Best learning sources for certificates and cryptography? Networking |
- Best learning sources for certificates and cryptography?
- Firewall - DMZ Design
- Are you seeing any signs of Russia's "massive campaign to compromise computer routers and firewalls around the world"?
- Product Selection Cisco9500 or Juniper EX4600
- VLAN design for WLAN
- Thoughts on FortiSwitches
- ASA <-> Azure s2s VPN w/ BGP help request
- SFP28 programmer?
- VIRL vs GNS3 vs EVE-NG : The Battle
- ISP data retention solutions
- Favorite Mail Domain Reputation Tool/Service?
- Let's find out a little bit more about the /r/networking community as a whole
- Issues getting a trunk port to pass a VLAN
- Looking to set up a PoE Wifi Extender, does anyone have any model suggestions?
- Mixing medium type in an etherchannel
- Meraki Stable, Stable Release Candidate, Beta
- Where did the term Bogon come from?
- Aruba Modular Switches
- Switch to switch errors
- Be so good they can't ignore you
- Using Rspan with fex
- Would a network with EAP/PEAP authentication be vulnerable to phishing?
- Multihomed BGP with 2 ASAs
Best learning sources for certificates and cryptography? Posted: 17 Apr 2018 09:26 AM PDT I recently became a network engineer. I have a basic grasp of how certificates work, but I feel like not having a deeper practical understanding of it have held me back. I'm not looking for how the math or algorithms work. I'm looking for practical lessons on how certificates work for SSL, PEAP, using certificate authentication, managing certificates in windows, windows server, RADIUS, AD, etc. Does anyone have a preferred resource that worked well for them? [link] [comments] |
Posted: 17 Apr 2018 07:17 AM PDT Hello Guys, I have to re-design a firewalled DMZ design. I have this idea in my head to working pretty standard based. This means a front-end firewall cluster to connect towards the internet and the WAN. Behind this firewall cluster i would like the services cluster: F5 - Other A Back-end firewall cluster that will connect the LAN and incoming management subnets towards the LAN. The problem is that i'm still a bit junior on a security designs, so i would say that maybe incoming connections from the front-end cannot be allowed to the back-end firewalls without going through services cluster. Like a server in a LAN subnet that gets connected via the internet through an F5 cluster. (LTM) Is there like a "golden" standard to follow? Or like a reference design? I know for dual connected ISP access there was a design on this reddit. I'm wondering if there is one for Firewalls as well. [link] [comments] |
Posted: 16 Apr 2018 06:35 PM PDT The US and Britain made an announcement today about a Russian campaign to compromise networking equipment. Have you seen indications of elevated activity of this sort at your sites? If so, what do they look like? Telnet/SSH attempts or more sophisticated stuff? I haven't noticed anything beyond the norm. Here's one piece in the Washington Post but there are others: [link] [comments] |
Product Selection Cisco9500 or Juniper EX4600 Posted: 17 Apr 2018 10:07 AM PDT I am currently on the fence between these two products. Just completed a POC with Juniper and midway through the POC with Cisco. Both products seemed to work as expected in the limited time I have had hands on them. Does anyone have any experience that would cause you to go one way or the other. They will be positioned in the distribution layer of the campus network. Thanks again. [link] [comments] |
Posted: 17 Apr 2018 01:45 PM PDT I'm currently replacing 300 APs. Total of 3 SSIDs, each with this own VLAN. The APs themselves also of course on their own VLAN. Upon review I'm seeing that the existing design has the APs VLAN'd at the firewall (Fortigate). The subsequent wireless VLANs are configured at layer 3 on the aggregation switch (Aruba 5406) and routing via OSPF. What's the better design here? VLAN the APs on the firewall or just add them to layer 3 with the existing VLANs? [link] [comments] |
Posted: 17 Apr 2018 10:11 AM PDT We are looking at some 548d-fpoe switches to go with our fortigates. The ease of management, quicker troubleshooting, and price are the driving factors. What are peoples thoughts on reliability for their products? I've always been very happy w/ their firewalls. Thanks [link] [comments] |
ASA <-> Azure s2s VPN w/ BGP help request Posted: 17 Apr 2018 03:08 PM PDT This is killing me. I've gotten the ikev2 working, but the tunnel interface won't come up and I can't pass It could be my ignorance of routing in general. BGP Errors show no route to remote IP. IKEv2 shows up, IPSec shows nothing. Azure shows connected... Hopefully all Relevant configuration.
[link] [comments] |
Posted: 17 Apr 2018 01:12 PM PDT Hello, I´m aware of flexoptics and sfptotal programmers for programming optics. The flexoptics device is too limited as it only programs flexoptic optics. On the homepage of sfptotal support for SFP28 optics are not mentioned. Searching around I really cannot find any device for programming SFP28 optics. Perhaps someone knows where to get one? [link] [comments] |
VIRL vs GNS3 vs EVE-NG : The Battle Posted: 16 Apr 2018 06:31 PM PDT The week-end The LAN Tamer did a test to decide if he will renew VIRL subscription or use an alternative solution: VIRL - GNS3 -EVE-NG Test use the lab from INE... see here : https://www.youtube.com/watch?v=h4xRFtTemiU The google doc result is interesting as well : [link] [comments] |
Posted: 17 Apr 2018 04:43 AM PDT Hi /r/networking, I am doing a project for selecting ISP data retention products. I am doing a study to decide a better fit. Could you recommend some relevant products? Requirements: a. Collection of packet data at line speeds of at least 10Gbps (preferably covering the range 100-1000Gbps to accommodate expected traffic growth over next few years) b. Assembly of packets into flows (or other means to summarise individual packets) c. Inspection of packet data to characterise it d. Filtering to remove unwanted data e. Summarisation to reduce the amount of detail and hence storage volume and to make querying easier f. Enrichment to add other information from the packet flow and from external sources in order to increase the investigative value of the data g. Classification of traffic type to enable identification of internet service used (both fully qualified domain name and category/sub-category of service - for example "Facebook - social media - messaging" h. Querying facility to enable remote systems/users to rapidly search the stored data (ideally through a web service or external API) i. Query federation to enable a single query to be run on a number of systems distributed across the CSP network j. Persistent scalable storage for 3-12 months (ideally 12 months) k. Resilience to power interruption and equipment failure [link] [comments] |
Favorite Mail Domain Reputation Tool/Service? Posted: 17 Apr 2018 12:14 PM PDT Hey Guys, I am tasked with researching various options in terms of a mail domain reputation check. Any fellow network/sys admins have a tool or service they prefer to accomplish such a task? [link] [comments] |
Let's find out a little bit more about the /r/networking community as a whole Posted: 17 Apr 2018 11:28 AM PDT I thought it would be interesting to find out the "technical demographics" of the sub so I put together a quick survey. That way when you come for advice you can remember that "Only X amount of people here are in my shoes" or "Most people are looking at it through an enterprise lens." The survey is basically how big is your company/shop. How long have you been in the game. What kind of gear do you use. etc. Let me know if you think I should add a question. [link] [comments] |
Issues getting a trunk port to pass a VLAN Posted: 17 Apr 2018 11:19 AM PDT Last week you guys help me get a trunk up between my 3750G and a Dell Powerconnect. The trunk is up but its only passing the native VLAN 1. I'm a wits end trying to figure out whats going on. The only clue I have is that the "operational trunk encapsulation" is set to ISL. Other than that I don't see anything wrong. Any ideas? Edit: Forgot to add that the VLANS i'm trying to get trunked over Gi1/0/25 is VLAN 402. which is created and exists in the VLAN DB [link] [comments] |
Looking to set up a PoE Wifi Extender, does anyone have any model suggestions? Posted: 17 Apr 2018 11:11 AM PDT Hi. I work as the IT technician for an indoor agricultural farm. We're expanding into a warehouse that has steel walls and the AP will be in the IT office, so we're planning to use Wifi extenders to spread the signal throughout the building. Problem is, nobody consulted me during the design phase, so now we have Ethernet cabling poking out of the ceiling at two spots that are roughly 75 feet apart which are nowhere near a power outlet. Although I would have liked the increased range and throughput the plug-in options would have provided, there's no choice. So, my question is: does anyone know of some reliable Wifi extenders that are PoE with decent range/throughput? Thanks. Haven't posted in this sub before, sorry about any mistakes. [link] [comments] |
Mixing medium type in an etherchannel Posted: 17 Apr 2018 02:54 AM PDT Is there a way to mix copper and fiber links within an etherchannel with a ASA 5555X? I need to migrate my links and can't remove all channelmembers because the ASA won't let me remove the last member. I remember a "force" option when using mixed medium types on switches, but don't know if such an option exists on ASA firewalls. [link] [comments] |
Meraki Stable, Stable Release Candidate, Beta Posted: 17 Apr 2018 10:24 AM PDT So how stable are these releases? I've just thrown together a network of about 80 switches and roughly the same number of APs. At one network I've hit two critical bugs on the stable build - one wireless bug that I was able to move to Stable RC. The other is an unpublished switch bug that is only resolved on Beta. I was able to work around the switching bug without going to Beta, but I'm curious if my natural aversion to Beta software is justified. What's your experience? Does anyone here run the Meraki Beta switch code? [link] [comments] |
Where did the term Bogon come from? Posted: 17 Apr 2018 10:01 AM PDT Anybody know where the term bogon came from? I'm in training this week and the instructor brought it up and didn't know where it came from either. Quick Google search doesn't show much. Anyone else have any info? [link] [comments] |
Posted: 17 Apr 2018 08:53 AM PDT Hi everyone, we consider to expand out network and get rid of our old 48 port switches. I've figured out the Aruba 5400 series is a good choice but I've a few questions which may can be answered by someone here. If I understand everything right you buy a shelf and equip it with the different modules. So you can buy modules with 24 GBit ethernet ports for your clients and modules with SFP+ ports for 10Gbit uplink for your Servers right? I've seen you can also buy the PSU for the shelf. The PSUs are available in different sizes, how do I know which one I need? I think if i'm using PoE moduls i need a bigger one? My next question is about the shelf: Which size has the best price/size ratio? Is it possible to expand the shelf? Did I need the management modul for the switch? I need the possibility of creating VLANs and trunkings and maybe inter vlan routing. Is it possible to manage the swicht via telnet like the Procurve switches? Thanks in advance for answering my questions and sorry for the bad english but i'm no native speaker. [link] [comments] |
Posted: 17 Apr 2018 02:32 PM PDT I put a new server and switch into an existing LAN and instead of just passing traffic, the new switch is tossing errors at the old one. V1910 complaining about the data from a HP 5900 ... [link] [comments] |
Be so good they can't ignore you Posted: 17 Apr 2018 08:21 AM PDT So I've been reading this new book and the author says that your job should not have those 3 things:
In other to success you need to gain experience capital and be rare and valuable. So, how can this happen in networking? CCNA/CCNP is pretty common now, CCIEs are losing their value because of all the software and cloud automation coming in. What's the good niche to be in the be a rare expert? PS: I feel like people peak at CCIE, become 6 figure consultants and that's it. Is this really it? Is there a way to grow more. I'm not money hungry, I'm curious of the opportunities this can lead to. [link] [comments] |
Posted: 17 Apr 2018 07:33 AM PDT Using nx2k going to nx2k Were trying to monitor a port and when we use the rspan config examples we get a prompt that the destination cannot be a fex port. Problem is its part of a data center and all switches are part of fex and the only ports open that aren't part of the fabric are fiber ports and we dont have nics that term fiber. Cant span on the same switch either due to fiber terminations as well. Can anyone share some insight as to how some can rspan and were having this much trouble? Any suggestions will help. [link] [comments] |
Would a network with EAP/PEAP authentication be vulnerable to phishing? Posted: 17 Apr 2018 09:42 AM PDT If one were to setup a router with the same SSID as a network with EAP/PEAP authentication, would that router essentially be able to hijack an individuals login credentials if they connect to it? [link] [comments] |
Posted: 16 Apr 2018 11:44 PM PDT Hi everyone, I was looking for a bit of advice about how multi-homed BGP over 2 sites, each with their own ASA is done. Essentially, I've got 2 x /25s, one for each of my sites. Our ISP has given us the ability to take a default route from them, and let us advertise our /25s from either site, flopping to the other site if one site should fail. Our ASAs are currently in-line with the routers. How do I go about changing the network to allow each site to use the others internet connection, specifically static NATs and the ASAs gateway floating between the two routers without using FHRP (I need both sites to be active). I've added a diagram for a bit of clarity. For 'clients' read DMZ. I missed off a lot of the rest of the network for clarity. Any help would be appreciated! [link] [comments] |
You are subscribed to email updates from Enterprise Networking news, blogs and discussion.. To stop receiving these emails, you may unsubscribe now. | Email delivery powered by Google |
Google, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States |
No comments:
Post a Comment