Press J to jump to the feed. Press question mark to learn the rest of the keyboard shortcuts
View
Sort
Coming soon

The level of speculation and hype is still several orders of magnitude smaller than Apple fanboys.

You're not going to be annoyed by a die-hard Nikon/Canon/Sony fan or salesperson in a camera store.

see more

Oh I am , its why I won't touch canon with an electrofied bargepole.. unless I can get revenge and make the pro canon fanboy at work scream in agony... For a few years.

Maybe a decade

Or two

The excessive hype just looks dumb.

see more

Works for Apple, probably what Nikon marketing team are assuming for

Cheesy IT joke I heard from a technical consultant who feels the same way, even about his own salespeople:

What’s the difference between a used car salesperson and a software salesperson? The used car salesperson knows they’re lying to you.

see more

And knows what a car is and how it's used.

Same thing happened with us, now the technology department.

I don't think it's hurt us but I've still get people asking me for help desk support dammit...

2

We look after approx. 5000 tills across 900+ sites (connected predominantly via ADSL and growing number of FttC sites to a private MPLS WAN with 100Mb/s tail into our network) and are looking for a solution that will allow us to remove local AV endpoint but remain within our corporate policy, this has been decided to mean that we can maintain and deploy an application whitelist across the estate we can remove the AV endpoint allowing us to cut costs and cut the resources used by the endpoint (distribution of definitions which is a significant network hit, CPU and I/O). Obvious solution would be applocker controlled via GPO however we cannot put these tills onto the AD so GPO isn't an option.

Tills are mostly Windows 7 (dont believe applocker is viable) but windows 10 project starts soon.

I've looked at SEP 14 hardening (which would not really help with the goal of reducing load on the tills) but costs were way to high and promisec seems to rely on a central server pushing updates and scans via network scans rather than local on device endpoint.

Are there any solutions I've missed?

Thanks in advance and Regards

2
11 comments

We used BeyondTrust before and also ViewFinity, now CyberArk.

see more
Original Poster1 point · 1 month ago

Thanks had a quick look at view finity s website and looks interesting

majority of stores are or will be on a private MPLS WAN, they get internet access via our datacenter so will be travelling through two choke points

if that is the case and you are going to remove AV, do you at least have a ridiculously hardened firewall/security product/traffic inspection for this? you need corporate email protection too, because anything that can get in the network and poke around ... will. antyhing not a POS system needs to be seriously locked down, or you get to be famous with target, home depot, and the city of atlanta, ga. that costs a ton of money, way more than whatever it will cost to have excellent infrastructure security

see more
Original Poster1 point · 1 month ago

I'm sure my opinion is very close to yours ;)

Load more comments

Corporate but relaxed dress code , games room, free tea and coffee (don't get excited this is the uk it's not great) and biscuits (which naturally disappear into meeting rooms so most staff never seem to get the chance to savour them....) and monthly beer/wine trolley pushed around the floors (sometimes Donuts as well) flexible (you're responsible adult) hours but the expectation that needs call you'll be there and that you'll be checking emails regularly.

No on site parking (even c level have to book a space out of the limited available spaces) but 5 min from train station and a miles walking for me.

I'd say though that we (IT) are badly understaffed and no structured shift work for cover over the weekend and time off sometimes feels impossible due to staffing and work issues (was owed 3 days, tried taking off Fridays twice, now owed 5 days on account of having to do double amount of hours normal on both days booked off, due to issues turning up, just bad luck but...).

Usual politics I'd guess. And sometimes it feels like we're a large company with small company attitude ( what we've grown up? Really feels like we were only so big.. etc)

4

So my boss has tasked me with getting certified for CCNA, i took the course back in 2011 however never took the exam (family issues, horrible year). Since then I've been the network engineer for my company having migrated our old office from a mixed equipment network (nortel/3com) over to cisco 2960s and 4500 core, implemented standard templates for pix 501s, asa 5505s, 881 routers and implemented an ASA 5545 firewall pair (active/standby failover) to handle internet access and VPNs to 450 sites across the nation plus supporting them. When we moved office in 2014 I was tech lead for design and implementation of the core and server networks (3650 for campus, 4506-E for core and more recently nexus 3172s for the server network), a since departed colleague handled the campus network whilst we (largely myself) implemented Cisco ISE for wired and wireless role based network access.

My colleague on the hand left uni a year ago (degree in computer security) and has been working on our helpdesk (application and OS support mostly) and is moving onto our infrastructure team (team being myself and a line manager) as a security engineer. So has more recent experience in studying and has a good theoretical general knowledge but I have a lot more hands on experience.

Goals? Mine are to strengthen and reinforce my practical experience to move into a more architect orientated role, possibly international whilst his is to go into network security. its been hinted that if I get my CCNA then the company will fund my CCNP.

Is there any particular study guide that you would suggest and is bosons the only exam simulator worth looking at or are there others (preferably cheaper ones)? Note whilst the company may pay for the exams themselves (my line manager has said he'd try and get funding for the exams) we will be paying for any other expenses, personally I'm not that bothered as long as its affordable as it is an investment.

Thanks in advance!

