F5F Stay Refreshed Power Users Networks Segmenting networks and using VLANs are key strategies for improving security and performance.

Segmenting networks and using VLANs are key strategies for improving security and performance.

Segmenting networks and using VLANs are key strategies for improving security and performance.

Pages (3): Previous 1 2 3 Next
A
Amy467
Member
Find
106
01-18-2017, 09:29 AM
#11
Seems like a solid concept. I believe @wseaton is overlooking… every component contributes, yet nothing is a perfect solution. If this is your sole focus, then you’ve missed the mark on opsec. Additionally, omitting vlans from your toolkit also indicates a failure in securing operations.
Reply
Reply
A
Amy467
01-18-2017, 09:29 AM #11

Seems like a solid concept. I believe @wseaton is overlooking… every component contributes, yet nothing is a perfect solution. If this is your sole focus, then you’ve missed the mark on opsec. Additionally, omitting vlans from your toolkit also indicates a failure in securing operations.

Reply
Reply
V
Veterian_
Junior Member
Find
14
01-20-2017, 06:29 AM
#12
This approach seems risky. Why would everyone need to connect with each other? That’s not safe either. Make sure it’s done properly or skip it completely.
Reply
Reply
V
Veterian_
01-20-2017, 06:29 AM #12

This approach seems risky. Why would everyone need to connect with each other? That’s not safe either. Make sure it’s done properly or skip it completely.

Reply
Reply
X
XxKripxDeMoNxX
Senior Member
Find
536
01-23-2017, 12:36 PM
#13
It would be better to plan carefully and consider alternatives before deciding to run separate cabling everywhere.
Reply
Reply
X
XxKripxDeMoNxX
01-23-2017, 12:36 PM #13

It would be better to plan carefully and consider alternatives before deciding to run separate cabling everywhere.

Reply
Reply
J
Jean_Lou
Member
Find
74
01-23-2017, 02:00 PM
#14
My iPhone 15 comes with USB-C and Gigabit Ethernet, yet I'm stuck on my couch. When I want to reach the kitchen, I have to use a longer cable.
Reply
Reply
J
Jean_Lou
01-23-2017, 02:00 PM #14

My iPhone 15 comes with USB-C and Gigabit Ethernet, yet I'm stuck on my couch. When I want to reach the kitchen, I have to use a longer cable.

Reply
Reply
M
Mouse123
Member
Find
69
01-23-2017, 03:04 PM
#15
Yes, those older device grouping methods were typically found only in consumer firewalls, as most networks used solutions like Foritnet or Palo Alto with advanced microsegmentation. It would have been nice if there was a more flexible approach—perhaps a Virtual Local Area Network or VLANs—to simplify device grouping.
Reply
Reply
M
Mouse123
01-23-2017, 03:04 PM #15

Yes, those older device grouping methods were typically found only in consumer firewalls, as most networks used solutions like Foritnet or Palo Alto with advanced microsegmentation. It would have been nice if there was a more flexible approach—perhaps a Virtual Local Area Network or VLANs—to simplify device grouping.

Reply
Reply
A
alondra_malfoy
Member
Find
152
01-30-2017, 03:28 PM
#16
I found this concept really interesting! Someone deserves recognition for it. Oh, wait—this was already known and addressed for years? Wow. Sorry, no prize for @Lurick. I’m still hoping @wseaton clarifies why VLANs aren’t a good solution and actually strengthen security.
Reply
Reply
A
alondra_malfoy
01-30-2017, 03:28 PM #16

I found this concept really interesting! Someone deserves recognition for it. Oh, wait—this was already known and addressed for years? Wow. Sorry, no prize for @Lurick. I’m still hoping @wseaton clarifies why VLANs aren’t a good solution and actually strengthen security.

Reply
Reply
P
Persiphany
Member
Find
159
01-30-2017, 10:35 PM
#17
Reply
Reply
P
Persiphany
01-30-2017, 10:35 PM #17

Reply
Reply
1
1234qaz12qaz
Posting Freak
Find
773
02-09-2017, 01:16 AM
#18
You're welcome on the topic. I'll focus on Avahi and firewall configurations for your TrueNAS Scale setup. Your NAS is built with SuperMicro, IPMI support, and ECC RAM—great hardware choice!
Reply
Reply
1
1234qaz12qaz
02-09-2017, 01:16 AM #18

You're welcome on the topic. I'll focus on Avahi and firewall configurations for your TrueNAS Scale setup. Your NAS is built with SuperMicro, IPMI support, and ECC RAM—great hardware choice!

Reply
Reply
C
Cokkie77
Senior Member
Find
556
02-09-2017, 07:20 PM
#19
Avahi is merely a pfsense extension, simply install it, specify the target subnets, and everything should function smoothly. IPMI needs to reside on the management network as well. Adjustments to security settings or boot processes should stay within the management zone, along with BIOS access options. Truenas WebUI (with SSH enabled) must be accessible exclusively there. Restrict its connections solely to the management subnet, while SMB and similar services should connect to other networks. Since I’m using Proxmox for virtual machines, I’ve allocated two virtual NICs in Truenas—one without VLAN tagging (receiving full trunk traffic) and another with my lab’s VLAN tag, managed through Proxmox. This setup also applies to the management subnet. Additionally, ensure ZFS snapshots are enabled; they act as a safeguard against accidental changes or ransomware attacks. Snapshots are read-only except via Truenas itself, preventing unauthorized modifications by SMB or NFS users. If data becomes encrypted, you can restore it from a snapshot after resolving the ransomware issue—effectively resetting everything to its original state.
Reply
Reply
C
Cokkie77
02-09-2017, 07:20 PM #19

Avahi is merely a pfsense extension, simply install it, specify the target subnets, and everything should function smoothly. IPMI needs to reside on the management network as well. Adjustments to security settings or boot processes should stay within the management zone, along with BIOS access options. Truenas WebUI (with SSH enabled) must be accessible exclusively there. Restrict its connections solely to the management subnet, while SMB and similar services should connect to other networks. Since I’m using Proxmox for virtual machines, I’ve allocated two virtual NICs in Truenas—one without VLAN tagging (receiving full trunk traffic) and another with my lab’s VLAN tag, managed through Proxmox. This setup also applies to the management subnet. Additionally, ensure ZFS snapshots are enabled; they act as a safeguard against accidental changes or ransomware attacks. Snapshots are read-only except via Truenas itself, preventing unauthorized modifications by SMB or NFS users. If data becomes encrypted, you can restore it from a snapshot after resolving the ransomware issue—effectively resetting everything to its original state.

Reply
Reply
M
maxpower1616
Junior Member
Find
25
02-09-2017, 09:05 PM
#20
Are you really relying on IPMI for these servers located at home? I own two with it, but they don’t provide much value since the hardware is quite old. If you need access to IPMI, simply connect it to the management VLAN. Be careful not to lose access when changing settings—ensure you can still retrieve a snapshot if needed. Wouldn’t it be better to back up the current state before making any adjustments? And yes, it should automatically save a fresh image every few minutes; having a copy is wise in case of future encryption issues.
Reply
Reply
M
maxpower1616
02-09-2017, 09:05 PM #20

Are you really relying on IPMI for these servers located at home? I own two with it, but they don’t provide much value since the hardware is quite old. If you need access to IPMI, simply connect it to the management VLAN. Be careful not to lose access when changing settings—ensure you can still retrieve a snapshot if needed. Wouldn’t it be better to back up the current state before making any adjustments? And yes, it should automatically save a fresh image every few minutes; having a copy is wise in case of future encryption issues.

Reply
Reply
Pages (3): Previous 1 2 3 Next