Messages

How about a section for ZT discussions?

Try - Everything Else in the Data Center

squeeze 'em out, if ya can. There's only a month left in the year.

To all those that participate.
Happy Thursday to all the others.

what are the networks?   the easiest way to combine networks is to modify the subnet mask in all devices.
i.e.
192.168.0.0/24
192.168.1.0/24
=
192.168.0.0/23

Have you decided on a subnet to use?

I think this is an old question, looking for IPv4 not IPv6.

I'm in network security, my job is to find vulnerabilities and weaknesses in systems.  But I can't even run a Tenable scan or NMAP, without authoritative permissions. otherwise it might be construed that I am hacking the network.
 

Doing anything against company policy is a path to nowheresville, IN.  you need buy in, and acceptance (in writing, to CYA) that anything you do is recommended and or approved by management. and only do what is approved by management, making decisions on your own leads to liability. liability leads to joblessness. not your company, not your decision, so all you can do is make recommendations, it's up to the company to make the final decisions and accept liability and task you to implement your recommendations, rather than you. if they decide not to do anything, it's not your call. it's not your company. (unless you have some stock sharing incentive that I am not aware of).

yes like deanwebb says, if this is a corporate network, to secure it, you NEED to have by in from management, otherwise you will probably be out of work shortly. Identify devices, build a case, make recommendations, provide solutions, request a budget for securing the network, and implement recommendations.  If management is not keen on securing their network, what was is that he (deanwebb) said,  hop into your Porsche Boxster and peel out of the parking lot...screaming it's all on you (expletive). cause you don't want to be there long.

The budget really depends on the solutions that management is will to support with your recommendations. I would suggest to contact 3 vendors build a Bill of Materials and present to management (with your recommendations) to support the budget request. it could be in 500K to 5M. it really depends on what you are trying to protect. and what the loss to the company would be if that data were compromised or lost, or encrypted.

Recovery cost would need to be determined by management or accounting,  if it's going to cost 2M to recover and you can protect with 500K, that's a no brainer. if it's going to cost 2M to recover and 2.5M to protect, that is not your decision but may be viable depending on what you are protecting. But that is risk assessment and not part of network security.

wow just wow!!!
 I never knew how complicated the middle east was...
this guy does a good explanation.

ping the broadcast network address?

1. check if traffic is interesting source traffic is permitted trough the tunnel and will transverse. #2 check if response back is permitted.

It mat get there but return response is denied, packet capture on device or FW may be required.

1. check if traffic is interesting source traffic is permitted trough the tunnel and will transverse. #2 check if response back is permitted.

Linux Cookbook, 2nd Edition
https://www.oreilly.com/library/view/linux-cookbook-2nd/9781492087151/

From a configuration server, as that likely is done securely. Or, rather, it could be done *more* securely than from a remote text file. That remote text file could be altered by someone else and I not be aware of it as I provision my computer. But the configuration server potentially keeps that information securely, tracks changes, and requires secure connections for provisioning new computers.

..and what if that configuration server is taken over by a bad actor?

we all need to learn stuff, and keep on learning, otherwise you will only know old technology, and we all know that is career suicide. (except if one is a mainframe operator or COBOL programmer)