4
4 comments
1 point · 2 months ago

That's some impressive experience! With that background I'm sure you're not going to need too much. I recommend printing out the exam topics list and going one by one over each topic. If you're already familiar with it do a quick review, if it's not familiar read up on it. I used Odom's book, Exam Cram & CBT Nuggets with Jeremy Cioara. You have had a lot of great experience and you're going to fly through this thing in no time!

see more
Original Poster1 point · 2 months ago

It looks good on paper but reality a lot of it was youtube / google scrabbling for the answers. Little in-depth background knowledge on what i've had to implement (i.e. i'm weak on STP for example, and OSPF). Thanks for the encouragement !:)

The Sticky answers all this, but in short: Packet Tracer is free through Cisco NetAcademy (you have to register and sit through a short video on how to use it).

Odom's books are considered to be a good resource, as are Lammle's, although I've seen comments advising that Lammle's book was put out before the full development of the v3 roadmap.

see more
Original Poster1 point · 2 months ago

Studying for CCENT and need a good network simulator on a Mac

Are there requirements for CCNA security and is the background study close to router and switching?

nbs-of-74 commented on
r/networkingPosted byu/[deleted]
118 points · 2 months ago

Support is why we don't buy HP products.

see more

Whilst I would be surprised if cisco insisted on firmware update to resolve an obvious hardware issue, updating firmware is also their preferred first answer to most calls I've logged.

I think that's because either a) it's an easy way to get you off their back for a while, and/or b) they suspect that the fix for your problem is a reboot and telling you to "update the firmware" sounds better than "have you tried turning it off and on again?"

see more

Except upgrading to their recommended wlc firmware broke my network!!

Have to say that their wlc tac isn't as good as their switching or ISE tac teams

Lasagna is a reward. Mondays are punishment.

see more

This depends on your ability to safely catch low flying hi speed trays of lasagne

For the right tray of lasagna, I'll gear up.

see more

It's a Monday... It won't be the right kind of lasagne

Load more comments

Hi, what about when you have ISE failures, how do you recover from that?

see more

We have two ISE appliances if they both fail (which hasn't happened) I have scripts that remove NAC from our access switches

1 point · 3 months ago

Is this script execution a manual process you initiate after confirming both ISE nodes are "toast" out of curiosity?

see more

Manual using the don't panic protocol

Load more comments

nbs-of-74 commented on
r/sysadminPosted by

Having to eventuate.... Sounds serious

3

Is anyone aware of a patch management solution aimed at the qsr market where the shops are reliant on realatively slow broadband connections either to a central network or the internet ?

Ideally looking for a low maintenance solution that can push down patches (Microsoft and third party) but minimise bandwidth used, key here is 7000 devices over 1000 sites without killing wan links. P2P delivery of content seems to fit if there is such a product.

Challenges are currently local disk space is not always available.

Regards

3
comment

Which why? The song, or why the hell he's using ISE in the first place?

Stupid, POS 802.1x 'solution' that deletes your entire fucking config because you dared to use a Chrome browser.

see more

?

Can you restrict which PCs are accessible to certain users via user groups?

see more

Yup, create two group policies per team one will be the permissions they have the other will be the access policy that defines who they have access to ( so you can create template standard action permissions and use across multiple teams,) then set up boost to query the ad server and choose the ad security group

Is simple. We've been using bomgar since 2011 and the only major issues we have is that the install files only work for up to a year before having to be recreated ( even if you buy a the year certificate) That and the install agent creates a random directory name under programdata and when you do a software inventory across the estate pretty much every client will have their own version of the client . Install path can be fixed to a single directory but the latter behaviour can't be changed.

Most times support has been very responsive and effective.

We run it across an estate of 7000 devices over approx a thousand stores in the UK

Wish I could give as good a recommendation for quest KACE!!

.EU can be used by European economic area members so is open to Iceland Norway and Switzerland but since UK membership is through the EU ...

So no TLD for Europe as a whole then?

297 points · 4 months ago

Oh, this ought to be fun. 90% of the captive portals running off a Cisco WLC are using the default of 1.1.1.1.

see more

Cisco NAC agent also probes 1.1.1.1 , maybe for the same reason

We've recently moved 35 servers from an IBM centre / IBM ds3x00 SAN / 4 host hs22 VMware 5.5 cluster over 8 g FC to SAN environment to a 4 host cluster and have had no issues but we don't have any heavy hitting servers yet ( moving solarwinds npm/Sam/nta over to the solution soon). So far no issues other than lack of p2v included in the solution. Xtract for vm worked smoothly to move over the esxi guests to AHV.

Allowed us to reduce from 35 U storage and 9 U computer to 4U including networking ( dual cisco nexus 3172) so boss is happy. Performance wise seems faster and management is simple and not a chore ( including upgrading AHV and prism)

We use HyCU for backup with an old quantum dxi6701 as the target with goal to replace with a qnap rack mount Nas and third copy / take out in aws

We're trying to get agreement to replace our datacentre with similar but also use nutanix and ABS to provide storage for a 15TB ms SQL server, not sure about nutanix performance in that role nor is my boss. Happy with the idea of iSCSI replacing FC but nervous about the Io performance of the nutanix storage heavy nodes being proposed. Just something new and interested in our environment so far and DB server has lot of visibility if things go wrong or performance isn't good enough ( currently it runs on two ibm hx5 servers and IBM v7000 san, plan is to run it on two hp dl360g10s with dedicated dual 10gb ports to storage vlan on the nexus switches and nutanix storage heavy nodes)

Original Poster2 points · 4 months ago

He had a habit of letting people know that they are stupid for plugging in both ports of a phone to the wall

see more

Stupid people hate the truth

u/nbs-of-74
Karma
37
Cake day
March 14, 2018
Cookies help us deliver our Services. By using our Services or clicking I agree, you agree to our use of cookies. Learn More.