dogbot
Full Member
Posts: 8,738
|
Post by dogbot on Jan 14, 2022 12:20:52 GMT
Ugh, I can only imagine, given how much bigger an organisation you appear to be.
We've just raised it as a risk, which is going to kick up a massive shitstorm.
They're processing personal, sensitive data on this platform. On Windows 2003. Which we are now responsible for.
|
|
Psiloc
Junior Member
Posts: 1,567
|
Post by Psiloc on Jan 14, 2022 12:28:53 GMT
Christ!
I have the opposite problem; supplying the NHS I have to oversee at least one server move every week as one Trust or another realises their server OS is approaching end of life. It's not the actual technical work that's the problem it's explaining every part of the step to about 10 different people and filling in the same slightly different forms each fucking step of the way
|
|
dogbot
Full Member
Posts: 8,738
|
Post by dogbot on Jan 14, 2022 13:47:57 GMT
Christ! I have the opposite problem; supplying the NHS I have to oversee at least one server move every week as one Trust or another realises their server OS is approaching end of life. It's not the actual technical work that's the problem it's explaining every part of the step to about 10 different people and filling in the same slightly different forms each fucking step of the way Well, you have my sympathies regarding the forms. We've been told not to make a fuss. Apparently, this is a pet purchase of one of the exec and so starting trouble would be a bad idea. Cool, I guess they can deal with any DPO fallout when the 8 year unpatched stuff is breached, then. |
|
dogbot
Full Member
Posts: 8,738
|
Post by dogbot on Jan 14, 2022 13:52:48 GMT
Or, to put it another way...  |
|
Psiloc
Junior Member
Posts: 1,567
|
Post by Psiloc on Jan 14, 2022 14:12:53 GMT
Jesus Christ I miss the pre-pandemic days when you could fart without having to discuss it in a Teams meeting with 50 random people
|
|
Psiloc
Junior Member
Posts: 1,567
|
Post by Psiloc on Jan 14, 2022 14:16:39 GMT
"I've got the solution for you here."
"I think it would be best if we could have a Teams call to discuss this further. Let me work out a schedule that works for 50 completely random fucking people."
"I've got the precise steps you need to take right here, this is a very common issue."
"How does April 2024 sound for the Teams call? Although I must say I'm very disappointed with the amount of time this is going to take."
|
|
Psiloc
Junior Member
Posts: 1,567
|
Post by Psiloc on Jan 14, 2022 15:22:16 GMT
I tell you what though if you want a cushy job, become a middle manager at an NHS hospital. These people add absolutely nothing.
|
|
|
|
Post by spacein_vader on Jan 14, 2022 15:37:38 GMT
I tell you what though if you want a cushy job, become a middle manager at an NHS hospital. These people add absolutely nothing. I resemble that remark! Until my recent medical retirement I was the data protection officer for an NHS Hospital. Luckily we'd just finished decommissioning our unsupported 2k3 servers when covid hit. Agree about the Teams stuff though, certain people seem to love that shit. I suppose gassing on in a glorified chatroom beats doing real work. |
|
Psiloc
Junior Member
Posts: 1,567
|
Post by Psiloc on Jan 14, 2022 16:09:59 GMT
Can I ask which hospital? It's OK if the answer's no, I'm just curious
|
|
Bongo Heracles
Junior Member
Technically illegal to ride on public land
Posts: 4,661
|
Post by Bongo Heracles on Jan 14, 2022 16:13:12 GMT
I sat in a meeting with MS account managers for continuing support of 2003 servers in about 2015 and they basically just took the previous years contract and added a zero on it. I genuinely couldnt believe that would be cheaper than just replacing them (which they did later that year. To 2k8 servers. In 2015).
|
|
Deleted
Deleted Member
Posts: 0
|
Post by Deleted on Jan 14, 2022 16:26:27 GMT
I have about 25 active chats ongoing in teams and it gets on my tits.
|
|
|
|
Post by dfunked on Jan 14, 2022 16:29:43 GMT
I begrudgingly did a janky 2003 to 2008 in-place upgrade at my last job back when there was still a decent bit of time before 2008 EOL. "It'll only be temporary while the vendor helps us migrate from Oracle to SQL"
Pretty sure it's still kicking about now... I felt a pang of shame every time I saw the server name, and sent monthly "can I turn this off now pleeeeeeeease?" emails.
Fuck it... Someone else's problem now!
|
|
|
|
Post by Reviewer on Jan 14, 2022 16:30:24 GMT
I’m glad that our security means we can’t use teams or anything similar with video. We’re still phone only as we’ve always been.
|
|
|
|
Post by 😎 on Jan 14, 2022 16:34:46 GMT
When I worked at the NHS in the 2000s there were still some GP surgeries that were running Win 3.11
|
|
Psiloc
Junior Member
Posts: 1,567
|
Post by Psiloc on Jan 14, 2022 17:08:18 GMT
I can tell you that XP was still around for years after support officially expired. The end-user OS situation seems better these days to be fair, lots of places are all on Windows 10. I'm assuming MS have been a lot stricter with end of life
|
|
|
|
Post by 😎 on Jan 14, 2022 17:17:19 GMT
Here they’ve been pretty hardcore about it. It’s basically a situation like nick described. “we can still support you, but it’ll be ten times the cost of your current support”
Considering our support contract is somewhere in the millions, it’s “yeah, no thanks, we’ll upgrade” here.
|
|
|
|
Post by spacein_vader on Jan 14, 2022 18:32:40 GMT
We were all on 10 too, apart from half a dozen XP machines.
