Go Back  Jeep Cherokee Forum > General > Off-Topic Discussion
The IT BS Thread! >

The IT BS Thread!

The IT BS Thread!

Old 09-09-2013, 04:26 PM
  #61  
Herp Derp Jerp
 
salad's Avatar
 
Join Date: Nov 2011
Location: Parham, ON
Posts: 18,251
Year: 1999
Model: Cherokee
Engine: 4.0L OBD-II
Default

Originally Posted by PocketsEmpty View Post
I've looked into enabling SSH on the Untangle, but haven't done it yet. Good to know that I can crack it open like that--wish the devs made that a little easier. Well, I know who to talk to when I'm trying to set that all up!
It's very simple. Somewhere in the init script (/etc/init.d/sshd) it refers to a file that's named something like "do not run". Delete/move/rename that thing and try to start it. Presto! I can't remember if root login is enabled by default though lol.

Question for you - apologies if it's akward - how many branches do you manage? I ask because I've consulted for network solutions for two regional credit unions here and they're nubs as far as networking goes. One of them I designed a L3VPN solution for and they run SSL tunnels between their SonicWalls (that required a lot of hand-holding and diagrams), the other had their IT shop call us to report slow Internet speeds over a bonded T1 while they were running a backup...

Last edited by salad; 09-09-2013 at 04:29 PM.
salad is offline  
Old 09-09-2013, 04:55 PM
  #62  
CF Veteran
Thread Starter
 
PocketsEmpty's Avatar
 
Join Date: Dec 2012
Location: York, PA
Posts: 4,169
Year: 1998
Model: Cherokee
Engine: 4.0
Default

Originally Posted by salad View Post
It's very simple. Somewhere in the init script (/etc/init.d/sshd) it refers to a file that's named something like "do not run". Delete/move/rename that thing and try to start it. Presto! I can't remember if root login is enabled by default though lol.

Question for you - apologies if it's akward - how many branches do you manage? I ask because I've consulted for network solutions for two regional credit unions here and they're nubs as far as networking goes. One of them I designed a L3VPN solution for and they run SSL tunnels between their SonicWalls (that required a lot of hand-holding and diagrams), the other had their IT shop call us to report slow Internet speeds over a bonded T1 while they were running a backup...
That's interesting. I manage only three branches. But we are a full Windows shop with all Cisco switches and routers and the VMware jazz, and a couple Linux servers too. Just me and a systems analyst who works with the core finance system. They're looking to replace my boss that was fired a few weeks ago, lol.

I just recently implemented Metro Ethernet at all of our locations, with point-to-point fiber from both branch offices back to the Main branch where we also have the EDI line. Hopefully I'll be able to ditch the T1's once and for all before month's end. We did have an interesting issue with symmetrical upstream speeds on the MetroE, which turned out to be auto-negotiation issues between a Cisco 2960X and some Ciena switch from our provider. I also have extensive documentation on the layouts and configurations of each location. It's very rare that I have to call for outside help on something.

For your CU clients...why wouldn't they just get dedicated point-to-point lines? That's more secure, especially in the financial industry..or so I've heard. They must have cheaped out, especially since they're running SonicWalls...not that I know anything about those. I'm more of a Cisco ASA type of guy.
PocketsEmpty is offline  
Old 09-09-2013, 06:06 PM
  #63  
Herp Derp Jerp
 
salad's Avatar
 
Join Date: Nov 2011
Location: Parham, ON
Posts: 18,251
Year: 1999
Model: Cherokee
Engine: 4.0L OBD-II
Default

Originally Posted by PocketsEmpty View Post
That's interesting. I manage only three branches. But we are a full Windows shop with all Cisco switches and routers and the VMware jazz, and a couple Linux servers too. Just me and a systems analyst who works with the core finance system. They're looking to replace my boss that was fired a few weeks ago, lol.

I just recently implemented Metro Ethernet at all of our locations, with point-to-point fiber from both branch offices back to the Main branch where we also have the EDI line. Hopefully I'll be able to ditch the T1's once and for all before month's end. We did have an interesting issue with symmetrical upstream speeds on the MetroE, which turned out to be auto-negotiation issues between a Cisco 2960X and some Ciena switch from our provider. I also have extensive documentation on the layouts and configurations of each location. It's very rare that I have to call for outside help on something.
Ah your org must be quite successful then as you actually have people with a clue. These guys are comparatively small players and their IT experience amounts to desktop support and web design. Everything important is outsourced, including a certain degree of the financial aspect (I think, can't remember the name. I believe it's related to how they tie into a national network of ATMs).

Duplex hardcoding needs to DIE.

Originally Posted by PocketsEmpty View Post
For your CU clients...why wouldn't they just get dedicated point-to-point lines? That's more secure, especially in the financial industry..or so I've heard. They must have cheaped out, especially since they're running SonicWalls...not that I know anything about those. I'm more of a Cisco ASA type of guy.
Depends on how you define "point-to-point". In terms of security you basically have "dark fiber" and "everything else". (Well unless you pass through a certain route in AT&T's network lol) Old-style copper loops are very difficult to obtain these days and speeds are quite limited. We finally retired our last LDDS circuit 5 yeard ago: $1000/month for a pair of modems pushing 512 kbps. T1s, MetroE, OC-whatevers, DS-3, etc are all last-mile technologies that really get transported over the same carrier network. So those MetroE circuits you have get plopped between branches more than likely pass through a bunch of switches and get carried over the same MPLS or SONET junk the rest of everything does. You order a T1 these days between two locations and sure you get a T1 hand-off from an ADC/PairGain box, but the uplink of it is SDSL back to a local remote or CO into a mux into an ATM switch (like the Cisco 5500 in my basement...) into a municipal/regional/national trunk as nothing more than a tiny little PVC in the same box as a zillion other circuits which may or may not have a protect path via Timbuktu.

Unless you run your own physical path there could be zillions of taps of vulnerabilities that nobody knows about, so as far as a segregated managed service goes it comes down to how much you want to pay for what features like L2, L3, SLA, bandwidth, QoS, PtP or mesh, etc.

These guys are pretty small so stringing their own fiber is as out of reach as a $1500/month 5 Mbps dedicated fiber. It's a lot cheaper to buy commodity connections (T1, SHDSL, municipal fiber) and run the same encryption they should run anyway, under a single provider with segregated access. This document seems to give a decent rundown of what I'm talking about: http://ptgmedia.pearsoncmg.com/image...796content.pdf

Another advantage to these customers of such a topology is border control. With a L3VPN it's very easy to secure traffic between branches using SSL or IPsec in a full mesh topology (fault-tolerant! No hub/spoke ****!) and forward misc traffic out to a single border router. Both of the CUs I mentioned opted to colocate a firewall at our facility. So no hairpinning of Internet traffic increasing the bandwidth requirements at a central site, and they only have a single control point to manage.

Yeah SonicWalls are damn cheap. ASAs with SmartNet are crazy in comparison. Then you gotta pay someone to figure out how the **** IPsec works lol

Last edited by salad; 09-09-2013 at 06:12 PM.
salad is offline  
Old 09-09-2013, 06:12 PM
  #64  
CF Veteran
Thread Starter
 
PocketsEmpty's Avatar
 
Join Date: Dec 2012
Location: York, PA
Posts: 4,169
Year: 1998
Model: Cherokee
Engine: 4.0
Default

Originally Posted by salad View Post
Ah your org must be quite successful then as you actually have people with a clue. These guys are comparatively small players and their IT experience amounts to desktop support and web design. Everything important is outsourced, including a certain degree of the financial aspect (I think, can't remember the name. I believe it's related to how they tie into a national network of ATMs).

Duplex hardcoding needs to DIE.



Depends on how you define "point-to-point". In terms of security you basically have "dark fiber" and "everything else". (Well unless you pass through a certain route in AT&T's network lol) Old-style copper loops are very difficult to obtain these days and speeds are quite limited. We finally retired our last LDDS circuit 5 yeard ago: $1000/month for a pair of modems pushing 512 kbps. T1s, MetroE, OC-whatevers, DS-3, etc are all last-mile technologies that really get transported over the same carrier network. So those MetroE circuits you have get plopped between branches more than likely pass through a bunch of switches and get carried over the same MPLS or SONET junk the rest of everything does. Unless you run your own physical path there could be zillions of taps of vulnerabilities that nobody knows about, so as far as a segregated managed service goes it comes down to how much you want to pay for what features like L2, L3, SLA, bandwidth, QoS, PtP or mesh, etc.

These guys are pretty small so stringing their own fiber is as out of reach as a $1500/month 5 Mbps dedicated fiber. It's a lot cheaper to buy commodity connections (T1, SHDSL, municipal fiber) and run the same encryption they should run anyway, under a single provider with segregated access. This document seems to give a decent rundown of what I'm talking about: http://ptgmedia.pearsoncmg.com/image...796content.pdf

Another advantage to these customers of such a topology is border control. With a L3VPN it's very easy to secure traffic between branches using SSL or IPsec in a full mesh topology (fault-tolerant!) and forward misc traffic out to a single border router. Both of the CUs I mentioned opted to colocate a firewall at our facility. So no hairpinning of Internet traffic increasing the bandwidth requirements at a central site, and they only have a single control point to manage.

Yeah SonicWalls are damn cheap. ASAs with SmartNet are crazy in comparison. Then you gotta pay someone to figure out how the **** IPsec works lol
Great post! I feel a little more educated on SSL now. I'm very familiar with outsourced items. We deal with many different vendors for various products we offer, and they're not without their drama from time to time. I HATE IPsec! I'd like to get our home users switched to SSL someday. The old VPN client just doesn't do it for me (although it works fine). And yes, ASA + smartnets on all the other $3k-5k switches and routers, it's quite a large investment! And don't get me started on the APC UPS system haha
PocketsEmpty is offline  
Old 09-09-2013, 06:14 PM
  #65  
Herp Derp Jerp
 
salad's Avatar
 
Join Date: Nov 2011
Location: Parham, ON
Posts: 18,251
Year: 1999
Model: Cherokee
Engine: 4.0L OBD-II
Default

Ah you quoted me like three edits ago lol.

OpenVPN + WiKID. It's a beautiful thing.

Here in telco land the power is natively -48VDC, any AC I want to play with comes off of hella expensive inverters. My office has like a week of battery run time
salad is offline  
Old 09-09-2013, 06:15 PM
  #66  
CF Veteran
Thread Starter
 
PocketsEmpty's Avatar
 
Join Date: Dec 2012
Location: York, PA
Posts: 4,169
Year: 1998
Model: Cherokee
Engine: 4.0
Default

OpenVPN is awesome. I'm running that on my Untangle at home, and use it every day. At work, on my phone, and it works flawless every time. love it!
PocketsEmpty is offline  
Old 09-09-2013, 06:35 PM
  #67  
Herp Derp Jerp
 
salad's Avatar
 
Join Date: Nov 2011
Location: Parham, ON
Posts: 18,251
Year: 1999
Model: Cherokee
Engine: 4.0L OBD-II
Default

I'm not sure exactly what kind of constraints fall on the US financial sector but you may find that with the right settings in place, encryption cranked, and two-factor auth behind it, OpenVPN and WiKID may be appropriate for use in your office. Even Cisco is offering SSL VPN stuff now. Marketing droids start talking about PCI and SOX and I just get this kind of blank look on my face lol. I don't know what I/O busses have to do with baseball but I guess merchandising opportunities are everywhere.
salad is offline  
Old 09-10-2013, 07:54 PM
  #68  
Herp Derp Jerp
 
salad's Avatar
 
Join Date: Nov 2011
Location: Parham, ON
Posts: 18,251
Year: 1999
Model: Cherokee
Engine: 4.0L OBD-II
Default

Oh yeah. Piccies of old high school. A few weeks before this dude had received 500 off-lease Dell Optiplexes. Most P4 HTs with 2GB RAM.

This is 390 of them and the room where they'll be imaged prior to deployment.



The IT BS Thread!-image-1946033157.jpg



The IT BS Thread!-image-2854650182.jpg



The IT BS Thread!-image-4158575450.jpg



The IT BS Thread!-image-1160710277.jpg

There's a literal pile of keyboards in a corner, apparently I didn't snap a pic.
salad is offline  
Old 09-10-2013, 09:29 PM
  #69  
CF Veteran
Thread Starter
 
PocketsEmpty's Avatar
 
Join Date: Dec 2012
Location: York, PA
Posts: 4,169
Year: 1998
Model: Cherokee
Engine: 4.0
Default

Looks like a lot of work! Those Optiplexes look huge. We have the small form factor Optiplex 380's and 3010's at my org. And a few 760's. Not bad machines.
PocketsEmpty is offline  
Old 09-10-2013, 10:37 PM
  #70  
Herp Derp Jerp
 
salad's Avatar
 
Join Date: Nov 2011
Location: Parham, ON
Posts: 18,251
Year: 1999
Model: Cherokee
Engine: 4.0L OBD-II
Default

Yeah those are the desktop/midtower form factor. They're still Dell generic boxes though so they don't weigh a ton. He roped me into setting up half of that row of machines while I was there lol. Half of them needed the RAM reseated... not bad for free
salad is offline  
Old 09-10-2013, 10:57 PM
  #71  
CF Veteran
 
McCaffrey's Avatar
 
Join Date: Jun 2012
Location: California
Posts: 1,250
Year: 1989
Model: Cherokee
Engine: 4.0L
Default

AC must be on overload setting.
McCaffrey is offline  
Old 09-11-2013, 12:01 AM
  #72  
Herp Derp Jerp
 
salad's Avatar
 
Join Date: Nov 2011
Location: Parham, ON
Posts: 18,251
Year: 1999
Model: Cherokee
Engine: 4.0L OBD-II
Default

What AC...
salad is offline  
Old 09-11-2013, 06:42 AM
  #73  
CF Veteran
Thread Starter
 
PocketsEmpty's Avatar
 
Join Date: Dec 2012
Location: York, PA
Posts: 4,169
Year: 1998
Model: Cherokee
Engine: 4.0
Default

lol, maybe they're being done in the winter, and doubly used as heaters! Could be possible with all those P4's computing away
PocketsEmpty is offline  
Old 09-11-2013, 09:23 AM
  #74  
Herp Derp Jerp
 
salad's Avatar
 
Join Date: Nov 2011
Location: Parham, ON
Posts: 18,251
Year: 1999
Model: Cherokee
Engine: 4.0L OBD-II
Default

lol yeah auxiliary boiler room. Just pass some water by a room of P4s... heats the whole building lmao
salad is offline  
Old 09-11-2013, 10:56 AM
  #75  
CF Veteran
Thread Starter
 
PocketsEmpty's Avatar
 
Join Date: Dec 2012
Location: York, PA
Posts: 4,169
Year: 1998
Model: Cherokee
Engine: 4.0
Default

Well, just scheduled my CCNA exam for Sept. 30! The hardest part is going to be balancing Jeep projects with study time for the remainder of September. haha
PocketsEmpty is offline  

Thread Tools
Search this Thread
Quick Reply: The IT BS Thread!


Contact Us - Archive - Advertising - Cookie Policy - Privacy Statement - Terms of Service

© 2019 MH Sub I, LLC dba Internet Brands

We are a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for us to earn fees by linking to Amazon.com and affiliated sites.
 
  • Ask a Question
    Get answers from community experts
Question Title:
Description:
Your question will be posted in: