nanog mailing list archives

Re: Synology Disk DS211J

From: Charles N Wyble <charles () knownelement com>
Date: Fri, 30 Sep 2011 22:31:09 -0500

On 09/30/2011 08:56 AM, Blake T. Pfankuch wrote:

The easy way around the unhappy significant other/minion shaped offspring solution is to put all of the "end user" 
devices On a separate VLAN, and then treat that as an open DMZ.  Then everything operational (ironic in a home) on 
your secured production network (restrict all outbound/inbound except what is needed).  If you really want to 
complicate it you should even put your wireless into a separate VLAN as well, and secure it as appropriate.  Gives 
you the ability firewall between networks, thus making sure that when your minions eventually get something nasty 
going on the PC they use, it doesn't spread through the rest of the network.  Also means you can deploy some form of 
content filtering policies through various solutions to prevent your minions from discovering the sites running on 
the most recent TLD addition.


Packet fence. Per user vlans. RADIUS back end auth with one time
passwords. I'm trying to package all this into a turnkey distro for my
own deployment across hundreds of sites. As such I need it anyway and
don't mind open sourcing it. It's been an on again/off again project but
it's really close to release.

This assumes that most people reading this email have the ability to run multiple routed subnets behind their home 
firewall.  Be it a layer 3 switch with ACL's or multiple physical interfaces and the ability to have them act 
independently.


Routing on a stick to pfSense for me. Though I could use my l3 switch I
guess. *shrugs*

Personally I run 8 separate networks (some with multiple routed subnets).  Wireless data, management network, voice 
networks, game consoles, storage, internal servers, DMZ servers and Project network.  Only reason why there is no 
"end user" network is that there are no wired drops anywhere in the house, so that falls under the wireless data. 
That network gets internet access and connectivity to file sharing off the internal servers and all internet traffic 
runs through Anti-Virus/Anti-Spyware before going outbound and inbound.


No. You aren't paranoid enough. See above. If it was turnkey, more
people would use it.

Blake

-----Original Message-----
From: Matthew Palmer [mailto:mpalmer () hezmatt org] 
Sent: Friday, September 30, 2011 12:19 AM
To: nanog () nanog org
Subject: Re: Synology Disk DS211J

On Thu, Sep 29, 2011 at 07:10:10PM -0700, Joel jaeggli wrote:


-- 
Charles N Wyble charles () knownelement com @charlesnw on twitter

http://blog.knownelement.com

Building alternative,global scale,secure, cost effective bit moving platform
for tomorrows alternate default free zone.

Current thread:

RE: Synology Disk DS211J, (continued)
- - - RE: Synology Disk DS211J Nathan Eisenberg (Sep 29)
    - Re: Synology Disk DS211J Jay Ashworth (Sep 29)
    - RE: Synology Disk DS211J Robert Bonomi (Sep 29)
    - Re: Synology Disk DS211J Joel jaeggli (Sep 29)
    - Re: Synology Disk DS211J bmanning (Sep 29)
    - Re: Synology Disk DS211J Jay Ashworth (Sep 30)
    - Re: Synology Disk DS211J Doug Barton (Sep 30)
    - Re: Synology Disk DS211J Matthew Palmer (Sep 29)
    - RE: Synology Disk DS211J Blake T. Pfankuch (Sep 30)
    - Re: Synology Disk DS211J Leo Bicknell (Sep 30)
    - Re: Synology Disk DS211J Charles N Wyble (Sep 30)
    - Message not available
    - Re: Synology Disk DS211J Valdis . Kletnieks (Sep 30)
    - Re: Synology Disk DS211J bmanning (Sep 30)
    - RE: Synology Disk DS211J Jones, Barry (Sep 29)
    - RE: Synology Disk DS211J Jones, Barry (Sep 29)
    - Re: Synology Disk DS211J Pierre-Yves Maunier (Sep 30)
  - RE: facebook spying on us? Jones, Barry (Sep 30)
    - Re: facebook spying on us? Joel jaeggli (Sep 30)
    - Re: facebook spying on us? Steven G. Huter (Sep 30)
    - Re: facebook spying on us? Michael Painter (Sep 30)
    - Re: facebook spying on us? Seth Mattinen (Sep 30)

(Thread continues...)