RE: Advice on migrating WSUS 3.0 SP2 from Win2003 32bit to Win2008 R2
It's also worth installing KB2734608 as soon as you've installed WSUS 3.0SP2. Cheers, Phil -Original Message- From: Michael Leone [mailto:oozerd...@gmail.com] Sent: 05 February 2013 20:38 To: NT System Admin Issues Subject: Re: Advice on migrating WSUS 3.0 SP2 from Win2003 32bit to Win2008 R2 So the boss figures that if we are creating a new database, we might as well install SQL Server 2008 R2 Express, and use that (locally). So we'll go with that, I guess. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin “Any opinion expressed in this e-mail or any attached files are those of the individual and not necessarily those of Hoople Ltd. You should be aware that Hoople Ltd. monitors its email service. This e-mail and any attached files are confidential and intended solely for the use of the addressee. This communication may contain material protected by law from being passed on. If you are not the intended recipient and have received this e-mail in error, you are advised that any use, dissemination, forwarding, printing or copying of this e-mail is strictly prohibited. If you have received this e-mail in error please contact the sender immediately and destroy all copies of it. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: OT: Hello Kitty in space
And I forgot the link http://www.theregister.co.uk/2013/02/04/hello_kitty_flight/ Doh! On 6 February 2013 13:51, James Rankin kz2...@googlemail.com wrote: Don't know whether you might have seen this already but the video at the end is awesomely done. Go Kitty! -- *James Rankin* Technical Consultant (ACA, CCA, MCTS) http://appsensebigot.blogspot.co.uk ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin -- *James Rankin* Technical Consultant (ACA, CCA, MCTS) http://appsensebigot.blogspot.co.uk ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Anyone heard of Meraki?
I heard from my Cisco guy that Cisco purchased them for the cloud based controller for WAP's and have no plans to keep the Meraki brand going for long. Kind of like the Flip Cam deal, quietly disappeared. From: Kennedy, Jim [mailto:kennedy...@elyriaschools.org] Sent: Wednesday, February 06, 2013 8:09 AM To: NT System Admin Issues Subject: RE: Anyone heard of Meraki? No direct experience but they are taking the edu market by storm. I would assume because of cost. I see and hear of school districts all around us using them and they are all very happy. We were already a cisco shop. Yes, bought late last year by Cisco. I would probably be resistant to going with another brand in your situation. I am not a fan of mixing brands on that big of a scale. Are the buildings interconnected so you can use the existing control structure? If so that is a point in favor of cisco branded. From: Tom Miller [mailto:tmil...@sfgtrust.com] Sent: Wednesday, February 06, 2013 9:04 AM To: NT System Admin Issues Subject: Anyone heard of Meraki? Anyone heard of or use Meraki wireless? It's part of Cisco, not sure if it is a recent acquisition though. One of our consultants who the IT Director here listens to recommended it. We already have regular Cisco wireless here at HQ and at one of our plants. The other plant is scheduled for wireless this year. http://www.meraki.com/ Cloud managed wireless. There's that overused word again. Comments or thoughts welcome. Tom ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Advice on migrating WSUS 3.0 SP2 from Win2003 32bit to Win2008 R2
On Wed, Feb 6, 2013 at 5:01 AM, Randal, Phil phil.ran...@hoopleltd.co.uk wrote: It's also worth installing KB2734608 as soon as you've installed WSUS 3.0SP2. I will keep that in mind. It should show up as soon as I synchronize the first time, it says ... Thanks ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: OT: Hello Kitty in space
Cool stuff. I'm always glad to see kids getting involved in science. From: James Rankin [mailto:kz2...@googlemail.com] Sent: Wednesday, February 06, 2013 7:55 AM To: NT System Admin Issues Subject: Re: OT: Hello Kitty in space And I forgot the link http://www.theregister.co.uk/2013/02/04/hello_kitty_flight/ Doh! On 6 February 2013 13:51, James Rankin kz2...@googlemail.commailto:kz2...@googlemail.com wrote: Don't know whether you might have seen this already but the video at the end is awesomely done. Go Kitty! -- James Rankin Technical Consultant (ACA, CCA, MCTS) http://appsensebigot.blogspot.co.uk ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin -- James Rankin Technical Consultant (ACA, CCA, MCTS) http://appsensebigot.blogspot.co.uk ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Anyone heard of Meraki?
Meraki wireless has been around for awhile. Moved into switches and then Cisco snatched them up. We evaluated and the biggest problem we saw is that the POE power supply is very under-rated for todays devices. A 48 port switch would probably realistically only be able to power half of the ports. Also at the time we tested Meraki didn't support the IP Phone protocol that Cisco uses, but probably will now. That wasn't a real big deal other than you have to go around and manually configure your phones to get around it. The thing I liked the most was the LCD display that provided status rather than those multi-color LEDs, which you have to look up the meaning if you don't deal with it everyday (And some people I know have trouble seeing red and green indicators. Are you listening out there?). -Paul From: Tom Miller [mailto:tmil...@sfgtrust.com] Sent: Wednesday, February 06, 2013 8:02 AM To: NT System Admin Issues Subject: Anyone heard of Meraki? Anyone heard of or use Meraki wireless? It's part of Cisco, not sure if it is a recent acquisition though. One of our consultants who the IT Director here listens to recommended it. We already have regular Cisco wireless here at HQ and at one of our plants. The other plant is scheduled for wireless this year. http://www.meraki.com/ Cloud managed wireless. There's that overused word again. Comments or thoughts welcome. Tom ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: OT: Hello Kitty in space
I can't believe they found the thing and that it didn't land in the middle of an ocean. It was only 50 miles from where she launched it. Very amazing stuff. From: Maglinger, Paul [mailto:pmaglin...@scvl.com] Sent: Wednesday, February 06, 2013 10:11 AM To: NT System Admin Issues Subject: RE: OT: Hello Kitty in space Cool stuff. I'm always glad to see kids getting involved in science. From: James Rankin [mailto:kz2...@googlemail.com] Sent: Wednesday, February 06, 2013 7:55 AM To: NT System Admin Issues Subject: Re: OT: Hello Kitty in space And I forgot the link http://www.theregister.co.uk/2013/02/04/hello_kitty_flight/ Doh! On 6 February 2013 13:51, James Rankin kz2...@googlemail.commailto:kz2...@googlemail.com wrote: Don't know whether you might have seen this already but the video at the end is awesomely done. Go Kitty! -- James Rankin Technical Consultant (ACA, CCA, MCTS) http://appsensebigot.blogspot.co.uk ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin -- James Rankin Technical Consultant (ACA, CCA, MCTS) http://appsensebigot.blogspot.co.uk ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: iso mounting software for Windows Server 2008 R2
+1. We use MagicDisc here and haven't run into any issues. Regards, Cameron ___ Cameron Cooper | IT Manager | Aurico Direct: 847.890.4021 | Cell: 224.688.2854 | Fax: 847.255.1896 ccoo...@aurico.commailto:ccoo...@aurico.com | www.aurico.comhttp://www.aurico.com/ From: John Cook [mailto:john.c...@pfsf.org] Sent: Wednesday, February 06, 2013 9:04 AM To: NT System Admin Issues Subject: RE: iso mounting software for Windows Server 2008 R2 MagicDisc has never failed me. John W. Cook Network Operations Manager Partnership For Strong Families 5950 NW 1st Place Gainesville, Fl 32607 Office (352) 244-1610 Cell (352) 215-6944 MCSE, MCP+I, MCTS, CompTIA A+, N+, VSP4, VTSP4 From: Miller Bonnie L. [mailto:mille...@mukilteo.wednet.edu] Sent: Wednesday, February 06, 2013 10:02 AM To: NT System Admin Issues Subject: iso mounting software for Windows Server 2008 R2 Windows Server 2008 R2 SP1 physical server. What is your favorite, safe, and least expensive, software for mounting an .iso file on this OS? Here are a few I've found, but have never used any: MagicISO Virtual CD/DVD-ROM (MagicDisc) http://www.magiciso.com/tutorials/miso-magicdisc-overview.htm (freeware) PowerISOhttp://www.poweriso.com/index.htm ($29.95) Virtual CloneDrivehttp://www.slysoft.com/en/virtual-clonedrive.html (freeware) I currently can't burn the .iso to media as we don't have a dual-layer burner available (and the disc would require one due to size). Going to have to look into that as well now. Thanks, Bonnie ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin CONFIDENTIALITY STATEMENT: The information transmitted, or contained or attached to or with this Notice is intended only for the person or entity to which it is addressed and may contain Protected Health Information (PHI), confidential and/or privileged material. Any review, transmission, dissemination, or other use of, and taking any action in reliance upon this information by persons or entities other than the intended recipient without the express written consent of the sender are prohibited. This information may be protected by the Health Insurance Portability and Accountability Act of 1996 (HIPAA), and other Federal and Florida laws. Improper or unauthorized use or disclosure of this information could result in civil and/or criminal penalties. Consider the environment. Please don't print this e-mail unless you really need to. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin CONFIDENTIALITY NOTICE: This email message is intended only for the person or entity to which it is addressed and may contain confidential material. Any unauthorized review, use, disclosure, downloading, copying or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and permanently delete all copies of the original message. If you are the intended recipient but do not wish to receive communications through this medium, please advise the sender immediately. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: iso mounting software for Windows Server 2008 R2
I like Poweriso, magiciso, vcd etc on my workstations but generally avoid installing iso tools on prod servers to keep them pristine and end up extracting from the workstation to the server. MS has a Mount-DiskImage cmdlet which sounds nice but only on win8\12 From: Miller Bonnie L. mille...@mukilteo.wednet.edu To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com Sent: Wednesday, February 6, 2013 10:02 AM Subject: iso mounting software for Windows Server 2008 R2 Windows Server 2008 R2 SP1 physical server. What is your favorite, safe, and least expensive, software for mounting an .iso file on this OS? Here are a few I’ve found, but have never used any: MagicISO Virtual CD/DVD-ROM (MagicDisc) http://www.magiciso.com/tutorials/miso-magicdisc-overview.htm (freeware) PowerISO http://www.poweriso.com/index.htm ($29.95) Virtual CloneDrive http://www.slysoft.com/en/virtual-clonedrive.html (freeware) I currently can’t burn the .iso to media as we don’t have a dual-layer burner available (and the disc would require one due to size). Going to have to look into that as well now. Thanks, Bonnie ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: iso mounting software for Windows Server 2008 R2
We use Virtual CloneDrive as well – it works fine. Or if you want to transfer an ISO to a USB we use http://www.pendrivelinux.com/yumi-multiboot-usb-creator/ Mike From: Richard Stovall [mailto:rich...@gmail.com] Sent: 06 February 2013 15:23 To: NT System Admin Issues Subject: Re: iso mounting software for Windows Server 2008 R2 I always use Virtual CloneDrive. Slysoft is a distributor, but you can get it directly from the source, Elaborate Bytes. http://www.elby.ch/fun/software/index.html On Wed, Feb 6, 2013 at 10:02 AM, Miller Bonnie L. mille...@mukilteo.wednet.edumailto:mille...@mukilteo.wednet.edu wrote: Windows Server 2008 R2 SP1 physical server. What is your favorite, safe, and least expensive, software for mounting an .iso file on this OS? Here are a few I’ve found, but have never used any: MagicISO Virtual CD/DVD-ROM (MagicDisc) http://www.magiciso.com/tutorials/miso-magicdisc-overview.htm (freeware) PowerISOhttp://www.poweriso.com/index.htm ($29.95) Virtual CloneDrivehttp://www.slysoft.com/en/virtual-clonedrive.html (freeware) I currently can’t burn the .iso to media as we don’t have a dual-layer burner available (and the disc would require one due to size). Going to have to look into that as well now. Thanks, Bonnie ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: iso mounting software for Windows Server 2008 R2
Daemon tools lite will do it yes.. but you will have to navigate having a nice integrated search bar within IE, and a new home page, and anything else they've bundled in to the install for your 'enjoyment' now... Liam From: James Rankin [mailto:kz2...@googlemail.com] Sent: 06 February 2013 15:24 To: NT System Admin Issues Subject: Re: iso mounting software for Windows Server 2008 R2 Wouldn't Daemon Tools Lite be able to do this? I use it primarily on no-CD laptops, but it should manage just as well On 6 February 2013 15:02, Miller Bonnie L. mille...@mukilteo.wednet.edumailto:mille...@mukilteo.wednet.edu wrote: Windows Server 2008 R2 SP1 physical server. What is your favorite, safe, and least expensive, software for mounting an .iso file on this OS? Here are a few I've found, but have never used any: MagicISO Virtual CD/DVD-ROM (MagicDisc) http://www.magiciso.com/tutorials/miso-magicdisc-overview.htm (freeware) PowerISOhttp://www.poweriso.com/index.htm ($29.95) Virtual CloneDrivehttp://www.slysoft.com/en/virtual-clonedrive.html (freeware) I currently can't burn the .iso to media as we don't have a dual-layer burner available (and the disc would require one due to size). Going to have to look into that as well now. Thanks, Bonnie ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin -- James Rankin Technical Consultant (ACA, CCA, MCTS) http://appsensebigot.blogspot.co.uk ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin CONFIDENTIAL This email and any files transmitted with it may be legally privileged and are confidential. This email should not be disclosed to anyone other than the addressee nor copied in any way. This email and its attachments may be subject to copyright protection and you should not retransmit or reproduce these without the consent of the author. If received in error please advise the sender and delete the email. Any representations or commitments expressed in this email are subject to contract. DISCLAIMER Whilst we take reasonable precautions to minimise risk, you must carry out your own virus checks before opening attachments or reading e-mails and we do not accept liability for any damage or loss in this respect. Non-business related content is not authorised by us and we shall not be liable for it. We are also not responsible for changes made or occurring after this message was sent. Information about the Company and its services is available from http://www.infrasys.co.uk ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Registry entries to set a WSUS client
I'd like to test my new WSUS server, before changing my GPO to point to it. And it occurred to me that I could set a couple test VMs to point to the new server, and see if they can get their updates from it, before making the change to the GPO. There used to be a way to set this via registry entries. Anybody know if this would this still work on a Win2008 R2 server? Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\windows\WindowsUpdate] WUServer=http://new-WSUS-server; WUStatusServer=http://new-WSUS-server; [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\windows\WindowsUpdate\AU] UseWUServer=dword:0001 NoAutoUpdate=dword: AUOptions=dword:0002 ScheduledInstallDay=dword: ScheduledInstallTime=dword:0003 DetectionFrequencyEnabled=dword:0001 DetectionFrequency=dword:0001 NoAUAsDefaultShutdownOption=dword:0001 NoAUShutdownOption=dword:0001 RescheduleWaitTimeEnabled=dword:0001 RescheduleWaitTime=dword:0001 UseWUServer=dword:0001 If I import these registry entries to a test Win2003 and Win2008 R2 VMs, and then stop and start the Windows Update service, those VMs should check in with the new server, and get it's updates. Then I can see that the new server is working. Then I can change the GPO ... Thanks ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: iso mounting software for Windows Server 2008 R2
I'm fairly sure you could put a Portable version of Daemon Tools up on a network share. I use the Portable version from inside DataNow or DropBox all the time. Saves it getting installed on your server estate. Do the same with various tools like Process Explorer, TreeSize and the like. On 6 February 2013 15:52, Pete Howard pchow...@yahoo.com wrote: I like Poweriso, magiciso, vcd etc on my workstations but generally avoid installing iso tools on prod servers to keep them pristine and end up extracting from the workstation to the server. MS has a Mount-DiskImage cmdlet which sounds nice but only on win8\12 -- *From:* Miller Bonnie L. mille...@mukilteo.wednet.edu *To:* NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com *Sent:* Wednesday, February 6, 2013 10:02 AM *Subject:* iso mounting software for Windows Server 2008 R2 Windows Server 2008 R2 SP1 physical server. What is your favorite, safe, and least expensive, software for mounting an .iso file on this OS? Here are a few I’ve found, but have never used any: MagicISO Virtual CD/DVD-ROM (MagicDisc) http://www.magiciso.com/tutorials/miso-magicdisc-overview.htm (freeware) PowerISOhttp://www.poweriso.com/index.htm ($29.95) Virtual CloneDrive http://www.slysoft.com/en/virtual-clonedrive.html (freeware) I currently can’t burn the .iso to media as we don’t have a dual-layer burner available (and the disc would require one due to size). Going to have to look into that as well now. Thanks, Bonnie ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin -- *James Rankin* Technical Consultant (ACA, CCA, MCTS) http://appsensebigot.blogspot.co.uk ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Anyone heard of Meraki?
