![[H]ard|Forum](/styles/hardforum/xenforo/logo_dark.png){kind=logo}
IT Horror Story
- Thread starter Raystream
- Start date
- Joined
- Feb 3, 2004
- Messages
- 25,335
Raystream said:
Not to sound insensitive, but I dont give a tiny rats ass about your friends problem.....Should I be ?
it sounds to me like normal government operation....
SJConsultant
2[H]4U
- Joined
- Jan 14, 2004
- Messages
- 3,599
Raystream said:
Heh.
1. I know an IT guy by the last name of "Feaster" who works for a govt agency
2. I also know an IT guy "Feaster" who is also a firefighter
3. A particular county organization was just telling me about email issues they are having
What are the chances of this being a mere coincidence?
If this is in the same County I am, I most certainly can help since I know of alot of other issues. You have a PM.
And this is why we have a change control system with built in checks, as well as minimum security baselines where I work.
And of course there is the fact he is 26 and the others are 40. While I personally wouldnt give a hoot what age my boss is if he is competent, but this sounds like he is not. When you are in a situation like that you need to check the work of the people under you every once in a while. It's going to be a valuable life lesson for him. I hope he gets in big trouble, learns from it and comes out on top.
Now on to the advice. They need to hire a consultant and get straightened around and trained. I doubt any amount of advice transferred through a message board on the Internet will get that mess straightened out. He also needs to immediately own up to the biggest issues and communicate it to the people affected. Change passwords; make sure other information is secure.
And of course there is the fact he is 26 and the others are 40. While I personally wouldnt give a hoot what age my boss is if he is competent, but this sounds like he is not. When you are in a situation like that you need to check the work of the people under you every once in a while. It's going to be a valuable life lesson for him. I hope he gets in big trouble, learns from it and comes out on top.
Now on to the advice. They need to hire a consultant and get straightened around and trained. I doubt any amount of advice transferred through a message board on the Internet will get that mess straightened out. He also needs to immediately own up to the biggest issues and communicate it to the people affected. Change passwords; make sure other information is secure.
My boss was making 3x+ what i was when they hired me to "help out". instead of paying vendors to do his job at $75/hour. I have no degree no anything except personal expierence. He used to use public DNSes on ALL in house boxes so if one ever changed then he'd be busy for days. I suggested we point all the client boxes to point to the server and just DNS through there. Months later. I got laid off. Apparently paying me $25k was hurting them being 1/2 a million in the hole while he is still there... Oh and now they are bringing back the vendors and trying to conn me into coming in to help and screw with my unemployment if i do so!
The story came down the grape vine, so I know the guys name and the crazy antics going on... so no friend of mine. From what I have been told, as for the title of "manager" he has it but the title is as far as it goes. He holds all the passwords for everything and doesn't let anyone touch anything. So he sets everything up himself... which I guess the other guys in IT must be break\fix since he doesn't let them in on anything. I don't wanna keep going on from whats coming down the grape vine so I'm gonna let it go. But this story still scares me. Gives everyone in IT a really bad name.
big daddy fatsacks
2[H]4U
- Joined
- Aug 10, 2001
- Messages
- 2,312
just a couple of notes:
1) if you have a "dedicated line" you don't need a VPN. you have a direct circuit from one office to the other. it is when you just get a t! back to the CO that you need to set up a VPN between offices.
2) terminal services IS encrypted. it uses 128 bit encryption. it is also succesptible to MITM attacks, but that would require DNS spoofing if you are on the outside or arp spoofing if you are on the LAN.
3) the following statement makes no sense:
"They have a VPN connection to the state systems were now anyone sniffing the IPs (easily found through whois.org) can connection to the state systems and initatiate atacks making it look like it is coming from a local government building!!"
you are looking up external IP addresses on whois? and sniffing VPN traffic?
1) if you have a "dedicated line" you don't need a VPN. you have a direct circuit from one office to the other. it is when you just get a t! back to the CO that you need to set up a VPN between offices.
2) terminal services IS encrypted. it uses 128 bit encryption. it is also succesptible to MITM attacks, but that would require DNS spoofing if you are on the outside or arp spoofing if you are on the LAN.
3) the following statement makes no sense:
"They have a VPN connection to the state systems were now anyone sniffing the IPs (easily found through whois.org) can connection to the state systems and initatiate atacks making it look like it is coming from a local government building!!"
you are looking up external IP addresses on whois? and sniffing VPN traffic?
I work in gov't IT, in particular the department of corrections. Security is prime directive numero uno agency wide, so budget issues take a back seat whenever security is a concern. The network is by no means perfect, but the luxery of being one of the top budgeted agencies in the state makes things easier to accomplish.
If this "feaster" is underskilled and ill equiped accompanied by being in a puny state agency with a small budget, let alone an IT budget, I am not surprised at all about these problems.
If this "feaster" is underskilled and ill equiped accompanied by being in a puny state agency with a small budget, let alone an IT budget, I am not surprised at all about these problems.
YeOldeStonecat
[H]F Junkie
- Joined
- Jul 19, 2004
- Messages
- 11,330
Raystream said:
How?
If anything...it gives some people the ability to shine in the field. Other consultants who fail at their job...are my best source of new clients.
Every field out there has some people who are not up to snuff.
PHUNBALL said:
^^^ what he said. I can't even count how many times i've had jobs where the management is so innept, and has no clue what's going on, yet they are making big $$$. This is an example of not only government management, but corporate america management.
You have managers managing managers managing employees. Where does the stupidity end?
SJConsultant said:Heh.
1. I know an IT guy by the last name of "Feaster" who works for a govt agency
2. I also know an IT guy "Feaster" who is also a firefighter
3. A particular county organization was just telling me about email issues they are having
What are the chances of this being a mere coincidence?
If this is in the same County I am, I most certainly can help since I know of alot of other issues. You have a PM.
LOL
When they get rid of the employees.Motley said:
I worked for a company with 13 layers of management - some departments had been whittled down to zero employees but the management chains were still intact. Sixty percent of all corporate expenses was management salaries. Surreal place to work.
MooCow
[H]F Junkie
- Joined
- Apr 13, 2000
- Messages
- 8,245
I know someone who I don't really speak with much anymore...
We met in some class related to networking, and he wanted to be a cop after high school. He didn't like the police academy so before he left they offered him a position to be the admin for a small police department, since he "knew the most about computers" in the place. Well... that is not really enough to qualify for that position. He left the FTP server running on Win2k Server, and the logs were showing a bunch of kids trying to get in with warez/warez and other common login and passwords. He also left the IIS server up and running... and this was with no patches.
Anyways he was raking in $35k a year from the police, possibly considered gov't so I guess there's a tax break on that?
I guess this could be the reason why certs are in high demand and IT auditing is also on the rise.
I don't really speak to him much anymore because he would always call me for some computer help while making money off some clients on the side. He would low ball me on assistance sometimes and I was better off working on my own. I mean otherwise he was a good guy but we became business friends and I just don't fly that way with him.
There are a lot of people working in IT that I know a lot more than, even though they have certs. I showed people what terminal services was while at work and they all started using it, connecting to their desktops while in the pc lab so they could surf the web and other stupid shit. Turns out today we had a conference and I made the cut for the last four guys out of eight temps to stay, the rest were sent home. I'm rather impressed where I stand for no certs, working for some Lan/Desktop support group under Siemens at Verizon, good place. And yes I also live in NJ... an old high school acquiantence of mine just started a computer repair service with another friend. Turns out they know very little about fixing PC's.... they just wanna hustle tech's around to tell them where the jobs are, while they pay for advertising... I just dunno if thats a good idea... no offense... good guy with good people skills, but I don't see how running a business to sell a service you don't know how to perform is gonna fly??? I've seen a lot of experienced people in IT and a lot of clueless ones... more clueless ones than ones loaded with experience.
We met in some class related to networking, and he wanted to be a cop after high school. He didn't like the police academy so before he left they offered him a position to be the admin for a small police department, since he "knew the most about computers" in the place. Well... that is not really enough to qualify for that position. He left the FTP server running on Win2k Server, and the logs were showing a bunch of kids trying to get in with warez/warez and other common login and passwords. He also left the IIS server up and running... and this was with no patches.
Anyways he was raking in $35k a year from the police, possibly considered gov't so I guess there's a tax break on that?
I guess this could be the reason why certs are in high demand and IT auditing is also on the rise.
I don't really speak to him much anymore because he would always call me for some computer help while making money off some clients on the side. He would low ball me on assistance sometimes and I was better off working on my own. I mean otherwise he was a good guy but we became business friends and I just don't fly that way with him.
There are a lot of people working in IT that I know a lot more than, even though they have certs. I showed people what terminal services was while at work and they all started using it, connecting to their desktops while in the pc lab so they could surf the web and other stupid shit. Turns out today we had a conference and I made the cut for the last four guys out of eight temps to stay, the rest were sent home. I'm rather impressed where I stand for no certs, working for some Lan/Desktop support group under Siemens at Verizon, good place. And yes I also live in NJ... an old high school acquiantence of mine just started a computer repair service with another friend. Turns out they know very little about fixing PC's.... they just wanna hustle tech's around to tell them where the jobs are, while they pay for advertising... I just dunno if thats a good idea... no offense... good guy with good people skills, but I don't see how running a business to sell a service you don't know how to perform is gonna fly??? I've seen a lot of experienced people in IT and a lot of clueless ones... more clueless ones than ones loaded with experience.