So they are like the island of misfit capacitors?
Mine actually works very well. Had one die to a direct lightning hit though, but nothing survives that really. Cisco replaced it no questions asked with no reciept neccisary. Nice people those Cisco geeks.
router, hub, and switch
-
Riggen
- kNight of the Sun (oxymoron)
- Posts: 1513
- Joined: Sat Dec 21, 2002 10:00 am
- Location: Northrend, Azeroth, or Outland
- Contact:
Before upgrading to a home router with wireless support, I used a Linksys BEFSR41 for five years . That thing was a hoss. I had to reboot it once every month or two on average but other than that it was up 24/7/365 for about five years without incident. I then gave it to a friend and it's still chugging along just fine. It's cheap, secure enough for home use, and does a good job of sharing a net connection. I have no problem recommending it.
EQ: Riggen Silverpaws * Natureguard * Forever of Veteran Crew
WoW: Simbuk the Kingslayer, Riggen, Ashnok
WoW: Simbuk the Kingslayer, Riggen, Ashnok
-
Ddrak
- Save a Koala, deport an Australian
- Posts: 17517
- Joined: Thu Jan 02, 2003 3:00 pm
- Location: Straya mate!
- Contact:
Hmm... missed a rather important post:
I didn't believe that people were scanning the net continuously for vulnerable computers until I started running snort on my firewall box. The bad guys are out there and if your machine is vulnerable, do you really want it used as a lauchpad for attacks?
Dd
There's the big reason to make sure their box is NOT connected directly to the internet. If they don't care then you should, unless you want to risk the police kicking your door down some day because that PC has been used to steal credit card numbers from some web site. You should probably explain that to your parents too as to why they should care.the 98 computer is my parents. they know the risks they just dont care. set in their ways like ancient pixxelites
I didn't believe that people were scanning the net continuously for vulnerable computers until I started running snort on my firewall box. The bad guys are out there and if your machine is vulnerable, do you really want it used as a lauchpad for attacks?
Dd
-
maltheos
- Grand Master Architecht
- Posts: 421
- Joined: Fri Dec 27, 2002 12:51 pm
- Location: South East of Bangzoom
WIn98 machine directly conected to internet( No NAT, no SW firewall ) = OWNED Box in ~2 days of uptime.( with trip 9's+ reliability)
That is all. With only a SW firewall that machine is just beging for hijacking. A skilled user could keep it their own, but my money is on it being OWNED in a week or two if the user is unskilled, less than that if the user is computer newbie.
A router will at least keep the majority of script kiddies out. I'd still be careful, but its a huge step up. Especially if the router is locked down decently.
That is all. With only a SW firewall that machine is just beging for hijacking. A skilled user could keep it their own, but my money is on it being OWNED in a week or two if the user is unskilled, less than that if the user is computer newbie.
A router will at least keep the majority of script kiddies out. I'd still be careful, but its a huge step up. Especially if the router is locked down decently.
-
Ickhor
- Grand Master Architecht
- Posts: 406
- Joined: Fri Dec 31, 2004 10:11 pm
I don't mean to say that linksys makes shoddy quality stuff, it just isn't *Cisco* quailty. As much as I hate Cisco, they absolutely have the most reliable networking hardware in the industry. Great stuff doesn't pass their QA. And just because more than .3333% of a bin of parts are bad, doesn't mean that the rest of them can't make great devices.
Also, do not run Windows 98. If you have to, do not connect it to the internet directly.
Also, do not run Windows 98. If you have to, do not connect it to the internet directly.
-
AuSerpent Sonoblade
- Sekrut Master
- Posts: 51
- Joined: Fri Dec 20, 2002 10:26 am
I've actually had some problems with Linksys hardware. I still use some of it but probably won't be buying any in the future.
At work, we just switched over to using Cisco switches/firewalls from 3com stuff and my biggest problem with it is the million different ways people configure a PIX. It takes me an hour to translate what someone else has done because they do it completely differently than I would (even though both are the correct way to do it).
As for your home connection, it's been pretty well covered in here. Get a piece of hardware that NAT's, allows you to configure port forwarding (you never know when you'll end up needing it), and has however many ethernet ports as you need plus a couple. I'd go with a switch instead of a hub but if you don't care that your traffic can be sniffed from any other ethernet port then go with whatever.
At work, we just switched over to using Cisco switches/firewalls from 3com stuff and my biggest problem with it is the million different ways people configure a PIX. It takes me an hour to translate what someone else has done because they do it completely differently than I would (even though both are the correct way to do it).
As for your home connection, it's been pretty well covered in here. Get a piece of hardware that NAT's, allows you to configure port forwarding (you never know when you'll end up needing it), and has however many ethernet ports as you need plus a couple. I'd go with a switch instead of a hub but if you don't care that your traffic can be sniffed from any other ethernet port then go with whatever.
-
Ickhor
- Grand Master Architecht
- Posts: 406
- Joined: Fri Dec 31, 2004 10:11 pm
Ahh the dreaded PIX configuration. My dream goal when I got out of college was to get three or four really good hackers and make a solid enterprise grade firewall that was easy to configure (built on openbsd/PF), then I became a corporate whore, and got too lazy to do such entrepreneural things.
Checkpoints offerings are pretty nice, but linux kinda sucks for this role.
Checkpoints offerings are pretty nice, but linux kinda sucks for this role.
-
Grygonos Thunderwulf
- Druish Princess
- Posts: 780
- Joined: Fri Dec 20, 2002 3:22 pm
-
Ddrak
- Save a Koala, deport an Australian
- Posts: 17517
- Joined: Thu Jan 02, 2003 3:00 pm
- Location: Straya mate!
- Contact:
-
Ickhor
- Grand Master Architecht
- Posts: 406
- Joined: Fri Dec 31, 2004 10:11 pm
I was more interested in selling it and making shitloads of money off of it actually.
The thing is, BSD/PF, works just fine for the kind of people who would use a SF project anyway. They're 100x easier to configure than PIX (PF even more so). The problem is that they don't have support, or someone to blame when they break.
Alot of the people that I work with will not use most open source for this very reason. I recently convinced them to replace a $150,000 proprietary intrusion detection system with a few free snort sensors and the benefits (even ignoring costs) have been absolutely incredible. That $150,000 IDS was the worst piece of software that I have ever used, and I've used some really bad software.
What we need is a "boss friendly" firewall, that doesn't suck. Cisco is a bitch to configure, PIX admins have 1/10th the productivity of PF admins. Checkpoint is great, but it runs on Linux and is kinda slow.
I think three or four decent programmers could hack up an easy to use, graphical front end to configuring PF, strip down an openbsd install to running PF, sshd, and the VRRP stuff, and make a shitload.
The thing is, BSD/PF, works just fine for the kind of people who would use a SF project anyway. They're 100x easier to configure than PIX (PF even more so). The problem is that they don't have support, or someone to blame when they break.
Alot of the people that I work with will not use most open source for this very reason. I recently convinced them to replace a $150,000 proprietary intrusion detection system with a few free snort sensors and the benefits (even ignoring costs) have been absolutely incredible. That $150,000 IDS was the worst piece of software that I have ever used, and I've used some really bad software.
What we need is a "boss friendly" firewall, that doesn't suck. Cisco is a bitch to configure, PIX admins have 1/10th the productivity of PF admins. Checkpoint is great, but it runs on Linux and is kinda slow.
I think three or four decent programmers could hack up an easy to use, graphical front end to configuring PF, strip down an openbsd install to running PF, sshd, and the VRRP stuff, and make a shitload.
-
Grygonos Thunderwulf
- Druish Princess
- Posts: 780
- Joined: Fri Dec 20, 2002 3:22 pm
-
Grygonos Thunderwulf
- Druish Princess
- Posts: 780
- Joined: Fri Dec 20, 2002 3:22 pm
-
AuSerpent Sonoblade
- Sekrut Master
- Posts: 51
- Joined: Fri Dec 20, 2002 10:26 am
Yah, it's hard to convince management to go with open source solutions. When I first started working here there were several SCO Unix servers (I hated it before recent events), HPUX servers (I liked this part), and Windows NT 3.somethin w/ Citrix (hate Citrix with me, all together now).
Backups were being done with ARCserve (why would anybody use this software?). I replaced it with a few scripts that took 10 minutes to write (ok it took longer cause I had to figure out how to get the tape changer to change tapes).
We are mostly using linux servers now (we still use proprietary software on these machines that will not support *bsd). The only server not linux is a Windows 2000 server (with no Citrix, hate it with me). The technicians used to like to blame hardware failures on Linux until they became more familiar with it. (Did you know linux could cut wires on a scsi cable?) Now things are smooth and I believe everyone is more comfortable with it. The fact that we don't have to do nightly shutdowns and it never crashes pleases those used to being on the windows servers and the cost savings pleases those that were paying license and support fees for the proprietary servers.
There was no cost to transfer the systems other than my salary I guess since we made the switches when we changed the major software applications we run on them which was going to be done no matter what.
We have a completely different department that pays for all things networking (ie: firewall) so my hands are tied there.
Now if I can only get rid of java. Java's tagline should be, twice the power for three times the resources. Really if it's a web application and you are going to limit it to a couple of the recent web browsers then why use java?
Backups were being done with ARCserve (why would anybody use this software?). I replaced it with a few scripts that took 10 minutes to write (ok it took longer cause I had to figure out how to get the tape changer to change tapes).
We are mostly using linux servers now (we still use proprietary software on these machines that will not support *bsd). The only server not linux is a Windows 2000 server (with no Citrix, hate it with me). The technicians used to like to blame hardware failures on Linux until they became more familiar with it. (Did you know linux could cut wires on a scsi cable?) Now things are smooth and I believe everyone is more comfortable with it. The fact that we don't have to do nightly shutdowns and it never crashes pleases those used to being on the windows servers and the cost savings pleases those that were paying license and support fees for the proprietary servers.
There was no cost to transfer the systems other than my salary I guess since we made the switches when we changed the major software applications we run on them which was going to be done no matter what.
We have a completely different department that pays for all things networking (ie: firewall) so my hands are tied there.
Now if I can only get rid of java. Java's tagline should be, twice the power for three times the resources. Really if it's a web application and you are going to limit it to a couple of the recent web browsers then why use java?
-
Grygonos Thunderwulf
- Druish Princess
- Posts: 780
- Joined: Fri Dec 20, 2002 3:22 pm
-
AuSerpent Sonoblade
- Sekrut Master
- Posts: 51
- Joined: Fri Dec 20, 2002 10:26 am
Well I agree if your target group is anybody/everbody. But if your target group is fellow employees in a decent sized company then what browser they use is likely chosen by IS.
I don't understand why a company creating software they plan to sell though would create a web application that requires a liimited selection of browser(s). It would seem to me that would be limiting who you could sell to... yet you see it in almost every commercial offering I've ran across.
I personally test my web apps in IE, Firefox, Opera, and Safari to make sure they work/look correctly because I happen to know that is what our users are using. It is really simple to make things functional in all 4. It's really only the cutesy stuff that might cause ya fits but with a little bit of work you can get that stuff working too.
I don't understand why a company creating software they plan to sell though would create a web application that requires a liimited selection of browser(s). It would seem to me that would be limiting who you could sell to... yet you see it in almost every commercial offering I've ran across.
I personally test my web apps in IE, Firefox, Opera, and Safari to make sure they work/look correctly because I happen to know that is what our users are using. It is really simple to make things functional in all 4. It's really only the cutesy stuff that might cause ya fits but with a little bit of work you can get that stuff working too.