Originally posted by RFBurns
...Obviously you need some networking classes.
Had them, thank you very much. I am a MCSE, CNE, CCA, and CCNA. But nice try in trying to disparage me. Shoot, I bet you don't even know the
difference between a routed protocol and a routing protocol.
The hardware I sit behind is quite effective, customizable and has worked for my purposes for over 10 years. Now I have never had ANY virus
attacks, or attempts to get into my networks since installing this system, and it seems to work extremely well.
If you were as good at networking as you seem to think you are, you would know that a firewall has ABSOLUTELY NOTHING TO DO WITH WHETHER YOU CATCH A
VIRUS OR NOT. You could be behind 50 billion firewalls, and still catch a virus.
The two routers, the industrial ones, are not your typical off the shelf wal mart made in china POS's. These are Cisco routers
I am very familiar with Cisco routers, having installed and configured many hundreds of them, including one for an ISP backbone that probably cost
more than your house. Here's another clue for you... turn over that Cisco router, and see where it was made. Why do you think the Pentagon is
talking about replacing their Cisco products? (It's not just the "fake" Ciscos they are talking about replacing) BTW, Ciscos are just RISC chips.
The power and flexibility comes from the IOS.
(Cisco does one thing better than all the other companies out there: If you have their maintenance agreement, they will talk you through a
configuration issue, or send you out a new router/switch without question.)
and I control those in real time on seperate pc's running nothing but their control software.
No, you may MONITOR them in real time, but you don't "control" them in real time. Although you could telnet (via IP or Console) into them, or use
another program to do so, all that does is change the running config, or the startup config, it is not "controlling them" as you have put it.
(Besides, REAL network engineers use the CLI!
) A closer metaphore would be that it would be like adjusting the autopilot of a plane 2 degrees to
starboard. The "control software" for Cisco routers run from the integrated or plugged-in flash-rom, and are stored as configuration files, and
executable binaries. The most you could do is tell it to obtain it's IOS and startup config file from a TFTP server.
The other 3 are typical off the shelf routers to which each are in fact both firewalls and router combinations.
There are very, very few firewall/router combination devices, and I doubt whether you have them. A firewall with a DMZ is not a "router". Does
your "firewall/router" understand RIP/OSPF/BGP, etc? Can it translate between those? Can you assign costs with routes? No? Then it's not a
"router", it's as simple as that. It behaves more like a layer 3 switch, with Stateful Packet Inspection (or, in other words, A FIREWALL)
Then there is of course the OS firewalls...useless IMO.
You DO realize that the CISCO IOS is SOFTWARE, right? Believe me, I know it's software, because I've updated enough IOSs in my time.
Anyway what works for me is working just fine. And has been for 10 years. Obviously I am doing something right..and everyone else is not with
all this cry wolf over some file getting into their systems.
This isn't about some file that "got into their systems". It's about a file PUT THERE by Symantec, and does weird things that it should not be
doing. Guess what buddy? If you ran the affected software, you would have it too. Know why? BECAUSE YOU WOULD HAVE HAD TO OPEN THE OUTBOUND PORTS
TO ALLOW SYMANTEC AV TO COMMUNICATE TO IT'S HOME SERVERS. If you were really cognizant of networks, as you claim to be, you would already know
One other thing to toot my own horn. I once (by mistake) did something with a 2600 that Cisco will tell you is impossible. Due to an IP subnet
miscalculation, I had that 2600 ROUTING (not bridging) when both sides of the router contained the same subnet. The only thing it would not do was to
allow incoming RDP traffic to a server, everything else worked fine, including internet browsing. (Had to break out an IP subnet calculator on that
one, because I miscalculated it by hand.)
[edit on 12-3-2009 by sir_chancealot]