Redoing a existing network....

By pes2013
in Smart Home, Network & Security

 Share

Recommended Posts

Grand Master

+BudMan MVC

Posted
  • MVC
Posted

whatever dude - removing **** your NOT using CAN NOT BREAK ANYTHING -- are you using teredo?? NO - its a tunneling protocol for ipv6 over 4, are you using isatap?(Intra-Site Automatic Tunnel Addressing Protocol) -- again a method of doing ipv6 over ipv4, not USING IT

6to4 tunnel, again NOT using it!! if you want to leave a IPv6 stack in place sure go ahead, you sure do not need these tunneling methods enabled. If you want your nic to have a local link IPv6 address, sure go for it - pointless unless your actually using ipv6.. Do your servers even have it enabled? If your running 2k3 server then NO its not.

So what do you want to do enable or disable icmp - I would guess you want to enable, because most likely out of the box its disabled.. I would have to lookup up the manual, I don't use those firewalls - did you read the manual? Which should of be step one before you even took it out of the box!!

I don't know what kind of connection you have, so I could not tell you if your PPP or not..

And again - yes its good security practice to disable protocols your not using, and its also just over all good house keeping.. But sure if you don't care if your house is a complete and utter mess then leave all your tunnels that your not using enabled and just beeping away on your network.. Pointless nonsense you could clean up with a few key strokes in your GP.

Grand Master

+BudMan MVC

Posted
  • MVC
Posted

"And our DC is Windows Small Business Server 2003"

Then it has NO ipv6 enabled out of the box - did you ENABLE it?? I highly doubt it!!

Then there is NO freaking way anything your doing with xp, vista, w7 or even 8 is doing anything with your server that has anything thing to do with you ipv6. Period - and they don't do anything to each other. So you HAVE NO USE if ipv6 on your network - NONE!! As I already stated disable it on a couple of machines if your worried. It takes 2 seconds and reboot to disable it, and same amount of time to re-enable it if something doesn't working. Which is not the case because if you have 2k3 server your NOT doing anything with ipv6, because its even enabled on that os unless you installed it..

And yes I read your link - it does NOT pertain to ANYTHING you could be doing because your not even running ipv6 on your server - so as I stated before everything ipv6 related on your clients is freaking noise! nothing more...

Grand Master

Obi-Wan Kenobi

Posted
Posted

Hey pes2013 !!

Listen to BudMan,,

he has really good advice, he has helped me out of a jam once or twice as well. and I have been running networks since before windows was a household name.

:)

THIS, to the infinite power. Don't shun BudMan....he actually KNOWS what he's talking about. I suggest to listen to him. Don't be argumentive. He is the person that has kept my network still working through his advice to others. Trust the almighty BudMan... He'll help you get everything flowing properly. (Y)

Grand Master

Original Poster

Posted
Posted

"The wireless clients are MACed controll and WEP"

So completely open to anyone that can google then ;) Since both are completely and utterly useless as security measures.

agreed WEP is easy to hack and MACs easy to fake... you can sniff the working macs while you are cracking the WEP XD

Neowinian

dnsing

Posted
Posted

Here is the updated network with the DNS entry of my router removed and DHCP lease time increased to 1 day:

post-486562-0-77945700-1364889232.png

Next step that should be done? For now, with the new firewall and the AD updated to the new settings, internet access seems to be doing great without a hiccup (for now)

Veteran

sagum

Posted
Posted

Its enabled out of the box.

Did you read the article I pointed out saying that there are some built in programs that if IPv6 is disabled on W7, could break normal operations???

And our DC is Windows Small Business Server 2003

BudMan is sound when it comes to advice. You should listen to him.

What he's basically doing here is offering you a near 100% walk through of setting up your network *perfectly*, apart from actually coming on site and doing it for you. All you just have to answer his questions and do what he says.

Do you even know how much he could be charging you for this service?

He's handing you the offer of a trouble free setup of your network, one that is secure, and easy to maintain after it's setup .. and you're throwing the chance it away.

