Re: [AFMUG] Memcached

Sun, 04 Mar 2018 09:05:25 -0800 

I dont run a bridged net

I dont expose RFC1918 addresses

I have automated backups and updates for my 3 edges.
most routes are on OSPF some are still doing static somewhere in the middle there is some ibgp going on.
I do my best at being a good steward of security but sometimes its not enough. 

automated ACL and fail2ban have been my allies in the war against Stupid :)
I am still waiting on Cambiumnetworks to unvail a switch and router to compliment the pure network I run.
Being pure removes the holes in my security and makes work easy for setting standards for only small team 

to handle instead of having a large one with individual agenda to meet.

my 2 cents



On 3/3/2018 9:33 PM, Justin Wilson wrote:

Why does anyone run a bridged network?
Why does anyone expose their management ip ranges to the internet?
Why does anyone not upgrade firmware to fix security vulnerabilities that are years old? 

Shall I go on? :-)





Justin Wilson
[email protected] <mailto:[email protected]>

www.mtin.net <http://www.mtin.net>
www.midwest-ix.com <http://www.midwest-ix.com>
On Mar 3, 2018, at 9:12 PM, Steve Jones <[email protected] <mailto:[email protected]>> wrote: 

Why does anyone have non acl input allow on infrastructure
On Mar 3, 2018 3:39 PM, "Justin Wilson" <[email protected] <mailto:[email protected]>> wrote: 

    Do the following.

    1.Dont have it listen on public ports.
    2.IPtables if you must have it listen on public ports for
    whatever reason.
    3.Compile with libwrap and use tcpwrappers for the best security

    Justin Wilson
    [email protected] <mailto:[email protected]>

    www.mtin.net <http://www.mtin.net/>
    www.midwest-ix.com <http://www.midwest-ix.com/>


    On Mar 3, 2018, at 12:13 PM, David M <[email protected]
    <mailto:[email protected]>> wrote:

    I block it on the input for any router we have.
    I havent considered doing for the forward table.

    On 3/2/2018 3:37 PM, Mike Hammett wrote:

    You are blocking port 11211, right?



    -----
    Mike Hammett
    Intelligent Computing Solutions <http://www.ics-il.com/>
    
<https://www.facebook.com/ICSIL><https://plus.google.com/+IntelligentComputingSolutionsDeKalb><https://www.linkedin.com/company/intelligent-computing-solutions><https://twitter.com/ICSIL>
    Midwest Internet Exchange <http://www.midwest-ix.com/>
    
<https://www.facebook.com/mdwestix><https://www.linkedin.com/company/midwest-internet-exchange><https://twitter.com/mdwestix>
    The Brothers WISP <http://www.thebrotherswisp.com/>
    <https://www.facebook.com/thebrotherswisp>


    <https://www.youtube.com/channel/UCXSdfxQv7SpoRQYNyLwntZg>

Reply via email to