RE: OT: Guest network security
I Love the wildfire piece, its amazing what I get from it. 125% recommend that you turn it on if you haven't. The sandboxing reports I get I review and then update my security controls accordingly. Its been a real eye opener for some here. Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.org This electronic message and any attachments may be privileged and confidential and protected from disclosure. If you are reading this message, but are not the intended recipient, nor an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that you are strictly prohibited from copying, printing, forwarding or otherwise disseminating this communication. If you have received this communication in error, please immediately notify the sender by replying to the message. Then, delete the message from your computer. Thank you. [Description: Description: Lifespan] From: Kevin Lundy [mailto:klu...@gmail.com] Sent: Wednesday, February 06, 2013 4:42 PM To: NT System Admin Issues Subject: Re: OT: Guest network security Yep PA=Palo Alto When we made the switch, our ASAs were due to be replaced. Our Websense subscription was up for renewal at the same time. The PA's were about the same price as new ASAs + Websense renewal. Made for a no brainer decision. Curious Z, are you using the Wildfire piece? On Wed, Feb 6, 2013 at 4:08 PM, Ziots, Edward ezi...@lifespan.orgmailto:ezi...@lifespan.org wrote: If you mean PA=Palo Alto, they are dead on (scary CCIE would say that being from the CISCO house) I work on Palo Alto Daily, and its sick how much these things can do. Been finding a lot that I wouldn't have been able to obtain but regular firewall log parsing, and being able to quantifiy you own applications and make traffic rules based on them is pretty killer. Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.orgmailto:ezi...@lifespan.org This electronic message and any attachments may be privileged and confidential and protected from disclosure. If you are reading this message, but are not the intended recipient, nor an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that you are strictly prohibited from copying, printing, forwarding or otherwise disseminating this communication. If you have received this communication in error, please immediately notify the sender by replying to the message. Then, delete the message from your computer. Thank you. [Description: Description: Lifespan] From: Kevin Lundy [mailto:klu...@gmail.commailto:klu...@gmail.com] Sent: Wednesday, February 06, 2013 3:48 PM To: NT System Admin Issues Subject: Re: OT: Guest network security I have two CCIE's that work for me. Both also used to work for a Cisco VAR - so obviously Cisco bigots. They both recommended PA to me over the ASA. From a security perspective, the PA do so much more than ASAs. We still use ASAs for some intranet firewalls. Are you using the Cisco controllers with your WAPs? If so, they have captive portal capability. They call it Lobby Ambassador. On Wed, Feb 6, 2013 at 3:20 PM, Kurt Buff kurt.b...@gmail.commailto:kurt.b...@gmail.com wrote: Our Sidewinders are EOL at the end of April, and my manager doesn't like them. He's a Cisco bigot, and wants ASAs in here. I'm fighting him to at least take a look at the Palo Alto platform, or perhaps the newest iteration of the Sidewinders (which are now called McAfee Enteprise Firewalls). That's an interesting tip on the Sophos solution. What did you use for the hardware? Kurt On Wed, Feb 6, 2013 at 11:59 AM, Richard Stovall rich...@gmail.commailto:rich...@gmail.com wrote: I was going to suggest using the SonicPoint solution from SonicWall, but you've got Sidewinders, don't you? Does McAfee have anything like SonicWall's wireless solution where it's all managed from the firewall? PS Sophos has this too, and they give their UTM firewall away free for home use. Just bring your own hardware. I just switched to this the other day and love it so far. I should write a blog post about it. (But then I'd have to create a blog...) On Wed, Feb 6, 2013 at 2:36 PM, Kurt Buff kurt.b...@gmail.commailto:kurt.b...@gmail.com wrote: All, Quite some time ago, I set up an unsecured guest VLAN in our network, providing wireless access to all of the sundry devices that staff and visitors carry. I set up a small FreeBSD machine to serve IP addresses via DHCP, and that was dead simple. It is a layer2 VLAN, traversing our backbone, and terminating on our corporate firewall. However, there are now other tenants in our building, and the subnet is getting too much bandwidth and address consumption - the range I set up is completely filled, and the VLAN is consuming about half of our Internet pipe, which is far too much for
RE: OT: Guest network security
Hell I'd vouche for the PA's for ya, because I have been working with them directly for about a year and done alot of lockdown based on the functionality that isn't in ASA's or other FW's I have worked with. Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.org This electronic message and any attachments may be privileged and confidential and protected from disclosure. If you are reading this message, but are not the intended recipient, nor an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that you are strictly prohibited from copying, printing, forwarding or otherwise disseminating this communication. If you have received this communication in error, please immediately notify the sender by replying to the message. Then, delete the message from your computer. Thank you. -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Wednesday, February 06, 2013 4:45 PM To: NT System Admin Issues Subject: Re: OT: Guest network security We have 15 Cisco 1240AGs, which were apparently announced of End of Sale, though EOL is apparently 2018.. No controller, but I just talked with our supplier, who is recommending the 2504. There's a unit that comes with a 15-WAP license, for not too expensive. *Very* good to know about the captive portal capability. The recommendation of CCIEs for the PA over the ASA is, well, interesting. I wonder if I can find someone he will believe on that... Kurt On Wed, Feb 6, 2013 at 12:48 PM, Kevin Lundy klu...@gmail.com wrote: I have two CCIE's that work for me. Both also used to work for a Cisco VAR - so obviously Cisco bigots. They both recommended PA to me over the ASA. From a security perspective, the PA do so much more than ASAs. We still use ASAs for some intranet firewalls. Are you using the Cisco controllers with your WAPs? If so, they have captive portal capability. They call it Lobby Ambassador. On Wed, Feb 6, 2013 at 3:20 PM, Kurt Buff kurt.b...@gmail.com wrote: Our Sidewinders are EOL at the end of April, and my manager doesn't like them. He's a Cisco bigot, and wants ASAs in here. I'm fighting him to at least take a look at the Palo Alto platform, or perhaps the newest iteration of the Sidewinders (which are now called McAfee Enteprise Firewalls). That's an interesting tip on the Sophos solution. What did you use for the hardware? Kurt On Wed, Feb 6, 2013 at 11:59 AM, Richard Stovall rich...@gmail.com wrote: I was going to suggest using the SonicPoint solution from SonicWall, but you've got Sidewinders, don't you? Does McAfee have anything like SonicWall's wireless solution where it's all managed from the firewall? PS Sophos has this too, and they give their UTM firewall away free for home use. Just bring your own hardware. I just switched to this the other day and love it so far. I should write a blog post about it. (But then I'd have to create a blog...) On Wed, Feb 6, 2013 at 2:36 PM, Kurt Buff kurt.b...@gmail.com wrote: All, Quite some time ago, I set up an unsecured guest VLAN in our network, providing wireless access to all of the sundry devices that staff and visitors carry. I set up a small FreeBSD machine to serve IP addresses via DHCP, and that was dead simple. It is a layer2 VLAN, traversing our backbone, and terminating on our corporate firewall. However, there are now other tenants in our building, and the subnet is getting too much bandwidth and address consumption - the range I set up is completely filled, and the VLAN is consuming about half of our Internet pipe, which is far too much for my comfort. I suspect the other tenants are leeching. What I've read of captive portals seems to indicate that the portal is part of the firewall. I could be wrong about that, though. Regardless, the corporate firewall will not be allowed to be part of this solution. The only other alternative I see right now is to set up a password on the SSID, and have the front desk hand it out to guests, after mailing it to staff, and I'm getting pushback on that from my manager. Does anyone have some ideas I could pursue on this? Thanks, Kurt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body:
RE: OT: Guest network security
Adaptive out of Portsmouth NH is who we work with. All they do is PA…. Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.org This electronic message and any attachments may be privileged and confidential and protected from disclosure. If you are reading this message, but are not the intended recipient, nor an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that you are strictly prohibited from copying, printing, forwarding or otherwise disseminating this communication. If you have received this communication in error, please immediately notify the sender by replying to the message. Then, delete the message from your computer. Thank you. [Description: Description: Lifespan] From: Pete Howard [mailto:pchow...@yahoo.com] Sent: Wednesday, February 06, 2013 4:59 PM To: NT System Admin Issues Subject: Re: OT: Guest network security Anyone have a favorite VAR to work with for PA's ? A few of my usual vendors dont carry them From: Ziots, Edward ezi...@lifespan.orgmailto:ezi...@lifespan.org To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com Sent: Wednesday, February 6, 2013 4:08 PM Subject: RE: OT: Guest network security If you mean PA=Palo Alto, they are dead on (scary CCIE would say that being from the CISCO house) I work on Palo Alto Daily, and its sick how much these things can do. Been finding a lot that I wouldn’t have been able to obtain but regular firewall log parsing, and being able to quantifiy you own applications and make traffic rules based on them is pretty killer. Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.orgmailto:ezi...@lifespan.org This electronic message and any attachments may be privileged and confidential and protected from disclosure. If you are reading this message, but are not the intended recipient, nor an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that you are strictly prohibited from copying, printing, forwarding or otherwise disseminating this communication. If you have received this communication in error, please immediately notify the sender by replying to the message. Then, delete the message from your computer. Thank you. [Description: Description: Lifespan] From: Kevin Lundy [mailto:klu...@gmail.com] Sent: Wednesday, February 06, 2013 3:48 PM To: NT System Admin Issues Subject: Re: OT: Guest network security I have two CCIE's that work for me. Both also used to work for a Cisco VAR - so obviously Cisco bigots. They both recommended PA to me over the ASA. From a security perspective, the PA do so much more than ASAs. We still use ASAs for some intranet firewalls. Are you using the Cisco controllers with your WAPs? If so, they have captive portal capability. They call it Lobby Ambassador. On Wed, Feb 6, 2013 at 3:20 PM, Kurt Buff kurt.b...@gmail.commailto:kurt.b...@gmail.com wrote: Our Sidewinders are EOL at the end of April, and my manager doesn't like them. He's a Cisco bigot, and wants ASAs in here. I'm fighting him to at least take a look at the Palo Alto platform, or perhaps the newest iteration of the Sidewinders (which are now called McAfee Enteprise Firewalls). That's an interesting tip on the Sophos solution. What did you use for the hardware? Kurt On Wed, Feb 6, 2013 at 11:59 AM, Richard Stovall rich...@gmail.commailto:rich...@gmail.com wrote: I was going to suggest using the SonicPoint solution from SonicWall, but you've got Sidewinders, don't you? Does McAfee have anything like SonicWall's wireless solution where it's all managed from the firewall? PS Sophos has this too, and they give their UTM firewall away free for home use. Just bring your own hardware. I just switched to this the other day and love it so far. I should write a blog post about it. (But then I'd have to create a blog...) On Wed, Feb 6, 2013 at 2:36 PM, Kurt Buff kurt.b...@gmail.commailto:kurt.b...@gmail.com wrote: All, Quite some time ago, I set up an unsecured guest VLAN in our network, providing wireless access to all of the sundry devices that staff and visitors carry. I set up a small FreeBSD machine to serve IP addresses via DHCP, and that was dead simple. It is a layer2 VLAN, traversing our backbone, and terminating on our corporate firewall. However, there are now other tenants in our building, and the subnet is getting too much bandwidth and address consumption - the range I set up is completely filled, and the VLAN is consuming about half of our Internet pipe, which is far too much for my comfort. I suspect the other tenants are leeching. What I've read of captive portals seems to indicate that the portal is part of the firewall. I could be wrong about that, though.
