LISTSERV - HP3000-L Archives

HP3000-L Archives

August 2000, Week 2

HP3000-L@RAVEN.UTC.EDU

	LISTSERV Archives
	HP3000-L Home
	HP3000-L August 2000, Week 2

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: OT: Firewalls and Such
From:	Mark Wonsil <[log in to unmask]>
Reply To:	[log in to unmask]
Date:	Thu, 10 Aug 2000 11:58:17 -0400
Content-Type:	text/plain
Parts/Attachments:	text/plain (54 lines)

In the July issue of MS TechNet was an excerpt from a book by Sybex called
"Firewalls, 24 Seven"  The chapter they included on the CD was a nice primer
on TCP/IP with emphasis on understanding security.  May be worth a look.  As
always, YMMV.

Mark Wonsil
4M Enterprises, Inc.

-----Original Message-----
From: HP-3000 Systems Discussion [mailto:[log in to unmask]]On
Behalf Of Jim Phillips
Sent: Thursday, August 10, 2000 7:47 AM
To: [log in to unmask]
Subject: Re: [HP3000-L] OT: Firewalls and Such


Jeff Kell <[log in to unmask]> warns:

> My my, you are a trusting soul.  <cisco-bias> I would insist on read

Well, we're kinda forced into being that trusting.  When you only have two
people in IS, something has to give somewhere...

> only telnet access and/or the read community string.  As it stands, you
> cannot validate the status of your line (is it really down on your end,
> or is MCI throwing you a line?  Are you dropping packets?  How many?
> What's the error rate?  If it's frame relay, how many burst packets are
> getting zapped?  How often?  Are you getting the CIR you are paying
> for?).  As for http, the router can do that too with the proper version
> and configuration.  Where is NAT?  You *should* know!
> Is it dynamic?  Static?  A combination?  Is it overloading a pool?
> Typically you do the NAT, although I could also buy into MCI giving you
> RFC1918 addresses and using an unnumbered serial port to get to them,
> but I would doubt they want to offload the NAT overhead to their border
> router [that would be hideous]).  </cisco-bias>

As it stands, I wouldn't know a burst packet from a bratwurst!  That's why
we pay the FR provider (which may not be MCI much longer!) to monitor the
network for us.

> You would be surprised what your upstream provider won't tell you.

And you might be surprised at what I wouldn't understand even if they did
tell me...

BTW, why the <cisco-bias> </cisco-bias> tags?  We are using Cisco routers,
if that matters....

Jim Phillips                            Manager of Information Systems
E-Mail: [log in to unmask]     Therm-O-Link, Inc.
Phone: (330) 527-2124                   P. O. Box 285
  Fax: (330) 527-2123                   10513 Freedom Street
  Web: http://www.tolwire.com  Garrettsville, Ohio  44231

ATOM RSS1 RSS2

RAVEN.UTC.EDU