Sign Up
All SecurityCyber-crimePatchesResearchCSO
All Off-PremEdge + IoTChannelPaaS + IaaSSaaS
All On-PremSystemsStorageNetworksHPCPersonal TechCxOPublic Sector
All SoftwareAI + MLApplicationsDatabasesDevOpsOSesVirtualization
All OffbeatDebatesColumnistsScienceGeek's GuideBOFHLegalBootnotesSite NewsAbout Us

On-Prem

Networks

Why have just one firewall when you can fire all the walls?

'Support monkey' turned network isolation job into a banana skin

Matthew JC Powell Mon 20 Nov 2023  //  07:32 UTC

Who, Me? To quote the ancient philosophers: "Monday Monday, dah dah dah, can't trust that day."

And so it is, dear reader, that we find ourselves yet again betrayed by the beginning of the working week and its requirement to spend the next five days exchanging your labor for currency (except of course for our American readers – Happy Thanksgiving). Fear not, though, for we can rely on The Reg to soften the blow with a dose of Who, Me? in which readers share their own tales of the treachery of tech.

For example, meet a reader we'll Regomize as "Charles" who once worked as a "support monkey" in a university Biology department. Fear not – Charles's role may have had a simian name, but he was there to fix tech, not to have it tested on him.

Fixing things was challenging, as Charles told us this team had a very broad remit indeed. "We did everything computer related – managed the servers and desktops, produced bespoke hardware and software packages for experiments, data recovery, software support, and generally acted like the computer concierge for the department's employees," Charles told Who, Me?, adding "If it had a CPU it was our responsibility."

One particularly challenging assignment followed the installation of an electron microscope. The microscope was controlled by a PC, and that PC in turn had to communicate with one other workstation, which was to be the "staging location" for data from the microscope. From there, data would be doled out as needed to whichever boffin needed it.

The PCs and workstations in the department were all networked, and it was vital that the PC controlling the microscope was not accessible from any other machine on the network. It was very new and very fancy, you see, so its usage had to be tightly controlled.

As it happened, the support monkeys had recently rolled out an antivirus/security package that included a firewall, and as Charles had helped with that project he was deemed a natural selection to set up the 'scope.

He sensibly began by studying the relevant documentation and scripting some firewall rules to achieve the required outcome.

Charles noted that the documentation was not exactly helpful: "Basically it was a list of the available variables and functions without any explanations or examples."

No problem, though – Charles was sure he was fit to survive this particular environmental change.

Having drafted a first pass at the firewall rules, he assigned it to a test group using the remote policy management server. Then he began testing the rules and found that, indeed, he could not connect to the microscope PC. Success.

Then, he found that he could not in fact connect to anything. At all. Suddenly Charles felt small. Very small. So small the availability of an electron microscope felt apt.

Then the phones started ringing and Charles realized with horror what had happened. In defining the test group via the management server he had accidentally applied his draft rules to every PC on the network.

Nobody could connect to anything.

Thankfully one of Charles's ancestors in the monkey colony had anticipated just such an undesirable mutation, and had permanently and irrevocably white-listed the policy management server – so it alone still had access to the rest of the network. Charles revoked his draft rule and the network came back to life before too many users went bananas.

Of course Charles did not go on to complete the project – it was handed to someone more suited to the task. (He thinks that ultimately a hardware solution was found rather than a firewall rule.)

If you have an anecdote like this – a time when your tech skills were not quite so brilliant as you might have hoped – we'd love to hear about it and turn it into a yarn to brighten some future Monday morn. Let us know in an email to Who, Me? and we'll make you anonymously famous. ®
Send us news
88 Comments

Enterprising techie took the bumpy road to replacing vintage hardware

Nice ridiculously redundant drive you've got there – what a pity if something …happened to it

Sysadmin's favorite collection of infallible utilities failed … foully

Unnecessary 'maintenance' turned into a fragging foul-up

IT sent the intern to sort out the nasty VP who was too important to bother with backups

Kid escaped from the executive suite without screwing things up

Bright spark techie knew the drill and used it to install a power line, but couldn't outsmart an odd electrician

Shocking problem turned out to be a frame-up

Shock horror – and there goes the network neighborhood

Curious tech learned an important lesson about keeping a grip in tight situations

After nine servers he worked on failed, techie imagined next career as beach vendor

Sadly (?) that idyllic outcome didn't eventuate even after some very risky repairs

That script I wrote three years ago is now doing what? How many times?

Whipping up a RAID repair nearly produced data doom

One door opens, another one closes, and this one kills a mainframe

The Reg brings you balanced coverage of retro-tech

Scripted shortcut caused double-click disaster of sysadmin's own making

Tech remembers why those safeguards were there there to start with

Lost your luggage? That's nothing – we just lost your whole flight!

Tech's second day on the job nearly saw his high-flying career grounded

No, no, no! Disco joke hit bum note in the rehab center

Techie tried to dunk on a co-worker, and found himself absolutely soaking wet

Chap blew up critical equipment on his first day – but it wasn't his volt

Where there’s smoke, there’s ire