RE: [ActiveDir] User Password Expiration
What about the use of a token based product, such as RSA SecurID? Each token can be used only once, meeting the requirement for auditable non-static passwords. http://www.rsasecurity.com/products/securid/datasheets/SIDMS_DS_0504.pdf Regards, J List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
Re: [ActiveDir] Very OT: Server room fire suppression
Our pre-action water system will only kick in when the temperature in that "zone" reaches a certain threashold. The heads are wax and melt. There is no water in the pipes until fire is detected, then they're flooded and are in stand-by until a head releases. We also have an FM-200 fire suppression system. This is not harmful to any equipment or to personnel. The problem is that these gaseous systems are typically a one shot deal. If it fails to extinguish the fire, or the fire restarts, you're SOL. Insurance companies (and most likely local codes) like to see the water system. Its not really there to save your data center. The pre-action water system is in place to save the rest of your building if your primary fails... We recently relocated and refurbished a 5000 sq data center. The previous owner only had water installed. Compared to the overall cost of data center infrastructure, I don't believe that the gaseous suppression systems are very expensive... they're not cheap :) When redesigning the room, I used Sun Blueprints "Enterprise Data Center Design and Methodology" book as a reference. I found it very informative. I highly recommend picking this up. Good luck, Jason Noah Eiger wrote: > Hello: > > I am outfitting a ground-up server room install for a medium-size business > (fewer than 200 employees). The entire building is being built from the > ground up. The architects claim that they have done many server rooms and > none have used anything but water-based systems. I also realize that "clean > agent" systems are very expensive. I have done some reading about > "pre-action water systems" that seems to allow a little delay before going > off. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
Re: [ActiveDir] worm (very very OT)
Mr. Cube, That depends. If you have a single switch, just sniff the network and as someone suggested, check the MAC address of anything attempting to hit port 1 on your own interface (assuming that the worm is continually re-scanning its local subnet - if not, and its just counting up from 1.0.0.1 to 255.255.255.254 - you'll want to mirror the port going towards your gateway). If the switch is managed, you can telnet or use the wbem interface to check the layer 2 forwarding database for that MAC. It will tell you which port the offending PC is attached to. Now, if you have multiple switches, this is not a very scalable troubleshooting method... If you can define ACL's on your switches, you could block port 1 traffic and log the offending packets. Regards, J >Date: Sun, 26 Dec 2004 09:06:53 +0300 >From: rubix cube <[EMAIL PROTECTED]> >Subject: Re: [ActiveDir] worm (very very OT) >Reply-To: ActiveDir@mail.activedir.org >do I need to mirror a specific port? Which one? >Why can't I connect to any availble port on that switch and sniff the network? >thanks >rubix -- Jason Hicks Senior Network Architect National Fuel - Buffalo, NY List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
