Posts made by beta

I wanted to get feed back on if it is a good or bad idea to buy refurbed Cisco gear? I've heard the arguments for refurbed Dell servers and took this advice when I bought my last server (got it from xByte).

The Dell refurb process seems high quality (like I know a lot of the servers may have only been used for a very short period of time before the original buyer returned them for some reason and are backed by full Dell warranties). I'm not so sure how it works with Cisco refurbs.

I'm looking at buying switches and 3600 series APs (to add to our current wireless deployment) for our headquarters. I was also thinking of buying a refurbed 5508 wireless controller. I currently have a 5508 running the APs and was looking at pricing for SmartNet renewal and thought maybe it would be smarter to get a refurbed 5508 instead and just keep that onsite as a spare.

Thoughts on refurbed Cisco gear and if it's generally quality and a smart buy or something to stay away from?

@beta

And totally off topic, but is there an easy way I can see my posting history to find threads I started?

@scottalanmiller said in Thoughts on how I could improve my network security?:

If you DO decide to go UTM, avoid crap like ASA, SonicWall, Sophos etc. I heavily recommend Palo Alto or nothing. If you can't do it right, don't do it halfway with gear I'd not even be willing to deploy at home.

Do you put a lot of stock into NSS Labs reports? In doing research, I'm kinda surprised to see Palo Alto isn't rated really high on the NGFW SVM. They do better on the NGIPS SVM, but Fortinet, Forecepoint, and TrendMicro are rated higher.

@jaredbusch said in Thoughts on how I could improve my network security?:

I would do something along this line:

Get good basic firewalls with nice rules setup.

Setup Strongarm.io or Cisco Umbrella, I would choose the former. This would handle security via DNS as well as content filtering by DNS is you so choose.

Get a good log monitoring system like Arctic Wolf or AlienVault to alert you to anything abnormal.

Have you used Artic Wolf or AlienVault? How'd you like them?

@jaredbusch said in Thoughts on how I could improve my network security?:

I just changed the policy at one client to be a minimum of 14 characters with no complexity and a 1 year change cycle.

I chose 14 as a minimum because that is the largest GPO would let me set it on a Server 2008 R2 based domain.

What would you have set it to if you weren't limited by 2008?

I didn't want to start a whole new thread, so thought I would ask here: what are your password policies looking like nowadays in regards to length, complexity, change frequency, etc.?

@dashrender said in Sanity check, which RAID level should I use for my Veeam repository?:

@beta said in Sanity check, which RAID level should I use for my Veeam repository?:

P.S. If I decided to keep RAID 10 and did need additional space in the future unexpectedly, I did think about a fall back plan of using Windows Deduplication (server will be running 2012 R2).

You're running Windows Server 2012 R2 on your repo? why waste a license?

I'm a Windows guy and I have the license to spare so seems logical to me.

@scottalanmiller said in Sanity check, which RAID level should I use for my Veeam repository?:

@beta said in Sanity check, which RAID level should I use for my Veeam repository?:

@scottalanmiller said in Sanity check, which RAID level should I use for my Veeam repository?:

@beta said in Sanity check, which RAID level should I use for my Veeam repository?:

Concerns with RAID 10 were it just gives me enough space based on my estimates for the 5 years of storage. Concerns with RAID 6 would be performance related (long rebuild times in case of disk failure, write penalty during backup operations, etc.).

Is that a big deal on your backup server?

What's that? The performance penalty? I mean I suppose under normal conditions probably not. My concern was if I used Veeam's instant recovery for example or if the array needed to rebuild because of a failed disk.

That's what I mean. So recovery from failed disk is like a 1% risk? It's a backup server, normally this isn't considered a problem. Even if you are using instant recovery, what are the chances that this would impact you?

You have to weigh it out. Look at the extra cost of RAID 10 and weigh that against the insanely unlikely chance that a recovery issue would impact you.

Because the impact only matters...

• IF you lose a server host and...
• IF you lose a drive on the backup server...

At the same time. So like even if you take the small chance that the server will fail, THEN you have something like a 1000:1 chance that the backup server would have a failed drive rebuilding at the same time.

See what I mean?

I see. I think I'll go with RAID 6 then. Will make sure I don't have to worry about capacity issues in the future.

BTW, what would you expect the rebuild time to be for such an array?

@scottalanmiller said in Sanity check, which RAID level should I use for my Veeam repository?:

@beta said in Sanity check, which RAID level should I use for my Veeam repository?:

Concerns with RAID 10 were it just gives me enough space based on my estimates for the 5 years of storage. Concerns with RAID 6 would be performance related (long rebuild times in case of disk failure, write penalty during backup operations, etc.).

Is that a big deal on your backup server?

What's that? The performance penalty? I mean I suppose under normal conditions probably not. My concern was if I used Veeam's instant recovery for example or if the array needed to rebuild because of a failed disk.

So, I am repurposing a Supermicro server into a storage server to hold my Veeam backups. I have the chassis full with 8x6TB WD Gold SATA drives. I was going to put them into RAID 10 (OBR10 of course) and that would give me just enough usable space based on my estimations of the size of the Veeam files required to store 5 years of backups with a very small amount of headroom.

I was just wondering if I should think about using RAID 6 instead? It would give me quite a bit more extra space just in case my data set should unexpectedly increase in size. I will not be using reverse incremental with Veeam btw.

Concerns with RAID 10 were it just gives me enough space based on my estimates for the 5 years of storage. Concerns with RAID 6 would be performance related (long rebuild times in case of disk failure, write penalty during backup operations, etc.).

Thoughts on if I should stick with my original decision of RAID 10? Thanks!

P.S. If I decided to keep RAID 10 and did need additional space in the future unexpectedly, I did think about a fall back plan of using Windows Deduplication (server will be running 2012 R2).

@dashrender said in Thoughts on how I could improve my network security?:

@beta said in Thoughts on how I could improve my network security?:

It would also be helpful to have more visibility into our traffic so I can see exactly who's using bandwidth if the internet is slow, if management asks me how many people are wasting time on non-work related websites, etc., etc.

An ER-L can give you basics in this area. I don't think IDS/IPS gives you this.

Sorry, I didn't mean to imply that's what the IDS/IPS would be for, I was referring to a UTM like appliance like the Palo Alto.

@scottalanmiller said in Thoughts on how I could improve my network security?:

@dashrender said in Thoughts on how I could improve my network security?:

@beta said in Thoughts on how I could improve my network security?:

I think my biggest concern is visibility and IDS/IPS.

Do you really need this? Not that it can't be a good thing, but what are you really trying to protect?

That's always the real question. I get that there is money to spend, use it or lose it, but still evaluating the real risk and concern is important. What's the itch that is attempting to be scratched?

So a little more info on our operation here. One of the things I'm concerned about is HIPAA adherence. We have a small department that has a contract with the state to collect some sensitive information from people. It's not even medical information, but they want us to follow HIPAA practices. I thought an IDS/IPS would be especially helpful here to safeguard this information and would help satisfy the state if they ask us what steps we take to secure the information. Of course we do the usual steps to safeguard the information such as it being restricted to only those users who need it via Active Directory permissions. Our users who collect the info are out in the field and their laptops are also using full disk encryption. We have multiple copies of backups onsite and offsite, etc., etc.

It would also be helpful to have more visibility into our traffic so I can see exactly who's using bandwidth if the internet is slow, if management asks me how many people are wasting time on non-work related websites, etc., etc.

I feel good about our AV as it offers central control and monitoring (cloud based so I even have our remote users constantly monitored and receiving the same policy updates and configurations).

I think my biggest concern is visibility and IDS/IPS. You'd recommend virtualizing those functions instead of using an appliance that also acts as the firewall? Any particular products you recommend?

@scottalanmiller said in Thoughts on how I could improve my network security?:

If you DO decide to go UTM, avoid crap like ASA, SonicWall, Sophos etc. I heavily recommend Palo Alto or nothing. If you can't do it right, don't do it halfway with gear I'd not even be willing to deploy at home.

Palo Alto is what I was thinking for sure. Glad to hear that's what you recommend

Hey folks, I posted over at SW, thought I might as well post here too.

I've got an unforeseen $15k or so (maybe a little more) from an unexpected grant that we need to spend on IT before the end of the year. I think it would be wise to invest towards our network and security. One of my biggest annoyances with our current environment is I really don't have a lot of visibility into our network traffic. I was thinking of investing in a new firewall appliance that can do layer 7 inspection and would also be a UTM with IDS/IPS built-in.

My current environment has an ASA 5512-x at the perimeter with a separate interface for a DMZ segment that hosts a web server used by our business partners. Behind another interface of the ASA is our Cisco 2901 router which routes our internal VLANs (data, voice, telemetry, etc.). Our switches our Cisco 2960 switches. The ASA is configured to block most incoming traffic except a few select ports and I have outbound ports restricted as well to common services like HTTP/S, NTP, DNS, etc. Of course we employ antivirus and antimalware to each endpoint on the corporate LAN. We also use SRP whitelisting and follow best practices of not allowing users administrator rights.

I believe I can buy Firepower services to add to our ASA, but I wasn't sure how well this work as I know Cisco bought Sourcefire and kinda cobbled them together on their ASA platform. Also the 5512-x is already end of sale so I thought maybe it would be a good time to just upgrade the whole box.

We have about 90 users/computers at HQ and 3 users/computers at 2 branch sites we have connected via VPN. Internet pipe at HQ is 50/50.

I think my second priority would be some kind of SIEM to centralize logging and easily correlate events, but I think I should probably start with looking at some UTM or IDS/IPS first? Any thoughts on what you would look at in a similar situation or what you would recommend?

@dafyre Oh hi! I feel like I've found the secret club LOL xD

Oh, one thing I was really curious about too, would it make sense to get an extra drive as a hot spare? Normally with OBR10 and spinning HDD, I'd put every spindle into the array, but since SSDs are going to give me plenty of IOPS and capacity, I didn't know if it is a good/bad idea with OBR5.

@scottalanmiller So, a few questions:

• Would it matter that 1 host would be SSD and the other HDD?
• Would it matter that the old R720 has less storage than the new server?
• I posted this on SW a while ago because I was trying to understand where vSAN fits in: https://community.spiceworks.com/topic/1976492-replicated-local-storage-virtual-sans-versus-application-ha and from what I had read (and some comments you had made to other posters) it seemed like things like SQL, Exchange, AD, etc are usually exempted from other types of HA in favor of their native application HA so I didn't really know if SQL would be a good candidate for vSAN.

@scottalanmiller Briefly, my concerns with that though is the way I understand Starwind works with VMware is I need to create Windows Server VMs which host the storage I think? It just seemed like it added a little more complexity.

@DustinB3403 Yes, I took that into consideration too. I do have in my favor we are a non-profit, so I can get MS licensing from Techsoup which is MUCH cheaper than anywhere else so the updated MS licensing doesn't hurt us too badly.