Yes, we are currently a all Cisco shop(Switches, Wireless, etc) and were looking at them for Wireless before Cisco bought them. They also have Switches, and Firewalls(which I have not had a chance to test). I just received 12, to replace our current controller and cisco access points at one of our off site locations. One of the main benefits that we are looking at is not having to buy the Cisco controllers(HW)[and redundant HW] and licenses (Controllers and WCS). The cloud control panel is easy to use, and the tech support people have been extremely helpful, when I had questions. You can get 1,3, or 5 year cloud controller licenses on each access point. One of the benefits with the cloud controller, you can set limits on traffic, block sites, etc. Client Authentication can be open, AD or LDAP, or Radius. You can also set times that each SSID is operational. You can also have network captures sent to wireshark. Also while it is not mentioned much, they include a package for the management of IPADS(Similar to Airwatch or CasperSuite), Windows PC's, etc. I'm going to look at this closer, before it is time to renew with our current vendor. Kevin Hubbard Network Technology Operations Manager Northeast State Community College 2425 Hwy 75 Blountville, TN 37617 kshubb...@northeaststate.edu Internal Extension - 3260 Direct Line - 423.354.2447 From: Patrick Salmon [psal...@gmail.com] Sent: Wednesday, February 06, 2013 10:19 AM To: NT System Admin Issues Subject: RE: Anyone heard of Meraki? Try this: http://www.quora.com/Cisco-Meraki-Acquisition-November-2012/What-is-Meraki-and-why-did-Cisco-pay-1-2-Billion-for-it Sent from my Windows Phone From: Tom Miller Sent: 2/6/2013 9:06 AM To: NT System Admin Issues Subject: Anyone heard of Meraki? ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin Anyone heard of or use Meraki wireless? It's part of Cisco, not sure if it is a recent acquisition though. One of our consultants who the IT Director here listens to recommended it. We already have regular Cisco wireless here at HQ and at one of our plants. The other plant is scheduled for wireless this year. http://www.meraki.com/ Cloud managed wireless. There's that overused word again. Comments or thoughts welcome. Tom ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin This message is intended to be confidential and may be privileged. If you have received it by mistake, please notify the sender by return e-mail and delete this message from your system. Any unauthorized use or dissemination of this message in whole or in part is strictly prohibited. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: iso mounting software for Windows Server 2008 R2
Haven't installed DT for a while now but, can't you uncheck those options during the install? You used to be able to... Regards, Don Guyer Catholic Health East - Information Technology Enterprise Directory Messaging Services 3805 West Chester Pike, Suite 100, Newtown Square, Pa 19073 email: dgu...@che.orgmailto:dgu...@che.org Office: 610.550.3595 | Cell: 610.955.6528 | Fax: 610.271.9440 For immediate assistance, please open a Service Desk ticket or call the helpdesk @ 610-492-3839. [cid:image001.jpg@01CE045D.5A514BF0] From: Liam Freeman [mailto:liam.free...@infrasys.co.uk] Sent: Wednesday, February 06, 2013 10:56 AM To: NT System Admin Issues Subject: RE: iso mounting software for Windows Server 2008 R2 Daemon tools lite will do it yes.. but you will have to navigate having a nice integrated search bar within IE, and a new home page, and anything else they've bundled in to the install for your 'enjoyment' now... Liam From: James Rankin [mailto:kz2...@googlemail.com] Sent: 06 February 2013 15:24 To: NT System Admin Issues Subject: Re: iso mounting software for Windows Server 2008 R2 Wouldn't Daemon Tools Lite be able to do this? I use it primarily on no-CD laptops, but it should manage just as well On 6 February 2013 15:02, Miller Bonnie L. mille...@mukilteo.wednet.edumailto:mille...@mukilteo.wednet.edu wrote: Windows Server 2008 R2 SP1 physical server. What is your favorite, safe, and least expensive, software for mounting an .iso file on this OS? Here are a few I've found, but have never used any: MagicISO Virtual CD/DVD-ROM (MagicDisc) http://www.magiciso.com/tutorials/miso-magicdisc-overview.htm (freeware) PowerISOhttp://www.poweriso.com/index.htm ($29.95) Virtual CloneDrivehttp://www.slysoft.com/en/virtual-clonedrive.html (freeware) I currently can't burn the .iso to media as we don't have a dual-layer burner available (and the disc would require one due to size). Going to have to look into that as well now. Thanks, Bonnie ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin -- James Rankin Technical Consultant (ACA, CCA, MCTS) http://appsensebigot.blogspot.co.uk ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin CONFIDENTIAL This email and any files transmitted with it may be legally privileged and are confidential. This email should not be disclosed to anyone other than the addressee nor copied in any way. This email and its attachments may be subject to copyright protection and you should not retransmit or reproduce these without the consent of the author. If received in error please advise the sender and delete the email. Any representations or commitments expressed in this email are subject to contract. DISCLAIMER Whilst we take reasonable precautions to minimise risk, you must carry out your own virus checks before opening attachments or reading e-mails and we do not accept liability for any damage or loss in this respect. Non-business related content is not authorised by us and we shall not be liable for it. We are also not responsible for changes made or occurring after this message was sent. Information about the Company and its services is available from http://www.infrasys.co.uk ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin Confidentiality Notice: This e-mail, including any attachments is the property of Catholic Health East and is intended for the sole use of the intended recipient(s). It may contain information that is privileged and confidential. Any unauthorized review, use, disclosure, or distribution is prohibited. If you are not the intended recipient, please delete this message, and reply to the sender regarding the error in a separate email. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to
RE: iso mounting software for Windows Server 2008 R2
Thanks everyone-sounds like either Virtual Clonedrive or MagicISO(Magicdisk) will work. I think I'll try VCD first and see what it looks like. BTW, in my research, I ran across the fact that Win8/Srv2012 have native .iso mounting options. Good to know about moving forward: http://blogs.msdn.com/b/b8/archive/2011/08/30/accessing-data-in-iso-and-vhd-files.aspx http://blogs.technet.com/b/heyscriptingguy/archive/2012/10/15/oct-15-blog.aspx Much appreciated! -B From: Andrew S. Baker [mailto:asbz...@gmail.com] Sent: Wednesday, February 06, 2013 8:02 AM To: NT System Admin Issues Subject: Re: iso mounting software for Windows Server 2008 R2 I've been using Virtual CloneDrive for years, especially on virtual systems, and it works with all versions of windows, including Win8/2012 http://www.slysoft.com/en/virtual-clonedrive.html ASB http://XeeMe.com/AndrewBakerhttp://xeeme.com/AndrewBaker Providing Virtual CIO Services (IT Operations Information Security) for the SMB market... On Wed, Feb 6, 2013 at 10:02 AM, Miller Bonnie L. mille...@mukilteo.wednet.edumailto:mille...@mukilteo.wednet.edu wrote: Windows Server 2008 R2 SP1 physical server. What is your favorite, safe, and least expensive, software for mounting an .iso file on this OS? Here are a few I've found, but have never used any: MagicISO Virtual CD/DVD-ROM (MagicDisc) http://www.magiciso.com/tutorials/miso-magicdisc-overview.htm (freeware) PowerISOhttp://www.poweriso.com/index.htm ($29.95) Virtual CloneDrivehttp://www.slysoft.com/en/virtual-clonedrive.html (freeware) I currently can't burn the .iso to media as we don't have a dual-layer burner available (and the disc would require one due to size). Going to have to look into that as well now. Thanks, Bonnie ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: iso mounting software for Windows Server 2008 R2
On Wed, Feb 6, 2013 at 10:09 AM, Glen Johnson gjohn...@vhcc.edu wrote: I like and use Virtual CloneDrive. +1 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
DFSR question regarding RDC
Got a question about this: http://msdn.microsoft.com/en-us/library/windows/desktop/bb540025(v=vs.85).aspx Replicating data to multiple servers increases data availability and gives users in remote sites fast, reliable access to files. DFSR uses a new compression algorithm called Remote Differential Compression (RDC). RDC is a diff over the wire protocol that can be used to efficiently update files over a limited-bandwidth network. RDC detects insertions, removals, and rearrangements of data in files, enabling DFSR to replicate only the deltas (changes) when files are updated. Just curious if anyone has really looked at this in regards to the RDC feature in larger files. Got a replication set we are going to setup. These will be larger files (17-25G), they will be images for Citrix Provisioning server. Wanted to know if it's really doing delta's in larger images files as they change, or replicating the whole thing. Thanks Christopher Bodnar Enterprise Architect I, Corporate Office of Technology:Enterprise Architecture and Engineering Services Tel 610-807-6459 3900 Burgess Place, Bethlehem, PA 18017 christopher_bod...@glic.com The Guardian Life Insurance Company of America www.guardianlife.com - This message, and any attachments to it, may contain information that is privileged, confidential, and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient, you are notified that any use, dissemination, distribution, copying, or communication of this message is strictly prohibited. If you have received this message in error, please notify the sender immediately by return e-mail and delete the message and any attachments. Thank you. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadminimage/jpeg
RE: Registry entries to set a WSUS client
Would it be easier to put the test subjects in their own OU, block the domain gpo for updates and make a new gpo for that ou? After testing is complete you now have a tested gpo to roll out with. -Original Message- From: Michael Leone [mailto:oozerd...@gmail.com] Sent: Wednesday, February 06, 2013 11:35 AM To: NT System Admin Issues Subject: Registry entries to set a WSUS client I'd like to test my new WSUS server, before changing my GPO to point to it. And it occurred to me that I could set a couple test VMs to point to the new server, and see if they can get their updates from it, before making the change to the GPO. There used to be a way to set this via registry entries. Anybody know if this would this still work on a Win2008 R2 server? Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\windows\WindowsUpdate] WUServer=http://new-WSUS-server; WUStatusServer=http://new-WSUS-server; [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\windows\WindowsUpdate\AU] UseWUServer=dword:0001 NoAutoUpdate=dword: AUOptions=dword:0002 ScheduledInstallDay=dword: ScheduledInstallTime=dword:0003 DetectionFrequencyEnabled=dword:0001 DetectionFrequency=dword:0001 NoAUAsDefaultShutdownOption=dword:0001 NoAUShutdownOption=dword:0001 RescheduleWaitTimeEnabled=dword:0001 RescheduleWaitTime=dword:0001 UseWUServer=dword:0001 If I import these registry entries to a test Win2003 and Win2008 R2 VMs, and then stop and start the Windows Update service, those VMs should check in with the new server, and get it's updates. Then I can see that the new server is working. Then I can change the GPO ... Thanks ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Registry entries to set a WSUS client
Couldn't you also create a test OU, create a GPO for the new WSUS server, link it to the test OU, put the VMs in that OU, reboot the VMs for the OU move and verify your WSUS settings? That way you are not touching production and also, even better, not relying on reg hacks. Thanks Webster -Original Message- From: Michael Leone [mailto:oozerd...@gmail.com] Subject: Registry entries to set a WSUS client I'd like to test my new WSUS server, before changing my GPO to point to it. And it occurred to me that I could set a couple test VMs to point to the new server, and see if they can get their updates from it, before making the change to the GPO. There used to be a way to set this via registry entries. Anybody know if this would this still work on a Win2008 R2 server? Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\windows\Windows Update] WUServer=http://new-WSUS-server; WUStatusServer=http://new-WSUS-server; [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\windows\Windows Update\AU] UseWUServer=dword:0001 NoAutoUpdate=dword: AUOptions=dword:0002 ScheduledInstallDay=dword: ScheduledInstallTime=dword:0003 DetectionFrequencyEnabled=dword:0001 DetectionFrequency=dword:0001 NoAUAsDefaultShutdownOption=dword:0001 NoAUShutdownOption=dword:0001 RescheduleWaitTimeEnabled=dword:0001 RescheduleWaitTime=dword:0001 UseWUServer=dword:0001 If I import these registry entries to a test Win2003 and Win2008 R2 VMs, and then stop and start the Windows Update service, those VMs should check in with the new server, and get it's updates. Then I can see that the new server is working. Then I can change the GPO ... ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Password complexity question
We have just come out with a Security Awareness Training doe consumers. This is from that course (available on Home Shopping Network) (Rule #5 answers your question.) Here are Kevin Mitnick’s 10 Rules for Stronger Passwords Don’t tell your passwords to anyone! Nobody should ask for your passwords, and you should never give your passwords to anyone. Normally, tech support does not need your password to get into your account, so there’s no reason for a legitimate tech support person to ever ask for your password. Don’t use simple dictionary words, pets’ names, or people’s names for passwords. Avoid easy-to-guess numbers, such as your age, zip code, birthday, or anniversary. Use passwords that are at least 20 characters long. And do not write them down where they can be easily found. Create a “pass phrase“ instead of just one word (for example, $3 for the pirate hat). Or think up a few nonsense words that you can remember easily (for example, Betty was smoking tires and playing tuna fish). Use a different password for each website. Do not use simple patterns like “password1” “password2”, “password3” or “amazon4me”, “netflix4me”, “yahoo4me” for different sites – those are too easy to guess. Change your passwords for sensitive web sites (such as your online banking) every 60-90 days. Do not use easy-toguess patterns when you change them. If you think someone may have learned your password, change it immediately. Then check the websites where you use that password for any signs of misuse – starting with your online banking site. Sometimes websites ask you to enter the answer for a “security question” you can use if you forget your password. Make your answer to the security question just as hard to guess as your password. If your bank or webmail offers you extra security features, use them! Consider using a password manager such as KeePass or Password Safe. Password managers make your Internet use a lot safer and easier. From: David Lum [mailto:david@nwea.org] Sent: Thursday, January 31, 2013 9:17 AM To: NT System Admin Issues Subject: Password complexity question I have seen a few articles on password cracking and using unrelated words, so I have a question Given the “Making complex passwords” section here: http://www.digitaltrends.com/mobile/crack-this-how-to-pick-strong-passwords-and-keep-them-that-way/ Could you use a fairly simple method to identify what the password is for and still have it tough to crack? I’m guessing no, but have to ask For a twitter account: Twitter1 vodka eagles! Then for a Facebook account:Facebook2 vodka eagles! Ebay: Ebay3 vodka eagles! Then follow that same pattern for the various accounts. While it seems like bad practice to include the service name as part of the password I thought I’d ask your guys’ opinion. It’s at least better than using the same password for everything…or is it? David Lum Sr. Systems Engineer // NWEATM Office 503.548.5229 // Cell (voice/text) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Registry entries to set a WSUS client
On Wed, Feb 6, 2013 at 11:51 AM, Webster webs...@carlwebster.com wrote: Couldn't you also create a test OU, create a GPO for the new WSUS server, link it to the test OU, put the VMs in that OU, reboot the VMs for the OU move and verify your WSUS settings? I could. That's a lot more work than just changing 2 registry entries on some test VMs that are already set to look at my old WSUS server. :-) That way you are not touching production and also, even better, not relying on reg hacks. I was never touching production anyway - I created a new WSUS server, and using a test VM that I keep around to test stuff like this. Never changed any settings on production servers, or changed any production GPOs. Never pointed the new WSUS server at the old server, started over clean. Changing the registry entries and restarting the service worked just fine, BTW. The test VM checked in to the new server, and I see a list of updates that need to be applied (as expected, since this test VM hasn't been updated in a few months). So it looks like all that is left is changing the production GPO to point to the new server, give the clients a couple days to check in, and All Should Be Good ... Thanks Webster -Original Message- From: Michael Leone [mailto:oozerd...@gmail.com] Subject: Registry entries to set a WSUS client I'd like to test my new WSUS server, before changing my GPO to point to it. And it occurred to me that I could set a couple test VMs to point to the new server, and see if they can get their updates from it, before making the change to the GPO. There used to be a way to set this via registry entries. Anybody know if this would this still work on a Win2008 R2 server? Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\windows\Windows Update] WUServer=http://new-WSUS-server; WUStatusServer=http://new-WSUS-server; [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\windows\Windows Update\AU] UseWUServer=dword:0001 NoAutoUpdate=dword: AUOptions=dword:0002 ScheduledInstallDay=dword: ScheduledInstallTime=dword:0003 DetectionFrequencyEnabled=dword:0001 DetectionFrequency=dword:0001 NoAUAsDefaultShutdownOption=dword:0001 NoAUShutdownOption=dword:0001 RescheduleWaitTimeEnabled=dword:0001 RescheduleWaitTime=dword:0001 UseWUServer=dword:0001 If I import these registry entries to a test Win2003 and Win2008 R2 VMs, and then stop and start the Windows Update service, those VMs should check in with the new server, and get it's updates. Then I can see that the new server is working. Then I can change the GPO ... ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Registry entries to set a WSUS client
I don't use all of those, but have a few non-domain WS08 R2 servers that have settings defined under (HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\windows\WindowsUpdate\AU(second section) to autoinstall non-reboot patches (for FEP AV Definitions), and it works. -Original Message- From: Michael Leone [mailto:oozerd...@gmail.com] Sent: Wednesday, February 06, 2013 7:57 AM To: NT System Admin Issues Subject: Registry entries to set a WSUS client I'd like to test my new WSUS server, before changing my GPO to point to it. And it occurred to me that I could set a couple test VMs to point to the new server, and see if they can get their updates from it, before making the change to the GPO. There used to be a way to set this via registry entries. Anybody know if this would this still work on a Win2008 R2 server? Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\windows\WindowsUpdate] WUServer=http://new-WSUS-server; WUStatusServer=http://new-WSUS-server; [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\windows\WindowsUpdate\AU] UseWUServer=dword:0001 NoAutoUpdate=dword: AUOptions=dword:0002 ScheduledInstallDay=dword: ScheduledInstallTime=dword:0003 DetectionFrequencyEnabled=dword:0001 DetectionFrequency=dword:0001 NoAUAsDefaultShutdownOption=dword:0001 NoAUShutdownOption=dword:0001 RescheduleWaitTimeEnabled=dword:0001 RescheduleWaitTime=dword:0001 UseWUServer=dword:0001 If I import these registry entries to a test Win2003 and Win2008 R2 VMs, and then stop and start the Windows Update service, those VMs should check in with the new server, and get it's updates. Then I can see that the new server is working. Then I can change the GPO ... Thanks ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: iso mounting software for Windows Server 2008 R2
True...but in an environment with tightly-controlled images (like PVS) it can help out. YMMV, etc. Sent from my Blackberry, which may be an antique but delivers email RELIABLY -Original Message- From: Andrew S. Baker asbz...@gmail.com Date: Wed, 6 Feb 2013 12:53:16 To: NT System Admin Issuesntsysadmin@lyris.sunbelt-software.com Reply-To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com Subject: Re: iso mounting software for Windows Server 2008 R2 I stick those things directly on the server. As large as Windows is by itself, the extra things that we're discussing can hardly be considered bloat. *ASB **http://XeeMe.com/AndrewBaker* http://xeeme.com/AndrewBaker* **Providing Virtual CIO Services (IT Operations Information Security) for the SMB market…*** On Wed, Feb 6, 2013 at 11:08 AM, James Rankin kz2...@googlemail.com wrote: I'm fairly sure you could put a Portable version of Daemon Tools up on a network share. I use the Portable version from inside DataNow or DropBox all the time. Saves it getting installed on your server estate. Do the same with various tools like Process Explorer, TreeSize and the like. On 6 February 2013 15:52, Pete Howard pchow...@yahoo.com wrote: I like Poweriso, magiciso, vcd etc on my workstations but generally avoid installing iso tools on prod servers to keep them pristine and end up extracting from the workstation to the server. MS has a Mount-DiskImage cmdlet which sounds nice but only on win8\12 -- *From:* Miller Bonnie L. mille...@mukilteo.wednet.edu *To:* NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com *Sent:* Wednesday, February 6, 2013 10:02 AM *Subject:* iso mounting software for Windows Server 2008 R2 Windows Server 2008 R2 SP1 physical server. What is your favorite, safe, and least expensive, software for mounting an .iso file on this OS? Here are a few I’ve found, but have never used any: MagicISO Virtual CD/DVD-ROM (MagicDisc) http://www.magiciso.com/tutorials/miso-magicdisc-overview.htm (freeware) PowerISOhttp://www.poweriso.com/index.htm ($29.95) Virtual CloneDrive http://www.slysoft.com/en/virtual-clonedrive.html (freeware) I currently can’t burn the .iso to media as we don’t have a dual-layer burner available (and the disc would require one due to size). Going to have to look into that as well now. Thanks, Bonnie ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin -- *James Rankin* Technical Consultant (ACA, CCA, MCTS) http://appsensebigot.blogspot.co.uk ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Anyone heard of Meraki?
Last year, we did a comparison of Meraki, Ruckus, Aerohive, Aruba and Cisco. Meraki to be very on-par with Aerohive, as they have similar features and are both cloud managed. We figured the math, and if you wanted only a few APs, the cloud-managed solutions where very cost effective. But, as you increased your AP count, the controller based solutions started to make more sense. We ended up choosing Ruckus. Factors in our choice were: Price (When including the year-over-year costs of controllers), wifi range (beamforming, which we find very impressive), AP load (airtime fairness), and ease of use. We are using the Meraki MDM solution for our iPads, as it's free and better than a sharp stick in they eye. --Matt Ross Ephrata School District - Original Message - From: Tom Miller [mailto:tmil...@sfgtrust.com] To: NT System Admin Issues [mailto:ntsysadmin@lyris.sunbelt-software.com] Sent: Wed, 06 Feb 2013 06:02:21 -0800 Subject: Anyone heard of Meraki? Anyone heard of or use Meraki wireless? It's part of Cisco, not sure if it is a recent acquisition though. One of our consultants who the IT Director here listens to recommended it. We already have regular Cisco wireless here at HQ and at one of our plants. The other plant is scheduled for wireless this year. http://www.meraki.com/ Cloud managed wireless. There's that overused word again. Comments or thoughts welcome. Tom ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Anyone heard of Meraki?
Have any of you looked at Meru? I saw a presentation and it looks pretty decent. http://www.merunetworks.com/ On Wed, Feb 6, 2013 at 12:32 PM, Matthew W. Ross mr...@ephrataschools.orgwrote: Last year, we did a comparison of Meraki, Ruckus, Aerohive, Aruba and Cisco. Meraki to be very on-par with Aerohive, as they have similar features and are both cloud managed. We figured the math, and if you wanted only a few APs, the cloud-managed solutions where very cost effective. But, as you increased your AP count, the controller based solutions started to make more sense. We ended up choosing Ruckus. Factors in our choice were: Price (When including the year-over-year costs of controllers), wifi range (beamforming, which we find very impressive), AP load (airtime fairness), and ease of use. We are using the Meraki MDM solution for our iPads, as it's free and better than a sharp stick in they eye. --Matt Ross Ephrata School District - Original Message - From: Tom Miller [mailto:tmil...@sfgtrust.com] To: NT System Admin Issues [mailto:ntsysadmin@lyris.sunbelt-software.com] Sent: Wed, 06 Feb 2013 06:02:21 -0800 Subject: Anyone heard of Meraki? Anyone heard of or use Meraki wireless? It's part of Cisco, not sure if it is a recent acquisition though. One of our consultants who the IT Director here listens to recommended it. We already have regular Cisco wireless here at HQ and at one of our plants. The other plant is scheduled for wireless this year. http://www.meraki.com/ Cloud managed wireless. There's that overused word again. Comments or thoughts welcome. Tom ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: iso mounting software for Windows Server 2008 R2
Peazip Portable. No, it doesn't mount the .iso. It just extracts the files. --Matt Ross Ephrata School District - Original Message - From: Miller Bonnie L. [mailto:mille...@mukilteo.wednet.edu] To: NT System Admin Issues [mailto:ntsysadmin@lyris.sunbelt-software.com] Sent: Wed, 06 Feb 2013 07:02:07 -0800 Subject: iso mounting software for Windows Server 2008 R2 Windows Server 2008 R2 SP1 physical server. What is your favorite, safe, and least expensive, software for mounting an .iso file on this OS? Here are a few I've found, but have never used any: MagicISO Virtual CD/DVD-ROM (MagicDisc) http://www.magiciso.com/tutorials/miso-magicdisc-overview.htm (freeware) PowerISOhttp://www.poweriso.com/index.htm ($29.95) Virtual CloneDrive http://www.slysoft.com/en/virtual-clonedrive.html (freeware) I currently can't burn the .iso to media as we don't have a dual-layer burner available (and the disc would require one due to size). Going to have to look into that as well now. Thanks, Bonnie ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Anyone heard of Meraki?
My company doesn't do hardware (we are a software and services shop), but one of the partner organizations we work with is a Ruckus reseller and the products are very impressive. They installed it in a large soccer stadium that wanted to offer free WiFi to attendees, with about 30,000 active connections at a time. Worked flawlessly, first time out of the box; at less than half the cost of a corresponding Cisco solution. -Original Message- From: Matthew W. Ross [mailto:mr...@ephrataschools.org] Sent: Wednesday, February 6, 2013 1:32 PM To: NT System Admin Issues Subject: Re: Anyone heard of Meraki? Last year, we did a comparison of Meraki, Ruckus, Aerohive, Aruba and Cisco. Meraki to be very on-par with Aerohive, as they have similar features and are both cloud managed. We figured the math, and if you wanted only a few APs, the cloud-managed solutions where very cost effective. But, as you increased your AP count, the controller based solutions started to make more sense. We ended up choosing Ruckus. Factors in our choice were: Price (When including the year-over-year costs of controllers), wifi range (beamforming, which we find very impressive), AP load (airtime fairness), and ease of use. We are using the Meraki MDM solution for our iPads, as it's free and better than a sharp stick in they eye. --Matt Ross Ephrata School District - Original Message - From: Tom Miller [mailto:tmil...@sfgtrust.com] To: NT System Admin Issues [mailto:ntsysadmin@lyris.sunbelt-software.com] Sent: Wed, 06 Feb 2013 06:02:21 -0800 Subject: Anyone heard of Meraki? Anyone heard of or use Meraki wireless? It's part of Cisco, not sure if it is a recent acquisition though. One of our consultants who the IT Director here listens to recommended it. We already have regular Cisco wireless here at HQ and at one of our plants. The other plant is scheduled for wireless this year. http://www.meraki.com/ Cloud managed wireless. There's that overused word again. Comments or thoughts welcome. Tom ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Anyone heard of Meraki?
We're making a rather large purchase of them, for all of our offices that have only small connections to the internet, as the Merakis will provide tunneling back to the network. This is allowing us to actually get these offices connected on the network, which is pretty cool. I was not involved in any way in research, testing, or procurement. -Joe From: Tom Miller [mailto:tmil...@sfgtrust.com] Sent: Wednesday, February 06, 2013 6:02 AM To: Heaton, Joseph@Wildlife; NT System Admin Issues Subject: Anyone heard of Meraki? Anyone heard of or use Meraki wireless? It's part of Cisco, not sure if it is a recent acquisition though. One of our consultants who the IT Director here listens to recommended it. We already have regular Cisco wireless here at HQ and at one of our plants. The other plant is scheduled for wireless this year. http://www.meraki.com/ Cloud managed wireless. There's that overused word again. Comments or thoughts welcome. Tom ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
OT: Guest network security
All, Quite some time ago, I set up an unsecured guest VLAN in our network, providing wireless access to all of the sundry devices that staff and visitors carry. I set up a small FreeBSD machine to serve IP addresses via DHCP, and that was dead simple. It is a layer2 VLAN, traversing our backbone, and terminating on our corporate firewall. However, there are now other tenants in our building, and the subnet is getting too much bandwidth and address consumption - the range I set up is completely filled, and the VLAN is consuming about half of our Internet pipe, which is far too much for my comfort. I suspect the other tenants are leeching. What I've read of captive portals seems to indicate that the portal is part of the firewall. I could be wrong about that, though. Regardless, the corporate firewall will not be allowed to be part of this solution. The only other alternative I see right now is to set up a password on the SSID, and have the front desk hand it out to guests, after mailing it to staff, and I'm getting pushback on that from my manager. Does anyone have some ideas I could pursue on this? Thanks, Kurt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Guest network security
I did that at my previous gig. I also printed tent cards up and placed them in all of the conference rooms, where company guests tend to gather. We changed the pwd every 90 days and just printed new cards. It worked well for me with no complaints. Jim Jim Holmgren Director of Technology Infrastructure Benefits Operations United Healthcare The Warehouse at Camden Yards 351 West Camden Street, Suite 100 Baltimore, MD 21201 410.625.2200 (main) 443.524.8573 (direct) 443-506.2400 (cell) -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Wednesday, February 06, 2013 2:36 PM To: NT System Admin Issues Subject: OT: Guest network security All, Quite some time ago, I set up an unsecured guest VLAN in our network, providing wireless access to all of the sundry devices that staff and visitors carry. I set up a small FreeBSD machine to serve IP addresses via DHCP, and that was dead simple. It is a layer2 VLAN, traversing our backbone, and terminating on our corporate firewall. However, there are now other tenants in our building, and the subnet is getting too much bandwidth and address consumption - the range I set up is completely filled, and the VLAN is consuming about half of our Internet pipe, which is far too much for my comfort. I suspect the other tenants are leeching. What I've read of captive portals seems to indicate that the portal is part of the firewall. I could be wrong about that, though. Regardless, the corporate firewall will not be allowed to be part of this solution. The only other alternative I see right now is to set up a password on the SSID, and have the front desk hand it out to guests, after mailing it to staff, and I'm getting pushback on that from my manager. Does anyone have some ideas I could pursue on this? Thanks, Kurt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin CONFIDENTIALITY NOTICE: This email, including attachments, is for the sole use of the intended recipient(s) and may contain confidential and/or protected health information. Under the Federal Law (HIPAA), the intended recipient is obligated to keep this information secure and confidential. Any disclosure to third parties without authorization from the affiliate or as permitted by law is prohibited and punishable under Federal Law. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. NOTA DE CONFIDENCIALIDAD: Este facsímile, incluyendo lo adjunto, es para el uso exclusivo del destinatario(s) y puede contener información confidencial y/o información protegida de salud. En virtud de la Ley Federal (HIPAA), el destinatario tiene la obligación de mantener esta información segura y confidencial. Cualquier divulgación a terceros sin la autorización de los miembros de lo permitido por la ley está prohibido y penado en virtud de la Ley Federal. Si usted no es el destinatario, por favor, póngase en contacto con el remitente por teléfono y destruir todas las copias del mensaje original ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: OT: Guest network security
I remember seeing a solution that issued tickets with a network key for guests as they came in. The name defeats me though, sorry Sent from my Blackberry, which may be an antique but delivers email RELIABLY -Original Message- From: Kurt Buff kurt.b...@gmail.com Date: Wed, 6 Feb 2013 11:36:00 To: NT System Admin Issuesntsysadmin@lyris.sunbelt-software.com Reply-To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.comSubject: OT: Guest network security All, Quite some time ago, I set up an unsecured guest VLAN in our network, providing wireless access to all of the sundry devices that staff and visitors carry. I set up a small FreeBSD machine to serve IP addresses via DHCP, and that was dead simple. It is a layer2 VLAN, traversing our backbone, and terminating on our corporate firewall. However, there are now other tenants in our building, and the subnet is getting too much bandwidth and address consumption - the range I set up is completely filled, and the VLAN is consuming about half of our Internet pipe, which is far too much for my comfort. I suspect the other tenants are leeching. What I've read of captive portals seems to indicate that the portal is part of the firewall. I could be wrong about that, though. Regardless, the corporate firewall will not be allowed to be part of this solution. The only other alternative I see right now is to set up a password on the SSID, and have the front desk hand it out to guests, after mailing it to staff, and I'm getting pushback on that from my manager. Does anyone have some ideas I could pursue on this? Thanks, Kurt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Guest network security
Might not solve the Internet pipe issue but, how about shortening the lease duration, to knock off inactive devices quicker? Regards, Don Guyer Catholic Health East - Information Technology Enterprise Directory Messaging Services 3805 West Chester Pike, Suite 100, Newtown Square, Pa 19073 email: dgu...@che.org Office: 610.550.3595 | Cell: 610.955.6528 | Fax: 610.271.9440 For immediate assistance, please open a Service Desk ticket or call the helpdesk @ 610-492-3839. -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Wednesday, February 06, 2013 2:36 PM To: NT System Admin Issues Subject: OT: Guest network security All, Quite some time ago, I set up an unsecured guest VLAN in our network, providing wireless access to all of the sundry devices that staff and visitors carry. I set up a small FreeBSD machine to serve IP addresses via DHCP, and that was dead simple. It is a layer2 VLAN, traversing our backbone, and terminating on our corporate firewall. However, there are now other tenants in our building, and the subnet is getting too much bandwidth and address consumption - the range I set up is completely filled, and the VLAN is consuming about half of our Internet pipe, which is far too much for my comfort. I suspect the other tenants are leeching. What I've read of captive portals seems to indicate that the portal is part of the firewall. I could be wrong about that, though. Regardless, the corporate firewall will not be allowed to be part of this solution. The only other alternative I see right now is to set up a password on the SSID, and have the front desk hand it out to guests, after mailing it to staff, and I'm getting pushback on that from my manager. Does anyone have some ideas I could pursue on this? Thanks, Kurt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin Confidentiality Notice: This e-mail, including any attachments is the property of Catholic Health East and is intended for the sole use of the intended recipient(s). It may contain information that is privileged and confidential. Any unauthorized review, use, disclosure, or distribution is prohibited. If you are not the intended recipient, please delete this message, and reply to the sender regarding the error in a separate email. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Guest network security
Kurt, Even with the password idea, you would have to rotate it daily if not weekly or someone will just leave it out where others can gain access. Honestly, anyone smart enough with AirCrack could get the password you put on the SSID. You could limit the DHCP scope to say 64 address and that might help limit the scope or number of people that can get on the Wireless network, or setup MAC filtering ( Again can bypass that with MAC Spoofing) but it would be a bit more manual process. I am thinking your idea about a portal process and authorization is probably the way to go, Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.org This electronic message and any attachments may be privileged and confidential and protected from disclosure. If you are reading this message, but are not the intended recipient, nor an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that you are strictly prohibited from copying, printing, forwarding or otherwise disseminating this communication. If you have received this communication in error, please immediately notify the sender by replying to the message. Then, delete the message from your computer. Thank you. -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Wednesday, February 06, 2013 2:36 PM To: NT System Admin Issues Subject: OT: Guest network security All, Quite some time ago, I set up an unsecured guest VLAN in our network, providing wireless access to all of the sundry devices that staff and visitors carry. I set up a small FreeBSD machine to serve IP addresses via DHCP, and that was dead simple. It is a layer2 VLAN, traversing our backbone, and terminating on our corporate firewall. However, there are now other tenants in our building, and the subnet is getting too much bandwidth and address consumption - the range I set up is completely filled, and the VLAN is consuming about half of our Internet pipe, which is far too much for my comfort. I suspect the other tenants are leeching. What I've read of captive portals seems to indicate that the portal is part of the firewall. I could be wrong about that, though. Regardless, the corporate firewall will not be allowed to be part of this solution. The only other alternative I see right now is to set up a password on the SSID, and have the front desk hand it out to guests, after mailing it to staff, and I'm getting pushback on that from my manager. Does anyone have some ideas I could pursue on this? Thanks, Kurt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: OT: Guest network security
Colubris is at least one. Thanks for saying that, it jogged my memory. -Original Message- From: kz2...@googlemail.com [mailto:kz2...@googlemail.com] Sent: Wednesday, February 6, 2013 2:45 PM To: NT System Admin Issues Subject: Re: OT: Guest network security I remember seeing a solution that issued tickets with a network key for guests as they came in. The name defeats me though, sorry Sent from my Blackberry, which may be an antique but delivers email RELIABLY -Original Message- From: Kurt Buff kurt.b...@gmail.com Date: Wed, 6 Feb 2013 11:36:00 To: NT System Admin Issuesntsysadmin@lyris.sunbelt-software.com Reply-To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.comSubject: OT: Guest network security All, Quite some time ago, I set up an unsecured guest VLAN in our network, providing wireless access to all of the sundry devices that staff and visitors carry. I set up a small FreeBSD machine to serve IP addresses via DHCP, and that was dead simple. It is a layer2 VLAN, traversing our backbone, and terminating on our corporate firewall. However, there are now other tenants in our building, and the subnet is getting too much bandwidth and address consumption - the range I set up is completely filled, and the VLAN is consuming about half of our Internet pipe, which is far too much for my comfort. I suspect the other tenants are leeching. What I've read of captive portals seems to indicate that the portal is part of the firewall. I could be wrong about that, though. Regardless, the corporate firewall will not be allowed to be part of this solution. The only other alternative I see right now is to set up a password on the SSID, and have the front desk hand it out to guests, after mailing it to staff, and I'm getting pushback on that from my manager. Does anyone have some ideas I could pursue on this? Thanks, Kurt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: OT: Guest network security
I was going to suggest using the SonicPoint solution from SonicWall, but you've got Sidewinders, don't you? Does McAfee have anything like SonicWall's wireless solution where it's all managed from the firewall? PS Sophos has this too, and they give their UTM firewall away free for home use. Just bring your own hardware. I just switched to this the other day and love it so far. I should write a blog post about it. (But then I'd have to create a blog...) On Wed, Feb 6, 2013 at 2:36 PM, Kurt Buff kurt.b...@gmail.com wrote: All, Quite some time ago, I set up an unsecured guest VLAN in our network, providing wireless access to all of the sundry devices that staff and visitors carry. I set up a small FreeBSD machine to serve IP addresses via DHCP, and that was dead simple. It is a layer2 VLAN, traversing our backbone, and terminating on our corporate firewall. However, there are now other tenants in our building, and the subnet is getting too much bandwidth and address consumption - the range I set up is completely filled, and the VLAN is consuming about half of our Internet pipe, which is far too much for my comfort. I suspect the other tenants are leeching. What I've read of captive portals seems to indicate that the portal is part of the firewall. I could be wrong about that, though. Regardless, the corporate firewall will not be allowed to be part of this solution. The only other alternative I see right now is to set up a password on the SSID, and have the front desk hand it out to guests, after mailing it to staff, and I'm getting pushback on that from my manager. Does anyone have some ideas I could pursue on this? Thanks, Kurt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Guest network security
Lease time is already at 4 hours, so I don't think that's our issue. On Wed, Feb 6, 2013 at 11:47 AM, Guyer, Don dgu...@che.org wrote: Might not solve the Internet pipe issue but, how about shortening the lease duration, to knock off inactive devices quicker? Regards, Don Guyer Catholic Health East - Information Technology Enterprise Directory Messaging Services 3805 West Chester Pike, Suite 100, Newtown Square, Pa 19073 email: dgu...@che.org Office: 610.550.3595 | Cell: 610.955.6528 | Fax: 610.271.9440 For immediate assistance, please open a Service Desk ticket or call the helpdesk @ 610-492-3839. -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Wednesday, February 06, 2013 2:36 PM To: NT System Admin Issues Subject: OT: Guest network security All, Quite some time ago, I set up an unsecured guest VLAN in our network, providing wireless access to all of the sundry devices that staff and visitors carry. I set up a small FreeBSD machine to serve IP addresses via DHCP, and that was dead simple. It is a layer2 VLAN, traversing our backbone, and terminating on our corporate firewall. However, there are now other tenants in our building, and the subnet is getting too much bandwidth and address consumption - the range I set up is completely filled, and the VLAN is consuming about half of our Internet pipe, which is far too much for my comfort. I suspect the other tenants are leeching. What I've read of captive portals seems to indicate that the portal is part of the firewall. I could be wrong about that, though. Regardless, the corporate firewall will not be allowed to be part of this solution. The only other alternative I see right now is to set up a password on the SSID, and have the front desk hand it out to guests, after mailing it to staff, and I'm getting pushback on that from my manager. Does anyone have some ideas I could pursue on this? Thanks, Kurt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin Confidentiality Notice: This e-mail, including any attachments is the property of Catholic Health East and is intended for the sole use of the intended recipient(s). It may contain information that is privileged and confidential. Any unauthorized review, use, disclosure, or distribution is prohibited. If you are not the intended recipient, please delete this message, and reply to the sender regarding the error in a separate email. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Guest network security
While it's possible that someone will crack the password and distribute it, I think it's a reasonable first step - simpler than putting up a captive portal. And, if it doesn't work, the captive portal can be done later. I'll definitely be looking at that. Kurt On Wed, Feb 6, 2013 at 11:49 AM, Ziots, Edward ezi...@lifespan.org wrote: Kurt, Even with the password idea, you would have to rotate it daily if not weekly or someone will just leave it out where others can gain access. Honestly, anyone smart enough with AirCrack could get the password you put on the SSID. You could limit the DHCP scope to say 64 address and that might help limit the scope or number of people that can get on the Wireless network, or setup MAC filtering ( Again can bypass that with MAC Spoofing) but it would be a bit more manual process. I am thinking your idea about a portal process and authorization is probably the way to go, Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.org This electronic message and any attachments may be privileged and confidential and protected from disclosure. If you are reading this message, but are not the intended recipient, nor an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that you are strictly prohibited from copying, printing, forwarding or otherwise disseminating this communication. If you have received this communication in error, please immediately notify the sender by replying to the message. Then, delete the message from your computer. Thank you. -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Wednesday, February 06, 2013 2:36 PM To: NT System Admin Issues Subject: OT: Guest network security All, Quite some time ago, I set up an unsecured guest VLAN in our network, providing wireless access to all of the sundry devices that staff and visitors carry. I set up a small FreeBSD machine to serve IP addresses via DHCP, and that was dead simple. It is a layer2 VLAN, traversing our backbone, and terminating on our corporate firewall. However, there are now other tenants in our building, and the subnet is getting too much bandwidth and address consumption - the range I set up is completely filled, and the VLAN is consuming about half of our Internet pipe, which is far too much for my comfort. I suspect the other tenants are leeching. What I've read of captive portals seems to indicate that the portal is part of the firewall. I could be wrong about that, though. Regardless, the corporate firewall will not be allowed to be part of this solution. The only other alternative I see right now is to set up a password on the SSID, and have the front desk hand it out to guests, after mailing it to staff, and I'm getting pushback on that from my manager. Does anyone have some ideas I could pursue on this? Thanks, Kurt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Guest network security
This looks reasonable. I brought up the filled lease table, and that got my manager's attention, so I've gotten permission to do this. Kurt On Wed, Feb 6, 2013 at 11:44 AM, Jim Holmgren jholmg...@xlhealth.com wrote: I did that at my previous gig. I also printed tent cards up and placed them in all of the conference rooms, where company guests tend to gather. We changed the pwd every 90 days and just printed new cards. It worked well for me with no complaints. Jim Jim Holmgren Director of Technology Infrastructure Benefits Operations United Healthcare The Warehouse at Camden Yards 351 West Camden Street, Suite 100 Baltimore, MD 21201 410.625.2200 (main) 443.524.8573 (direct) 443-506.2400 (cell) -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Wednesday, February 06, 2013 2:36 PM To: NT System Admin Issues Subject: OT: Guest network security All, Quite some time ago, I set up an unsecured guest VLAN in our network, providing wireless access to all of the sundry devices that staff and visitors carry. I set up a small FreeBSD machine to serve IP addresses via DHCP, and that was dead simple. It is a layer2 VLAN, traversing our backbone, and terminating on our corporate firewall. However, there are now other tenants in our building, and the subnet is getting too much bandwidth and address consumption - the range I set up is completely filled, and the VLAN is consuming about half of our Internet pipe, which is far too much for my comfort. I suspect the other tenants are leeching. What I've read of captive portals seems to indicate that the portal is part of the firewall. I could be wrong about that, though. Regardless, the corporate firewall will not be allowed to be part of this solution. The only other alternative I see right now is to set up a password on the SSID, and have the front desk hand it out to guests, after mailing it to staff, and I'm getting pushback on that from my manager. Does anyone have some ideas I could pursue on this? Thanks, Kurt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin CONFIDENTIALITY NOTICE: This email, including attachments, is for the sole use of the intended recipient(s) and may contain confidential and/or protected health information. Under the Federal Law (HIPAA), the intended recipient is obligated to keep this information secure and confidential. Any disclosure to third parties without authorization from the affiliate or as permitted by law is prohibited and punishable under Federal Law. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. NOTA DE CONFIDENCIALIDAD: Este facsímile, incluyendo lo adjunto, es para el uso exclusivo del destinatario(s) y puede contener información confidencial y/o información protegida de salud. En virtud de la Ley Federal (HIPAA), el destinatario tiene la obligación de mantener esta información segura y confidencial. Cualquier divulgación a terceros sin la autorización de los miembros de lo permitido por la ley está prohibido y penado en virtud de la Ley Federal. Si usted no es el destinatario, por favor, póngase en contacto con el remitente por teléfono y destruir todas las copias del mensaje original ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: OT: Guest network security
Interesting - if you remember the name, I'll be interested in hearing it. Kurt On Wed, Feb 6, 2013 at 11:45 AM, kz2...@googlemail.com wrote: I remember seeing a solution that issued tickets with a network key for guests as they came in. The name defeats me though, sorry Sent from my Blackberry, which may be an antique but delivers email RELIABLY -Original Message- From: Kurt Buff kurt.b...@gmail.com Date: Wed, 6 Feb 2013 11:36:00 To: NT System Admin Issuesntsysadmin@lyris.sunbelt-software.com Reply-To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.comSubject: OT: Guest network security All, Quite some time ago, I set up an unsecured guest VLAN in our network, providing wireless access to all of the sundry devices that staff and visitors carry. I set up a small FreeBSD machine to serve IP addresses via DHCP, and that was dead simple. It is a layer2 VLAN, traversing our backbone, and terminating on our corporate firewall. However, there are now other tenants in our building, and the subnet is getting too much bandwidth and address consumption - the range I set up is completely filled, and the VLAN is consuming about half of our Internet pipe, which is far too much for my comfort. I suspect the other tenants are leeching. What I've read of captive portals seems to indicate that the portal is part of the firewall. I could be wrong about that, though. Regardless, the corporate firewall will not be allowed to be part of this solution. The only other alternative I see right now is to set up a password on the SSID, and have the front desk hand it out to guests, after mailing it to staff, and I'm getting pushback on that from my manager. Does anyone have some ideas I could pursue on this? Thanks, Kurt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: OT: Guest network security
Looks like they were acquired by HP some time ago. I'll take a look to see if they'll cooperate with our Cisco WAPs. Kurt On Wed, Feb 6, 2013 at 11:58 AM, Michael B. Smith mich...@smithcons.com wrote: Colubris is at least one. Thanks for saying that, it jogged my memory. -Original Message- From: kz2...@googlemail.com [mailto:kz2...@googlemail.com] Sent: Wednesday, February 6, 2013 2:45 PM To: NT System Admin Issues Subject: Re: OT: Guest network security I remember seeing a solution that issued tickets with a network key for guests as they came in. The name defeats me though, sorry Sent from my Blackberry, which may be an antique but delivers email RELIABLY -Original Message- From: Kurt Buff kurt.b...@gmail.com Date: Wed, 6 Feb 2013 11:36:00 To: NT System Admin Issuesntsysadmin@lyris.sunbelt-software.com Reply-To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.comSubject: OT: Guest network security All, Quite some time ago, I set up an unsecured guest VLAN in our network, providing wireless access to all of the sundry devices that staff and visitors carry. I set up a small FreeBSD machine to serve IP addresses via DHCP, and that was dead simple. It is a layer2 VLAN, traversing our backbone, and terminating on our corporate firewall. However, there are now other tenants in our building, and the subnet is getting too much bandwidth and address consumption - the range I set up is completely filled, and the VLAN is consuming about half of our Internet pipe, which is far too much for my comfort. I suspect the other tenants are leeching. What I've read of captive portals seems to indicate that the portal is part of the firewall. I could be wrong about that, though. Regardless, the corporate firewall will not be allowed to be part of this solution. The only other alternative I see right now is to set up a password on the SSID, and have the front desk hand it out to guests, after mailing it to staff, and I'm getting pushback on that from my manager. Does anyone have some ideas I could pursue on this? Thanks, Kurt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: OT: Guest network security
Our Sidewinders are EOL at the end of April, and my manager doesn't like them. He's a Cisco bigot, and wants ASAs in here. I'm fighting him to at least take a look at the Palo Alto platform, or perhaps the newest iteration of the Sidewinders (which are now called McAfee Enteprise Firewalls). That's an interesting tip on the Sophos solution. What did you use for the hardware? Kurt On Wed, Feb 6, 2013 at 11:59 AM, Richard Stovall rich...@gmail.com wrote: I was going to suggest using the SonicPoint solution from SonicWall, but you've got Sidewinders, don't you? Does McAfee have anything like SonicWall's wireless solution where it's all managed from the firewall? PS Sophos has this too, and they give their UTM firewall away free for home use. Just bring your own hardware. I just switched to this the other day and love it so far. I should write a blog post about it. (But then I'd have to create a blog...) On Wed, Feb 6, 2013 at 2:36 PM, Kurt Buff kurt.b...@gmail.com wrote: All, Quite some time ago, I set up an unsecured guest VLAN in our network, providing wireless access to all of the sundry devices that staff and visitors carry. I set up a small FreeBSD machine to serve IP addresses via DHCP, and that was dead simple. It is a layer2 VLAN, traversing our backbone, and terminating on our corporate firewall. However, there are now other tenants in our building, and the subnet is getting too much bandwidth and address consumption - the range I set up is completely filled, and the VLAN is consuming about half of our Internet pipe, which is far too much for my comfort. I suspect the other tenants are leeching. What I've read of captive portals seems to indicate that the portal is part of the firewall. I could be wrong about that, though. Regardless, the corporate firewall will not be allowed to be part of this solution. The only other alternative I see right now is to set up a password on the SSID, and have the front desk hand it out to guests, after mailing it to staff, and I'm getting pushback on that from my manager. Does anyone have some ideas I could pursue on this? Thanks, Kurt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: DFSR question regarding RDC
Yes it's block level. IIRC down to like 64KB blocks that it does the diff at. Once you put the first image out there, you should only expect to replicate the diffs in all the other images. Thanks, Brian Desmond br...@briandesmond.commailto:br...@briandesmond.com w - 312.625.1438 | c - 312.731.3132 From: Christopher Bodnar [mailto:christopher_bod...@glic.com] Sent: Wednesday, February 6, 2013 10:41 AM To: NT System Admin Issues Subject: DFSR question regarding RDC Got a question about this: http://msdn.microsoft.com/en-us/library/windows/desktop/bb540025(v=vs.85).aspx Replicating data to multiple servers increases data availability and gives users in remote sites fast, reliable access to files. DFSR uses a new compression algorithm called Remote Differential Compression (RDC). RDC is a diff over the wire protocol that can be used to efficiently update files over a limited-bandwidth network. RDC detects insertions, removals, and rearrangements of data in files, enabling DFSR to replicate only the deltas (changes) when files are updated. Just curious if anyone has really looked at this in regards to the RDC feature in larger files. Got a replication set we are going to setup. These will be larger files (17-25G), they will be images for Citrix Provisioning server. Wanted to know if it's really doing delta's in larger images files as they change, or replicating the whole thing. Thanks Christopher Bodnar Enterprise Architect I, Corporate Office of Technology:Enterprise Architecture and Engineering Services Tel 610-807-6459 3900 Burgess Place, Bethlehem, PA 18017 christopher_bod...@glic.commailto: [cid:image001.jpg@01CE0475.2B21E750] The Guardian Life Insurance Company of America www.guardianlife.comhttp://www.guardianlife.com/ - This message, and any attachments to it, may contain information that is privileged, confidential, and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient, you are notified that any use, dissemination, distribution, copying, or communication of this message is strictly prohibited. If you have received this message in error, please notify the sender immediately by return e-mail and delete the message and any attachments. Thank you. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmininline: image001.jpg
RE: Guest network security
Might be good to drop down to 2 hours. At one of our locations, we went so far as 1 hour. Local support stated lots of people come in and connect tablets just to print out stuff, then leave. It's always something... : ) Regards, Don Guyer Catholic Health East - Information Technology Enterprise Directory Messaging Services 3805 West Chester Pike, Suite 100, Newtown Square, Pa 19073 email: dgu...@che.org Office: 610.550.3595 | Cell: 610.955.6528 | Fax: 610.271.9440 For immediate assistance, please open a Service Desk ticket or call the helpdesk @ 610-492-3839. -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Wednesday, February 06, 2013 3:07 PM To: NT System Admin Issues Subject: Re: Guest network security This looks reasonable. I brought up the filled lease table, and that got my manager's attention, so I've gotten permission to do this. Kurt On Wed, Feb 6, 2013 at 11:44 AM, Jim Holmgren jholmg...@xlhealth.com wrote: I did that at my previous gig. I also printed tent cards up and placed them in all of the conference rooms, where company guests tend to gather. We changed the pwd every 90 days and just printed new cards. It worked well for me with no complaints. Jim Jim Holmgren Director of Technology Infrastructure Benefits Operations United Healthcare The Warehouse at Camden Yards 351 West Camden Street, Suite 100 Baltimore, MD 21201 410.625.2200 (main) 443.524.8573 (direct) 443-506.2400 (cell) -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Wednesday, February 06, 2013 2:36 PM To: NT System Admin Issues Subject: OT: Guest network security All, Quite some time ago, I set up an unsecured guest VLAN in our network, providing wireless access to all of the sundry devices that staff and visitors carry. I set up a small FreeBSD machine to serve IP addresses via DHCP, and that was dead simple. It is a layer2 VLAN, traversing our backbone, and terminating on our corporate firewall. However, there are now other tenants in our building, and the subnet is getting too much bandwidth and address consumption - the range I set up is completely filled, and the VLAN is consuming about half of our Internet pipe, which is far too much for my comfort. I suspect the other tenants are leeching. What I've read of captive portals seems to indicate that the portal is part of the firewall. I could be wrong about that, though. Regardless, the corporate firewall will not be allowed to be part of this solution. The only other alternative I see right now is to set up a password on the SSID, and have the front desk hand it out to guests, after mailing it to staff, and I'm getting pushback on that from my manager. Does anyone have some ideas I could pursue on this? Thanks, Kurt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin CONFIDENTIALITY NOTICE: This email, including attachments, is for the sole use of the intended recipient(s) and may contain confidential and/or protected health information. Under the Federal Law (HIPAA), the intended recipient is obligated to keep this information secure and confidential. Any disclosure to third parties without authorization from the affiliate or as permitted by law is prohibited and punishable under Federal Law. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. NOTA DE CONFIDENCIALIDAD: Este facsímile, incluyendo lo adjunto, es para el uso exclusivo del destinatario(s) y puede contener información confidencial y/o información protegida de salud. En virtud de la Ley Federal (HIPAA), el destinatario tiene la obligación de mantener esta información segura y confidencial. Cualquier divulgación a terceros sin la autorización de los miembros de lo permitido por la ley está prohibido y penado en virtud de la Ley Federal. Si usted no es el destinatario, por favor, póngase en contacto con el remitente por teléfono y destruir todas las copias del mensaje original ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the
RE: OT: Guest network security
LOL Cisco bigot... why is that sooo familiar. He would probably like Fortinet better if he knew the price and performance was way better than ASA's. ( Found those to be clugy)_ Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.org This electronic message and any attachments may be privileged and confidential and protected from disclosure. If you are reading this message, but are not the intended recipient, nor an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that you are strictly prohibited from copying, printing, forwarding or otherwise disseminating this communication. If you have received this communication in error, please immediately notify the sender by replying to the message. Then, delete the message from your computer. Thank you. -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Wednesday, February 06, 2013 3:21 PM To: NT System Admin Issues Subject: Re: OT: Guest network security Our Sidewinders are EOL at the end of April, and my manager doesn't like them. He's a Cisco bigot, and wants ASAs in here. I'm fighting him to at least take a look at the Palo Alto platform, or perhaps the newest iteration of the Sidewinders (which are now called McAfee Enteprise Firewalls). That's an interesting tip on the Sophos solution. What did you use for the hardware? Kurt On Wed, Feb 6, 2013 at 11:59 AM, Richard Stovall rich...@gmail.com wrote: I was going to suggest using the SonicPoint solution from SonicWall, but you've got Sidewinders, don't you? Does McAfee have anything like SonicWall's wireless solution where it's all managed from the firewall? PS Sophos has this too, and they give their UTM firewall away free for home use. Just bring your own hardware. I just switched to this the other day and love it so far. I should write a blog post about it. (But then I'd have to create a blog...) On Wed, Feb 6, 2013 at 2:36 PM, Kurt Buff kurt.b...@gmail.com wrote: All, Quite some time ago, I set up an unsecured guest VLAN in our network, providing wireless access to all of the sundry devices that staff and visitors carry. I set up a small FreeBSD machine to serve IP addresses via DHCP, and that was dead simple. It is a layer2 VLAN, traversing our backbone, and terminating on our corporate firewall. However, there are now other tenants in our building, and the subnet is getting too much bandwidth and address consumption - the range I set up is completely filled, and the VLAN is consuming about half of our Internet pipe, which is far too much for my comfort. I suspect the other tenants are leeching. What I've read of captive portals seems to indicate that the portal is part of the firewall. I could be wrong about that, though. Regardless, the corporate firewall will not be allowed to be part of this solution. The only other alternative I see right now is to set up a password on the SSID, and have the front desk hand it out to guests, after mailing it to staff, and I'm getting pushback on that from my manager. Does anyone have some ideas I could pursue on this? Thanks, Kurt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: OT: Guest network security