RE: OT: Guest network security
I will be learning Fortinet soon enough since we got a bunch of them in as replacements for Juniper's. Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.org This electronic message and any attachments may be privileged and confidential and protected from disclosure. If you are reading this message, but are not the intended recipient, nor an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that you are strictly prohibited from copying, printing, forwarding or otherwise disseminating this communication. If you have received this communication in error, please immediately notify the sender by replying to the message. Then, delete the message from your computer. Thank you. [Description: Description: Lifespan] From: Andrew S. Baker [mailto:asbz...@gmail.com] Sent: Wednesday, February 06, 2013 5:02 PM To: NT System Admin Issues Subject: Re: OT: Guest network security I'll choose a Fortinet over an ASA every day of the week... ASB http://XeeMe.com/AndrewBakerhttp://xeeme.com/AndrewBaker Providing Virtual CIO Services (IT Operations Information Security) for the SMB market... On Wed, Feb 6, 2013 at 3:44 PM, Ziots, Edward ezi...@lifespan.orgmailto:ezi...@lifespan.org wrote: LOL Cisco bigot... why is that sooo familiar. He would probably like Fortinet better if he knew the price and performance was way better than ASA's. ( Found those to be clugy)_ Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.orgmailto:ezi...@lifespan.org This electronic message and any attachments may be privileged and confidential and protected from disclosure. If you are reading this message, but are not the intended recipient, nor an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that you are strictly prohibited from copying, printing, forwarding or otherwise disseminating this communication. If you have received this communication in error, please immediately notify the sender by replying to the message. Then, delete the message from your computer. Thank you. -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.commailto:kurt.b...@gmail.com] Sent: Wednesday, February 06, 2013 3:21 PM To: NT System Admin Issues Subject: Re: OT: Guest network security Our Sidewinders are EOL at the end of April, and my manager doesn't like them. He's a Cisco bigot, and wants ASAs in here. I'm fighting him to at least take a look at the Palo Alto platform, or perhaps the newest iteration of the Sidewinders (which are now called McAfee Enteprise Firewalls). That's an interesting tip on the Sophos solution. What did you use for the hardware? Kurt On Wed, Feb 6, 2013 at 11:59 AM, Richard Stovall rich...@gmail.commailto:rich...@gmail.com wrote: I was going to suggest using the SonicPoint solution from SonicWall, but you've got Sidewinders, don't you? Does McAfee have anything like SonicWall's wireless solution where it's all managed from the firewall? PS Sophos has this too, and they give their UTM firewall away free for home use. Just bring your own hardware. I just switched to this the other day and love it so far. I should write a blog post about it. (But then I'd have to create a blog...) On Wed, Feb 6, 2013 at 2:36 PM, Kurt Buff kurt.b...@gmail.commailto:kurt.b...@gmail.com wrote: All, Quite some time ago, I set up an unsecured guest VLAN in our network, providing wireless access to all of the sundry devices that staff and visitors carry. I set up a small FreeBSD machine to serve IP addresses via DHCP, and that was dead simple. It is a layer2 VLAN, traversing our backbone, and terminating on our corporate firewall. However, there are now other tenants in our building, and the subnet is getting too much bandwidth and address consumption - the range I set up is completely filled, and the VLAN is consuming about half of our Internet pipe, which is far too much for my comfort. I suspect the other tenants are leeching. What I've read of captive portals seems to indicate that the portal is part of the firewall. I could be wrong about that, though. Regardless, the corporate firewall will not be allowed to be part of this solution. The only other alternative I see right now is to set up a password on the SSID, and have the front desk hand it out to guests, after mailing it to staff, and I'm getting pushback on that from my manager. Does anyone have some ideas I could pursue on this? Thanks, Kurt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com
RE: OT: Guest network security
Honestly, the complexity is not that much harder than regular firewall administration. I have been using Palo's for about 1 yr+ and self taught just reading the admin manuals and working with my traffic patterns during work and been able to inspect a lot of traffic and do a lot of lockdown and I am using mine for FW, IPS and Web Filtering. Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.org This electronic message and any attachments may be privileged and confidential and protected from disclosure. If you are reading this message, but are not the intended recipient, nor an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that you are strictly prohibited from copying, printing, forwarding or otherwise disseminating this communication. If you have received this communication in error, please immediately notify the sender by replying to the message. Then, delete the message from your computer. Thank you. [Description: Description: Lifespan] From: Andrew S. Baker [mailto:asbz...@gmail.com] Sent: Wednesday, February 06, 2013 5:04 PM To: NT System Admin Issues Subject: Re: OT: Guest network security If you have someone to manage them, the PA devices are very, very robust. But they do bring some complexity for all that power. ASB http://XeeMe.com/AndrewBakerhttp://xeeme.com/AndrewBaker Providing Virtual CIO Services (IT Operations Information Security) for the SMB market... On Wed, Feb 6, 2013 at 4:45 PM, Kurt Buff kurt.b...@gmail.commailto:kurt.b...@gmail.com wrote: We have 15 Cisco 1240AGs, which were apparently announced of End of Sale, though EOL is apparently 2018.. No controller, but I just talked with our supplier, who is recommending the 2504. There's a unit that comes with a 15-WAP license, for not too expensive. *Very* good to know about the captive portal capability. The recommendation of CCIEs for the PA over the ASA is, well, interesting. I wonder if I can find someone he will believe on that... Kurt On Wed, Feb 6, 2013 at 12:48 PM, Kevin Lundy klu...@gmail.commailto:klu...@gmail.com wrote: I have two CCIE's that work for me. Both also used to work for a Cisco VAR - so obviously Cisco bigots. They both recommended PA to me over the ASA. From a security perspective, the PA do so much more than ASAs. We still use ASAs for some intranet firewalls. Are you using the Cisco controllers with your WAPs? If so, they have captive portal capability. They call it Lobby Ambassador. On Wed, Feb 6, 2013 at 3:20 PM, Kurt Buff kurt.b...@gmail.commailto:kurt.b...@gmail.com wrote: Our Sidewinders are EOL at the end of April, and my manager doesn't like them. He's a Cisco bigot, and wants ASAs in here. I'm fighting him to at least take a look at the Palo Alto platform, or perhaps the newest iteration of the Sidewinders (which are now called McAfee Enteprise Firewalls). That's an interesting tip on the Sophos solution. What did you use for the hardware? Kurt On Wed, Feb 6, 2013 at 11:59 AM, Richard Stovall rich...@gmail.commailto:rich...@gmail.com wrote: I was going to suggest using the SonicPoint solution from SonicWall, but you've got Sidewinders, don't you? Does McAfee have anything like SonicWall's wireless solution where it's all managed from the firewall? PS Sophos has this too, and they give their UTM firewall away free for home use. Just bring your own hardware. I just switched to this the other day and love it so far. I should write a blog post about it. (But then I'd have to create a blog...) On Wed, Feb 6, 2013 at 2:36 PM, Kurt Buff kurt.b...@gmail.commailto:kurt.b...@gmail.com wrote: All, Quite some time ago, I set up an unsecured guest VLAN in our network, providing wireless access to all of the sundry devices that staff and visitors carry. I set up a small FreeBSD machine to serve IP addresses via DHCP, and that was dead simple. It is a layer2 VLAN, traversing our backbone, and terminating on our corporate firewall. However, there are now other tenants in our building, and the subnet is getting too much bandwidth and address consumption - the range I set up is completely filled, and the VLAN is consuming about half of our Internet pipe, which is far too much for my comfort. I suspect the other tenants are leeching. What I've read of captive portals seems to indicate that the portal is part of the firewall. I could be wrong about that, though. Regardless, the corporate firewall will not be allowed to be part of this solution. The only other alternative I see right now is to set up a password on the SSID, and have the front desk hand it out to guests, after mailing it to staff, and I'm getting pushback on that from my manager. Does anyone have some ideas I could pursue on this? Thanks, Kurt ~ Finally, powerful
RE: Wow. Just what we need
Just what I was reading, use Ping with a Backtrack R3 machine, I am trying to find a way to see if I can send pings to entire subnets to see if stuff will drop... Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.org This electronic message and any attachments may be privileged and confidential and protected from disclosure. If you are reading this message, but are not the intended recipient, nor an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that you are strictly prohibited from copying, printing, forwarding or otherwise disseminating this communication. If you have received this communication in error, please immediately notify the sender by replying to the message. Then, delete the message from your computer. Thank you. -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Wednesday, February 06, 2013 8:24 PM To: NT System Admin Issues Subject: Wow. Just what we need A limited threat, but a good one: Packet of death http://blog.krisk.org/2013/02/packets-of-death.html Also, https://isc.sans.edu/diary/Intel+Network+Card+%2882574L%29+Packet+of+Death/15109 - see the comment... What a brilliant sleuthing job, though, and a mention of a tool that's new to me and possibly quite promising. Kurt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: OT: Guest network security
Are you still using the free entry level version, or have you upgraded to the paid subscription yet? Thanks for the feedback. On Thursday, February 7, 2013, Ziots, Edward wrote: I Love the wildfire piece, its amazing what I get from it. 125% recommend that you turn it on if you haven’t. The sandboxing reports I get I review and then update my security controls accordingly. Its been a real eye opener for some here. ** ** Z ** ** Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.org javascript:_e({}, 'cvml', 'ezi...@lifespan.org');*** * ** ** This electronic message and any attachments may be privileged and confidential and protected from disclosure. If you are reading this message, but are not the intended recipient, nor an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that you are strictly prohibited from copying, printing, forwarding or otherwise disseminating this communication. If you have received this communication in error, please immediately notify the sender by replying to the message. Then, delete the message from your computer. Thank you. *[image: Description: Description: Lifespan]* ** ** ** ** *From:* Kevin Lundy [mailto:klu...@gmail.com javascript:_e({}, 'cvml', 'klu...@gmail.com');] *Sent:* Wednesday, February 06, 2013 4:42 PM *To:* NT System Admin Issues *Subject:* Re: OT: Guest network security ** ** Yep PA=Palo Alto When we made the switch, our ASAs were due to be replaced. Our Websense subscription was up for renewal at the same time. The PA's were about the same price as new ASAs + Websense renewal. Made for a no brainer decision. Curious Z, are you using the Wildfire piece? On Wed, Feb 6, 2013 at 4:08 PM, Ziots, Edward ezi...@lifespan.orgjavascript:_e({}, 'cvml', 'ezi...@lifespan.org'); wrote: If you mean PA=Palo Alto, they are dead on (scary CCIE would say that being from the CISCO house) I work on Palo Alto Daily, and its sick how much these things can do. Been finding a lot that I wouldn’t have been able to obtain but regular firewall log parsing, and being able to quantifiy you own applications and make traffic rules based on them is pretty killer. Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.org javascript:_e({}, 'cvml', 'ezi...@lifespan.org');*** * This electronic message and any attachments may be privileged and confidential and protected from disclosure. If you are reading this message, but are not the intended recipient, nor an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that you are strictly prohibited from copying, printing, forwarding or otherwise disseminating this communication. If you have received this communication in error, please immediately notify the sender by replying to the message. Then, delete the message from your computer. Thank you. *[image: Description: Description: Lifespan]* *From:* Kevin Lundy [mailto:klu...@gmail.com javascript:_e({}, 'cvml', 'klu...@gmail.com');] *Sent:* Wednesday, February 06, 2013 3:48 PM *To:* NT System Admin Issues *Subject:* Re: OT: Guest network security I have two CCIE's that work for me. Both also used to work for a Cisco VAR - so obviously Cisco bigots. They both recommended PA to me over the ASA. From a security perspective, the PA do so much more than ASAs. We still use ASAs for some intranet firewalls. Are you using the Cisco controllers with your WAPs? If so, they have captive portal capability. They call it Lobby Ambassador. On Wed, Feb 6, 2013 at 3:20 PM, Kurt Buff kurt.b...@gmail.comjavascript:_e({}, 'cvml', 'kurt.b...@gmail.com'); wrote: Our Sidewinders are EOL at the end of April, and my manager doesn't like them. He's a Cisco bigot, and wants ASAs in here. I'm fighting him to at least take a look at the Palo Alto platform, or perhaps the newest iteration of the Sidewinders (which are now called McAfee Enteprise Firewalls). That's an interesting tip on the Sophos solution. What did you use for the hardware? Kurt On Wed, Feb 6, 2013 at 11:59 AM, Richard Stovall rich...@gmail.comjavascript:_e({}, 'cvml', 'rich...@gmail.com'); wrote: I was going to suggest using the SonicPoint solution from SonicWall, but you've got Sidewinders, don't you? Does McAfee have anything like SonicWall's wireless solution where it's all managed from the firewall? PS Sophos has this too, and they give their UTM firewall away free for home use. Just bring your own hardware. I just switched to this the other day and love it so far. I should write a blog post about it. (But then I'd
It gets worse UPNP root access exploit more info
