Re: About that non-flammable bit...
Especially on an aeroplane (pilotless to add to injury) up high in the skies...
1896 posts • joined 6 Jan 2010
If said HP printerer is only used for printering then I don't put a gateway IP in. But if it need to send out email (scan to email) then rather have it SMTP to a small, internal mail server so as to keep it totally away from the perimeter firewall.
Newer models have the ability of accepting emails as print jobs, which means a port have to be opened for it to listen to something. This feature gives me the heebie-jeebies and I have disabled it. Great idea, but risky. No thanks.
First thing that I do is to block all ports, and then only open outgoing for needed ports (eg www, vpn, email etc). Inbound is blocked unless there is a specific reason for having a portforward rule (eg web server, vpn server etc). And uPNP is disabled, I set the rules, not some doohicky redneck yahoo! IoT thing.
So firewalling at the perimeter still is a big must, especially if you have the responsibility of a corporate network. Trying to enforce individual firewalling will not work, as it will be too much admin.
More often than not when I need to concentrate on something, some $person walks up to me and start whining.
Which causes me to lose concentration, and then I have to go and help/assist said $person.
When I return, I then need extra time to gather my thoughts again, find out just where I was before $coitus_interruptus and proceed from there.
Making a mistake during this process is easy.
So. The argument that home workers are easily distracted is utter bulldust.
Ai ja. Some people clearly don't understand cloud computing and think it is secure enough, and bung all their Most Sensitive Data (eg dick pics or titty pics) on any cloud storage - and think it is secure enough.
Cloud storage means you put your Most Sensitive Data on a public server somewhere in the world, and you MUST take precautions to secure said data. It is not like a privately-owned server sitting in a known, secure location in your company's building, and to which access (physical as well as networked) is controlled.
Expect more bloopers and more sensitive data leaks to occur.
I was introduced to this specific adventure in the book "Spectrum Adventures - a guide to playing and writing adventures" by Tony Bridge and Roy Carnell (yep, that Roy Carnell) with the "Eye of the Star Warrior" as a type-in listing.
Spent a couple of days typing the listing in... but it was fun.
I'm still addicted to playing adventure games, pity the programmers' a sadistic lot :p
Maybe I should introduce my wife to Zork? :)
"...and don't even get me started on RS232 communications and hardware handshaking."
Heh, been there, done that. It was the time when you still got cards with jumpers on and newer NE2000's with software configuration utilities was being released.
I preferred the jumper style of changing addresses though, makes it much easier to determine what IRQ and whatnots a card is using when the PC is switched off.
Couple of years ago management decided that I should host email for four sites. As well as the transmittal of financial files to their respective destinations.
I then insisted that the company procure a proper genset.
Which was done.
Today can congratulate myself on my foresight and insistence as we had a couple of times with total power loss from Eskom, which would have turned out more expensive for the company had we not purchased the generator.
And a good backup structure which was tweaked over the years. One incident of cryptolocker tested the resilience of the backup system, and no data was lost (except the affected user's personal data files, boohoo).
Even today I am looking at protecting online backups from nasty stuff like wcry and the such. Not fun, but hey, a sysadmin's gotta do what a sysadmin need to do.
Next project will be cloud backup, to backup critical and core company documents without which the company will have a very hard time. Cloudy backup will be evaluated thoroughly, and will also be tested. I will not move everything to the cloud, as it is a single point of failure.
I may be old-fashioned, but I prefer physical servers onsite instead of cloudy servers, as you cannot poke them should they barf and decide to be sluggish.
This BA IT incident is just one more reason to be very, very careful when outsourcing your IT departmwnt, you never know what sort of people you will get.
With your own IT department in-house you have full control over them, and you can meet each team member on a one to one meeting. Outsourcer? Forget about meeting their team members. And, yup, you don't have full co trol over the outsourced IT team members.
And the most important rule of outsourcing is that the company offering outsourcing services will most probably also service more than two or three other companies, and they will not always be giving you 100% of their time.
Some CNC machines still run with their antiquated OS (DOS, Windows 95/98 and WindowsXP) on a dedicated PC, along with the drivers for that specific CNC machine.
Not so easy to upgrade those CNC machines to the latest and newer Windows as the CNC drivers cannot be copied over or will not run on the newly-installed system.
In this case it will make more sense to have the CNC suppliers dump the source code for their drivers into an escrow pool, so that in future the drivers can be recompiled for a newer operating system.
A long, long while ago somebody wrote an article on an OS with default-deny as policy, where you (as admin) have to approve each and every bit of software that wanted to run/install itself on your purdy compootah.
Maybe it is time to rethink default-deny as a policy that can be enabled once all the programs etc has been installed by a sysadmin, and before the PC/laptop/whatever is handed over to the end-user.
Much less stress, no more antivirus, no more worries about worms trying to sneak in and so on.
Biting the hand that feeds IT © 1998–2019