Site Moved a PC=A MESS
-
@jaredbusch said in Site Moved a PC=A MESS:
@dustinb3403 said in Site Moved a PC=A MESS:
@jaredbusch said in Site Moved a PC=A MESS:
@dustinb3403 said in Site Moved a PC=A MESS:
@wrcombs said in Site Moved a PC=A MESS:
@scottalanmiller said in Site Moved a PC=A MESS:
@wrcombs said in Site Moved a PC=A MESS:
@scottalanmiller said in Site Moved a PC=A MESS:
This is called sabotage. Someone broke something by doing something they clearly had no idea how to do. Now they are hiding things from you to keep it from getting fixed. Time to escalate. Let someone know that the Site Manager has overseen damage to the network and that you have no idea what they have done and that they either aren't able to tell you or are unwilling to do so. Communicate to the powers that be. The Site Manager is responsible, so of course he's trying to blame you. It's HIS fault.
You might need to suggest that given the unknown state of things, starting from scratch might be the best way to quickly resolve issues and know what the state of things is and what has been done.
And get it in writing that sites cannot make changes as policy.
My suggestion was to run new Cables to eat PoS Terminal and go from there. The network tech told him to get the team that moved it back out there - because was not either of our companies that made the move.
Everything has been documented, I may need to just escalate this some more.What company did it? And why is the site manager allowing random, third party companies to touch stuff?
Another Vendor said " I think this is how this goes so I will Do it." and he allowed them too; this is the new Site manager- the one who allowed them to move it is no longer with the site.
The who what or why is the least important thing to be concerned about now. If you have a cable tester, and a have a general idea of where the cable is going, check the switch to see if any of the ports are currently off.
Then put the cable tester on the PC end and get take the switch end and connect it to the tester. This will identify the cable as either being the "one" or not.
From there you just move the cable from that switch port to the new office space as the PoS or Internet line and plug it all back in.
That kind of cable testing is only a continuity tester. that does nothing for a live network because a jack plugged into a switch will not let it work right.
I know, which I why the testing is from the wall to the punchdown block.
That's why the LinkSprinter (or similar form other companies) is a staple for anyone doing actual network wiring for a living.
I love mine.
-
@wrcombs it sounds like you network tech is an idiot if they couldn't locate this wiring.
Either way: Idiot or just Lazy. That's why I came to ML to find out what was needed.
-
@wrcombs said in Site Moved a PC=A MESS:
@wrcombs it sounds like you network tech is an idiot if they couldn't locate this wiring.
Either way: Idiot or just Lazy. That's why I came to ML to find out what was needed.
Yeah. . . so besides being sidetracked as if we were on to troubleshoot the issue you need to be able to find the cable. Since your tester won't work through the switch, your only option is to test the cable by unplugging it from the switch.
-
@dustinb3403 said in Site Moved a PC=A MESS:
@wrcombs said in Site Moved a PC=A MESS:
@wrcombs it sounds like you network tech is an idiot if they couldn't locate this wiring.
Either way: Idiot or just Lazy. That's why I came to ML to find out what was needed.
Yeah. . . so besides being sidetracked as if we were on to troubleshoot the issue you need to be able to find the cable. Since your tester won't work through the switch, your only option is to test the cable by unplugging it from the switch.
Well the Next time I go on site I will Have to take an extra set of eyes with me and start unplugging them at the PoS and find them that way.
-
@wrcombs said in Site Moved a PC=A MESS:
@dustinb3403 said in Site Moved a PC=A MESS:
@wrcombs said in Site Moved a PC=A MESS:
@wrcombs it sounds like you network tech is an idiot if they couldn't locate this wiring.
Either way: Idiot or just Lazy. That's why I came to ML to find out what was needed.
Yeah. . . so besides being sidetracked as if we were on to troubleshoot the issue you need to be able to find the cable. Since your tester won't work through the switch, your only option is to test the cable by unplugging it from the switch.
Well the Next time I go on site I will Have to take an extra set of eyes with me and start unplugging them at the PoS and find them that way.
I would honestly just look at the logging on the switches.
-
@dustinb3403 said in Site Moved a PC=A MESS:
@wrcombs said in Site Moved a PC=A MESS:
@dustinb3403 said in Site Moved a PC=A MESS:
@wrcombs said in Site Moved a PC=A MESS:
@wrcombs it sounds like you network tech is an idiot if they couldn't locate this wiring.
Either way: Idiot or just Lazy. That's why I came to ML to find out what was needed.
Yeah. . . so besides being sidetracked as if we were on to troubleshoot the issue you need to be able to find the cable. Since your tester won't work through the switch, your only option is to test the cable by unplugging it from the switch.
Well the Next time I go on site I will Have to take an extra set of eyes with me and start unplugging them at the PoS and find them that way.
I would honestly just look at the logging on the switches.
It's a managed switch that I do not have the credentials to log in..
-
@wrcombs said in Site Moved a PC=A MESS:
@dustinb3403 said in Site Moved a PC=A MESS:
@wrcombs said in Site Moved a PC=A MESS:
@dustinb3403 said in Site Moved a PC=A MESS:
@wrcombs said in Site Moved a PC=A MESS:
@wrcombs it sounds like you network tech is an idiot if they couldn't locate this wiring.
Either way: Idiot or just Lazy. That's why I came to ML to find out what was needed.
Yeah. . . so besides being sidetracked as if we were on to troubleshoot the issue you need to be able to find the cable. Since your tester won't work through the switch, your only option is to test the cable by unplugging it from the switch.
Well the Next time I go on site I will Have to take an extra set of eyes with me and start unplugging them at the PoS and find them that way.
I would honestly just look at the logging on the switches.
It's a managed switch that I do not have the credentials to log in..
It would be super easy to ask for someone to give you access for this, no?
-
@dustinb3403 said in Site Moved a PC=A MESS:
@wrcombs said in Site Moved a PC=A MESS:
@dustinb3403 said in Site Moved a PC=A MESS:
@wrcombs said in Site Moved a PC=A MESS:
@dustinb3403 said in Site Moved a PC=A MESS:
@wrcombs said in Site Moved a PC=A MESS:
@wrcombs it sounds like you network tech is an idiot if they couldn't locate this wiring.
Either way: Idiot or just Lazy. That's why I came to ML to find out what was needed.
Yeah. . . so besides being sidetracked as if we were on to troubleshoot the issue you need to be able to find the cable. Since your tester won't work through the switch, your only option is to test the cable by unplugging it from the switch.
Well the Next time I go on site I will Have to take an extra set of eyes with me and start unplugging them at the PoS and find them that way.
I would honestly just look at the logging on the switches.
It's a managed switch that I do not have the credentials to log in..
It would be super easy to ask for someone to give you access for this, no?
Honestly, with the way the rest of the site is, Id be surprised if anyone had the credentials. I have not tried talking to anyone about getting those.
-
So Update on this : they brought out the original networking and communications team: they re hooked the PC back into the correct switch and are in the process of installing 4 x 8port netgear switches on a dedicated network for the PoS. The PoS are all working and can communicate with the back office.
apparently, the switch I was plugged into was a "Jumper" switch that did nothing but feed to the "new office" So i was not on the network.
-
@wrcombs said in Site Moved a PC=A MESS:
So Update on this : they brought out the original networking and communications team: they re hooked the PC back into the correct switch and are in the process of installing 4 x 8port netgear switches on a dedicated network for the PoS. The PoS are all working and can communicate with the back office.
apparently, the switch I was plugged into was a "Jumper" switch that did nothing but feed to the "new office" So i was not on the network.
So they have two physical lans on site? rather than using a vLAN for this?
-
@dustinb3403 said in Site Moved a PC=A MESS:
@wrcombs said in Site Moved a PC=A MESS:
So Update on this : they brought out the original networking and communications team: they re hooked the PC back into the correct switch and are in the process of installing 4 x 8port netgear switches on a dedicated network for the PoS. The PoS are all working and can communicate with the back office.
apparently, the switch I was plugged into was a "Jumper" switch that did nothing but feed to the "new office" So i was not on the network.
So they have two physical lans on site? rather than using a vLAN for this?
Correct. My boss is pushing PCI Compliance, I don't know enough about it to have an argument against him on this. but according to a PCI Compliance checklist we received last year ( before i was here) It has to be a completely isolated network- Can not be a vLAN, Like I said i don't know enough to have a say, This is the way we were told to do this ( I believe by someone from one our Vendors who deals with PCI daily.)
-
@wrcombs that doesn't surprise me about the compliance requirement, there are a bunch of stupid compliance requirements for all sorts of industries.
-
@wrcombs said in Site Moved a PC=A MESS:
@dustinb3403 said in Site Moved a PC=A MESS:
@wrcombs said in Site Moved a PC=A MESS:
So Update on this : they brought out the original networking and communications team: they re hooked the PC back into the correct switch and are in the process of installing 4 x 8port netgear switches on a dedicated network for the PoS. The PoS are all working and can communicate with the back office.
apparently, the switch I was plugged into was a "Jumper" switch that did nothing but feed to the "new office" So i was not on the network.
So they have two physical lans on site? rather than using a vLAN for this?
Correct. My boss is pushing PCI Compliance, I don't know enough about it to have an argument against him on this. but according to a PCI Compliance checklist we received last year ( before i was here) It has to be a completely isolated network- Can not be a vLAN, Like I said i don't know enough to have a say, This is the way we were told to do this ( I believe by someone from one our Vendors who deals with PCI daily.)
I'd have to question how much said people actually know about PCI compliance. That's not the way the basic technology works, it's all going over the same internet connection, unless they also make you have a direct physical line to the processor.
-
@travisdh1 said in Site Moved a PC=A MESS:
@wrcombs said in Site Moved a PC=A MESS:
@dustinb3403 said in Site Moved a PC=A MESS:
@wrcombs said in Site Moved a PC=A MESS:
So Update on this : they brought out the original networking and communications team: they re hooked the PC back into the correct switch and are in the process of installing 4 x 8port netgear switches on a dedicated network for the PoS. The PoS are all working and can communicate with the back office.
apparently, the switch I was plugged into was a "Jumper" switch that did nothing but feed to the "new office" So i was not on the network.
So they have two physical lans on site? rather than using a vLAN for this?
Correct. My boss is pushing PCI Compliance, I don't know enough about it to have an argument against him on this. but according to a PCI Compliance checklist we received last year ( before i was here) It has to be a completely isolated network- Can not be a vLAN, Like I said i don't know enough to have a say, This is the way we were told to do this ( I believe by someone from one our Vendors who deals with PCI daily.)
I'd have to question how much said people actually know about PCI compliance. That's not the way the basic technology works, it's all going over the same internet connection, unless they also make you have a direct physical line to the processor.
Well : you are correct, However, This meets PCI Compliance Standards ( from what I understand, or else we wouldnt be doing it this way . . . i dont know enough, Nor have i looked into it enough . . .)
-
@wrcombs said in Site Moved a PC=A MESS:
( i dont know enough, Nor have i looked into it enough . . .)Said every PCI compliance author ever. . .
-
@dustinb3403 said in Site Moved a PC=A MESS:
@wrcombs said in Site Moved a PC=A MESS:
( i dont know enough, Nor have i looked into it enough . . .)Said every PCI compliance author ever. . .
HAHAHAHAHAHAHAHA
-
@wrcombs said in Site Moved a PC=A MESS:
@dustinb3403 said in Site Moved a PC=A MESS:
@wrcombs said in Site Moved a PC=A MESS:
So Update on this : they brought out the original networking and communications team: they re hooked the PC back into the correct switch and are in the process of installing 4 x 8port netgear switches on a dedicated network for the PoS. The PoS are all working and can communicate with the back office.
apparently, the switch I was plugged into was a "Jumper" switch that did nothing but feed to the "new office" So i was not on the network.
So they have two physical lans on site? rather than using a vLAN for this?
Correct. My boss is pushing PCI Compliance, I don't know enough about it to have an argument against him on this. but according to a PCI Compliance checklist we received last year ( before i was here) It has to be a completely isolated network- Can not be a vLAN, Like I said i don't know enough to have a say, This is the way we were told to do this ( I believe by someone from one our Vendors who deals with PCI daily.)
Anyone can make a check list. That doesn't sound like PCI, since no PCI network is done that way.
-
@wrcombs said in Site Moved a PC=A MESS:
My boss is pushing PCI Compliance, I don't know enough about it to have an argument against him on this. but according to a PCI Compliance checklist we received last year ( before i was here) It has to be a completely isolated network- Can not be a vLAN, Like I said i don't know enough to have a say,
You can't really believe he's that dumb. He's just saying that. Most people are liars and willing to lie at the drop of a hat to keep from explaining their bad logic or nefarious reasons. It's not really plausible that he's as dumb as you are making him out to be, but easily he's that dishonest.
A fully isolated network means you can't be connected to the Internet, a router or firewall of any sort, etc. There's no way to use credit cards are a physically isolated network, because the credit card processors (Visa, Mastercard, etc.) don't offer a direct connection to them, only ones over shared networks whether phone (no security), fax (no security), or Internet (good security.) The VLAN security is identical to the security of a router or firewall. So the reason for ruling out the one, rules out the other. They are one at the same at the security level - virtual "software" level isolation, not hardware isolation. That's how the entire Internet works.
So pretty black and white, your boss said you can't use credit card processing on your PCI network.
-
@scottalanmiller said in Site Moved a PC=A MESS:
@wrcombs said in Site Moved a PC=A MESS:
My boss is pushing PCI Compliance, I don't know enough about it to have an argument against him on this. but according to a PCI Compliance checklist we received last year ( before i was here) It has to be a completely isolated network- Can not be a vLAN, Like I said i don't know enough to have a say,
You can't really believe he's that dumb. He's just saying that. Most people are liars and willing to lie at the drop of a hat to keep from explaining their bad logic or nefarious reasons. It's not really plausible that he's as dumb as you are making him out to be, but easily he's that dishonest.
A fully isolated network means you can't be connected to the Internet, a router or firewall of any sort, etc. There's no way to use credit cards are a physically isolated network, because the credit card processors (Visa, Mastercard, etc.) don't offer a direct connection to them, only ones over shared networks whether phone (no security), fax (no security), or Internet (good security.) The VLAN security is identical to the security of a router or firewall. So the reason for ruling out the one, rules out the other. They are one at the same at the security level - virtual "software" level isolation, not hardware isolation. That's how the entire Internet works.
So pretty black and white, your boss said you can't use credit card processing on your PCI network.
The network can not be Isolated, I agree there would be no way to isolate the credit card processing because you have to use internet to run cards through the system, However, This is how our vendor, Tells us this has to be done. This is, from my understanding, PCI Compliant: PoS arent accessing the internet directly, Card is swiped it goes back to the office software and is sent out to the processor via SSL connection ( Or most recently TLS) , then the response is sent back , held and pushed to the terminal that swiped the card, and payment is added.
The checklist came directly from a PCI testing company, and we pass all PCI compliance scans conducted on our sites, For the few exceptions of the ones using Cameras off of the firewall, which open ports and answers during the test. As far as VLAN's are concerned, I haven't looked into enough on the PCI side of things, but from the Book I had to read before I could start working on sites Credit Cards, It has to be isolated and behind a firewall- The back office is behind a firewall, with 2 NIC's to "Isolate" the PoS network. PoS can not have access to the Internet directly, but through the Back office which send information.
Could VLAN's work here? I'm almost positive they could, Especially because they have the same security as Routers and Firewalls. Would be worth looking into? For me? Probably not, Because this is standard Practice for the company, and other PoS companies use the same checklists and Diagrams, and typologies (I think that's the word I want).
-
@wrcombs said in Site Moved a PC=A MESS:
@scottalanmiller said in Site Moved a PC=A MESS:
@wrcombs said in Site Moved a PC=A MESS:
My boss is pushing PCI Compliance, I don't know enough about it to have an argument against him on this. but according to a PCI Compliance checklist we received last year ( before i was here) It has to be a completely isolated network- Can not be a vLAN, Like I said i don't know enough to have a say,
You can't really believe he's that dumb. He's just saying that. Most people are liars and willing to lie at the drop of a hat to keep from explaining their bad logic or nefarious reasons. It's not really plausible that he's as dumb as you are making him out to be, but easily he's that dishonest.
A fully isolated network means you can't be connected to the Internet, a router or firewall of any sort, etc. There's no way to use credit cards are a physically isolated network, because the credit card processors (Visa, Mastercard, etc.) don't offer a direct connection to them, only ones over shared networks whether phone (no security), fax (no security), or Internet (good security.) The VLAN security is identical to the security of a router or firewall. So the reason for ruling out the one, rules out the other. They are one at the same at the security level - virtual "software" level isolation, not hardware isolation. That's how the entire Internet works.
So pretty black and white, your boss said you can't use credit card processing on your PCI network.
The network can not be Isolated, I agree there would be no way to isolate the credit card processing because you have to use internet to run cards through the system, However, This is how our vendor, Tells us this has to be done.
Right, and I'm just repeating back what the vendor told you. The vendor told you that you can't use them, because there is no way to comply.