I have two CCIE's that work for me. Both also used to work for a Cisco VAR - so obviously Cisco bigots. They both recommended PA to me over the ASA. From a security perspective, the PA do so much more than ASAs. We still use ASAs for some intranet firewalls. Are you using the Cisco controllers with your WAPs? If so, they have captive portal capability. They call it Lobby Ambassador. On Wed, Feb 6, 2013 at 3:20 PM, Kurt Buff kurt.b...@gmail.com wrote: Our Sidewinders are EOL at the end of April, and my manager doesn't like them. He's a Cisco bigot, and wants ASAs in here. I'm fighting him to at least take a look at the Palo Alto platform, or perhaps the newest iteration of the Sidewinders (which are now called McAfee Enteprise Firewalls). That's an interesting tip on the Sophos solution. What did you use for the hardware? Kurt On Wed, Feb 6, 2013 at 11:59 AM, Richard Stovall rich...@gmail.com wrote: I was going to suggest using the SonicPoint solution from SonicWall, but you've got Sidewinders, don't you? Does McAfee have anything like SonicWall's wireless solution where it's all managed from the firewall? PS Sophos has this too, and they give their UTM firewall away free for home use. Just bring your own hardware. I just switched to this the other day and love it so far. I should write a blog post about it. (But then I'd have to create a blog...) On Wed, Feb 6, 2013 at 2:36 PM, Kurt Buff kurt.b...@gmail.com wrote: All, Quite some time ago, I set up an unsecured guest VLAN in our network, providing wireless access to all of the sundry devices that staff and visitors carry. I set up a small FreeBSD machine to serve IP addresses via DHCP, and that was dead simple. It is a layer2 VLAN, traversing our backbone, and terminating on our corporate firewall. However, there are now other tenants in our building, and the subnet is getting too much bandwidth and address consumption - the range I set up is completely filled, and the VLAN is consuming about half of our Internet pipe, which is far too much for my comfort. I suspect the other tenants are leeching. What I've read of captive portals seems to indicate that the portal is part of the firewall. I could be wrong about that, though. Regardless, the corporate firewall will not be allowed to be part of this solution. The only other alternative I see right now is to set up a password on the SSID, and have the front desk hand it out to guests, after mailing it to staff, and I'm getting pushback on that from my manager. Does anyone have some ideas I could pursue on this? Thanks, Kurt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: OT: Guest network security
If you mean PA=Palo Alto, they are dead on (scary CCIE would say that being from the CISCO house) I work on Palo Alto Daily, and its sick how much these things can do. Been finding a lot that I wouldn't have been able to obtain but regular firewall log parsing, and being able to quantifiy you own applications and make traffic rules based on them is pretty killer. Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.org This electronic message and any attachments may be privileged and confidential and protected from disclosure. If you are reading this message, but are not the intended recipient, nor an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that you are strictly prohibited from copying, printing, forwarding or otherwise disseminating this communication. If you have received this communication in error, please immediately notify the sender by replying to the message. Then, delete the message from your computer. Thank you. [Description: Description: Lifespan] From: Kevin Lundy [mailto:klu...@gmail.com] Sent: Wednesday, February 06, 2013 3:48 PM To: NT System Admin Issues Subject: Re: OT: Guest network security I have two CCIE's that work for me. Both also used to work for a Cisco VAR - so obviously Cisco bigots. They both recommended PA to me over the ASA. From a security perspective, the PA do so much more than ASAs. We still use ASAs for some intranet firewalls. Are you using the Cisco controllers with your WAPs? If so, they have captive portal capability. They call it Lobby Ambassador. On Wed, Feb 6, 2013 at 3:20 PM, Kurt Buff kurt.b...@gmail.commailto:kurt.b...@gmail.com wrote: Our Sidewinders are EOL at the end of April, and my manager doesn't like them. He's a Cisco bigot, and wants ASAs in here. I'm fighting him to at least take a look at the Palo Alto platform, or perhaps the newest iteration of the Sidewinders (which are now called McAfee Enteprise Firewalls). That's an interesting tip on the Sophos solution. What did you use for the hardware? Kurt On Wed, Feb 6, 2013 at 11:59 AM, Richard Stovall rich...@gmail.commailto:rich...@gmail.com wrote: I was going to suggest using the SonicPoint solution from SonicWall, but you've got Sidewinders, don't you? Does McAfee have anything like SonicWall's wireless solution where it's all managed from the firewall? PS Sophos has this too, and they give their UTM firewall away free for home use. Just bring your own hardware. I just switched to this the other day and love it so far. I should write a blog post about it. (But then I'd have to create a blog...) On Wed, Feb 6, 2013 at 2:36 PM, Kurt Buff kurt.b...@gmail.commailto:kurt.b...@gmail.com wrote: All, Quite some time ago, I set up an unsecured guest VLAN in our network, providing wireless access to all of the sundry devices that staff and visitors carry. I set up a small FreeBSD machine to serve IP addresses via DHCP, and that was dead simple. It is a layer2 VLAN, traversing our backbone, and terminating on our corporate firewall. However, there are now other tenants in our building, and the subnet is getting too much bandwidth and address consumption - the range I set up is completely filled, and the VLAN is consuming about half of our Internet pipe, which is far too much for my comfort. I suspect the other tenants are leeching. What I've read of captive portals seems to indicate that the portal is part of the firewall. I could be wrong about that, though. Regardless, the corporate firewall will not be allowed to be part of this solution. The only other alternative I see right now is to set up a password on the SSID, and have the front desk hand it out to guests, after mailing it to staff, and I'm getting pushback on that from my manager. Does anyone have some ideas I could pursue on this? Thanks, Kurt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to
RE: DFSR question regarding RDC
Using DFS-R for PVS 6.x is really nice. PVS 5.x doesn't support DFS-R so don't call Citrix or MS for support when it screws up your PVS system (provided you can even get DFS-R and PVS to even start looking at each other). Thanks Webster From: Brian Desmond [mailto:br...@briandesmond.com] Sent: Wednesday, February 06, 2013 2:21 PM To: NT System Admin Issues Subject: RE: DFSR question regarding RDC Yes it's block level. IIRC down to like 64KB blocks that it does the diff at. Once you put the first image out there, you should only expect to replicate the diffs in all the other images. Thanks, Brian Desmond br...@briandesmond.commailto:br...@briandesmond.com w - 312.625.1438 | c - 312.731.3132 From: Christopher Bodnar [mailto:christopher_bod...@glic.com] Sent: Wednesday, February 6, 2013 10:41 AM To: NT System Admin Issues Subject: DFSR question regarding RDC Got a question about this: http://msdn.microsoft.com/en-us/library/windows/desktop/bb540025(v=vs.85).aspx Replicating data to multiple servers increases data availability and gives users in remote sites fast, reliable access to files. DFSR uses a new compression algorithm called Remote Differential Compression (RDC). RDC is a diff over the wire protocol that can be used to efficiently update files over a limited-bandwidth network. RDC detects insertions, removals, and rearrangements of data in files, enabling DFSR to replicate only the deltas (changes) when files are updated. Just curious if anyone has really looked at this in regards to the RDC feature in larger files. Got a replication set we are going to setup. These will be larger files (17-25G), they will be images for Citrix Provisioning server. Wanted to know if it's really doing delta's in larger images files as they change, or replicating the whole thing. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: OT: Guest network security
Yep PA=Palo Alto When we made the switch, our ASAs were due to be replaced. Our Websense subscription was up for renewal at the same time. The PA's were about the same price as new ASAs + Websense renewal. Made for a no brainer decision. Curious Z, are you using the Wildfire piece? On Wed, Feb 6, 2013 at 4:08 PM, Ziots, Edward ezi...@lifespan.org wrote: If you mean PA=Palo Alto, they are dead on (scary CCIE would say that being from the CISCO house) I work on Palo Alto Daily, and its sick how much these things can do. Been finding a lot that I wouldn’t have been able to obtain but regular firewall log parsing, and being able to quantifiy you own applications and make traffic rules based on them is pretty killer. ** ** Z ** ** Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.org ** ** This electronic message and any attachments may be privileged and confidential and protected from disclosure. If you are reading this message, but are not the intended recipient, nor an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that you are strictly prohibited from copying, printing, forwarding or otherwise disseminating this communication. If you have received this communication in error, please immediately notify the sender by replying to the message. Then, delete the message from your computer. Thank you. *[image: Description: Description: Lifespan]* ** ** ** ** *From:* Kevin Lundy [mailto:klu...@gmail.com] *Sent:* Wednesday, February 06, 2013 3:48 PM *To:* NT System Admin Issues *Subject:* Re: OT: Guest network security ** ** I have two CCIE's that work for me. Both also used to work for a Cisco VAR - so obviously Cisco bigots. They both recommended PA to me over the ASA. From a security perspective, the PA do so much more than ASAs. We still use ASAs for some intranet firewalls. Are you using the Cisco controllers with your WAPs? If so, they have captive portal capability. They call it Lobby Ambassador. On Wed, Feb 6, 2013 at 3:20 PM, Kurt Buff kurt.b...@gmail.com wrote: Our Sidewinders are EOL at the end of April, and my manager doesn't like them. He's a Cisco bigot, and wants ASAs in here. I'm fighting him to at least take a look at the Palo Alto platform, or perhaps the newest iteration of the Sidewinders (which are now called McAfee Enteprise Firewalls). That's an interesting tip on the Sophos solution. What did you use for the hardware? Kurt On Wed, Feb 6, 2013 at 11:59 AM, Richard Stovall rich...@gmail.com wrote: I was going to suggest using the SonicPoint solution from SonicWall, but you've got Sidewinders, don't you? Does McAfee have anything like SonicWall's wireless solution where it's all managed from the firewall? PS Sophos has this too, and they give their UTM firewall away free for home use. Just bring your own hardware. I just switched to this the other day and love it so far. I should write a blog post about it. (But then I'd have to create a blog...) On Wed, Feb 6, 2013 at 2:36 PM, Kurt Buff kurt.b...@gmail.com wrote: All, Quite some time ago, I set up an unsecured guest VLAN in our network, providing wireless access to all of the sundry devices that staff and visitors carry. I set up a small FreeBSD machine to serve IP addresses via DHCP, and that was dead simple. It is a layer2 VLAN, traversing our backbone, and terminating on our corporate firewall. However, there are now other tenants in our building, and the subnet is getting too much bandwidth and address consumption - the range I set up is completely filled, and the VLAN is consuming about half of our Internet pipe, which is far too much for my comfort. I suspect the other tenants are leeching. What I've read of captive portals seems to indicate that the portal is part of the firewall. I could be wrong about that, though. Regardless, the corporate firewall will not be allowed to be part of this solution. The only other alternative I see right now is to set up a password on the SSID, and have the front desk hand it out to guests, after mailing it to staff, and I'm getting pushback on that from my manager. Does anyone have some ideas I could pursue on this? Thanks, Kurt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here:
Re: OT: Guest network security
We have 15 Cisco 1240AGs, which were apparently announced of End of Sale, though EOL is apparently 2018.. No controller, but I just talked with our supplier, who is recommending the 2504. There's a unit that comes with a 15-WAP license, for not too expensive. *Very* good to know about the captive portal capability. The recommendation of CCIEs for the PA over the ASA is, well, interesting. I wonder if I can find someone he will believe on that... Kurt On Wed, Feb 6, 2013 at 12:48 PM, Kevin Lundy klu...@gmail.com wrote: I have two CCIE's that work for me. Both also used to work for a Cisco VAR - so obviously Cisco bigots. They both recommended PA to me over the ASA. From a security perspective, the PA do so much more than ASAs. We still use ASAs for some intranet firewalls. Are you using the Cisco controllers with your WAPs? If so, they have captive portal capability. They call it Lobby Ambassador. On Wed, Feb 6, 2013 at 3:20 PM, Kurt Buff kurt.b...@gmail.com wrote: Our Sidewinders are EOL at the end of April, and my manager doesn't like them. He's a Cisco bigot, and wants ASAs in here. I'm fighting him to at least take a look at the Palo Alto platform, or perhaps the newest iteration of the Sidewinders (which are now called McAfee Enteprise Firewalls). That's an interesting tip on the Sophos solution. What did you use for the hardware? Kurt On Wed, Feb 6, 2013 at 11:59 AM, Richard Stovall rich...@gmail.com wrote: I was going to suggest using the SonicPoint solution from SonicWall, but you've got Sidewinders, don't you? Does McAfee have anything like SonicWall's wireless solution where it's all managed from the firewall? PS Sophos has this too, and they give their UTM firewall away free for home use. Just bring your own hardware. I just switched to this the other day and love it so far. I should write a blog post about it. (But then I'd have to create a blog...) On Wed, Feb 6, 2013 at 2:36 PM, Kurt Buff kurt.b...@gmail.com wrote: All, Quite some time ago, I set up an unsecured guest VLAN in our network, providing wireless access to all of the sundry devices that staff and visitors carry. I set up a small FreeBSD machine to serve IP addresses via DHCP, and that was dead simple. It is a layer2 VLAN, traversing our backbone, and terminating on our corporate firewall. However, there are now other tenants in our building, and the subnet is getting too much bandwidth and address consumption - the range I set up is completely filled, and the VLAN is consuming about half of our Internet pipe, which is far too much for my comfort. I suspect the other tenants are leeching. What I've read of captive portals seems to indicate that the portal is part of the firewall. I could be wrong about that, though. Regardless, the corporate firewall will not be allowed to be part of this solution. The only other alternative I see right now is to set up a password on the SSID, and have the front desk hand it out to guests, after mailing it to staff, and I'm getting pushback on that from my manager. Does anyone have some ideas I could pursue on this? Thanks, Kurt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: OT: Guest network security
Anyone have a favorite VAR to work with for PA's ? A few of myusualvendors dont carry themFrom: "Ziots, Edward" ezi...@lifespan.org To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com Sent: Wednesday, February 6, 2013 4:08 PM Subject: RE: OT: Guest network security If you mean PA=Palo Alto, they are dead on (scary CCIE would say that being from the CISCO house) I work on Palo Alto Daily, and its sick how much these things can do. Been finding a lot that I wouldn’t have been able to obtain but regular firewall log parsing, and being able to quantifiy you own applications and make traffic rules based on them is pretty killer. Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.org This electronic message and any attachments may be privileged and confidential and protected from disclosure. If you are reading this message, but are not the intended recipient, nor an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that you are strictly prohibited from copying, printing, forwarding or otherwise disseminating this communication. If you have received this communication in error, please immediately notify the sender by replying to the message. Then, delete the message from your computer. Thank you. From: Kevin Lundy [mailto:klu...@gmail.com] Sent: Wednesday, February 06, 2013 3:48 PM To: NT System Admin Issues Subject: Re: OT: Guest network security I have two CCIE's that work for me. Both also used to work for a Cisco VAR - so obviously Cisco bigots. They both recommended PA to me over the ASA. From a security perspective, the PA do so much more than ASAs. We still use ASAs for some intranet firewalls. Are you using the Cisco controllers with your WAPs? If so, they have captive portal capability. They call it Lobby Ambassador. On Wed, Feb 6, 2013 at 3:20 PM, Kurt Buff kurt.b...@gmail.com wrote: Our Sidewinders are EOL at the end of April, and my manager doesn't like them. He's a Cisco bigot, and wants ASAs in here. I'm fighting him to at least take a look at the Palo Alto platform, or perhaps the newest iteration of the Sidewinders (which are now called McAfee Enteprise Firewalls). That's an interesting tip on the Sophos solution. What did you use for the hardware? Kurt On Wed, Feb 6, 2013 at 11:59 AM, Richard Stovall rich...@gmail.com wrote: I was going to suggest using the SonicPoint solution from SonicWall, but you've got Sidewinders, don't you? Does McAfee have anything like SonicWall's wireless solution where it's all managed from the firewall? PS Sophos has this too, and they give their UTM firewall away free for home use. Just bring your own hardware. I just switched to this the other day and love it so far. I should write a blog post about it. (But then I'd have to create a blog...) On Wed, Feb 6, 2013 at 2:36 PM, Kurt Buff kurt.b...@gmail.com wrote: All, Quite some time ago, I set up an unsecured guest VLAN in our network, providing wireless access to all of the sundry devices that staff and visitors carry. I set up a small FreeBSD machine to serve IP addresses via DHCP, and that was dead simple. It is a layer2 VLAN, traversing our backbone, and terminating on our corporate firewall. However, there are now other tenants in our building, and the subnet is getting too much bandwidth and address consumption - the range I set up is completely filled, and the VLAN is consuming about half of our Internet pipe, which is far too much for my comfort. I suspect the other tenants are leeching. What I've read of captive portals seems to indicate that the portal is part of the firewall. I could be wrong about that, though. Regardless, the corporate firewall will not be allowed to be part of this solution. The only other alternative I see right now is to set up a password on the SSID, and have the front desk hand it out to guests, after mailing it to staff, and I'm getting pushback on that from my manager. Does anyone have some ideas I could pursue on this? Thanks, Kurt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click
Re: Anyone heard of Meraki?
Thanks for that feedback, MBS... *ASB **http://XeeMe.com/AndrewBaker* http://xeeme.com/AndrewBaker* **Providing Virtual CIO Services (IT Operations Information Security) for the SMB market…*** On Wed, Feb 6, 2013 at 2:13 PM, Michael B. Smith mich...@smithcons.comwrote: My company doesn't do hardware (we are a software and services shop), but one of the partner organizations we work with is a Ruckus reseller and the products are very impressive. They installed it in a large soccer stadium that wanted to offer free WiFi to attendees, with about 30,000 active connections at a time. Worked flawlessly, first time out of the box; at less than half the cost of a corresponding Cisco solution. -Original Message- From: Matthew W. Ross [mailto:mr...@ephrataschools.org] Sent: Wednesday, February 6, 2013 1:32 PM To: NT System Admin Issues Subject: Re: Anyone heard of Meraki? Last year, we did a comparison of Meraki, Ruckus, Aerohive, Aruba and Cisco. Meraki to be very on-par with Aerohive, as they have similar features and are both cloud managed. We figured the math, and if you wanted only a few APs, the cloud-managed solutions where very cost effective. But, as you increased your AP count, the controller based solutions started to make more sense. We ended up choosing Ruckus. Factors in our choice were: Price (When including the year-over-year costs of controllers), wifi range (beamforming, which we find very impressive), AP load (airtime fairness), and ease of use. We are using the Meraki MDM solution for our iPads, as it's free and better than a sharp stick in they eye. --Matt Ross Ephrata School District - Original Message - From: Tom Miller [mailto:tmil...@sfgtrust.com] To: NT System Admin Issues [mailto:ntsysadmin@lyris.sunbelt-software.com] Sent: Wed, 06 Feb 2013 06:02:21 -0800 Subject: Anyone heard of Meraki? Anyone heard of or use Meraki wireless? It's part of Cisco, not sure if it is a recent acquisition though. One of our consultants who the IT Director here listens to recommended it. We already have regular Cisco wireless here at HQ and at one of our plants. The other plant is scheduled for wireless this year. http://www.meraki.com/ Cloud managed wireless. There's that overused word again. Comments or thoughts welcome. Tom ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: OT: Guest network security
I'll choose a Fortinet over an ASA every day of the week... *ASB **http://XeeMe.com/AndrewBaker* http://xeeme.com/AndrewBaker* **Providing Virtual CIO Services (IT Operations Information Security) for the SMB market…*** On Wed, Feb 6, 2013 at 3:44 PM, Ziots, Edward ezi...@lifespan.org wrote: LOL Cisco bigot... why is that sooo familiar. He would probably like Fortinet better if he knew the price and performance was way better than ASA's. ( Found those to be clugy)_ Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.org This electronic message and any attachments may be privileged and confidential and protected from disclosure. If you are reading this message, but are not the intended recipient, nor an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that you are strictly prohibited from copying, printing, forwarding or otherwise disseminating this communication. If you have received this communication in error, please immediately notify the sender by replying to the message. Then, delete the message from your computer. Thank you. -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Wednesday, February 06, 2013 3:21 PM To: NT System Admin Issues Subject: Re: OT: Guest network security Our Sidewinders are EOL at the end of April, and my manager doesn't like them. He's a Cisco bigot, and wants ASAs in here. I'm fighting him to at least take a look at the Palo Alto platform, or perhaps the newest iteration of the Sidewinders (which are now called McAfee Enteprise Firewalls). That's an interesting tip on the Sophos solution. What did you use for the hardware? Kurt On Wed, Feb 6, 2013 at 11:59 AM, Richard Stovall rich...@gmail.com wrote: I was going to suggest using the SonicPoint solution from SonicWall, but you've got Sidewinders, don't you? Does McAfee have anything like SonicWall's wireless solution where it's all managed from the firewall? PS Sophos has this too, and they give their UTM firewall away free for home use. Just bring your own hardware. I just switched to this the other day and love it so far. I should write a blog post about it. (But then I'd have to create a blog...) On Wed, Feb 6, 2013 at 2:36 PM, Kurt Buff kurt.b...@gmail.com wrote: All, Quite some time ago, I set up an unsecured guest VLAN in our network, providing wireless access to all of the sundry devices that staff and visitors carry. I set up a small FreeBSD machine to serve IP addresses via DHCP, and that was dead simple. It is a layer2 VLAN, traversing our backbone, and terminating on our corporate firewall. However, there are now other tenants in our building, and the subnet is getting too much bandwidth and address consumption - the range I set up is completely filled, and the VLAN is consuming about half of our Internet pipe, which is far too much for my comfort. I suspect the other tenants are leeching. What I've read of captive portals seems to indicate that the portal is part of the firewall. I could be wrong about that, though. Regardless, the corporate firewall will not be allowed to be part of this solution. The only other alternative I see right now is to set up a password on the SSID, and have the front desk hand it out to guests, after mailing it to staff, and I'm getting pushback on that from my manager. Does anyone have some ideas I could pursue on this? Thanks, Kurt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
Re: OT: Guest network security
Yes. You can contact me off-line... *ASB **http://XeeMe.com/AndrewBaker* http://xeeme.com/AndrewBaker* **Providing Virtual CIO Services (IT Operations Information Security) for the SMB market…*** On Wed, Feb 6, 2013 at 4:59 PM, Pete Howard pchow...@yahoo.com wrote: Anyone have a favorite VAR to work with for PA's ? A few of my usual vendors dont carry them -- *From:* Ziots, Edward ezi...@lifespan.org *To:* NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com *Sent:* Wednesday, February 6, 2013 4:08 PM *Subject:* RE: OT: Guest network security If you mean PA=Palo Alto, they are dead on (scary CCIE would say that being from the CISCO house) I work on Palo Alto Daily, and its sick how much these things can do. Been finding a lot that I wouldn’t have been able to obtain but regular firewall log parsing, and being able to quantifiy you own applications and make traffic rules based on them is pretty killer. Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.org This electronic message and any attachments may be privileged and confidential and protected from disclosure. If you are reading this message, but are not the intended recipient, nor an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that you are strictly prohibited from copying, printing, forwarding or otherwise disseminating this communication. If you have received this communication in error, please immediately notify the sender by replying to the message. Then, delete the message from your computer. Thank you. *[image: Description: Description: Lifespan]* *From:* Kevin Lundy [mailto:klu...@gmail.com] *Sent:* Wednesday, February 06, 2013 3:48 PM *To:* NT System Admin Issues *Subject:* Re: OT: Guest network security I have two CCIE's that work for me. Both also used to work for a Cisco VAR - so obviously Cisco bigots. They both recommended PA to me over the ASA. From a security perspective, the PA do so much more than ASAs. We still use ASAs for some intranet firewalls. Are you using the Cisco controllers with your WAPs? If so, they have captive portal capability. They call it Lobby Ambassador. On Wed, Feb 6, 2013 at 3:20 PM, Kurt Buff kurt.b...@gmail.com wrote: Our Sidewinders are EOL at the end of April, and my manager doesn't like them. He's a Cisco bigot, and wants ASAs in here. I'm fighting him to at least take a look at the Palo Alto platform, or perhaps the newest iteration of the Sidewinders (which are now called McAfee Enteprise Firewalls). That's an interesting tip on the Sophos solution. What did you use for the hardware? Kurt On Wed, Feb 6, 2013 at 11:59 AM, Richard Stovall rich...@gmail.com wrote: I was going to suggest using the SonicPoint solution from SonicWall, but you've got Sidewinders, don't you? Does McAfee have anything like SonicWall's wireless solution where it's all managed from the firewall? PS Sophos has this too, and they give their UTM firewall away free for home use. Just bring your own hardware. I just switched to this the other day and love it so far. I should write a blog post about it. (But then I'd have to create a blog...) On Wed, Feb 6, 2013 at 2:36 PM, Kurt Buff kurt.b...@gmail.com wrote: All, Quite some time ago, I set up an unsecured guest VLAN in our network, providing wireless access to all of the sundry devices that staff and visitors carry. I set up a small FreeBSD machine to serve IP addresses via DHCP, and that was dead simple. It is a layer2 VLAN, traversing our backbone, and terminating on our corporate firewall. However, there are now other tenants in our building, and the subnet is getting too much bandwidth and address consumption - the range I set up is completely filled, and the VLAN is consuming about half of our Internet pipe, which is far too much for my comfort. I suspect the other tenants are leeching. What I've read of captive portals seems to indicate that the portal is part of the firewall. I could be wrong about that, though. Regardless, the corporate firewall will not be allowed to be part of this solution. The only other alternative I see right now is to set up a password on the SSID, and have the front desk hand it out to guests, after mailing it to staff, and I'm getting pushback on that from my manager. Does anyone have some ideas I could pursue on this? Thanks, Kurt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a
RE: blogging
Congrats on making to the 1 year mark. Keep up the good work. Thanks Webster From: James Rankin [mailto:kz2...@googlemail.com] Sent: Wednesday, February 06, 2013 4:13 PM To: NT System Admin Issues Subject: OT: blogging It's exactly one year today since a thread on this list (and a few of the list members) encouraged me to start blogging. After nearly 100,000 page views and one industry award later, I have to say thankyou for the encouragement Here's my brief and uninteresting anniversary post http://appsensebigot.blogspot.co.uk/2013/02/a-year-of-appsense-bigotry.html Thanks again, -- James Rankin Technical Consultant (ACA, CCA, MCTS) http://appsensebigot.blogspot.co.uk ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: DFSR question regarding RDC
You just need to be aware of things like encrypted files, where changing the file and re-encrypting will typically change the entire file. Also, for very large data sets, be aware of the need to size your DFS-R cache on each server. Cheers Ken From: Brian Desmond [mailto:br...@briandesmond.com] Sent: Thursday, 7 February 2013 7:21 AM To: NT System Admin Issues Subject: RE: DFSR question regarding RDC Yes it's block level. IIRC down to like 64KB blocks that it does the diff at. Once you put the first image out there, you should only expect to replicate the diffs in all the other images. Thanks, Brian Desmond br...@briandesmond.commailto:br...@briandesmond.com w - 312.625.1438 | c - 312.731.3132 From: Christopher Bodnar [mailto:christopher_bod...@glic.com] Sent: Wednesday, February 6, 2013 10:41 AM To: NT System Admin Issues Subject: DFSR question regarding RDC Got a question about this: http://msdn.microsoft.com/en-us/library/windows/desktop/bb540025(v=vs.85).aspx Replicating data to multiple servers increases data availability and gives users in remote sites fast, reliable access to files. DFSR uses a new compression algorithm called Remote Differential Compression (RDC). RDC is a diff over the wire protocol that can be used to efficiently update files over a limited-bandwidth network. RDC detects insertions, removals, and rearrangements of data in files, enabling DFSR to replicate only the deltas (changes) when files are updated. Just curious if anyone has really looked at this in regards to the RDC feature in larger files. Got a replication set we are going to setup. These will be larger files (17-25G), they will be images for Citrix Provisioning server. Wanted to know if it's really doing delta's in larger images files as they change, or replicating the whole thing. Thanks Christopher Bodnar Enterprise Architect I, Corporate Office of Technology:Enterprise Architecture and Engineering Services Tel 610-807-6459 3900 Burgess Place, Bethlehem, PA 18017 christopher_bod...@glic.commailto: [cid:image001.jpg@01CE051B.D520DE40] The Guardian Life Insurance Company of America www.guardianlife.comhttp://www.guardianlife.com/ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmininline: image001.jpg
Wow. Just what we need
A limited threat, but a good one: Packet of death http://blog.krisk.org/2013/02/packets-of-death.html Also, https://isc.sans.edu/diary/Intel+Network+Card+%2882574L%29+Packet+of+Death/15109 - see the comment... What a brilliant sleuthing job, though, and a mention of a tool that's new to me and possibly quite promising. Kurt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: OT: Guest network security
I chose to build a new system so it would be small and silent rather than use an old computer lying around the house. I went with: Intel D2500CCE fanless mini-ITX motherboard (Dual core 1.86 GHz Atom CPU with dual Intel NICs onboard) 4 GB RAM 128GB Vertex 4 SSD It has been in 'production' for a couple of weeks now, and is stable and very fast. I also really like having the content filtering and antivirus capabilities of a UTM firewall at home. The management interface is a little weird at first, but you get used to it. I demo'ed the software in a VirtualBox VM for a week or so before pulling the trigger on the hardware expense. If anyone is interested, the page at Sophos describing the offering is: http://www.sophos.com/en-us/products/free-tools/sophos-utm-home-edition.aspx On Wed, Feb 6, 2013 at 3:20 PM, Kurt Buff kurt.b...@gmail.com wrote: Our Sidewinders are EOL at the end of April, and my manager doesn't like them. He's a Cisco bigot, and wants ASAs in here. I'm fighting him to at least take a look at the Palo Alto platform, or perhaps the newest iteration of the Sidewinders (which are now called McAfee Enteprise Firewalls). That's an interesting tip on the Sophos solution. What did you use for the hardware? Kurt On Wed, Feb 6, 2013 at 11:59 AM, Richard Stovall rich...@gmail.com wrote: I was going to suggest using the SonicPoint solution from SonicWall, but you've got Sidewinders, don't you? Does McAfee have anything like SonicWall's wireless solution where it's all managed from the firewall? PS Sophos has this too, and they give their UTM firewall away free for home use. Just bring your own hardware. I just switched to this the other day and love it so far. I should write a blog post about it. (But then I'd have to create a blog...) On Wed, Feb 6, 2013 at 2:36 PM, Kurt Buff kurt.b...@gmail.com wrote: All, Quite some time ago, I set up an unsecured guest VLAN in our network, providing wireless access to all of the sundry devices that staff and visitors carry. I set up a small FreeBSD machine to serve IP addresses via DHCP, and that was dead simple. It is a layer2 VLAN, traversing our backbone, and terminating on our corporate firewall. However, there are now other tenants in our building, and the subnet is getting too much bandwidth and address consumption - the range I set up is completely filled, and the VLAN is consuming about half of our Internet pipe, which is far too much for my comfort. I suspect the other tenants are leeching. What I've read of captive portals seems to indicate that the portal is part of the firewall. I could be wrong about that, though. Regardless, the corporate firewall will not be allowed to be part of this solution. The only other alternative I see right now is to set up a password on the SSID, and have the front desk hand it out to guests, after mailing it to staff, and I'm getting pushback on that from my manager. Does anyone have some ideas I could pursue on this? Thanks, Kurt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: OT: Guest network security
So your wireless is served elsewise? Kurt On Wed, Feb 6, 2013 at 5:31 PM, Richard Stovall rich...@gmail.com wrote: I chose to build a new system so it would be small and silent rather than use an old computer lying around the house. I went with: Intel D2500CCE fanless mini-ITX motherboard (Dual core 1.86 GHz Atom CPU with dual Intel NICs onboard) 4 GB RAM 128GB Vertex 4 SSD It has been in 'production' for a couple of weeks now, and is stable and very fast. I also really like having the content filtering and antivirus capabilities of a UTM firewall at home. The management interface is a little weird at first, but you get used to it. I demo'ed the software in a VirtualBox VM for a week or so before pulling the trigger on the hardware expense. If anyone is interested, the page at Sophos describing the offering is: http://www.sophos.com/en-us/products/free-tools/sophos-utm-home-edition.aspx On Wed, Feb 6, 2013 at 3:20 PM, Kurt Buff kurt.b...@gmail.com wrote: Our Sidewinders are EOL at the end of April, and my manager doesn't like them. He's a Cisco bigot, and wants ASAs in here. I'm fighting him to at least take a look at the Palo Alto platform, or perhaps the newest iteration of the Sidewinders (which are now called McAfee Enteprise Firewalls). That's an interesting tip on the Sophos solution. What did you use for the hardware? Kurt On Wed, Feb 6, 2013 at 11:59 AM, Richard Stovall rich...@gmail.com wrote: I was going to suggest using the SonicPoint solution from SonicWall, but you've got Sidewinders, don't you? Does McAfee have anything like SonicWall's wireless solution where it's all managed from the firewall? PS Sophos has this too, and they give their UTM firewall away free for home use. Just bring your own hardware. I just switched to this the other day and love it so far. I should write a blog post about it. (But then I'd have to create a blog...) On Wed, Feb 6, 2013 at 2:36 PM, Kurt Buff kurt.b...@gmail.com wrote: All, Quite some time ago, I set up an unsecured guest VLAN in our network, providing wireless access to all of the sundry devices that staff and visitors carry. I set up a small FreeBSD machine to serve IP addresses via DHCP, and that was dead simple. It is a layer2 VLAN, traversing our backbone, and terminating on our corporate firewall. However, there are now other tenants in our building, and the subnet is getting too much bandwidth and address consumption - the range I set up is completely filled, and the VLAN is consuming about half of our Internet pipe, which is far too much for my comfort. I suspect the other tenants are leeching. What I've read of captive portals seems to indicate that the portal is part of the firewall. I could be wrong about that, though. Regardless, the corporate firewall will not be allowed to be part of this solution. The only other alternative I see right now is to set up a password on the SSID, and have the front desk hand it out to guests, after mailing it to staff, and I'm getting pushback on that from my manager. Does anyone have some ideas I could pursue on this? Thanks, Kurt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: OT: Guest network security
My bad. I bought a Sophos AP 30 to go along with the firewall hardware. This AP alone was about 45% of the total cost of the project, but I still saved a good chunk of change over the SonicWall TZ + SonicPoint solution that I had been planning on buying before finding the Sophos home license. On Wed, Feb 6, 2013 at 8:42 PM, Kurt Buff kurt.b...@gmail.com wrote: So your wireless is served elsewise? Kurt On Wed, Feb 6, 2013 at 5:31 PM, Richard Stovall rich...@gmail.com wrote: I chose to build a new system so it would be small and silent rather than use an old computer lying around the house. I went with: Intel D2500CCE fanless mini-ITX motherboard (Dual core 1.86 GHz Atom CPU with dual Intel NICs onboard) 4 GB RAM 128GB Vertex 4 SSD It has been in 'production' for a couple of weeks now, and is stable and very fast. I also really like having the content filtering and antivirus capabilities of a UTM firewall at home. The management interface is a little weird at first, but you get used to it. I demo'ed the software in a VirtualBox VM for a week or so before pulling the trigger on the hardware expense. If anyone is interested, the page at Sophos describing the offering is: http://www.sophos.com/en-us/products/free-tools/sophos-utm-home-edition.aspx On Wed, Feb 6, 2013 at 3:20 PM, Kurt Buff kurt.b...@gmail.com wrote: Our Sidewinders are EOL at the end of April, and my manager doesn't like them. He's a Cisco bigot, and wants ASAs in here. I'm fighting him to at least take a look at the Palo Alto platform, or perhaps the newest iteration of the Sidewinders (which are now called McAfee Enteprise Firewalls). That's an interesting tip on the Sophos solution. What did you use for the hardware? Kurt On Wed, Feb 6, 2013 at 11:59 AM, Richard Stovall rich...@gmail.com wrote: I was going to suggest using the SonicPoint solution from SonicWall, but you've got Sidewinders, don't you? Does McAfee have anything like SonicWall's wireless solution where it's all managed from the firewall? PS Sophos has this too, and they give their UTM firewall away free for home use. Just bring your own hardware. I just switched to this the other day and love it so far. I should write a blog post about it. (But then I'd have to create a blog...) On Wed, Feb 6, 2013 at 2:36 PM, Kurt Buff kurt.b...@gmail.com wrote: All, Quite some time ago, I set up an unsecured guest VLAN in our network, providing wireless access to all of the sundry devices that staff and visitors carry. I set up a small FreeBSD machine to serve IP addresses via DHCP, and that was dead simple. It is a layer2 VLAN, traversing our backbone, and terminating on our corporate firewall. However, there are now other tenants in our building, and the subnet is getting too much bandwidth and address consumption - the range I set up is completely filled, and the VLAN is consuming about half of our Internet pipe, which is far too much for my comfort. I suspect the other tenants are leeching. What I've read of captive portals seems to indicate that the portal is part of the firewall. I could be wrong about that, though. Regardless, the corporate firewall will not be allowed to be part of this solution. The only other alternative I see right now is to set up a password on the SSID, and have the front desk hand it out to guests, after mailing it to staff, and I'm getting pushback on that from my manager. Does anyone have some ideas I could pursue on this? Thanks, Kurt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to
RE: OT: Guest network security
Last $dayjob$ before current I pushed the guest network to a DSL line and put a cheap Linksys SOHO router on it. Kept the Production as closed as possible and guest had hours of operation. I found our neighbors using our guest on more than a couple of occasions. Politics plays a big part in these decisions. I went at it that we were using x% of the T1 on average with y% being used at peak. Since y was at or near capacity it was not hard to convince the powers that be that we would have to restrict what the staff was doing or put guest out on their own. I did get permission to place limits on where we would secure the guest network before I even got it operational. I was able to show our neighbor's signal strength would allow them to connect. Jon Date: Wed, 6 Feb 2013 11:36:00 -0800 Subject: OT: Guest network security From: kurt.b...@gmail.com To: ntsysadmin@lyris.sunbelt-software.com All, Quite some time ago, I set up an unsecured guest VLAN in our network, providing wireless access to all of the sundry devices that staff and visitors carry. I set up a small FreeBSD machine to serve IP addresses via DHCP, and that was dead simple. It is a layer2 VLAN, traversing our backbone, and terminating on our corporate firewall. However, there are now other tenants in our building, and the subnet is getting too much bandwidth and address consumption - the range I set up is completely filled, and the VLAN is consuming about half of our Internet pipe, which is far too much for my comfort. I suspect the other tenants are leeching. What I've read of captive portals seems to indicate that the portal is part of the firewall. I could be wrong about that, though. Regardless, the corporate firewall will not be allowed to be part of this solution. The only other alternative I see right now is to set up a password on the SSID, and have the front desk hand it out to guests, after mailing it to staff, and I'm getting pushback on that from my manager. Does anyone have some ideas I could pursue on this? Thanks, Kurt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Guest network security
Would not MAC filtering be a bit intensive for what he wants? If you could reverse filter that would be the way to go. Jon From: ezi...@lifespan.org To: ntsysadmin@lyris.sunbelt-software.com Subject: RE: Guest network security Date: Wed, 6 Feb 2013 19:49:23 + Kurt, Even with the password idea, you would have to rotate it daily if not weekly or someone will just leave it out where others can gain access. Honestly, anyone smart enough with AirCrack could get the password you put on the SSID. You could limit the DHCP scope to say 64 address and that might help limit the scope or number of people that can get on the Wireless network, or setup MAC filtering ( Again can bypass that with MAC Spoofing) but it would be a bit more manual process. I am thinking your idea about a portal process and authorization is probably the way to go, Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.org This electronic message and any attachments may be privileged and confidential and protected from disclosure. If you are reading this message, but are not the intended recipient, nor an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that you are strictly prohibited from copying, printing, forwarding or otherwise disseminating this communication. If you have received this communication in error, please immediately notify the sender by replying to the message. Then, delete the message from your computer. Thank you. -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Wednesday, February 06, 2013 2:36 PM To: NT System Admin Issues Subject: OT: Guest network security All, Quite some time ago, I set up an unsecured guest VLAN in our network, providing wireless access to all of the sundry devices that staff and visitors carry. I set up a small FreeBSD machine to serve IP addresses via DHCP, and that was dead simple. It is a layer2 VLAN, traversing our backbone, and terminating on our corporate firewall. However, there are now other tenants in our building, and the subnet is getting too much bandwidth and address consumption - the range I set up is completely filled, and the VLAN is consuming about half of our Internet pipe, which is far too much for my comfort. I suspect the other tenants are leeching. What I've read of captive portals seems to indicate that the portal is part of the firewall. I could be wrong about that, though. Regardless, the corporate firewall will not be allowed to be part of this solution. The only other alternative I see right now is to set up a password on the SSID, and have the front desk hand it out to guests, after mailing it to staff, and I'm getting pushback on that from my manager. Does anyone have some ideas I could pursue on this? Thanks, Kurt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: OT: Guest network security
I have to say, it is pretty cool to have basically the same features at home that I have at work, even if the two user interfaces are completely different. I dropped a good chunk of change up front, but I'll come out way ahead over a period of 4+ years. (At least compared to SonicWall pricing from a really good reseller.) Now, if the hardware dies, or Sophos drops the program, I'll be calling you for the name of your Fortinet vendor... :) On Wed, Feb 6, 2013 at 9:05 PM, Andrew S. Baker asbz...@gmail.com wrote: Whoa!!! That looks awesome. Man, I could really have gone for that a few weeks back. My Fortigate 40C arrives tomorrow. :) *ASB **http://XeeMe.com/AndrewBaker* http://xeeme.com/AndrewBaker* **Providing Virtual CIO Services (IT Operations Information Security) for the SMB market…*** On Wed, Feb 6, 2013 at 8:31 PM, Richard Stovall rich...@gmail.com wrote: I chose to build a new system so it would be small and silent rather than use an old computer lying around the house. I went with: Intel D2500CCE fanless mini-ITX motherboard (Dual core 1.86 GHz Atom CPU with dual Intel NICs onboard) 4 GB RAM 128GB Vertex 4 SSD It has been in 'production' for a couple of weeks now, and is stable and very fast. I also really like having the content filtering and antivirus capabilities of a UTM firewall at home. The management interface is a little weird at first, but you get used to it. I demo'ed the software in a VirtualBox VM for a week or so before pulling the trigger on the hardware expense. If anyone is interested, the page at Sophos describing the offering is: http://www.sophos.com/en-us/products/free-tools/sophos-utm-home-edition.aspx On Wed, Feb 6, 2013 at 3:20 PM, Kurt Buff kurt.b...@gmail.com wrote: Our Sidewinders are EOL at the end of April, and my manager doesn't like them. He's a Cisco bigot, and wants ASAs in here. I'm fighting him to at least take a look at the Palo Alto platform, or perhaps the newest iteration of the Sidewinders (which are now called McAfee Enteprise Firewalls). That's an interesting tip on the Sophos solution. What did you use for the hardware? Kurt On Wed, Feb 6, 2013 at 11:59 AM, Richard Stovall rich...@gmail.com wrote: I was going to suggest using the SonicPoint solution from SonicWall, but you've got Sidewinders, don't you? Does McAfee have anything like SonicWall's wireless solution where it's all managed from the firewall? PS Sophos has this too, and they give their UTM firewall away free for home use. Just bring your own hardware. I just switched to this the other day and love it so far. I should write a blog post about it. (But then I'd have to create a blog...) On Wed, Feb 6, 2013 at 2:36 PM, Kurt Buff kurt.b...@gmail.com wrote: All, Quite some time ago, I set up an unsecured guest VLAN in our network, providing wireless access to all of the sundry devices that staff and visitors carry. I set up a small FreeBSD machine to serve IP addresses via DHCP, and that was dead simple. It is a layer2 VLAN, traversing our backbone, and terminating on our corporate firewall. However, there are now other tenants in our building, and the subnet is getting too much bandwidth and address consumption - the range I set up is completely filled, and the VLAN is consuming about half of our Internet pipe, which is far too much for my comfort. I suspect the other tenants are leeching. What I've read of captive portals seems to indicate that the portal is part of the firewall. I could be wrong about that, though. Regardless, the corporate firewall will not be allowed to be part of this solution. The only other alternative I see right now is to set up a password on the SSID, and have the front desk hand it out to guests, after mailing it to staff, and I'm getting pushback on that from my manager. Does anyone have some ideas I could pursue on this? Thanks, Kurt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body:
Re: Wow. Just what we need
On Wed, Feb 6, 2013 at 8:23 PM, Kurt Buff kurt.b...@gmail.com wrote: A limited threat, but a good one: Packet of death http://blog.krisk.org/2013/02/packets-of-death.html Wow. The author's investigation of the issue is quite impressive. As is his workaround for vendor brain damage on redistributing the fix. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Wow. Just what we need
On Wed, Feb 6, 2013 at 8:23 PM, Kurt Buff kurt.b...@gmail.com wrote: Packet of death http://blog.krisk.org/2013/02/packets-of-death.html P.S.: From the author, in the comments: [Intel] considered this issue to be completely isolated to me. Once I deployed my fix it was case closed and they stopped my replying to further inquiries. The entire purpose of this post was to find other affected users (which has been successful). Intel has a fix, they just need to release it. Boo to Intel for sweeping bugs under the rug again. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: OT: Guest network security
I didn't know that Sophos had gotten into the hardware world. That's very interesting, and I'll have to take a look at it. Just as an aside - I think that wired end-point connectivity is going the way of the dodo, except for the most demanding loads, so it make a deal of sense for them to do that. Kurt On Wed, Feb 6, 2013 at 6:04 PM, Richard Stovall rich...@gmail.com wrote: My bad. I bought a Sophos AP 30 to go along with the firewall hardware. This AP alone was about 45% of the total cost of the project, but I still saved a good chunk of change over the SonicWall TZ + SonicPoint solution that I had been planning on buying before finding the Sophos home license. On Wed, Feb 6, 2013 at 8:42 PM, Kurt Buff kurt.b...@gmail.com wrote: So your wireless is served elsewise? Kurt On Wed, Feb 6, 2013 at 5:31 PM, Richard Stovall rich...@gmail.com wrote: I chose to build a new system so it would be small and silent rather than use an old computer lying around the house. I went with: Intel D2500CCE fanless mini-ITX motherboard (Dual core 1.86 GHz Atom CPU with dual Intel NICs onboard) 4 GB RAM 128GB Vertex 4 SSD It has been in 'production' for a couple of weeks now, and is stable and very fast. I also really like having the content filtering and antivirus capabilities of a UTM firewall at home. The management interface is a little weird at first, but you get used to it. I demo'ed the software in a VirtualBox VM for a week or so before pulling the trigger on the hardware expense. If anyone is interested, the page at Sophos describing the offering is: http://www.sophos.com/en-us/products/free-tools/sophos-utm-home-edition.aspx On Wed, Feb 6, 2013 at 3:20 PM, Kurt Buff kurt.b...@gmail.com wrote: Our Sidewinders are EOL at the end of April, and my manager doesn't like them. He's a Cisco bigot, and wants ASAs in here. I'm fighting him to at least take a look at the Palo Alto platform, or perhaps the newest iteration of the Sidewinders (which are now called McAfee Enteprise Firewalls). That's an interesting tip on the Sophos solution. What did you use for the hardware? Kurt On Wed, Feb 6, 2013 at 11:59 AM, Richard Stovall rich...@gmail.com wrote: I was going to suggest using the SonicPoint solution from SonicWall, but you've got Sidewinders, don't you? Does McAfee have anything like SonicWall's wireless solution where it's all managed from the firewall? PS Sophos has this too, and they give their UTM firewall away free for home use. Just bring your own hardware. I just switched to this the other day and love it so far. I should write a blog post about it. (But then I'd have to create a blog...) On Wed, Feb 6, 2013 at 2:36 PM, Kurt Buff kurt.b...@gmail.com wrote: All, Quite some time ago, I set up an unsecured guest VLAN in our network, providing wireless access to all of the sundry devices that staff and visitors carry. I set up a small FreeBSD machine to serve IP addresses via DHCP, and that was dead simple. It is a layer2 VLAN, traversing our backbone, and terminating on our corporate firewall. However, there are now other tenants in our building, and the subnet is getting too much bandwidth and address consumption - the range I set up is completely filled, and the VLAN is consuming about half of our Internet pipe, which is far too much for my comfort. I suspect the other tenants are leeching. What I've read of captive portals seems to indicate that the portal is part of the firewall. I could be wrong about that, though. Regardless, the corporate firewall will not be allowed to be part of this solution. The only other alternative I see right now is to set up a password on the SSID, and have the front desk hand it out to guests, after mailing it to staff, and I'm getting pushback on that from my manager. Does anyone have some ideas I could pursue on this? Thanks, Kurt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here:
Re: Wow. Just what we need
On Wed, Feb 6, 2013 at 7:03 PM, Ben Scott mailvor...@gmail.com wrote: On Wed, Feb 6, 2013 at 8:23 PM, Kurt Buff kurt.b...@gmail.com wrote: Packet of death http://blog.krisk.org/2013/02/packets-of-death.html P.S.: From the author, in the comments: [Intel] considered this issue to be completely isolated to me. Once I deployed my fix it was case closed and they stopped my replying to further inquiries. The entire purpose of this post was to find other affected users (which has been successful). Intel has a fix, they just need to release it. Boo to Intel for sweeping bugs under the rug again. -- Ben Indeed. I have expected better from Intel for a long time - this is very disappointing. Kurt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: OT: Guest network security
Wired connectivity is going to be around for a while - even for EUC. Lots of orgs (governments, banks etc.) have limited or no wireless available for various reasons. Cheers Ken -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Thursday, 7 February 2013 5:22 PM To: NT System Admin Issues Subject: Re: OT: Guest network security I didn't know that Sophos had gotten into the hardware world. That's very interesting, and I'll have to take a look at it. Just as an aside - I think that wired end-point connectivity is going the way of the dodo, except for the most demanding loads, so it make a deal of sense for them to do that. Kurt On Wed, Feb 6, 2013 at 6:04 PM, Richard Stovall rich...@gmail.com wrote: My bad. I bought a Sophos AP 30 to go along with the firewall hardware. This AP alone was about 45% of the total cost of the project, but I still saved a good chunk of change over the SonicWall TZ + SonicPoint solution that I had been planning on buying before finding the Sophos home license. On Wed, Feb 6, 2013 at 8:42 PM, Kurt Buff kurt.b...@gmail.com wrote: So your wireless is served elsewise? Kurt On Wed, Feb 6, 2013 at 5:31 PM, Richard Stovall rich...@gmail.com wrote: I chose to build a new system so it would be small and silent rather than use an old computer lying around the house. I went with: Intel D2500CCE fanless mini-ITX motherboard (Dual core 1.86 GHz Atom CPU with dual Intel NICs onboard) 4 GB RAM 128GB Vertex 4 SSD It has been in 'production' for a couple of weeks now, and is stable and very fast. I also really like having the content filtering and antivirus capabilities of a UTM firewall at home. The management interface is a little weird at first, but you get used to it. I demo'ed the software in a VirtualBox VM for a week or so before pulling the trigger on the hardware expense. If anyone is interested, the page at Sophos describing the offering is: http://www.sophos.com/en-us/products/free-tools/sophos-utm-home-edi tion.aspx ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin