Guest vlan? Smart.
Blocking 80/443 knowing all to well everything depends on those: evil.
Throttling to 56k: the original original poster just being a dick.
Took 45 minutes: Maybe find another job. You’re not good at it.
Conclusion: The sister was right. Evil incompetent dick.
Took 45 minutes: Maybe find another job. You’re not good at it.
Bit harsh.
The OpenWRT guest wifi guide isn’t a simple switch like you would get on your OEM router, but involves manually setting up a bridge device, a new firewall zone, and a new AP on one of your radios.
This can take some time if you want to do things the right way. 10 minutes to setup with no extra config steps. Add another 10 if you need to move around your firewall rules, and another 20 for random debugging.
https://openwrt.org/docs/guide-user/network/wifi/guestwifi/configuration_webinterface
Although, you set it up once. After that it’s just a checkbox.
I have a feeling this is satire, and I’m usually the type of person to miss the joke and think it’s genuine
Even if it is satire, doesn’t mean we can do a full breakdown, especially for comedic value.
We’re missing the most important rule here. Did the nephew open a ticket?
I legitimately can’t tell if this is a joke or some dude trying to do a humble brag post on LinkedIn. So many ‘look what I can do’ posts on that damn site.
No one that serious about network security wouldn’t already have a network dedicated to untrusted devices relatives could use. Definite joke, still entertaining 😂
what a dick move tbh. i get ya wanna be secure, but why not just let him do his thing on that alternate network?
How about running guest WLAN?
This is just Uncle BOFH.
Fuck you with your ISO 27001 compliance!
Also, fuck that kid.
Also, fuck that kid’s mother.
She’s the enabler here.
I feel like when ‘Zero Trust’ first became a thing, the theme was ‘you should have every endpoint under your control hardened so it need not feer untrusted peers being able to connect’. E.g. if you think you absolutely need VPN to a ‘private network’ for security, then you are failing to be hardened in a ‘zero trust’ way, because you implicitly fear that your systems would fall to untrusted peers.
I feel like it’s evolved to ‘don’t let anything be able to connect to anything under your control unless you have admin privilege over it as well’. Which is particularly a nightmare when you try to collaborate between two companies, each balking at the other’s hard requirement to have admin access to all network peers of interest.
-
Corporations really, really love being admin on everybody elses devices. See kernel level anticheat.
-
I feel like people have gotten zero trust (I don’t need to trust anybody) confused with “I don’t trust anybody”.
-
I was listening to a podcast by packet pushers and they were like “So you meet a vendor, and they are like, ‘So what do you think zero trust means? We can work with that’”.
-
deleted by creator
deleted by creator
deleted by creator
Guys a madman, didn’t even ask for a ticket.
The real question is : Why did you invite anyone over, before having a guest VLAN set up ? Classic beginner mistake.
Sounds like the network people at my company. They are asking us to spend more time in the office, but they don’t provide enough desks, they don’t provide working wired LAN and they only provide semi-working Wifi. All with proxies that don’t work and filters that don’t let me access the webapp I am supposed to maintain, which is blocked for “being a commercial website”. Thanks, I know, I have to program that crap.
I have two seperate guest VLANs, one for my family, and one for the people I love.
Whatever happened to just talking to each other? I’m glued to my devices all day every day, yet even I ignore the phone during holiday family gatherings.
Nobody’s forcing you to go; if you prefer be on the internet rather than interacting with your family, please just stay home.
Edit: Downvotes be damned, I stand by what I said. If this asocial shut-in who hasn’t had a friend since 2014 (because people annoy me) can come out of my shell a few times a year, and spend some time with the people I grew up, so can you. No excuses.
One day they will all be dead or estranged, and you will regret not looking up from your phone for two hours to spend quality time with them when they were alive and in your life, as you die alone in your nursing home (assuming you’re rich enough to afford assisted living, that is). Don’t say you aren’t warned.
I’ve only ever met two types of IT professional. Either:
- Their home network is immaculate and smooth as butter. It connects quickly and integrates with everything. They can manage it all from their phone, but they don’t have to because it’s all automated. Their server room (a) exists and (b) is cable managed. There’s a wireless access point and connected smart speaker in every room, including the garage and the back patio, but they’re carefully located for maximum sound coverage and to prevent signal interference. Their home theater is substantially better than a movie theater, and their media server is packed to the gills with content. Network security is hardened, with bespoke subnets for every user and tunneling for the media server and smart home functions. You feel a sense of calm and ease when connected to their network. “Everything I do at work, I try out at home first.”
Or:
- Their “home network” is a single Belkin router from 2011. They’ve had it since college, and it takes 9 minutes to reboot (which they have to do daily). It doesn’t even have Tomato on it and still uses the default password. They still watch OTA TV and Blu-Rays, so the wifi is exclusively connected to the smart switch that their tea kettle is plugged into so they can start their hot water before they come downstairs. You feel guilty even asking for the wifi password. “Why would I do any network stuff here? I do IT all day at work, the last thing I want to do is even touch a Cat5 cable at home.”
“Everything I do at work, I try out at home first.”
Absolutely no fucking way! And anything that touches work is isolated, their opsec sucks so much they didn’t even realized they mandate “security solutions” with known backdoors.
I think it means they setup new tech on their homelab to learn how everything works and how to break it. Then when a problem arises where one of these solutions is needed at work, you can implement it without any large issues. It makes sense if your hobby is close to or adjacent your day job, and you are on Salary, and your boss treats you right.
Yes, I’m not doing almost any of the things we do at work in my network.
I’m absolutely not running the same software. I’m not organizing the information the same way. I’m not using the same infrastructure abstraction, and even less configuring it in any similar way. I’m not writing the same languages.
The work environment is dictated by consensus between many people, with varying expertise, and weighted by how much work one is willing to put into each aspect of it. Each of those parts lead to bad tech, even though they lead to good people organization.
You are telling me that you can’t proof of concept something without a matching tech stack? Or learn exactly how a new tech works? It also sounds like you should never give your work any of your personal time, you won’t gain anything except for more work.
Isn’t this basically just rich IT guy vs poor IT guy?
No, it’s 'my life is IT and i never stop working" guy, and “IT is just my job” guy.
I just order a new router on Black Friday to replace my 10 year old one. I also only console game now because PC gaming is too much of a headache. I spend my money on outdoor gear and pets, not technology. My new router is $90 bucks. I can’t fathom why I’d ever need a wifi 7 quad band router with 9Gbps of throughput for a home network, other than pure bragging rights. All my devices are like 5-10 years old and barely support wifi 6 anyway.
A couple of my co-workers are the former. They will be doing penetration testing at 2am form their home lab in the morning because they their default mode is work work work. If i’m up at 2 am i’m watching TV and snacking.
I monitor security updates, but my co-workers like get excited and ramble on anytime a new patch/attack is documented. I don’t get it. They revel in doing updates and rebuilding their VMs fresh every few weeks, I groan and clone.
Nah, I could afford nice shit but I’m still using a ubiquity edge router 8 from 10 years ago.
There is probably something to be said that there is an in between to those two extremes. The “my network is made of a Hodgepodge of shit my employer threw out that still seems to work and brand new things I replaced because I had to”
My first draft of this did mention that there was a version of the second type of IT guy who cobbled everything together with workplace castoffs and conference swag, but I couldn’t figure out how to make it work without just being over-wordy.
deleted by creator
The guy she tells you not to worry about VS you.
I’m in the meme. In the shitty paragraph.
Are you my boyfriend/roommate?
Edit: he and I are both IT folks, but he handles all the Windows issues in the house. I handle Linux issues. He handles the router because it’s closer to his desk so it’s easier for him to threaten.
That seems optimal, I would be terrified at the thought of a Windows admin touching me.
no, just me, gabe newell
I want to be the first, but I am definitely closer to the second. I’m trying to find a reasonable middle ground.
Like, I want to have a nice home network with a proper NAS, Pihole DNS, Plex/Emby/Jellyfin media server, all my music properly tagged, little mediaplayer/emulation/game streaming endpoint boxes on each TV, etc. But I don’t have the time or money to do it right at the moment.
So I have my desktop set up to share out my media folders as SMB shares when it’s powered on, and I’ve used a few tools to get my video content organized right for Kodi. I’ve got Kodi installed as an app on the Xbox Series X plugged into the family room TV. The other TV has a Chromecast dongle with VLC sideloaded and set up to connect to the SMB shares, because I’m too lazy to get my Kodi setup on it. Every room in the house has an ethernet port, and most rooms have a dumb switch so as much hardware can have ethernet connection as possible. I’ve run my music collection through MusicBrainz Picard, and separated it into a properly tagged and organized folder, and one for stuff that isn’t.
Well I sit kind of between these
Like I’m not getting a dedicated router and have no server room in my apartment, and my consumer router only supports two VLANs (main and guest). But I’d say the rest is rather sophisticated with all machines defined in my NixOS config, including automated generation of firewall and reverse proxy rules for which I wrote custom modules.
Media server isn’t super full but connected to jellyseer and the rest of the stack, accessible over TLS (Let’s Encrypt certificates) only, with the option to have users managed via IDM.
However, I only have devices on my network that I somewhat trust, with an Android TV box being the worst offender. The smart TV was never connected to my network.
Would be cool to isolate my work PCs somewhat (I work from home with company provided equipment) but it’s just not worth the trouble in my opinion. Not switching out a low power device that does most for two different devices that both use more power (since you usually need a router and a modem).
deleted by creator
I’m in the middle. At work, I play it fairly conservative, applying well established solutions to well-known problems.
I have friends whom I advise and assist with their networks that absolutely fall into the first category.
MY network is is like the lab of a mad scientist, everything tinkered with right up to the edge of breaking. My home router collapses multiple times a year due to the wonky chaos I ask it to do. Home automaton sequences that are more complex than most rube goldberg machines. Metaphorical sharp edges and loose clutter everywhere, but an unholy abomination that works better than it has any right to - until I scrap it all to rebuild it from scratch next week.
I spent way more time than I care to think about figuring out how to get my porch lights to come on at 7am and turn off 10 minutes before sunrise without breaking when sunrise happened before 7am. I tried some serious Rube Goldberg nonsense in multiple iterations, until finally I decided to just add another “turn off the lights” at 9am every day. Most of the time it doesn’t do anything because the lights are already off, but on DST day it accomplishes my goal of making sure they don’t run all day, since 9am is always after sunrise.
If you’re using home assistant there is a “sun” integration.
My lights turn on 30 minutes before sunset and turn off 30 minutes after sunrise.
My wife didn’t want them turning on and off at the same time every day because observers could see the pattern… at least this way it’s a little more hidden.
(Side note, I just realized I said the times slightly wrong. We actually wanted it on at 6:30 and off 15 minutes before sunrise.)
Yeah, I had it turning off before sunrise just fine. The problem is that we didn’t want to turn them on until 6:30, but on the longest day of the year, sunrise actually happens at 6:14, which means that the lights would get the signal to turn off before they got the signal to turn on, which would mean that the lights would stay on all day until the night automation turned them back off again at 10pm. Which…probably doesn’t make a difference, but it would bug my totally-not-neurodivergent brain.
Anyway, I don’t use Home Assistant, but that’s probably the one I’ll choose the next time I move.
Yep. You can also use the sun’s position in the sky as well; I had one of the AIs write up the YAML.
Light sensor trigger?
The porch lights in question are actually string lights, and I just assumed that the power outlet they’re plugged into was too deep on the porch for a light sensor to be reliable. I could definitely be wrong, though.
There are separate light sensors.
The point of automation is that it doesn’t matter where anything is, they all can talk to one another.
Oh, yeah. I think if it was a problem I was willing to spend any more money on than I already had, I could’ve potentially ended up there.
I’m almost the first (I run multiple VLANs and SSIDs using pfSense and Ubiquiti hardware) but my server is an old PC sitting under my desk and my cable management strategy is mostly “out of sight, out of mind”. I’m also heavily invested in the Apple ecosystem, especially for smart home stuff, so not everything is open source. Basically I have a complex network setup because I actually make use of it, but I really don’t enjoy working on it and if there’s an easy solution, I’ll go for it.
For the smart stuff: HomeAssistant
It is life changing once you get it running.
I got already 5 vendors and 3 different communications (BT, Matter, WiFi) integrated.
It truly is awesome
Simple solution: log the kid into your neighbor’s wifi.
What idiot IT specialist does not run a segregated VLAN for guest wifi access? That is just rude.
And separate wifi networks that are connected to different vpns from around the world.
