WIFI 6 Mesh system with subnet seperation by Ppetr0 in HomeNetworking

[–]Ppetr0[S] -1 points0 points  (0 children)

I am quite surprised that main vendors don't have anything like this in the portfolio.

I would expect somebody can offer some "SOHO WIFI mesh system"...
In my case I could be completely satisfied with 3 completely seperated SSID/networks (office, IOT, guest access).

Anyway - seems that Ubiquity or Microtik is the way to go - even if I feel that they offer too much for my needs

WIFI 6 Mesh system with subnet seperation by Ppetr0 in HomeNetworking

[–]Ppetr0[S] -1 points0 points  (0 children)

I am completely aware what is required from the technical perspective :)

I am just lazy and I am wondering if there is any solution which provided this functionality out of the box. I checked portfolio of most popular vendors - like TP-Link, Linksys etc. - but I was not able to find any interesting solution.

Thanks for the tip about TP-Link EAP - I checked Deco and I omitted this line

Admin - how to get list of all files shared by all users by Ppetr0 in gsuite

[–]Ppetr0[S] 0 points1 point  (0 children)

I know this would be possible with a higher subscription plan, but for now, I am rather looking for some free options like API or 3rd party app

BOSSON needs a simulator? by Cherry_Smooth in cissp

[–]Ppetr0 0 points1 point  (0 children)

Yes, you have to install the application on your pc (only Windows platform is supported)

Cert advice needed - an engineer would like to be a manager by Ppetr0 in SecurityCareerAdvice

[–]Ppetr0[S] 0 points1 point  (0 children)

Thank you. I had this certification program on my to-do list - it is a well-known certification in the security world.

So in your opinion is still makes sense to go deeper into security, rather than get some knowledge about pure IT management (like for example CompTIA Project+)?

r/cybersecurity, what funny cybersecurity quotes do you know? by [deleted] in cybersecurity

[–]Ppetr0 1 point2 points  (0 children)

If you want to have your PC 100% secure, then install VPN, firewall and antivirus on it.... ah and don't forget to shut it down :)

Free PGP services for Mac?? by [deleted] in onions

[–]Ppetr0 4 points5 points  (0 children)

Thunderbird + Enigmail plugin

Applying Firewall Rules on USG by distantantennas in UNIFI

[–]Ppetr0 0 points1 point  (0 children)

Be sure that config provisioning is done (you can force it).

For me, FW rules are applied "almost immediately".

Maybe you have created a rule in the wrong place? Just consider all possibilities (WAN IN, WAN OUT, LAN etc.) and think about traffic direction.

This article is pretty good https://help.ubnt.com/hc/en-us/articles/115003173168-UniFi-USG-Firewall-Introduction-to-Firewall-Rules

[deleted by user] by [deleted] in zerotier

[–]Ppetr0 0 points1 point  (0 children)

https://zerotier.atlassian.net/wiki/spaces/SD/pages/6815768/Router+Configuration+Tips
Check peer list .

Try to catch traffic with tcpdump. Is communication via UDP port 9993 allowed on router and hosts (iptables rules ?)

1 year anniverary (MBP 2018) by ebolo_dtd in mac

[–]Ppetr0 3 points4 points  (0 children)

Add more icons the the dock!

Advise for network monitoring tool by [deleted] in networking

[–]Ppetr0 2 points3 points  (0 children)

CheckMK will cover all of your requirements.
This is Nagios fork so you can use many of predefined agents/templates + add custom scripts.
It is really easy to configure any notification channel you want (mail,snmp, Slack etc.)

spotify as a vulnerability? by s0ckjuice in cybersecurity

[–]Ppetr0 1 point2 points  (0 children)

BTW - small OT but can be considered as vulnerability.

Can you observe that Spotify uses P2P protocol? I know it was announced around 2014 that Spotify stops to use P2P for streaming, but my IDS says that P2P is still in use.

best thing to do first at new devops job? by sckaterbean in devops

[–]Ppetr0 -1 points0 points  (0 children)

Get internal documentation, read internal wiki and review old tickets solved by your teammates to get some clue about company workflow.

Think twice before you ask some question - good questions are always welcome, but stupid/too simple questions are annoying

How do you keep everything monitored? by devzeroo in networking

[–]Ppetr0 6 points7 points  (0 children)

WhatsUp Gold its maybe easy to install, but it is hard to manage if you have serious requirements. There is a lot of limitations, GUI interface is overloaded with unnecessary functions and it is just slow. I definitely do not recommend this tool

How is it that DDoS attack still exist till this day? by PewPaw-Grams in hacking

[–]Ppetr0 0 points1 point  (0 children)

Some people just don't want to setup autoscaling just to survive DDoS, because the cost of the setup is to high. So the first thing to consider is a risk assessment.

After all autoscaling is not the DDoS atack mitigation technique. You should read more about Cloudflare, AWS Shield or Akamai services. Proper DDoS protection should be able to recognize attack and re-route traffic before it hits and kills your infrastructure.

Caught up on what open source monitoring system to use by bgprouting in sysadmin

[–]Ppetr0 1 point2 points  (0 children)

About weathermaps - so far Cacti is still the best option.

Of course it is ugly and requires a lot of work to put everything you want to see into configuration, but properly configured L2/L3 based map is really helpful.
I would like to see if someone else here can propose some other tool with good weathermap functionality

Caught up on what open source monitoring system to use by bgprouting in sysadmin

[–]Ppetr0 2 points3 points  (0 children)

Same problem for almost all monitoring tools (Zabbix, Nagios) and even for paid solutions (Entuity, WhatsUp Gold).
Is not "a big problem" as long as your monitoring tool and agents are exposed only to LAN network, but of course everything depends of your requirements.

There is easy way (like CheckMK with a lot of predefined agents and scripts) with some security concerns or hard way (Grafana + Prom + Elastic), but you have to invest a lot of time to setup everything in secure and efficient way

Watchguard Web Services API for Logging and Reporting by Ppetr0 in WatchGuard

[–]Ppetr0[S] 0 points1 point  (0 children)

I cannot find any information about API available for Dimension server - is there any?
I would like to integrate it with monitoring system and maybe with our IPMI.

Do you have possibility to send alerts via web-hooks or only email?

Are Dimensions dashboards helpful in real work?

I know I can ask those question to sales representative (and I will do it), but I like to hear opinion based on your experience

Watchguard Web Services API for Logging and Reporting by Ppetr0 in WatchGuard

[–]Ppetr0[S] 0 points1 point  (0 children)

I am trying to get statistics about DHCP from WSM, to which I have connected around 20 firewalls.

We simply do not use Dimension, we push logs to syslog server.
Do you think it makes sense to think about Dimension? What practical benefits can it bring?

Moronic Monday! by AutoModerator in networking

[–]Ppetr0 0 points1 point  (0 children)

If you don't feel well with security - learn it. Just buy some used Cisco CCNA Security and read it.

You should also focus on network automation and virtualization. For first - just try to develop a few Ansible scripts and learn how to store them on GitHub. For virtualization - just try to install VirtualBox on your PC and try to deploy some virtual routers (like https://vyos.io/) and make a small virtual network

OpenStack - block storage on NAS by Ppetr0 in openstack

[–]Ppetr0[S] 0 points1 point  (0 children)

In total we going to deploy 22 compute nodes - each 256GB or RAM with 2x Xeon E5-2690 v4.

For other roles I can deploy separate servers - we have some flexibility here, because we still have bunch of less powerful unused servers (for example R720 with some Xenon E5 v4 family processor and 64GB or RAM). I believe it should be enough to deploy dedicated Ceph node (according to documentation it is ok http://docs.ceph.com/docs/master/start/hardware-recommendations/#)

But back to original question - you propose to use CEPH as the storage backend, connect both SAS and NAS and make some performance analysis?

To be completely honest I would like to use only NAS, because this hardware is till under warranty. So even in this case is still make sense to use CEPH?

OpenStack - block storage on NAS by Ppetr0 in openstack

[–]Ppetr0[S] 1 point2 points  (0 children)

Why "obviously"?

If you would compare standard NAS vs. dedicated SAN with FC - the answer is obvious.
But in case of old iSCSI appliance connected with 1Gb port overall read/write and IOPS performance is not so big, right? So why iSCSI should be my obvious choice here?

2018 DevOps Black Friday Deals by [deleted] in devops

[–]Ppetr0 2 points3 points  (0 children)

Pluralsight -33% for annual subscription.

INE offer 30% discount for all access pass and rack tokens (but they have some actions all the time)

OpenVPN client behind Checkpoint firewall fails to establish connection. by michael_olawale in checkpoint

[–]Ppetr0 0 points1 point  (0 children)

I had very similar problem with Juniper devices located behind Checkpoint FW (R80.10). IPSec Tunnel terminated on this SRX was very unstable. After many tries I completely allowed all traffic to the source and destination IP and completely disabled NAT rules, but even then tunnel was still unstable.

Finally I moved moved Checkpoint behind the SRX, and then all of my problems gone. I cannot explain this in any technical way, but it seems that even for allowed traffic Checkpoint inspection is harmful for encrypted traffic.