RE: Small/Mid Firewall?
I agree with Andrew … I’ve been configuring the Juniper ‘screens for years now, including the 5GT and SSG 5 that replaced it. Granted, the Juniper is very different from a Cisco PIX/ASA firewall, and different from Checkpoint. I wonder if extensive knowledge of some other brand of firewall is what is causing your minions problems with the Juniper. Erik Goldoff IT Consultant Systems, Networks, Security ' Security is an ongoing process, not a one time event ! ' From: Ben Schorr [mailto:b...@rolandschorr.com] Sent: Friday, December 31, 2010 1:16 AM To: NT System Admin Issues Subject: RE: Small/Mid Firewall? Well, to be fair *I* haven’t looked at it yet myself. It’s been in the hands of two of my junior people; at least one of whom is generally very capable and has deployed several other firewall/routers of other vendors in the past. But he’s spent the better part of all day trying to get the Juniper working and finally has resorted to having Juniper tech support remote in and try to get it working. Apparently even the Juniper support person has spent quite a bit of time wrestling with it to only mixed results. It gives me some pause that even a Juniper support engineer would struggle with getting this unit configured. But I’ve still got 2200 more pages of the manual to read so… Ben M. Schorr Chief Executive Officer __ Roland Schorr Tower http://www.rolandschorr.com/ www.rolandschorr.com mailto:b...@rolandschorr.com b...@rolandschorr.com From: Andrew S. Baker [mailto:asbz...@gmail.com] Sent: Thursday, December 30, 2010 8:15 PM To: NT System Admin Issues Subject: Re: Small/Mid Firewall? Really? IPSec VPNs are one of the easiest things to configure on those devices. In fairness, however, I've been using Netscreen devices since Feb 2000, so that might simply be familiarity talking. The VPN wizard is very straightforward ASB (My XeeSM Profile) http://XeeSM.com/AndrewBaker Exploiting Technology for Business Advantage... ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Small/Mid Firewall?
All of these vendors have a methodology that you have to get used to so you can see things as they see them. Unfortunately, many of them are hiring junior support people, so it's not surprising (although quite annoying) that there's some slow going there... *ASB *(My XeeSM Profile) http://XeeSM.com/AndrewBaker *Exploiting Technology for Business Advantage...* * * On Fri, Dec 31, 2010 at 1:15 AM, Ben Schorr b...@rolandschorr.com wrote: Well, to be fair **I** haven’t looked at it yet myself. It’s been in the hands of two of my junior people; at least one of whom is generally very capable and has deployed several other firewall/routers of other vendors in the past. But he’s spent the better part of all day trying to get the Juniper working and finally has resorted to having Juniper tech support remote in and try to get it working. Apparently even the Juniper support person has spent quite a bit of time wrestling with it to only mixed results. It gives me some pause that even a Juniper support engineer would struggle with getting this unit configured. But I’ve still got 2200 more pages of the manual to read so… Ben M. Schorr Chief Executive Officer __ *Roland Schorr Tower *www.rolandschorr.com b...@rolandschorr.com *From:* Andrew S. Baker [mailto:asbz...@gmail.com] *Sent:* Thursday, December 30, 2010 8:15 PM *To:* NT System Admin Issues *Subject:* Re: Small/Mid Firewall? Really? IPSec VPNs are one of the easiest things to configure on those devices. In fairness, however, I've been using Netscreen devices since Feb 2000, so that might simply be familiarity talking. The VPN wizard is very straightforward *ASB *(My XeeSM Profile) http://XeeSM.com/AndrewBaker *Exploiting Technology for Business Advantage...* * * On Thu, Dec 30, 2010 at 10:01 PM, Ben Schorr b...@rolandschorr.com wrote: Update: We went with the Juniper SSG-5. I think we’re going to like it but good grief this thing is complicated! We’re having to open a tech support incident with Juniper just to get the IPSEC VPN configured. The manuals we downloaded for it are almost 2300 pages long! I look forward to getting up to speed on this device, it does seem very capable. Just a learning curve like an alp. J Ben M. Schorr Chief Executive Officer __ *Roland Schorr Tower *www.rolandschorr.com b...@rolandschorr.com *From:* Andrew S. Baker [mailto:asbz...@gmail.com] *Sent:* Saturday, December 11, 2010 4:05 PM *To:* NT System Admin Issues *Subject:* Re: Small/Mid Firewall? Fortinet 50B Juniper SSG5 *ASB *(My XeeSM Profile) http://XeeSM.com/AndrewBaker *Exploiting Technology for Business Advantage...* * * On Fri, Dec 10, 2010 at 3:20 PM, Ben Schorr b...@rolandschorr.com wrote: What’s everybody recommending these days for the small/mid-sized firewall? I have a client with about 75 users scattered across three locations. They’ve been using a SnapGear SG580 at their central location but it died this morning. Needs: · IPSEC PPTP (or L2TP) VPN support · Dual WAN capability with load-balance/failover. · Preferably under $800 We looked at the NetGear ProSafe line but were wondering if there’s anything better? Not a huge fan of SonicWall and their “pay per user” model. Ben M. Schorr Chief Executive Officer __ *Roland Schorr Tower – Flagstaff Office *2700 S. Woodlands Village Blvd. Suite 300-371 Flagstaff, AZ 86001 928-377-5630 Fax: 808-533-3677 www.rolandschorr.com b...@rolandschorr.com ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Skype
It appears that this discussion is no longer germane to your original post. At the very least you're not finding agreement with your point of view. In your OP you said you were being forced to accept Skype. It's doubtful that any security concerns you raise will cause management to change their mind. Their decision has been made, you make it happen, share your security concerns so they're noted for the record, implement their requested software based on the business need and move on. As one of the partners in my firm loves to say, don't show my the pain, show me the baby. Once he's made up my mind, it is going to happen, regardless of any subordinate's[1] wishes. This is all very familiar[2]. [1] I have had success in raising concerns to other receptive partners and having him back track, but that's a political move, not a technical move. [2] Have we had a similar discussion before? On Fri, Dec 31, 2010 at 2:01 AM, Kurt Buff kurt.b...@gmail.com wrote: True, but... As I'll keep hammering on - the traffic for other apps is much more transparent than that for skype, and NIDS systems, such as snort, etc., can help with the other apps, but absolutely cannot help with skype. Kurt On Thu, Dec 30, 2010 at 21:28, Andrew S. Baker asbz...@gmail.com wrote: It's also precisely how exploitations begin, not merely DoSes. Well then, it's a good thing that none of the other software we use ever behaves like that. ASB (My XeeSM Profile) Exploiting Technology for Business Advantage... On Thu, Dec 30, 2010 at 11:29 PM, Kurt Buff kurt.b...@gmail.com wrote: It's also precisely how exploitations begin, not merely DoSes. On Thu, Dec 30, 2010 at 14:51, Andrew S. Baker asbz...@gmail.com wrote: Really? A delay in response causes a crash in client software? Really? Isn't that precisely how a DoS works? Did you read the whole article or just the summary?The client software, as you noted before, is operating in P2P mode, so it is both client and server software, depending on the type of activity being performed at that time. While a regrettable problem, it wasn't inconceivable that something like this could happen if things lined up right. ASB (My XeeSM Profile) Exploiting Technology for Business Advantage... On Thu, Dec 30, 2010 at 5:02 PM, Kurt Buff kurt.b...@gmail.com wrote: Oh, and I just saw this: http://blogs.skype.com/en/2010/12/cio_update.html: On Wednesday, December 22, a cluster of support servers responsible for offline instant messaging became overloaded. As a result of this overload, some Skype clients received delayed responses from the overloaded servers. In a version of the Skype for Windows client (version 5.0.0152), the delayed responses from the overloaded servers were not properly processed, causing Windows clients running the affected version to crash. Really? A delay in response causes a crash in client software? Really? I'm glad it's fixed in the newest versions, but wow... Now, I must qualify my concern - I don't care nearly as much about skype on phones - they're not going to live on my production network, and phones running Good software have corporate data relatively well protected. Smartphones will live on a guest network. It's the workstations I'm concerned about. Kurt On Thu, Dec 30, 2010 at 12:25, Andrew S. Baker asbz...@gmail.com wrote: What's your main concern with Skype? What aspect of security is your focus? ASB (My XeeSM Profile) Exploiting Technology for Business Advantage... On Thu, Dec 30, 2010 at 3:15 PM, Kurt Buff kurt.b...@gmail.com wrote: This is pretty old, but I'm now being forced to allow skype on our network, and I'm pretty unhappy about it.. Ken, is your firm still allowing skype, and if so, can you speak to what your security folks did to make themselves happy about allowing skype? Has anyone else here done a security review that gave them a decision one way or the other about allowing it? Kurt On Thu, Jan 15, 2009 at 08:12, Ken Cornetet ken.corne...@kimball.com wrote: We are deploying it here to a few users. I’m using group policy to turn off being a supernode, downloads, listening on tcp ports, and 3rd party access to the Skype API. Our security folks reviewed it and are happy. From: Tim Evans [mailto:tev...@sparling.com] Sent: Thursday, January 15, 2009 11:01 AM To: NT System Admin Issues Subject: Skype Has anyone looked at Skype recently? We’ve got a client that wants us to use Skype for communications with them. I’ve always been a little leery of using them in a business environment, but looking at it now, I see they have a MSI download
Re: Skype
*I submit, however, that another animal is a powerful and relevant metaphor here - the black swan.* Metaphors are nice, but we have limited time to focus on them to the distraction of actually *doing* things. Fact: The internet is a rough and tumble environment, with lots of threats about, and the number grows steadily. Fact: There is significant business benefit to be had by way of the internet, so the existence of threats is not the end of the story. *For web browsing I do use as many mitigating technologies as I am allowed to use for web browsing as I can, but we've basically lost the battle on that front. This doesn't mean that we shouldn't keep fighting.* No, but it does mean that your organization is willing to take on some risk in conducting its business. It also means, more importantly for this discussion, that even without the ability to suitably (to your satisfaction) mitigate all threats, you have not succumbed to every threat. This is likely to be true with other technologies beyond browsers. I'm not asking you to forgo security entirely. I'm saying, Articulate some key risks that pertain to your environment and are PROBABLE, rather than HYPOTHETICAL, and we'll seek to help you find ways to mitigate them. If you'd rather focus on waxing philosophical about potential risks in general, then there is little we can do to help you, and your ability to effectively prevent your organization from deploying this technology widely will approach zero. *For instance, I've proposed... I've gotten funny looks and a denial.* And they are likely to continue looking at you like that if you are unable to show why the cost and complexity you propose is worth risks you cannot otherwise articulate. *ASB *(My XeeSM Profile) http://XeeSM.com/AndrewBaker *Exploiting Technology for Business Advantage...* * * On Fri, Dec 31, 2010 at 1:58 AM, Kurt Buff kurt.b...@gmail.com wrote: It's good you don't equate ubiquity with safety - the apocryphal lemmings are a poor example. I submit, however, that another animal is a powerful and relevant metaphor here - the black swan. We simply don't know what the threats are, and the downside is huge. That alone should be warning enough. If you haven't read them, the works of Nicholas Nassim Taleb are worth the read. You ask about practical concerns - they are the usual, which are dismissed: Subversion of the client, intrusion of the network thereby, in a very hard to detect fashion - much harder to detect than a subverted web browser. The risk is much larger with skype because of the nature of the task and the software. Lots of traffic to and from the world, with no way to understand or filter it. For web browsing I do use as many mitigating technologies as I am allowed to use for web browsing as I can, but we've basically lost the battle on that front. This doesn't mean that we shouldn't keep fighting. For instance, I've proposed that those who need skype should receive a second, less-capable PC, with an internet connection that that doesn't touch the production network - perhaps a separate layer 2 VLAN that doesn't touch the production network, and which could also be used for other purposes as well - like web browsing. I've gotten funny looks and a denial. Corporate culture is fundamentally insane on this issue, AFAICT. On Thu, Dec 30, 2010 at 21:26, Andrew S. Baker asbz...@gmail.com wrote: Ah, but I believe you're mistaking or minimizing the differences between web browsing and skype. No, Kurt, I am not minimizing them. I pointing out that we routinely hear about people who experience infosec-related problems in the corporate realm due to what would otherwise be deemed as simple web browsing. Recent tech news is replete with such examples. Whether or not there is technology available to mitigate these is secondary (unless, of course, you are currently making use of all such technology). It is safe to say that your organization is already assuming some risk related to technologies for which there are ready and active exploits on a regular basis. I'm simply asking you to articulate *practical* problems that you expect to encounter in your employees' use of Skype, so that we can discuss appropriate mitigation strategies, or come to the conclusion that it is not worth the effort to do so. There are all sorts of possibilities and probabilities with technologies, but rather than wax poetic about things that are possible, let us evaluate that which is probable and deal with it. While I am not quite willing to suggest that ubiquity is equivalent to safety, I will ask: Given the not-insubstantial adoption of Skype in the corporate realm -- from which you should be able to draw ample examples -- what are the types of real-world issues you anticipate happening when your employees start using Skype? ASB (My XeeSM Profile) Exploiting Technology for Business Advantage...
Re: Skype
Do you **currently** have any visibility into SSL traffic in your environment? *ASB *(My XeeSM Profile) http://XeeSM.com/AndrewBaker *Exploiting Technology for Business Advantage...* * * On Fri, Dec 31, 2010 at 2:01 AM, Kurt Buff kurt.b...@gmail.com wrote: True, but... As I'll keep hammering on - the traffic for other apps is much more transparent than that for skype, and NIDS systems, such as snort, etc., can help with the other apps, but absolutely cannot help with skype. Kurt On Thu, Dec 30, 2010 at 21:28, Andrew S. Baker asbz...@gmail.com wrote: It's also precisely how exploitations begin, not merely DoSes. Well then, it's a good thing that none of the other software we use ever behaves like that. ASB (My XeeSM Profile) Exploiting Technology for Business Advantage... On Thu, Dec 30, 2010 at 11:29 PM, Kurt Buff kurt.b...@gmail.com wrote: It's also precisely how exploitations begin, not merely DoSes. On Thu, Dec 30, 2010 at 14:51, Andrew S. Baker asbz...@gmail.com wrote: Really? A delay in response causes a crash in client software? Really? Isn't that precisely how a DoS works? Did you read the whole article or just the summary?The client software, as you noted before, is operating in P2P mode, so it is both client and server software, depending on the type of activity being performed at that time. While a regrettable problem, it wasn't inconceivable that something like this could happen if things lined up right. ASB (My XeeSM Profile) Exploiting Technology for Business Advantage... On Thu, Dec 30, 2010 at 5:02 PM, Kurt Buff kurt.b...@gmail.com wrote: Oh, and I just saw this: http://blogs.skype.com/en/2010/12/cio_update.html: On Wednesday, December 22, a cluster of support servers responsible for offline instant messaging became overloaded. As a result of this overload, some Skype clients received delayed responses from the overloaded servers. In a version of the Skype for Windows client (version 5.0.0152), the delayed responses from the overloaded servers were not properly processed, causing Windows clients running the affected version to crash. Really? A delay in response causes a crash in client software? Really? I'm glad it's fixed in the newest versions, but wow... Now, I must qualify my concern - I don't care nearly as much about skype on phones - they're not going to live on my production network, and phones running Good software have corporate data relatively well protected. Smartphones will live on a guest network. It's the workstations I'm concerned about. Kurt On Thu, Dec 30, 2010 at 12:25, Andrew S. Baker asbz...@gmail.com wrote: What's your main concern with Skype? What aspect of security is your focus? ASB (My XeeSM Profile) Exploiting Technology for Business Advantage... On Thu, Dec 30, 2010 at 3:15 PM, Kurt Buff kurt.b...@gmail.com wrote: This is pretty old, but I'm now being forced to allow skype on our network, and I'm pretty unhappy about it.. Ken, is your firm still allowing skype, and if so, can you speak to what your security folks did to make themselves happy about allowing skype? Has anyone else here done a security review that gave them a decision one way or the other about allowing it? Kurt On Thu, Jan 15, 2009 at 08:12, Ken Cornetet ken.corne...@kimball.com wrote: We are deploying it here to a few users. I’m using group policy to turn off being a supernode, downloads, listening on tcp ports, and 3rd party access to the Skype API. Our security folks reviewed it and are happy. From: Tim Evans [mailto:tev...@sparling.com] Sent: Thursday, January 15, 2009 11:01 AM To: NT System Admin Issues Subject: Skype Has anyone looked at Skype recently? We’ve got a client that wants us to use Skype for communications with them. I’ve always been a little leery of using them in a business environment, but looking at it now, I see they have a MSI download for easy deployment and a group policy template for central administration of settings. It all looks pretty cool. While the security guy in me wants to say no, I’m having a hard time finding a reason not to say OK. I’m curious what the members of this esteemed group think about it …Tim ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Skype
*Once he's made up my mind, it is going to happen, regardless of any subordinate's[1] wishes. * Especially if they cannot be articulated in a useful manner. *ASB *(My XeeSM Profile) http://XeeSM.com/AndrewBaker *Exploiting Technology for Business Advantage...* * * On Fri, Dec 31, 2010 at 8:56 AM, Jonathan Link jonathan.l...@gmail.comwrote: It appears that this discussion is no longer germane to your original post. At the very least you're not finding agreement with your point of view. In your OP you said you were being forced to accept Skype. It's doubtful that any security concerns you raise will cause management to change their mind. Their decision has been made, you make it happen, share your security concerns so they're noted for the record, implement their requested software based on the business need and move on. As one of the partners in my firm loves to say, don't show my the pain, show me the baby. Once he's made up my mind, it is going to happen, regardless of any subordinate's[1] wishes. This is all very familiar[2]. [1] I have had success in raising concerns to other receptive partners and having him back track, but that's a political move, not a technical move. [2] Have we had a similar discussion before? On Fri, Dec 31, 2010 at 2:01 AM, Kurt Buff kurt.b...@gmail.com wrote: True, but... As I'll keep hammering on - the traffic for other apps is much more transparent than that for skype, and NIDS systems, such as snort, etc., can help with the other apps, but absolutely cannot help with skype. Kurt On Thu, Dec 30, 2010 at 21:28, Andrew S. Baker asbz...@gmail.com wrote: It's also precisely how exploitations begin, not merely DoSes. Well then, it's a good thing that none of the other software we use ever behaves like that. ASB (My XeeSM Profile) Exploiting Technology for Business Advantage... On Thu, Dec 30, 2010 at 11:29 PM, Kurt Buff kurt.b...@gmail.com wrote: It's also precisely how exploitations begin, not merely DoSes. On Thu, Dec 30, 2010 at 14:51, Andrew S. Baker asbz...@gmail.com wrote: Really? A delay in response causes a crash in client software? Really? Isn't that precisely how a DoS works? Did you read the whole article or just the summary?The client software, as you noted before, is operating in P2P mode, so it is both client and server software, depending on the type of activity being performed at that time. While a regrettable problem, it wasn't inconceivable that something like this could happen if things lined up right. ASB (My XeeSM Profile) Exploiting Technology for Business Advantage... On Thu, Dec 30, 2010 at 5:02 PM, Kurt Buff kurt.b...@gmail.com wrote: Oh, and I just saw this: http://blogs.skype.com/en/2010/12/cio_update.html: On Wednesday, December 22, a cluster of support servers responsible for offline instant messaging became overloaded. As a result of this overload, some Skype clients received delayed responses from the overloaded servers. In a version of the Skype for Windows client (version 5.0.0152), the delayed responses from the overloaded servers were not properly processed, causing Windows clients running the affected version to crash. Really? A delay in response causes a crash in client software? Really? I'm glad it's fixed in the newest versions, but wow... Now, I must qualify my concern - I don't care nearly as much about skype on phones - they're not going to live on my production network, and phones running Good software have corporate data relatively well protected. Smartphones will live on a guest network. It's the workstations I'm concerned about. Kurt On Thu, Dec 30, 2010 at 12:25, Andrew S. Baker asbz...@gmail.com wrote: What's your main concern with Skype? What aspect of security is your focus? ASB (My XeeSM Profile) Exploiting Technology for Business Advantage... On Thu, Dec 30, 2010 at 3:15 PM, Kurt Buff kurt.b...@gmail.com wrote: This is pretty old, but I'm now being forced to allow skype on our network, and I'm pretty unhappy about it.. Ken, is your firm still allowing skype, and if so, can you speak to what your security folks did to make themselves happy about allowing skype? Has anyone else here done a security review that gave them a decision one way or the other about allowing it? Kurt On Thu, Jan 15, 2009 at 08:12, Ken Cornetet ken.corne...@kimball.com wrote: We are deploying it here to a few users. I’m using group policy to turn off being a supernode, downloads, listening on tcp ports, and 3rd party access to the Skype API. Our security folks reviewed it and are happy. From: Tim Evans [mailto:tev...@sparling.com] Sent: Thursday, January 15, 2009
RE: videos from hulu
This is tangential, but if you ever do need to record something from your PC (audio or video) and you can't (such as in the case of capturing a streaming vid), there is only one tool I've found capable - Total Recorder. http://www.totalrecorder.com/ This is actually an amazingly well made tool that catches just about anything. I've used many times, and it's been a lifesaver. As regards Hulu, there are plenty of tools that can capture the video. Might want to check out Grabtoolz: http://www.grabtoolz.com/products.html But there are plenty of others. Another tip on Hulu - if you're overseas, you can't view it. But you can with HMA - absolutely the best VPN/proxy solution I've ever found: http://hidemyass.com/vpn/ Alex Alex Eckelberry VP and General Manager, Security Business Unit GFI Software, Inc. (formerly Sunbelt Software) 33 N. Garden Avenue, Clearwater, FL 33755 p: 919-297-1347 f: 727-562-5199 e: al...@gfi.commailto:al...@gfi.com MSN: alex...@hotmail.commailto:alex...@hotmail.com Skype: alexeckelberry oovoo: alexeck w: www.sunbeltsoftware.comhttp://www.sunbeltsoftware.com/ b: www.sunbeltblog.comhttp://www.sunbeltblog.com/ From: Doug Hampshire [mailto:dhampsh...@gmail.com] Sent: Friday, December 31, 2010 12:37 AM To: NT System Admin Issues Subject: Re: videos from hulu Seriously? Why not just point a video camera at the monitor? On Thu, Dec 30, 2010 at 12:23 PM, David Mazzaccaro david.mazzacc...@hudsonmobility.commailto:david.mazzacc...@hudsonmobility.com wrote: You may have to get creative (microphone placed in front of speakers perhaps), but it can! -Original Message- From: Maglinger, Paul [mailto:pmaglin...@scvl.commailto:pmaglin...@scvl.com] Sent: Thursday, December 30, 2010 12:20 PM To: NT System Admin Issues Subject: RE: videos from hulu Snagit won't pick up the audio, will it? -Original Message- From: David Mazzaccaro [mailto:david.mazzacc...@hudsonmobility.commailto:david.mazzacc...@hudsonmobility.com] Sent: Thursday, December 30, 2010 11:04 AM To: NT System Admin Issues Subject: RE: videos from hulu You can try the program SnagIt I've had reasonably good success with it. http://www.techsmith.com/snagit/ -Original Message- From: Michael B. Smith [mailto:mich...@smithcons.commailto:mich...@smithcons.com] Sent: Thursday, December 30, 2010 11:30 AM To: NT System Admin Issues Subject: videos from hulu So, there are some videos on hulu (Good Eats holiday recipes, actually, like http://www.hulu.com/watch/179670/good-eats-ultimate-mashed-potatoes) I'd like to get digitally and save. Any easy/reasonable way to do that? Thanks. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin . ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin . ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Small/Mid Firewall?
Well I think part of the frustration is that appears that to create a simple port forward that sends all incoming traffic on a specific port to an internal server (for example) requires 17 different policies and interfaces and zones. I'm exaggerating a bit, yes, but the Juniper seems very powerful and ridiculously complex. We're not trying to do anything fancy and it's taken more than 2 days to get it even half working and that's with more than an hour of a Juniper support engineer remoting into it and working on it themselves. The old SnapGear 580s (before McAfee bought SnapGear at least) could be set up for this in 15 minutes or so. Even a newbie could figure out how to set up a basic port forward fairly quickly. I suspect we'll like the Juniper...once we get a thousand pages or so deeper into the documentation and figure out how to actually make the damned thing do anything useful. We have one IPSEC tunnel created with it (created by the Juniper engineer). The dashboard on the Home Screen says it's Inactive/Unused but the VPN monitor lists it as Active. Ummmo.k. This morning my day started with a phone call from one of the local users telling me they can't even get on the web. Good grief. Ben M. Schorr Chief Executive Officer __ Roland Schorr Tower www.rolandschorr.com http://www.rolandschorr.com/ b...@rolandschorr.com mailto:b...@rolandschorr.com From: Erik Goldoff [mailto:egold...@gmail.com] Sent: Friday, December 31, 2010 5:20 AM To: NT System Admin Issues Subject: RE: Small/Mid Firewall? I agree with Andrew ... I've been configuring the Juniper 'screens for years now, including the 5GT and SSG 5 that replaced it. Granted, the Juniper is very different from a Cisco PIX/ASA firewall, and different from Checkpoint. I wonder if extensive knowledge of some other brand of firewall is what is causing your minions problems with the Juniper. Erik Goldoff IT Consultant Systems, Networks, Security ' Security is an ongoing process, not a one time event ! ' From: Ben Schorr [mailto:b...@rolandschorr.com] Sent: Friday, December 31, 2010 1:16 AM To: NT System Admin Issues Subject: RE: Small/Mid Firewall? Well, to be fair *I* haven't looked at it yet myself. It's been in the hands of two of my junior people; at least one of whom is generally very capable and has deployed several other firewall/routers of other vendors in the past. But he's spent the better part of all day trying to get the Juniper working and finally has resorted to having Juniper tech support remote in and try to get it working. Apparently even the Juniper support person has spent quite a bit of time wrestling with it to only mixed results. It gives me some pause that even a Juniper support engineer would struggle with getting this unit configured. But I've still got 2200 more pages of the manual to read so... Ben M. Schorr Chief Executive Officer __ Roland Schorr Tower www.rolandschorr.com http://www.rolandschorr.com/ b...@rolandschorr.com mailto:b...@rolandschorr.com From: Andrew S. Baker [mailto:asbz...@gmail.com] Sent: Thursday, December 30, 2010 8:15 PM To: NT System Admin Issues Subject: Re: Small/Mid Firewall? Really? IPSec VPNs are one of the easiest things to configure on those devices. In fairness, however, I've been using Netscreen devices since Feb 2000, so that might simply be familiarity talking. The VPN wizard is very straightforward ASB (My XeeSM Profile) http://XeeSM.com/AndrewBaker Exploiting Technology for Business Advantage... ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Small/Mid Firewall?
For a nice free SME firewall, I might look at Smoothwall express http://www.smoothwall.org/ Alex From: Ben Schorr [mailto:b...@rolandschorr.com] Sent: Friday, December 31, 2010 12:42 PM To: NT System Admin Issues Subject: RE: Small/Mid Firewall? Well I think part of the frustration is that appears that to create a simple port forward that sends all incoming traffic on a specific port to an internal server (for example) requires 17 different policies and interfaces and zones. I'm exaggerating a bit, yes, but the Juniper seems very powerful and ridiculously complex. We're not trying to do anything fancy and it's taken more than 2 days to get it even half working and that's with more than an hour of a Juniper support engineer remoting into it and working on it themselves. The old SnapGear 580s (before McAfee bought SnapGear at least) could be set up for this in 15 minutes or so. Even a newbie could figure out how to set up a basic port forward fairly quickly. I suspect we'll like the Juniper...once we get a thousand pages or so deeper into the documentation and figure out how to actually make the damned thing do anything useful. We have one IPSEC tunnel created with it (created by the Juniper engineer). The dashboard on the Home Screen says it's Inactive/Unused but the VPN monitor lists it as Active. Ummmo.k. This morning my day started with a phone call from one of the local users telling me they can't even get on the web. Good grief. Ben M. Schorr Chief Executive Officer __ Roland Schorr Tower www.rolandschorr.comhttp://www.rolandschorr.com/ b...@rolandschorr.commailto:b...@rolandschorr.com From: Erik Goldoff [mailto:egold...@gmail.com] Sent: Friday, December 31, 2010 5:20 AM To: NT System Admin Issues Subject: RE: Small/Mid Firewall? I agree with Andrew ... I've been configuring the Juniper 'screens for years now, including the 5GT and SSG 5 that replaced it. Granted, the Juniper is very different from a Cisco PIX/ASA firewall, and different from Checkpoint. I wonder if extensive knowledge of some other brand of firewall is what is causing your minions problems with the Juniper. Erik Goldoff IT Consultant Systems, Networks, Security ' Security is an ongoing process, not a one time event ! ' From: Ben Schorr [mailto:b...@rolandschorr.com]mailto:[mailto:b...@rolandschorr.com] Sent: Friday, December 31, 2010 1:16 AM To: NT System Admin Issues Subject: RE: Small/Mid Firewall? Well, to be fair *I* haven't looked at it yet myself. It's been in the hands of two of my junior people; at least one of whom is generally very capable and has deployed several other firewall/routers of other vendors in the past. But he's spent the better part of all day trying to get the Juniper working and finally has resorted to having Juniper tech support remote in and try to get it working. Apparently even the Juniper support person has spent quite a bit of time wrestling with it to only mixed results. It gives me some pause that even a Juniper support engineer would struggle with getting this unit configured. But I've still got 2200 more pages of the manual to read so... Ben M. Schorr Chief Executive Officer __ Roland Schorr Tower www.rolandschorr.comhttp://www.rolandschorr.com/ b...@rolandschorr.commailto:b...@rolandschorr.com From: Andrew S. Baker [mailto:asbz...@gmail.com]mailto:[mailto:asbz...@gmail.com] Sent: Thursday, December 30, 2010 8:15 PM To: NT System Admin Issues Subject: Re: Small/Mid Firewall? Really? IPSec VPNs are one of the easiest things to configure on those devices. In fairness, however, I've been using Netscreen devices since Feb 2000, so that might simply be familiarity talking. The VPN wizard is very straightforward ASB (My XeeSM Profile)http://XeeSM.com/AndrewBaker Exploiting Technology for Business Advantage... ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Small/Mid Firewall?
Thanks Alex, we're waist deep in trying to figure out the already-purchased Juniper though so I don't really have the resources to devote to learning yet another solution. Maybe for the next one. Ben M. Schorr Chief Executive Officer __ Roland Schorr Tower www.rolandschorr.com http://www.rolandschorr.com/ b...@rolandschorr.com mailto:b...@rolandschorr.com From: Alex Eckelberry [mailto:al...@sunbelt-software.com] Sent: Friday, December 31, 2010 11:12 AM To: NT System Admin Issues Subject: RE: Small/Mid Firewall? For a nice free SME firewall, I might look at Smoothwall express http://www.smoothwall.org/ Alex From: Ben Schorr [mailto:b...@rolandschorr.com] Sent: Friday, December 31, 2010 12:42 PM To: NT System Admin Issues Subject: RE: Small/Mid Firewall? Well I think part of the frustration is that appears that to create a simple port forward that sends all incoming traffic on a specific port to an internal server (for example) requires 17 different policies and interfaces and zones. I'm exaggerating a bit, yes, but the Juniper seems very powerful and ridiculously complex. We're not trying to do anything fancy and it's taken more than 2 days to get it even half working and that's with more than an hour of a Juniper support engineer remoting into it and working on it themselves. The old SnapGear 580s (before McAfee bought SnapGear at least) could be set up for this in 15 minutes or so. Even a newbie could figure out how to set up a basic port forward fairly quickly. I suspect we'll like the Juniper...once we get a thousand pages or so deeper into the documentation and figure out how to actually make the damned thing do anything useful. We have one IPSEC tunnel created with it (created by the Juniper engineer). The dashboard on the Home Screen says it's Inactive/Unused but the VPN monitor lists it as Active. Ummmo.k. This morning my day started with a phone call from one of the local users telling me they can't even get on the web. Good grief. Ben M. Schorr Chief Executive Officer __ Roland Schorr Tower www.rolandschorr.com http://www.rolandschorr.com/ b...@rolandschorr.com mailto:b...@rolandschorr.com From: Erik Goldoff [mailto:egold...@gmail.com] Sent: Friday, December 31, 2010 5:20 AM To: NT System Admin Issues Subject: RE: Small/Mid Firewall? I agree with Andrew ... I've been configuring the Juniper 'screens for years now, including the 5GT and SSG 5 that replaced it. Granted, the Juniper is very different from a Cisco PIX/ASA firewall, and different from Checkpoint. I wonder if extensive knowledge of some other brand of firewall is what is causing your minions problems with the Juniper. Erik Goldoff IT Consultant Systems, Networks, Security ' Security is an ongoing process, not a one time event ! ' From: Ben Schorr [mailto:b...@rolandschorr.com] Sent: Friday, December 31, 2010 1:16 AM To: NT System Admin Issues Subject: RE: Small/Mid Firewall? Well, to be fair *I* haven't looked at it yet myself. It's been in the hands of two of my junior people; at least one of whom is generally very capable and has deployed several other firewall/routers of other vendors in the past. But he's spent the better part of all day trying to get the Juniper working and finally has resorted to having Juniper tech support remote in and try to get it working. Apparently even the Juniper support person has spent quite a bit of time wrestling with it to only mixed results. It gives me some pause that even a Juniper support engineer would struggle with getting this unit configured. But I've still got 2200 more pages of the manual to read so... Ben M. Schorr Chief Executive Officer __ Roland Schorr Tower www.rolandschorr.com http://www.rolandschorr.com/ b...@rolandschorr.com mailto:b...@rolandschorr.com From: Andrew S. Baker [mailto:asbz...@gmail.com] Sent: Thursday, December 30, 2010 8:15 PM To: NT System Admin Issues Subject: Re: Small/Mid Firewall? Really? IPSec VPNs are one of the easiest things to configure on those devices. In fairness, however, I've been using Netscreen devices since Feb 2000, so that might simply be familiarity talking. The VPN wizard is very straightforward ASB (My XeeSM Profile) http://XeeSM.com/AndrewBaker Exploiting Technology for Business Advantage... ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions
Re: Redirect folders to network
I love both roaming profiles and folder redirection, but have been burned by offline files in the past (Windows 2000 server and pro) and just don't want to go there again even though improvements have been made! We like the Keep It Simple principal, we redirect the My Documents folder to the user's mapped home directory found on the profiles tab within their Active Directory object. (This way we can offer server space for normal employees, but not contractors). Our users can always look to see if their My Documents match the contents of their mapped drive, this way it instills in them that these files are not on the local computer. We suggest that our Laptop users create a Local Folder for files that they need to travel with. It is up to them to keep these in sync with server copies so there is a backed up version. If you do roaming profiles without redirecting the My Documents folder, you may find yourself 'roaming' a good many files at login or logoff which could slow things down considerably. Plus you can put a quota on the user's shared drive, but not on a roaming profile share! Food for thought. My next goal is to understand and implement Microsoft Direct Access so our laptop users aren't really far from a server copy at any time, of course this means I'll be able to get to them for support as well. ;) ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: videos from hulu
Thanks, Alex I'm going to evaluate Total Recorder. The features look good, as does the licensing! *ASB *(My XeeSM Profile) http://XeeSM.com/AndrewBaker *Exploiting Technology for Business Advantage...* * * On Fri, Dec 31, 2010 at 9:54 AM, Alex Eckelberry al...@sunbelt-software.com wrote: This is tangential, but if you ever do need to record something from your PC (audio or video) and you can’t (such as in the case of capturing a streaming vid), there is only one tool I’ve found capable – Total Recorder. http://www.totalrecorder.com/ This is actually an amazingly well made tool that catches just about anything. I’ve used many times, and it’s been a lifesaver. As regards Hulu, there are plenty of tools that can capture the video. Might want to check out Grabtoolz: http://www.grabtoolz.com/products.html But there are plenty of others. Another tip on Hulu – if you’re overseas, you can’t view it. But you can with HMA – absolutely the best VPN/proxy solution I’ve ever found: http://hidemyass.com/vpn/ Alex Alex Eckelberry VP and General Manager, Security Business Unit GFI Software, Inc. (formerly Sunbelt Software) 33 N. Garden Avenue, Clearwater, FL 33755 p: 919-297-1347 f: 727-562-5199 e: al...@gfi.com MSN: alex...@hotmail.com Skype: alexeckelberry oovoo: alexeck w: www.sunbeltsoftware.com b: www.sunbeltblog.com *From:* Doug Hampshire [mailto:dhampsh...@gmail.com] *Sent:* Friday, December 31, 2010 12:37 AM *To:* NT System Admin Issues *Subject:* Re: videos from hulu Seriously? Why not just point a video camera at the monitor? On Thu, Dec 30, 2010 at 12:23 PM, David Mazzaccaro david.mazzacc...@hudsonmobility.com wrote: You may have to get creative (microphone placed in front of speakers perhaps), but it can! -Original Message- From: Maglinger, Paul [mailto:pmaglin...@scvl.com] Sent: Thursday, December 30, 2010 12:20 PM To: NT System Admin Issues Subject: RE: videos from hulu Snagit won't pick up the audio, will it? -Original Message- From: David Mazzaccaro [mailto:david.mazzacc...@hudsonmobility.com] Sent: Thursday, December 30, 2010 11:04 AM To: NT System Admin Issues Subject: RE: videos from hulu You can try the program SnagIt I've had reasonably good success with it. http://www.techsmith.com/snagit/ -Original Message- From: Michael B. Smith [mailto:mich...@smithcons.com] Sent: Thursday, December 30, 2010 11:30 AM To: NT System Admin Issues Subject: videos from hulu So, there are some videos on hulu (Good Eats holiday recipes, actually, like http://www.hulu.com/watch/179670/good-eats-ultimate-mashed-potatoes) I'd like to get digitally and save. Any easy/reasonable way to do that? Thanks. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin . ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin . ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions
Re: Small/Mid Firewall?
I'll tell you what. I'll become your Juniper expert and open vast new horizons for your practice. I went to grad. school in AZ, so I don't really want to live in Flagstaff. I spent 8 years in LA after grad school, so that's out too. Hey, look what's left. Honolulu! I'm in! On Fri, Dec 31, 2010 at 1:19 PM, Ben Schorr b...@rolandschorr.com wrote: Thanks Alex, we’re waist deep in trying to figure out the already-purchased Juniper though so I don’t really have the resources to devote to learning yet another solution. Maybe for the next one. Ben M. Schorr Chief Executive Officer __ *Roland Schorr Tower *www.rolandschorr.com b...@rolandschorr.com *From:* Alex Eckelberry [mailto:al...@sunbelt-software.com] *Sent:* Friday, December 31, 2010 11:12 AM *To:* NT System Admin Issues *Subject:* RE: Small/Mid Firewall? For a nice free SME firewall, I might look at Smoothwall express http://www.smoothwall.org/ Alex *From:* Ben Schorr [mailto:b...@rolandschorr.com] *Sent:* Friday, December 31, 2010 12:42 PM *To:* NT System Admin Issues *Subject:* RE: Small/Mid Firewall? Well I think part of the frustration is that appears that to create a simple port forward that sends all incoming traffic on a specific port to an internal server (for example) requires 17 different “policies” and “interfaces” and “zones”. I’m exaggerating a bit, yes, but the Juniper seems very powerful and ridiculously complex. We’re not trying to do anything fancy and it’s taken more than 2 days to get it even half working and that’s with more than an hour of a Juniper support engineer remoting into it and working on it themselves. The old SnapGear 580s (before McAfee bought SnapGear at least) could be set up for this in 15 minutes or so. Even a newbie could figure out how to set up a basic port forward fairly quickly. I suspect we’ll like the Juniper…once we get a thousand pages or so deeper into the documentation and figure out how to actually make the damned thing do anything useful. We have one IPSEC tunnel created with it (created by the Juniper engineer). The dashboard on the “Home” Screen says it’s “Inactive/Unused” but the VPN monitor lists it as “Active”. Ummm….o.k. This morning my day started with a phone call from one of the local users telling me they can’t even get on the web. Good grief. Ben M. Schorr Chief Executive Officer __ *Roland Schorr Tower *www.rolandschorr.com b...@rolandschorr.com *From:* Erik Goldoff [mailto:egold...@gmail.com] *Sent:* Friday, December 31, 2010 5:20 AM *To:* NT System Admin Issues *Subject:* RE: Small/Mid Firewall? I agree with Andrew … I’ve been configuring the Juniper ‘screens for years now, including the 5GT and SSG 5 that replaced it. Granted, the Juniper is very different from a Cisco PIX/ASA firewall, and different from Checkpoint. I wonder if extensive knowledge of some other brand of firewall is what is causing your minions problems with the Juniper. *Erik Goldoff*** *IT Consultant* *Systems, Networks, Security * ' Security is an ongoing process, not a one time event ! ' *From:* Ben Schorr [mailto:b...@rolandschorr.com] *Sent:* Friday, December 31, 2010 1:16 AM *To:* NT System Admin Issues *Subject:* RE: Small/Mid Firewall? Well, to be fair **I** haven’t looked at it yet myself. It’s been in the hands of two of my junior people; at least one of whom is generally very capable and has deployed several other firewall/routers of other vendors in the past. But he’s spent the better part of all day trying to get the Juniper working and finally has resorted to having Juniper tech support remote in and try to get it working. Apparently even the Juniper support person has spent quite a bit of time wrestling with it to only mixed results. It gives me some pause that even a Juniper support engineer would struggle with getting this unit configured. But I’ve still got 2200 more pages of the manual to read so… Ben M. Schorr Chief Executive Officer __ *Roland Schorr Tower *www.rolandschorr.com b...@rolandschorr.com *From:* Andrew S. Baker [mailto:asbz...@gmail.com] *Sent:* Thursday, December 30, 2010 8:15 PM *To:* NT System Admin Issues *Subject:* Re: Small/Mid Firewall? Really? IPSec VPNs are one of the easiest things to configure on those devices. In fairness, however, I've been using Netscreen devices since Feb 2000, so that might simply be familiarity talking. The VPN wizard is very straightforward *ASB *(My XeeSM Profile) http://XeeSM.com/AndrewBaker *Exploiting Technology for Business Advantage...* * * ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here:
Re: Skype
I prefer to use the same name as the Rapid Transit District buses that go through the bad areas of Los Angeles: *RTD*: *Rough, Tough, and Dangerous* -- ME2 On Fri, Dec 31, 2010 at 6:00 AM, Andrew S. Baker asbz...@gmail.com wrote: Fact: The internet is a rough and tumble environment, with lots of threats about, and the number grows steadily. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Small/Mid Firewall?
That is what all the girls back in high school used to tell me! blush Webster From: Andrew S. Baker [mailto:asbz...@gmail.com] Subject: Re: Small/Mid Firewall? You are the man, Webster! :) ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Small/Mid Firewall?
Especially when they needed help with citrix issues :-) Typed frustratingly slowly on my BlackBerry® wireless device -Original Message- From: Webster carlwebs...@gmail.com Date: Fri, 31 Dec 2010 15:32:18 To: NT System Admin Issuesntsysadmin@lyris.sunbelt-software.com Reply-To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.comSubject: RE: Small/Mid Firewall? That is what all the girls back in high school used to tell me! blush Webster From: Andrew S. Baker [mailto:asbz...@gmail.com] Subject: Re: Small/Mid Firewall? You are the man, Webster! :) ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Cisco 3500 Series AP's
Buddy of mine just called me frantic that he bought 3 of these with the Injectors but apparently it needs a controller to work properly. He emailed me the PDF of the setup and these apparently do not work without a controller. Can anyone confirm this? I don't want him to send them back and eat it if they can be configured manually. He has to initiate the return tonight though or he owns them. Thanks Greg Sweers CEO ACTS360.comhttp://www.acts360.com/ P.O. Box 1193 Brandon, FL 33509 813-657-0849 Office 813-758-6850 Cell 813-341-1270 Fax ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Small/Mid Firewall?
Unfortunately, Citrix's first product (which I used) didn't come out until 15 years after I was out of HS. IBM PC was 6 years after HS. First handheld calculators (6 functions IIRC) came out my sr. yr. and only cost $295. I used a slide ruler (with the uber cool slide on belt attachment) all thru HS. Webster From: Rankin, James R [mailto:kz2...@googlemail.com] Subject: Re: Small/Mid Firewall? Especially when they needed help with citrix issues :-) _ From: Webster carlwebs...@gmail.com Subject: RE: Small/Mid Firewall? That is what all the girls back in high school used to tell me! blush Webster From: Andrew S. Baker [mailto:asbz...@gmail.com] Subject: Re: Small/Mid Firewall? You are the man, Webster! :) ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
OT: XBOX Live and ASA
So, my son has two Xbox 360s and two TVs in his Man Cave. His friends bring their hard drives over and they play COD on Xbox Live. I have a business cable connection with 13 public IPs available. I use a Cisco ASA for firewall and VPN to work. I have set public addresses via NAT to each Xbox 360. I have opened the ports needed for Xbox Live (Port 88 (UDP) Port 3074 (UDP and TCP)Port 53 (UDP and TCP)Port 80 (TCP)). The Xboxes are connected via wired Ethernet at 1GB. When they try to invite each other, they cannot. They can only join a game hosted by someone else. I am sure this is a NAT issue or maybe an inspection issue? However, I only know enough Cisco IOS/ASA to be dangerous. Any suggestions appreciated. BF ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: XBOX Live and ASA
Bob if I had to guess the issue is that they are looping through the router. As a repro, do this: NAT your computer on IP 1. NAT something (like IIS) on IP2. Try to connect to http://IP2 from computer 2. IIRC there is a way around this but I honestly can't remember the solution. It's been years since I did this. You may need to either a) try a static route or b) do some searching on loopback. Thanks, Brian Desmond br...@briandesmond.com c - 312.731.3132 From: Bob Fronk [mailto:b...@btrfronk.com] Sent: Friday, December 31, 2010 5:09 PM To: NT System Admin Issues Subject: OT: XBOX Live and ASA So, my son has two Xbox 360s and two TVs in his Man Cave. His friends bring their hard drives over and they play COD on Xbox Live. I have a business cable connection with 13 public IPs available. I use a Cisco ASA for firewall and VPN to work. I have set public addresses via NAT to each Xbox 360. I have opened the ports needed for Xbox Live (Port 88 (UDP) Port 3074 (UDP and TCP)Port 53 (UDP and TCP)Port 80 (TCP)). The Xboxes are connected via wired Ethernet at 1GB. When they try to invite each other, they cannot. They can only join a game hosted by someone else. I am sure this is a NAT issue or maybe an inspection issue? However, I only know enough Cisco IOS/ASA to be dangerous. Any suggestions appreciated. BF ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Cisco 3500 Series AP's
Looks like these are lightweight models which do require a controller... •The access point can only communicate with Cisco wireless LAN controllers, such as 2100, 4400, and 5500 series controllers. http://www.cisco.com/en/US/docs/wireless/access_point/3500/quick/guide/ap3500getstart.html On Fri, Dec 31, 2010 at 3:45 PM, greg.swe...@actsconsulting.net wrote: Buddy of mine just called me frantic that he bought 3 of these with the Injectors but apparently it needs a controller to work properly. He emailed me the PDF of the setup and these apparently do not work without a controller. Can anyone confirm this? I don’t want him to send them back and eat it if they can be configured manually. He has to initiate the return tonight though or he owns them. Thanks *Greg Sweers* CEO *ACTS360.com http://www.acts360.com/*** *P.O. Box 1193* *Brandon, FL 33509* *813-657-0849 Office* *813-758-6850 Cell* *813-341-1270 Fax* ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: XBOX Live and ASA
FYI every single firewall vendor has a different name for the feature you mention. Cisco calls it NAT hairpin. https://supportforums.cisco.com/thread/1003238 On 12/31/2010 5:22 PM, Brian Desmond wrote: *Bob if I had to guess the issue is that they are looping through the router. As a repro, do this:* * * *NAT your computer on IP 1. NAT something (like IIS) on IP2. Try to connect to http://IP2 from computer 2. * * * *IIRC there is a way around this but I honestly can’t remember the solution. It’s been years since I did this. You may need to either a) try a static route or b) do some searching on loopback. * -- Phil Brutsche p...@optimumdata.com ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Redirect folders to network
It was Jeffrey's understanding that a server file quota applies to ALL files owned by a user on that server, not whether they are in a home folder or a roaming profile folder. Sincerely, Jeffrey and Mary Jane Harris VIPCS _ From: Stephen Wimberly [mailto:riverside...@gmail.com] Sent: Friday, December 31, 2010 1:31 PM To: NT System Admin Issues Subject: Re: Redirect folders to network I love both roaming profiles and folder redirection, but have been burned by offline files in the past (Windows 2000 server and pro) and just don't want to go there again even though improvements have been made! We like the Keep It Simple principal, we redirect the My Documents folder to the user's mapped home directory found on the profiles tab within their Active Directory object. (This way we can offer server space for normal employees, but not contractors). Our users can always look to see if their My Documents match the contents of their mapped drive, this way it instills in them that these files are not on the local computer. We suggest that our Laptop users create a Local Folder for files that they need to travel with. It is up to them to keep these in sync with server copies so there is a backed up version. If you do roaming profiles without redirecting the My Documents folder, you may find yourself 'roaming' a good many files at login or logoff which could slow things down considerably. Plus you can put a quota on the user's shared drive, but not on a roaming profile share! Food for thought. My next goal is to understand and implement Microsoft Direct Access so our laptop users aren't really far from a server copy at any time, of course this means I'll be able to get to them for support as well. ;) ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Cisco 3500 Series AP's
Thx, what I pretty much thought after getting home and reading through some of the docs. Man was he peeved when I told him. Don't feel too bad, if you go buying things you don't understand and make promises you cant keep, well you will call someone who knows better next time. Thx for the confirmation! Greg Sweers CEO ACTS360.comhttp://www.acts360.com/ P.O. Box 1193 Brandon, FL 33509 813-657-0849 Office 813-758-6850 Cell 813-341-1270 Fax From: Brian Hintz [mailto:bhi...@gmail.com] Sent: Friday, December 31, 2010 7:13 PM To: NT System Admin Issues Subject: Re: Cisco 3500 Series AP's Looks like these are lightweight models which do require a controller... *The access point can only communicate with Cisco wireless LAN controllers, such as 2100, 4400, and 5500 series controllers. http://www.cisco.com/en/US/docs/wireless/access_point/3500/quick/guide/ap3500getstart.html On Fri, Dec 31, 2010 at 3:45 PM, greg.swe...@actsconsulting.netmailto:greg.swe...@actsconsulting.net wrote: Buddy of mine just called me frantic that he bought 3 of these with the Injectors but apparently it needs a controller to work properly. He emailed me the PDF of the setup and these apparently do not work without a controller. Can anyone confirm this? I don't want him to send them back and eat it if they can be configured manually. He has to initiate the return tonight though or he owns them. Thanks Greg Sweers CEO ACTS360.comhttp://www.acts360.com/ P.O. Box 1193 Brandon, FL 33509 813-657-0849 Office 813-758-6850 Cell 813-341-1270 Fax ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin