Talk about a dangerous power hungry scenario. At least use two servers for a highly availably solution man. Otherwise the setup is like something I did before I got funding for a proper Sonicwall. Maintaining a beast with that many different products is a pain. I'll give you an example. VPN Client wouldn't connect through the whole rig. Opening a port on the firewall is just the beginning, you need to whitelist the IPS, create a proxy routing rule and then hopefully all will work.
Of course a rig like that has a significant amount of flexibility which is a strong point in support of it. If you find a product better than Shorewall you can simply drop in whatever replacement you want and that means a lot in a fast paced work environment.
That's funny, Sonicwall is heralded as one of the best firewalls for VOIP support these days. How long ago was this? As an admin that deployed Asterisk company-wide using Sonicwalls as head-ends with VPN tunnels to remote locations and zero issues handling any voip traffic.
I think you'll find things have changed dramatically and that Sonicwall is much cheaper than the same level UTM from Juniper.
The thing that surprised me was the disparity between Sonicwall versus the other provides as it was an entire significant digit more expensive although the pricing in the article isn't in line with the pricing I've received but you're still talking five digits for Sonicwall versus four digits for the others.
I've never encountered AIM, MSN, or Yahoo issues in my environments. Usually the software has more to do with the problems than the head-end as software needs to support your environment. Many clients for instance don't support a NAT'd configuration despite how prevalent it is today.
I can vouch that at least Sonicwall will let you evaluate their firewall for free before you choose to purchse. Barracuda Networks also does this and it's an incredibly great policy as you get to play with the device to find out if it's too clunky for your purposes.
I do find it interesting that Cisco wasn't added to the mix but as another poster probably said, this was based on units available for review and Cisco is usually pretty tight lipped about a lot of their products. In one year of looking for WAN acceleration strategies not once did Cisco allow me to actually play with their WWAS product while I was able to get my hands on two Riverbed appliances and actually try it out for real in my own environment allowing me to test failure scenarios before I committed to the 60k necessary which makes a lot of sense.
Of course, these days most people don't perform due diligence and that's the real problem resulting in much of the IT world's woes.
This confuses greatly as when I was in 8th grade Algebra was an optional class students could take if they wanted a challenge. Now every student in 7th grade is taking Algebra at my old school.
I guess public schools in Vermont are significantly better that public schools elsewhere? I know people in Oregon that had similar experiences, although many others reflect the attitude that you have towards "the education system" which relies on parental involvement supplementing education and schools that aren't afraid to challenge students.
While you do have a point, if a hacker understands those other concepts then he will be a lot more affective as he will understand where the vulnerability points lay. I'm particularly referring to backup and restore strategies and forensics but the rest are also good to know as they provide you with additional attack vectors to consider.
Holistic approaches are the most affective if you don't want to get caught. I would argue that security researcher and white hat hacker are considered the same.
I wish the term hacker hadn't been muddied by intent as in my mind at least it is a curiosity inherent to us all that drives people to learn and approach the same situations differently than expected. I've seen a lot of mechanics that have the same mindset as hackers when it comes to fixing or modifying cars or bikes. In most fields there is a lot of room for creativity which allows you to think and act outside the box. Sometimes it results in a modification that is not street legal and sometimes you violate the Computer Fraud and Abuse Act.
Fortunately for me, I'm paid to do a lot of this work for my company so I can have some fun and not break any laws which feels pretty good.
Sounds like someone is in love with mythical hackers that don't truly exist or are an extreme rarity.
The idea that the coding and all the underlying skills necessary to "hack" into any system is not teachable is what is laughable. You clearly weren't involved in 2600 if you think there weren't any professors involved. It's mostly academia where all of these people came from. They learned the computing skills in school and took the material above and beyond to try different tasks with the same tools.
My 2600 chapter was full of people from varying backgrounds and professions with a common interest in learning how to do things that others didn't know how to do.
If you know an infosec guy that doesn't know about hacking techniques then I pray for anyone that hires them as they will not be affective at all in their job. How are you supposed to guard against something you know nothing about? The term hacker existed before security researcher because hacker became stigmatized for the few like Kevin Mitnick who caused a lot of havoc and exposed a lot of utter stupidity.
The government is having a hard time finding hackers because most hackers are performing tasks which the government has deemed illegal. This does not a good relationship make. Combine this with the secret nature of a lot of hackers work and they simply don't want to be around authority unless they have just started out. Competitions like this are a way to attempt to change that image but unfortunately with the state of laws nothing will change especially with hackers that try to do the right thing by informing private parties of security vulnerabilities ending up in jail.
Millions of wannabe kids have other interests than computers. The people with the necessary OCD to take it to a level of interest is a very small number of people who tend to be withdrawn from the mainstream making them hard to find and more importantly volunteer to have your background checked.
I was part of Infragard in college until 9/11 happened it was mostly free to all who wanted to learn about infosec from a private infrastructure security standpoint and it was very eye opening. That is until the FBI did a background check after 9/11 and apparently I failed as they asked me not to come back until I had a job in the field even though I had contributed heavily with designing secure networks.
There are tons of books that "hackers" read to learn what they know and the rest is left up to creativity. Make no mistake, the vast majority of skills can and often are taught. My college degree back in 2004 had a network security major along with network engineer and both required a certain amount of programming so you understand what you're trying to manage. Many of those classes were very enlightening even though the real world was dramatically different it still gave me the tools to understand what was happening in real time.
Few people truly comprehend this problem as the ramifications of the possible solutions.
If you make it difficult for people to cross the border then all kinds of commerce is also hurt so it costs you more than just materials to build a wall but also lots of lost revenue.
Think about how many people you probably know that avoid flying because they hate airports and the security bullshit you have to put up with?
From my own corporate experience, you make security so unfriendly and people will either circumvent or lobby to get it removed.
At almost 2000 miles long that doesn't sound like such a good idea to me, although with modern weaponry we could space out the small fortresses much further, like every 30 miles or such.
Even at that point you're still looking at spending a hell of a lot of money to accomplish something nobody really wants to accomplish.
Really, electronic fencing with video based surveillance is all you really need with camps every few miles or so. If it detects enough movement or heat signatures then it sets off alarms and then you send the border patrol to that location.
We use similar technology to protect expensive cars at our events where we have about 80,000 people on site. It works very well as it's just waiting for a virtual line to be crossed. The system is exceedingly easy to implement and a few orders of magnitude cheaper than building a giant wall that makes any further development almost impossible.
Because kraft fat free shredded cheese isn't considered healthy. Most home cooked meals value flavor over health, my grandmas recipe even involves adding a few eggs to give it body.
Then there are also those of us that don't believe cheese should be orange or yellow or whatever the hell color they dye their cheese.
While I generally agree with you, what home grown mac n cheese recipe do you have that is healthier? All of the recipes we have are very high in fat.
Let us also not forget that many families are either single parent or have two working parents and thus there is a lack of time to prepare all of this delicious nutritious food. At my house we've been trying 20 minute recipes but in general they do end up costing more than just going out to eat.
One thing you are forgetting is that people that are cheap and would buy prepackaged food or eat at McDonalds will buy cheap ingredients for making food from scratch and you'll be back at square one when it comes to health concerns.
My house isn't struggling for money thankfully so we'll shop farmers markets mostly. Whole Foods is considered a special treat when we want to have a BBQ with family I don't get to see often or when we want a turkey for Thanksgiving.
Ultimately I'm not sure the food people are eating is the problem, it's more the lack of exercise in addition to the lack of proper sleep. Those contribute a lot to metabolism although obviously what you eat is still important.
I had all the same problems with my Nvidia card and then I looked at NV Monitor and saw that it was running at 92 degree celcius. Turns out the slot cooling fan I was using wasn't helping at all. I removed it and now I'm at a healthy 62.
Of course it also just sounds like a defective card or it's not seated correctly. ATI cards in the past would sort of work if they weren't seated correctly.
These days it seems AMD/ATI is putting out better drivers than Nvidia. It's a nice change to see given that I remember a time when it was the other way around.
I agree although I also understand that not taking action would appear even worse for Obama so the right move is not easy for him as it would be political suicide.
What incentive would a private fire company have towards putting out say a forest fire or a grease fire at an RV park?
There are times when money shouldn't be the driving force. History has guided us where we are for a reason. Private fire companies in NY used to be a huge problem, they would often fight with each other while properties burn to the ground because that neighborhood contracted with one company while the neighboring company wanted a chance to compete.
While I agree that people should be free to do as they see fit I also understand that people left to their own devices will do anything they can to get on top and stay on top and we've seen all the negative side-effects of this. Most libertarians in no way attempt to explain how this wouldn't happen if the government wasn't involved. Then of course you've got the problem where billions of dollars from public moneys of the past have been used to create mega-corps of today so some damage can't be undone as fair competition isn't possible.
As far as I can tell the libertarian approach only works for new industries and for the most part new industries don't have a lot of regulations or government interference. The Internet was once free from government interference and it thrived. It was a wild west where you had to guard everything carefully because some enterprising hacker would come along and either own you or plant some virus. Now the government is getting involved in a vein attempt to regulate after the problem has gotten too big for any single entity to solve.
The whole time I was watching Obama's speech talking about getting people to lend money again I kept shouting at the TV that more credit doesn't mean anything without more capital to back it up but that basic idea seems lost in Washington. Bush obviously didn't understand and Obama doesn't seem to either. At least I can agree with what Obama wants to spend money on even though I think the timing is poor because of the bad situation he inherited from Bush.
While I agree spending is still out of control how do you figure that this administration spent double what the previous administration spent? Are you under the impression the 700 billion in bail-out money passed under Bush is somehow spent by the current administration? Besides that the rest only seems to be small increases in spending in a lot of areas that would make sense if we could actually afford it.
I just do both. We have several spools of varying cable types and we also buy a lot of the common cable lengths that are used. Of course more importantly I have the warehouse guys trained in termination for most wiring so they take care of it which works out because 2 minutes of their labor costs less than 1 minute of my labor.
Of course we put on shows where there is a lot of custom cabling going on so there are at least six people on full-time staff that can step in and crimp without any instruction. Gotta love teamwork.
Of course the best part about it all is that all that custom cabling just gets thrown out at the end of the show so my department collects it all in our off time and brings it in to sponsor a department party.
Those guys will use any justification they can to get pressure off the fact that they don't have the bandwidth they promised you.
I just did a show in Palm Beach so I'm a little irritated I can't get cable Internet at the location and the fastest DSL I can get is 3meg?!
In the end I had to use several DSLs pseudo-bonded with a load balancer to get the job done and I was still at least an order of magnitude short on bandwidth.
I have found that this is largely a problem with Cisco gear. I've used Nortel, and HP switching gear and I've never run into auto-sensing issues but I've run into it dozens of times when I have to interface with Cisco gear which I have to two about four times a year.
You seem to be confused with link speeds versus transfer speeds which can be very different.
I'm sorry but 1Gbps is not equal on all hardware. Some hardware isn't even capable of going that fast, see the vast majority of consumer oriented network cards that come 10 for $1. As much as I love those realteks they are slow. Compared that with a server class NIC and you get dramatically different amounts of throughput.
Hardware matters a lot and so does cabling. Just because you aren't getting errors doesn't mean you're going as fast as possible given your wiring and in my experience good luck getting actual gigabit speeds over Cat5 or Cat5e. Cat5e can at least do it over short distances like say 20' but much past that and your performance will indeed drop. It's easy to measure. Create a ramdrive on an ftp server and put a single large file in the ramdrive. Now initiate transfer to ramdrive on the other end. I have to transfer multiple terabytes when I arrive back at HQ after events so I notice those little performance differences.
Of course since the bad old days I have moved on to fiber which is proving to be much more resilient to new technology.
You do have a point in that your particular gear can affect your speeds. A realtek nic isn't likely to give you full speed as opposed to a proper broadcom or Intel nic. This however is not the case for me as bandwidth is a vital concern for me with VOIP and HD video streaming happening all over my network for a few hundred users at a temporary site.
Slashdot Mirror
What is the OS of your choice? I'm running Ubuntu and it will work just fine. Are you on a Mac?
Talk about a dangerous power hungry scenario. At least use two servers for a highly availably solution man. Otherwise the setup is like something I did before I got funding for a proper Sonicwall. Maintaining a beast with that many different products is a pain. I'll give you an example. VPN Client wouldn't connect through the whole rig. Opening a port on the firewall is just the beginning, you need to whitelist the IPS, create a proxy routing rule and then hopefully all will work.
Of course a rig like that has a significant amount of flexibility which is a strong point in support of it. If you find a product better than Shorewall you can simply drop in whatever replacement you want and that means a lot in a fast paced work environment.
That's funny, Sonicwall is heralded as one of the best firewalls for VOIP support these days. How long ago was this? As an admin that deployed Asterisk company-wide using Sonicwalls as head-ends with VPN tunnels to remote locations and zero issues handling any voip traffic.
I think you'll find things have changed dramatically and that Sonicwall is much cheaper than the same level UTM from Juniper.
The thing that surprised me was the disparity between Sonicwall versus the other provides as it was an entire significant digit more expensive although the pricing in the article isn't in line with the pricing I've received but you're still talking five digits for Sonicwall versus four digits for the others.
I've never encountered AIM, MSN, or Yahoo issues in my environments. Usually the software has more to do with the problems than the head-end as software needs to support your environment. Many clients for instance don't support a NAT'd configuration despite how prevalent it is today.
I can vouch that at least Sonicwall will let you evaluate their firewall for free before you choose to purchse. Barracuda Networks also does this and it's an incredibly great policy as you get to play with the device to find out if it's too clunky for your purposes.
I do find it interesting that Cisco wasn't added to the mix but as another poster probably said, this was based on units available for review and Cisco is usually pretty tight lipped about a lot of their products. In one year of looking for WAN acceleration strategies not once did Cisco allow me to actually play with their WWAS product while I was able to get my hands on two Riverbed appliances and actually try it out for real in my own environment allowing me to test failure scenarios before I committed to the 60k necessary which makes a lot of sense.
Of course, these days most people don't perform due diligence and that's the real problem resulting in much of the IT world's woes.
This confuses greatly as when I was in 8th grade Algebra was an optional class students could take if they wanted a challenge. Now every student in 7th grade is taking Algebra at my old school.
I guess public schools in Vermont are significantly better that public schools elsewhere? I know people in Oregon that had similar experiences, although many others reflect the attitude that you have towards "the education system" which relies on parental involvement supplementing education and schools that aren't afraid to challenge students.
While you do have a point, if a hacker understands those other concepts then he will be a lot more affective as he will understand where the vulnerability points lay. I'm particularly referring to backup and restore strategies and forensics but the rest are also good to know as they provide you with additional attack vectors to consider.
Holistic approaches are the most affective if you don't want to get caught. I would argue that security researcher and white hat hacker are considered the same.
I wish the term hacker hadn't been muddied by intent as in my mind at least it is a curiosity inherent to us all that drives people to learn and approach the same situations differently than expected. I've seen a lot of mechanics that have the same mindset as hackers when it comes to fixing or modifying cars or bikes. In most fields there is a lot of room for creativity which allows you to think and act outside the box. Sometimes it results in a modification that is not street legal and sometimes you violate the Computer Fraud and Abuse Act.
Fortunately for me, I'm paid to do a lot of this work for my company so I can have some fun and not break any laws which feels pretty good.
Sounds like someone is in love with mythical hackers that don't truly exist or are an extreme rarity.
The idea that the coding and all the underlying skills necessary to "hack" into any system is not teachable is what is laughable. You clearly weren't involved in 2600 if you think there weren't any professors involved. It's mostly academia where all of these people came from. They learned the computing skills in school and took the material above and beyond to try different tasks with the same tools.
My 2600 chapter was full of people from varying backgrounds and professions with a common interest in learning how to do things that others didn't know how to do.
If you know an infosec guy that doesn't know about hacking techniques then I pray for anyone that hires them as they will not be affective at all in their job. How are you supposed to guard against something you know nothing about? The term hacker existed before security researcher because hacker became stigmatized for the few like Kevin Mitnick who caused a lot of havoc and exposed a lot of utter stupidity.
The government is having a hard time finding hackers because most hackers are performing tasks which the government has deemed illegal. This does not a good relationship make. Combine this with the secret nature of a lot of hackers work and they simply don't want to be around authority unless they have just started out. Competitions like this are a way to attempt to change that image but unfortunately with the state of laws nothing will change especially with hackers that try to do the right thing by informing private parties of security vulnerabilities ending up in jail.
Millions of wannabe kids have other interests than computers. The people with the necessary OCD to take it to a level of interest is a very small number of people who tend to be withdrawn from the mainstream making them hard to find and more importantly volunteer to have your background checked.
I was part of Infragard in college until 9/11 happened it was mostly free to all who wanted to learn about infosec from a private infrastructure security standpoint and it was very eye opening. That is until the FBI did a background check after 9/11 and apparently I failed as they asked me not to come back until I had a job in the field even though I had contributed heavily with designing secure networks.
There are tons of books that "hackers" read to learn what they know and the rest is left up to creativity. Make no mistake, the vast majority of skills can and often are taught. My college degree back in 2004 had a network security major along with network engineer and both required a certain amount of programming so you understand what you're trying to manage. Many of those classes were very enlightening even though the real world was dramatically different it still gave me the tools to understand what was happening in real time.
No, it would increase wait times which are already ridiculously long.
Fair enough hence my second statement about spending a hell of a lot money to accomplish something nobody really wants to accomplish.
Few people truly comprehend this problem as the ramifications of the possible solutions.
If you make it difficult for people to cross the border then all kinds of commerce is also hurt so it costs you more than just materials to build a wall but also lots of lost revenue.
Think about how many people you probably know that avoid flying because they hate airports and the security bullshit you have to put up with?
From my own corporate experience, you make security so unfriendly and people will either circumvent or lobby to get it removed.
At almost 2000 miles long that doesn't sound like such a good idea to me, although with modern weaponry we could space out the small fortresses much further, like every 30 miles or such.
Even at that point you're still looking at spending a hell of a lot of money to accomplish something nobody really wants to accomplish.
Really, electronic fencing with video based surveillance is all you really need with camps every few miles or so. If it detects enough movement or heat signatures then it sets off alarms and then you send the border patrol to that location.
We use similar technology to protect expensive cars at our events where we have about 80,000 people on site. It works very well as it's just waiting for a virtual line to be crossed. The system is exceedingly easy to implement and a few orders of magnitude cheaper than building a giant wall that makes any further development almost impossible.
Because kraft fat free shredded cheese isn't considered healthy. Most home cooked meals value flavor over health, my grandmas recipe even involves adding a few eggs to give it body.
Then there are also those of us that don't believe cheese should be orange or yellow or whatever the hell color they dye their cheese.
While I generally agree with you, what home grown mac n cheese recipe do you have that is healthier? All of the recipes we have are very high in fat.
Let us also not forget that many families are either single parent or have two working parents and thus there is a lack of time to prepare all of this delicious nutritious food. At my house we've been trying 20 minute recipes but in general they do end up costing more than just going out to eat.
One thing you are forgetting is that people that are cheap and would buy prepackaged food or eat at McDonalds will buy cheap ingredients for making food from scratch and you'll be back at square one when it comes to health concerns.
My house isn't struggling for money thankfully so we'll shop farmers markets mostly. Whole Foods is considered a special treat when we want to have a BBQ with family I don't get to see often or when we want a turkey for Thanksgiving.
Ultimately I'm not sure the food people are eating is the problem, it's more the lack of exercise in addition to the lack of proper sleep. Those contribute a lot to metabolism although obviously what you eat is still important.
Lithium batteries are quite recyclable. While your concern is probably warranted I don't think it's near as big a deal as you think.
I had all the same problems with my Nvidia card and then I looked at NV Monitor and saw that it was running at 92 degree celcius. Turns out the slot cooling fan I was using wasn't helping at all. I removed it and now I'm at a healthy 62.
Of course it also just sounds like a defective card or it's not seated correctly. ATI cards in the past would sort of work if they weren't seated correctly.
These days it seems AMD/ATI is putting out better drivers than Nvidia. It's a nice change to see given that I remember a time when it was the other way around.
I agree although I also understand that not taking action would appear even worse for Obama so the right move is not easy for him as it would be political suicide.
What incentive would a private fire company have towards putting out say a forest fire or a grease fire at an RV park?
There are times when money shouldn't be the driving force. History has guided us where we are for a reason. Private fire companies in NY used to be a huge problem, they would often fight with each other while properties burn to the ground because that neighborhood contracted with one company while the neighboring company wanted a chance to compete.
While I agree that people should be free to do as they see fit I also understand that people left to their own devices will do anything they can to get on top and stay on top and we've seen all the negative side-effects of this. Most libertarians in no way attempt to explain how this wouldn't happen if the government wasn't involved. Then of course you've got the problem where billions of dollars from public moneys of the past have been used to create mega-corps of today so some damage can't be undone as fair competition isn't possible.
As far as I can tell the libertarian approach only works for new industries and for the most part new industries don't have a lot of regulations or government interference. The Internet was once free from government interference and it thrived. It was a wild west where you had to guard everything carefully because some enterprising hacker would come along and either own you or plant some virus. Now the government is getting involved in a vein attempt to regulate after the problem has gotten too big for any single entity to solve.
The whole time I was watching Obama's speech talking about getting people to lend money again I kept shouting at the TV that more credit doesn't mean anything without more capital to back it up but that basic idea seems lost in Washington. Bush obviously didn't understand and Obama doesn't seem to either. At least I can agree with what Obama wants to spend money on even though I think the timing is poor because of the bad situation he inherited from Bush.
While I agree spending is still out of control how do you figure that this administration spent double what the previous administration spent? Are you under the impression the 700 billion in bail-out money passed under Bush is somehow spent by the current administration? Besides that the rest only seems to be small increases in spending in a lot of areas that would make sense if we could actually afford it.
I just do both. We have several spools of varying cable types and we also buy a lot of the common cable lengths that are used. Of course more importantly I have the warehouse guys trained in termination for most wiring so they take care of it which works out because 2 minutes of their labor costs less than 1 minute of my labor.
Of course we put on shows where there is a lot of custom cabling going on so there are at least six people on full-time staff that can step in and crimp without any instruction. Gotta love teamwork.
Of course the best part about it all is that all that custom cabling just gets thrown out at the end of the show so my department collects it all in our off time and brings it in to sponsor a department party.
I see you've operated in Florida too!
Those guys will use any justification they can to get pressure off the fact that they don't have the bandwidth they promised you.
I just did a show in Palm Beach so I'm a little irritated I can't get cable Internet at the location and the fastest DSL I can get is 3meg?!
In the end I had to use several DSLs pseudo-bonded with a load balancer to get the job done and I was still at least an order of magnitude short on bandwidth.
I have found that this is largely a problem with Cisco gear. I've used Nortel, and HP switching gear and I've never run into auto-sensing issues but I've run into it dozens of times when I have to interface with Cisco gear which I have to two about four times a year.
You seem to be confused with link speeds versus transfer speeds which can be very different.
I'm sorry but 1Gbps is not equal on all hardware. Some hardware isn't even capable of going that fast, see the vast majority of consumer oriented network cards that come 10 for $1. As much as I love those realteks they are slow. Compared that with a server class NIC and you get dramatically different amounts of throughput.
Hardware matters a lot and so does cabling. Just because you aren't getting errors doesn't mean you're going as fast as possible given your wiring and in my experience good luck getting actual gigabit speeds over Cat5 or Cat5e. Cat5e can at least do it over short distances like say 20' but much past that and your performance will indeed drop. It's easy to measure. Create a ramdrive on an ftp server and put a single large file in the ramdrive. Now initiate transfer to ramdrive on the other end. I have to transfer multiple terabytes when I arrive back at HQ after events so I notice those little performance differences.
Of course since the bad old days I have moved on to fiber which is proving to be much more resilient to new technology.
Well it was Vegas, anything is possible!
You do have a point in that your particular gear can affect your speeds. A realtek nic isn't likely to give you full speed as opposed to a proper broadcom or Intel nic. This however is not the case for me as bandwidth is a vital concern for me with VOIP and HD video streaming happening all over my network for a few hundred users at a temporary site.