how-to block ads
|
mculbert
Macbot3000
join:2001-04-11
Clive, IA | Zombies Maybe it's more like the IT managers don't want their employee's virus ridden zombie email blasters on the corporate network.
I sure as hell don't. | |
|  
JTRockville
Data Ho
Premium,MVM
join:2002-01-28
Rockville, MD
clubs: | Re: Zombies That happens with traditional commuters too. You don't have to be a telecommuter to bring your laptop home, get an infection, and bring it to the office the next day. | |
| | wtansill
Ncc1701
join:2000-10-10
Falls Church, VA
| Re: Zombies said by JTRockville  :
That happens with traditional commuters too. You don't have to be a telecommuter to bring your laptop home, get an infection, and bring it to the office the next day.
My company has a policy of not allowing any home PCs to connect to the corporate network via VPN. If you have a corporate laptop loaded with AV programs, and a few other items, then and only then are you allowed to access the VPN, and then only from the laptop's enclosed dial-up software. I could not, per policy, plug the laptop into my network's router and use my DSL line...
--
That which does not kill me merely prolongs the agony. | |
| | | 
GlobalMind
Domino Dude, POWER Systems Guy
Premium
join:2001-10-29
Hollywood, FL
| Re: Zombies Our policy requires you install company provided AV, firewall before you can even launch the VPN software client installer.
From there, you can access with your home PC or laptop if you like...as I do since I don't have a company provided laptop.
K.
--
TheGlobalMind.com
"On a clear disk you can seek forever" | |
| 
JakCrow
join:2001-12-06
Palo Alto, CA | You might want to check your corporate network for zombies and email blasters. You're not the only one surfing the net from work. | |
| vic102482
Premium
join:2002-04-30
Upper Marlboro, MD
| said by mculbert :
Maybe it's more like the IT managers don't want their employee's virus ridden zombie email blasters on the corporate network.
I sure as hell don't.
There is software out there that scans if the machine has the latest patches and virus definitions before connecting to the VPN and it can be made maditory. Symantech and other providers make it.
--
I tie a rope around my penis and jump from a tree, don't you wanna grow up to be just like me!!!! | |
| 
mrchris
We don't miss you Bush
Premium
join:2002-10-01
North Babylon, NY | Blame the IT managers for not securing each computer properly | |
| | | BosstonesOwn
join:2002-12-15
Everett, MA
clubs:
 ·Comcast
| Re: Zombies That is like the kid plugging holes in the dyke with his fingers. Sooner or later it will blow up in your face. Linux is not the end all solution. And forcing people to use something they are not familiar with is even more of a problem waiting to happen.
But hey it's your choice as a manager. Just curious but did those laptops come with windows licenses ?
--
"It's always funny until someone gets hurt......and then it's absolutely friggin' hysterical!" | |
| | | 
TamaraB
Question The Current Paradigm
Premium
join:2000-11-08
Brooklyn NYC
 ·Verizon Online DSL
| Re: Zombies said by BosstonesOwn :
Linux is not the end all solution. And forcing people to use something they are not familiar with is even more of a problem waiting to happen.
I disagree! If an employee can't break-out of what they are familiar with, and learn something new, I don't want them as employees! I don't hire people who know everything, I hire people who can learn. The ability to learn is the definition of intelligence; and I do not hire people of low intelligence.
I may be an old-fart, but I have learned a thing or two in the past 50 years!
Bob
--
Motor Vessel - Tamara B.
43' Long-Range Trawler
Cape Elizebeth ME.
See her Here. | |
| | | | 
Nightfall
My Goal Is To Deny Yours
Premium,MVM
join:2001-08-03
Grand Rapids, MI
 ·Site5.com
·AT&T Midwest
·Comcast
| Re: Zombies said by TamaraB :
said by BosstonesOwn :
Linux is not the end all solution. And forcing people to use something they are not familiar with is even more of a problem waiting to happen.
I disagree! If an employee can't break-out of what they are familiar with, and learn something new, I don't want them as employees! I don't hire people who know everything, I hire people who can learn. The ability to learn is the definition of intelligence; and I do not hire people of low intelligence.
I may be an old-fart, but I have learned a thing or two in the past 50 years!
Bob
I think the thing that should be stressed is that Linux is not an end all solution. Also, since I don't do the hiring for the other departments, everyone who comes in knows Windows. IT is like customer service. To throw them Linux and say, "Learn Something" doesn't get you many brownie points. Maybe you can do that, but I can't. Which is why we have a few Linux systems and mostly Windows systems.
Call me an old fart, but I prefer to make people's lives easier by supplying them with the tools that will help them perform to the best of their abilities. Not supplying them with software where they will spend months behind the eight ball trying to learn it or where my IT folks will spend time trying to teach them.
Just my .02 cents. 
--
My Domain
Nightfall's Hockey and Life Journal | |
| | | | |
TamaraB
Question The Current Paradigm
Premium
join:2000-11-08
Brooklyn NYC
·Verizon Online DSL
| Re: Zombies said by Nightfall :
Call me an old fart, but I prefer to make people's lives easier by supplying them with the tools that will help them perform to the best of their abilities. Not supplying them with software where they will spend months behind the eight ball trying to learn it or where my IT folks will spend time trying to teach them.
Just my .02 cents.
Agree.... Guess I just run with a different crowd. My office is 2 blocks from NYU, and I find hiring 3rd year CS students (major in programming) Ideal for my needs. We run just over 200 Internet domains, with about 10,000 users exclusively on Solaris, BSD, and Linux servers co-located around the country; all this with my partner and I, 2 field techs, one secretary/bookkeeper and half dozen NYU CS students working from their dorms; everyone except the secretary are telecommuting.
Just about every 3rd year NYU CS student can jump right in and do a task on our network with relative low risk and quite impressive results. They all know UNIX, and can get around a command-line driven OS easily; which is needed since none of our servers runs any form of GUI.
So, in my case, I am providing them with the tools they are already familiar with... VI, FTP, SSH, (the only "software" needed to administer a nix system) and a knowledge of C/Unix.
To believe that every computer nerd is windows-centric is a mistake (a very expensive mistake). The best are actually C-Code Hackers and very Nix-Centric (like my NYU students); but like I said, we obviously run in very different circles This has worked for me for decades, since our days on the arpanet, and still works well.
The money I have avoided paying Gates over the years has bought my lovely yacht/home
Bob
--
Motor Vessel - Tamara B.
43' Long-Range Trawler
Cape Elizebeth ME.
See her Here. | |
| | | | | | | | | | | | | | | | | |
TamaraB
Question The Current Paradigm
Premium
join:2000-11-08
Brooklyn NYC
·Verizon Online DSL
| Re: Zombies said by BosstonesOwn :
No you misread.
I know how old unix is. However Linux is circa 1992-1993 so newer then windows.
You are quibbling about variations on an old theme. Linux is nothing more than a replacement for SCO Xenix (an X-86 version of AT&T UNIX) the difference is akin to the differences between PC-DOS, MS-DOS, and DR-DOS. If you can deal with one, you can deal with the rest. Linux (and X86 Free/Net-BSD) is nothing more than an X86 version of UNIX, which pre-dates DOS and Windows by years. They all work the same way, and differ very slightly.
Bob
--
Motor Vessel - Tamara B.
43' Long-Range Trawler
Cape Elizebeth ME.
See her Here. | |
| | | | | | BosstonesOwn
join:2002-12-15
Everett, MA
clubs:
·Comcast
| But technically since the Linux authors claim it was a whole new rewrite of what THEY thought the environment should be it is a new technology same as windows was.
Different peoples looks on an OS. Very slight differences indeed but They are not the same technology since Linux was recoded. Again a difference of opinion by the authors of the software themselves. Same as the dos example.
--
"It's always funny until someone gets hurt......and then it's absolutely friggin' hysterical!" | |
| | |
TamaraB
Question The Current Paradigm
Premium
join:2000-11-08
Brooklyn NYC
·Verizon Online DSL
| said by BosstonesOwn :
Linux is not the end all solution.
I absolutely agree, it's not for everyone, not for most probably! It's just my solution, one I am comfortable with; probably not the solution MOST IT managers will implement. But I am an Old-Time-Fart!
said by BosstonesOwn :
and forcing people to use something they are not familiar with is even more of a problem waiting to happen.
I NEVER do that, I hire people who are comfortable with UNIX and with command-line administration and text-programming. This necessarily excludes those who have learned their IT skills on Windows systems, and can't manage without a GUI.
said by BosstonesOwn :
But hey it's your choice as a manager.
Certainly is! God Bless America!
said by BosstonesOwn :
Just curious but did those laptops come with windows licenses ?
The software originally on them was one of the MS/OS's and came with a Microsoft License, I have had varying results (mostly negative) with hardware vendors with respect to getting refunds for taking the MS software off the laptops; I have been told by a few vendors that they risk their lucrative contract with Microsoft if they do so ( I smell MAFIA here).
The Hardware is not MS, so there is no actual licence problem. But I have had big trouble getting reimbursed for NOT using the crap they installed, (the term crap is my very own assessment, and should not be construed as defamation) even after f-disking the drives and returning the CDs unopened! (again MAFIA Tactics)
I find this one of the biggest reasons NOT to use MS products. There is an implied Mafia-Style contract associated with these thieves, and it spills over to the hardware vendors as well (I realize they are under tremendous Mafia-Style pressure from MS).
Dell, turns out to be the best in this respect, you can actually purchase a server from them without a MS OS on it, (and without the MS extortion fees); but most vendors will not even support or honor their hardware warrantee if it is not running the original MS pre-installed stuff! I find this akin to criminal behavior, and illegal (I am not a lawyer), but it IS a problem!
We do have a few SUN Laptops, with solaris installed, for the folks who do most of their work on our solaris systems. There is NO "Licence" issues there, as Solaris is free as long as you own a sun server/laptop.
My only license issues to-date have been getting my money back from hardware vendors who pre-install windows OS's... It's like dealing with a whore, once you give her the money, you will NEVER get it back. Nice rep MicroShit has (Yes I am BIASED, but thats my right as a free American no?) ehh??
Bob
--
Motor Vessel - Tamara B.
43' Long-Range Trawler
Cape Elizebeth ME.
See her Here. | |
| | | | | | | | |
TamaraB
Question The Current Paradigm
Premium
join:2000-11-08
Brooklyn NYC
·Verizon Online DSL
| Re: Zombies said by Nightfall :
In a perfect world, everyone would know both operating systems. If you are hiring right out of college, then you have more flexibility than 99% of us do and can demand Linux knowledge.
I don't think knowing any particular operating system has very much to do with it at all. What I look for in a potential hire is someone who understands how things work "under the hood".... In other words someone who understands how the internet works at it's most fundamental levels, totally apart from OS constraints...
How does mail get from point a to point b, How is a web-page "pulled up" by a browser, how does SSH and SSL auth provide a secure tunnel? How can we tell if "user@example.com" is a real address or a spoofed one? How does DNS resolve a name to IP and an IP to name? Anyone who demonstrates a real knowledge and understanding of how these processes function is a potential employee.
What I have found is that most windows-centric IT folks, lack this fundamental knowledge; and instead know how to manipulate a particular OS-Specific program or tool to achieve a certain goal; but do not understand what is happening "under the hood". I have interviewed people with a long list of Certs. MCSE etc, who have no Idea (or a cursory idea) of how things actually work in reality, but could sit down in front of a Win2K IIS/Exchange server and make it do practically anything. I find this totally un-acceptable.
Most of my problems stem from fundamental flaws or omissions in the underlying architecture, and without an understanding of these architectures, a tech or administrator is totally lost in trying to remedy the problem. It has gotten so bad lately that I now discount any job applicant who uses an MCSE cert as evidence of competency! If that is the prevalent part of a resume, it goes into the trash! If on the other-hand, an applicant demonstrates a knowledge of how reality functions, he/she is promptly considered, no matter what OS he/she uses to ferret out the trouble.