Budman has more experience then most on these forums, if he says it'd be best to disable IPv6 if your clients aren't using it, he's probably telling you it for a reason that he's had experience from.

As for your lack of worry about security, if your clients are tunnelling IPv6 over IPv4, the machines are pretty much bypassing your firewall and giving them direct contact with the outside world over IPv6. While you'll have internet facing IPv6 addresses for this, you're still poking holes in to your network (directly to machines) from the outside and once they're in your network, they can use the Local and LAN IPv6 addresses to attack any other IPv6 enabled machine on your network. It's just not worth the security risk, no matter how small it is. It's like the 90's all over again and people are just ignoring it as a non-issue.

Lastly, I noticed you weren't too concerned about WiFi setup, one of the reasons your network could be dropping its connections is if a rogue attacker has your WEP key and is using all your bandwidth or simply screwing around with the network in general. Security should almost always be one of your top priority, even more so on a live network.

This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.

  • Posts

    • Researchers claim Microsoft's quantum breakthrough is flawed by basic Python errors

      By Fleet Command · Posted

      🙄
    • Limited time Prime Day deal cuts price of this Hisense 65" 4K smart TV in half

      By Ivan Jenic · Posted

      Limited time Prime Day deal cuts price of this Hisense 65" 4K smart TV in half by Ivan Jenic It’s Amazon Prime Day, and brands are offering great deals to consumers. One of the best deals of the day is definitely this Hisense 65" U7, which is currently $799.99 on Amazon, down from $1,499.99. That's nearly 50% off and $700 saved on this feature-packed 4K TV (purchase link down below). The U7 uses Mini-LED backlighting with up to 3,000 local dimming zones and up to 3,000 nits of peak brightness. That means blacks are truly deep and highlights are punchy enough to hold up even in bright rooms. The screen is covered with a dual-layer anti-reflection coating, which prevents the afternoon overhead lights from washing the picture. For gaming, the native 165Hz refresh rate and VRR 330 support make this one a great TV option for PS5 and Xbox Series X. The TV even features a native game mode, which should help minimize the input lag for a better gaming experience. Audio is handled by a 2.1.2 channel system tuned by Devialet, which is a notable partnership for a TV at this price. Additionally, Dolby Vision IQ, Dolby Atmos, and IMAX Enhanced are all supported. It runs Fire TV with Alexa+ built in. So, if you’re looking for a sharp, large screen to watch the World Cup on, the U7 at this price is definitely an attractive option. Speaking of which, Hisense is the official sponsor of the World Cup, which should mean absolutely nothing to you, and isn’t the reason why you should by this TV. The reason why you should buy it is that it’s “la bella televisione, HDTV-compatible, beautiful,” and available at half the price. Hisense 65" U7 Mini-LED 4K Smart Fire TV - $799.99 | 47% off on Amazon Good to know This Amazon deal is U.S. specific, and not available in other regions unless specified. We only use first-party seller links (at the time of article publishing); ensure that you purchase from a first-party seller link only. Check out Today's Deals on Amazon | or our recent tech deals. Become a Prime member (for Students or SNAP) via Neowin Get Prime Access - Prime for half price (for qualifying Medicaid, EBT, SNAP) Subscribe to Prime Video, Audible Plus, Music Unlimited or Kindle Unlimited via Neowin As an Amazon Associate, we earn from qualifying purchases.
    • eM Client 10.4.5600.0

      By Copernic · Posted

      eM Client 10.4.5600.0 by Razvan Serea eM Client is a full featured e-mail client with a modern and easy to use interface. eM Client also offers calendar, tasks, contacts and chat. eM Client supports all major services including Gmail, Exchange, iCloud, and Outlook.com. You can easily import your data from most of the other e-mail clients. This includes Microsoft Outlook, Outlook Express, Windows Mail, Windows Live Mail, Thunderbird, The Bat and more. eM Client fully supports touch devices like touch-enabled laptops, tablets and hybrid devices. Use your email client easily in a modern way. eM Client PRO vs. Free version While the Free license allows you to set up the maximum of two accounts in the application, it is possible to add an unlimited number of accounts with the PRO license. The PRO license also enables you to use eM Client for commercial purposes. Commercial use is any activity that helps you make profit, the Free license therefore cannot be used in company settings or on personal computers for business correspondence. PRO users also gain access to the dedicated support system and to the licensing manager. eM Client has been fully optimized to run smoothly on Windows Vista, 7, 8, 10 and 11. eM Client 10.4.5600.0 changelog: Improved memory management Improved MS Teams support A lot of other fixes Download: eM Client 10.4.5600 | 128.0 MB (Free, paid upgrade available) View: eM Client Website | eM Client Screenshot Get alerted to all of our Software updates on Twitter at @NeowinSoftware
    • EU says AWS and Microsoft Azure should be treated as DMA gatekeepers

      By Nas · Posted

      Re: Capitalism. It's just 1 of dozens of economic models currently-adopted worldwide; most national models separate money from politics thereby limiting the influence wealth carries over the economy (due to limited tentacles wealth politics has over the broader economy). The "American model" of unfettered financial influence should NOT be the variant of pure capitalism adopted worldwide. More regulations formulated within this variant is effectively useless due to the misalignment between regulatory objectives and fundamental influence wealth politics carry over the market. Re: enough money. Without constraining the breadth/depth/scope/scale that any measure of money/wealth can have within a market, there will always inherently be those who have "enough money" and those who do not. Those without "enough money" will always lose -- regardless if a bedroom DJ, indie developer, or million-dollar corporation going against a billion-dollar mega-corporation. The evil is the absence of guardrails against the influence of wealth; not the mere existence of wealth. Re: dragged through the courts. The liberalist nature of litigation does not exclude anyone, anywhere, for any reason for getting dragged through the courts. Rather than formalize remediation pathways for various perceived ills, everything is left up to flawed interpretations... and this is where a litigation-averse community fails to thrive (thus a losing proposition when dragged to courts). Everyone should have more protections and clear remediation strategies! Going to an alternate remediation arbitration is OK so long as the case review and remediation processes are clear and transparent. For corporations, hit them where it hurts: automatic financial penalties. (PS: This is where corporate risk management strategies would do well to behave more ethically.) Overall, failure to truly shake-up the incentive core and regulatory extremities of the economic market will necessarily mean that all other actions are simply applying lipstick on a pig. Change begins from the inside. Is the root cause of the problem that a majority of consumers within a market goes for Option Brand-name versus Option Indie? Or that brand-name is spending foreign money to control domestic markets? Or that money is the objective measure for success across all walks of life? Or that deep pockets dictate the moral and ethical rights/wrongs of entire societies? Regardless of the answer (and there's nothing inherently wrong with being a socialist or communist or whatever label your surroundings deem 'cool' or 'uncool') there's a common thread: If a market truly wants to nurture domestic innovation, then performative finger-wagging will do nothing to that end.
    • Researchers claim Microsoft's quantum breakthrough is flawed by basic Python errors

      By +pmrd · Posted

      Lol, I won't even bother explaining the joke to you.

  • Recent Achievements

    • Conversation Starter
      Admir earned a badge
      Conversation Starter
    • First Post
      The_Focal_Point earned a badge
      First Post
    • Apprentice
      daryld went up a rank
      Apprentice
    • Contributor
      Carltonbar went up a rank
      Contributor
    • One Month Later
      The_Focal_Point earned a badge
      One Month Later

  • Popular Contributors

    1. 1
      +primortal
      407
    2. 2
      +Edouard
      167
    3. 3
      PsYcHoKiLLa
      130
    4. 4
      Xenon
      71
    5. 5
      neufuse
      69
    Show More

  • Tell a friend

    Love Neowin? Tell a friend!