IT question thread

--chris--

Sorry for the generic title, but I figured with this being Off Topic it would slide

I thought making this thread would be a good way for me to learn from anyone willing to pitch in. Im looking to pick up the basics. I am not talking about Comptia basics, but the procedural stuff that I have not seen covered in any of the certs. Maybe its too mundane or just assumed someone will teach you this stuff when you get a job.

But for me that wont work, since I am currently the first line of IT support here (god help us all) until I leave. When I leave, I want to make sure I leave this place with some semblance of organization. I don't want to leave this employer pulling their hair out with the mess I have made. So first up...

1) What should I do with all the cartons and containers from electronics? I have a mountain of cardboard boxes I was told I need to save, because that's what my boss was told by the last IT guy. Is this true? The boxes do belong to equipment currently in operation.

2) Old software CD's and documentation? Im referring to stuff for Windows 98/NT. All of the software has been upgraded to its most current version.


On creating policies:

I seen on here that someone had said they used Microsoft's policy guideline (or something similar) when they created several policies. I cant find anything like this and I have been looking for a week. Any idea what they might have been referring too?

If that's a wild goose chase, how do I approach creating policies for computer use and other necessary areas? Copy a larger companies policy and trim it down/add to it until it fits this business?

santaowns

In regards to storing boxes or software, we have a policy that states that anything being stored in the warehouse has x amount of time before being disposed of properly. By being disposed of properly we send electronics to a recycler and hard drives get magnetized then drilled and then broken into pieces using a press. Old software cds and documentation are tossed once it has been determined that they are no longer useful, keys are not thrown away and are kept in a storage locker and or online(not familiar with this way but I know they have some sort of program that logs the key and shows which asset uses it). I think our warehouse guy dates each item, then at 120 days it starts sending a reminder that says something to the affect of "HEY your item is still here confirm in the next 15 days we still need it or it will be disposed of."

networker050184

Questions 1 & 2 - trash it!

For policies your best bet is to check with your company to see what their standards are for policies. The way one company does it may be the exact opposite of another.

--chris--

We are a small company (6 employees), and I believe these will be the first policies put onto paper. I am afraid what I write will be the new standard...which isnt a bad thing if I do it right. But if I dont...

I just need a little guidance on how things should be laid out and formatted (is there a standard for this?). I have an idea of what I want to include, and I plan on running this by the boss to see what he wants included.

networker050184

The standard is set by the company usually. SANS has some good security templates to work with. You can get a feel of the layout from these even if you aren't going to be writing security policies.

SANS: Information Security Policy Templates

--chris--

Thank you. That is what I needed.

Qord

For the disks, I say to recycle them.
Home - The CD Recycling Center of America

paul78

Generally speaking - you are better served if you create an asset classification policy and procedure first before you create disposal procedures. The rule of thumb is that if you don't know how to classify your assets, you will not know how to dispose of them. This would be especially true of your IT assets which may contain confidential and proprietary information. I realize you are talking about vendor obtained materials such as packaging. But even so, depending on the state you operate and the size of company, you may have municipal obligations with respect to recycling of materials - especially if e-waste regulations exist.

--chris--

paul78 wrote: »

Generally speaking - you are better served if you create an asset classification policy and procedure first before you create disposal procedures. The rule of thumb is that if you don't know how to classify your assets, you will not know how to dispose of them. This would be especially true of your IT assets which may contain confidential and proprietary information. I realize you are talking about vendor obtained materials such as packaging. But even so, depending on the state you operate and the size of company, you may have municipal obligations with respect to recycling of materials - especially if e-waste regulations exist.

Thanks for the thourough and to the point explanation, I like those kind!

I interviewed at larger company for a paid internship position yesterday. When I asked what technology or software I would encounter on a daily basis he listed the following:

HP Blades
Barracuda "stuff"
Cisco gear
Meraki
M$ server
M$ Lync
.net

He knows I am a novid in the IT field, he doesnt expect me to actually know anything about this stuff but I will be learning about it. I would like to get as much info about this stuff as I can before the call back on Thursday next week.

So far I know the Cisco gear will be the networking hardware (duh) and possibly the voice as well since I noticed everyone was wearing headsets and working through a GUI on their PC's for the phones.

I know M$ Lync is the software that manages the video conferencing right? What about voice? M$ server is well, yes I know what that does.

HP "Blades" - Blade is a generic term for any rack mount server right? Or is that a copyright thing with HP's rack mount servers?

Is Meraki mainly used for enterprise level WLANs?

They have a proprietary web based "engine" that searches products for their customers to purchase, I think this is where the .Net comes in? But wouldn't he have referred to that as ASP instead? Isn't .Net the framework for some applications on Windows platforms?

The Barracuda stuff could be anything listed here:
https://www.barracuda.com/products

But from what I have seen on here and on job postings, Barracuda equipment usually refers to Firewalls right?

Any help sorting this stuff out is appreciated.

santaowns

HP Blades are internal blade servers inside a larger enclosure they basically plug in and out similar to a hot swap hard drive. Barracuda "stuff" my guess he is talking about barracuda hard drives Cisco gear networking like voice switches routers firewall and wireless. eraki Meraki never heard of it, yoo can Google this. M$ server used as server operating system range from running web service, active direcory, application host, dnd, ntp, file server and much more.M$ lync is for instant messaging can be used to web conference multiple users desktops, but have never used it to teleconference..net is a programming language used to make various applications, no experience in this myself. What I don't see here is their email service which maybe could explain meraki??? Anyways good luck.

--chris--

Meraki appears to be the name of a line of cisco gear (Meraki was a company Cisco bought a few years back), the site features 4 categories of gear (wireless, cloud, security and mobility management). I was just wondering if they are commonly used for one particular thing.

Thanks for the definitions, it helps a lot.

--chris--

Found this while reading up on Meraki.

Cisco buys Meraki for $1.2 billion: 5 reasons the deal makes sense | ZDNet

Key quote from the link:

In a nutshell, Meraki's technology provides Wi-Fi, switching, security and mobile device management via a centralized cloud platform. Meraki appeals to midmarket customers because they don't have to deploy more IT staff to build out their networks.

So there you have it. Learn something every day.

--chris--

networker050184 wrote: »

The standard is set by the company usually. SANS has some good security templates to work with. You can get a feel of the layout from these even if you aren't going to be writing security policies.

SANS: Information Security Policy Templates

I wanted to come back and quote this. This link has been very helpful, even now that I am in a true IT position. I have been using the SANS site/white papers to draft up my take on what a basic security policy.

Also I wanted to ask for some advice.

The place I currently work at is a bit of a mess as far as the whole IT department and infrastructure goes.

Problems like delegation of duties (who (?) is responsible for what?), asset management (chargers are frequently lost, the design departments nice big monitors frequently "walk" into the sales department), and we have no structured method to request help for basic help desk functions. I.E. we need a ticketing solution that is low cost/free. Most of the network hardware has been "piece mealed" together. I am not certain if this is a problem in itself, but it does create some issues when servicing the network.

Our security policy is non-existent (passwords never expire on admin accounts, print servers have passwords written on notes and taped to the monitors, etc...), as far as I can tell there is no central AV (!!!) in use other than windows defender and the firewalls/spam & virus firewalls. This last week I spent 2.5 days wiping hard drives, re-installing windows or guiding other IT'sh people ar remote offices how to do these steps. It is very time consuming and while this is typical help desk duties, I also have two other projects I am working on that need to be done this week.

We are running into problems with peoples Ipods/droids/etc...creating all sorts of unnecessary IP's and computer names in the AD that I need to later go and remove manually in order to keep our network uncluttered.

There are several other things I need to document yet, but you can get the gist of this. I am very new to IT on a whole and dont want to lead this charge into the boardroom without first having a plan to put into place. Overall, I feel like the entire organizations (bottom to top) needs some rules or policies to govern how technology is used and I dont think I am experienced enough to draft up these plans on my own.

Its a conundrum. I like the work place, the people and how they treat me but if I want to work here for a long time there needs to be some changes made not only for my sake but also for whoever takes this helpdesk role I am in as well as the organization.

So with all of that said, here is what I have been thinking. My direct boss is the VP and partial owner of the business. I am thinking of setting up a block of time to go over all my concerns and just "air it all out", gauge his response and see what he asks me to do or what he says. He has been very hands on with the IT department since 1999 so while I am voicing my concerns, it will very likely come across as criticism (from a paid intern).

Does that seem like a good way to approach this? Or should I keep it to myself for a few months and draw up some plans on my own?