I've been re-doing all the firewall configs here in my office. It's one of those tasks that I was hoping to put off for about trillion years or so. This is due to many factors, but I can boil it down to a handful. First off the original setup was contrived by an ex-CIA director who was being overpaid to come up with security, for the Pentagon, when security for the Mini Mart would have sufficed.
"Okay, so we'll bounce the incoming requests off seven satellite relays, then filter them through a TCP port scrubbing utility..."
"Why don't we just allow the ports we want though and drop the rest?"
"Fool! They'll be expecting that!"
Secondly, staring at five-hundred plus lines of firewall configs makes my brain swell, I have zero trouble admitting that it's darn hard to keep it all straight in my head. So in an effort to combat my own failings, I yell at random people who come to me seeking help. I've been a real joy these last few weeks.
"Peter...We need.."
"TO LEAVE ME ALONE. THAT'S ALL YOU NEED."
"Ah... so maybe we can come back later?"
Thirdly it's been tweaked, poked and prodded by so many for so long it hardly resembles anything like a firewall and more like a booby-trapped Pharaohs tomb.
"Don't touch that."
"Why not?"
"The floor will fall out, and you won't be able to FTP anywhere outside of finance"
"Ah... What about this?"
"No idea...it's always been like that..."
"Well shouldn't we move-"
"Don't TOUCH ANYTHING! You've got some sort of a death wish?!"
"Aren't we suppose to fix this mess!?"
"You start changing this around and you're going to be flooded with calls from irate users."
"Well, to hell with that! Lets get out of here!"
If I could compare it to something, I would say it's a lot like cleaning out your garage. Things that have been left alone forever finally have to be looked at.
"What is this for?"
"I think that goes with the kitchen table... Or maybe it belongs to one of the kids."
"Do you need it?"
"Only if I throw it away, then yes. Otherwise, I'll never use it."
"So?"
"Better to just stack it precariously on top of the fish tank parts. Yeah, that looks good."
You really want to clean up stuff, but it's been so long since it's been used. You might be throwing out the thing that is used once every year that has no replacement or that valuable family heirloom that crazy uncle Keith laid down his life to preserve for future generations.
"Is that real gold?!"
"That old thing? I doubt it. Just toss it."
Anyway. That's what I'm up to. It's a hoot.
The real fun will come after I'm done. I'll swap out the current system with this new one, and then we get to see how well I really did. Everything will work Sunday night, while I'm here by myself...but any network tech knows that this test means nothing. Monday is when the rubber meets the road.
"Hey... I can't get to craigslist today. I'm going to give that pompous geek what for! Right after I email his manager!"
No comments:
Post a Comment