Don't panic, all air gapped and isolated. When your £4m+ MRI machine that weighs several tonnes will only talk to a single piece of software that only runs on XP then you don't fuck with it. You do stockpile machines with a serial port too in case the current one breaks.
|
|
Lukus
Junior Member
Posts: 2,723
|
Post by Lukus on Jan 14, 2022 18:33:50 GMT
What do you guys think about upadme.config distribution in modern security server rollouts? I really think they're a ticking time bomb in cyber crime, just waiting to be properly exploited by some clever criminals.
|
|
|
|
Post by 😎 on Jan 14, 2022 18:38:05 GMT
|
|
zephro
Junior Member
Posts: 3,011
|
Post by zephro on Jan 15, 2022 12:22:43 GMT
Ah my new job the laptop comes with Linux installed on it, finally living the dream.
|
|
dogbot
Full Member
Posts: 8,738
|
Post by dogbot on Jan 26, 2022 12:44:50 GMT
It's that time of year when the question of server naming conventions has come up. Again. Every year, without fail. It goes like this: 1. Infrastructure manager proposes a naming convention 2. Some discussion is had, leading to a few changes 3. Convention is adopted, documented and used 4. Gradually, people get lazy/forgetful/think they know better and stop using it exactly as documented 5. Emails are sent asking why servers have been named this way 6. Some discussion is had 7. Infrastructure manager proposes a naming convention 8. Repeat ad nauseam As always, there's an XKCD:  Of course, from a security point of view, I'd happily tell them to remove the function from the server name (tbh, the site and ownership, too) but then they'll all just kvetch and cry about not know what server does what. |
|
|
|
Post by dfunked on Jan 26, 2022 12:52:33 GMT
We tried to bring in server name obfuscation and it got so convoluted that even a regular employee wouldn't know what a server did without a spreadsheet open all the time. It obviously went nowhere.
I can absolutely see the point of doing it, but surely it's not that bloody hard to find some kind of middle ground.
|
|
dogbot
Full Member
Posts: 8,738
|
Post by dogbot on Jan 26, 2022 12:55:30 GMT
We tried to bring in server name obfuscation and it got so convoluted that even a regular employee wouldn't know what a server did without a spreadsheet open all the time. It obviously went nowhere. I can absolutely see the point of doing it, but surely it's not that bloody hard to find some kind of middle ground. I've only ever worked one place that had name obfuscation and it was much the same. It just ended up with friendly CNAMEs for the folks using it every day, which sort of defeats the purpose. Naturally, without fail, one of the admins here has just suggested a 15 character naming convention. |
|
Bongo Heracles
Junior Member
Technically illegal to ride on public land
Posts: 4,661
|
Post by Bongo Heracles on Jan 26, 2022 13:02:14 GMT
We have a build standard and in that is a naming convention that is (not exactly this, for obvious reasons) 11x chars.
1x for data centre location
2x for Production/pre-prod/dev status
6x free text (service name usually)
2x for server number (within the service its providing)
So end up with something like LPRMAILSV04
If you deviate from this, the server gets yanked and everyone who let a non-conformance slip through gets a smacked bottom. We have 15k servers so naming them after star wars characters isnt really an option.
|
|
dogbot
Full Member
Posts: 8,738
|
Post by dogbot on Jan 26, 2022 13:13:51 GMT
We have a build standard and in that is a naming convention that is (not exactly this, for obvious reasons) 11x chars. 1x for data centre location 2x for Production/pre-prod/dev status 6x free text (service name usually) 2x for server number (within the service its providing) So end up with something like LPRMAILSV04 If you deviate from this, the server gets yanked and everyone who let a non-conformance slip through gets a smacked bottom. We have 15k servers so naming them after star wars characters isnt really an option. Ideal. Sensible, with enough information to differentiate. Tbh, the adherence is the biggest issue. We don't do that, hence this conversation coming up. Again and again and again. |
|
Bongo Heracles
Junior Member
Technically illegal to ride on public land
Posts: 4,661
|
Post by Bongo Heracles on Jan 26, 2022 13:22:40 GMT
Consequences, right? Although we get audited like fuck, so we have no choice but to adhere to it and kick arse when its not adhered to.
|
|
Psiloc
Junior Member
Posts: 1,567
|
Post by Psiloc on Jan 26, 2022 13:46:19 GMT
Our company had a LOTR phase before I started. I definitely encountered at least SAURON and SARUMAN
One of our customers servers was called BOOBIES
|
|
dogbot
Full Member
Posts: 8,738
|
Post by dogbot on Jan 26, 2022 14:35:15 GMT
Consequences, right? Although we get audited like fuck, so we have no choice but to adhere to it and kick arse when its not adhered to. We're just drafting a Level 4 document which says that anyone who doesn't adhere to this will be refused things like Firewall access and risk having their servers deleted. So, thanks for that!  |
|
Psiloc
Junior Member
Posts: 1,567
|
Post by Psiloc on Jan 26, 2022 14:59:39 GMT
is the new:
|
|
|
|
Post by elstoof on Jan 26, 2022 19:22:06 GMT
One of our customers servers was called BOOBIES Did you have to turn it upside down to read it |
|
