On my blog, in my labs, and on my videos I will frequently blow through foundation work across the board in blatant violation of best practices.
Ironically, even when I discuss subjects like backup or DR I will still not focus on holistic best practices like security.
When I’m doing this for real, I use a completely different lens. It’s critical to understand and focus on when you’re in a lab, and when you’re not. If someone breaks into your lab and screws everything up…you rebuild your lab. That’s what it’s there for. If that happens at work, you’re probably out of a job.
When I think about it in my presentations I will try to remind people that they should not infer from anything I do that it’s the correct way to do it.
I’m more of a macro scale guy. I want people who read my blogs, or watch my videos, to look at the whole picture. Then if they decide to emulate it I want them to try to figure out how to improve it.
Do your own due diligence, and follow the best practices you know and trust.
I will respectfully consider any suggestions, but ultimately when I’ve already taken 3-5 minutes to illustrate how to spin up a machine, I don’t want to lose my viewer spending another 10 minutes droning on about firewalls or firewall rules.
Please don’t assume because I’ve disabled firewalld or enabled a DMZ rule on my router that I don’t totally understand all the reasons why that’s a really bad idea.