If you use your Comcast SMTP servers for outbound email the same way you use Google's, you will be able to send work email from home. This will get around the port 25 block they (Comcast) have in place, because you are authenticating with Comcast in order to send email.
If your IT guys at work didn't have a problem getting your email when you were sending it through Google, they shouldn't care if you send it through Comcast. There's no more or less accountibility, and you actually aren't sending through the work email server if you go through Google anyways.
I have Comcast Business internet, and it is exactly as others have described: no blocked ports, no upload/download limits, and (so far) very decent customer service.
I also have five static IPs, run an email server and web server out of my house for commercial and non-commercial purposes. I've had zero issues in the year I have had this configuration.
Of course not. But by being marketed as turn-key solution, you know very well that managers will see UTMs as replacements for quality network administrators. A UTM cannot* do anything that a well-configured OpenBSD box with pf, squid, and ClamAV can.
I recommend taking a look at Fortinet's product line, and see if that might change your perception of what UTM can do in the footprint offered. I personally have built inline AV scanning systems for HTTP and SMTP, and while they worked very well, they are nowhere near as feature complete as a very good UTM device, or as easy to administer. UTMs also take a fraction of the time to set up compared to the time it takes to build a box from the ground up. They also have much higher throughput (required in some situations) than a whitebox setup due to dedicated DSPs and processors. Time is money too.
I think our fundamental disagreement is over whether companies will see UTMs as tools for competent system administrators, or as replacements for competent system administrators.
Yes, I can see where you are coming from regarding buying a "magic box" instead of spending the money on someone with a brain to manage the network. However, stupid management will always triumph reason when it comes to allocating funds for a proper network administrator AND the proper hardware/software resources. It cannot be helped without education in risk management, or is simply not worth the investment in some cases (lack of sensitive data, lack of funds, lack of staff).
If a boss says "I need to print and access my files from home", a quality system administrator will tell the boss he needs to buy a dedicated, secure laptop to access the VPN --- or partition some services off to a separate insecure network that the boss' diseased laptop can access. These things can be done with or without a VPN. On the other hand, a cheap sycophant with an expensive UTM will just configure the UTM to allow the boss' personal, spyware-infested laptop full access to the internal network.
Again, a bad network administrator is going to do dumb stuff, regardless of the hardware or software available.
In the case of some of the smaller FortiNet products, it may actually be cheaper than a separate "secure" computer to buy a small unit for the boss to have at his house so VPN software isn't required on ANY of his systems (hardware does the job of routing and VPN), and all are protected from the internet. You can also set up rules at either end to allow/disallow/scan whatever you want between the office and his house.
I'm sure the software stack I mentioned and some commercial UTM might have slightly different feature sets. The architecture, however, is identical.
I would say the UTM hardware I have investigated and implemented has a more complete feature set than anything I've seen anyone build in whitebox form. Same ideas, but packed into a very powerful system with a very nice administration interface. They also scale down to Linksys router size, with diskless operation and very low power requirements.
The hardware architecture is similar, but there are units that have dedicated processors or DSPs for different functions of the UTM device in order to keep latency down and throughput very high. Some of this hardware IS proprietary, so it's not stuff you can get to build your own box.
Sorry, I was thinking outside of the corporate scope as well, but didn't really make that clear.
I implemented a Unified Threat Management device at all of the internet uplinks for the wireless ISP I used to work for. It really cleaned up the crap that was on our internal network (customers), and reduced our complaints of SPAM originating on our internal IP space from the rest of the internet to zero overnight.
These same devices also blocked 99% of the crap that was coming in via email to our own servers from the internet at large, with very few false positives.
A UTM device in the right hands can really keep a network in top shape with regards to security and monitoring. It's another tool in the arsenal a good network admin can use in the fight against morons, not a replacement for a good admin.
Like I said, a UTM setup isn't always cheap, but I've found them to be worth every penny in the instances where I have deployed them.
I already presented my thoughts on bad network admins. The examples you gave are exactly what I was talking about.
The UTM would NOT be useless in the VPN example you gave. You would just have to route traffic from the VPN gateway through the UTM as an outside host, or terminate the VPN on the UTM (possible on some makes/models) and secure the connection appropriately (AV/SMTP/POP/IMAP scanning for malware).
No, you don't HAVE to have a UTM device to lock down a network properly, but it can make some aspects MUCH more simple than rolling your own solution, with just as much or more protection.
A quality network administrator wouldn't dismiss a UTM out of hand. Everything has its place.
Heck, even if it DOES happen somewhere, you think someone won't write some kind of proxy or gateway to establish communication between the two or more "internets"?
And finally, ffs, stop thinking that you can completely control the internet. No one can. Not this version, not whatever they're wishing to replace it with.
Absolutely. If worse comes to worse, there's always encrypted transmissions point-to-point via direct line, wireless mesh networking, and sneakernet. Now that people have had a taste of what's possible, new methods of communication "off the 'net" could be established.
I'll admit, the beginning of my comment was a sucker punch, but it was a well deserved one.
I've had the pleasure of implementing networks and maintaining security for many different types of organizations including manufacturing, education, scientific research, financial industries, wireless ISPs and lately a popular.com company. Over the years, it honestly makes more sense to watch what goes out as much as what comes in from the internet.
Stupid users aren't as bad as stupid network administrators. With the users, you have to expect they'll do something goofy that may compromise the integrity of your network. In most cases, it's not the users' jobs to monitor the network and worry about security. They have other job functions in the company.
Poor administration means you never catch it, and/or can't prevent the leak of information from the inside.
There are all kinds of dedicated appliances available today that make full-duplex protection fairly simple to implement. Just search for "unified threat management", and start reading. It's not always cheap, but it's necessary if you rely on your network and computer systems to do business every day.
A wider deployment of UTM devices and services would go a long way towards cleaning up the internet. Yes, it's packet inspection in some cases, but it's packet inspection that can still provide a level of anonymity if configured correctly (don't log).
Like what? What could be MORE vulnerable than a Microsoft operating system without a firewall?
Maybe if people and companies paid more attention to their network configuration, and configured their network in such a way as to protect hosts on the outside from exploited hosts on the inside, we would have a much cleaner internet in general.
It doesn't have to be about OS if you take the necessary steps to not only scan and protect yourself from the inbound traffic, but also paid attention to the outbound traffic.
I'm thinking the economic meltdown was staged. Just when a lot of countries (or unions) seemed to be on the verge of surpassing the US economically, surprise! The whole thing crashes to the dirt.
Someone's pulling strings somewhere. Look what effect the drop in oil prices has done to Russia, the Middle East, and oil exporting South American countries.
Yeah, didn't catch that mistake on my last post. Nano vs Atom.
Atom is hindered by (so far) the chipset Intel pairs up with the processor. Overall, Nano should be a better solution as a system than Atom.
After playing around with a Dell Mini 9, there's no way I'd sink a dollar into a netbook, laptop, or desktop system based on the Atom processor. It's really a slow platform compared to what most people would be used to.
Eh? ReiserFS had decent recovery capabilities, and I used them extensively when hardware failed in horribly ways on RAID systems. Instead of losing an entire filesystem, you might lose a couple files here and there.
My track record for recovering blown up RAID arrays running ReiserFS is much better than recovering those running EXT2 or EXT3.
I don't think this guy is lying. I just lost 60+ analog channels in the past week on Comcast cable, and apparently it was a planned shift to require a set-top box to view anything outside of what they rebroadcast from OTA stations.
So, screw Comcast. My HDTV was working just peachy with their basic content, and the set-top box is a flaming pile of poo.
Nano does more per watt compared to Nano, meaning you spend less time burning your battery powering other parts of your mobile computer (screen, hard drive, etc).
I posted some links to benchmarks between the Atom and Nano further up this thread.
There was a comparison between Atom and Nano a while back, and the conclusion was while the Nano does draw a bit more power overall, it does more work per watt. This is even taking into consideration the Atom chip had HyperThreading.
Slashdot Mirror
If you use your Comcast SMTP servers for outbound email the same way you use Google's, you will be able to send work email from home. This will get around the port 25 block they (Comcast) have in place, because you are authenticating with Comcast in order to send email.
If your IT guys at work didn't have a problem getting your email when you were sending it through Google, they shouldn't care if you send it through Comcast. There's no more or less accountibility, and you actually aren't sending through the work email server if you go through Google anyways.
I'd give the Comcast SMTP server(s) a shot.
So, work allowed you to bounce through smtp.gmail.com, but you couldn't use the SMTP servers at Comcast? Exactly how is that any different?
You really have no clue about how this stuff works, do you?
It's called a business account, and Comcast offers this in most areas.
I have Comcast Business internet, and it is exactly as others have described: no blocked ports, no upload/download limits, and (so far) very decent customer service.
I also have five static IPs, run an email server and web server out of my house for commercial and non-commercial purposes. I've had zero issues in the year I have had this configuration.
I recommend taking a look at Fortinet's product line, and see if that might change your perception of what UTM can do in the footprint offered. I personally have built inline AV scanning systems for HTTP and SMTP, and while they worked very well, they are nowhere near as feature complete as a very good UTM device, or as easy to administer. UTMs also take a fraction of the time to set up compared to the time it takes to build a box from the ground up. They also have much higher throughput (required in some situations) than a whitebox setup due to dedicated DSPs and processors. Time is money too.
Yes, I can see where you are coming from regarding buying a "magic box" instead of spending the money on someone with a brain to manage the network. However, stupid management will always triumph reason when it comes to allocating funds for a proper network administrator AND the proper hardware/software resources. It cannot be helped without education in risk management, or is simply not worth the investment in some cases (lack of sensitive data, lack of funds, lack of staff).
Again, a bad network administrator is going to do dumb stuff, regardless of the hardware or software available.
In the case of some of the smaller FortiNet products, it may actually be cheaper than a separate "secure" computer to buy a small unit for the boss to have at his house so VPN software isn't required on ANY of his systems (hardware does the job of routing and VPN), and all are protected from the internet. You can also set up rules at either end to allow/disallow/scan whatever you want between the office and his house.
I would say the UTM hardware I have investigated and implemented has a more complete feature set than anything I've seen anyone build in whitebox form. Same ideas, but packed into a very powerful system with a very nice administration interface. They also scale down to Linksys router size, with diskless operation and very low power requirements.
The hardware architecture is similar, but there are units that have dedicated processors or DSPs for different functions of the UTM device in order to keep latency down and throughput very high. Some of this hardware IS proprietary, so it's not stuff you can get to build your own box.
Sorry, I was thinking outside of the corporate scope as well, but didn't really make that clear.
I implemented a Unified Threat Management device at all of the internet uplinks for the wireless ISP I used to work for. It really cleaned up the crap that was on our internal network (customers), and reduced our complaints of SPAM originating on our internal IP space from the rest of the internet to zero overnight.
These same devices also blocked 99% of the crap that was coming in via email to our own servers from the internet at large, with very few false positives.
A UTM device in the right hands can really keep a network in top shape with regards to security and monitoring. It's another tool in the arsenal a good network admin can use in the fight against morons, not a replacement for a good admin.
Like I said, a UTM setup isn't always cheap, but I've found them to be worth every penny in the instances where I have deployed them.
I already presented my thoughts on bad network admins. The examples you gave are exactly what I was talking about.
The UTM would NOT be useless in the VPN example you gave. You would just have to route traffic from the VPN gateway through the UTM as an outside host, or terminate the VPN on the UTM (possible on some makes/models) and secure the connection appropriately (AV/SMTP/POP/IMAP scanning for malware).
No, you don't HAVE to have a UTM device to lock down a network properly, but it can make some aspects MUCH more simple than rolling your own solution, with just as much or more protection.
A quality network administrator wouldn't dismiss a UTM out of hand. Everything has its place.
The free solution is called SPF, and it is done through DNS records.
Of course, your email provider needs to support this feature on their email system in order for it to be of any use.
They had to get assistance when the place almost burned to the water. Sealand is also no where near self-sustaining.
Heck, even if it DOES happen somewhere, you think someone won't write some kind of proxy or gateway to establish communication between the two or more "internets"?
Absolutely. If worse comes to worse, there's always encrypted transmissions point-to-point via direct line, wireless mesh networking, and sneakernet. Now that people have had a taste of what's possible, new methods of communication "off the 'net" could be established.
I'll admit, the beginning of my comment was a sucker punch, but it was a well deserved one.
I've had the pleasure of implementing networks and maintaining security for many different types of organizations including manufacturing, education, scientific research, financial industries, wireless ISPs and lately a popular .com company. Over the years, it honestly makes more sense to watch what goes out as much as what comes in from the internet.
Stupid users aren't as bad as stupid network administrators. With the users, you have to expect they'll do something goofy that may compromise the integrity of your network. In most cases, it's not the users' jobs to monitor the network and worry about security. They have other job functions in the company.
Poor administration means you never catch it, and/or can't prevent the leak of information from the inside.
There are all kinds of dedicated appliances available today that make full-duplex protection fairly simple to implement. Just search for "unified threat management", and start reading. It's not always cheap, but it's necessary if you rely on your network and computer systems to do business every day.
A wider deployment of UTM devices and services would go a long way towards cleaning up the internet. Yes, it's packet inspection in some cases, but it's packet inspection that can still provide a level of anonymity if configured correctly (don't log).
Like what? What could be MORE vulnerable than a Microsoft operating system without a firewall?
Maybe if people and companies paid more attention to their network configuration, and configured their network in such a way as to protect hosts on the outside from exploited hosts on the inside, we would have a much cleaner internet in general.
It doesn't have to be about OS if you take the necessary steps to not only scan and protect yourself from the inbound traffic, but also paid attention to the outbound traffic.
I'm thinking the economic meltdown was staged. Just when a lot of countries (or unions) seemed to be on the verge of surpassing the US economically, surprise! The whole thing crashes to the dirt.
Someone's pulling strings somewhere. Look what effect the drop in oil prices has done to Russia, the Middle East, and oil exporting South American countries.
You think that hasn't started already?
Yeah, didn't catch that mistake on my last post. Nano vs Atom.
Atom is hindered by (so far) the chipset Intel pairs up with the processor. Overall, Nano should be a better solution as a system than Atom.
After playing around with a Dell Mini 9, there's no way I'd sink a dollar into a netbook, laptop, or desktop system based on the Atom processor. It's really a slow platform compared to what most people would be used to.
That's pretty much it. Marketing works for Apple, why can't it work for Microsoft?
*waves hand*
This is not the OS you are looking for.
Eh? ReiserFS had decent recovery capabilities, and I used them extensively when hardware failed in horribly ways on RAID systems. Instead of losing an entire filesystem, you might lose a couple files here and there.
My track record for recovering blown up RAID arrays running ReiserFS is much better than recovering those running EXT2 or EXT3.
Even in the USA, you don't HAVE to do any of what you just wrote with a computer.
Pen a letter, or use a typewriter. Rent your media, or do pay-per-view over cable/dish. Do taxes by hand, and file via snail mail.
Don't worry, we'll get to the point where you HAVE to use a computer for all of that. It's a ways out, though.
I don't think this guy is lying. I just lost 60+ analog channels in the past week on Comcast cable, and apparently it was a planned shift to require a set-top box to view anything outside of what they rebroadcast from OTA stations.
So, screw Comcast. My HDTV was working just peachy with their basic content, and the set-top box is a flaming pile of poo.
Time to see what Dish Network has to offer.
Because every year is the year of the Linux server/cluster/router/toaster.
The only reason I run a GUI on desktops is so I can open more terminals and use a web browser.
I'm with you, 100%. There's no need for all the fluff that's on the internet these days. It just slows everything down.
All I need is dial-up to do my work (all terminal based).
Nano does more per watt compared to Nano, meaning you spend less time burning your battery powering other parts of your mobile computer (screen, hard drive, etc).
I posted some links to benchmarks between the Atom and Nano further up this thread.
See my post further up the thread with benchmarks and power consumption tests between Atom and Nano.
Then go do some reading yourself.
There was a comparison between Atom and Nano a while back, and the conclusion was while the Nano does draw a bit more power overall, it does more work per watt. This is even taking into consideration the Atom chip had HyperThreading.
http://enthusiast.hardocp.com/article.html?art=MTUzNSwxLCxoZW50aHVzaWFzdA==
http://www.legitreviews.com/article/757/1/
http://arstechnica.com/reviews/hardware/atom-nano-review.ars
That took a whole 10 seconds of searching on Google.
With regards to the discussion, which would be this open source tablet thingy, I think the Nano is the better choice.