Re: [WISPA] Vyatta?
I agree all HP here have a great night - and holiday weekend. On Apr 3, 2010, at 2:15 AM, Tom Sharples wrote: > We run HP Procurve switches here exclusively. Anything else seems > like junk > by comparison :-) > > Let's talk sometime next week. > > Thanks! > > Tom S. > >> >> Quick ? do you have a good switch that supports vlanning ? >> >> And yes - PF I think is ruled out (although vs 2 might work) >> >> Feel free to chat me up off list - I have a feeling we might be able >> to help each other out... >> I have a local government client asking some video questions and >> noticed the solutions you offer :-) >> >> >> >> >> >> >> On Apr 3, 2010, at 1:57 AM, Tom Sharples wrote: >> > > > > > WISPA Wants You! Join today! > http://signup.wispa.org/ > > > WISPA Wireless List: wireless@wispa.org > > Subscribe/Unsubscribe: > http://lists.wispa.org/mailman/listinfo/wireless > > Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] Blocking UDP traffic
Yes, for some reason, star-os routes private ip's toward whatever your default route is. GAAK! To trap these, just put those IP's on a dead end, like attach those networks to an ethernet port on your ap's or something, and they die there. You DO route at the AP, right? ++ Neofast, Inc, Making internet easy 541-969-8200 509-386-4589 ++ -- From: "Matt Larsen - Lists" Sent: Thursday, April 01, 2010 3:55 PM To: "WISPA General List" ; "Mikrotik discussions" Subject: [WISPA] Blocking UDP traffic > While working on our bandwidth monitoring system, we noticed a lot of > strange traffic that had no apparent route through our system, but was > coming across the wire between our core router and our NAT router. The > traffic would be destined for addresses like '192.168.0.10', > '192.168.4.5' and the like.I couldn't understand how this traffic > was even getting this far across our network, as it is fully routed and > none of these subnets are even in our routing tables. We do use > 192.168.x.x addresses to give to our customers but they are from > 192.168.33.0 to 192.168.255.0, and this traffic was definitely not > destined for legitimate hosts on our network. > > As we watched one IP address that was spewing this traffic, we looked it > up and found out that it was actually sourced from the wireless > connection at my home. The traffic was UDP packets of SNMP destined to > a 192.168.4.x address (internal to our main office) and a 192.168.5.x > address (internal at my wife's studio).After shutting down all of > the PCs at home, she turned her laptop back on and the traffic started > up again. Turns out that she had two Brother printer drivers for older > printers that were mapped to TCP/IP ports. We used to have a VPN box > at home to tie into those networks, but took it out about a year ago and > now just have a Belkin router that does the NAT for the house. With > the VPN gone, apparently the printer drivers were still sending out SNMP > traffic with UDP and somehow that traffic was getting through our NAT > router and going into our network. Once the printer drivers were > deleted, the traffic stopped. > > After we removed the filter for my IP, we started seeing all kinds of > similar UDP traffic coming across the wire from many different > customers, mostly intended for IP addresses on the 192.168.0.0 and > 192.168.1.0 networks. So now I'm trying to figure out a way to block > this traffic at the AP so that it doesn't consume backbone resources. > I can only imagine how much of the traffic on our network is this kind > of garbage. > > There are a couple of catches here. We use StarOS APs, but connection > tracking is turned off to save on CPU, so I don't think that I can do > any of the standard firewalling on the APs. We do use Mikrotik routers > in our NOC and a couple of spots where we have licensed links, bu since > StarOS is on our APs and our backhauls and also handles all of our OSPF > routing - the traffic will go a long way before it gets blocked by > anything. > > My initial thought is that we could just setup a static route of > 192.168.0.0/19 to 127.0.0.1 on each access point. Then that traffic > basically goes to /dev/null. > > Anyone else have any ideas on how to handle this? > > Matt Larsen > vistabeam.com > > > > > WISPA Wants You! Join today! > http://signup.wispa.org/ > > > WISPA Wireless List: wireless@wispa.org > > Subscribe/Unsubscribe: > http://lists.wispa.org/mailman/listinfo/wireless > > Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] Vyatta?
We run HP Procurve switches here exclusively. Anything else seems like junk by comparison :-) Let's talk sometime next week. Thanks! Tom S. > > Quick ? do you have a good switch that supports vlanning ? > > And yes - PF I think is ruled out (although vs 2 might work) > > Feel free to chat me up off list - I have a feeling we might be able > to help each other out... > I have a local government client asking some video questions and > noticed the solutions you offer :-) > > > > > > > On Apr 3, 2010, at 1:57 AM, Tom Sharples wrote: > WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] Vyatta?
Hi, I would like to be the first to say that the article about Skybeam seems a little over dramatic. The quote that their Mikrotik routers had to be rebooted every few days would indicate to me that they had hardware problems, not software (Mikrotik) problems. I have Mikrotik routers on my network that have been up over a full year without a single reboot or issue. The only reason it's only a year is due to software upgrades. With over 200 Mikrotik routers on my network (several moving over 100Mbps of traffic and 10,000pps daily and one moving over 400Mbps and 100,000pps), I can tell you Mikrotik is one of the most solid, reliable packages available. Yes, you are locked into their interface and CLI. Yes, it does have some bugs and issues at times, but overall the best routing package I have seen. Travis Microserv Glenn Kelley wrote: > Josh > > Largest difference I have seen is in regards to load (and cost) > Freeware community editions ... well cost is pretty low - especially > if you have vmware already running, xen running - or a good pc or > server around. > that being said > > Mikrotik from experience can choke on DDOS attacks above 100K pps on a > dual xeon - with vYatta you don't see much of a load. > > A good study on this is with SkyBeam: > http://www.vyatta.com/downloads/casestudies/Vyatta_Skybeamcase.pdf > > might be worth asking them directly > > > I'm not far from you if you want an in person overview :-) - thinking > of hamfest > > I'm out in Court House - about an hour and 1/2 > > > > > > > > On Apr 3, 2010, at 1:10 AM, Josh Luthman wrote: > > >> So who has used Vyatta and Mikrotik? Differences? >> >> On 4/3/10, Glenn Kelley wrote: >> >>> vyatta overview: http://www.vyatta.com/products/index.php >>> >>> PFSense overview: http://www.pfsense.org >>> >>> >>> On Apr 3, 2010, at 12:52 AM, Glenn Kelley wrote: >>> >>> I love Vyatta. I love PFSense... I love a bunch of other applications that can do this as well... BUT it might be worth asking what the job that you want the router to perform. While some may bash vYatta - Keep in mind - when the reload happened - they specifically did that for their own Support Contracts ... folks that paid them - but yes - a major release required a reload. I can tell horror stories about having to do this w/ Cisco Vax 7200's 2650's and such as well. IOS updates do not always go as well as they advertise... Why I do like vYatta is the simple fact they provide both the CLI and GUI - (command line interface and graphical user interface)... Here are a few reasons why folks in this board should consider vYatta community edition: (free) 1. Load Balancing 2. BGP (Full ) 3. vLAN - do vlans out to the radios 4. PPPOE - if you wanted to use it 5. Parental Controls 6. Speed Control / Traffic Shaping - You can do this right on your router. 7. SQUID - cache things vs hitting the web all the time for the same content (like windows updates, youtubes, etc ) I resell vYatta paid version for those interested - but for most the community center is just fine. The paid edition will give you all of the aforementioned with the ability to obtain paid support - and this is based upon the following: 1. what type of contract you have purchased 2. severity of the request - (ie everything down vs just a feature request) that being said - WHAT ARE YOU TRYING TO DO ? If you have a simple setup - and just need full BGP - you might also want to check out another Open Source Project called PFSense. PFSense is full FreeBSD - runs on most any x86 hardware. I can help any of you with this as well. The PFSense book is a great place to start - and is written for someone who has never done routing... one last thing about pfsense... Its a full bsd license - you can even rebrand it. I have a bunch of PF systems out in the field as CPE for firewalling and such - all running under our logo and skin when a client logs in. a simple 1U rack mount makes that an awesome option - so does a simple flash drive on a card in a box ... Ask questions if I can help either on or off list :-) Glenn WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] Vyatta?
gotcha - I think vyatta community center is a great solution ... As of adding vlans - and such - very simple and does not cost anything... Quick ? do you have a good switch that supports vlanning ? And yes - PF I think is ruled out (although vs 2 might work) Feel free to chat me up off list - I have a feeling we might be able to help each other out... I have a local government client asking some video questions and noticed the solutions you offer :-) On Apr 3, 2010, at 1:57 AM, Tom Sharples wrote: > Pfsense appears to have a couple of limitations, e.g. only 1 pptp VPN > session to the same server at a time, and only 1 sip session per > server, > that could cause some problems here. We run pptp VPN all the time > sometimes > from multiple internal desktops to the same remote customer server > (usually > our wireless gateway equipment installed at the customer site). > > As to what we need it for, it would be our primary gateway router. > We're not > an ISP, but we do need the flexibility to emulate our IP CCTV and ISP > customer setups on-the-fly since we preconfigure our equipment to > arrive > plug-and-play at their sites. Don't really need squid or load- > leveling, but > we do need something that will inexpensively and rapidly allow us to > add > additional hardware and virtual interface ports mapped to various > public and > private addresses, as well as whatever else comes up, without a big > learning > curve. GUI is nice but a good CLI would be sufficient. Those > requirements (I > suspect) rule out cisco and microtik. But anything that runs open- > source > linux should easily be able to do this. > > Tom S. > > - Original Message - > From: "Glenn Kelley" > To: "Tom Sharples" ; "WISPA General List" > > Sent: Friday, April 02, 2010 9:52 PM > Subject: Re: [WISPA] Vyatta? > > >> I love Vyatta. I love PFSense... I love a bunch of other >> applications that can do this as well... BUT it might be worth >> asking >> what the job that you want the router to perform. >> >> While some may bash vYatta - >> >> Keep in mind - when the reload happened - they specifically did that >> for their own Support Contracts ... folks that paid them - but yes >> - a >> major release required a reload. >> I can tell horror stories about having to do this w/ Cisco Vax >> 7200's 2650's and such as well. IOS updates do not always go as >> well as they advertise... >> >> Why I do like vYatta is the simple fact they provide both the CLI and >> GUI - (command line interface and graphical user interface)... >> >> Here are a few reasons why folks in this board should consider vYatta >> community edition: (free) >> >> 1. Load Balancing >> 2. BGP (Full ) >> 3. vLAN - do vlans out to the radios >> 4. PPPOE - if you wanted to use it >> 5. Parental Controls >> 6. Speed Control / Traffic Shaping - You can do this right on your >> router. >> 7. SQUID - cache things vs hitting the web all the time for the >> same >> content (like windows updates, youtubes, etc ) >> >> >> I resell vYatta paid version for those interested - but for most the >> community center is just fine. The paid edition will give you all of >> the aforementioned with the ability to obtain paid support - and this >> is based upon the following: >> >> 1. what type of contract you have purchased >> 2. severity of the request - (ie everything down vs just a feature >> request) >> >> >> >> >> that being said - WHAT ARE YOU TRYING TO DO ? >> >> If you have a simple setup - and just need full BGP - you might also >> want to check out another Open Source Project called PFSense. >> >> PFSense is full FreeBSD - runs on most any x86 hardware. >> I can help any of you with this as well. The PFSense book is a >> great >> place to start - and is written for someone who has never done >> routing... >> >> one last thing about pfsense... Its a full bsd license - you can >> even >> rebrand it. >> >> I have a bunch of PF systems out in the field as CPE for firewalling >> and such - all running under our logo and skin when a client logs in. >> a simple 1U rack mount makes that an awesome option - so does a >> simple flash drive on a card in a box ... >> >> Ask questions if I can help either on or off list >> >> :-) >> >> Glenn >> >> >> >> >> > > > > > > > Internal Virus Database is out of date. > Checked by AVG - www.avg.com > Version: 8.5.435 / Virus Database: 271.1.1/2675 - Release Date: > 02/08/10 > 07:35:00 > > > > > WISPA Wants You! Join today! > http://signup.wispa.org/ > > > WISPA Wireless List: wireless@wispa.org > > Subscribe/Unsubscribe: > http://lists.wispa.org/mailman/listinfo/wireless > > Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] Vyatta?
Pfsense appears to have a couple of limitations, e.g. only 1 pptp VPN session to the same server at a time, and only 1 sip session per server, that could cause some problems here. We run pptp VPN all the time sometimes from multiple internal desktops to the same remote customer server (usually our wireless gateway equipment installed at the customer site). As to what we need it for, it would be our primary gateway router. We're not an ISP, but we do need the flexibility to emulate our IP CCTV and ISP customer setups on-the-fly since we preconfigure our equipment to arrive plug-and-play at their sites. Don't really need squid or load-leveling, but we do need something that will inexpensively and rapidly allow us to add additional hardware and virtual interface ports mapped to various public and private addresses, as well as whatever else comes up, without a big learning curve. GUI is nice but a good CLI would be sufficient. Those requirements (I suspect) rule out cisco and microtik. But anything that runs open-source linux should easily be able to do this. Tom S. - Original Message - From: "Glenn Kelley" To: "Tom Sharples" ; "WISPA General List" Sent: Friday, April 02, 2010 9:52 PM Subject: Re: [WISPA] Vyatta? >I love Vyatta. I love PFSense... I love a bunch of other > applications that can do this as well... BUT it might be worth asking > what the job that you want the router to perform. > > While some may bash vYatta - > > Keep in mind - when the reload happened - they specifically did that > for their own Support Contracts ... folks that paid them - but yes - a > major release required a reload. > I can tell horror stories about having to do this w/ Cisco Vax > 7200's 2650's and such as well. IOS updates do not always go as > well as they advertise... > > Why I do like vYatta is the simple fact they provide both the CLI and > GUI - (command line interface and graphical user interface)... > > Here are a few reasons why folks in this board should consider vYatta > community edition: (free) > > 1. Load Balancing > 2. BGP (Full ) > 3. vLAN - do vlans out to the radios > 4. PPPOE - if you wanted to use it > 5. Parental Controls > 6. Speed Control / Traffic Shaping - You can do this right on your > router. > 7. SQUID - cache things vs hitting the web all the time for the same > content (like windows updates, youtubes, etc ) > > > I resell vYatta paid version for those interested - but for most the > community center is just fine. The paid edition will give you all of > the aforementioned with the ability to obtain paid support - and this > is based upon the following: > > 1. what type of contract you have purchased > 2. severity of the request - (ie everything down vs just a feature > request) > > > > > that being said - WHAT ARE YOU TRYING TO DO ? > > If you have a simple setup - and just need full BGP - you might also > want to check out another Open Source Project called PFSense. > > PFSense is full FreeBSD - runs on most any x86 hardware. > I can help any of you with this as well. The PFSense book is a great > place to start - and is written for someone who has never done > routing... > > one last thing about pfsense... Its a full bsd license - you can even > rebrand it. > > I have a bunch of PF systems out in the field as CPE for firewalling > and such - all running under our logo and skin when a client logs in. > a simple 1U rack mount makes that an awesome option - so does a > simple flash drive on a card in a box ... > > Ask questions if I can help either on or off list > > :-) > > Glenn > > > > > Internal Virus Database is out of date. Checked by AVG - www.avg.com Version: 8.5.435 / Virus Database: 271.1.1/2675 - Release Date: 02/08/10 07:35:00 WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] Vyatta?
Josh Largest difference I have seen is in regards to load (and cost) Freeware community editions ... well cost is pretty low - especially if you have vmware already running, xen running - or a good pc or server around. that being said Mikrotik from experience can choke on DDOS attacks above 100K pps on a dual xeon - with vYatta you don't see much of a load. A good study on this is with SkyBeam: http://www.vyatta.com/downloads/casestudies/Vyatta_Skybeamcase.pdf might be worth asking them directly I'm not far from you if you want an in person overview :-) - thinking of hamfest I'm out in Court House - about an hour and 1/2 On Apr 3, 2010, at 1:10 AM, Josh Luthman wrote: > So who has used Vyatta and Mikrotik? Differences? > > On 4/3/10, Glenn Kelley wrote: >> vyatta overview: http://www.vyatta.com/products/index.php >> >> PFSense overview: http://www.pfsense.org >> >> >> On Apr 3, 2010, at 12:52 AM, Glenn Kelley wrote: >> >>> I love Vyatta. I love PFSense... I love a bunch of other >>> applications that can do this as well... BUT it might be worth >>> asking >>> what the job that you want the router to perform. >>> >>> While some may bash vYatta - >>> >>> Keep in mind - when the reload happened - they specifically did that >>> for their own Support Contracts ... folks that paid them - but yes >>> - a >>> major release required a reload. >>> I can tell horror stories about having to do this w/ Cisco Vax >>> 7200's 2650's and such as well. IOS updates do not always go as >>> well as they advertise... >>> >>> Why I do like vYatta is the simple fact they provide both the CLI >>> and >>> GUI - (command line interface and graphical user interface)... >>> >>> Here are a few reasons why folks in this board should consider >>> vYatta >>> community edition: (free) >>> >>> 1. Load Balancing >>> 2. BGP (Full ) >>> 3. vLAN - do vlans out to the radios >>> 4. PPPOE - if you wanted to use it >>> 5. Parental Controls >>> 6. Speed Control / Traffic Shaping - You can do this right on >>> your >>> router. >>> 7. SQUID - cache things vs hitting the web all the time for the >>> same >>> content (like windows updates, youtubes, etc ) >>> >>> >>> I resell vYatta paid version for those interested - but for most the >>> community center is just fine. The paid edition will give you all >>> of >>> the aforementioned with the ability to obtain paid support - and >>> this >>> is based upon the following: >>> >>> 1. what type of contract you have purchased >>> 2. severity of the request - (ie everything down vs just a feature >>> request) >>> >>> >>> >>> >>> that being said - WHAT ARE YOU TRYING TO DO ? >>> >>> If you have a simple setup - and just need full BGP - you might also >>> want to check out another Open Source Project called PFSense. >>> >>> PFSense is full FreeBSD - runs on most any x86 hardware. >>> I can help any of you with this as well. The PFSense book is a >>> great >>> place to start - and is written for someone who has never done >>> routing... >>> >>> one last thing about pfsense... Its a full bsd license - you can >>> even >>> rebrand it. >>> >>> I have a bunch of PF systems out in the field as CPE for firewalling >>> and such - all running under our logo and skin when a client logs >>> in. >>> a simple 1U rack mount makes that an awesome option - so does a >>> simple flash drive on a card in a box ... >>> >>> Ask questions if I can help either on or off list >>> >>> :-) >>> >>> Glenn >>> >>> >>> >>> >>> >>> >>> >>> >>> WISPA Wants You! Join today! >>> http://signup.wispa.org/ >>> >>> >>> WISPA Wireless List: wireless@wispa.org >>> >>> Subscribe/Unsubscribe: >>> http://lists.wispa.org/mailman/listinfo/wireless >>> >>> Archives: http://lists.wispa.org/pipermail/wireless/ >> >> >> >> >> WISPA Wants You! Join today! >> http://signup.wispa.org/ >> >> >> WISPA Wireless List: wireless@wispa.org >> >> Subscribe/Unsubscribe: >> http://lists.wispa.org/mailman/listinfo/wireless >> >> Archives: http://lists.wispa.org/pipermail/wireless/ >> > > > -- > Josh Luthman > Office: 937-552-2340 > Direct: 937-552-2343 > 1100 Wayne St > Suite 1337 > Troy, OH 45373 > > “Success is not final, failure is not fatal: it is the courage to > continue that counts.” > --- Winston Churchill > > > > WISPA Wants You! Join today! > http://signup.wispa.org/ > > > WISPA Wireless List: wireless@wispa.org > > Subscribe/Unsubscribe: > http://lists.wispa.org/mailman/listinfo/wireless > > Archives: http:
Re: [WISPA] Vyatta?
So who has used Vyatta and Mikrotik? Differences? On 4/3/10, Glenn Kelley wrote: > vyatta overview: http://www.vyatta.com/products/index.php > > PFSense overview: http://www.pfsense.org > > > On Apr 3, 2010, at 12:52 AM, Glenn Kelley wrote: > >> I love Vyatta. I love PFSense... I love a bunch of other >> applications that can do this as well... BUT it might be worth asking >> what the job that you want the router to perform. >> >> While some may bash vYatta - >> >> Keep in mind - when the reload happened - they specifically did that >> for their own Support Contracts ... folks that paid them - but yes - a >> major release required a reload. >> I can tell horror stories about having to do this w/ Cisco Vax >> 7200's 2650's and such as well. IOS updates do not always go as >> well as they advertise... >> >> Why I do like vYatta is the simple fact they provide both the CLI and >> GUI - (command line interface and graphical user interface)... >> >> Here are a few reasons why folks in this board should consider vYatta >> community edition: (free) >> >> 1. Load Balancing >> 2. BGP (Full ) >> 3. vLAN - do vlans out to the radios >> 4. PPPOE - if you wanted to use it >> 5. Parental Controls >> 6. Speed Control / Traffic Shaping - You can do this right on your >> router. >> 7. SQUID - cache things vs hitting the web all the time for the same >> content (like windows updates, youtubes, etc ) >> >> >> I resell vYatta paid version for those interested - but for most the >> community center is just fine. The paid edition will give you all of >> the aforementioned with the ability to obtain paid support - and this >> is based upon the following: >> >> 1. what type of contract you have purchased >> 2. severity of the request - (ie everything down vs just a feature >> request) >> >> >> >> >> that being said - WHAT ARE YOU TRYING TO DO ? >> >> If you have a simple setup - and just need full BGP - you might also >> want to check out another Open Source Project called PFSense. >> >> PFSense is full FreeBSD - runs on most any x86 hardware. >> I can help any of you with this as well. The PFSense book is a great >> place to start - and is written for someone who has never done >> routing... >> >> one last thing about pfsense... Its a full bsd license - you can even >> rebrand it. >> >> I have a bunch of PF systems out in the field as CPE for firewalling >> and such - all running under our logo and skin when a client logs in. >> a simple 1U rack mount makes that an awesome option - so does a >> simple flash drive on a card in a box ... >> >> Ask questions if I can help either on or off list >> >> :-) >> >> Glenn >> >> >> >> >> >> >> >> >> WISPA Wants You! Join today! >> http://signup.wispa.org/ >> >> >> WISPA Wireless List: wireless@wispa.org >> >> Subscribe/Unsubscribe: >> http://lists.wispa.org/mailman/listinfo/wireless >> >> Archives: http://lists.wispa.org/pipermail/wireless/ > > > > > WISPA Wants You! Join today! > http://signup.wispa.org/ > > > WISPA Wireless List: wireless@wispa.org > > Subscribe/Unsubscribe: > http://lists.wispa.org/mailman/listinfo/wireless > > Archives: http://lists.wispa.org/pipermail/wireless/ > -- Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 “Success is not final, failure is not fatal: it is the courage to continue that counts.” --- Winston Churchill WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] Vyatta?
vyatta overview: http://www.vyatta.com/products/index.php PFSense overview: http://www.pfsense.org On Apr 3, 2010, at 12:52 AM, Glenn Kelley wrote: > I love Vyatta. I love PFSense... I love a bunch of other > applications that can do this as well... BUT it might be worth asking > what the job that you want the router to perform. > > While some may bash vYatta - > > Keep in mind - when the reload happened - they specifically did that > for their own Support Contracts ... folks that paid them - but yes - a > major release required a reload. > I can tell horror stories about having to do this w/ Cisco Vax > 7200's 2650's and such as well. IOS updates do not always go as > well as they advertise... > > Why I do like vYatta is the simple fact they provide both the CLI and > GUI - (command line interface and graphical user interface)... > > Here are a few reasons why folks in this board should consider vYatta > community edition: (free) > > 1. Load Balancing > 2. BGP (Full ) > 3. vLAN - do vlans out to the radios > 4. PPPOE - if you wanted to use it > 5. Parental Controls > 6. Speed Control / Traffic Shaping - You can do this right on your > router. > 7. SQUID - cache things vs hitting the web all the time for the same > content (like windows updates, youtubes, etc ) > > > I resell vYatta paid version for those interested - but for most the > community center is just fine. The paid edition will give you all of > the aforementioned with the ability to obtain paid support - and this > is based upon the following: > > 1. what type of contract you have purchased > 2. severity of the request - (ie everything down vs just a feature > request) > > > > > that being said - WHAT ARE YOU TRYING TO DO ? > > If you have a simple setup - and just need full BGP - you might also > want to check out another Open Source Project called PFSense. > > PFSense is full FreeBSD - runs on most any x86 hardware. > I can help any of you with this as well. The PFSense book is a great > place to start - and is written for someone who has never done > routing... > > one last thing about pfsense... Its a full bsd license - you can even > rebrand it. > > I have a bunch of PF systems out in the field as CPE for firewalling > and such - all running under our logo and skin when a client logs in. > a simple 1U rack mount makes that an awesome option - so does a > simple flash drive on a card in a box ... > > Ask questions if I can help either on or off list > > :-) > > Glenn > > > > > > > > > WISPA Wants You! Join today! > http://signup.wispa.org/ > > > WISPA Wireless List: wireless@wispa.org > > Subscribe/Unsubscribe: > http://lists.wispa.org/mailman/listinfo/wireless > > Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] Vyatta?
I love Vyatta. I love PFSense... I love a bunch of other applications that can do this as well... BUT it might be worth asking what the job that you want the router to perform. While some may bash vYatta - Keep in mind - when the reload happened - they specifically did that for their own Support Contracts ... folks that paid them - but yes - a major release required a reload. I can tell horror stories about having to do this w/ Cisco Vax 7200's 2650's and such as well. IOS updates do not always go as well as they advertise... Why I do like vYatta is the simple fact they provide both the CLI and GUI - (command line interface and graphical user interface)... Here are a few reasons why folks in this board should consider vYatta community edition: (free) 1. Load Balancing 2. BGP (Full ) 3. vLAN - do vlans out to the radios 4. PPPOE - if you wanted to use it 5. Parental Controls 6. Speed Control / Traffic Shaping - You can do this right on your router. 7. SQUID - cache things vs hitting the web all the time for the same content (like windows updates, youtubes, etc ) I resell vYatta paid version for those interested - but for most the community center is just fine. The paid edition will give you all of the aforementioned with the ability to obtain paid support - and this is based upon the following: 1. what type of contract you have purchased 2. severity of the request - (ie everything down vs just a feature request) that being said - WHAT ARE YOU TRYING TO DO ? If you have a simple setup - and just need full BGP - you might also want to check out another Open Source Project called PFSense. PFSense is full FreeBSD - runs on most any x86 hardware. I can help any of you with this as well. The PFSense book is a great place to start - and is written for someone who has never done routing... one last thing about pfsense... Its a full bsd license - you can even rebrand it. I have a bunch of PF systems out in the field as CPE for firewalling and such - all running under our logo and skin when a client logs in. a simple 1U rack mount makes that an awesome option - so does a simple flash drive on a card in a box ... Ask questions if I can help either on or off list :-) Glenn WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] Vyatta?
What kind of task is this router to perform? On 4/2/10, Tom Sharples wrote: > Fair question. As you know, almost every product has at least one irritating > limitation that can drive you nuts (for example the later discussion about > having to retype the vyatta config by hand) and those kinds of limitations > or oversights are usually easy to correct, but only if you can add your own > code! For the kinds of things we do here, easy flexibility and (preferably > automated) re-configurability are key. > > The imagestream looks good, and I see they are available used at pretty good > prices. > - Original Message - > From: Travis Johnson > To: Tom Sharples ; WISPA General List > Sent: Friday, April 02, 2010 7:09 PM > Subject: Re: [WISPA] Vyatta? > > > Hi, > > I'm curious what you would need to add or access on a "main" router? > Shouldn't you just let the router "route" and put everything else somewhere > else? Hardware is cheap cheap cheap now... why complicate and possibly cause > conflicts on a "main" router? > > We have run Imagestream in the past, and it works flawless. We currently > run a Cisco for our main BGP router, and then Mikrotik for a main edge > router (to allow bandwidth limiting, firewalling, etc.). Both boxes have > been flawless and not missed a beat in almost a year (since the last > firmware update on each of them). I am now moving 300Mbps x 100Mbps through > these boxes on a daily basis. :) > > Travis > Microserv > > Tom Sharples wrote: > We strongly prefer working with open-source / open-architecture solutions > that allow us to add our own code and hardware as needed. That rules out > Cisco. I see that Imagestream runs on Linux, do they give customers root > access / ability to add scripts / modules in user space? How about MT in > that regard? > > Thanks, > > Tom S. > > - Original Message - > From: "Josh Luthman" > To: "Tom Sharples" ; "WISPA General List" > > Sent: Friday, April 02, 2010 6:06 PM > Subject: Re: [WISPA] Vyatta? > > > I've heard of many WISPs using MT, Imagestream and Cisco as their core > routers. Never heard of Vyatta. I've always liked following what > works. > > On 4/2/10, Tom Sharples wrote: > Time to update our ancient and overloaded main router. I'm intrigued by > Vyatta > > and am wondering if anyone out here has any experience - good or bad - > with > them. > > Thanks, > > Tom S. > > > > WISPA Wants You! Join today! > http://signup.wispa.org/ > > > WISPA Wireless List: wireless@wispa.org > > Subscribe/Unsubscribe: > http://lists.wispa.org/mailman/listinfo/wireless > > Archives: http://lists.wispa.org/pipermail/wireless/ > > > > > > -- > > > > Internal Virus Database is out of date. > Checked by AVG - www.avg.com > Version: 8.5.435 / Virus Database: 271.1.1/2675 - Release Date: 02/08/10 > 07:35:00 > > > > WISPA Wants You! Join today! > http://signup.wispa.org/ > > > WISPA Wireless List: wireless@wispa.org > > Subscribe/Unsubscribe: > http://lists.wispa.org/mailman/listinfo/wireless > > Archives: http://lists.wispa.org/pipermail/wireless/ > -- Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 “Success is not final, failure is not fatal: it is the courage to continue that counts.” --- Winston Churchill WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] Vyatta?
Fair question. As you know, almost every product has at least one irritating limitation that can drive you nuts (for example the later discussion about having to retype the vyatta config by hand) and those kinds of limitations or oversights are usually easy to correct, but only if you can add your own code! For the kinds of things we do here, easy flexibility and (preferably automated) re-configurability are key. The imagestream looks good, and I see they are available used at pretty good prices. - Original Message - From: Travis Johnson To: Tom Sharples ; WISPA General List Sent: Friday, April 02, 2010 7:09 PM Subject: Re: [WISPA] Vyatta? Hi, I'm curious what you would need to add or access on a "main" router? Shouldn't you just let the router "route" and put everything else somewhere else? Hardware is cheap cheap cheap now... why complicate and possibly cause conflicts on a "main" router? We have run Imagestream in the past, and it works flawless. We currently run a Cisco for our main BGP router, and then Mikrotik for a main edge router (to allow bandwidth limiting, firewalling, etc.). Both boxes have been flawless and not missed a beat in almost a year (since the last firmware update on each of them). I am now moving 300Mbps x 100Mbps through these boxes on a daily basis. :) Travis Microserv Tom Sharples wrote: We strongly prefer working with open-source / open-architecture solutions that allow us to add our own code and hardware as needed. That rules out Cisco. I see that Imagestream runs on Linux, do they give customers root access / ability to add scripts / modules in user space? How about MT in that regard? Thanks, Tom S. - Original Message - From: "Josh Luthman" To: "Tom Sharples" ; "WISPA General List" Sent: Friday, April 02, 2010 6:06 PM Subject: Re: [WISPA] Vyatta? I've heard of many WISPs using MT, Imagestream and Cisco as their core routers. Never heard of Vyatta. I've always liked following what works. On 4/2/10, Tom Sharples wrote: Time to update our ancient and overloaded main router. I'm intrigued by Vyatta and am wondering if anyone out here has any experience - good or bad - with them. Thanks, Tom S. WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ -- Internal Virus Database is out of date. Checked by AVG - www.avg.com Version: 8.5.435 / Virus Database: 271.1.1/2675 - Release Date: 02/08/10 07:35:00 WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] PCI Compliance
You don't fit in there is nothing you need to do or provide besides maybe your consulting services. It's their merchant service provider and them that needs to ensure communication between the terminal and them is encrypted all the way. You just provide them with the road and it's their responsibility to use the seat belt in the car driving down yours and all other road owner to get from a to b. The big thing is for them to secure the physical access to the terminals and prevent outside internet access to the terminal (would keep them on a separate network segment preventing any access to that segment that wasn't a request initiated from that network). /Eje Sent via BlackBerry from T-Mobile -Original Message- From: RickG Date: Fri, 2 Apr 2010 21:43:34 To: WISPA General List Subject: Re: [WISPA] PCI Compliance Attached is the PowerPoint that BK corporate sent him. Interesting. I have some self interest in this because I have a few fast food restaurants on my service. I want to know, as their ISP how I fit into the picture. On Fri, Apr 2, 2010 at 5:39 PM, Eje Gustafsson wrote: > Any firewall configuration that locks down all unnecessary ports and service > especially those that is a major threat and any ports that are open has to > have secure software with no remote exploits known. Web applications are > extensively tested to ensure that no sql injection, cross site scripting and > other remote exploits can be done as well prohibits/limit data enclosure of > any type. Say if you are running with a sql database any error messages > should NEVER disclose anything database releated not even so much as > possibly hinting what type of database or sql query that might been > executed. Things that does not prohibit PCI compliance but are flagged as > possible PCI compliance issues are "silly" things like robots.txt files > (could provide information disclosure on where administration pages etc are > located). If a web page that looks like it handles logins can be access > without SSL cert it will be flagged and could possible give you a PCI > compliance failure. > > Most of the things to become PCI compliant involves securing servers, access > to servers and whom can access the data on the servers. Ensure servers and > web apps are patched and secure, that minimal data information can be > retrieved from server or web application. That you have written policies > stating whom is allowed to do what, not using manufacture default passwords, > each user has their own username/password and finally written policy what to > do in case of a breach. Most of this is all "obvious" security measures > anyone should do but you have to answer a ton of questions and sign that you > answered them truthfully and an external audit of the servers been done and > passed. > > / Eje > > -Original Message- > From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On > Behalf Of Josh Luthman > Sent: Friday, April 02, 2010 9:00 AM > To: WISPA General List > Subject: Re: [WISPA] PCI Compliance > > That would satisfy the firewall. Though I have to wonder what > firewall config satsifies for compliance. > > On 4/2/10, RickG wrote: >> Correct, no storage. I'm thinking an RB750? >> >> On Fri, Apr 2, 2010 at 2:29 AM, Josh Luthman >> wrote: >>> No experience just thoughts. >>> >>> http://en.wikipedia.org/wiki/Payment_Card_Industry_Data_Security_Standard >>> >>> Would make sense to use a MT, put a nice firewall template (hence the >>> first requirement) and then the other generic things everyone should >>> do. I would have to guess BK doesn't store card information. >>> Processing security relies on the card processor, would it not? >>> >>> On 4/2/10, RickG wrote: Email from my brother: Just got a letter from our credit card processor and we need to become pci compliant. I noticed these routers I'm using from Qwest dont have a firewall. Do I go software,hardware or both? Here is the link for our routers. > http://www.qwest.com/internethelp/modems/motorola-3347/modemDetail_3347insta > llation.html He handles IT for 27 BK's in Denver. Thoughts? > > WISPA Wants You! Join today! http://signup.wispa.org/ > > WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ >>> >>> >>> -- >>> Josh Luthman >>> Office: 937-552-2340 >>> Direct: 937-552-2343 >>> 1100 Wayne St >>> Suite 1337 >>> Troy, OH 45373 >>> >>> “Success is not final, failure is not fatal: it is the courage to >>> continue that counts.” >>> --- Winston Churchill >>> >>> >>> > > >>>
Re: [WISPA] Vyatta?
Tom DeReggi wrote: > Then there is the free community version, > but. past history showed they have policies to discourage against using > it commercially based on what they update. For example, it was not possible > to upgrade from one version to another, not to long ago w/ community > version. You had to wipe, reload, and hand re-type the config from scratch. > I totally forgot about having to do this, UGH!! WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] Vyatta?
What Vyatta does is pretty cool. And they have also been giving back to open source community some of the source they write fixes to. They are trying to make Linux look and feel like a cisco router. I have a lot of respect for their effort. But the bad is its priced wrong. They are going high end, targeting a coporate user that might have one or two routers. They make their money on support contracts and their fees are very expensive. You pay per router, per processor, per year. And at $600-$900 each./yr or something like that. Then there is the free community version, but. past history showed they have policies to discourage against using it commercially based on what they update. For example, it was not possible to upgrade from one version to another, not to long ago w/ community version. You had to wipe, reload, and hand re-type the config from scratch. Could you imagine how horrid that would be if it was your Core ISP router that you needed to upgrade? Dont expect to get all your routers access to the update source tree with one license. When I priced it out, from an ISP's perspective, Imagestream was way more affordable for a commercial supported product, and also a somewhat open platform, and of course Mikrotik, although a closed platform, is way more affordable. Tom DeReggi RapidDSL & Wireless, Inc IntAirNet- Fixed Wireless Broadband - Original Message - From: "Tom Sharples" To: "WISPA General List" Sent: Friday, April 02, 2010 8:44 PM Subject: [WISPA] Vyatta? > Time to update our ancient and overloaded main router. I'm intrigued by > Vyatta > > and am wondering if anyone out here has any experience - good or bad - > with them. > > Thanks, > > Tom S. > > > > WISPA Wants You! Join today! > http://signup.wispa.org/ > > > WISPA Wireless List: wireless@wispa.org > > Subscribe/Unsubscribe: > http://lists.wispa.org/mailman/listinfo/wireless > > Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] Vyatta?
Hi, I'm curious what you would need to add or access on a "main" router? Shouldn't you just let the router "route" and put everything else somewhere else? Hardware is cheap cheap cheap now... why complicate and possibly cause conflicts on a "main" router? We have run Imagestream in the past, and it works flawless. We currently run a Cisco for our main BGP router, and then Mikrotik for a main edge router (to allow bandwidth limiting, firewalling, etc.). Both boxes have been flawless and not missed a beat in almost a year (since the last firmware update on each of them). I am now moving 300Mbps x 100Mbps through these boxes on a daily basis. :) Travis Microserv Tom Sharples wrote: > We strongly prefer working with open-source / open-architecture solutions > that allow us to add our own code and hardware as needed. That rules out > Cisco. I see that Imagestream runs on Linux, do they give customers root > access / ability to add scripts / modules in user space? How about MT in > that regard? > > Thanks, > > Tom S. > > - Original Message - > From: "Josh Luthman" > To: "Tom Sharples" ; "WISPA General List" > > Sent: Friday, April 02, 2010 6:06 PM > Subject: Re: [WISPA] Vyatta? > > > I've heard of many WISPs using MT, Imagestream and Cisco as their core > routers. Never heard of Vyatta. I've always liked following what > works. > > On 4/2/10, Tom Sharples wrote: > >> Time to update our ancient and overloaded main router. I'm intrigued by >> Vyatta >> >> and am wondering if anyone out here has any experience - good or bad - >> with >> them. >> >> Thanks, >> >> Tom S. >> >> >> >> WISPA Wants You! Join today! >> http://signup.wispa.org/ >> >> >> WISPA Wireless List: wireless@wispa.org >> >> Subscribe/Unsubscribe: >> http://lists.wispa.org/mailman/listinfo/wireless >> >> Archives: http://lists.wispa.org/pipermail/wireless/ >> >> > > > WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] census tracts changing?
It will be a while before they release any new data from this census, I would guess one to two years before the mapping files are compiled and released. They need to tabulate all of the results from the census and then redraw any map files if necessary. You will be good for another cycle or two with the current data. Thank You, Brian Webster -Original Message- From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of Randy Cosby Sent: Friday, April 02, 2010 5:49 PM To: WISPA General List Subject: [WISPA] census tracts changing? Just curious if the census tracts change with the new census this year? Will our data we've compiled for the Form 477 still be valid next go-around? -- Randy Cosby Vice President InfoWest, Inc 435-674-0165 x 2010 http://www.infowest.com/ "Letting off steam always produces more heat than light." - Neal A. Maxwell WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] PCI Compliance
That would be nice but it would be difficult for a fast food res truant to not have a card reader :) On Fri, Apr 2, 2010 at 4:27 PM, Frank Muto wrote: > > All the better to have a completely hosted service with a trusted merchant. > We have no CCRD information or even a card > reader. We take no CCRD payments over the phone, by email, postal mail or > store CCRD information for recurring invoices. All > of our invoices are sent via email with an online payment URL to make CCRD > payments or direct payments from their bank > account or mailed in checks. Nonetheless, PCI worries are not on our watch. > > > Frank Muto > > > > - Original Message - > From: "Eje Gustafsson" > To: "'WISPA General List'" > Sent: Friday, April 02, 2010 11:01 AM > Subject: Re: [WISPA] PCI Compliance > > >> PCI compliance only applies to section of the network where YOU process and >> possibly store credit card information. If you have no over the net >> processing and don't store credit cards then it's easy. You fill out the >> form for terminal processing and just need to make sure the terminal itself >> is in a "secured supervised" location, acknowledge that credit cards are not >> saved or stored. If you save and store credit cards you need to certify that >> you are not store the whole magnetic strip info or security codes for the >> cards. >> If things are done on computer you have a more complex questioner to fill >> out. Are credit card info stored, if they are stored electronically the >> server needs to be protected by some form of firewall and only people with a >> need to know should be able to access the credit card details, part of the >> card number should be blanked out on display, no security codes are allowed >> to be stored. I assume your workstations and servers are on a separate >> segment on your network and should be protected with a firewall against any >> outside access (in the ISP case that also includes access from your >> customers and not only from the internet itself). If you have a wireless >> access point on that network segment it needs to be secured and only allow >> specific access from allowed devices and some form of encryption on any >> communication that reads/write credit card details. Database (or wherever >> your credit cards are stored) needs to be secured. >> If processing credit cards over the net you should have a end to end secure >> connection from your customers computer to the credit card gateway >> processor. So basically web page customer key in info needs to be secured by >> either ssl or some other method that sends the data in encrypted secured >> format. From your server to the processor the data also need to be secured >> (no processor I am aware of even accepts a unsecure submission of credit >> card details so this shouldn't be a problem on that basis). >> >> You also need to make sure that physical access to terminal and servers that >> process and store credit cards is secured. >> >> Also in the questioner it's asked if you have policies in place how to >> handle and treat credit cards, whom have access to them and what to do if >> any kind of breach would happen. >> >> The PCI compliance is pretty open and doesn't have for most part specific >> requirements when it comes to firewalls, how or what. If you store data and >> process data on a computer that computer needs to be protected both >> physically and virtually. Virtually can be a software firewall on the >> machine itself or it can be a hardware based firewall in front of the >> machine. >> >> Basically PCI compliance is all about common sense, ensure your servers are >> safe from any type of intrusion or theft, not to write down credit cards on >> scrap paper that is thrown in the trash, only allow access to credit card >> info to the people that have to have access to it. >> >> There are different levels and types of PCI compliance depends on how you >> process credit cards. Worst case scenario is if you have a regular credit >> card terminal or process credit cards across the network on a e-commerce >> type software (be it home written or professionally developed) and even >> worse if you store credit card details. >> Once you start filling out the questioner things will more than likely >> become a bit more clearer for you. >> If you store and process credit cards on computer than you need to as well >> have a company that is doing a PCI scan of your server to ensure "hacker >> proof" status. It will look for port vulnerabilities and web application >> security issues. >> >> https://www.pcisecuritystandards.org/saq/index.shtml >> >> For most people a self assessment is enough (except for server scanning >> where an approved company needs to be used). If your company process a LOT >> of credit cards per year no external auditor needs to be hired (not even my >> company reaches the level where an external auditor is required but we have >> to file twice annually because of our volume while most WISPs
Re: [WISPA] PCI Compliance
Thanks to everyone for all the input. Just to answer a few questions: These are a bunch of Burger King restaurants. The reason this came up is because they just hit $1 million of annual transactions. The data is not stored but is processed through from the card swipe machines over the internet to the processor. AFAIK, the data is encrypted. There is a Manager's workstation at each store that I set up years ago to connect to the head office via VPN over Qwest's DSL. Qwest has suggested they upgrade the Motorola DSL modems to an Adtran unit. Thanks again! -RickG On Fri, Apr 2, 2010 at 11:01 AM, Eje Gustafsson wrote: > PCI compliance only applies to section of the network where YOU process and > possibly store credit card information. If you have no over the net > processing and don't store credit cards then it's easy. You fill out the > form for terminal processing and just need to make sure the terminal itself > is in a "secured supervised" location, acknowledge that credit cards are not > saved or stored. If you save and store credit cards you need to certify that > you are not store the whole magnetic strip info or security codes for the > cards. > If things are done on computer you have a more complex questioner to fill > out. Are credit card info stored, if they are stored electronically the > server needs to be protected by some form of firewall and only people with a > need to know should be able to access the credit card details, part of the > card number should be blanked out on display, no security codes are allowed > to be stored. I assume your workstations and servers are on a separate > segment on your network and should be protected with a firewall against any > outside access (in the ISP case that also includes access from your > customers and not only from the internet itself). If you have a wireless > access point on that network segment it needs to be secured and only allow > specific access from allowed devices and some form of encryption on any > communication that reads/write credit card details. Database (or wherever > your credit cards are stored) needs to be secured. > If processing credit cards over the net you should have a end to end secure > connection from your customers computer to the credit card gateway > processor. So basically web page customer key in info needs to be secured by > either ssl or some other method that sends the data in encrypted secured > format. From your server to the processor the data also need to be secured > (no processor I am aware of even accepts a unsecure submission of credit > card details so this shouldn't be a problem on that basis). > > You also need to make sure that physical access to terminal and servers that > process and store credit cards is secured. > > Also in the questioner it's asked if you have policies in place how to > handle and treat credit cards, whom have access to them and what to do if > any kind of breach would happen. > > The PCI compliance is pretty open and doesn't have for most part specific > requirements when it comes to firewalls, how or what. If you store data and > process data on a computer that computer needs to be protected both > physically and virtually. Virtually can be a software firewall on the > machine itself or it can be a hardware based firewall in front of the > machine. > > Basically PCI compliance is all about common sense, ensure your servers are > safe from any type of intrusion or theft, not to write down credit cards on > scrap paper that is thrown in the trash, only allow access to credit card > info to the people that have to have access to it. > > There are different levels and types of PCI compliance depends on how you > process credit cards. Worst case scenario is if you have a regular credit > card terminal or process credit cards across the network on a e-commerce > type software (be it home written or professionally developed) and even > worse if you store credit card details. > Once you start filling out the questioner things will more than likely > become a bit more clearer for you. > If you store and process credit cards on computer than you need to as well > have a company that is doing a PCI scan of your server to ensure "hacker > proof" status. It will look for port vulnerabilities and web application > security issues. > > https://www.pcisecuritystandards.org/saq/index.shtml > > For most people a self assessment is enough (except for server scanning > where an approved company needs to be used). If your company process a LOT > of credit cards per year no external auditor needs to be hired (not even my > company reaches the level where an external auditor is required but we have > to file twice annually because of our volume while most WISPs I would dare > to say would only be a level 4 which is the lowest level and would only need > to file once a year). > > / Eje > > -Original Message- > From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On > Behalf Of Ri
Re: [WISPA] Vyatta?
ImageStream gets you to bash. You can also put gcc on it. MikroTik you get no such access. On 4/2/10, Tom Sharples wrote: > We strongly prefer working with open-source / open-architecture solutions > that allow us to add our own code and hardware as needed. That rules out > Cisco. I see that Imagestream runs on Linux, do they give customers root > access / ability to add scripts / modules in user space? How about MT in > that regard? > > Thanks, > > Tom S. > > - Original Message - > From: "Josh Luthman" > To: "Tom Sharples" ; "WISPA General List" > > Sent: Friday, April 02, 2010 6:06 PM > Subject: Re: [WISPA] Vyatta? > > > I've heard of many WISPs using MT, Imagestream and Cisco as their core > routers. Never heard of Vyatta. I've always liked following what > works. > > On 4/2/10, Tom Sharples wrote: >> Time to update our ancient and overloaded main router. I'm intrigued by >> Vyatta >> >> and am wondering if anyone out here has any experience - good or bad - >> with >> them. >> >> Thanks, >> >> Tom S. >> >> >> >> WISPA Wants You! Join today! >> http://signup.wispa.org/ >> >> >> WISPA Wireless List: wireless@wispa.org >> >> Subscribe/Unsubscribe: >> http://lists.wispa.org/mailman/listinfo/wireless >> >> Archives: http://lists.wispa.org/pipermail/wireless/ >> > > > -- > Josh Luthman > Office: 937-552-2340 > Direct: 937-552-2343 > 1100 Wayne St > Suite 1337 > Troy, OH 45373 > > “Success is not final, failure is not fatal: it is the courage to > continue that counts.” > --- Winston Churchill > > > > > > > Internal Virus Database is out of date. > Checked by AVG - www.avg.com > Version: 8.5.435 / Virus Database: 271.1.1/2675 - Release Date: 02/08/10 > 07:35:00 > > > > > WISPA Wants You! Join today! > http://signup.wispa.org/ > > > WISPA Wireless List: wireless@wispa.org > > Subscribe/Unsubscribe: > http://lists.wispa.org/mailman/listinfo/wireless > > Archives: http://lists.wispa.org/pipermail/wireless/ > -- Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 “Success is not final, failure is not fatal: it is the courage to continue that counts.” --- Winston Churchill WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] Vyatta?
We strongly prefer working with open-source / open-architecture solutions that allow us to add our own code and hardware as needed. That rules out Cisco. I see that Imagestream runs on Linux, do they give customers root access / ability to add scripts / modules in user space? How about MT in that regard? Thanks, Tom S. - Original Message - From: "Josh Luthman" To: "Tom Sharples" ; "WISPA General List" Sent: Friday, April 02, 2010 6:06 PM Subject: Re: [WISPA] Vyatta? I've heard of many WISPs using MT, Imagestream and Cisco as their core routers. Never heard of Vyatta. I've always liked following what works. On 4/2/10, Tom Sharples wrote: > Time to update our ancient and overloaded main router. I'm intrigued by > Vyatta > > and am wondering if anyone out here has any experience - good or bad - > with > them. > > Thanks, > > Tom S. > > > > WISPA Wants You! Join today! > http://signup.wispa.org/ > > > WISPA Wireless List: wireless@wispa.org > > Subscribe/Unsubscribe: > http://lists.wispa.org/mailman/listinfo/wireless > > Archives: http://lists.wispa.org/pipermail/wireless/ > -- Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 “Success is not final, failure is not fatal: it is the courage to continue that counts.” --- Winston Churchill Internal Virus Database is out of date. Checked by AVG - www.avg.com Version: 8.5.435 / Virus Database: 271.1.1/2675 - Release Date: 02/08/10 07:35:00 WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] PCI Compliance
My thoughts exactly. It looks like his ISP (Qwest) is suggesting an Adtran. On Fri, Apr 2, 2010 at 10:00 AM, Josh Luthman wrote: > That would satisfy the firewall. Though I have to wonder what > firewall config satsifies for compliance. > > On 4/2/10, RickG wrote: >> Correct, no storage. I'm thinking an RB750? >> >> On Fri, Apr 2, 2010 at 2:29 AM, Josh Luthman >> wrote: >>> No experience just thoughts. >>> >>> http://en.wikipedia.org/wiki/Payment_Card_Industry_Data_Security_Standard >>> >>> Would make sense to use a MT, put a nice firewall template (hence the >>> first requirement) and then the other generic things everyone should >>> do. I would have to guess BK doesn't store card information. >>> Processing security relies on the card processor, would it not? >>> >>> On 4/2/10, RickG wrote: Email from my brother: Just got a letter from our credit card processor and we need to become pci compliant. I noticed these routers I'm using from Qwest dont have a firewall. Do I go software,hardware or both? Here is the link for our routers. http://www.qwest.com/internethelp/modems/motorola-3347/modemDetail_3347installation.html He handles IT for 27 BK's in Denver. Thoughts? WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ >>> >>> >>> -- >>> Josh Luthman >>> Office: 937-552-2340 >>> Direct: 937-552-2343 >>> 1100 Wayne St >>> Suite 1337 >>> Troy, OH 45373 >>> >>> “Success is not final, failure is not fatal: it is the courage to >>> continue that counts.” >>> --- Winston Churchill >>> >>> >>> >>> WISPA Wants You! Join today! >>> http://signup.wispa.org/ >>> >>> >>> WISPA Wireless List: wireless@wispa.org >>> >>> Subscribe/Unsubscribe: >>> http://lists.wispa.org/mailman/listinfo/wireless >>> >>> Archives: http://lists.wispa.org/pipermail/wireless/ >>> >> >> >> >> WISPA Wants You! Join today! >> http://signup.wispa.org/ >> >> >> WISPA Wireless List: wireless@wispa.org >> >> Subscribe/Unsubscribe: >> http://lists.wispa.org/mailman/listinfo/wireless >> >> Archives: http://lists.wispa.org/pipermail/wireless/ >> > > > -- > Josh Luthman > Office: 937-552-2340 > Direct: 937-552-2343 > 1100 Wayne St > Suite 1337 > Troy, OH 45373 > > “Success is not final, failure is not fatal: it is the courage to > continue that counts.” > --- Winston Churchill > > > > WISPA Wants You! Join today! > http://signup.wispa.org/ > > > WISPA Wireless List: wireless@wispa.org > > Subscribe/Unsubscribe: > http://lists.wispa.org/mailman/listinfo/wireless > > Archives: http://lists.wispa.org/pipermail/wireless/ > WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] Bit Cap Thresholds, etc
Too bad 56k isnt enough to satisfy customers any more. So, thats my point. What good is being able to transfer up to 10gigs if your speed is suffering because everyone else is doing the same? The number of subs on the AP and the capacity of the AP have an effect things. It all goes back to QOS. So, the next question is, how to you measure QOS to the end user? On Fri, Apr 2, 2010 at 3:46 AM, Philip Dorr wrote: > Even at 56Kbps, if a client was using all of their bandwidth 24/7 they > could do ~15GB in a 30 day month. > > On Thu, Apr 1, 2010 at 10:02 PM, RickG wrote: >> Marlon, >> >> Out of curiosity, do you know your total capacity available to each of >> your subs? Can they ALL actually get 10gigs/month if they ALL tried to >> do it? To be honest, I have not taken the time to figure out this >> number for my network which is part of the reason I shy away from >> going to by the bit pricing even though I've been a long proponent of >> it. >> >> -RickG >> >> On Thu, Apr 1, 2010 at 9:35 AM, Marlon K. Schafer >> wrote: >>> >>> - Original Message - >>> From: "Jason Wallace" >>> To: "WISPA General List" >>> Sent: Wednesday, March 31, 2010 10:24 AM >>> Subject: [WISPA] Bit Cap Thresholds, etc >>> >>> I have a few questions for those of you who sell bandwidth by the byte: 1. What is the threshold you use, ie, 3Gb in 30 days, or do you have different packages? >>> >>> 10 gigs per month for wireless. 20 gigs for fiber customers. >>> >>> Business users that pay more get more. However, the ones that insist on >>> allowing radio on the computers etc. usually end up paying even more yet. >>> We try to set a level above what they use in a normal month then cut them a >>> little bit of a break on the normal billing amount. >>> 2. Is this total bytes in & out or just in? >>> >>> Total. Combined. WE pay for it both ways. >>> 3. What do you charge for overages? >>> >>> $5 per gig. If they go over by more than 10 gigs we'll normally work to cut >>> them some kind of a break. Again, the expectation is that it's got to more >>> than pay for the additional costs. >>> >>> Don't forget the costs of AP wide slowdowns for everyone else. If that >>> starts to happen and you loose the "easy" customers you have to add ap's to >>> the tower. That costs both money AND spectrum. >>> >>> We've started an overbuild with additional bands for our heavy sites. We >>> charge more for the install and the service, but that gives the gamers/high >>> end customers someplace to go. AND we make SURE that service from that >>> system is the BEST in the area we're in. >>> 4. Have you considered just throttling back customers like the satellite guys do? >>> >>> Yeah. But there is no money in that. >>> >>> It's also not what our service is based upon. Our service runs as fast as >>> we can make it go. Up to 10 mbps in both directions for as little as $35 >>> per month. Those who pay more are paying for reliability not speed. >>> >>> The other thing to think about is human nature. People do what people do. >>> To them, by and large, if they want to download a 100 meg windows update >>> they will do it no matter what. If they want a 700meg WOW demo, they'll go >>> get it. If you slow them down they'll "use" the system much longer. >>> >>> So instead of getting them on and off the air in, oh say 10 minutes, they >>> might be there for 2 hours. The chances of another high capacity project >>> happening on the network go up a LOT when the users are "on the air" for a >>> longer period of time. >>> >>> make sense? >>> marlon >>> Jason WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ >>> >>> >>> >>> >>> WISPA Wants You! Join today! >>> http://signup.wispa.org/ >>> >>> >>> WISPA Wireless List: wireless@wispa.org >>> >>> Subscribe/Unsubscribe: >>> http://lists.wispa.org/mailman/listinfo/wireless >>> >>> Archives: http://lists.wispa.org/pipermail/wireless/ >>> >> >> >> >> WISPA Wants You! Join today! >> http://signup.wispa.org/ >> >> >> WISPA Wireless List: wireless@wispa.org >> >> Subscribe/Unsubscribe: >> http://lists.wispa.org/mailman/listinfo/wireless >> >> Archives: http://lists.wispa.org/pipermail/wireless/ >> > > > ---
Re: [WISPA] Vyatta?
I've heard of many WISPs using MT, Imagestream and Cisco as their core routers. Never heard of Vyatta. I've always liked following what works. On 4/2/10, Tom Sharples wrote: > Time to update our ancient and overloaded main router. I'm intrigued by > Vyatta > > and am wondering if anyone out here has any experience - good or bad - with > them. > > Thanks, > > Tom S. > > > > WISPA Wants You! Join today! > http://signup.wispa.org/ > > > WISPA Wireless List: wireless@wispa.org > > Subscribe/Unsubscribe: > http://lists.wispa.org/mailman/listinfo/wireless > > Archives: http://lists.wispa.org/pipermail/wireless/ > -- Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 “Success is not final, failure is not fatal: it is the courage to continue that counts.” --- Winston Churchill WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] Vyatta?
A year or so back an employer I worked at had issues with Vyatta on Dell hardware. It was no fault of Vyatta's; Vyatta is based on Debian and either the Debian or the kernel maintainers had decided to change/remove the network driver from that particular release. Unfortunately, I don't remember the chipset we were having trouble with. Other than that, it seemed to work pretty well. We used it for our edge routers in a high-availability setup with VRRP (or maybe it was Linux HA+Heartbeat). Tom Sharples wrote: > Time to update our ancient and overloaded main router. I'm intrigued by Vyatta > > and am wondering if anyone out here has any experience - good or bad - with > them. > > Thanks, > > Tom S. > > > > WISPA Wants You! Join today! > http://signup.wispa.org/ > > > WISPA Wireless List: wireless@wispa.org > > Subscribe/Unsubscribe: > http://lists.wispa.org/mailman/listinfo/wireless > > Archives: http://lists.wispa.org/pipermail/wireless/ > WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
[WISPA] Vyatta?
Time to update our ancient and overloaded main router. I'm intrigued by Vyatta and am wondering if anyone out here has any experience - good or bad - with them. Thanks, Tom S. WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] Google
I was and am skeptical but I'm always curious of others opinions. On Fri, Apr 2, 2010 at 9:41 AM, Robert West wrote: > You wouldn't want to. They will be the world's first Cyber-Government. :) > > Bob- > > > -Original Message- > From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On > Behalf Of RickG > Sent: Friday, April 02, 2010 12:47 AM > To: WISPA General List > Subject: Re: [WISPA] Google > > Um, April Fools only I'm, the fool! I must of missed it. I'll look in > the archives. Thanks! > > On Fri, Apr 2, 2010 at 12:08 AM, Josh Luthman > wrote: >> Do you realize that was almost two months ago? >> >> There was a big discussion about it here I believe. >> >> Josh Luthman >> Office: 937-552-2340 >> Direct: 937-552-2343 >> 1100 Wayne St >> Suite 1337 >> Troy, OH 45373 >> >> "Success is not final, failure is not fatal: it is the courage to >> continue that counts." >> --- Winston Churchill >> >> >> >> On Fri, Apr 2, 2010 at 12:06 AM, RickG wrote: >>> Interesting: > http://googleblog.blogspot.com/2010/02/think-big-with-gig-our-experimental.h > tml >>> I wonder if there would be anything to gain by working with them? >>> Assuming they would work with a WISP. >>> >>> >>> > > >>> WISPA Wants You! Join today! >>> http://signup.wispa.org/ >>> > > >>> >>> WISPA Wireless List: wireless@wispa.org >>> >>> Subscribe/Unsubscribe: >>> http://lists.wispa.org/mailman/listinfo/wireless >>> >>> Archives: http://lists.wispa.org/pipermail/wireless/ >>> >> >> >> > > >> WISPA Wants You! Join today! >> http://signup.wispa.org/ >> > > >> >> WISPA Wireless List: wireless@wispa.org >> >> Subscribe/Unsubscribe: >> http://lists.wispa.org/mailman/listinfo/wireless >> >> Archives: http://lists.wispa.org/pipermail/wireless/ >> > > > > > WISPA Wants You! Join today! > http://signup.wispa.org/ > > > > WISPA Wireless List: wireless@wispa.org > > Subscribe/Unsubscribe: > http://lists.wispa.org/mailman/listinfo/wireless > > Archives: http://lists.wispa.org/pipermail/wireless/ > > > > > WISPA Wants You! Join today! > http://signup.wispa.org/ > > > WISPA Wireless List: wireless@wispa.org > > Subscribe/Unsubscribe: > http://lists.wispa.org/mailman/listinfo/wireless > > Archives: http://lists.wispa.org/pipermail/wireless/ > WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] census tracts changing?
On Fri, Apr 2, 2010 at 16:48, Randy Cosby wrote: > Just curious if the census tracts change with the new census this year? > Will our data we've compiled for the Form 477 still be valid next > go-around? > The tracts will change, but not for a while. The Census Bureau has to collate and add up all the data and draw new tract maps and so on; you'll be good for at least two more FCC 477 cycles, possibly more. David Smith MVN.net WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
[WISPA] census tracts changing?
Just curious if the census tracts change with the new census this year? Will our data we've compiled for the Form 477 still be valid next go-around? -- Randy Cosby Vice President InfoWest, Inc 435-674-0165 x 2010 http://www.infowest.com/ "Letting off steam always produces more heat than light." - Neal A. Maxwell WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] PCI Compliance
Any firewall configuration that locks down all unnecessary ports and service especially those that is a major threat and any ports that are open has to have secure software with no remote exploits known. Web applications are extensively tested to ensure that no sql injection, cross site scripting and other remote exploits can be done as well prohibits/limit data enclosure of any type. Say if you are running with a sql database any error messages should NEVER disclose anything database releated not even so much as possibly hinting what type of database or sql query that might been executed. Things that does not prohibit PCI compliance but are flagged as possible PCI compliance issues are "silly" things like robots.txt files (could provide information disclosure on where administration pages etc are located). If a web page that looks like it handles logins can be access without SSL cert it will be flagged and could possible give you a PCI compliance failure. Most of the things to become PCI compliant involves securing servers, access to servers and whom can access the data on the servers. Ensure servers and web apps are patched and secure, that minimal data information can be retrieved from server or web application. That you have written policies stating whom is allowed to do what, not using manufacture default passwords, each user has their own username/password and finally written policy what to do in case of a breach. Most of this is all "obvious" security measures anyone should do but you have to answer a ton of questions and sign that you answered them truthfully and an external audit of the servers been done and passed. / Eje -Original Message- From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of Josh Luthman Sent: Friday, April 02, 2010 9:00 AM To: WISPA General List Subject: Re: [WISPA] PCI Compliance That would satisfy the firewall. Though I have to wonder what firewall config satsifies for compliance. On 4/2/10, RickG wrote: > Correct, no storage. I'm thinking an RB750? > > On Fri, Apr 2, 2010 at 2:29 AM, Josh Luthman > wrote: >> No experience just thoughts. >> >> http://en.wikipedia.org/wiki/Payment_Card_Industry_Data_Security_Standard >> >> Would make sense to use a MT, put a nice firewall template (hence the >> first requirement) and then the other generic things everyone should >> do. I would have to guess BK doesn't store card information. >> Processing security relies on the card processor, would it not? >> >> On 4/2/10, RickG wrote: >>> Email from my brother: >>> >>> Just got a letter from our credit card processor and we need to become >>> pci compliant. I noticed these routers I'm using from Qwest dont have >>> a firewall. Do I go software,hardware or both? Here is the link for >>> our routers. >>> http://www.qwest.com/internethelp/modems/motorola-3347/modemDetail_3347insta llation.html >>> >>> He handles IT for 27 BK's in Denver. Thoughts? >>> >>> >>> >>> WISPA Wants You! Join today! >>> http://signup.wispa.org/ >>> >>> >>> WISPA Wireless List: wireless@wispa.org >>> >>> Subscribe/Unsubscribe: >>> http://lists.wispa.org/mailman/listinfo/wireless >>> >>> Archives: http://lists.wispa.org/pipermail/wireless/ >>> >> >> >> -- >> Josh Luthman >> Office: 937-552-2340 >> Direct: 937-552-2343 >> 1100 Wayne St >> Suite 1337 >> Troy, OH 45373 >> >> Success is not final, failure is not fatal: it is the courage to >> continue that counts. >> --- Winston Churchill >> >> >> >> WISPA Wants You! Join today! >> http://signup.wispa.org/ >> >> >> WISPA Wireless List: wireless@wispa.org >> >> Subscribe/Unsubscribe: >> http://lists.wispa.org/mailman/listinfo/wireless >> >> Archives: http://lists.wispa.org/pipermail/wireless/ >> > > > > WISPA Wants You! Join today! > http://signup.wispa.org/ > > > WISPA Wireless List: wireless@wispa.org > > Subscribe/Unsubscribe: > http://lists.wispa.org/mailman/listinfo/wireless > > Archives: http://lists.wispa.org/pipermail/wireless/ > -- Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 Success is not final, failure is not fatal: it is the courage to continue that counts. --- Winston Churchill WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wisp
Re: [WISPA] PCI Compliance
True on this but still since I assume it still uses your merchant account you still fall under the PCI regulations BUT the trusted merchant would provide all PCI compliance documentation for you in this case and only thing you have to worry about is whom is provided remote login access to this merchant and what information they have access to and ensure firewall and antivirus protection on the machines that are used to login to said merchants website (if you have access to anything credit card related there) to avoid keyloggers that might steal login information and then use this information to login and steal credit card details or create fraudulent charges or reversals. No matter how it's done if you business have a merchant account PCI compliance comes back to you to ensure end to end and any and all interactions where access to credit cards processing or credit card numbers can be done. Of course lot easier when nothing is on any of your own systems like in your case and if all you can access through the hosted service web pages is statements and reports even less you need to worry about but still might have to file (unless they file for you). / Eje -Original Message- From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of Frank Muto Sent: Friday, April 02, 2010 3:27 PM To: WISPA General List Subject: Re: [WISPA] PCI Compliance All the better to have a completely hosted service with a trusted merchant. We have no CCRD information or even a card reader. We take no CCRD payments over the phone, by email, postal mail or store CCRD information for recurring invoices. All of our invoices are sent via email with an online payment URL to make CCRD payments or direct payments from their bank account or mailed in checks. Nonetheless, PCI worries are not on our watch. Frank Muto - Original Message - From: "Eje Gustafsson" To: "'WISPA General List'" Sent: Friday, April 02, 2010 11:01 AM Subject: Re: [WISPA] PCI Compliance > PCI compliance only applies to section of the network where YOU process and > possibly store credit card information. If you have no over the net > processing and don't store credit cards then it's easy. You fill out the > form for terminal processing and just need to make sure the terminal itself > is in a "secured supervised" location, acknowledge that credit cards are not > saved or stored. If you save and store credit cards you need to certify that > you are not store the whole magnetic strip info or security codes for the > cards. > If things are done on computer you have a more complex questioner to fill > out. Are credit card info stored, if they are stored electronically the > server needs to be protected by some form of firewall and only people with a > need to know should be able to access the credit card details, part of the > card number should be blanked out on display, no security codes are allowed > to be stored. I assume your workstations and servers are on a separate > segment on your network and should be protected with a firewall against any > outside access (in the ISP case that also includes access from your > customers and not only from the internet itself). If you have a wireless > access point on that network segment it needs to be secured and only allow > specific access from allowed devices and some form of encryption on any > communication that reads/write credit card details. Database (or wherever > your credit cards are stored) needs to be secured. > If processing credit cards over the net you should have a end to end secure > connection from your customers computer to the credit card gateway > processor. So basically web page customer key in info needs to be secured by > either ssl or some other method that sends the data in encrypted secured > format. From your server to the processor the data also need to be secured > (no processor I am aware of even accepts a unsecure submission of credit > card details so this shouldn't be a problem on that basis). > > You also need to make sure that physical access to terminal and servers that > process and store credit cards is secured. > > Also in the questioner it's asked if you have policies in place how to > handle and treat credit cards, whom have access to them and what to do if > any kind of breach would happen. > > The PCI compliance is pretty open and doesn't have for most part specific > requirements when it comes to firewalls, how or what. If you store data and > process data on a computer that computer needs to be protected both > physically and virtually. Virtually can be a software firewall on the > machine itself or it can be a hardware based firewall in front of the > machine. > > Basically PCI compliance is all about common sense, ensure your servers are > safe from any type of intrusion or theft, not to write down credit cards on > scrap paper that is thrown in the trash, only allow access to credit card > info to the people that have to have acc
Re: [WISPA] PCI Compliance
All the better to have a completely hosted service with a trusted merchant. We have no CCRD information or even a card reader. We take no CCRD payments over the phone, by email, postal mail or store CCRD information for recurring invoices. All of our invoices are sent via email with an online payment URL to make CCRD payments or direct payments from their bank account or mailed in checks. Nonetheless, PCI worries are not on our watch. Frank Muto - Original Message - From: "Eje Gustafsson" To: "'WISPA General List'" Sent: Friday, April 02, 2010 11:01 AM Subject: Re: [WISPA] PCI Compliance > PCI compliance only applies to section of the network where YOU process and > possibly store credit card information. If you have no over the net > processing and don't store credit cards then it's easy. You fill out the > form for terminal processing and just need to make sure the terminal itself > is in a "secured supervised" location, acknowledge that credit cards are not > saved or stored. If you save and store credit cards you need to certify that > you are not store the whole magnetic strip info or security codes for the > cards. > If things are done on computer you have a more complex questioner to fill > out. Are credit card info stored, if they are stored electronically the > server needs to be protected by some form of firewall and only people with a > need to know should be able to access the credit card details, part of the > card number should be blanked out on display, no security codes are allowed > to be stored. I assume your workstations and servers are on a separate > segment on your network and should be protected with a firewall against any > outside access (in the ISP case that also includes access from your > customers and not only from the internet itself). If you have a wireless > access point on that network segment it needs to be secured and only allow > specific access from allowed devices and some form of encryption on any > communication that reads/write credit card details. Database (or wherever > your credit cards are stored) needs to be secured. > If processing credit cards over the net you should have a end to end secure > connection from your customers computer to the credit card gateway > processor. So basically web page customer key in info needs to be secured by > either ssl or some other method that sends the data in encrypted secured > format. From your server to the processor the data also need to be secured > (no processor I am aware of even accepts a unsecure submission of credit > card details so this shouldn't be a problem on that basis). > > You also need to make sure that physical access to terminal and servers that > process and store credit cards is secured. > > Also in the questioner it's asked if you have policies in place how to > handle and treat credit cards, whom have access to them and what to do if > any kind of breach would happen. > > The PCI compliance is pretty open and doesn't have for most part specific > requirements when it comes to firewalls, how or what. If you store data and > process data on a computer that computer needs to be protected both > physically and virtually. Virtually can be a software firewall on the > machine itself or it can be a hardware based firewall in front of the > machine. > > Basically PCI compliance is all about common sense, ensure your servers are > safe from any type of intrusion or theft, not to write down credit cards on > scrap paper that is thrown in the trash, only allow access to credit card > info to the people that have to have access to it. > > There are different levels and types of PCI compliance depends on how you > process credit cards. Worst case scenario is if you have a regular credit > card terminal or process credit cards across the network on a e-commerce > type software (be it home written or professionally developed) and even > worse if you store credit card details. > Once you start filling out the questioner things will more than likely > become a bit more clearer for you. > If you store and process credit cards on computer than you need to as well > have a company that is doing a PCI scan of your server to ensure "hacker > proof" status. It will look for port vulnerabilities and web application > security issues. > > https://www.pcisecuritystandards.org/saq/index.shtml > > For most people a self assessment is enough (except for server scanning > where an approved company needs to be used). If your company process a LOT > of credit cards per year no external auditor needs to be hired (not even my > company reaches the level where an external auditor is required but we have > to file twice annually because of our volume while most WISPs I would dare > to say would only be a level 4 which is the lowest level and would only need > to file once a year). > > / Eje > > -Original Message- > From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On > Behalf Of RickG
Re: [WISPA] Redline RedMAX CPE
I have 1an100 base with sector antenna and 6 cpes cheap Sent from my Motorola Startac... On Apr 2, 2010, at 3:40 PM, "John Scrivner" wrote: > I need to buy 2 or 3 new RedMAX 3650 WiMAX CPE but do not want to > pay the > higher single unit price. Has anyone out there made the bulk > purchase who is > willing to sell a couple or three of them to me? I will pay more > than your > unit price but want to get lower than the standard RedMAX single > unit price. > Your help is appreciated. Please hit me offlist...j...@scrivner.com > John Scrivner > > > --- > --- > --- > --- > > WISPA Wants You! Join today! > http://signup.wispa.org/ > --- > --- > --- > --- > > > WISPA Wireless List: wireless@wispa.org > > Subscribe/Unsubscribe: > http://lists.wispa.org/mailman/listinfo/wireless > > Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
[WISPA] Redline RedMAX CPE
I need to buy 2 or 3 new RedMAX 3650 WiMAX CPE but do not want to pay the higher single unit price. Has anyone out there made the bulk purchase who is willing to sell a couple or three of them to me? I will pay more than your unit price but want to get lower than the standard RedMAX single unit price. Your help is appreciated. Please hit me offlist...j...@scrivner.com John Scrivner WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] Bit Cap Thresholds, etc
How do you track their usage? Andy Trimmell wrote: > We have 3 plans in each of our categories, Residential/Business. Also, we > have a customer on 768kbps $30/mo and downloading 40-50gb in a month... > > Thresholds: > Residential > $30 20gb > $40 40gb > $50 60gb > > Business > $50 40gb > $70 80gb > $100 120gb > > $5/Gb after their allotment but never exceeding $150 in overages in one month. > > We do send an email at %75 of their allotment to give them a chance to go up > to the next package. We also waive their first time going over if they act > oblivious to downloads. > > A lot of people don't understand how Netflix and services like that work. > We've heard it all! "Well we didn't know since we weren't saving it that it > counted against us!" > > What we're doing is putting overage charges into a pot for build-outs only. > However we have found that this 1% of customers that are causing the problems > in the network, downloading 24/7, have slowed their roll. Our most abusive > customer we just repossessed the unit after their bill hit the $150 overage > charge plus $40 subscription fee in one month and never paid the bill 2 > months before that. > > The most abusive customers will either pay their bills or get disconnected. > Either way is a win-win for everyone, us and the customers. No more constant > pull on that tower or those kind of customers pay for upgrades on the tower. > At that point I'd rather just get rid of those kinds of customers because the > most abusive don't ever pay their bills anyways. > > We do have one customer that is a big Hulu fan and just moved to the $100 > business package because his overage charges hit $150 2 months in a row on > the $50 60gb package. He won't stop watching Hulu and always pays his bill. > > > Andy Trimmell > PDSWireless > Network Administrator > atrimm...@precisionds.com > > > -Original Message- > From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On > Behalf Of Philip Dorr > Sent: Friday, April 02, 2010 3:46 AM > To: WISPA General List > Subject: Re: [WISPA] Bit Cap Thresholds, etc > > Even at 56Kbps, if a client was using all of their bandwidth 24/7 they > could do ~15GB in a 30 day month. > > On Thu, Apr 1, 2010 at 10:02 PM, RickG wrote: >> Marlon, >> >> Out of curiosity, do you know your total capacity available to each of >> your subs? Can they ALL actually get 10gigs/month if they ALL tried to >> do it? To be honest, I have not taken the time to figure out this >> number for my network which is part of the reason I shy away from >> going to by the bit pricing even though I've been a long proponent of >> it. >> >> -RickG >> >> On Thu, Apr 1, 2010 at 9:35 AM, Marlon K. Schafer >> wrote: >>> - Original Message - >>> From: "Jason Wallace" >>> To: "WISPA General List" >>> Sent: Wednesday, March 31, 2010 10:24 AM >>> Subject: [WISPA] Bit Cap Thresholds, etc >>> >>> I have a few questions for those of you who sell bandwidth by the byte: 1. What is the threshold you use, ie, 3Gb in 30 days, or do you have different packages? >>> 10 gigs per month for wireless. 20 gigs for fiber customers. >>> >>> Business users that pay more get more. However, the ones that insist on >>> allowing radio on the computers etc. usually end up paying even more yet. >>> We try to set a level above what they use in a normal month then cut them a >>> little bit of a break on the normal billing amount. >>> 2. Is this total bytes in & out or just in? >>> Total. Combined. WE pay for it both ways. >>> 3. What do you charge for overages? >>> $5 per gig. If they go over by more than 10 gigs we'll normally work to cut >>> them some kind of a break. Again, the expectation is that it's got to more >>> than pay for the additional costs. >>> >>> Don't forget the costs of AP wide slowdowns for everyone else. If that >>> starts to happen and you loose the "easy" customers you have to add ap's to >>> the tower. That costs both money AND spectrum. >>> >>> We've started an overbuild with additional bands for our heavy sites. We >>> charge more for the install and the service, but that gives the gamers/high >>> end customers someplace to go. AND we make SURE that service from that >>> system is the BEST in the area we're in. >>> 4. Have you considered just throttling back customers like the satellite guys do? >>> Yeah. But there is no money in that. >>> >>> It's also not what our service is based upon. Our service runs as fast as >>> we can make it go. Up to 10 mbps in both directions for as little as $35 >>> per month. Those who pay more are paying for reliability not speed. >>> >>> The other thing to think about is human nature. People do what people do. >>> To them, by and large, if they want to download a 100 meg windows update >>> they will do it no matter what. If they want a 700meg WOW demo, they'll go >>> get it. If you slow them down they'll "use"
Re: [WISPA] Speaking of Tranzeo......
Marlon, If you ever need remote help with your Tranzeo gear, let me know. You don't need the tool (in fact, it is a PITA that I am trying to help them fix!) Note that they just bought Aperto so they are now WISPA members! Welcome to WISPA Tranzeo! ryan On Fri, Apr 2, 2010 at 10:17 AM, Marlon K. Schafer wrote: > I tired upgrading to that and it wouldn't go in. Even with that funky new > upgrade tool they say you have to have. > > sigh > marlon > > - Original Message - > From: "Kurt Fankhauser" > To: "'WISPA General List'" > Sent: Thursday, April 01, 2010 9:21 PM > Subject: Re: [WISPA] Speaking of Tranzeo.. > > > > You need to have firmware version 5.0.4 The early hotfix did not fix > > the > > problems. I have tried everything back to 3.6.7 and they all have > problems > > in router mode. > > > > HOWEVER, 5.0.4 fixed the router-mode problem. I can not stress enough how > > you need to be running 5.0.4. > > > > I am running a CPQ version 2 at the house here and I have had to deal > with > > the problems for going on 2 years in router mode until I upgraded to > > firmware 5.0.4 and then poooff! Problem solved! My customers are much > > happier now running this version of firmware versus any other, and > believe > > me I've tried them all. > > > > Kurt Fankhauser > > WAVELINC > > P.O. Box 126 > > Bucyrus, OH 44820 > > 419-562-6405 > > www.wavelinc.com > > > > > > -Original Message- > > From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On > > Behalf Of Kosinet Wireless > > Sent: Thursday, April 01, 2010 11:24 AM > > To: WISPA General List > > Subject: Re: [WISPA] Speaking of Tranzeo.. > > > > Tried the "Hotfix" firmware 4.0.5 - No improvement. Does anyone have the > > older 3.x firmware they can send me? The Radio is a TR-SL2-15. I can't > > find > > anywhere to download the real old firmware. > > > > Thanks, Gary. > > > > > > > > > > > > > WISPA Wants You! Join today! > > http://signup.wispa.org/ > > > > > > > > > WISPA Wireless List: wireless@wispa.org > > > > Subscribe/Unsubscribe: > > http://lists.wispa.org/mailman/listinfo/wireless > > > > Archives: http://lists.wispa.org/pipermail/wireless/ > > > > > > > > > > > WISPA Wants You! Join today! > > http://signup.wispa.org/ > > > > > > > WISPA Wireless List: wireless@wispa.org > > > > Subscribe/Unsubscribe: > > http://lists.wispa.org/mailman/listinfo/wireless > > > > Archives: http://lists.wispa.org/pipermail/wireless/ > > > > > > WISPA Wants You! Join today! > http://signup.wispa.org/ > > > > WISPA Wireless List: wireless@wispa.org > > Subscribe/Unsubscribe: > http://lists.wispa.org/mailman/listinfo/wireless > > Archives: http://lists.wispa.org/pipermail/wireless/ > WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] PCI Compliance
PCI compliance only applies to section of the network where YOU process and possibly store credit card information. If you have no over the net processing and don't store credit cards then it's easy. You fill out the form for terminal processing and just need to make sure the terminal itself is in a "secured supervised" location, acknowledge that credit cards are not saved or stored. If you save and store credit cards you need to certify that you are not store the whole magnetic strip info or security codes for the cards. If things are done on computer you have a more complex questioner to fill out. Are credit card info stored, if they are stored electronically the server needs to be protected by some form of firewall and only people with a need to know should be able to access the credit card details, part of the card number should be blanked out on display, no security codes are allowed to be stored. I assume your workstations and servers are on a separate segment on your network and should be protected with a firewall against any outside access (in the ISP case that also includes access from your customers and not only from the internet itself). If you have a wireless access point on that network segment it needs to be secured and only allow specific access from allowed devices and some form of encryption on any communication that reads/write credit card details. Database (or wherever your credit cards are stored) needs to be secured. If processing credit cards over the net you should have a end to end secure connection from your customers computer to the credit card gateway processor. So basically web page customer key in info needs to be secured by either ssl or some other method that sends the data in encrypted secured format. From your server to the processor the data also need to be secured (no processor I am aware of even accepts a unsecure submission of credit card details so this shouldn't be a problem on that basis). You also need to make sure that physical access to terminal and servers that process and store credit cards is secured. Also in the questioner it's asked if you have policies in place how to handle and treat credit cards, whom have access to them and what to do if any kind of breach would happen. The PCI compliance is pretty open and doesn't have for most part specific requirements when it comes to firewalls, how or what. If you store data and process data on a computer that computer needs to be protected both physically and virtually. Virtually can be a software firewall on the machine itself or it can be a hardware based firewall in front of the machine. Basically PCI compliance is all about common sense, ensure your servers are safe from any type of intrusion or theft, not to write down credit cards on scrap paper that is thrown in the trash, only allow access to credit card info to the people that have to have access to it. There are different levels and types of PCI compliance depends on how you process credit cards. Worst case scenario is if you have a regular credit card terminal or process credit cards across the network on a e-commerce type software (be it home written or professionally developed) and even worse if you store credit card details. Once you start filling out the questioner things will more than likely become a bit more clearer for you. If you store and process credit cards on computer than you need to as well have a company that is doing a PCI scan of your server to ensure "hacker proof" status. It will look for port vulnerabilities and web application security issues. https://www.pcisecuritystandards.org/saq/index.shtml For most people a self assessment is enough (except for server scanning where an approved company needs to be used). If your company process a LOT of credit cards per year no external auditor needs to be hired (not even my company reaches the level where an external auditor is required but we have to file twice annually because of our volume while most WISPs I would dare to say would only be a level 4 which is the lowest level and would only need to file once a year). / Eje -Original Message- From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of RickG Sent: Friday, April 02, 2010 1:21 AM To: WISPA General List Subject: [WISPA] PCI Compliance Email from my brother: Just got a letter from our credit card processor and we need to become pci compliant. I noticed these routers I'm using from Qwest dont have a firewall. Do I go software,hardware or both? Here is the link for our routers. http://www.qwest.com/internethelp/modems/motorola-3347/modemDetail_3347insta llation.html He handles IT for 27 BK's in Denver. Thoughts? WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/U
Re: [WISPA] Speaking of Tranzeo......
If you have 3.5.2 you need to go to 4.0.3 before going to 5.0.4. I have seen some upgrades not go through until I was on 4.0.3. Has anyone figured out TRUMP for upgrades? Steve Barnes Manager PCS-WIN RC-WiFi Wireless Internet Service -Original Message- From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of Marlon K. Schafer Sent: Friday, April 02, 2010 10:18 AM To: WISPA General List Subject: Re: [WISPA] Speaking of Tranzeo.. I tired upgrading to that and it wouldn't go in. Even with that funky new upgrade tool they say you have to have. sigh marlon - Original Message - From: "Kurt Fankhauser" To: "'WISPA General List'" Sent: Thursday, April 01, 2010 9:21 PM Subject: Re: [WISPA] Speaking of Tranzeo.. > You need to have firmware version 5.0.4 The early hotfix did not fix > the > problems. I have tried everything back to 3.6.7 and they all have problems > in router mode. > > HOWEVER, 5.0.4 fixed the router-mode problem. I can not stress enough how > you need to be running 5.0.4. > > I am running a CPQ version 2 at the house here and I have had to deal with > the problems for going on 2 years in router mode until I upgraded to > firmware 5.0.4 and then poooff! Problem solved! My customers are much > happier now running this version of firmware versus any other, and believe > me I've tried them all. > > Kurt Fankhauser > WAVELINC > P.O. Box 126 > Bucyrus, OH 44820 > 419-562-6405 > www.wavelinc.com > > > -Original Message- > From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On > Behalf Of Kosinet Wireless > Sent: Thursday, April 01, 2010 11:24 AM > To: WISPA General List > Subject: Re: [WISPA] Speaking of Tranzeo.. > > Tried the "Hotfix" firmware 4.0.5 - No improvement. Does anyone have the > older 3.x firmware they can send me? The Radio is a TR-SL2-15. I can't > find > anywhere to download the real old firmware. > > Thanks, Gary. > > > > > > WISPA Wants You! Join today! > http://signup.wispa.org/ > > > > WISPA Wireless List: wireless@wispa.org > > Subscribe/Unsubscribe: > http://lists.wispa.org/mailman/listinfo/wireless > > Archives: http://lists.wispa.org/pipermail/wireless/ > > > > > WISPA Wants You! Join today! > http://signup.wispa.org/ > > > WISPA Wireless List: wireless@wispa.org > > Subscribe/Unsubscribe: > http://lists.wispa.org/mailman/listinfo/wireless > > Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] Speaking of Tranzeo......
I tired upgrading to that and it wouldn't go in. Even with that funky new upgrade tool they say you have to have. sigh marlon - Original Message - From: "Kurt Fankhauser" To: "'WISPA General List'" Sent: Thursday, April 01, 2010 9:21 PM Subject: Re: [WISPA] Speaking of Tranzeo.. > You need to have firmware version 5.0.4 The early hotfix did not fix > the > problems. I have tried everything back to 3.6.7 and they all have problems > in router mode. > > HOWEVER, 5.0.4 fixed the router-mode problem. I can not stress enough how > you need to be running 5.0.4. > > I am running a CPQ version 2 at the house here and I have had to deal with > the problems for going on 2 years in router mode until I upgraded to > firmware 5.0.4 and then poooff! Problem solved! My customers are much > happier now running this version of firmware versus any other, and believe > me I've tried them all. > > Kurt Fankhauser > WAVELINC > P.O. Box 126 > Bucyrus, OH 44820 > 419-562-6405 > www.wavelinc.com > > > -Original Message- > From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On > Behalf Of Kosinet Wireless > Sent: Thursday, April 01, 2010 11:24 AM > To: WISPA General List > Subject: Re: [WISPA] Speaking of Tranzeo.. > > Tried the "Hotfix" firmware 4.0.5 - No improvement. Does anyone have the > older 3.x firmware they can send me? The Radio is a TR-SL2-15. I can't > find > anywhere to download the real old firmware. > > Thanks, Gary. > > > > > > WISPA Wants You! Join today! > http://signup.wispa.org/ > > > > WISPA Wireless List: wireless@wispa.org > > Subscribe/Unsubscribe: > http://lists.wispa.org/mailman/listinfo/wireless > > Archives: http://lists.wispa.org/pipermail/wireless/ > > > > > WISPA Wants You! Join today! > http://signup.wispa.org/ > > > WISPA Wireless List: wireless@wispa.org > > Subscribe/Unsubscribe: > http://lists.wispa.org/mailman/listinfo/wireless > > Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] Bit Cap Thresholds, etc
Yes and no. In theory they all have to share that 10 megs. In reality, people don't tend to all do big projects all at the same time. I know that when I run a speed test I usually see very close to the 10 megs, sometimes it's actually a little bit more. In the evening the tests show less because the system is, naturally, busier. marlon - Original Message - From: "RickG" To: "WISPA General List" Sent: Thursday, April 01, 2010 9:02 PM Subject: Re: [WISPA] Bit Cap Thresholds, etc Marlon, Out of curiosity, do you know your total capacity available to each of your subs? Can they ALL actually get 10gigs/month if they ALL tried to do it? To be honest, I have not taken the time to figure out this number for my network which is part of the reason I shy away from going to by the bit pricing even though I've been a long proponent of it. -RickG On Thu, Apr 1, 2010 at 9:35 AM, Marlon K. Schafer wrote: > > - Original Message - > From: "Jason Wallace" > To: "WISPA General List" > Sent: Wednesday, March 31, 2010 10:24 AM > Subject: [WISPA] Bit Cap Thresholds, etc > > >>I have a few questions for those of you who sell bandwidth by the byte: >> >> 1. What is the threshold you use, ie, 3Gb in 30 days, or do you have >> different packages? > > 10 gigs per month for wireless. 20 gigs for fiber customers. > > Business users that pay more get more. However, the ones that insist on > allowing radio on the computers etc. usually end up paying even more yet. > We try to set a level above what they use in a normal month then cut them > a > little bit of a break on the normal billing amount. > >> 2. Is this total bytes in & out or just in? > > Total. Combined. WE pay for it both ways. > >> 3. What do you charge for overages? > > $5 per gig. If they go over by more than 10 gigs we'll normally work to > cut > them some kind of a break. Again, the expectation is that it's got to more > than pay for the additional costs. > > Don't forget the costs of AP wide slowdowns for everyone else. If that > starts to happen and you loose the "easy" customers you have to add ap's > to > the tower. That costs both money AND spectrum. > > We've started an overbuild with additional bands for our heavy sites. We > charge more for the install and the service, but that gives the > gamers/high > end customers someplace to go. AND we make SURE that service from that > system is the BEST in the area we're in. > >> 4. Have you considered just throttling back customers like the satellite >> guys do? > > Yeah. But there is no money in that. > > It's also not what our service is based upon. Our service runs as fast as > we can make it go. Up to 10 mbps in both directions for as little as $35 > per month. Those who pay more are paying for reliability not speed. > > The other thing to think about is human nature. People do what people do. > To them, by and large, if they want to download a 100 meg windows update > they will do it no matter what. If they want a 700meg WOW demo, they'll go > get it. If you slow them down they'll "use" the system much longer. > > So instead of getting them on and off the air in, oh say 10 minutes, they > might be there for 2 hours. The chances of another high capacity project > happening on the network go up a LOT when the users are "on the air" for a > longer period of time. > > make sense? > marlon > >> >> Jason >> >> >> >> WISPA Wants You! Join today! >> http://signup.wispa.org/ >> >> >> WISPA Wireless List: wireless@wispa.org >> >> Subscribe/Unsubscribe: >> http://lists.wispa.org/mailman/listinfo/wireless >> >> Archives: http://lists.wispa.org/pipermail/wireless/ > > > > > WISPA Wants You! Join today! > http://signup.wispa.org/ > > > WISPA Wireless List: wireless@wispa.org > > Subscribe/Unsubscribe: > http://lists.wispa.org/mailman/listinfo/wireless > > Archives: http://lists.wispa.org/pipermail/wireless/ > WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] PCI Compliance
We just went through this ourselves as well helped many of our own customers get this done. PCI Compliance is pretty hardcore, all "backdoor ports" must be shutdown and the payment system machine must be hardened. For all our customers that are DSL we changed out the DSL modem/router for a DSL bridge and a mikrotik 750, locked down all the ports etc. For those that needed RDC or other remote connections into thier network we setup the PPTP server on the mikrotiks and off they went. Not one of our customers has failed the PCI Compliance tests yet. Ryan On Fri, Apr 2, 2010 at 12:21 AM, RickG wrote: > Email from my brother: > > Just got a letter from our credit card processor and we need to become > pci compliant. I noticed these routers I'm using from Qwest dont have > a firewall. Do I go software,hardware or both? Here is the link for > our routers. > http://www.qwest.com/internethelp/modems/motorola-3347/modemDetail_3347installation.html > > He handles IT for 27 BK's in Denver. Thoughts? > > > > > WISPA Wants You! Join today! > http://signup.wispa.org/ > > > > WISPA Wireless List: wireless@wispa.org > > Subscribe/Unsubscribe: > http://lists.wispa.org/mailman/listinfo/wireless > > Archives: http://lists.wispa.org/pipermail/wireless/ > -- Ryan Ghering Network Operations - Plains.Net Office: 970-848-0475 - Cell: 970-630-1879 WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] PCI Compliance
That would satisfy the firewall. Though I have to wonder what firewall config satsifies for compliance. On 4/2/10, RickG wrote: > Correct, no storage. I'm thinking an RB750? > > On Fri, Apr 2, 2010 at 2:29 AM, Josh Luthman > wrote: >> No experience just thoughts. >> >> http://en.wikipedia.org/wiki/Payment_Card_Industry_Data_Security_Standard >> >> Would make sense to use a MT, put a nice firewall template (hence the >> first requirement) and then the other generic things everyone should >> do. I would have to guess BK doesn't store card information. >> Processing security relies on the card processor, would it not? >> >> On 4/2/10, RickG wrote: >>> Email from my brother: >>> >>> Just got a letter from our credit card processor and we need to become >>> pci compliant. I noticed these routers I'm using from Qwest dont have >>> a firewall. Do I go software,hardware or both? Here is the link for >>> our routers. >>> http://www.qwest.com/internethelp/modems/motorola-3347/modemDetail_3347installation.html >>> >>> He handles IT for 27 BK's in Denver. Thoughts? >>> >>> >>> >>> WISPA Wants You! Join today! >>> http://signup.wispa.org/ >>> >>> >>> WISPA Wireless List: wireless@wispa.org >>> >>> Subscribe/Unsubscribe: >>> http://lists.wispa.org/mailman/listinfo/wireless >>> >>> Archives: http://lists.wispa.org/pipermail/wireless/ >>> >> >> >> -- >> Josh Luthman >> Office: 937-552-2340 >> Direct: 937-552-2343 >> 1100 Wayne St >> Suite 1337 >> Troy, OH 45373 >> >> “Success is not final, failure is not fatal: it is the courage to >> continue that counts.” >> --- Winston Churchill >> >> >> >> WISPA Wants You! Join today! >> http://signup.wispa.org/ >> >> >> WISPA Wireless List: wireless@wispa.org >> >> Subscribe/Unsubscribe: >> http://lists.wispa.org/mailman/listinfo/wireless >> >> Archives: http://lists.wispa.org/pipermail/wireless/ >> > > > > WISPA Wants You! Join today! > http://signup.wispa.org/ > > > WISPA Wireless List: wireless@wispa.org > > Subscribe/Unsubscribe: > http://lists.wispa.org/mailman/listinfo/wireless > > Archives: http://lists.wispa.org/pipermail/wireless/ > -- Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 “Success is not final, failure is not fatal: it is the courage to continue that counts.” --- Winston Churchill WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] Google
You wouldn't want to. They will be the world's first Cyber-Government. :) Bob- -Original Message- From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of RickG Sent: Friday, April 02, 2010 12:47 AM To: WISPA General List Subject: Re: [WISPA] Google Um, April Fools only I'm, the fool! I must of missed it. I'll look in the archives. Thanks! On Fri, Apr 2, 2010 at 12:08 AM, Josh Luthman wrote: > Do you realize that was almost two months ago? > > There was a big discussion about it here I believe. > > Josh Luthman > Office: 937-552-2340 > Direct: 937-552-2343 > 1100 Wayne St > Suite 1337 > Troy, OH 45373 > > "Success is not final, failure is not fatal: it is the courage to > continue that counts." > --- Winston Churchill > > > > On Fri, Apr 2, 2010 at 12:06 AM, RickG wrote: >> Interesting: http://googleblog.blogspot.com/2010/02/think-big-with-gig-our-experimental.h tml >> I wonder if there would be anything to gain by working with them? >> Assuming they would work with a WISP. >> >> >> >> WISPA Wants You! Join today! >> http://signup.wispa.org/ >> >> >> WISPA Wireless List: wireless@wispa.org >> >> Subscribe/Unsubscribe: >> http://lists.wispa.org/mailman/listinfo/wireless >> >> Archives: http://lists.wispa.org/pipermail/wireless/ >> > > > > WISPA Wants You! Join today! > http://signup.wispa.org/ > > > WISPA Wireless List: wireless@wispa.org > > Subscribe/Unsubscribe: > http://lists.wispa.org/mailman/listinfo/wireless > > Archives: http://lists.wispa.org/pipermail/wireless/ > WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] April Fools!
http://www.telegraph.co.uk/news/newstopics/howaboutthat/7541455/Ferrets-key- to-bridging-the-digital-divide-between-cities-and-rural-areas.html The ferrets are definitely the key to providing broadband. Bob- -Original Message- From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of RickG Sent: Thursday, April 01, 2010 11:49 PM To: WISPA General List Subject: [WISPA] April Fools! http://techcrunch.com/april-fools-shenanigans/ On Wed, Mar 31, 2010 at 5:19 PM, Rogelio wrote: > On Wed, Mar 31, 2010 at 7:55 AM, Justin Wilson wrote: >> You can use connect lists in Mikrotik to force clients to connect at >> minimum levels. This way you dont have to worry so much about the band, but >> meeting those minimum levels. I am assuming you are working this into a >> hotspot type of setup. > > Exactly. It's a hotspot, but not just a hotspot, one with tens of > thousands of people. > > The new PDA phones have 5.x GHz chipsets, and I'm hoping to offload a > significant number of clients on that bad where feasible. > > I was hoping for a wireless solution that was "automagic" there, but > haven't yet found one... > > > > WISPA Wants You! Join today! > http://signup.wispa.org/ > > > WISPA Wireless List: wireless@wispa.org > > Subscribe/Unsubscribe: > http://lists.wispa.org/mailman/listinfo/wireless > > Archives: http://lists.wispa.org/pipermail/wireless/ > WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] Bit Cap Thresholds, etc
We have 3 plans in each of our categories, Residential/Business. Also, we have a customer on 768kbps $30/mo and downloading 40-50gb in a month... Thresholds: Residential $30 20gb $40 40gb $50 60gb Business $50 40gb $70 80gb $100 120gb $5/Gb after their allotment but never exceeding $150 in overages in one month. We do send an email at %75 of their allotment to give them a chance to go up to the next package. We also waive their first time going over if they act oblivious to downloads. A lot of people don't understand how Netflix and services like that work. We've heard it all! "Well we didn't know since we weren't saving it that it counted against us!" What we're doing is putting overage charges into a pot for build-outs only. However we have found that this 1% of customers that are causing the problems in the network, downloading 24/7, have slowed their roll. Our most abusive customer we just repossessed the unit after their bill hit the $150 overage charge plus $40 subscription fee in one month and never paid the bill 2 months before that. The most abusive customers will either pay their bills or get disconnected. Either way is a win-win for everyone, us and the customers. No more constant pull on that tower or those kind of customers pay for upgrades on the tower. At that point I'd rather just get rid of those kinds of customers because the most abusive don't ever pay their bills anyways. We do have one customer that is a big Hulu fan and just moved to the $100 business package because his overage charges hit $150 2 months in a row on the $50 60gb package. He won't stop watching Hulu and always pays his bill. Andy Trimmell PDSWireless Network Administrator atrimm...@precisionds.com -Original Message- From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of Philip Dorr Sent: Friday, April 02, 2010 3:46 AM To: WISPA General List Subject: Re: [WISPA] Bit Cap Thresholds, etc Even at 56Kbps, if a client was using all of their bandwidth 24/7 they could do ~15GB in a 30 day month. On Thu, Apr 1, 2010 at 10:02 PM, RickG wrote: > Marlon, > > Out of curiosity, do you know your total capacity available to each of > your subs? Can they ALL actually get 10gigs/month if they ALL tried to > do it? To be honest, I have not taken the time to figure out this > number for my network which is part of the reason I shy away from > going to by the bit pricing even though I've been a long proponent of > it. > > -RickG > > On Thu, Apr 1, 2010 at 9:35 AM, Marlon K. Schafer > wrote: >> >> - Original Message - >> From: "Jason Wallace" >> To: "WISPA General List" >> Sent: Wednesday, March 31, 2010 10:24 AM >> Subject: [WISPA] Bit Cap Thresholds, etc >> >> >>>I have a few questions for those of you who sell bandwidth by the byte: >>> >>> 1. What is the threshold you use, ie, 3Gb in 30 days, or do you have >>> different packages? >> >> 10 gigs per month for wireless. 20 gigs for fiber customers. >> >> Business users that pay more get more. However, the ones that insist on >> allowing radio on the computers etc. usually end up paying even more yet. >> We try to set a level above what they use in a normal month then cut them a >> little bit of a break on the normal billing amount. >> >>> 2. Is this total bytes in & out or just in? >> >> Total. Combined. WE pay for it both ways. >> >>> 3. What do you charge for overages? >> >> $5 per gig. If they go over by more than 10 gigs we'll normally work to cut >> them some kind of a break. Again, the expectation is that it's got to more >> than pay for the additional costs. >> >> Don't forget the costs of AP wide slowdowns for everyone else. If that >> starts to happen and you loose the "easy" customers you have to add ap's to >> the tower. That costs both money AND spectrum. >> >> We've started an overbuild with additional bands for our heavy sites. We >> charge more for the install and the service, but that gives the gamers/high >> end customers someplace to go. AND we make SURE that service from that >> system is the BEST in the area we're in. >> >>> 4. Have you considered just throttling back customers like the satellite >>> guys do? >> >> Yeah. But there is no money in that. >> >> It's also not what our service is based upon. Our service runs as fast as >> we can make it go. Up to 10 mbps in both directions for as little as $35 >> per month. Those who pay more are paying for reliability not speed. >> >> The other thing to think about is human nature. People do what people do. >> To them, by and large, if they want to download a 100 meg windows update >> they will do it no matter what. If they want a 700meg WOW demo, they'll go >> get it. If you slow them down they'll "use" the system much longer. >> >> So instead of getting them on and off the air in, oh say 10 minutes, they >> might be there for 2 hours. The chances of another high capacity project >> happening on the network go up a
Re: [WISPA] Bit Cap Thresholds, etc
Even at 56Kbps, if a client was using all of their bandwidth 24/7 they could do ~15GB in a 30 day month. On Thu, Apr 1, 2010 at 10:02 PM, RickG wrote: > Marlon, > > Out of curiosity, do you know your total capacity available to each of > your subs? Can they ALL actually get 10gigs/month if they ALL tried to > do it? To be honest, I have not taken the time to figure out this > number for my network which is part of the reason I shy away from > going to by the bit pricing even though I've been a long proponent of > it. > > -RickG > > On Thu, Apr 1, 2010 at 9:35 AM, Marlon K. Schafer > wrote: >> >> - Original Message - >> From: "Jason Wallace" >> To: "WISPA General List" >> Sent: Wednesday, March 31, 2010 10:24 AM >> Subject: [WISPA] Bit Cap Thresholds, etc >> >> >>>I have a few questions for those of you who sell bandwidth by the byte: >>> >>> 1. What is the threshold you use, ie, 3Gb in 30 days, or do you have >>> different packages? >> >> 10 gigs per month for wireless. 20 gigs for fiber customers. >> >> Business users that pay more get more. However, the ones that insist on >> allowing radio on the computers etc. usually end up paying even more yet. >> We try to set a level above what they use in a normal month then cut them a >> little bit of a break on the normal billing amount. >> >>> 2. Is this total bytes in & out or just in? >> >> Total. Combined. WE pay for it both ways. >> >>> 3. What do you charge for overages? >> >> $5 per gig. If they go over by more than 10 gigs we'll normally work to cut >> them some kind of a break. Again, the expectation is that it's got to more >> than pay for the additional costs. >> >> Don't forget the costs of AP wide slowdowns for everyone else. If that >> starts to happen and you loose the "easy" customers you have to add ap's to >> the tower. That costs both money AND spectrum. >> >> We've started an overbuild with additional bands for our heavy sites. We >> charge more for the install and the service, but that gives the gamers/high >> end customers someplace to go. AND we make SURE that service from that >> system is the BEST in the area we're in. >> >>> 4. Have you considered just throttling back customers like the satellite >>> guys do? >> >> Yeah. But there is no money in that. >> >> It's also not what our service is based upon. Our service runs as fast as >> we can make it go. Up to 10 mbps in both directions for as little as $35 >> per month. Those who pay more are paying for reliability not speed. >> >> The other thing to think about is human nature. People do what people do. >> To them, by and large, if they want to download a 100 meg windows update >> they will do it no matter what. If they want a 700meg WOW demo, they'll go >> get it. If you slow them down they'll "use" the system much longer. >> >> So instead of getting them on and off the air in, oh say 10 minutes, they >> might be there for 2 hours. The chances of another high capacity project >> happening on the network go up a LOT when the users are "on the air" for a >> longer period of time. >> >> make sense? >> marlon >> >>> >>> Jason >>> >>> >>> >>> WISPA Wants You! Join today! >>> http://signup.wispa.org/ >>> >>> >>> WISPA Wireless List: wireless@wispa.org >>> >>> Subscribe/Unsubscribe: >>> http://lists.wispa.org/mailman/listinfo/wireless >>> >>> Archives: http://lists.wispa.org/pipermail/wireless/ >> >> >> >> >> WISPA Wants You! Join today! >> http://signup.wispa.org/ >> >> >> WISPA Wireless List: wireless@wispa.org >> >> Subscribe/Unsubscribe: >> http://lists.wispa.org/mailman/listinfo/wireless >> >> Archives: http://lists.wispa.org/pipermail/wireless/ >> > > > > WISPA Wants You! Join today! > http://signup.wispa.org/ > > > WISPA Wireless List: wireless@wispa.org > > Subscribe/Unsubscribe: > http://lists.wispa.org/mailman/listinfo/wireless > > Archives: http://lists.wispa.org/pipermail/wireless/ > WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] PCI Compliance
Correct, no storage. I'm thinking an RB750? On Fri, Apr 2, 2010 at 2:29 AM, Josh Luthman wrote: > No experience just thoughts. > > http://en.wikipedia.org/wiki/Payment_Card_Industry_Data_Security_Standard > > Would make sense to use a MT, put a nice firewall template (hence the > first requirement) and then the other generic things everyone should > do. I would have to guess BK doesn't store card information. > Processing security relies on the card processor, would it not? > > On 4/2/10, RickG wrote: >> Email from my brother: >> >> Just got a letter from our credit card processor and we need to become >> pci compliant. I noticed these routers I'm using from Qwest dont have >> a firewall. Do I go software,hardware or both? Here is the link for >> our routers. >> http://www.qwest.com/internethelp/modems/motorola-3347/modemDetail_3347installation.html >> >> He handles IT for 27 BK's in Denver. Thoughts? >> >> >> >> WISPA Wants You! Join today! >> http://signup.wispa.org/ >> >> >> WISPA Wireless List: wireless@wispa.org >> >> Subscribe/Unsubscribe: >> http://lists.wispa.org/mailman/listinfo/wireless >> >> Archives: http://lists.wispa.org/pipermail/wireless/ >> > > > -- > Josh Luthman > Office: 937-552-2340 > Direct: 937-552-2343 > 1100 Wayne St > Suite 1337 > Troy, OH 45373 > > “Success is not final, failure is not fatal: it is the courage to > continue that counts.” > --- Winston Churchill > > > > WISPA Wants You! Join today! > http://signup.wispa.org/ > > > WISPA Wireless List: wireless@wispa.org > > Subscribe/Unsubscribe: > http://lists.wispa.org/mailman/listinfo/wireless > > Archives: http://lists.wispa.org/pipermail/wireless/ > WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] PCI Compliance
On 04/01/2010 11:29 PM, Josh Luthman wrote: > No experience just thoughts. > > http://en.wikipedia.org/wiki/Payment_Card_Industry_Data_Security_Standard > This is a good overview. Also the spec is freely available in PDF form from the PCI website. > Would make sense to use a MT, put a nice firewall template (hence the > first requirement) and then the other generic things everyone should > do. The PCI standard is pretty prescriptive and covers good baseline security stuff. > I would have to guess BK doesn't store card information. > Processing security relies on the card processor, would it not? > The standard applies to data being stored and processed. You need to encrypt the link between you and the processor for example. I can go into more detail off list if required. WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] PCI Compliance
Rick (and others wanting to be PCI compliant) Ping me off list about this. It's a somewhat complex subject and varies quite a bit. I've done a fair amount of PCI related work and would be happy to provide some guidance. While you all know I'm generally very keen to post to the list and help out, when it comes to security/PCI I'm extremely touchy, serious and specific. What I can say on list (in a generic sense that applies to all) is that 1) PCI is very prescriptive. That is it's greatest strength. It's also a pain when the auditor doesn't understand that you can use 128 or greater encryption, so using 256 bit is considered uncompliant (is that a word?) 2) Everything in it is good base line security. Most folks that post to the list seem to have a good handle on mature operational procedures. If you have Linux or Windows savyness and have followed the vendor security guidelines (IDS/IPS/AV/change default passwords/patch on a regular basis) you are a long way towards being PCI compliant. On 04/01/2010 11:21 PM, RickG wrote: > Email from my brother: > > Just got a letter from our credit card processor and we need to become > pci compliant. I noticed these routers I'm using from Qwest dont have > a firewall. Do I go software,hardware or both? Here is the link for > our routers. > http://www.qwest.com/internethelp/modems/motorola-3347/modemDetail_3347installation.html > > He handles IT for 27 BK's in Denver. Thoughts? > > > > WISPA Wants You! Join today! > http://signup.wispa.org/ > > > WISPA Wireless List: wireless@wispa.org > > Subscribe/Unsubscribe: > http://lists.wispa.org/mailman/listinfo/wireless > > Archives: http://lists.wispa.org/pipermail/wireless/ > WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
