'm trying to do the same for things that require Flash or Java.
I think most of us did that long ago
You might have within NTG, but I bet many of your clients didn't.
I cringe when I have to install Java for some outdated AC control unit. We currently have a machine blocked from the internet running some OLD version of Java just so they can still monitor the AC system
LOL - these guys wanted a VPN connection to my network for the HVAC - I told my boss that we might as be Target and just turn off the firewall at that point. She agreed that they would not get remote access.
Our AC maintenance guys installed Wireshark on their server. I was like WTF!
Did they at least ask first? If they didn't ask, you're off the network and can pay for your own connection.
Why would they ask, it was their (I'm assuming the HVAC's) server.
My question is. how did you know they installed Wireshark? You just happened to walk by and noticed it? lol
But absolutely - you need remote access, you get your own network - have a nice day!Ness us vulnerability scanner caught it as an old version
How did Nessus detect the WS version?
With a credentialed scan. It pulls information about vulnerabilities on all applications. It's a full time job. Everyday there is a new vulnerability in an OS, software, etc.
Nessus can pull information about networking devices, too. It checks for weak passwords by doing brute force ,and you can add credentials to get even more information like vulnerable firmware versions, etc.
-
@IRJ said in I Would Fire Someone For....:
@scottalanmiller said in I Would Fire Someone For....:
@IRJ said in I Would Fire Someone For....:
@Dashrender said in I Would Fire Someone For....:
@travisdh1 said in I Would Fire Someone For....:
@IRJ said in I Would Fire Someone For....:
@Dashrender said in I Would Fire Someone For....:
@Brains said in I Would Fire Someone For....:
@Dashrender said in I Would Fire Someone For....:
@scottalanmiller said in I Would Fire Someone For....:
@Dashrender said in I Would Fire Someone For....:
I'm trying to do the same for things that require Flash or Java.
I think most of us did that long ago
You might have within NTG, but I bet many of your clients didn't.
I cringe when I have to install Java for some outdated AC control unit. We currently have a machine blocked from the internet running some OLD version of Java just so they can still monitor the AC system
LOL - these guys wanted a VPN connection to my network for the HVAC - I told my boss that we might as be Target and just turn off the firewall at that point. She agreed that they would not get remote access.
Our AC maintenance guys installed Wireshark on their server. I was like WTF!
Did they at least ask first? If they didn't ask, you're off the network and can pay for your own connection.
Why would they ask, it was their (I'm assuming the HVAC's) server.
My question is. how did you know they installed Wireshark? You just happened to walk by and noticed it? lol
But absolutely - you need remote access, you get your own network - have a nice day!Ness us vulnerability scanner caught it as an old version
How did Nessus detect the WS version?
With a credentialed scan. It pulls information about vulnerabilities on all applications. It's a full time job. Everyday there is a new vulnerability in an OS, software, etc.
Nessus can pull information about networking devices, too. It checks for weak passwords by doing brute force ,and you can add credentials to get even more information like vulnerable firmware versions, etc.
Interesting - so they gave you the password to their server?
Did they/you remove wireshark?
-
@Dashrender said in I Would Fire Someone For....:
@IRJ said in I Would Fire Someone For....:
@scottalanmiller said in I Would Fire Someone For....:
@IRJ said in I Would Fire Someone For....:
@Dashrender said in I Would Fire Someone For....:
@travisdh1 said in I Would Fire Someone For....:
@IRJ said in I Would Fire Someone For....:
@Dashrender said in I Would Fire Someone For....:
@Brains said in I Would Fire Someone For....:
@Dashrender said in I Would Fire Someone For....:
@scottalanmiller said in I Would Fire Someone For....:
@Dashrender said in I Would Fire Someone For....:
I'm trying to do the same for things that require Flash or Java.
I think most of us did that long ago
You might have within NTG, but I bet many of your clients didn't.
I cringe when I have to install Java for some outdated AC control unit. We currently have a machine blocked from the internet running some OLD version of Java just so they can still monitor the AC system
LOL - these guys wanted a VPN connection to my network for the HVAC - I told my boss that we might as be Target and just turn off the firewall at that point. She agreed that they would not get remote access.
Our AC maintenance guys installed Wireshark on their server. I was like WTF!
Did they at least ask first? If they didn't ask, you're off the network and can pay for your own connection.
Why would they ask, it was their (I'm assuming the HVAC's) server.
My question is. how did you know they installed Wireshark? You just happened to walk by and noticed it? lol
But absolutely - you need remote access, you get your own network - have a nice day!Ness us vulnerability scanner caught it as an old version
How did Nessus detect the WS version?
With a credentialed scan. It pulls information about vulnerabilities on all applications. It's a full time job. Everyday there is a new vulnerability in an OS, software, etc.
Nessus can pull information about networking devices, too. It checks for weak passwords by doing brute force ,and you can add credentials to get even more information like vulnerable firmware versions, etc.
Interesting - so they gave you the password to their server?
Did they/you remove wireshark?
It's our hardware. Yes wireshark has been removed. They were troubleshooting a connectivity issue. Although they should have asked us first.
-
@Breffni-Potter said in I Would Fire Someone For....:
@scottalanmiller said
- Did you not use available resources as there are thousands of posts on Spiceworks about this topic, more than any other topic.
- How did you manage to avoid the common knowledge around such a basic, and loudly discussed, topic?
- How is your knowledge outdated by nearly a decade?
Most of the world does not use Spiceworks.
A lot of IT admins choose not to engage in IT communities.
PPTP VPN on 2012 R2 server installs is acceptable to some.Drops mic, walks away
A free and easy to setup VPN. Managed one at my last job.
-
@Texkonc said in I Would Fire Someone For....:
@Breffni-Potter said in I Would Fire Someone For....:
@scottalanmiller said
- Did you not use available resources as there are thousands of posts on Spiceworks about this topic, more than any other topic.
- How did you manage to avoid the common knowledge around such a basic, and loudly discussed, topic?
- How is your knowledge outdated by nearly a decade?
Most of the world does not use Spiceworks.
A lot of IT admins choose not to engage in IT communities.
PPTP VPN on 2012 R2 server installs is acceptable to some.Drops mic, walks away
A free and easy to setup VPN. Managed one at my last job.
You managed a PPTP? You should have replaced that one
-
@thwr said in I Would Fire Someone For....:
@Texkonc said in I Would Fire Someone For....:
@Breffni-Potter said in I Would Fire Someone For....:
@scottalanmiller said
- Did you not use available resources as there are thousands of posts on Spiceworks about this topic, more than any other topic.
- How did you manage to avoid the common knowledge around such a basic, and loudly discussed, topic?
- How is your knowledge outdated by nearly a decade?
Most of the world does not use Spiceworks.
A lot of IT admins choose not to engage in IT communities.
PPTP VPN on 2012 R2 server installs is acceptable to some.Drops mic, walks away
A free and easy to setup VPN. Managed one at my last job.
You managed a PPTP? You should have replaced that one
it was 2012 R2, using AES256 and dropped the connection if 256 was not supported. I cranked the security settings way up. Job didnt want to pay for Cisco VPN licenses. Had to make use of what I could.
-
@Breffni-Potter said in I Would Fire Someone For....:
Stealing.
Lying.
No commitment, zero energy, just slothful.
No desire/drive to improve on weak areas.These for me are the big 4, I'm not really into the "He wasted $$$ fire him" because I've done it in business and regretted it, mistakes do happen but you do learn from him but point 4, if there is no desire to improve after the mistake, then that's when we have problems.
I have to agree with these. Stealing? No. Lying? You're gone. No energy? More tolerable but if they are constantly falling asleep on the job and therefore not getting stuff done? Gone. No desire to improve? That's the biggest one for me. I've been in a supervisory position. This was always my biggest thing. I'll gladly take the time to train you, help you improve, but if you are uninterested in trying to improve, you're a waste of my time and breath, and there's the door.
-
@Texkonc said in I Would Fire Someone For....:
@thwr said in I Would Fire Someone For....:
@Texkonc said in I Would Fire Someone For....:
@Breffni-Potter said in I Would Fire Someone For....:
@scottalanmiller said
- Did you not use available resources as there are thousands of posts on Spiceworks about this topic, more than any other topic.
- How did you manage to avoid the common knowledge around such a basic, and loudly discussed, topic?
- How is your knowledge outdated by nearly a decade?
Most of the world does not use Spiceworks.
A lot of IT admins choose not to engage in IT communities.
PPTP VPN on 2012 R2 server installs is acceptable to some.Drops mic, walks away
A free and easy to setup VPN. Managed one at my last job.
You managed a PPTP? You should have replaced that one
it was 2012 R2, using AES256 and dropped the connection if 256 was not supported. I cranked the security settings way up. Job didnt want to pay for Cisco VPN licenses. Had to make use of what I could.
OpenVPN is free
-
@Texkonc said in I Would Fire Someone For....:
@thwr said in I Would Fire Someone For....:
@Texkonc said in I Would Fire Someone For....:
@Breffni-Potter said in I Would Fire Someone For....:
@scottalanmiller said
- Did you not use available resources as there are thousands of posts on Spiceworks about this topic, more than any other topic.
- How did you manage to avoid the common knowledge around such a basic, and loudly discussed, topic?
- How is your knowledge outdated by nearly a decade?
Most of the world does not use Spiceworks.
A lot of IT admins choose not to engage in IT communities.
PPTP VPN on 2012 R2 server installs is acceptable to some.Drops mic, walks away
A free and easy to setup VPN. Managed one at my last job.
You managed a PPTP? You should have replaced that one
it was 2012 R2, using AES256 and dropped the connection if 256 was not supported. I cranked the security settings way up. Job didnt want to pay for Cisco VPN licenses.
You don't need Cisco to get a secure VPN running. It's probably even better to not use Cisco VPN's, looking at the latest NSA news.
MS-PPTP has several problems, for example in the challenge-response mechanism, which allows an attacker to log in with a sniffed password hash. Moxie Marlinspike, you probably heard that name before, created a cloud based service to crack the 2^56 possible DES keys in just a day or two, which costs you around $200.
You can read about that here: http://www.h-online.com/security/features/A-death-blow-for-PPTP-1716768.html
-
@scottalanmiller said in I Would Fire Someone For....:
@Texkonc said in I Would Fire Someone For....:
@thwr said in I Would Fire Someone For....:
@Texkonc said in I Would Fire Someone For....:
@Breffni-Potter said in I Would Fire Someone For....:
@scottalanmiller said
- Did you not use available resources as there are thousands of posts on Spiceworks about this topic, more than any other topic.
- How did you manage to avoid the common knowledge around such a basic, and loudly discussed, topic?
- How is your knowledge outdated by nearly a decade?
Most of the world does not use Spiceworks.
A lot of IT admins choose not to engage in IT communities.
PPTP VPN on 2012 R2 server installs is acceptable to some.Drops mic, walks away
A free and easy to setup VPN. Managed one at my last job.
You managed a PPTP? You should have replaced that one
it was 2012 R2, using AES256 and dropped the connection if 256 was not supported. I cranked the security settings way up. Job didnt want to pay for Cisco VPN licenses. Had to make use of what I could.
OpenVPN is free
Plus Server 2012R2 has both SSTP and L2TP/IPSEC built in.
-
@coliver said in I Would Fire Someone For....:
@scottalanmiller said in I Would Fire Someone For....:
@Texkonc said in I Would Fire Someone For....:
@thwr said in I Would Fire Someone For....:
@Texkonc said in I Would Fire Someone For....:
@Breffni-Potter said in I Would Fire Someone For....:
@scottalanmiller said
- Did you not use available resources as there are thousands of posts on Spiceworks about this topic, more than any other topic.
- How did you manage to avoid the common knowledge around such a basic, and loudly discussed, topic?
- How is your knowledge outdated by nearly a decade?
Most of the world does not use Spiceworks.
A lot of IT admins choose not to engage in IT communities.
PPTP VPN on 2012 R2 server installs is acceptable to some.Drops mic, walks away
A free and easy to setup VPN. Managed one at my last job.
You managed a PPTP? You should have replaced that one
it was 2012 R2, using AES256 and dropped the connection if 256 was not supported. I cranked the security settings way up. Job didnt want to pay for Cisco VPN licenses. Had to make use of what I could.
OpenVPN is free
Plus Server 2012R2 has both SSTP and L2TP/IPSEC built in.
Its been a year and trying to block it out, but I think I did use L2TP/IPSEC....That would make sense...
hmmmmm. Can't remember.... -
@coliver said in I Would Fire Someone For....:
@scottalanmiller said in I Would Fire Someone For....:
@Texkonc said in I Would Fire Someone For....:
@thwr said in I Would Fire Someone For....:
@Texkonc said in I Would Fire Someone For....:
@Breffni-Potter said in I Would Fire Someone For....:
@scottalanmiller said
- Did you not use available resources as there are thousands of posts on Spiceworks about this topic, more than any other topic.
- How did you manage to avoid the common knowledge around such a basic, and loudly discussed, topic?
- How is your knowledge outdated by nearly a decade?
Most of the world does not use Spiceworks.
A lot of IT admins choose not to engage in IT communities.
PPTP VPN on 2012 R2 server installs is acceptable to some.Drops mic, walks away
A free and easy to setup VPN. Managed one at my last job.
You managed a PPTP? You should have replaced that one
it was 2012 R2, using AES256 and dropped the connection if 256 was not supported. I cranked the security settings way up. Job didnt want to pay for Cisco VPN licenses. Had to make use of what I could.
OpenVPN is free
Plus Server 2012R2 has both SSTP and L2TP/IPSEC built in.
Really like SSTP. Easy to setup, just uses a single TCP port to connect (443 by default). Performance can't be compared to IPsec via L2TP, but it's still ok.
-
@Texkonc said in I Would Fire Someone For....:
@coliver said in I Would Fire Someone For....:
@scottalanmiller said in I Would Fire Someone For....:
@Texkonc said in I Would Fire Someone For....:
@thwr said in I Would Fire Someone For....:
@Texkonc said in I Would Fire Someone For....:
@Breffni-Potter said in I Would Fire Someone For....:
@scottalanmiller said
- Did you not use available resources as there are thousands of posts on Spiceworks about this topic, more than any other topic.
- How did you manage to avoid the common knowledge around such a basic, and loudly discussed, topic?
- How is your knowledge outdated by nearly a decade?
Most of the world does not use Spiceworks.
A lot of IT admins choose not to engage in IT communities.
PPTP VPN on 2012 R2 server installs is acceptable to some.Drops mic, walks away
A free and easy to setup VPN. Managed one at my last job.
You managed a PPTP? You should have replaced that one
it was 2012 R2, using AES256 and dropped the connection if 256 was not supported. I cranked the security settings way up. Job didnt want to pay for Cisco VPN licenses. Had to make use of what I could.
OpenVPN is free
Plus Server 2012R2 has both SSTP and L2TP/IPSEC built in.
Its been a year and trying to block it out, but I think I did use L2TP/IPSEC....That would make sense...
hmmmmm. Can't remember....When you configured things like IKE, phase 1 and 2 and so on: IPsec