I fear Gates has done the IT industry, and the internet community in general, a great dis-service! Practically ruined it actually! The "click-here" mentality is the root cause of most of the garbage we see today. That mentality tends to foster a profound ignorance of how things actually work and replaces reality with some "graphical pseudo-picture" of reality, which 9 times out of 10 is totally irrelevant!
Take all of this with a grain of salt! I AM very biased when it comes to MS. I believe they have been the bane of the internet, and have ruined what could have been an enabling and instructive public medium.
Bob
--
Motor Vessel - Tamara B.
43' Long-Range Trawler
Cape Elizebeth ME.
See her Here. | |
| | | | | |
Nightfall
My Goal Is To Deny Yours
Premium,MVM
join:2001-08-03
Grand Rapids, MI
·Site5.com
·AT&T Midwest
·Comcast
| Re: Zombies I won't quote your entire post TamaraB, but I have to agree with some points. First off, you would think that most IT people graduating today would know the answers to the questions you pose. I know, if I couldn't explain routing or how to configure it on a Cisco, that I wouldn't get the job. The easy part is setting up email accounts, which I would expect someone at home to know what to do. The hard part is, as you say, how to know if an address is real or spoofed.
What I have found in my travels are IT people who self educate themselves and know very little. Windows people aside, I find Linux nuts who don't have a clue on the inner workings of a network or how to properly upkeep systems. I have interviewed people with MCSE's, A+, CNA's, and CNE's that have no earthly idea how to administrate a network. That is indeed sad. Which is why I hire those that have not only real world experience, but have the education to back it up. Certifications come in 3rd on the list.
I fail to understand how someone, who knows exchange and IIS, don't know how the web works or how to tell a spoofed address apart from a real address. Maybe I get curious and learn how to do these things. Either that or you are biased, as you say. Which is fine, you aren't hiring for my company.
Gates has done wonders for the computer industry that is for sure. He has had nothing to do with the IT side. The people who think going out and getting certifications for high paying jobs are the people to blame. The people who have no real world experience but think they deserve that 90k a year job because they have a college degree are at fault. Getting a good paying job in IT requires not only constant learning, but a good base of education to start out in. No one wants to start out at the bottom anymore. I don't blame Gates at all for the IT job market it is today. That blame falls squarely on the people who make it look so terrible.
The point and click interface has made computers so much easier. It was the Apple that got that started actually. For the end users, to make learning computers easy was the best thing that could have happened. In my opinion, if we were still using DOS and Linux, Apple would have won out. Just my opinion though.
I agree with some of your points though so don't think I am bashing you. I enjoy spending the time exchanging ideas with another IT professional.
--
My Domain
Nightfall's Hockey and Life Journal | |
| | | | |
TamaraB
Question The Current Paradigm
Premium
join:2000-11-08
Brooklyn NYC
·Verizon Online DSL
| Re: Zombies said by Nightfall :
IT Manager here as well, and it doesn't take a rocket scientist to secure a Windows computer, even remotely.
Unfortunately what you can't configure against is the employee who has a jones for some sort of porn, or warez! All the technical forethought can be easily thwarted by one employee who just has to see that snatch, or download that game now and then. Windows has the biggest exploit window of any OS, mainly because of it's overwhelming popularity.
said by Nightfall :
We have about 20 users who telecommute. Everyone of them is in the office at least once a month. It is easy to set up updates to run on the systems automatically. I am not talking automatic update either. I run these from a custom login script program called Profile Maker by autoprof
Right! And it take all of 20 seconds of vulnerability to get zapped!
said by Nightfall :
The key is that Linux is no safer than Windows. It all comes down to administration.
Oh but it IS! There are 2 orders of magnitude fewer exploits/worms/viruses which can infect a linux box than a windows box. Windows is the pre-eminent OS in the world, and 99.99% of maleware is designed to attack it, meaning the same attention to patches makes you 2 orders of magnitude safer with Linux. I agree, that technically Linux may not be any more secure inherently; but if you look at your port traffic once in a while you will realize that there is a blizzard of systems attempting to exploit any un-patched windows box on your network.
I also do not want to spend all my time "securing" multiple systems, when there is really no need to. The shear number of new windows exploits is mushrooming daily, and it is almost impossible to totally control any users habits.... even a small time-slip can mean an infected machine. It's too expensive, time-consuming, and I would have less time for fishing
Bob
--
Motor Vessel - Tamara B.
43' Long-Range Trawler
Cape Elizebeth ME.
See her Here. | |
| | | |
Nightfall
My Goal Is To Deny Yours
Premium,MVM
join:2001-08-03
Grand Rapids, MI
·Site5.com
·AT&T Midwest
·Comcast
| Re: Zombies quote:
Unfortunately what you can't configure against is the employee who has a jones for some sort of porn, or warez! All the technical forethought can be easily thwarted by one employee who just has to see that snatch, or download that game now and then. Windows has the biggest exploit window of any OS, mainly because of it's overwhelming popularity.
No offense, but you don't know how to secure a windows platform very well. Think you can't secure a windows system from either of those two things? What if I was to tell you that in our office, we have zero porn and warez site usage? Zero spyware as well. It isn't that hard if you know what you are doing and have the right software and equipment.
quote:
Right! And it take all of 20 seconds of vulnerability to get zapped!
If you aren't patched, then that is a problem. However, patching is easy to do. Major service packs are doled out at the local office. Small packs are sent out remotely as well. So far, after 6 years of using this method, zero exploits and problems.
quote:
Oh but it IS! There are 2 orders of magnitude fewer exploits/worms/viruses which can infect a linux box than a windows box. Windows is the pre-eminent OS in the world, and 99.99% of maleware is designed to attack it, meaning the same attention to patches makes you 2 orders of magnitude safer with Linux. I agree, that technically Linux may not be any more secure inherently; but if you look at your port traffic once in a while you will realize that there is a blizzard of systems attempting to exploit any un-patched windows box on your network.
I am not denying your figures on the attacks. I am saying that it doesn't take hardly any time for me to support these windows boxes. The right admin can secure anything, and with the right technology, it becomes easier. What can be easier than patching 100 systems at one time using a custom GUI login script? You install a client firewall on 100 systems and the policy is doled out from one location and changed at any time. Man, there is a lot of capabilities out there that you don't have any idea about.
quote:
I also do not want to spend all my time "securing" multiple systems, when there is really no need to. The shear number of new windows exploits is mushrooming daily, and it is almost impossible to totally control any users habits.... even a small time-slip can mean an infected machine. It's too expensive, time-consuming, and I would have less time for fishing
I am sorry you feel that way. It is probably your misinformation about how to secure a bulk windows systems. As I said, 6 years here as a manager, no spyware, no exploits, no viruses. It isn't that hard with the right technology, an open mind, a just a little time. I spend more time educating my users than fixing windows problems.
I am sure we can both agree that, with the right administrator, anything is possible. I support 150 systems in my company with almost 200 users total. We have 95% windows systems, and as of yet, I am still learning on how to be as efficient with my linux systems as we are with the windows ones when it comes to updates, protection, and so on. Would a Linux admin have better ideas for me? You bet. However, I would also have to say that maybe, a linux admin would keep an open mind to us Windows admins who know what we are doing.
So while you fish and know you are secure, I will play hockey and feel the same way. We will let our track records speak for themselves. Just keep in mind not to discount us knowledgable windows admins and the capability of securing the windows platform. It isn't as hard as you think with the right admin and technology.
--
My Domain
Nightfall's Hockey and Life Journal | |
| | | | | 
Greg_Z
Premium
join:2001-08-08
Springfield, IL | Re: Zombies Nightfall, you could not of stated your facts any better.
No wonder that you have such a wide following.
--
One man's customer loyalty is another man's miguided arrogance. | |
| | | | | | | | | 
PTS
Premium
join:2001-12-13
Charlotte, NC
clubs: | The company I used to work for required company-supplied AV, firewall, and VPN app be used. Permission was given ONLY to those with a legitimate need to access from home. Never had any real problems with it in the two years I was there... | |
| | | |
|
from a tech) I would rather have people with a wide base to start and let them learn from others.
but nonetheless, do you think that they want unsecured computers dealing in that kind of situation? very highly doubt it.