It is completely irresponsible and without excuse for any main network operator/owner to not be completely aware of what each and every cable does which is connected to a switch/network router. If the owner refuses to determine this, they are responsible if there is a nefarious device on the network until they do. Wireless makes this much more complicated so any responsible admin will ensure the wireless network is completely isolated from the physical network and is privileged to only access the internet or separate devices.
This is a silly take.
People and orgs have a million reasons why their cables might be unlabeled. Shame on you for binary thinking without considering real world confounding factors.
It’s the thinking of someone who has only worked as places that are three years old and the person who built out the network still works there.
If you’re hired because the old person didn’t follow basic maintenance procedures, you’re still ignorant until you rewire or trace the whole company’s network.
What I am hearing is that is that it is not practical to expect network admins to be in control of their networks and sub-sequentially it is not practical to ensure no malicious devices are plugged into enterprise networks. Just because it’s difficult to do doesn’t mean it shouldn’t be done.
What you should be hearing is that it’s not necessarily irresponsible for somebody not to know something when they are inheriting a system, and that it’s totally reasonable to expect to encounter poorly done systems in the real world that need someone to fix them.
It’s often the case that somebody slapped something together in an area that wasn’t their expertise, it’s been noticed that it’s a real problem, and someone has been hired to fix that problem. The “not knowing” is often the reason they’ve been hired. Trying to sort out a real world scenario (while also handling other needs of the org) is almost definitionally Taking Responsibility. So let’s not shit on people trying to cleanup a bad situation by calling them irresponsible for not knowing.
Suif, you have a lot to learn my friend.
First is speaking in such absolutes.
The more senior I get, the more I realize there are often a multitude of reasons things are the way they are, and many times those are valid reasons, when seeing something that is broken.
Taking a beat before pontificating and making a fool of yourself will save a ton of heartache in your career.
When you see something so broken, ask yourself why? Then ask somebody else.
Some highlights from my career:
1) Last guy got cancer in the middle of a build.
2) Last guy worked his way up from one man help desk to Linux guru over 15 years all on his own, but was so busy putting out fires, he never had the chance to improve things.
3) Project started out as a proof of concept and was intended to be torn down.
4) Due to government contracts, the system has to be maintained exactly as delivered, no labels even allowed, and obviously no IT staff(?!) To make spreadsheets. Everything was paper notes by operators.
5) Pure laziness and incompetence as you alluded to.
All this to say, more often than not there is a good reason something is fucked up, finding out why may help you fix it (like in the case of politics, budget issues, firefighting, priorities, etc..)
Customer site, big insurance company. The started documenting cables and labeling them to get rid of old faulty documentation. Half way through their security department forced them to stop. Why? If an attacker gains access to the documentation he would have all the information he needed. So, the had three types of cables: old ones with faulty labels, cables with right labels and unlabeled cables. And then there was me, in the server room at 3 a.m. tracing a cable by pulling up floor tiles because the cable was handmade and the rj45 plug wouldn’t fit into the new switch we installed that night.
> Half way through their security department forced them to stop. Why? If an attacker gains access to the documentation he would have all the information he needed.
Some IT security departments have very confused ideas.
We moved into a building where the drop-ceiling had pretty much every generation of cable, going back to Twinax used by IBM 5250 terminals. Previous tenants had cut the connectors off and just shoved them up there when they moved out.
Network documentation in this case? No way. The only option is to pull it all out for recycling, and start over.
