The problem is that most guards will let you through if you seem to:
A) fit in
B) seem to be legit
I have two customers that have fairly high security buildings. One, I went to the break room, and had yet to be informed the combo on the door, the gaurd just let me in when I told them that I got locked out.
At another customers location, I just told the guard that I was delivering some software. The guard gave me a day pass to the entire complex.... The receptionist (who was new, and I did not know) voilated their own security policy by not stopping me when I walked bye. Keep in mind, I did not blend in, Policy there is slacks, and a tie. I was wearing blue jeans and a polar fleece sweater, plus I'm more or less a long haired hippy.
Keep in mind that these are legit cases, but guard's jobs are very mundane, and locations such as server rooms should be protected by lock and key at the least.
One customer broke through the back wall of their server room... why I don't know, but they have a combo door lock on the door... the only one in their entire office. but, you can just walk around to the other side of the room and enter from the back, where there is no door.
*shrug*
I guess its a property of the large corperate world, stupid decisions = bad security.
The idea with all the file systems is so that you can migrate to linux. Also diffrent file systems have their features. Such as riserfs is used on lots of news servers because its good with lots of small files. Supporting all these file systems is very good incase you have to resurect a old half dead SCO, or SGI box.
NTFS will never be stable in linux because microsoft keeps changing ntfs with their ntfs using operating systems. Last I heard it was that they changed the journaling structure.
don't bother with every packet, just use LOTS of ipsec. Hell, if they were to tap my office net, they would see lots of ipsec, some email for non-profits, but then the servers support ssl, so a good chunk is all encrypted.
The idea is to make them paranoid, ipsec will make them every peranoid. Now that I think about it, more email comes in encrypted, than goes out... guess I have lazy customers not wanting or able to figure out how to enable ssl.
Won't work unless you get pressurizable wiring boxes (this is not nema level 12 (explosive proof), its custom stuff), then you would need a presure sensor, and a plc. You could have a program running in the background on the computer moitoring the plc's I/O points. Additionally, you could electrify the conduit, not high power, but enouf that if the conduit is cut through at any point, an alarm goes off.
Cheap as in you partner with the ILEC to do installs, and then cut a deal with them so you only have to pay the loop charge.
What I mean as DSL, is SDSL, and in most cases, that will run you atleast 230-400 a month anyway. Most local loop charges are from 400-700, but I have been on the phone with AT&T getting quotes for customers, and I got a tech to curse once when he saw what the loop charge was for one of my customer's locations ($1300 a month)
Yeah, it would be ineffecent.... I kind of find it annoying that it takes soo long for linux to figure out whats up, so I'm just figuring it would be better to just manually shutdown the wired interface.
when we were loosing bluestar, we managed to get a T1 pulled, and we had both up and running for about 12 hours w/o problems.... though we had all the packets leaving on one line...
Well, The first entered has priority, the second entered is a failover. I'm doing this with my wireless and wired network connections. If my ethernet cable gets unplugged, after about 10 seconds, linux figures out oh, that link is down, so it uses the wireless card as the default interface.
I don't want to hear this, I have used a lot of darkstars in the past..... but yes, I have seen them fail, one from singipore had problems from its first minute, we could write to it, but it would have problems reading.
Why don't you get a life, If all you can do is sit around, and watch the national news network's coverage of NYC, then you, out of the gene pool. It is time to move on, no time to be our hollow selfs and watch tv till our eyes fall out of their sockets.
I attend a fairly large Public University in North Carolina. They have a squid transparent cache in place, but it's prone to crashing. It went down once at 5:30 on a friday, and It was not back up till I called the Network Programer at his house to get it back online, on sunday.
They don't block much, as far as I can tell, GRE is blocked (found that out when the squid cache crashed), but ESP is permitted . Oh, we also use DHCP *scream of horror*, but you HAVE to register your mac addr (or barrow a mac addr) to get an address.
And above that, all the outside links to NCREN (North Carolina Reseach and Educational Network) are pegged at 100% usage all the time. Its really annoying that it takes 1-3 seconds to open up a new mail message in outlook from my work email server, and 10-20 seconds to even start outlook (it takes about 30 seconds on a 56k modem with a pptp tunnel).
Re:I refuse to download a official kernel until ..
on
Linux Kernel 2.4.10
·
· Score: 1
I have used Ext3 on production servers, and they continue to work well, especially when I have installed lids on the box. I have a server out there that has ext3 and lids on it, and it has been running without trouble for almost a year.
Neadless to say, it took some hand patching to get lids, ext3, freeswan, and something else all on the box, and running fine.
I say it stable, the tools are available, and they work well. Time to go in.
Slashdot Mirror
Sooo True..... Most dorms these days are CO-Ed anyway....
The problem is that most guards will let you through if you seem to:
A) fit in
B) seem to be legit
I have two customers that have fairly high security buildings. One, I went to the break room, and had yet to be informed the combo on the door, the gaurd just let me in when I told them that I got locked out.
At another customers location, I just told the guard that I was delivering some software. The guard gave me a day pass to the entire complex.... The receptionist (who was new, and I did not know) voilated their own security policy by not stopping me when I walked bye. Keep in mind, I did not blend in, Policy there is slacks, and a tie. I was wearing blue jeans and a polar fleece sweater, plus I'm more or less a long haired hippy.
Keep in mind that these are legit cases, but guard's jobs are very mundane, and locations such as server rooms should be protected by lock and key at the least.
One customer broke through the back wall of their server room... why I don't know, but they have a combo door lock on the door... the only one in their entire office. but, you can just walk around to the other side of the room and enter from the back, where there is no door.
*shrug*
I guess its a property of the large corperate world, stupid decisions = bad security.
look on linuxdoc.org, if memory serves, there is a howto...
Microsoft allways supports their old crappy technologies....... in their newer, bigger, slower technologies.
The idea with all the file systems is so that you can migrate to linux. Also diffrent file systems have their features. Such as riserfs is used on lots of news servers because its good with lots of small files. Supporting all these file systems is very good incase you have to resurect a old half dead SCO, or SGI box.
NTFS will never be stable in linux because microsoft keeps changing ntfs with their ntfs using operating systems. Last I heard it was that they changed the journaling structure.
don't bother with every packet, just use LOTS of ipsec. Hell, if they were to tap my office net, they would see lots of ipsec, some email for non-profits, but then the servers support ssl, so a good chunk is all encrypted.
The idea is to make them paranoid, ipsec will make them every peranoid. Now that I think about it, more email comes in encrypted, than goes out... guess I have lazy customers not wanting or able to figure out how to enable ssl.
Oh, also, they would see nots of dns traffic
or if your worrying about the metal conduit leeking, just fill it with polyethaline glycol or mineral oil (both are non-conductive)
though the water you can run a current through to test the integrity....
Fill the glass pipe with water......
they are called cisco routers with a recent version of IOS
I had a friend who worked for Wachovia MIS, and he said thats what they did, IPSec on Cisco Routers.
Alcatel sells color coded single mode fiber.
The place I used to work for wrote a custom bench ORTD program for Alcatel, so we had a bunch of single mode color coded fiber laying around.
Won't work unless you get pressurizable wiring boxes (this is not nema level 12 (explosive proof), its custom stuff), then you would need a presure sensor, and a plc. You could have a program running in the background on the computer moitoring the plc's I/O points. Additionally, you could electrify the conduit, not high power, but enouf that if the conduit is cut through at any point, an alarm goes off.
Cheap as in you partner with the ILEC to do installs, and then cut a deal with them so you only have to pay the loop charge.
What I mean as DSL, is SDSL, and in most cases, that will run you atleast 230-400 a month anyway. Most local loop charges are from 400-700, but I have been on the phone with AT&T getting quotes for customers, and I got a tech to curse once when he saw what the loop charge was for one of my customer's locations ($1300 a month)
Yeah, it would be ineffecent.... I kind of find it annoying that it takes soo long for linux to figure out whats up, so I'm just figuring it would be better to just manually shutdown the wired interface.
when we were loosing bluestar, we managed to get a T1 pulled, and we had both up and running for about 12 hours w/o problems.... though we had all the packets leaving on one line...
Well, The first entered has priority, the second entered is a failover. I'm doing this with my wireless and wired network connections. If my ethernet cable gets unplugged, after about 10 seconds, linux figures out oh, that link is down, so it uses the wireless card as the default interface.
Forget DSL, get a cheap T1 from an ILEC, they will let you run BGP.
I had one back in the late 80s, I had lots of fun, but my parents did not like how much the sets cost, so they got me lots and lots of legos instead.
I think Nike got their swoosh from the greeks....
I don't want to hear this, I have used a lot of darkstars in the past..... but yes, I have seen them fail, one from singipore had problems from its first minute, we could write to it, but it would have problems reading.
Why don't you get a life, If all you can do is sit around, and watch the national news network's coverage of NYC, then you, out of the gene pool. It is time to move on, no time to be our hollow selfs and watch tv till our eyes fall out of their sockets.
nah, he is not rolling in his grave, he is rolling in a satellite, targeting it so that we get some new writers for star trek.
BTW, is it just me, or is it time for a DS9 movie? Or a TNG movie involving DS9?
I attend a fairly large Public University in North Carolina. They have a squid transparent cache in place, but it's prone to crashing. It went down once at 5:30 on a friday, and It was not back up till I called the Network Programer at his house to get it back online, on sunday.
They don't block much, as far as I can tell, GRE is blocked (found that out when the squid cache crashed), but ESP is permitted . Oh, we also use DHCP *scream of horror*, but you HAVE to register your mac addr (or barrow a mac addr) to get an address.
And above that, all the outside links to NCREN (North Carolina Reseach and Educational Network) are pegged at 100% usage all the time. Its really annoying that it takes 1-3 seconds to open up a new mail message in outlook from my work email server, and 10-20 seconds to even start outlook (it takes about 30 seconds on a 56k modem with a pptp tunnel).
So... Do you have a drivers lisence?
I have used Ext3 on production servers, and they continue to work well, especially when I have installed lids on the box. I have a server out there that has ext3 and lids on it, and it has been running without trouble for almost a year.
Neadless to say, it took some hand patching to get lids, ext3, freeswan, and something else all on the box, and running fine.
I say it stable, the tools are available, and they work well. Time to go in.
*gives up*
*releases the virus*