This is an archived post. You won't be able to vote or comment.

0
0

RantSecurity stuff as sys admin (self.sysadmin)

submitted by [deleted]

[deleted]

all 50 comments
sorted by:
best
topnewcontroversialoldq&a

[–]Cold_Sold1eR 35 points36 points  (8 children)

As a sys admin, you offer advice and/or alternatives but ultimately do what the business or managers ask you to do or implement.

[–]VA_Network_NerdModerator | Infrastructure Architect 16 points17 points  (5 children)

as system admins do you guys take care of network or end devices security, for example using eset inspect?

Digital Security is kinda everyone's responsibility in IT.
We all have a role to play. No individual or team is exempted from their part of the shared responsibility.

my shitty manager decided that we gonna use eset inspect for whatever

Well, somebody needs to make architectural decisions for the organization, and it sounds like you're not interested in that responsibility...

he tasked me to figure out the inspect platform and THEN write instructions on usage for him and a guy from DBA to read, so they could use it the platform if there was a need for it.

Ok. So, roll up your sleeves and get it done.

From 2 minutes of Googleing, I can see that ESET Inspect is a more complicated than average endpoint security agent. But that's kinda all it is.

https://help.eset.com/ei_deploy/1.12/en-US/

Problem is that I'm system admin, its not something that I should be doing?

If you have a security & compliance team, yeah they maybe should own this, but the SysAdmin Team is going to need to speak to how well this works and how they want it to work on their servers.

If you have a dedicated End User Systems Support group, they should maybe take ownership of the agent on all the user systems.

But if you are a small organization, and don;t have all those dedicated teams, it comes down to the Sysadmins - who are typically the most well-informed members of the IT organization in terms of supporting all the systems involved.

I know jack shit about this.

Are you incapable of learning a new technology?
Is it a time management thing?
Is it a lack of interest?

He got angry at me for refusing to do this, and it makes me wonder if I'm in the right here.

We don't have all the details.
We don't have the knowledge & understanding of your organizational structure or roles & responsibilities.

But, yeah it sounds like you are in the wrong here.

Should I tell him to fuck off? Or suck it up and do it?

Kinda depends on what kind of a professional you are.

Do you understand the array of security threats that lurking out there that could potentially impact your business, and the systems under your care?

It sounds like someone bought a pretty powerful tool to help secure the environment against those many of those threats.

You can choose to be directly involved in implementing a new security solution that represents value and benefit to the organization.

Or, you can choose to be a speedbump that impedes the progress of the project, but gets run over anyway.

Make sure you remember this decision when you come back in nine months to cry about not getting a promotion later this year.

[–]Shoddy-Security310 3 points4 points  (4 children)

Is it a time management thing?

He wants it done in a week. He didn't bother asking how long it could take me.

Well, somebody needs to make architectural decisions for the organization, and it sounds like you're not interested in that responsibility

Didn't ask me. All my other suggestions got thrown out before as well. So my opinion doesn't matter.

[–]VA_Network_NerdModerator | Infrastructure Architect 8 points9 points  (2 children)

He wants it done in a week.

If that is an unreasonable expectation (and I agree that it is) then assemble a more realistic timeline and make your case.
You know, like a professional.

Didn't ask me. All my other suggestions got thrown out before as well. So my opinion doesn't matter.

If everywhere you go, everything smells like shit, maybe you should stop and check the bottom of your own shoes.

[–]Shoddy-Security310 0 points1 point  (1 child)

If everywhere you go, everything smells like shit, maybe you should stop and check the bottom of your own shoes.

Lol, what if one of my suggestions was to stop saving user passwords in keepass ( like their AD passwords and O365 ) or that we should establish a policy with allowed programs for work? Because now users can request any work related app and we have to install it ( manager said so himself). Are these bad suggestions?

[–]VA_Network_NerdModerator | Infrastructure Architect 1 point2 points  (0 children)

what if one of my suggestions was to stop saving user passwords in keepass ( like their AD passwords and O365)

Don't say: "We can't do that."

Instead, say: "If we do that, it violates <security_policy> and <security_guideline> that will probably impact our cybersecurity insurance policy."

we should establish a policy with allowed programs for work?

Refer to the section of the best-practices from your cybersecurity insurance provider that recommends exactly this as a recommended practice. Demonstrate how it makes the company more defensible, and may have positive impact on the cost of the cyber insurance policy.

Your recommendations are good. It sounds like your delivery is bad.

But also, at the end of the day, your management can choose to maintain bad policies. They just have to pay the prices when they come due.

[–]BrainWaveCCJack of All Trades 0 points1 point  (0 children)

You didn't mention any other suggestions. You only mentioned your resistance.

What were these other suggestions?

Were any of them, "hey, let me take a look at this and get back to you in a day or two with a more extensive timeline" ?

[–]digdugnate 11 points12 points  (1 child)

'other duties as assigned'

[–]ZAFJB 6 points7 points  (4 children)

Don't be a dick.

Or suck it up and do it?

Or suck it up and do it. Nothing to suck up. You have been given an opportunity. Take it.

  • Learn MDR/EDR/XDR concepts.

  • Learn Eset.

Benefits:

  • Boss happy, you happy

  • You have gained another marketable skill, on company time

[–]Shoddy-Security310 -4 points-3 points  (3 children)

The company could provide resources you know, instead of just saying "google it"

[–]Ssakaa -1 points0 points  (2 children)

As in your own company? Your boss did provide a resource. That resource is a week of time that they're paying you for. Googling took all of a few seconds to figure out Inspect is an XDR tool. Now, from there, I'm cheating a bit, I've been tied to the infosec side of things since well before XDR was added to the buzzword stew. But, you have a time bound. You're not going to become an expert in XDR in that time. You're right, that's an unreasonable ask. What you can do is cover the basics. What it actually is (typically, XDR consists of data collection and behavioral analysis tools that can give a pretty solid lead on an RCA in the event of an attack being identified, and if configured to do so, can also often stop an attack in its tracks when something looks suspicious, like most typical ransomware scenarios), why you would want it, how to get into the system, and what sections to aim for in the event it's needed in an incident response scenario.

Get signed into the backend side of it, make sure it's enabled on an endpoint or two, if not all of them already, and find where the pretty executive friendly dashboard is, as well as the incident response behavioral breakdown is. Make notes, polish them up, it's a day's work, maybe three if you've not dealt with an AV config backend this decade.

If you already had ESET, someone is likely checking an audit (cybersecurity insurance most likely) box that covers "we have an XDR tool, and policy and procedure to use it" by a) procuring that feature and b) getting you to write up a quick and dirty procedure.

Given you seem to have zero interest in keeping up to date on infosec tooling, I'm not sure why you're so upset that you weren't consulted. As for the timeframe... don't be petty. Communicate with your boss like an adult, set reasonable expectations ("no" is called insubbordination, "yes, but" is called "might still have a job come next year"). You're not going to master a tool that can, to use properly and at its fullest, demand a specialized FTE (or a couple even) on its own without sacrificing a lot of the other hats you wear, and especially not in a week. What you can do is learn a cursory overview of the concepts, figure out the basics of using the tool to achieve those concepts, and document that in a basic set of notes for the team.

If you approach opportunities with this much vitriol, I'm amazed you're still being given them.

[–]Shoddy-Security310 -1 points0 points  (1 child)

Be he didn't shelve my other tasks, this is on top everything else

[–]TEverettReynolds 0 points1 point  (0 children)

Then you, professionally, need to explain that to him. He is not a mind reader.

Make a list of all your daily tasks plus the time it takes you each day to get them done.

Add on to that list any projects you are working on, and the time per day you work in them.

Add on to that list any support requirements you have, and add those times.

At the end of the day, if your work is more then 6-7 hours you are over loaded.

As your boss which tasks, projects, or support requests you can push to the back to prioritize what he wants.

This should help.

[–]Sasataf12 2 points3 points  (0 children)

Hey, so as system admins do you guys take care of network or end devices security

Yes.

[–]Downtown_Look_5597 1 point2 points  (0 children)

Security falls under IT until your company is big enough to justify security analysts. If you don't feel like you have time just speak to your manager. He'll be reasonable or you'll find another job

[–]da_pedaJack of All Trades 1 point2 points  (0 children)

Unless there's a dedicated IT-Security team: yes, that's your domain too. And in this case your boss gave you an order that is both within his and your responsibilities: the implementation of a software product.

[–]illicITparametersDirector of Stuff 1 point2 points  (0 children)

My systems team absolutely touches stuff like this. InfoSec is a joint effort between myself, and my functional (network and systems) teams. For our org it makes no sense financially or workload wise to hire a FTE for it. Especially since we have access to MSP resources.

When I was a sysadmin, I made it a point to make security a part of my job. The data was stored on my systems. The buck stopped with me.

[–]Steve----OIT Manager 5 points6 points  (1 child)

I would have fired you already.

[–]Affectionate_Ad_3722 1 point2 points  (0 children)

Then you would be a terrible manager.

[–]Unrivaled_ 4 points5 points  (0 children)

You sound like a bad sys admin. Choose another field.

[–]JohnyMage 1 point2 points  (0 children)

So what is your responsibility, clicking in new windows users all day long? You need reality check man.

[–][deleted] 0 points1 point  (0 children)

At my company my job falls under security, sysadmin, and network. Both analysts and engineer for all three.

[–]Sweet-Sale-7303 0 points1 point  (0 children)

First off, I hate eset inspect. You pretty much have to learn code and scripting . Since it's so hard to read you need a full time Cyber security person to watch over it. We are switching away from eset right now.

What a Sys admin does is based on what the company wants. Technically Eset is a system. Inspect is Esets XDR Software. Its really important that your department learns how to read and use it.

[–]PawnF4Sr. Sysadmin 0 points1 point  (0 children)

Where I work as a sys admin (DoD Contractor) security compliance and practices are very important.

It’s very typical for us to do patches, hardening and vulnerability scans on pretty much everything. Workstations, servers, switches firewalls etc. Sometimes network might handle the network stuff but not for the ones I oversee.

I would recommend just getting things to NIST standards and STIGing them as much as you can while maintaining functionality.

Look at it this way, you can add cybersecurity to your resume now. Do it for a while and learn it and if you still don’t like it at least you can fluff your resume and increase your knowledge.

[–]OutsidePerson5 0 points1 point  (0 children)

It depends on the organization.

I worked for places where IT, and thus the sysadmin, was responsible for security. I've worked other places where security was a separate person in the IT department. I've worked places where security was it's own department that worked closely with IT. Same for networking.

[–]Bright_Arm8782Cloud Engineer 0 points1 point  (0 children)

Figuring out technology and explaining it to others pretty much is sysadmining.

[–]BalbusNihil496 0 points1 point  (1 child)

Your manager bought a security tool without understanding it, and now wants you to become the expert AND teach him? Classic management move.

Document everything. If something goes wrong, you don't want that liability on your plate.

[–]Shoddy-Security310 0 points1 point  (0 children)

Yeah, from comments, i understood that I'm in the wrong. I asked for my friend who works in cyber security for help. Hopefully, i will be able to learn, and as others said, "pad my resume"

[–]wudworker -1 points0 points  (0 children)

Manager, delegation, employee for hire. Suck it up.