The real question is : Why did you invite anyone over, before having a guest VLAN set up ? Classic beginner mistake.
I have two seperate guest VLANs, one for my family, and one for the people I love.
45 minutes setting up an alt vlan?
Was he getting paid by the hour?
What idiot IT specialist does not run a segregated VLAN for guest wifi access? That is just rude.
This reads like a parody greentext except you know OP is a sysad so there’s no fucking way he’s that self-aware
wth is the point of a guest network if you have 443 blocked lmao.
Even my VPN port is 443 so it gets past basic port filtering because HTTPS is usually the only one allowed compared to other protocols.
Which actual IT guy supports antivirus?
Lol generally I’ll refer to the OS builtin tooling (XProtect/MS Defender) and EDRs as “Antivirus” otherwise the non-techies will freak OmG wE hAVe NO aV! And then the “anti”-viruses like mcafee and Kaspersky mysteriously spawns
And also on-demand AV software can be good for spot checks or if you’re sus of something.
It’s the “Real-time” shit that hooks into the kernel that needs to be avoided like the plague
When i was a windows person many moons ago i ran into viruses once or twice. Kaspersky was the only av in those days that effectively cleaned them from my system.
Now i am a linux dude. Where there doesnt really seem to be an effective antivirus solution because, even though malware exists, it’s so fucking sophisticated and stealthy you may never know it.
Lock down their accounts so they can’t even install shit.
Does the concept of Zero Trust also include Management? Asking for a friend.
I’ve only ever met two types of IT professional. Either:
- Their home network is immaculate and smooth as butter. It connects quickly and integrates with everything. They can manage it all from their phone, but they don’t have to because it’s all automated. Their server room (a) exists and (b) is cable managed. There’s a wireless access point and connected smart speaker in every room, including the garage and the back patio, but they’re carefully located for maximum sound coverage and to prevent signal interference. Their home theater is substantially better than a movie theater, and their media server is packed to the gills with content. Network security is hardened, with bespoke subnets for every user and tunneling for the media server and smart home functions. You feel a sense of calm and ease when connected to their network. “Everything I do at work, I try out at home first.”
Or:
- Their “home network” is a single Belkin router from 2011. They’ve had it since college, and it takes 9 minutes to reboot (which they have to do daily). It doesn’t even have Tomato on it and still uses the default password. They still watch OTA TV and Blu-Rays, so the wifi is exclusively connected to the smart switch that their tea kettle is plugged into so they can start their hot water before they come downstairs. You feel guilty even asking for the wifi password. “Why would I do any network stuff here? I do IT all day at work, the last thing I want to do is even touch a Cat5 cable at home.”
Isn’t this basically just rich IT guy vs poor IT guy?
No, it’s 'my life is IT and i never stop working" guy, and “IT is just my job” guy.
I just order a new router on Black Friday to replace my 10 year old one. I also only console game now because PC gaming is too much of a headache. I spend my money on outdoor gear and pets, not technology. My new router is $90 bucks. I can’t fathom why I’d ever need a wifi 7 quad band router with 9Gbps of throughput for a home network, other than pure bragging rights. All my devices are like 5-10 years old and barely support wifi 6 anyway.
A couple of my co-workers are the former. They will be doing penetration testing at 2am form their home lab in the morning because they their default mode is work work work. If i’m up at 2 am i’m watching TV and snacking.
I monitor security updates, but my co-workers like get excited and ramble on anytime a new patch/attack is documented. I don’t get it. They revel in doing updates and rebuilding their VMs fresh every few weeks, I groan and clone.
Nah, I could afford nice shit but I’m still using a ubiquity edge router 8 from 10 years ago.
There is probably something to be said that there is an in between to those two extremes. The “my network is made of a Hodgepodge of shit my employer threw out that still seems to work and brand new things I replaced because I had to”
My first draft of this did mention that there was a version of the second type of IT guy who cobbled everything together with workplace castoffs and conference swag, but I couldn’t figure out how to make it work without just being over-wordy.
Maybe more like fresh IT guy vs. seasoned (=old) IT guy
“Everything I do at work, I try out at home first.”
Absolutely no fucking way! And anything that touches work is isolated, their opsec sucks so much they didn’t even realized they mandate “security solutions” with known backdoors.
I think it means they setup new tech on their homelab to learn how everything works and how to break it. Then when a problem arises where one of these solutions is needed at work, you can implement it without any large issues. It makes sense if your hobby is close to or adjacent your day job, and you are on Salary, and your boss treats you right.
Yes, I’m not doing almost any of the things we do at work in my network.
I’m absolutely not running the same software. I’m not organizing the information the same way. I’m not using the same infrastructure abstraction, and even less configuring it in any similar way. I’m not writing the same languages.
The work environment is dictated by consensus between many people, with varying expertise, and weighted by how much work one is willing to put into each aspect of it. Each of those parts lead to bad tech, even though they lead to good people organization.
Well I sit kind of between these
Like I’m not getting a dedicated router and have no server room in my apartment, and my consumer router only supports two VLANs (main and guest). But I’d say the rest is rather sophisticated with all machines defined in my NixOS config, including automated generation of firewall and reverse proxy rules for which I wrote custom modules.
Media server isn’t super full but connected to jellyseer and the rest of the stack, accessible over TLS (Let’s Encrypt certificates) only, with the option to have users managed via IDM.
However, I only have devices on my network that I somewhat trust, with an Android TV box being the worst offender. The smart TV was never connected to my network.
Would be cool to isolate my work PCs somewhat (I work from home with company provided equipment) but it’s just not worth the trouble in my opinion. Not switching out a low power device that does most for two different devices that both use more power (since you usually need a router and a modem).
deleted by creator
The guy she tells you not to worry about VS you.
I’m in the meme. In the shitty paragraph.
Are you my boyfriend/roommate?
Edit: he and I are both IT folks, but he handles all the Windows issues in the house. I handle Linux issues. He handles the router because it’s closer to his desk so it’s easier for him to threaten.
That seems optimal, I would be terrified at the thought of a Windows admin touching me.
no, just me, gabe newell
I want to be the first, but I am definitely closer to the second. I’m trying to find a reasonable middle ground.
Like, I want to have a nice home network with a proper NAS, Pihole DNS, Plex/Emby/Jellyfin media server, all my music properly tagged, little mediaplayer/emulation/game streaming endpoint boxes on each TV, etc. But I don’t have the time or money to do it right at the moment.
So I have my desktop set up to share out my media folders as SMB shares when it’s powered on, and I’ve used a few tools to get my video content organized right for Kodi. I’ve got Kodi installed as an app on the Xbox Series X plugged into the family room TV. The other TV has a Chromecast dongle with VLC sideloaded and set up to connect to the SMB shares, because I’m too lazy to get my Kodi setup on it. Every room in the house has an ethernet port, and most rooms have a dumb switch so as much hardware can have ethernet connection as possible. I’ve run my music collection through MusicBrainz Picard, and separated it into a properly tagged and organized folder, and one for stuff that isn’t.
I’m almost the first (I run multiple VLANs and SSIDs using pfSense and Ubiquiti hardware) but my server is an old PC sitting under my desk and my cable management strategy is mostly “out of sight, out of mind”. I’m also heavily invested in the Apple ecosystem, especially for smart home stuff, so not everything is open source. Basically I have a complex network setup because I actually make use of it, but I really don’t enjoy working on it and if there’s an easy solution, I’ll go for it.
I’m in the middle. At work, I play it fairly conservative, applying well established solutions to well-known problems.
I have friends whom I advise and assist with their networks that absolutely fall into the first category.
MY network is is like the lab of a mad scientist, everything tinkered with right up to the edge of breaking. My home router collapses multiple times a year due to the wonky chaos I ask it to do. Home automaton sequences that are more complex than most rube goldberg machines. Metaphorical sharp edges and loose clutter everywhere, but an unholy abomination that works better than it has any right to - until I scrap it all to rebuild it from scratch next week.
I spent way more time than I care to think about figuring out how to get my porch lights to come on at 7am and turn off 10 minutes before sunrise without breaking when sunrise happened before 7am. I tried some serious Rube Goldberg nonsense in multiple iterations, until finally I decided to just add another “turn off the lights” at 9am every day. Most of the time it doesn’t do anything because the lights are already off, but on DST day it accomplishes my goal of making sure they don’t run all day, since 9am is always after sunrise.
If you’re using home assistant there is a “sun” integration.
My lights turn on 30 minutes before sunset and turn off 30 minutes after sunrise.
My wife didn’t want them turning on and off at the same time every day because observers could see the pattern… at least this way it’s a little more hidden.
Guys a madman, didn’t even ask for a ticket.
He is doing the right thing if only because he is preventing a child from playing Roblox.
He’d be a hero if he gave him a copy of Minecraft (or really almost any non-F2P game) to play instead.
Luanti.
Simple solution: log the kid into your neighbor’s wifi.
45 minutes to setup a guest wifi?
This is very easy on a consumer router and more difficult on an enterprise router.
It does seem to imply the person has some experience with those though so 45 minutes still seems like a lot.
First time had to google the manual for the router he doesnt know the model # or how to access
I couldn’t imagine bringing a gaming device to a family Thanksgiving celebration and insisting on being able to use it instead of socializing with the people physically there.
Wouldn’t it be enough to just create a seperate subnet?
Yeah, he did that…and then kept going for some reason. A separate subnet in a separate firewall zone that doesn’t forward anywhere but the internet should be sufficiently safe
Not for the kid.
Was he worried about the kid or his network lol?
por_que_no_los_dos.meme
Neither
Classic BOFH.
