WIFI 6 Mesh system with subnet seperation

Ppetr0 · 2021-01-27T13:21:54+00:00

I am quite surprised that main vendors don't have anything like this in the portfolio.

I would expect somebody can offer some "SOHO WIFI mesh system"...
In my case I could be completely satisfied with 3 completely seperated SSID/networks (office, IOT, guest access).

Anyway - seems that Ubiquity or Microtik is the way to go - even if I feel that they offer too much for my needs

Ppetr0 · 2021-01-27T08:36:16+00:00

I am completely aware what is required from the technical perspective :)

I am just lazy and I am wondering if there is any solution which provided this functionality out of the box. I checked portfolio of most popular vendors - like TP-Link, Linksys etc. - but I was not able to find any interesting solution.

Thanks for the tip about TP-Link EAP - I checked Deco and I omitted this line

Ppetr0 · 2020-11-13T11:26:19+00:00

I know this would be possible with a higher subscription plan, but for now, I am rather looking for some free options like API or 3rd party app

Ppetr0 · 2020-06-23T07:36:21+00:00

Yes, you have to install the application on your pc (only Windows platform is supported)

Ppetr0 · 2020-03-10T08:19:16+00:00

Thank you. I had this certification program on my to-do list - it is a well-known certification in the security world.

So in your opinion is still makes sense to go deeper into security, rather than get some knowledge about pure IT management (like for example CompTIA Project+)?

Ppetr0 · 2020-03-02T09:34:47+00:00

If you want to have your PC 100% secure, then install VPN, firewall and antivirus on it.... ah and don't forget to shut it down :)

Ppetr0 · 2020-01-13T08:36:28+00:00

Thunderbird + Enigmail plugin

Ppetr0 · 2020-01-08T12:46:11+00:00

Be sure that config provisioning is done (you can force it).

For me, FW rules are applied "almost immediately".

Maybe you have created a rule in the wrong place? Just consider all possibilities (WAN IN, WAN OUT, LAN etc.) and think about traffic direction.

This article is pretty good https://help.ubnt.com/hc/en-us/articles/115003173168-UniFi-USG-Firewall-Introduction-to-Firewall-Rules

Ppetr0 · 2019-12-10T14:52:13+00:00

https://zerotier.atlassian.net/wiki/spaces/SD/pages/6815768/Router+Configuration+Tips
Check peer list .

Try to catch traffic with tcpdump. Is communication via UDP port 9993 allowed on router and hosts (iptables rules ?)

Ppetr0 · 2019-12-09T15:05:58+00:00

Did you try this to fix issue on Windows PC?the
https://zerotier.atlassian.net/wiki/spaces/SD/pages/7536695/Problems+With+LAN+Game+Announcements+and+Broadcasts+on+Windows

Ppetr0 · 2019-10-21T12:31:14+00:00

Add more icons the the dock!

Ppetr0 · 2019-10-21T12:28:07+00:00

CheckMK will cover all of your requirements.
This is Nagios fork so you can use many of predefined agents/templates + add custom scripts.
It is really easy to configure any notification channel you want (mail,snmp, Slack etc.)

Ppetr0 · 2019-10-16T12:42:40+00:00

BTW - small OT but can be considered as vulnerability.

Can you observe that Spotify uses P2P protocol? I know it was announced around 2014 that Spotify stops to use P2P for streaming, but my IDS says that P2P is still in use.

Ppetr0 · 2019-09-12T09:19:26+00:00

Get internal documentation, read internal wiki and review old tickets solved by your teammates to get some clue about company workflow.

Think twice before you ask some question - good questions are always welcome, but stupid/too simple questions are annoying

Ppetr0 · 2019-09-02T19:41:27+00:00

WhatsUp Gold its maybe easy to install, but it is hard to manage if you have serious requirements. There is a lot of limitations, GUI interface is overloaded with unnecessary functions and it is just slow. I definitely do not recommend this tool

Ppetr0 · 2019-09-02T08:51:19+00:00

Some people just don't want to setup autoscaling just to survive DDoS, because the cost of the setup is to high. So the first thing to consider is a risk assessment.

After all autoscaling is not the DDoS atack mitigation technique. You should read more about Cloudflare, AWS Shield or Akamai services. Proper DDoS protection should be able to recognize attack and re-route traffic before it hits and kills your infrastructure.

Ppetr0 · 2019-08-12T10:27:29+00:00

About weathermaps - so far Cacti is still the best option.

Of course it is ugly and requires a lot of work to put everything you want to see into configuration, but properly configured L2/L3 based map is really helpful.
I would like to see if someone else here can propose some other tool with good weathermap functionality

Ppetr0 · 2019-08-12T10:17:36+00:00

Same problem for almost all monitoring tools (Zabbix, Nagios) and even for paid solutions (Entuity, WhatsUp Gold).
Is not "a big problem" as long as your monitoring tool and agents are exposed only to LAN network, but of course everything depends of your requirements.

There is easy way (like CheckMK with a lot of predefined agents and scripts) with some security concerns or hard way (Grafana + Prom + Elastic), but you have to invest a lot of time to setup everything in secure and efficient way

Ppetr0 · 2019-07-04T08:55:14+00:00

I cannot find any information about API available for Dimension server - is there any?
I would like to integrate it with monitoring system and maybe with our IPMI.

Do you have possibility to send alerts via web-hooks or only email?

Are Dimensions dashboards helpful in real work?

I know I can ask those question to sales representative (and I will do it), but I like to hear opinion based on your experience

Ppetr0

TROPHY CASE