It gets worse, A few weeks ago, we have announced remote preauth root access exploit for Cisco Linksys (http://www.youtube.com/watch?v=cv-MbL7KFKE). Vulnerability details were disclosed here: http://www.defensecode.com/public/DefenseCode_Broadcom_Security_Advisory.pdf During further research, we have discovered that other router manufacturers are also vulnerable to the same vulnerability, since vulnerable Broadcom UPnP stack is used across multiple router vendors. According to data from Rapid7, from 80 million routers discovered during data gathering on the internet, ~15 million had Broadcom UPnP. More info available here: http://information.rapid7.com/upnp-webcast-video-page.html Below is the partial list of other vulnerable router manufacturers and models. Thanks to HD Moore of Rapid7 for data. Regards, Leon Juranic CEO DefenseCode http://www.defensecode.com/ 3Com - ADSL Wireless Router - Broadcom ADSL Router - Internet Gateway Device Actiontec - GT784WN - xDSL Router - Broadcom ADSL Router - DSL Modem implementing Qwest TR-064 v1.0 specification - DSL Modem implementing TR-064 v1.0 specification Actiontec Electronics - Actiontec xDSL Router - Verizon ADSL Router ADBB - DSL Router ADB Broadband - ADB ADSL Router - Broadcom ADSL Router ADB Broadband S.p.A. - ADB ADSL Router ADB Broadband S.p.A - HomeStation ADSL Router ADSL2+ Router - ADSL2/2+ Modem Router - ADSLRouter ALBIS - Router VLR-4300-I Allied Telesis K.K. - CG-BARFX3 Alpha - ADSL Router - DLink ADSL Router - Sky ADSL Router Alvarion - Residential Gateway ASB - ADSL Router - Alcatel-EG692HW Internet Sharing Gateway - ChinaTelecom E8C(EPON) Gateway - Home Gateway Askey - ADSL2+ Router - ADSL Router Askey Computer Corp. - Wireless ADSL2+ Router ASUS - Wireless Router ASUSTek - ASUS ADSL Router - ASUS Wireless Harddisk Drive - ASUS Wireless Router ASUSTek Computer Inc. - ASUS Wireless Router - Residential Gateway Device - WL-500gPV2 - WL-500gP V2 - WL-520GU - WL700gE BEC_8800N - BEC 8800N BEC Technologies Inc. - BEC 7800TN R2 - Broadcom ADSL Router Belkin - ADSL Router - F5D8232-4 v1000 - N1 ADSL Router - Wireless ADSL Router - BoB - iiNet BoB - Wireless ADSL Router Bellmann - Broadcom ADSL Router Billion - BiPAC 7700N - BiPAC 7700N R2 Billion Electric Co., Ltd. - ADSL2+ Firewall Router - BiPAC 7800VDOX - BiPAC 7800VDPX - home.gateway Billion Electric Co.,Ltd. - home.gateway Billion Electric Co, PC Range Pty Ltd. - home.gateway BM - ChinaTelecom E8C(EPON) Gateway Broadcom - 3G Router - Actiontec GT784WN - Actiontec xDSL Router - ADSL2+ 11n WiFi CPE - ADSL2/2+ Modem Router - ADSL Router - ADSL Router - ChinaTelecom E8 ADSL Router - D-link ADSL Router - D-Link ADSL Router - DLink ADSL Router - D-Link DSL-2640B - D-Link DSL-2641B - D-Link DSL-500B - DSL2740B ADSL Router - DSL Router - HomeStation ADSL Router - PHILEAS-WORLD - PTCL ADSL Router - Residential Gateway Device - SemIndia Systems ADSL2Plus Router - STOREX - WL700g - Zoom ADSL Router BT - Voyager 2091 - Voyager 220V - Voyager 2091 - Voyager 2110 - Voyager 220V - Voyager 2500V Careca - HRDSL108W 108M Wireless ADSL2+ router CATCH-TEC - ADSL2/2+ Modem Router CDC POINT S.P.A - ADSL2/2+ Modem Router ChinaTelecom - ASB Home Gateway China Telecom - ChinaNet EPON Router - E8C(EPON) Gateway - E8C Gateway - Navigator 1-2 Gateway Cisco Systems,Inc. - Cisco ADSL Router ClearAccess - Broadcom ADSL Router - D-Link DSL-2730B Comtrend - AR-5383n - Broadcom ADSL Router - single-chip ADSL router - WAP-5850g - Netcomm ADSL2+/3G Wi-Fi Router Corega - CG-BARMX2 - CG-WLBARAGM Danalink - Dynalink ADSL Router - Dynalink Wireless ADSL2+ Router DARE - DareGlobal Home Gateway Dare - Router Dare Inc. - Dare ADSL2+ Modem/Wireless Router DCOM - ADSL Router DGT - VDSL Router Digicom - ADSL Router Digital Data Communications, Inc - FBR-1461A ADSL2+ Modem Router(X.X.X.X) - FBR-1461 ADSL2+ Modem Router (X.X.X.X) DIGITUS - Internet Gateway Device DIT - Gateway D-Link - ADSL MODEM D-link - ADSL Router D-LINK - ADSL Router
Re: OT: blogging
congrats James! From: James Rankin kz2...@googlemail.com To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com Sent: Wednesday, February 6, 2013 5:13 PM Subject: OT: blogging It's exactly one year today since a thread on this list (and a few of the list members) encouraged me to start blogging. After nearly 100,000 page views and one industry award later, I have to say thankyou for the encouragement Here's my brief and uninteresting anniversary post http://appsensebigot.blogspot.co.uk/2013/02/a-year-of-appsense-bigotry.html Thanks again, -- James Rankin Technical Consultant (ACA, CCA, MCTS) http://appsensebigot.blogspot.co.uk ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: OT: Guest network security
Full Subscription... been using for last 3 months. Caught over 1000+ unique malware samples to include payloads and back-channels of what the malware will do and where it comes from. Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.org This electronic message and any attachments may be privileged and confidential and protected from disclosure. If you are reading this message, but are not the intended recipient, nor an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that you are strictly prohibited from copying, printing, forwarding or otherwise disseminating this communication. If you have received this communication in error, please immediately notify the sender by replying to the message. Then, delete the message from your computer. Thank you. [Description: Description: Lifespan] From: Kevin Lundy [mailto:klu...@gmail.com] Sent: Thursday, February 07, 2013 9:16 AM To: NT System Admin Issues Subject: Re: OT: Guest network security Are you still using the free entry level version, or have you upgraded to the paid subscription yet? Thanks for the feedback. On Thursday, February 7, 2013, Ziots, Edward wrote: I Love the wildfire piece, its amazing what I get from it. 125% recommend that you turn it on if you haven't. The sandboxing reports I get I review and then update my security controls accordingly. Its been a real eye opener for some here. Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.orgjavascript:_e(%7b%7d,%20'cvml',%20'ezi...@lifespan.org'); This electronic message and any attachments may be privileged and confidential and protected from disclosure. If you are reading this message, but are not the intended recipient, nor an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that you are strictly prohibited from copying, printing, forwarding or otherwise disseminating this communication. If you have received this communication in error, please immediately notify the sender by replying to the message. Then, delete the message from your computer. Thank you. [Description: Description: Lifespan] From: Kevin Lundy [mailto:klu...@gmail.comjavascript:_e(%7b%7d,%20'cvml',%20'klu...@gmail.com');] Sent: Wednesday, February 06, 2013 4:42 PM To: NT System Admin Issues Subject: Re: OT: Guest network security Yep PA=Palo Alto When we made the switch, our ASAs were due to be replaced. Our Websense subscription was up for renewal at the same time. The PA's were about the same price as new ASAs + Websense renewal. Made for a no brainer decision. Curious Z, are you using the Wildfire piece? On Wed, Feb 6, 2013 at 4:08 PM, Ziots, Edward ezi...@lifespan.orgjavascript:_e(%7b%7d,%20'cvml',%20'ezi...@lifespan.org'); wrote: If you mean PA=Palo Alto, they are dead on (scary CCIE would say that being from the CISCO house) I work on Palo Alto Daily, and its sick how much these things can do. Been finding a lot that I wouldn't have been able to obtain but regular firewall log parsing, and being able to quantifiy you own applications and make traffic rules based on them is pretty killer. Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.orgjavascript:_e(%7b%7d,%20'cvml',%20'ezi...@lifespan.org'); This electronic message and any attachments may be privileged and confidential and protected from disclosure. If you are reading this message, but are not the intended recipient, nor an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that you are strictly prohibited from copying, printing, forwarding or otherwise disseminating this communication. If you have received this communication in error, please immediately notify the sender by replying to the message. Then, delete the message from your computer. Thank you. [Description: Description: Lifespan] From: Kevin Lundy [mailto:klu...@gmail.comjavascript:_e(%7b%7d,%20'cvml',%20'klu...@gmail.com');] Sent: Wednesday, February 06, 2013 3:48 PM To: NT System Admin Issues Subject: Re: OT: Guest network security I have two CCIE's that work for me. Both also used to work for a Cisco VAR - so obviously Cisco bigots. They both recommended PA to me over the ASA. From a security perspective, the PA do so much more than ASAs. We still use ASAs for some intranet firewalls. Are you using the Cisco controllers with your WAPs? If so, they have captive portal capability. They call it Lobby Ambassador. On Wed, Feb 6, 2013 at 3:20 PM, Kurt Buff kurt.b...@gmail.comjavascript:_e(%7b%7d,%20'cvml',%20'kurt.b...@gmail.com'); wrote: Our Sidewinders are EOL at the end of April, and my manager doesn't like them. He's a Cisco bigot, and wants ASAs in here. I'm fighting him to at least take a look at
Re: Wow. Just what we need
On Thu, Feb 7, 2013 at 8:58 AM, Ziots, Edward ezi...@lifespan.org wrote: ... use Ping with a Backtrack R3 machine, I am trying to find a way to see if I can send pings to entire subnets to see if stuff will drop... FYI, on most Linux systems, ping -b will send broadcast packets. So if you're on 192.0.2.0/24, you can do: ping -b 192.0.2.255 Note that not all IP stacks respond to broadcast pings. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
[OT] Future of wires (was: Guest network security)
On Thu, Feb 7, 2013 at 1:21 AM, Kurt Buff kurt.b...@gmail.com wrote: Just as an aside - I think that wired end-point connectivity is going the way of the dodo, except for the most demanding loads ... I disagree. Aside from demanding loads: * Security - Right or wrong, a lot of big orgs don't trust wireless due to security reasons. You can provide all the counter-arguments you want, but if some large stupid org says Thou Shalt Use Wires, then people working with that org will have to comply. * Robustness - A wireless link will never be as trouble-free as a hardline. * Power - As long as something needs to have a wire for power, you lose most of the the benefit of wireless. While plenty of end-user devices are becoming small enough to be battery powered, plenty others are not. What I think is far more likely is we'll see wireless become far more pervasive, complimenting wired networks rather than replacing them. I do expect wired end-user devices in homes and SOHOs to just about disappear, though. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: OT: Guest network security
LOL It looks pretty good, but I need some more stuff. This will be helpful for me with smaller clients, though. Rich! *ASB **http://XeeMe.com/AndrewBaker* http://xeeme.com/AndrewBaker* **Providing Virtual CIO Services (IT Operations Information Security) for the SMB market…*** On Wed, Feb 6, 2013 at 9:36 PM, Richard Stovall rich...@gmail.com wrote: I have to say, it is pretty cool to have basically the same features at home that I have at work, even if the two user interfaces are completely different. I dropped a good chunk of change up front, but I'll come out way ahead over a period of 4+ years. (At least compared to SonicWall pricing from a really good reseller.) Now, if the hardware dies, or Sophos drops the program, I'll be calling you for the name of your Fortinet vendor... :) On Wed, Feb 6, 2013 at 9:05 PM, Andrew S. Baker asbz...@gmail.comwrote: Whoa!!! That looks awesome. Man, I could really have gone for that a few weeks back. My Fortigate 40C arrives tomorrow. :) *ASB **http://XeeMe.com/AndrewBaker* http://xeeme.com/AndrewBaker* **Providing Virtual CIO Services (IT Operations Information Security) for the SMB market…*** On Wed, Feb 6, 2013 at 8:31 PM, Richard Stovall rich...@gmail.comwrote: I chose to build a new system so it would be small and silent rather than use an old computer lying around the house. I went with: Intel D2500CCE fanless mini-ITX motherboard (Dual core 1.86 GHz Atom CPU with dual Intel NICs onboard) 4 GB RAM 128GB Vertex 4 SSD It has been in 'production' for a couple of weeks now, and is stable and very fast. I also really like having the content filtering and antivirus capabilities of a UTM firewall at home. The management interface is a little weird at first, but you get used to it. I demo'ed the software in a VirtualBox VM for a week or so before pulling the trigger on the hardware expense. If anyone is interested, the page at Sophos describing the offering is: http://www.sophos.com/en-us/products/free-tools/sophos-utm-home-edition.aspx On Wed, Feb 6, 2013 at 3:20 PM, Kurt Buff kurt.b...@gmail.com wrote: Our Sidewinders are EOL at the end of April, and my manager doesn't like them. He's a Cisco bigot, and wants ASAs in here. I'm fighting him to at least take a look at the Palo Alto platform, or perhaps the newest iteration of the Sidewinders (which are now called McAfee Enteprise Firewalls). That's an interesting tip on the Sophos solution. What did you use for the hardware? Kurt On Wed, Feb 6, 2013 at 11:59 AM, Richard Stovall rich...@gmail.com wrote: I was going to suggest using the SonicPoint solution from SonicWall, but you've got Sidewinders, don't you? Does McAfee have anything like SonicWall's wireless solution where it's all managed from the firewall? PS Sophos has this too, and they give their UTM firewall away free for home use. Just bring your own hardware. I just switched to this the other day and love it so far. I should write a blog post about it. (But then I'd have to create a blog...) On Wed, Feb 6, 2013 at 2:36 PM, Kurt Buff kurt.b...@gmail.com wrote: All, Quite some time ago, I set up an unsecured guest VLAN in our network, providing wireless access to all of the sundry devices that staff and visitors carry. I set up a small FreeBSD machine to serve IP addresses via DHCP, and that was dead simple. It is a layer2 VLAN, traversing our backbone, and terminating on our corporate firewall. However, there are now other tenants in our building, and the subnet is getting too much bandwidth and address consumption - the range I set up is completely filled, and the VLAN is consuming about half of our Internet pipe, which is far too much for my comfort. I suspect the other tenants are leeching. What I've read of captive portals seems to indicate that the portal is part of the firewall. I could be wrong about that, though. Regardless, the corporate firewall will not be allowed to be part of this solution. The only other alternative I see right now is to set up a password on the SSID, and have the front desk hand it out to guests, after mailing it to staff, and I'm getting pushback on that from my manager. Does anyone have some ideas I could pursue on this? Thanks, Kurt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to
Re: OT: Guest network security
They bought Astaro a few years back... *ASB **http://XeeMe.com/AndrewBaker* http://xeeme.com/AndrewBaker* **Providing Virtual CIO Services (IT Operations Information Security) for the SMB market…*** On Thu, Feb 7, 2013 at 1:21 AM, Kurt Buff kurt.b...@gmail.com wrote: I didn't know that Sophos had gotten into the hardware world. That's very interesting, and I'll have to take a look at it. Just as an aside - I think that wired end-point connectivity is going the way of the dodo, except for the most demanding loads, so it make a deal of sense for them to do that. Kurt On Wed, Feb 6, 2013 at 6:04 PM, Richard Stovall rich...@gmail.com wrote: My bad. I bought a Sophos AP 30 to go along with the firewall hardware. This AP alone was about 45% of the total cost of the project, but I still saved a good chunk of change over the SonicWall TZ + SonicPoint solution that I had been planning on buying before finding the Sophos home license. On Wed, Feb 6, 2013 at 8:42 PM, Kurt Buff kurt.b...@gmail.com wrote: So your wireless is served elsewise? Kurt On Wed, Feb 6, 2013 at 5:31 PM, Richard Stovall rich...@gmail.com wrote: I chose to build a new system so it would be small and silent rather than use an old computer lying around the house. I went with: Intel D2500CCE fanless mini-ITX motherboard (Dual core 1.86 GHz Atom CPU with dual Intel NICs onboard) 4 GB RAM 128GB Vertex 4 SSD It has been in 'production' for a couple of weeks now, and is stable and very fast. I also really like having the content filtering and antivirus capabilities of a UTM firewall at home. The management interface is a little weird at first, but you get used to it. I demo'ed the software in a VirtualBox VM for a week or so before pulling the trigger on the hardware expense. If anyone is interested, the page at Sophos describing the offering is: http://www.sophos.com/en-us/products/free-tools/sophos-utm-home-edition.aspx On Wed, Feb 6, 2013 at 3:20 PM, Kurt Buff kurt.b...@gmail.com wrote: Our Sidewinders are EOL at the end of April, and my manager doesn't like them. He's a Cisco bigot, and wants ASAs in here. I'm fighting him to at least take a look at the Palo Alto platform, or perhaps the newest iteration of the Sidewinders (which are now called McAfee Enteprise Firewalls). That's an interesting tip on the Sophos solution. What did you use for the hardware? Kurt On Wed, Feb 6, 2013 at 11:59 AM, Richard Stovall rich...@gmail.com wrote: I was going to suggest using the SonicPoint solution from SonicWall, but you've got Sidewinders, don't you? Does McAfee have anything like SonicWall's wireless solution where it's all managed from the firewall? PS Sophos has this too, and they give their UTM firewall away free for home use. Just bring your own hardware. I just switched to this the other day and love it so far. I should write a blog post about it. (But then I'd have to create a blog...) On Wed, Feb 6, 2013 at 2:36 PM, Kurt Buff kurt.b...@gmail.com wrote: All, Quite some time ago, I set up an unsecured guest VLAN in our network, providing wireless access to all of the sundry devices that staff and visitors carry. I set up a small FreeBSD machine to serve IP addresses via DHCP, and that was dead simple. It is a layer2 VLAN, traversing our backbone, and terminating on our corporate firewall. However, there are now other tenants in our building, and the subnet is getting too much bandwidth and address consumption - the range I set up is completely filled, and the VLAN is consuming about half of our Internet pipe, which is far too much for my comfort. I suspect the other tenants are leeching. What I've read of captive portals seems to indicate that the portal is part of the firewall. I could be wrong about that, though. Regardless, the corporate firewall will not be allowed to be part of this solution. The only other alternative I see right now is to set up a password on the SSID, and have the front desk hand it out to guests, after mailing it to staff, and I'm getting pushback on that from my manager. Does anyone have some ideas I could pursue on this? Thanks, Kurt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
RE: Wow. Just what we need
Great read, and indeed an interesting compliment to Wireshark... good stuff thanks Kurt. -sc -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Wednesday, February 6, 2013 8:24 PM To: NT System Admin Issues Subject: Wow. Just what we need A limited threat, but a good one: Packet of death http://blog.krisk.org/2013/02/packets-of-death.html Also, https://isc.sans.edu/diary/Intel+Network+Card+%2882574L%29+Packet+of+ Death/15109 - see the comment... What a brilliant sleuthing job, though, and a mention of a tool that's new to me and possibly quite promising. Kurt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt- software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: [OT] Future of wires (was: Guest network security)
+1 Wired networking is dead! Long live wired networking. --Matt Ross Ephrata School District - Original Message - From: Ben Scott [mailto:mailvor...@gmail.com] To: NT System Admin Issues [mailto:ntsysadmin@lyris.sunbelt-software.com] Sent: Thu, 07 Feb 2013 07:28:41 -0800 Subject: [OT] Future of wires (was: Guest network security) On Thu, Feb 7, 2013 at 1:21 AM, Kurt Buff kurt.b...@gmail.com wrote: Just as an aside - I think that wired end-point connectivity is going the way of the dodo, except for the most demanding loads ... I disagree. Aside from demanding loads: * Security - Right or wrong, a lot of big orgs don't trust wireless due to security reasons. You can provide all the counter-arguments you want, but if some large stupid org says Thou Shalt Use Wires, then people working with that org will have to comply. * Robustness - A wireless link will never be as trouble-free as a hardline. * Power - As long as something needs to have a wire for power, you lose most of the the benefit of wireless. While plenty of end-user devices are becoming small enough to be battery powered, plenty others are not. What I think is far more likely is we'll see wireless become far more pervasive, complimenting wired networks rather than replacing them. I do expect wired end-user devices in homes and SOHOs to just about disappear, though. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Registry entries to set a WSUS client
On Wed, Feb 6, 2013 at 12:51 PM, Andrew S. Baker asbz...@gmail.com wrote: Yes, it still does work if you change the registry manually, but having a separate OU for testing (like everyone else is saying) is the best path. Yes, you're right. So I did this - set up a test OU, and a test GPO, pointing at my new WSUS server. I rolled out some new VMs - Win7, Win2003, Win2008, Win2012, put them in that OU, added them to the group that links to that new GPO. All are showing up in the new WSUS server (yay!). However, the 2012 server is showing up as OS Win2003 STD x64, and not Win2012. What's up with that? :-) I am up to date on the WSUS updates, apparently. Is this just a display bug? It shows I need 14 updates (which I suppose is correct), ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Registry entries to set a WSUS client
Do you have this update? http://blogs.technet.com/b/sus/archive/2012/09/04/an-update-for-windows-server-update-services-3-0-service-pack-2-is-available-kb2734608.aspx Thanks Webster -Original Message- From: Michael Leone [mailto:oozerd...@gmail.com] Sent: Thursday, February 07, 2013 10:53 AM To: NT System Admin Issues Subject: Re: Registry entries to set a WSUS client On Wed, Feb 6, 2013 at 12:51 PM, Andrew S. Baker asbz...@gmail.com wrote: Yes, it still does work if you change the registry manually, but having a separate OU for testing (like everyone else is saying) is the best path. Yes, you're right. So I did this - set up a test OU, and a test GPO, pointing at my new WSUS server. I rolled out some new VMs - Win7, Win2003, Win2008, Win2012, put them in that OU, added them to the group that links to that new GPO. All are showing up in the new WSUS server (yay!). However, the 2012 server is showing up as OS Win2003 STD x64, and not Win2012. What's up with that? :-) I am up to date on the WSUS updates, apparently. Is this just a display bug? It shows I need 14 updates (which I suppose is correct), ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Registry entries to set a WSUS client
First and foremost I suggested that before Andrew did. He just copied off me. http://support.microsoft.com/kb/2734608 Then reregister the server. Also that update needs to be on your console machine if that is how you are doing it. Andrew is going to copy, I just know it. -Original Message- From: Michael Leone [mailto:oozerd...@gmail.com] Sent: Thursday, February 07, 2013 11:59 AM To: NT System Admin Issues Subject: Re: Registry entries to set a WSUS client On Wed, Feb 6, 2013 at 12:51 PM, Andrew S. Baker asbz...@gmail.com wrote: Yes, it still does work if you change the registry manually, but having a separate OU for testing (like everyone else is saying) is the best path. Yes, you're right. So I did this - set up a test OU, and a test GPO, pointing at my new WSUS server. I rolled out some new VMs - Win7, Win2003, Win2008, Win2012, put them in that OU, added them to the group that links to that new GPO. All are showing up in the new WSUS server (yay!). However, the 2012 server is showing up as OS Win2003 STD x64, and not Win2012. What's up with that? :-) I am up to date on the WSUS updates, apparently. Is this just a display bug? It shows I need 14 updates (which I suppose is correct), ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Wow. Just what we need
Yes, thanks. This was an awesome read. *ASB **http://XeeMe.com/AndrewBaker* http://xeeme.com/AndrewBaker* **Providing Virtual CIO Services (IT Operations Information Security) for the SMB market…*** On Thu, Feb 7, 2013 at 11:30 AM, Steven M. Caesare scaes...@caesare.comwrote: Great read, and indeed an interesting compliment to Wireshark... good stuff thanks Kurt. -sc -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Wednesday, February 6, 2013 8:24 PM To: NT System Admin Issues Subject: Wow. Just what we need A limited threat, but a good one: Packet of death http://blog.krisk.org/2013/02/packets-of-death.html Also, https://isc.sans.edu/diary/Intel+Network+Card+%2882574L%29+Packet+of+ Death/15109 - see the comment... What a brilliant sleuthing job, though, and a mention of a tool that's new to me and possibly quite promising. Kurt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt- software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Registry entries to set a WSUS client
On Thu, Feb 7, 2013 at 12:16 PM, Webster webs...@carlwebster.com wrote: Do you have this update? http://blogs.technet.com/b/sus/archive/2012/09/04/an-update-for-windows-server-update-services-3-0-service-pack-2-is-available-kb2734608.aspx I don't see that on my list of WSUS updates, that my WSUS server has ... I will download and install it ... Thanks Thanks Webster -Original Message- From: Michael Leone [mailto:oozerd...@gmail.com] Sent: Thursday, February 07, 2013 10:53 AM To: NT System Admin Issues Subject: Re: Registry entries to set a WSUS client On Wed, Feb 6, 2013 at 12:51 PM, Andrew S. Baker asbz...@gmail.com wrote: Yes, it still does work if you change the registry manually, but having a separate OU for testing (like everyone else is saying) is the best path. Yes, you're right. So I did this - set up a test OU, and a test GPO, pointing at my new WSUS server. I rolled out some new VMs - Win7, Win2003, Win2008, Win2012, put them in that OU, added them to the group that links to that new GPO. All are showing up in the new WSUS server (yay!). However, the 2012 server is showing up as OS Win2003 STD x64, and not Win2012. What's up with that? :-) I am up to date on the WSUS updates, apparently. Is this just a display bug? It shows I need 14 updates (which I suppose is correct), ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Registry entries to set a WSUS client
On Thu, Feb 7, 2013 at 12:17 PM, Kennedy, Jim kennedy...@elyriaschools.org wrote: First and foremost I suggested that before Andrew did. He just copied off me. True. Thanks, first and foremost! :-) http://support.microsoft.com/kb/2734608 Then reregister the server. Also that update needs to be on your console machine if that is how you are doing it. I did download and install that update, and now my Win2012 server shows up as Win2012. I will re-synchronize again, before I update the Win2012 server. Andrew is going to copy, I just know it. Imitation is the sincerest form of flattery -Original Message- From: Michael Leone [mailto:oozerd...@gmail.com] Sent: Thursday, February 07, 2013 11:59 AM To: NT System Admin Issues Subject: Re: Registry entries to set a WSUS client On Wed, Feb 6, 2013 at 12:51 PM, Andrew S. Baker asbz...@gmail.com wrote: Yes, it still does work if you change the registry manually, but having a separate OU for testing (like everyone else is saying) is the best path. Yes, you're right. So I did this - set up a test OU, and a test GPO, pointing at my new WSUS server. I rolled out some new VMs - Win7, Win2003, Win2008, Win2012, put them in that OU, added them to the group that links to that new GPO. All are showing up in the new WSUS server (yay!). However, the 2012 server is showing up as OS Win2003 STD x64, and not Win2012. What's up with that? :-) I am up to date on the WSUS updates, apparently. Is this just a display bug? It shows I need 14 updates (which I suppose is correct), ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Fortigate (was Guest network security)
I will, as soon as I finish setting this device up today. :) *ASB **http://XeeMe.com/AndrewBaker* http://xeeme.com/AndrewBaker* **Providing Virtual CIO Services (IT Operations Information Security) for the SMB market…*** On Thu, Feb 7, 2013 at 12:26 PM, Sam Cayze sca...@gmail.com wrote: Speaking of Fortigate… (Much love btw). ** ** Has anyone taken the jump to V5 of the OS yet? They’ve patched it once or twice already; should be stable. ** ** ** ** ** ** *From:* Andrew S. Baker [mailto:asbz...@gmail.com] *Sent:* Wednesday, February 06, 2013 8:06 PM *To:* NT System Admin Issues *Subject:* Re: OT: Guest network security ** ** Whoa!!! That looks awesome. Man, I could really have gone for that a few weeks back. My Fortigate 40C arrives tomorrow. :) *ASB **http://XeeMe.com/AndrewBaker* http://xeeme.com/AndrewBaker* **Providing Virtual CIO Services (IT Operations Information Security) for the SMB market…* ** ** On Wed, Feb 6, 2013 at 8:31 PM, Richard Stovall rich...@gmail.com wrote: I chose to build a new system so it would be small and silent rather than use an old computer lying around the house. ** ** I went with: ** ** Intel D2500CCE fanless mini-ITX motherboard (Dual core 1.86 GHz Atom CPU with dual Intel NICs onboard) ** ** 4 GB RAM ** ** 128GB Vertex 4 SSD ** ** It has been in 'production' for a couple of weeks now, and is stable and very fast. I also really like having the content filtering and antivirus capabilities of a UTM firewall at home. ** ** The management interface is a little weird at first, but you get used to it. ** ** I demo'ed the software in a VirtualBox VM for a week or so before pulling the trigger on the hardware expense. ** ** If anyone is interested, the page at Sophos describing the offering is: http://www.sophos.com/en-us/products/free-tools/sophos-utm-home-edition.aspx ** ** ** ** On Wed, Feb 6, 2013 at 3:20 PM, Kurt Buff kurt.b...@gmail.com wrote: Our Sidewinders are EOL at the end of April, and my manager doesn't like them. He's a Cisco bigot, and wants ASAs in here. I'm fighting him to at least take a look at the Palo Alto platform, or perhaps the newest iteration of the Sidewinders (which are now called McAfee Enteprise Firewalls). That's an interesting tip on the Sophos solution. What did you use for the hardware? Kurt On Wed, Feb 6, 2013 at 11:59 AM, Richard Stovall rich...@gmail.com wrote: I was going to suggest using the SonicPoint solution from SonicWall, but you've got Sidewinders, don't you? Does McAfee have anything like SonicWall's wireless solution where it's all managed from the firewall? PS Sophos has this too, and they give their UTM firewall away free for home use. Just bring your own hardware. I just switched to this the other day and love it so far. I should write a blog post about it. (But then I'd have to create a blog...) On Wed, Feb 6, 2013 at 2:36 PM, Kurt Buff kurt.b...@gmail.com wrote: All, Quite some time ago, I set up an unsecured guest VLAN in our network, providing wireless access to all of the sundry devices that staff and visitors carry. I set up a small FreeBSD machine to serve IP addresses via DHCP, and that was dead simple. It is a layer2 VLAN, traversing our backbone, and terminating on our corporate firewall. However, there are now other tenants in our building, and the subnet is getting too much bandwidth and address consumption - the range I set up is completely filled, and the VLAN is consuming about half of our Internet pipe, which is far too much for my comfort. I suspect the other tenants are leeching. What I've read of captive portals seems to indicate that the portal is part of the firewall. I could be wrong about that, though. Regardless, the corporate firewall will not be allowed to be part of this solution. The only other alternative I see right now is to set up a password on the SSID, and have the front desk hand it out to guests, after mailing it to staff, and I'm getting pushback on that from my manager. Does anyone have some ideas I could pursue on this? Thanks, Kurt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body:
Re: Registry entries to set a WSUS client
LOL. Hey, I did give anonymous attributions. :) *ASB **http://XeeMe.com/AndrewBaker* http://xeeme.com/AndrewBaker* **Providing Virtual CIO Services (IT Operations Information Security) for the SMB market…*** On Thu, Feb 7, 2013 at 12:17 PM, Kennedy, Jim kennedy...@elyriaschools.orgwrote: First and foremost I suggested that before Andrew did. He just copied off me. http://support.microsoft.com/kb/2734608 Then reregister the server. Also that update needs to be on your console machine if that is how you are doing it. Andrew is going to copy, I just know it. -Original Message- From: Michael Leone [mailto:oozerd...@gmail.com] Sent: Thursday, February 07, 2013 11:59 AM To: NT System Admin Issues Subject: Re: Registry entries to set a WSUS client On Wed, Feb 6, 2013 at 12:51 PM, Andrew S. Baker asbz...@gmail.com wrote: Yes, it still does work if you change the registry manually, but having a separate OU for testing (like everyone else is saying) is the best path. Yes, you're right. So I did this - set up a test OU, and a test GPO, pointing at my new WSUS server. I rolled out some new VMs - Win7, Win2003, Win2008, Win2012, put them in that OU, added them to the group that links to that new GPO. All are showing up in the new WSUS server (yay!). However, the 2012 server is showing up as OS Win2003 STD x64, and not Win2012. What's up with that? :-) I am up to date on the WSUS updates, apparently. Is this just a display bug? It shows I need 14 updates (which I suppose is correct), ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Microsoft Direct Access?
Some ISPs still don't support IPv6, a client may connect fine in one location and the fail at another one. We've seen It take as long as 5 minutes to sync up once someone has logged into the computer. Note that our implementation is via a UAG device, YMMV. John W. Cook Network Operations Manager Partnership For Strong Families 5950 NW 1st Place Gainesville, Fl 32607 Office (352)-244-1610tel:%28352%29-244-1610 Cell (352) 215-6944tel:%28352%29%20215-6944 MCSE, MCP+I, MCTS, CompTIA A+, N+, VSP4, VTSP4 [MCP_SE_c][MCTS][top_banner] [VMLOGO_VTSP_S_Q208][sales_prof_B] From: Jeremiah Rumball [mailto:jdrumb...@gmail.com] Sent: Thursday, February 07, 2013 1:29 PM To: NT System Admin Issues Subject: Microsoft Direct Access? Hi all, We are looking into Direct Access as a possible solution for one of our clients. Do any of you have some real world experience with it? Are there any pitfalls to watch out for? Thanks! ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin CONFIDENTIALITY STATEMENT: The information transmitted, or contained or attached to or with this Notice is intended only for the person or entity to which it is addressed and may contain Protected Health Information (PHI), confidential and/or privileged material. Any review, transmission, dissemination, or other use of, and taking any action in reliance upon this information by persons or entities other than the intended recipient without the express written consent of the sender are prohibited. This information may be protected by the Health Insurance Portability and Accountability Act of 1996 (HIPAA), and other Federal and Florida laws. Improper or unauthorized use or disclosure of this information could result in civil and/or criminal penalties. Consider the environment. Please don't print this e-mail unless you really need to. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmininline: image001.pnginline: image002.pnginline: image003.pnginline: image004.pnginline: image005.png
Re: Exchange Server 2013: Not quite ready for the data center - Computerworld
It's not hard to guess, when the article is mostly based on what MBS said... Kurt On Thu, Feb 7, 2013 at 9:51 AM, Andrew S. Baker asbz...@gmail.com wrote: Hey, MBS What's your take on this article?I haven't touched Exchange 2013 as yet... http://www.computerworld.com/s/article/9236531/Exchange_Server_2013_Not_quite_ready_for_the_data_center?taxonomyId=18pageNumber=1 Regards, ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Microsoft Direct Access?
On Thu, Feb 7, 2013 at 10:28 AM, Jeremiah Rumball jdrumb...@gmail.com wrote: Hi all, We are looking into Direct Access as a possible solution for one of our clients. Do any of you have some real world experience with it? Are there any pitfalls to watch out for? Thanks! From an earlier note I sent to this list - edited a bit, and especially see the note at the end: The clients must be Win7 or Win8, Enterprise or Ultimate. Nothing else. If your intended clients are Pro, or an earlier OS, look to something else. For the server, it requires either Server 2008 R2 with UAG, or Server 2012, no UAG needed. The 2008 R2 with UAG requires a working PKI for its clients, but the 2012 version only requires a working PKI for Win7 clients. Someday MSFT might not require the Enterprise version of the clients - that would be really outstanding, but I'm not holding my breath... One big limitation of the DirectAccess technology is that it is a pure IPv6 solution. However, when I say pure IPv6, I mean that it tunnels IPv6 over IPv4, and the client applications don't know the difference - as far as the applications are concerned, the IPv4 stack still exists, and badly written apps can try to talk to that stack, instead of making more generic calls to the networking stack and letting the OS handle communications. If you have client software that makes explicit calls to the IPv4 stack, you're screwed (Lync 2010 and Shoretel client, I'm looking at you). IME, the 2008 R2/UAG version is tedious and a bit tricky to set up - I haven't yet played with the 2012 version, which is supposed to be much simpler. But, other than that, it's a way cool technology - no extra logins required, once the GPOs take effect, you just open your laptop, turn it on, log in as if you were in the office, and you're off to the races, subject to the limitations of your connection speed. However, a caveat - Things Can Go Wrong... o- I've had one guy whose DirectAccess has fallen down, and haven't figured it out yet - I haven't had a chance to get my hands on the laptop to diagnose it. The output of 'gpresult -h' was interesting, showing some odd missing stuff in the applications of the GPOs, but I couldn't reach any firm conclusions. o- I was able, from home, using a connection via an SSL VPN tunnel, first to get a brand spanking new corporate machine joined to the domain, then to get the GPOs to load on it ('gpupdate /force' and then a reboot), and it worked great. However, I've got one remote worker whose machine was joined to the domain a long time ago, and it doesn't seem to be able get the GPOs applied properly. The results from 'gpresult -h' are also very interesting, but not conclusive - and specific to problems with his TCP/IP stack, but I haven't been able to pin him down to finalize troubleshooting for him, either. On the whole, though, I'm glad I turned it up. I'm also glad we have an SSL VPN appliance for fallback - it's mostly for staff to work from home on personal machines, but for the applications that are stupid, and for backup if DA falls down, it's pretty essential. Kurt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Exchange Server 2013: Not quite ready for the data center - Computerworld
I think that article has made the Exchange team very mad at me. Apparently, not such a big deal when the MVPs blog it and it gets put into Redmond magazine or WindowsIT Pro magazine - but hitting ComputerWorld has caused a lot of angst. From: Andrew S. Baker [mailto:asbz...@gmail.com] Sent: Thursday, February 7, 2013 12:52 PM To: NT System Admin Issues Subject: Exchange Server 2013: Not quite ready for the data center - Computerworld Hey, MBS What's your take on this article?I haven't touched Exchange 2013 as yet... http://www.computerworld.com/s/article/9236531/Exchange_Server_2013_Not_quite_ready_for_the_data_center?taxonomyId=18pageNumber=1 Regards, ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Exchange Server 2013: Not quite ready for the data center - Computerworld
But it's good for you, right? I mean, how many CW readers have now heard your name (as an Authority!), where they hadn't before... Should be interesting to monitor the comments on that blog post now, I'm guessing... Kurt On Thu, Feb 7, 2013 at 11:46 AM, Michael B. Smith mich...@smithcons.com wrote: I think that article has made the Exchange team very mad at me. Apparently, not such a big deal when the MVPs blog it and it gets put into Redmond magazine or WindowsIT Pro magazine – but hitting ComputerWorld has caused a lot of angst. From: Andrew S. Baker [mailto:asbz...@gmail.com] Sent: Thursday, February 7, 2013 12:52 PM To: NT System Admin Issues Subject: Exchange Server 2013: Not quite ready for the data center - Computerworld Hey, MBS What's your take on this article?I haven't touched Exchange 2013 as yet... http://www.computerworld.com/s/article/9236531/Exchange_Server_2013_Not_quite_ready_for_the_data_center?taxonomyId=18pageNumber=1 Regards, ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Exchange Server 2013: Not quite ready for the data center - Computerworld
Troublemaker! Is that why you went out of the country before the article hit? Thanks Webster From: Michael B. Smith [mailto:mich...@smithcons.com] Sent: Thursday, February 07, 2013 1:46 PM To: NT System Admin Issues Subject: RE: Exchange Server 2013: Not quite ready for the data center - Computerworld I think that article has made the Exchange team very mad at me. Apparently, not such a big deal when the MVPs blog it and it gets put into Redmond magazine or WindowsIT Pro magazine - but hitting ComputerWorld has caused a lot of angst. From: Andrew S. Baker [mailto:asbz...@gmail.com] Sent: Thursday, February 7, 2013 12:52 PM To: NT System Admin Issues Subject: Exchange Server 2013: Not quite ready for the data center - Computerworld Hey, MBS What's your take on this article?I haven't touched Exchange 2013 as yet... http://www.computerworld.com/s/article/9236531/Exchange_Server_2013_Not_quite_ready_for_the_data_center?taxonomyId=18pageNumber=1 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Exchange Server 2013: Not quite ready for the data center - Computerworld
They'll get over it. If you're not afraid to say it when the emperor has no clothes then you become a mouthpiece for the machine. Much of the credibility and value of the MVP role comes from NOT being the mouthpiece. IMNSHO. On Thu, Feb 7, 2013 at 2:49 PM, Kurt Buff kurt.b...@gmail.com wrote: But it's good for you, right? I mean, how many CW readers have now heard your name (as an Authority!), where they hadn't before... Should be interesting to monitor the comments on that blog post now, I'm guessing... Kurt On Thu, Feb 7, 2013 at 11:46 AM, Michael B. Smith mich...@smithcons.com wrote: I think that article has made the Exchange team very mad at me. Apparently, not such a big deal when the MVPs blog it and it gets put into Redmond magazine or WindowsIT Pro magazine – but hitting ComputerWorld has caused a lot of angst. From: Andrew S. Baker [mailto:asbz...@gmail.com] Sent: Thursday, February 7, 2013 12:52 PM To: NT System Admin Issues Subject: Exchange Server 2013: Not quite ready for the data center - Computerworld Hey, MBS What's your take on this article?I haven't touched Exchange 2013 as yet... http://www.computerworld.com/s/article/9236531/Exchange_Server_2013_Not_quite_ready_for_the_data_center?taxonomyId=18pageNumber=1 Regards, ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Exchange Server 2013: Not quite ready for the data center - Computerworld
I'm definitely not a mouthpiece. :) I think it'll be fine. But I won't be surprised if I don't get re-awarded this june! From: Patrick Salmon [mailto:psal...@gmail.com] Sent: Thursday, February 7, 2013 3:00 PM To: NT System Admin Issues Subject: Re: Exchange Server 2013: Not quite ready for the data center - Computerworld They'll get over it. If you're not afraid to say it when the emperor has no clothes then you become a mouthpiece for the machine. Much of the credibility and value of the MVP role comes from NOT being the mouthpiece. IMNSHO. On Thu, Feb 7, 2013 at 2:49 PM, Kurt Buff kurt.b...@gmail.commailto:kurt.b...@gmail.com wrote: But it's good for you, right? I mean, how many CW readers have now heard your name (as an Authority!), where they hadn't before... Should be interesting to monitor the comments on that blog post now, I'm guessing... Kurt On Thu, Feb 7, 2013 at 11:46 AM, Michael B. Smith mich...@smithcons.commailto:mich...@smithcons.com wrote: I think that article has made the Exchange team very mad at me. Apparently, not such a big deal when the MVPs blog it and it gets put into Redmond magazine or WindowsIT Pro magazine - but hitting ComputerWorld has caused a lot of angst. From: Andrew S. Baker [mailto:asbz...@gmail.commailto:asbz...@gmail.com] Sent: Thursday, February 7, 2013 12:52 PM To: NT System Admin Issues Subject: Exchange Server 2013: Not quite ready for the data center - Computerworld Hey, MBS What's your take on this article?I haven't touched Exchange 2013 as yet... http://www.computerworld.com/s/article/9236531/Exchange_Server_2013_Not_quite_ready_for_the_data_center?taxonomyId=18pageNumber=1 Regards, ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Exchange Server 2013: Not quite ready for the data center - Computerworld
Reading that just reaffirms our decision to go from 2k7 to 2k10 and not 2k13. Regards, Don Guyer Catholic Health East - Information Technology Enterprise Directory Messaging Services 3805 West Chester Pike, Suite 100, Newtown Square, Pa 19073 email: dgu...@che.orgmailto:dgu...@che.org Office: 610.550.3595 | Cell: 610.955.6528 | Fax: 610.271.9440 For immediate assistance, please open a Service Desk ticket or call the helpdesk @ 610-492-3839. [cid:image001.jpg@01CE0546.60352BB0] From: Andrew S. Baker [mailto:asbz...@gmail.com] Sent: Thursday, February 07, 2013 12:52 PM To: NT System Admin Issues Subject: Exchange Server 2013: Not quite ready for the data center - Computerworld Hey, MBS What's your take on this article?I haven't touched Exchange 2013 as yet... http://www.computerworld.com/s/article/9236531/Exchange_Server_2013_Not_quite_ready_for_the_data_center?taxonomyId=18pageNumber=1 Regards, ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin Confidentiality Notice: This e-mail, including any attachments is the property of Catholic Health East and is intended for the sole use of the intended recipient(s). It may contain information that is privileged and confidential. Any unauthorized review, use, disclosure, or distribution is prohibited. If you are not the intended recipient, please delete this message, and reply to the sender regarding the error in a separate email. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmininline: image001.jpg
Re: Exchange Server 2013: Not quite ready for the data center - Computerworld
H If you don't, perhaps we should start a campaign... Kurt On Thu, Feb 7, 2013 at 12:11 PM, Michael B. Smith mich...@smithcons.com wrote: I’m definitely not a mouthpiece. J I think it’ll be fine. But I won’t be surprised if I don’t get re-awarded this june! From: Patrick Salmon [mailto:psal...@gmail.com] Sent: Thursday, February 7, 2013 3:00 PM To: NT System Admin Issues Subject: Re: Exchange Server 2013: Not quite ready for the data center - Computerworld They'll get over it. If you're not afraid to say it when the emperor has no clothes then you become a mouthpiece for the machine. Much of the credibility and value of the MVP role comes from NOT being the mouthpiece. IMNSHO. On Thu, Feb 7, 2013 at 2:49 PM, Kurt Buff kurt.b...@gmail.com wrote: But it's good for you, right? I mean, how many CW readers have now heard your name (as an Authority!), where they hadn't before... Should be interesting to monitor the comments on that blog post now, I'm guessing... Kurt On Thu, Feb 7, 2013 at 11:46 AM, Michael B. Smith mich...@smithcons.com wrote: I think that article has made the Exchange team very mad at me. Apparently, not such a big deal when the MVPs blog it and it gets put into Redmond magazine or WindowsIT Pro magazine – but hitting ComputerWorld has caused a lot of angst. From: Andrew S. Baker [mailto:asbz...@gmail.com] Sent: Thursday, February 7, 2013 12:52 PM To: NT System Admin Issues Subject: Exchange Server 2013: Not quite ready for the data center - Computerworld Hey, MBS What's your take on this article?I haven't touched Exchange 2013 as yet... http://www.computerworld.com/s/article/9236531/Exchange_Server_2013_Not_quite_ready_for_the_data_center?taxonomyId=18pageNumber=1 Regards, ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Exchange Server 2013: Not quite ready for the data center - Computerworld
What? You didn't read my initial post on January 6? I'm insulted! :) From: Guyer, Don [mailto:dgu...@che.org] Sent: Thursday, February 7, 2013 3:18 PM To: NT System Admin Issues Subject: RE: Exchange Server 2013: Not quite ready for the data center - Computerworld Reading that just reaffirms our decision to go from 2k7 to 2k10 and not 2k13. Regards, Don Guyer Catholic Health East - Information Technology Enterprise Directory Messaging Services 3805 West Chester Pike, Suite 100, Newtown Square, Pa 19073 email: dgu...@che.orgmailto:dgu...@che.org Office: 610.550.3595 | Cell: 610.955.6528 | Fax: 610.271.9440 For immediate assistance, please open a Service Desk ticket or call the helpdesk @ 610-492-3839. [Description: Description: Description: InfoService-Logo240] From: Andrew S. Baker [mailto:asbz...@gmail.com] Sent: Thursday, February 07, 2013 12:52 PM To: NT System Admin Issues Subject: Exchange Server 2013: Not quite ready for the data center - Computerworld Hey, MBS What's your take on this article?I haven't touched Exchange 2013 as yet... http://www.computerworld.com/s/article/9236531/Exchange_Server_2013_Not_quite_ready_for_the_data_center?taxonomyId=18pageNumber=1 Regards, ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin Confidentiality Notice: This e-mail, including any attachments is the property of Catholic Health East and is intended for the sole use of the intended recipient(s). It may contain information that is privileged and confidential. Any unauthorized review, use, disclosure, or distribution is prohibited. If you are not the intended recipient, please delete this message, and reply to the sender regarding the error in a separate email. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmininline: image001.jpg
RE: Exchange Server 2013: Not quite ready for the data center - Computerworld
Oh, he probably will get awarded when he answers all of my Exchange 2013 questions come Spring XO The decision has been made and we're heading down that road. We're still on E2k7 on an old box. Were looking at E2k10 when 13 was announced. At this point, when the updates come out for compatibility, we'll be ordering up our new hardware. Went to a launch training event in November and got the rundown--there is a lot to figure out, but we don't have an extremely complicated environment, so I think we can pull it off. Feels to me like when E2k7 was first out and many things were missing because they hadn't been rewritten yet, but most of it is there in PS if you can find the right cmdlet to run (and assuming it wasn't removed--yikes!). I'm scared. Moving to E2k7 LITERALLY gave me my first gray hairs. -Bonnie -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Thursday, February 07, 2013 12:20 PM To: NT System Admin Issues Subject: Re: Exchange Server 2013: Not quite ready for the data center - Computerworld H If you don't, perhaps we should start a campaign... Kurt On Thu, Feb 7, 2013 at 12:11 PM, Michael B. Smith mich...@smithcons.com wrote: I’m definitely not a mouthpiece. J I think it’ll be fine. But I won’t be surprised if I don’t get re-awarded this june! From: Patrick Salmon [mailto:psal...@gmail.com] Sent: Thursday, February 7, 2013 3:00 PM To: NT System Admin Issues Subject: Re: Exchange Server 2013: Not quite ready for the data center - Computerworld They'll get over it. If you're not afraid to say it when the emperor has no clothes then you become a mouthpiece for the machine. Much of the credibility and value of the MVP role comes from NOT being the mouthpiece. IMNSHO. On Thu, Feb 7, 2013 at 2:49 PM, Kurt Buff kurt.b...@gmail.com wrote: But it's good for you, right? I mean, how many CW readers have now heard your name (as an Authority!), where they hadn't before... Should be interesting to monitor the comments on that blog post now, I'm guessing... Kurt On Thu, Feb 7, 2013 at 11:46 AM, Michael B. Smith mich...@smithcons.com wrote: I think that article has made the Exchange team very mad at me. Apparently, not such a big deal when the MVPs blog it and it gets put into Redmond magazine or WindowsIT Pro magazine – but hitting ComputerWorld has caused a lot of angst. From: Andrew S. Baker [mailto:asbz...@gmail.com] Sent: Thursday, February 7, 2013 12:52 PM To: NT System Admin Issues Subject: Exchange Server 2013: Not quite ready for the data center - Computerworld Hey, MBS What's your take on this article?I haven't touched Exchange 2013 as yet... http://www.computerworld.com/s/article/9236531/Exchange_Server_2013_N ot_quite_ready_for_the_data_center?taxonomyId=18pageNumber=1 Regards, ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions
RE: Exchange Server 2013: Not quite ready for the data center - Computerworld
LOL I said reaffirms not affirms... : ) Regards, Don Guyer Catholic Health East - Information Technology Enterprise Directory Messaging Services 3805 West Chester Pike, Suite 100, Newtown Square, Pa 19073 email: dgu...@che.orgmailto:dgu...@che.org Office: 610.550.3595 | Cell: 610.955.6528 | Fax: 610.271.9440 For immediate assistance, please open a Service Desk ticket or call the helpdesk @ 610-492-3839. [cid:image001.jpg@01CE054D.7BF6DE00] From: Michael B. Smith [mailto:mich...@smithcons.com] Sent: Thursday, February 07, 2013 3:47 PM To: NT System Admin Issues Subject: RE: Exchange Server 2013: Not quite ready for the data center - Computerworld What? You didn't read my initial post on January 6? I'm insulted! :) From: Guyer, Don [mailto:dgu...@che.org] Sent: Thursday, February 7, 2013 3:18 PM To: NT System Admin Issues Subject: RE: Exchange Server 2013: Not quite ready for the data center - Computerworld Reading that just reaffirms our decision to go from 2k7 to 2k10 and not 2k13. Regards, Don Guyer Catholic Health East - Information Technology Enterprise Directory Messaging Services 3805 West Chester Pike, Suite 100, Newtown Square, Pa 19073 email: dgu...@che.orgmailto:dgu...@che.org Office: 610.550.3595 | Cell: 610.955.6528 | Fax: 610.271.9440 For immediate assistance, please open a Service Desk ticket or call the helpdesk @ 610-492-3839. [cid:image001.jpg@01CE054D.7BF6DE00] From: Andrew S. Baker [mailto:asbz...@gmail.com] Sent: Thursday, February 07, 2013 12:52 PM To: NT System Admin Issues Subject: Exchange Server 2013: Not quite ready for the data center - Computerworld Hey, MBS What's your take on this article?I haven't touched Exchange 2013 as yet... http://www.computerworld.com/s/article/9236531/Exchange_Server_2013_Not_quite_ready_for_the_data_center?taxonomyId=18pageNumber=1 Regards, ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin Confidentiality Notice: This e-mail, including any attachments is the property of Catholic Health East and is intended for the sole use of the intended recipient(s). It may contain information that is privileged and confidential. Any unauthorized review, use, disclosure, or distribution is prohibited. If you are not the intended recipient, please delete this message, and reply to the sender regarding the error in a separate email. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin Confidentiality Notice: This e-mail, including any attachments is the property of Catholic Health East and is intended for the sole use of the intended recipient(s). It may contain information that is privileged and confidential. Any unauthorized review, use, disclosure, or distribution is prohibited. If you are not the intended recipient, please delete this message, and reply to the sender regarding the error in a separate email. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmininline: image001.jpg
Domain upgrade: 2008 R2 or 2012 ?
Has anyone done this evaluation recently? We are a 2003 R2 shop. We were in the process of planning a migration to a 2008 R2 domain last year (hardware was bought and deployed), when the funds got cut. From what I hear, we will have funding and approval this year for the project. So the question is now, 2008 R2 or 2012. I've had very little time with 2012 so far. Hopefully that will change in the near future. The benefits of going from 2003 to 2008 R2 i've already captured. From what I've seen so far, 2012 seems stable and an incremental upgrade for our environment. Some of the things that might push me towards 2012 don't apply in our environment. for Example RDS and Hyper-V. We are a big Citrix and VMWare shop. So I don't really see us making use of those specific features, or the enhancements in them from previous versions. From my understanding 2012 is included in our EA agreement. So I don't think it will really be a licensing issue. Love to hear thoughts and comments from others who are going through this right now, or have done this evaluation recently. Thanks, Christopher Bodnar Enterprise Architect I, Corporate Office of Technology:Enterprise Architecture and Engineering Services Tel 610-807-6459 3900 Burgess Place, Bethlehem, PA 18017 christopher_bod...@glic.com The Guardian Life Insurance Company of America www.guardianlife.com - This message, and any attachments to it, may contain information that is privileged, confidential, and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient, you are notified that any use, dissemination, distribution, copying, or communication of this message is strictly prohibited. If you have received this message in error, please notify the sender immediately by return e-mail and delete the message and any attachments. Thank you. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadminimage/jpeg
RE: Domain upgrade: 2008 R2 or 2012 ?
I would go straight to WS2012. From an AD perspective, you can take advantage of new features like virtualization safeties, group managed service accounts, and dynamic access control. Thanks, Brian Desmond br...@briandesmond.commailto:br...@briandesmond.com w - 312.625.1438 | c - 312.731.3132 From: Christopher Bodnar [mailto:christopher_bod...@glic.com] Sent: Thursday, February 7, 2013 3:34 PM To: NT System Admin Issues Subject: Domain upgrade: 2008 R2 or 2012 ? Has anyone done this evaluation recently? We are a 2003 R2 shop. We were in the process of planning a migration to a 2008 R2 domain last year (hardware was bought and deployed), when the funds got cut. From what I hear, we will have funding and approval this year for the project. So the question is now, 2008 R2 or 2012. I've had very little time with 2012 so far. Hopefully that will change in the near future. The benefits of going from 2003 to 2008 R2 i've already captured. From what I've seen so far, 2012 seems stable and an incremental upgrade for our environment. Some of the things that might push me towards 2012 don't apply in our environment. for Example RDS and Hyper-V. We are a big Citrix and VMWare shop. So I don't really see us making use of those specific features, or the enhancements in them from previous versions. From my understanding 2012 is included in our EA agreement. So I don't think it will really be a licensing issue. Love to hear thoughts and comments from others who are going through this right now, or have done this evaluation recently. Thanks, Christopher Bodnar Enterprise Architect I, Corporate Office of Technology:Enterprise Architecture and Engineering Services Tel 610-807-6459 3900 Burgess Place, Bethlehem, PA 18017 christopher_bod...@glic.commailto: [cid:image001.jpg@01CE0549.D101CA30] The Guardian Life Insurance Company of America www.guardianlife.comhttp://www.guardianlife.com/ - This message, and any attachments to it, may contain information that is privileged, confidential, and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient, you are notified that any use, dissemination, distribution, copying, or communication of this message is strictly prohibited. If you have received this message in error, please notify the sender immediately by return e-mail and delete the message and any attachments. Thank you. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmininline: image001.jpg
RE: Domain upgrade: 2008 R2 or 2012 ?
+1, plus you will be ready for the next version of Citrix stuff set to be released on *%%#%$!)*#%@$^$ (oops looks like my NDA filter garbled that date!). Thanks Webster From: Brian Desmond [mailto:br...@briandesmond.com] Sent: Thursday, February 07, 2013 3:43 PM To: NT System Admin Issues Subject: RE: Domain upgrade: 2008 R2 or 2012 ? I would go straight to WS2012. From an AD perspective, you can take advantage of new features like virtualization safeties, group managed service accounts, and dynamic access control. Thanks, Brian Desmond br...@briandesmond.commailto:br...@briandesmond.com w - 312.625.1438 | c - 312.731.3132 From: Christopher Bodnar [mailto:christopher_bod...@glic.com] Sent: Thursday, February 7, 2013 3:34 PM To: NT System Admin Issues Subject: Domain upgrade: 2008 R2 or 2012 ? Has anyone done this evaluation recently? We are a 2003 R2 shop. We were in the process of planning a migration to a 2008 R2 domain last year (hardware was bought and deployed), when the funds got cut. From what I hear, we will have funding and approval this year for the project. So the question is now, 2008 R2 or 2012. I've had very little time with 2012 so far. Hopefully that will change in the near future. The benefits of going from 2003 to 2008 R2 i've already captured. From what I've seen so far, 2012 seems stable and an incremental upgrade for our environment. Some of the things that might push me towards 2012 don't apply in our environment. for Example RDS and Hyper-V. We are a big Citrix and VMWare shop. So I don't really see us making use of those specific features, or the enhancements in them from previous versions. From my understanding 2012 is included in our EA agreement. So I don't think it will really be a licensing issue. Love to hear thoughts and comments from others who are going through this right now, or have done this evaluation recently. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Highly recommended - I have a paper copy
-- Forwarded message -- From: InfoSec News ale...@infosecnews.org Date: Wed, Feb 6, 2013 at 11:41 PM Subject: [ISN] Security Engineering -- The Book - For Free! To: i...@infosecnews.org http://www.cl.cam.ac.uk/~rja14/book.html Security Engineering -- The Book ‘I'm incredibly impressed that one person could produce such a thorough coverage. Moreover, you make the stuff easy and enjoyable to read. I find it just as entertaining - and far more useful - than novels (and my normal science fiction). When I first got it in the mail, I said to myself I'm never going to read all of that. But once I started reading I just kept going and going. Fantastic: well done. Now, let's hope that all those in charge of security for information technology will also read the book and heed the lessons.’ Don Norman ‘The book that you MUST READ RIGHT NOW is the second edition of Ross Anderson's Security Engineering book. Ross did a complete pass on his classic tome and somehow made it even better...’ Gary McGraw ‘It's beautiful. This is the best book on the topic there is’ Bruce Schneier All chapters from the second edition now available free online! Table of contents Preface Acknowledgements Chapter 1: What is Security Engineering? Chapter 2: Usability and Psychology Chapter 3: Protocols Chapter 4: Access Control Chapter 5: Cryptography Chapter 6: Distributed Systems Chapter 7: Economics Chapter 8: Multilevel Security Chapter 9: Multilateral Security Chapter 10: Banking and Bookkeeping Chapter 11: Physical Protection Chapter 12: Monitoring and Metering Chapter 13: Nuclear Command and Control Chapter 14: Security Printing and Seals Chapter 15: Biometrics Chapter 16: Physical Tamper Resistance Chapter 17: Emission Security Chapter 18: API Security Chapter 19: Electronic and Information Warfare Chapter 20: Telecom System Security Chapter 21: Network Attack and Defence Chapter 22: Copyright and DRM Chapter 23: The Bleeding Edge Chapter 24: Terror, Justice and Freedom Chapter 25: Managing the Development of Secure Systems Chapter 26: System Evaluation and Assurance Chapter 27: Conclusions Bibliography Index When I wrote the first edition, we put the chapters online free after four years and found that this boosted sales of the paper edition. People would find a useful chapter online and then buy the book to have it as a reference. Wiley and I agreed to do the same with the second edition, and now, four years after publication, I am putting all the chapters online for free. Enjoy them – and I hope you'll buy the paper version to have as a conveient shelf reference: Buy from Amazon.com Buy from Wiley Buy from Amazon.co.uk (Kindle version) Here are the errata for the second edition, and here's a page of notes and links concerning relevant topics that I've come across since publication. Supplementary materials: If you're a college professor thinking of using my book in class, note that we use my book in three courses at Cambridge: * the first part in second-year Introduction to Security (course material and past exam questions) * the second in third-year Security (course material and questions), and * the third part in our second-year Software Engineering (course, questions and still more questions). I hope you find these useful. You're welcome to use and adapt any of my slides if you wish under this Creative Commons license. Also, if you're an instructor at an accredited institution, you can request an evaluation copy via Wiley's website. __ Visit the InfoSec News Security Bookstore Best Selling Security Books and More! http://www.shopinfosecnews.org ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Exchange Server 2013: Not quite ready for the data center - Computerworld
There are some mitigations coming Real Soon Now. :) -Original Message- From: Miller Bonnie L. [mailto:mille...@mukilteo.wednet.edu] Sent: Thursday, February 7, 2013 4:05 PM To: NT System Admin Issues Subject: RE: Exchange Server 2013: Not quite ready for the data center - Computerworld Oh, he probably will get awarded when he answers all of my Exchange 2013 questions come Spring XO The decision has been made and we're heading down that road. We're still on E2k7 on an old box. Were looking at E2k10 when 13 was announced. At this point, when the updates come out for compatibility, we'll be ordering up our new hardware. Went to a launch training event in November and got the rundown--there is a lot to figure out, but we don't have an extremely complicated environment, so I think we can pull it off. Feels to me like when E2k7 was first out and many things were missing because they hadn't been rewritten yet, but most of it is there in PS if you can find the right cmdlet to run (and assuming it wasn't removed--yikes!). I'm scared. Moving to E2k7 LITERALLY gave me my first gray hairs. -Bonnie -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Thursday, February 07, 2013 12:20 PM To: NT System Admin Issues Subject: Re: Exchange Server 2013: Not quite ready for the data center - Computerworld H If you don't, perhaps we should start a campaign... Kurt On Thu, Feb 7, 2013 at 12:11 PM, Michael B. Smith mich...@smithcons.com wrote: I’m definitely not a mouthpiece. J I think it’ll be fine. But I won’t be surprised if I don’t get re-awarded this june! From: Patrick Salmon [mailto:psal...@gmail.com] Sent: Thursday, February 7, 2013 3:00 PM To: NT System Admin Issues Subject: Re: Exchange Server 2013: Not quite ready for the data center - Computerworld They'll get over it. If you're not afraid to say it when the emperor has no clothes then you become a mouthpiece for the machine. Much of the credibility and value of the MVP role comes from NOT being the mouthpiece. IMNSHO. On Thu, Feb 7, 2013 at 2:49 PM, Kurt Buff kurt.b...@gmail.com wrote: But it's good for you, right? I mean, how many CW readers have now heard your name (as an Authority!), where they hadn't before... Should be interesting to monitor the comments on that blog post now, I'm guessing... Kurt On Thu, Feb 7, 2013 at 11:46 AM, Michael B. Smith mich...@smithcons.com wrote: I think that article has made the Exchange team very mad at me. Apparently, not such a big deal when the MVPs blog it and it gets put into Redmond magazine or WindowsIT Pro magazine – but hitting ComputerWorld has caused a lot of angst. From: Andrew S. Baker [mailto:asbz...@gmail.com] Sent: Thursday, February 7, 2013 12:52 PM To: NT System Admin Issues Subject: Exchange Server 2013: Not quite ready for the data center - Computerworld Hey, MBS What's your take on this article?I haven't touched Exchange 2013 as yet... http://www.computerworld.com/s/article/9236531/Exchange_Server_2013_N ot_quite_ready_for_the_data_center?taxonomyId=18pageNumber=1 Regards, ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here:
Re: Passsword Meter
it says that mine, qwerty123 is not very good... odd that... or what a great way to collect passwords... - Sub ubi semper ubi On Thu, Feb 7, 2013 at 2:56 PM, Crawford, Scott crawfo...@evangel.edu wrote: If you don't mind typing your password into a web form, this is a pretty nice indicator of strength. http://www.passwordmeter.com/ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Passsword Meter
Yeah, I'm not too crazy about it, but its not like you put a username in to match. -Original Message- From: S Powell [mailto:powe...@gmail.com] Sent: Thursday, February 7, 2013 5:22 PM To: NT System Admin Issues Subject: Re: Passsword Meter it says that mine, qwerty123 is not very good... odd that... or what a great way to collect passwords... - Sub ubi semper ubi On Thu, Feb 7, 2013 at 2:56 PM, Crawford, Scott crawfo...@evangel.edu wrote: If you don't mind typing your password into a web form, this is a pretty nice indicator of strength. http://www.passwordmeter.com/ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Exchange Server 2013: Not quite ready for the data center - Computerworld
We're in a gray area ourselves. We have Exchange 2007 and have an Exchange 2010 infrastructure built but are having issues with the F5 load balancers which have devolved into a fight about costs so we're stalled. At this rate the service packs may come out before we move more then test users. If that happens we may just install Exchange 2013 and move to there substantially skipping Exchange 2010. Steven On Thu, Feb 7, 2013 at 2:24 PM, Michael B. Smith mich...@smithcons.comwrote: There are some mitigations coming Real Soon Now. :) -Original Message- From: Miller Bonnie L. [mailto:mille...@mukilteo.wednet.edu] Sent: Thursday, February 7, 2013 4:05 PM To: NT System Admin Issues Subject: RE: Exchange Server 2013: Not quite ready for the data center - Computerworld Oh, he probably will get awarded when he answers all of my Exchange 2013 questions come Spring XO The decision has been made and we're heading down that road. We're still on E2k7 on an old box. Were looking at E2k10 when 13 was announced. At this point, when the updates come out for compatibility, we'll be ordering up our new hardware. Went to a launch training event in November and got the rundown--there is a lot to figure out, but we don't have an extremely complicated environment, so I think we can pull it off. Feels to me like when E2k7 was first out and many things were missing because they hadn't been rewritten yet, but most of it is there in PS if you can find the right cmdlet to run (and assuming it wasn't removed--yikes!). I'm scared. Moving to E2k7 LITERALLY gave me my first gray hairs. -Bonnie -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Thursday, February 07, 2013 12:20 PM To: NT System Admin Issues Subject: Re: Exchange Server 2013: Not quite ready for the data center - Computerworld H If you don't, perhaps we should start a campaign... Kurt On Thu, Feb 7, 2013 at 12:11 PM, Michael B. Smith mich...@smithcons.com wrote: I’m definitely not a mouthpiece. J I think it’ll be fine. But I won’t be surprised if I don’t get re-awarded this june! From: Patrick Salmon [mailto:psal...@gmail.com] Sent: Thursday, February 7, 2013 3:00 PM To: NT System Admin Issues Subject: Re: Exchange Server 2013: Not quite ready for the data center - Computerworld They'll get over it. If you're not afraid to say it when the emperor has no clothes then you become a mouthpiece for the machine. Much of the credibility and value of the MVP role comes from NOT being the mouthpiece. IMNSHO. On Thu, Feb 7, 2013 at 2:49 PM, Kurt Buff kurt.b...@gmail.com wrote: But it's good for you, right? I mean, how many CW readers have now heard your name (as an Authority!), where they hadn't before... Should be interesting to monitor the comments on that blog post now, I'm guessing... Kurt On Thu, Feb 7, 2013 at 11:46 AM, Michael B. Smith mich...@smithcons.com wrote: I think that article has made the Exchange team very mad at me. Apparently, not such a big deal when the MVPs blog it and it gets put into Redmond magazine or WindowsIT Pro magazine – but hitting ComputerWorld has caused a lot of angst. From: Andrew S. Baker [mailto:asbz...@gmail.com] Sent: Thursday, February 7, 2013 12:52 PM To: NT System Admin Issues Subject: Exchange Server 2013: Not quite ready for the data center - Computerworld Hey, MBS What's your take on this article?I haven't touched Exchange 2013 as yet... http://www.computerworld.com/s/article/9236531/Exchange_Server_2013_N ot_quite_ready_for_the_data_center?taxonomyId=18pageNumber=1 Regards, ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/
Re: Domain upgrade: 2008 R2 or 2012 ?
Seconded. *ASB **http://XeeMe.com/AndrewBaker* http://xeeme.com/AndrewBaker* **Providing Virtual CIO Services (IT Operations Information Security) for the SMB market…*** On Thu, Feb 7, 2013 at 4:43 PM, Brian Desmond br...@briandesmond.comwrote: *I would go straight to WS2012.* * * *From an AD perspective, you can take advantage of new features like virtualization safeties, group managed service accounts, and dynamic access control. * * * *Thanks,* *Brian Desmond* *br...@briandesmond.com* * * *w – 312.625.1438 | c – 312.731.3132* * * *From:* Christopher Bodnar [mailto:christopher_bod...@glic.com] *Sent:* Thursday, February 7, 2013 3:34 PM *To:* NT System Admin Issues *Subject:* Domain upgrade: 2008 R2 or 2012 ? ** ** Has anyone done this evaluation recently? We are a 2003 R2 shop. We were in the process of planning a migration to a 2008 R2 domain last year (hardware was bought and deployed), when the funds got cut. From what I hear, we will have funding and approval this year for the project. So the question is now, 2008 R2 or 2012. I've had very little time with 2012 so far. Hopefully that will change in the near future. The benefits of going from 2003 to 2008 R2 i've already captured. From what I've seen so far, 2012 seems stable and an incremental upgrade for our environment. Some of the things that might push me towards 2012 don't apply in our environment. for Example RDS and Hyper-V. We are a big Citrix and VMWare shop. So I don't really see us making use of those specific features, or the enhancements in them from previous versions. From my understanding 2012 is included in our EA agreement. So I don't think it will really be a licensing issue. Love to hear thoughts and comments from others who are going through this right now, or have done this evaluation recently. Thanks, ** ** *Christopher Bodnar* Enterprise Architect I, Corporate Office of Technology:Enterprise Architecture and Engineering Services Tel 610-807-6459 3900 Burgess Place, Bethlehem, PA 18017 christopher_bod...@glic.com * The Guardian Life Insurance Company of America* * *www.guardianlife.com ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadminimage001.jpg
Re: Highly recommended - I have a paper copy
Thanks! *ASB **http://XeeMe.com/AndrewBaker* http://xeeme.com/AndrewBaker* **Providing Virtual CIO Services (IT Operations Information Security) for the SMB market…*** On Thu, Feb 7, 2013 at 5:20 PM, Kurt Buff kurt.b...@gmail.com wrote: -- Forwarded message -- From: InfoSec News ale...@infosecnews.org Date: Wed, Feb 6, 2013 at 11:41 PM Subject: [ISN] Security Engineering -- The Book - For Free! To: i...@infosecnews.org http://www.cl.cam.ac.uk/~rja14/book.html Security Engineering -- The Book ‘I'm incredibly impressed that one person could produce such a thorough coverage. Moreover, you make the stuff easy and enjoyable to read. I find it just as entertaining - and far more useful - than novels (and my normal science fiction). When I first got it in the mail, I said to myself I'm never going to read all of that. But once I started reading I just kept going and going. Fantastic: well done. Now, let's hope that all those in charge of security for information technology will also read the book and heed the lessons.’ Don Norman ‘The book that you MUST READ RIGHT NOW is the second edition of Ross Anderson's Security Engineering book. Ross did a complete pass on his classic tome and somehow made it even better...’ Gary McGraw ‘It's beautiful. This is the best book on the topic there is’ Bruce Schneier All chapters from the second edition now available free online! Table of contents Preface Acknowledgements Chapter 1: What is Security Engineering? Chapter 2: Usability and Psychology Chapter 3: Protocols Chapter 4: Access Control Chapter 5: Cryptography Chapter 6: Distributed Systems Chapter 7: Economics Chapter 8: Multilevel Security Chapter 9: Multilateral Security Chapter 10: Banking and Bookkeeping Chapter 11: Physical Protection Chapter 12: Monitoring and Metering Chapter 13: Nuclear Command and Control Chapter 14: Security Printing and Seals Chapter 15: Biometrics Chapter 16: Physical Tamper Resistance Chapter 17: Emission Security Chapter 18: API Security Chapter 19: Electronic and Information Warfare Chapter 20: Telecom System Security Chapter 21: Network Attack and Defence Chapter 22: Copyright and DRM Chapter 23: The Bleeding Edge Chapter 24: Terror, Justice and Freedom Chapter 25: Managing the Development of Secure Systems Chapter 26: System Evaluation and Assurance Chapter 27: Conclusions Bibliography Index When I wrote the first edition, we put the chapters online free after four years and found that this boosted sales of the paper edition. People would find a useful chapter online and then buy the book to have it as a reference. Wiley and I agreed to do the same with the second edition, and now, four years after publication, I am putting all the chapters online for free. Enjoy them – and I hope you'll buy the paper version to have as a conveient shelf reference: Buy from Amazon.com Buy from Wiley Buy from Amazon.co.uk (Kindle version) Here are the errata for the second edition, and here's a page of notes and links concerning relevant topics that I've come across since publication. Supplementary materials: If you're a college professor thinking of using my book in class, note that we use my book in three courses at Cambridge: * the first part in second-year Introduction to Security (course material and past exam questions) * the second in third-year Security (course material and questions), and * the third part in our second-year Software Engineering (course, questions and still more questions). I hope you find these useful. You're welcome to use and adapt any of my slides if you wish under this Creative Commons license. Also, if you're an instructor at an accredited institution, you can request an evaluation copy via Wiley's website. __ Visit the InfoSec News Security Bookstore Best Selling Security Books and More! http://www.shopinfosecnews.org ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Domain upgrade: 2008 R2 or 2012 ?
Copycat! :) Thanks Webster From: Andrew S. Baker [mailto:asbz...@gmail.com] Subject: Re: Domain upgrade: 2008 R2 or 2012 ? Seconded. ASB http://XeeMe.com/AndrewBakerhttp://xeeme.com/AndrewBaker Providing Virtual CIO Services (IT Operations Information Security) for the SMB market... On Thu, Feb 7, 2013 at 4:43 PM, Brian Desmond br...@briandesmond.commailto:br...@briandesmond.com wrote: I would go straight to WS2012. From an AD perspective, you can take advantage of new features like virtualization safeties, group managed service accounts, and dynamic access control. Thanks, Brian Desmond br...@briandesmond.commailto:br...@briandesmond.com w - 312.625.1438tel:312.625.1438 | c - 312.731.3132tel:312.731.3132 From: Christopher Bodnar [mailto:christopher_bod...@glic.commailto:christopher_bod...@glic.com] Sent: Thursday, February 7, 2013 3:34 PM To: NT System Admin Issues Subject: Domain upgrade: 2008 R2 or 2012 ? Has anyone done this evaluation recently? We are a 2003 R2 shop. We were in the process of planning a migration to a 2008 R2 domain last year (hardware was bought and deployed), when the funds got cut. From what I hear, we will have funding and approval this year for the project. So the question is now, 2008 R2 or 2012. I've had very little time with 2012 so far. Hopefully that will change in the near future. The benefits of going from 2003 to 2008 R2 i've already captured. From what I've seen so far, 2012 seems stable and an incremental upgrade for our environment. Some of the things that might push me towards 2012 don't apply in our environment. for Example RDS and Hyper-V. We are a big Citrix and VMWare shop. So I don't really see us making use of those specific features, or the enhancements in them from previous versions. From my understanding 2012 is included in our EA agreement. So I don't think it will really be a licensing issue. Love to hear thoughts and comments from others who are going through this right now, or have done this evaluation recently. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Passsword Meter
It's not like they won't grab IP info... Plus, are you *sure* your browser is not giving away username info? *ASB **http://XeeMe.com/AndrewBaker* http://xeeme.com/AndrewBaker* **Providing Virtual CIO Services (IT Operations Information Security) for the SMB market…*** On Thu, Feb 7, 2013 at 6:24 PM, Crawford, Scott crawfo...@evangel.eduwrote: Yeah, I'm not too crazy about it, but its not like you put a username in to match. -Original Message- From: S Powell [mailto:powe...@gmail.com] Sent: Thursday, February 7, 2013 5:22 PM To: NT System Admin Issues Subject: Re: Passsword Meter it says that mine, qwerty123 is not very good... odd that... or what a great way to collect passwords... - Sub ubi semper ubi On Thu, Feb 7, 2013 at 2:56 PM, Crawford, Scott crawfo...@evangel.edu wrote: If you don't mind typing your password into a web form, this is a pretty nice indicator of strength. http://www.passwordmeter.com/ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Domain upgrade: 2008 R2 or 2012 ?
Why should I waste words to concur with the right answer? :) *ASB **http://XeeMe.com/AndrewBaker* http://xeeme.com/AndrewBaker* **Providing Virtual CIO Services (IT Operations Information Security) for the SMB market…*** On Thu, Feb 7, 2013 at 6:57 PM, Webster webs...@carlwebster.com wrote: Copycat! J ** ** Thanks ** ** ** ** Webster ** ** *From:* Andrew S. Baker [mailto:asbz...@gmail.com] *Subject:* Re: Domain upgrade: 2008 R2 or 2012 ? ** ** Seconded. * * *ASB **http://XeeMe.com/AndrewBaker* http://xeeme.com/AndrewBaker* **Providing Virtual CIO Services (IT Operations Information Security) for the SMB market…* ** ** On Thu, Feb 7, 2013 at 4:43 PM, Brian Desmond br...@briandesmond.com wrote: *I would go straight to WS2012.* * * *From an AD perspective, you can take advantage of new features like virtualization safeties, group managed service accounts, and dynamic access control. * * * *Thanks,* *Brian Desmond* *br...@briandesmond.com* * * *w – 312.625.1438 | c – 312.731.3132* * * *From:* Christopher Bodnar [mailto:christopher_bod...@glic.com] *Sent:* Thursday, February 7, 2013 3:34 PM *To:* NT System Admin Issues *Subject:* Domain upgrade: 2008 R2 or 2012 ? Has anyone done this evaluation recently? We are a 2003 R2 shop. We were in the process of planning a migration to a 2008 R2 domain last year (hardware was bought and deployed), when the funds got cut. From what I hear, we will have funding and approval this year for the project. So the question is now, 2008 R2 or 2012. I've had very little time with 2012 so far. Hopefully that will change in the near future. The benefits of going from 2003 to 2008 R2 i've already captured. From what I've seen so far, 2012 seems stable and an incremental upgrade for our environment. Some of the things that might push me towards 2012 don't apply in our environment. for Example RDS and Hyper-V. We are a big Citrix and VMWare shop. So I don't really see us making use of those specific features, or the enhancements in them from previous versions. From my understanding 2012 is included in our EA agreement. So I don't think it will really be a licensing issue. Love to hear thoughts and comments from others who are going through this right now, or have done this evaluation recently. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Passsword Meter
I use Internet Exploder and trust Microsoft to have a safe and secure browser that affords me plenty of security on the Internet. What more do I need? Thanks Webster From: Andrew S. Baker [mailto:asbz...@gmail.com] Subject: Re: Passsword Meter It's not like they won't grab IP info... Plus, are you *sure* your browser is not giving away username info? On Thu, Feb 7, 2013 at 6:24 PM, Crawford, Scott crawfo...@evangel.edumailto:crawfo...@evangel.edu wrote: Yeah, I'm not too crazy about it, but its not like you put a username in to match. -Original Message- From: S Powell [mailto:powe...@gmail.commailto:powe...@gmail.com] Subject: Re: Passsword Meter it says that mine, qwerty123 is not very good... odd that... or what a great way to collect passwords... On Thu, Feb 7, 2013 at 2:56 PM, Crawford, Scott crawfo...@evangel.edumailto:crawfo...@evangel.edu wrote: If you don't mind typing your password into a web form, this is a pretty nice indicator of strength. http://www.passwordmeter.com/ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Exchange Server 2013: Not quite ready for the data center - Computerworld
Tsk tsk tsk From: Andrew S. Baker [mailto:asbz...@gmail.com] Sent: Thursday, February 7, 2013 7:38 PM To: NT System Admin Issues Subject: Re: Exchange Server 2013: Not quite ready for the data center - Computerworld Funny thing is, I remember him posting that article, and I bookmarked it, but I never got around to reading it. ::shame:: ASB http://XeeMe.com/AndrewBakerhttp://xeeme.com/AndrewBaker Providing Virtual CIO Services (IT Operations Information Security) for the SMB market... On Thu, Feb 7, 2013 at 2:20 PM, Free, Bob r...@pge.commailto:r...@pge.com wrote: Didn't you get the memo ASB? :) He blogged on that a whole back. Short answer In my personal opinion, Exchange 2013 RTM is not ready for prime time. http://theessentialexchange.com/blogs/michael/archive/2013/01/06/exchange-server-2013-gotchas.aspx From: Andrew S. Baker [mailto:asbz...@gmail.commailto:asbz...@gmail.com] Sent: Thursday, February 07, 2013 9:52 AM To: NT System Admin Issues Subject: [dkim-failure] Exchange Server 2013: Not quite ready for the data center - Computerworld Hey, MBS What's your take on this article?I haven't touched Exchange 2013 as yet... http://www.computerworld.com/s/article/9236531/Exchange_Server_2013_Not_quite_ready_for_the_data_center?taxonomyId=18pageNumber=1 Regards, ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin PGE is committed to protecting our customers' privacy. To learn more, please visit http://www.pge.com/about/company/privacy/customer/ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Passsword Meter
True. Like I said, I'm not real crazy about it, but it is a nice interface and could be useful to some. From: Andrew S. Baker [mailto:asbz...@gmail.com] Sent: Thursday, February 7, 2013 6:37 PM To: NT System Admin Issues Subject: Re: Passsword Meter It's not like they won't grab IP info... Plus, are you *sure* your browser is not giving away username info? ASB http://XeeMe.com/AndrewBakerhttp://xeeme.com/AndrewBaker Providing Virtual CIO Services (IT Operations Information Security) for the SMB market... On Thu, Feb 7, 2013 at 6:24 PM, Crawford, Scott crawfo...@evangel.edumailto:crawfo...@evangel.edu wrote: Yeah, I'm not too crazy about it, but its not like you put a username in to match. -Original Message- From: S Powell [mailto:powe...@gmail.commailto:powe...@gmail.com] Sent: Thursday, February 7, 2013 5:22 PM To: NT System Admin Issues Subject: Re: Passsword Meter it says that mine, qwerty123 is not very good... odd that... or what a great way to collect passwords... - Sub ubi semper ubi On Thu, Feb 7, 2013 at 2:56 PM, Crawford, Scott crawfo...@evangel.edumailto:crawfo...@evangel.edu wrote: If you don't mind typing your password into a web form, this is a pretty nice indicator of strength. http://www.passwordmeter.com/ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Passsword Meter
And I believe every word you say, too. Kurt On Thu, Feb 7, 2013 at 4:45 PM, Webster webs...@carlwebster.com wrote: I use Internet Exploder and trust Microsoft to have a safe and secure browser that affords me plenty of security on the Internet. What more do I need? Thanks Webster From: Andrew S. Baker [mailto:asbz...@gmail.com] Subject: Re: Passsword Meter It's not like they won't grab IP info... Plus, are you *sure* your browser is not giving away username info? On Thu, Feb 7, 2013 at 6:24 PM, Crawford, Scott crawfo...@evangel.edu wrote: Yeah, I'm not too crazy about it, but its not like you put a username in to match. -Original Message- From: S Powell [mailto:powe...@gmail.com] Subject: Re: Passsword Meter it says that mine, qwerty123 is not very good... odd that... or what a great way to collect passwords... On Thu, Feb 7, 2013 at 2:56 PM, Crawford, Scott crawfo...@evangel.edu wrote: If you don't mind typing your password into a web form, this is a pretty nice indicator of strength. http://www.passwordmeter.com/ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Bad Kaspersky update?
Absolutely this week. They acknowledge to my team after a lengthy wait on their Q. Glad I'm in class to observe from remote. :) d From: Greg Olson [mailto:gol...@markettools.com] Sent: Thursday, February 07, 2013 6:21 PM To: NT System Admin Issues Subject: Bad Kaspersky update? Anyone else see a bad Kaspersky update just come through on Forefront? My cas server jumped to 100% cpu (FSCTransportScanner service) and I had to disable that engine before it calmed down. Going to wait a bit for the next one to refresh and then turn it back on. -Greg ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin This e-mail contains the thoughts and opinions of the sender and does not represent official Parkview Medical Center policy. This communication is intended only for the recipient(s) named above, may be confidential and/or legally privileged: and, must be treated as such in accordance with state and federal laws. If you are not the intended recipient, you are hereby notified that any use of this communication, or any of its contents, is prohibited. If you have received this communication in error, please return to sender and delete the message from your computer system. Parkview Medical Centerhttp://www.parkviewmc.com ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Domain upgrade: 2008 R2 or 2012 ?
Are you doing a technical evaluation or a business case? From a technical PoV, I think the posts already have this covered: there are some incremental enhancements and no real downsides (platform is stable, covered in your EA etc.) From a broader perspective, is your project going to have to pick up shared costs like a new Win2k12 build, updating CMDB, deployment and support capability blah, blah? That might impact your business case. Cheers Ken From: Christopher Bodnar [mailto:christopher_bod...@glic.com] Sent: Friday, 8 February 2013 8:34 AM To: NT System Admin Issues Subject: Domain upgrade: 2008 R2 or 2012 ? Has anyone done this evaluation recently? We are a 2003 R2 shop. We were in the process of planning a migration to a 2008 R2 domain last year (hardware was bought and deployed), when the funds got cut. From what I hear, we will have funding and approval this year for the project. So the question is now, 2008 R2 or 2012. I've had very little time with 2012 so far. Hopefully that will change in the near future. The benefits of going from 2003 to 2008 R2 i've already captured. From what I've seen so far, 2012 seems stable and an incremental upgrade for our environment. Some of the things that might push me towards 2012 don't apply in our environment. for Example RDS and Hyper-V. We are a big Citrix and VMWare shop. So I don't really see us making use of those specific features, or the enhancements in them from previous versions. From my understanding 2012 is included in our EA agreement. So I don't think it will really be a licensing issue. Love to hear thoughts and comments from others who are going through this right now, or have done this evaluation recently. Thanks, Christopher Bodnar Enterprise Architect I, Corporate Office of Technology:Enterprise Architecture and Engineering Services Tel 610-807-6459 3900 Burgess Place, Bethlehem, PA 18017 christopher_bod...@glic.commailto: ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin