Emmmm, I believe this post is meant for me to benefit from others with larger experience. I am a network admin in an ISP somewhere in d east and I manage 4 servers, about 60 wireless clients and a cafe of 40 systems. Not much? Love the IT sector and embrace the challenges that comes with it but I know am still lacking experience.

For now my greatest challenge is locking out unwanted clients I do use mac filtering but it's so had to do so effectively as the base I use at the moment only supports filtering for 20 clients. So I hide my ssid and use the filter list unwanted access instead of the other way round. So any idea as to how I would achieve a better WAN security will be appreciated.

I will also love to know more about linux.(how do I start)

I duf my hat for all of you guys.But i wish I could be A Sys Admin.I have been reading like hell on being a linux admin on the debian and redhat system .But microsoft technology I have not had the time . .I think linux will definately be better than microsoft in a matter of time.


Where do you guys think one can start for microsft TEchnology.Does getting a degree matter in being a good sys admin. in the main time i am enjoying my linux. , awk -f '{print $0}{print 'peace out'}';

@whimsical
Whimisical i cannot believe people still use mac filtering inthis modern days. Have you heard of macchanger.I can change the mac address of my linux box easily thereby hacking your wireless.

Try using a wep pack encryption on your wireless router though they say WPA is good all can be cracked .Just use a very strong passowrd so that aircrack-ng will be powerless against it.Use a 128bit wep key and it take like 4 hours or so to break

Password like ilin36mstr0982hy. A dictonary attack on this is impossible but not undoable.

Concerning starting linux you can request a free CD from shipit through ubuntu website it is a good distro.Also you can lay you hand on fedora 9 which they give out to the first 100 people every month. Get a book like linux a beginners guide.

PM for more info on any of this stuffs. I am still struggling but i have some tricks off my hat.

________________________________________________________________________________
[font=Lucida Sans Unicode][font=Lucida Sans Unicode][font=Lucida Sans Unicode][size=8pt][size=8pt][size=8pt]an unexamined life is not worth living, [/size][/size][/size][/font][/font][/font]

Greetings to all honourable administrators and future administrators. First of all i would like to give kudos to the poster, been a long time coming and this post came at the appropriate time. I also appreciate the contributions of everyone. I am currently training in oracle 10g at NIIT and i would really appreciate it if professionals in this field could advice on how and where on the internet i can get materials to get faster,better and deeper understanding of this field.  It would also be appreciated if contributors to this forum could come down a little to the level of people like me who are new to this field by explaining some of the terminologies or functions of devices or software they mention when making contributions. Thanks y'all. U r great!!!

Nice thread. This would stay on the front page always. Please guyz, u see anything that shouldn't be on the thread, u can use the "Report to Moderator" button.

@persist, Thanks a lot I had that in mind but the stress of going round to effect this change has been my problem. But it's obvious I don't have a choice. Having you on my list wont be bad. Here is my chat id: liveth4real@yahoo.com Thanks again

just to lighten up the sys admin thread a little.

There are four major species of Unix sysad:

1.The TECHNICAL THUG. Usually a systems programmer who has been forced into system administration; writes scripts in a polyglot of the Bourne shell, sed, C, awk, perl, and APL.

2.The ADMINISTRATIVE FASCIST. Usually a retentive drone (or rarely, a harridan ex-secretary) who has been forced into system administration.

3.The MANIAC. Usually an aging cracker who discovered that neither the Mossad nor Cuba are willing to pay a living wage for computer espionage. Fell into system administration; occasionally approaches major competitors with indesp schemes.

4.The IDIOT. Usually a cretin, morpohodite, or old COBOL programmer selected to be the system administrator by a committee of cretins, morphodites, and old COBOL programmers.
http://www.gnu.org/fun/jokes/know.your.sysadmin.html

HOW TO IDENTIFY YOUR SYSTEM ADMINISTRATOR:
SITUATION:
Low disk space.
TECHNICAL THUG:
Writes a suite of scripts to monitor disk usage, maintain a database of historic disk usage, predict future disk usage via least squares regression analysis, identify users who are more than a standard deviation over the mean, and send mail to the offending parties. Places script in cron. Disk usage does not change, since disk-hogs, by nature, either ignore script-generated mail, or file it away in triplicate.
ADMINISTRATIVE FASCIST:
Puts disk usage policy in motd. Uses disk quotas. Allows no exceptions, thus crippling development work. Locks accounts that go over quota.
MANIAC:
# cd /home # rm -rf `du -s * | sort -rn | head -1 | awk '{print $2}'`;
IDIOT:
# cd /home # cat `du -s * | sort -rn | head -1 | awk '{ printf "%s/*\n", $2}'` | compress

Well Well Well,
NITEL is on STRIKE!!!! and as a sys admin for an ISP, i need to augment and on our limited bandwidth on suburban and Gilat and possibly upgrade where necessary. We have a large chunk of bandwidth from Nitel and yes, we stick to nitel because their link is still relatively faster than suburban @ the same bandwidth per time. We're currently @ their mercy and am calling on the powers that be to pay their 7months salary.

its a whole lot of work here, what a way to start a monday morning,

@FBS
I wouldn't call this guy a manic some users are just pathetic after they you set the quota with company policy and give them soft limits and ignoring the hard limits thinking they are human .That if they log on to the server and see the message hard disk full grace period 6days .They still persist and load more file .Those set of people deserve to get their file removed. BUt the maniac should add the USERS name before this.WIPE THEM OUT CLEAN.AHAHAHA!

# cd /home # rm -rf `du -s * | sort -rn | head -1 | awk '{print $2}'`;

FOr those who might bot understand what FBS has writtern a litlle explanantion beloow
1. first change directory to /home (cd /home).

2. rm -rf--------remove recurciverly and force removal of file in the execeution of 'xxxxxxxx '
3.du -s * give disk usage of all
4.sort -rn -- sort the files by reverse order from highest to lowest
5. head . take only the highest
6. then print the 3rd column of the result but I THINK THIS OUGHT TO BE $0


<<WHO SAYS LINUX DOES NOT ROCK>>

persist:

@FBS
I wouldn't call this guy a manic some users are just pathetic after they you set the quota with company policy and give them soft limits and ignoring the hard limits thinking they are human .That if they log on to the server and see the message hard disk full grace period 6days .They still persist and load more file .Those set of people deserve to get their file removed. BUt the maniac should add the USERS name before this.WIPE THEM OUT CLEAN.AHAHAHA!

# cd /home # rm -rf `du -s * | sort -rn | head -1 | awk '{print $2}'`;

FOr those who might bot understand what FBS has writtern a litlle explanantion beloow
1. first change directory to /home (cd /home).

2. rm -rf--------remove recurciverly and force removal of file in the execeution of 'xxxxxxxx '
3.du -s * give disk usage of all
4.sort -rn -- sort the files by reverse order from highest to lowest
5. head . take only the highest
6. then print the 3rd column of the result but I THINK THIS OUGHT TO BE $0


<<WHO SAYS LINUX DOES NOT ROCK>>

kudos for the dissemination and yes Linus Rocks.

Hi Guys, great tread !!, i was previously with schlumberger and SNEPCO, but now i am based in Ireland.  I can see a lot of experience and intelligence on this tread, it's good to know that there are people out there who could hold up their piece of space wherever they might be and i hope more sysadmin from all over the world could log in and share their experiences.

I worked as a sysadmin for many years, i supported and maintained storage servers, such as Netapps, Sun, Linux, i also work with various Unix and Linux servers / workstations, backups where done by robotic libraries with Legato, Netvault and Veritas manager softwares.

But i  have to say the coolest stuff i ever did was the configuration and part installation of the 3D Visualization center in SNEPCO.

I have left sysadmin for some months now, but would love to share some experiences with you guys, for all its worth, well done to everyone on this tread. Once a sysadmin, always one. Take care.

Well done on this one guys. Hope this thread lasts as long as nairaland . I hope to learn a great deal here.

maybe folks can start posting questions/ issues that they are finding "hard" to resolve?

I will love to know how to set up a full FTP server on the linux system.I have VSTFP installed aand running but i don't even know how to go about it .Help appreciated.I am running 2 Redhat Enterprise 3 on virtual Box and 2 win xp box.

I wouldn't mind if i am pointed to a resource.

@temi900
http://cbt.googletoad.com/
http://exams.googletoad.com/
Search for whatever you want

@persist
just download and install LAMPP which is XAMPP for Linux boxes. You can choose to install only the FTP feature and leave out the rest. It comes handy with an FTP server known as Filezilla which is pretty lightweight but gets the job done. Its easy to set up. and use on the fly.

Administering your organisations Intranet

Does any one have any experience administering your organisation's intranet? I'd like to know how you have implemented the intranet in the first place - the technologies used, operating systems it runs on etc. Also any challenges in running it? Note: I don't mean the actual design etc of the intranet pages, I mean the server it runs on, the web engine, the technology used (eg MS Sharepoint, Netweaver, IIS, Apache etc).

I have implemented this in a couple of organisations and currently administer one that uses Internet Information Server (IIS) version 6 running on Windows 2003 Server R2. Quite a mix of technologies though - the web server is IIS, but a lot of the applications hosted on the intranet actually are Lotus Domino applications. Any one with Domino experience?

The choice of Domino for applications is because the organisation I work for has several sites around the world, and the information on the intranet needs to be the same for all the sites. The intranet can be hosted from a single site in a scenario where all other sites simply connect to it, but there are obvious bandwidth issues. So to ease this a bit, we looked for a technology that could help replicate copies of databases to several sites quickly and efficiently - which Domino (we use version 7.01) does very well - so that each site has an up-to-date copy of the databases.

The idea now is that when a user in a remote site tries to access the intranet, their location is immediately retrieved and once it is determined by the redirection agent (running on IIS) via IP address, they are sent back to their own local site, so they browse a local copy of the database they want, saving much-needed bandwidth.

By the way, anyone with MS Sharepoint experience or Netweaver experience?

What's your intranet implementation experience?

kudos guys. . . keep the thread running and positive. 
To the gurus: Thanks a bunch for answering questions.
To the well, shall we say newbies?  - keep those questions coming and thanks a bunch.

Nice Thread we got here!

I love the posts and response so far from a whole bunch of IT Admins be it beginners or Pros.

I have had about 10 years in IT covering different areas but I now specialise in Networking (Wired or Wireless), NT Security, RF Configuration, VSAT Setup (Ku or C-Band of all sizes but Mainly C-Band), Satellite Communications, Linux Servers (Red Hat, Mandrake e.t.c) and the one I love most Mikrotik Router OS (There are thousand and one things you can do with this machine)

Nice thread,i'm a Network and Systems Admin (NSA).I manage 6 servers and about 4 computers.I'm a Certified Microsoft Professional and ITIL Certified.

Its really interesting been a systems admin,cos i manage both users and computers.

FBS:

maybe folks can start posting questions/ issues that they are finding "hard" to resolve?

I quite agree - now we know we have people using different technologies, we could all share and learn. So any questions are welcome on this thread! Perhaps I should add one myself - my organisation is in the process of testing out a Voice Over IP (VOIP) implementation of a new telephone system at the headquarters site. The aim is that a new voip-enabled telephone set will be issued out to replace current ones. I am sure quite a lot of people are familiar with voip phones in offices.

The way it should work is this - the phone sets will also have a, RJ45 socket, into which a user will connect their pc. So every user will be connected to the network via the telephone set, which effectively now acts as a hub, and from there to the main switch. I know this works, because I used it in a previous company – but with a much smaller number of users.

My concern though is not with the telecoms side, though that matters of course, but the computer network side, with regards to network performance degradation - for example, a lot of applications, even operating systems are installed over the network. What effect will the network traffic on an already busy network have on telephone calls - or vice-versa? If all users are on the phone at the same time, for example, will that slow down my software updates or server builds over the network?

As I said, we will be doing a proof of concept to test all this, but I just wondered if anyone out there has had any experience with this sort of scenario, and if so, please share.
Thanks!

THIS IS A WELCOME DEVELOPMENT IN NAIRALAND
I am a network Eng. for almost a decade and i love the job with passion. I will like us to duel on issues and scenarios. No much talking.
@ xanadu.
I dont think the VOIP will affect your network or bandwidth if a thorough configuration is been made. It also depends on your ISP and the voice gateway. You can give Voice higher priority than data in your configuration i.e (qos). you can allocate some specific percentage of bandwidth for voice alone lets say 24%. In this way u will hv a quality voice call and optimal data transfer. All this can be done in cisco router if u are using it. Your ISp can also help u.

@IT_GURU
Pls is it possible to setup active directory with mikrotik linux server. I mean the MT will be the DHCP, domain server and the DNS. Can I also block some site like facebook with MT ?? Pls help

@xandu - as i was composing this mail i saw d post from sholasys, he's sure highlighted a few salient points.

Welll, its true that a lot of offices have embraced voip as a way to cut down on cost (on the long run) for certain categories of calls.
to your question:- concerning network performance degradation, well the converse is d case. Please permit me to explain some basics. Voip packets are transfered thru the network in continuous streams (synchronous) unlike data traffic which are bursts. voice packets need to travel without any breakages or interruptions, and they need to be assembled in the right order - this accounts for alot of incomplete sentences or inaudible words been heard if you've use voip on a low bandwidth platform before. VOIP packet need a priority to be set for it if you have a bandwidth manager deployed in your office network - this ensures that it takes priority over any data traffic because the converse is the case by default, and for a good 2--way conversation, there ought to not to be "JITTERS" (variable delay), so that there's a constant latency during converations.

You'd agree with me that usually when we use the net, the network isnt doin much in terms of data packet trannsfers all d time e.g when we'er typing an email, except we're downloading. this is quite different for voice traffic, cos even when you're not speaking, continuous silent streams are sent to make up for the voids.

Best practice is to speperate voice traffic if the network is really chatty. My advice is get a reliable bandwidth manager and set the appropriate QOS giving priority to voice traffic, better still UPGRADE your existing internet bandwidth, seek a 1:1 contention ratio and set a limitation on data traffic incursion.

The effect on your network will be minimal, but the effect on your VOIP will be GROSS
if adequate measures arent taken.

i hope this benefits all, just my 2cents.
!!!!Big up to this thread!!!

Thanks for your clear and concise response, @mikkyphp.

Yes, this sort of thing will always depend on ample bandwidth, which I believe we have. Of course one still cannot help but hope nothing goes wrong to critical 'over-the-wire' installs if the company does agree to go with the solution. Many thanks again for your response - I am certain many will find it interesting and informative.

Well there you go - it appears that Nigeria's best IT admin minds are here on Nairaland - I am sure we will learn so much from one another here!

this is an inte resting thread

and here is my contribution

Aliyu Ahmed Ahmed
network Security Advisor
ahmedu2020@gmail.com
08036241983






THE BEST SYSTEM ADMINISTRATOR

System Administrators are the people responsible for making computers work in the field. They are also responsible for the uninterrupted operation of the computers to take care of the business needs. System Administrator's knowledge on System security loopholes and their implications on business they are managing is a good asset to any Enterprise/Company. By following simple practices during their administrative functions, they can build secure and productive systems. These also help in reporting security incidents at an early stage and taking corrective measures.

Anywhere there is some sort of human activities, computers are needed and then system administrators to administer them. A system administrator is almost the most sensitive personnel in any organisation and I am saying this from experience. they have access to a lot of information from all departments in the course of troubleshooting systems. Some they see intentionally( probing) and some unintentionally(accident).I use to work as a system administrator in some big organisation and when troubleshooting systems I accidentally see stuffs like my GM's salary, the accountant's salary, the HR's CV or some love email letter written by my GM for his mistress on his laptop. In this regard the activities of the system administrators need to be watched closely by business managers. Business managers are scared of confronting the system administrator for the fear of the technicality of his job, most especially when the system administrators use technical terms to scare them. As a business manager , you need not turn the other side to the activities of your system administrator; give him room to exert all his technicalities but you need to know that you are his supervisor. Let me give you a lead, tomorrow when you resume work call your system administrator and ask him the following questions:

1. Do you have a diagram that shows what connects to where and how, with device IP addresses, names, locations etc listed on it?
2. Do you have an IT asset inventory?
3. Do you have a list of hosts, MAC addresses etc and their locations?
4. Do you have copies of the current configurations copied from all your network devices and burned to a CD in a fire safe?
5. Do you have network traces, traffic graphs etc taken during normal operation as a baseline?
6. Do you have a proper listing of all your WAN circuits/ISPs along with the contact details of the provider and the information you'll need to give them when reporting a fault?
7. Show me a script detailing your backup and disaster recovery plan.
8. Are all cable terminations labeled?


If he cant provide answers to these questions then you know someone somewhere is not doing his job. These issues are lifesavers in any computer network, because during all those slack days when things are running smoothly, your system administrator is not suppose to play doom or surf the internet but spend the time documenting his network:
Also, gone are the days where the IT department is just one flat department . These days the IT department is suppose to be sub divided into: Help Desk, Database, Networking and software/web application development department. Every IT complaint will first go to the helpdesk which will be routed to the appropriate IT sub department. Below I present a reminder as regards to best practice by system administrators:
Learn about your system
• Read appropriate security bulletins available from the vendors
• Subscribe for security bulletins from vendors and security advisories
• Understand each security issue with relevance to your configuration and environment
• Routinely monitor the IT website for updates and announcements
Define critical hosts
A critical host is a machine which, if compromised, could significantly harm the organisation including, but not limited to: reputation damage, interruption of a critical task, disclosure of confidential information, and legal liability. For example, any machine that may contain confidential data, medical records, payroll information, students transcripts, social security numbers, etc. "What are you trying to protect?" is a good question to ask before defining critical hosts.
Isolate domain controllers.
Update anti-virus software
Anti-virus software is available to staff at no cost. It is important to develop appropriate virus detection and eliminate the threat for servers.
Automatic updates to anti-virus software is essential to ensure new viruses are caught in a timely systematic fashion. It is a systems administrator's responsibility to ensure anti-virus definitions are up to date.
Protect passwords
• Use lengthy smart passwords (minimum length enforced)
• Make it for you to remember and hard for others to guess
• Use non-dictionary words
• Never store password as plain text or write it down on a paper
• Configure password-aging feature
• Use shadow password feature
Configure only essential services
• Maintain your servers with the minimum necessary services and packages
• Install only essential components, which are required for running the services and applications
• Remove any extra service running on your server
• Offer only essential network services and operating system services on the server machine
• Close unused TCP/UDP ports
• "Deny first, then allow"
• Remove old accounts
• Do not provide more access to system resources than the user needs
• Do not ignore warning signs- batteries, server restarting etc
Update your systems
• Patch, patch and re-patch
• Learn about the patches before applying them
• Remember to patch after a rebuild
• Apply the latest service packs
• Install latest updates and vulnerability hot fixes
• Make sure to update applications, not only operating systems
• Configure account lockout policy
• Isolate domain controllers
• Rename administrator’s account
Protect your systems from spyware
Spyware and adware pose security, privacy and productivity risks. It is important to keep your system protected from such malicious programs and protect your servers (where possible) with appropriate anti-spyware tools.
Use a firewall
A firewall is considered a high-risk network device. It helps you govern the network traffic to and from your network, needs monitoring in real time, and serves as a primary line of defense against external threats. Make sure to document any change made to the firewall configuration.
Define secure access policy
• Configure computers for user authentication
• Configure servers with appropriate object, device and file access controls
• Configure server for secure remote administration (VPN providing encryption and secure authentication)
Physically protect your servers
• Allow only appropriate physical access to computers
• Do not leave console logged in at any point of time
• Configure "time out" feature on your console system
• When you are away, system administrator console should be locked
Ensure data security and integrity
• Encrypt sensitive data where possible and needed
• Replace insecure programs with secure ones
• Avoid storing clear text passwords and private keys
• Securely remove data from storage media
Monitor your system
• Read your log files (hackers read them too)
• Use Log Analyzer
• Scan your systems periodically using appropriate tools (scan, evaluate, update, correct, and re-scan)
• Enforce access control rules for users / user restrictions
• Remove old accounts from machines
• Run MBSA regularly
• Check logon auditing
• Don’t make yourself indispensable by hiding knowledge from your helpdesk personnels
Document configurations and disaster recovery
• Document any changes in the system configuration
• Document (in steps) a disaster recovery plan and share it with your IT staff
Have a backup plan
• Make sure you have a tested backup strategy
• Keep your plan up to date by at least annual evaluation
• Train operators that work with you (if any)
• Plan for the worst, this should be part of disaster recovery plan
• Test the backup media, replace it if it needs replacement and don't take risks
• Identify what data needs to be backed-up (prioritize the data)
• Data should be backed up at least once a day, other data might need more frequent back-ups per day
• Backup media should be kept in a secure locked storage to prevent theft or tampering with stored data
• Password backups

Also, understanding the core of the OS is a necessity to understanding how attacks are structured. Most system administrators don’t know what goes on inside their operating systems. As system admins we have to go beyond just knowing how to administer our operating systems, we should posses the ability to see the bits off the wire, know the kernel architecture and how it keeps track of background processes, so as to help improve overall performance, and help the kernel whenever possible.

I am going to look into the operating system’s kernel but in a capsule. The kernel is the core of every operating system and it’s a process itself that controls other processes in the OS. A process is the execution of a program even though a program can initiate several processes: meaning several processes may be instances of one program. When you are browsing and you open various tabs on the taskbar, each tab represents a process. The Kernel has a process table that keeps track of all active processes and it communicates with other processes and the rest of the world via what we call the system calls

A process runs in two modes:

1. User mode: Can access its own instructions and data, but not kernel instruction and data
2. Kernel mode: Can access kernel and user instructions and data. When a process executes a system call, the execution mode of the process changes from user mode to kernel mode





I did mention that the kernel is a thread of execution—just like any other process. However, the kernel runs in a privileged mode. It can see the physical memory of the machine, and it can see all of the physical devices and ports. In addition to ruling over system memory, the kernel rules over all of the peripherals. These resources are too precious for you to allow a user process to touch them directly. Thus, the kernel provides various services that grant user processes access to these devices. The file system is a perfect example of a resource that user processes access frequently. The kernel enforces security restrictions so that users can’t gain unauthorized access to another user's files.


In the figure above you can see the kernel as being divided into two separate functional blocks. The lower functional block would consist of the device drivers, the virtual memory manager, and the scheduler. The upper functional block would consist of the system call processing functions. User processes view this part of the kernel as a library of service calls.

Service calls must communicate asynchronously with the lower level, but user processes don’t need to worry about how this communication occurs. A user process assumes that the system call is synchronous. For example, if a user process wants to write a large block of data to a file, the system call returns immediately, believing that the data have been written. The operating system may cache these transactions for several minutes before actually writing the data to disk. This caching allows the system to operate more efficiently as a whole. If it didn't work this way, the user process would have to wait for the write operation to complete or it would have to poll the operating system in order to make sure that the action actually happened.






The above is a UNIX platform, in Windows platform; let’s look at a program like Microsoft Word which when executed as a process could give birth to other instance of the same process(documents).





The question now is how comes about process 1, 2 and 3 in Microsoft word, and how does process 1 know what set of resources are been allotted to the program Microsoft Word while executing the program. Actually, it is the Window API functions such as createprocess, ntcreateprocess, createprocessasuser that are responsible for creating process 1, 2 and 3 within the Microsoft Word program. Each Windows process is represented by what we call the Executive Process Block (a.k.a Eprocess). Eprocess block has the ‘attributes’ of the process and other related data structure like Kernel Process Block (KProcess) and Process Environment Block (PEB).

In order to understand all these terms, we need to download a debugging tool for Windows and start windbg.exe in the kernel debugging mode. Some of these commands will give you a clear view of the data structure.

1. dt_Eprocess command gives the Eprocess data structure
2. dt_Kprocess gives the Kernel Process Block
3. !process give the address of PEB



When you use a debugging tool to view the kernel process block, you will see fields like: dispatcher
Resident kernel stack count
Default thread quantum
Thread seed

Attribute field like the image filename and image base address are two field in the Process block that will let process 1, 2 and 3 know the resources used by the Microsoft Word program. Since the createprocess function creates the instances of process 1, 2 and 3 lets now see the stages of the process creation



Stage 1: open EXE and create section object

Stage 2: create Windows Process Object

Stag 3: create Window Thread Object

Stage 4: notify Windows subsystem

Stage 5: start execution of the internal thread


In our example above since Microsoft Word is an executable file in Windows (winword.exe), it is used directly in the createprocess. However if the image is a non windows program createprocess goes through a series of steps to find a Windows support image to run it, then the createprocess calls a second function call ntcreateprocess to create a Windows Process Object which will run the image

Understanding and maneuvering the operating system kernel makes you an extraordinary user. You can play around with the virtual address space for any process and can even make a virtual address translation to the physical memory. The above explanation of the operating system kernel is by no means comprehensive because there is a lot of misery attached to the working of the operating system kernel.

Lastly but most importantly, business managers need to know how to terminate the job of their system administrator. At the friendly or unfriendly termination of the job of a system administrators, he or she should be escorted by security personnel to his office to pick up his belongings and leave. It sounds some how but honestly speaking it is best practice. At the same time, an account administrator should be disabling appropriate resource accounts and all passwords should be changed. Under no circumstances should the now former employee be allowed access to any information resources from the time he or she is terminated to the time he or she is escorted to the door.

I love the idea of this thread, so glad to see something that makes Brain.

I just finished my MCSE program with NIIt and am looking forward to writing my Windows Xp by next month,, but there's an issue,not the xp really , but after the Xp i hope to write Windows Server2003, and i think i'll be needing a real live workstation Vs Clients experience to succeed, how is dat gonna be possible as i aint working yet, anybody here who has made it by just reading texts and dumps?

I'd like a kindhearted/Experienced guy like Xanadu or some good fella to be My GODFather in this career i've chosen,to guide me and to advise me personally on whatever i may/will be needing.

I hope to be like you professional sysadmins before the year runs out.

One Love and lets continue Pinging!

sholasys:

@IT_GURU
Pls is it possible to setup active directory with mikrotik linux server. I mean the MT will be the DHCP, domain server and the DNS. Can I also block some site like facebook with MT ?? Pls help

Ofcourse, you can setup Mikrotik for DHCP and DNS Server to act as a router and name resolving and as a tranparent proxy client for network. It has a whole lot of features like QoS (Bandwidth management, Firewall Packet Filtering (Which you use to grant/deny access, restrict or block applications, sites, ports MAC addresses, IP or Range of IPs.

It can also be used as a Hotspot Server for WiFi Networks or can even act as a Bridge between 2 networks and many more other features.

Hope the Information finds you well.

Folks, I say keep bashing the thread with intelligent questions and answers. BIG UPS!!!
@Scorpio1 : certification is good, but any seasoned sysadmin will tell you that you wont feel like a "real" sysadmin until you get into the nitty witty. i.e experience!!!

Like you have said, you need to put the theory into practise by getting a live workstation and if you have the resources, you can setup a home networtk of 1-2 computers and start firing from there.

A working environment will suit you most because by the time people will start screaming at you to come and fix this and that and ALL AT THE SAME TIME, you may likely forget everything you have read.

FBS:

Like you have said, you need to put the theory into practise by getting a live workstation and if you have the resources, you can setup a home networtk of 1-2 computers and start firing from there.

Well said, @FBS. Nothing beats hands-on experience.

@scorpio1, a very good step to take is what FBS suggested - try to get a home network of at least two computers. This is a positive step even if you already have a job doin 'real-life' systems admin as it will help you practice - but moreso if you havn't yet started working in a 'production' environment.

As far as Microsoft technologies go, you have the opportunity to download free and fully-working evaluation versions of their software, valid for 180 days. This is a most valuable tool. If you are a Linux admin, then it is even easier as then you can take advantage of the open-source 'world'.

Once you have that sort of home network going, it will simply be a matter of carrying out different tasks using different admin tools. It will never be the same as, say, a 100-user environment, but it will certainly set anyone in the right direction, and provide guidance.

As far as mentoring goes, I am positive that on the evidence of the sort of posts we have had here so far, there will be no shortage of people to answer questions any one might have.

I am quite excited for you about your forthcoming Windows 2003 Server exams - I wish you well. I personally believe it is a great OS, and MS have addressed quite a lot of issues there existed in previous servers.  Reading texts and dumps might make you pass - but at the end of the day, as we have all said here nothing beats real-life experience, whether at home or in an organisation. If there are any specific questions you might have regarding your forthcoming exams etc, please don't hesitate to post them here. Good luck!

Umm, Interesting thread.
A Systems/Network Administrator (with more emphasis on networking) reporting for duty. New to this forum, actually my second day.


Currently supervises operations for an IT consulting firm with diverse client base; from Attorney's, to Health Care providers and even Pizza company . So there is no boring day at the office as they all have different needs which require different solutions. We also have a web hosting company with about 48 web servers, a combination of Linux (Mostly CentOS) and Windows 2003 server, some of which are running on VMWare ESX. If clients are not screaming on the phone about their intranet issues, you can be sure some script kiddies from Asia will be trying to breach your web server security.

You have to LOVE doing this job, the education will lay the foundation but it is your passion for the work that will be your true ally. Resourcefulness is another trait you've got to have, You have to be prepared for many sleepless nights, some of which you cant even bill or get paid for. I cant remember the last time i went to bed at 2:00am (holidays/vacations aside); that has to be before i started playing "Where in the World is Carmen Santiago" and "Wolfenstein 3D" on my 20mhz 386 back then  . It is all an effort to be good at what i do, after all, "Anything worth doing is ,  "
I have seen so many administrator get confounded at little issues solely because they have no clue where to start troubleshooting, they forget a system running smoothly is bound to cough someday. The system will eventually come back up but the question is when. To avoid extensive downtime you've got to think ahead and always have a backup plan especially when everything else fails. Take for instance in our data-center we have at least a spare of every hardware from Router to memory modules at any given time and our clients data are not just protected using RAID configuration, we go further by implementing continuous backup solutions preferably offsite where possible. There are always those companies that are cheap or cash-strapped but at least let them know so they don't come back and lay the problem at your feet, when katakata burst.

Well that is my 2 kobos, hopefully i will be able to visit here often to share ideas and learn new things, because we can learn from each other no matter when you started.What you were encountered on your first day at work may turn out to be what i have to deal with tomorrow. It will be easier if it is not all in one thread though, because questions and the proffered solution is bound to get all muddled  up in-between replies.

whimsical:

For now my greatest challenge is locking out unwanted clients I do use mac filtering but it's so had to do so effectively as the base I use at the moment only supports filtering for 20 clients. So I hide my ssid and use the filter list unwanted access instead of the other way round. So any idea as to how I would achieve a better WAN security will be appreciated.

Your wireless network is grossly insecure and would have been an soiler's playground in a more developed country. It is very important to sort out your access control issues because it could be a potential source of legal liability for your company.

I would suggest you read up the documentation that comes with your radios (both CPEs and your base station) to find out if they support 802.1x authentication on WPA or WPA2(If they are manufactured after 2003, they should but if they don't you might have to convince someone higher up that an upgrade is needed, don't worry if they don't listen just keep praying the company doesn't fall victim of Murphy's law).

If they do then you need to install an AAA (Authentication, Authorization and Accounting Server) of which a good one is the Internet authentication service (IAS) present on every Windows server from Windows NT 4 up to 2003 (haven't checked out 2008 yet) and configure pass through authentication to the IAS server.

What you gain, is the ability to authenticate wireless users with a user name and password unique to each individual and also keep track of connection times, IP address allocation etc (which can be useful forensic data for network misuse investigation) it also transfers liability from your company to the individual users whose responsibility is now to secure the unique authentication information (passwords and usernames) given to them.

Beleive me when I tell you that you need to get rid of any mac filtering, WEP keys e.t.c Your network wouldn't last a day before it is breached if it was close to some Universities or Colleges in a developed country where high school script kiddies are eager to try out the newly released soiling and cracking tools easily accessible on the net.