Fix your virtualization with more virtualization!
-
@ender said:
AnyConnect VPN client (...) all LAN access was cut off when the VPN connection established
And that is why my company is switching to AnyConnect from old Cisco SSLVPN. Also, not sure of yours did that, but this one does block "untrusted LANs" altogether (other than for its own use), even when not connected, and prompts for your VPN login the moment it can sniff its way to the VPN server. "The policy always was that the only thing you are allowed to do on your laptop's internet connection is to dial into the VPN anyway, and corporate laptops are supposed to be on internal network or on the VPN, no other network ever".
Le sigh.
-
@bannedfromcoding said:
@ender said:
AnyConnect VPN client (...) all LAN access was cut off when the VPN connection established
And that is why my company is switching to AnyConnect from old Cisco SSLVPN. Also, not sure of yours did that, but this one does block "untrusted LANs" altogether (other than for its own use), even when not connected, and prompts for your VPN login the moment it can sniff its way to the VPN server.Every VPN I've ever used does this. Isn't that kinda the point?
-
No, the fucking point is to establish a secure tunnel between an endpoint and a concentrator. Whether than endpoint has additional network interfaces is utterly irrelevant (unless the endpoint is bridging the two, but that should be up to the concentrator or even better - a dedicated security appliance sitting between the concentrator and the proper secure segment, because trusting any old thing that connects to your VPN is rather naive anyway - to detect and stop. Cisco's preferred technique of "FUCK EVERYTHING ELSE YOU MAY BE DOING!" sucks and doesn't swallow)
-
@boomzilla said:
Every VPN I've ever used does this. Isn't that kinda the point?
No, the point is to connect (with RDP) to the single machine (my) client is allowed to, to run Navirion remotely for accounting purposes, which among other things means that shares on local server have to be accessible (since the remote Navision prepares files that have to be processed by ebanking software running in the LAN), as have to be printers (which are all on LAN, and which we will not connect locally to every machine that needs VPN access). I fail to see the point in cutting off the LAN access when VPN is connected.
-
@ender said:
@boomzilla said:
Every VPN I've ever used does this. Isn't that kinda the point?
No, the point is to connect (with RDP) to the single machine (my) client is allowed to, to run Navirion remotely for accounting purposes, which among other things means that shares on local server have to be accessible (since the remote Navision prepares files that have to be processed by ebanking software running in the LAN), as have to be printers (which are all on LAN, and which we will not connect locally to every machine that needs VPN access). I fail to see the point in cutting off the LAN access when VPN is connected.OK. I guess it depends on what you're trying to do. I've only connected to various enterprise VPNs, where they don't want your local network becoming an extension to their secure network.
-
@boomzilla said:
OK. I guess it depends on what you're trying to do. I've only connected to various enterprise VPNs, where they don't want your local network becoming an extension to their secure network.
A normal VPN does "block untrusted LANs". The one in question blocks them even when you're not connected to the network, and makes you login as soon as it sees the server. Which one was "kinda the point"?
-
@Sutherlands said:
A normal VPN does "block untrusted LANs". The one in question blocks them even when you're not connected to the network, and makes you login as soon as it sees the server. Which one was "kinda the point"?
I think, "Read slower and more throroughly."
-
@boomzilla said:
I think, "Read slower and more throroughly."
Isn't that as effective as talking louder and slower to someone who doesn't understand your language?
-
@dohpaz42 said:
@boomzilla said:
I think, "Read slower and more throroughly."
Isn't that as effective as talking louder and slower to someone who doesn't understand your language?
N...O......<larger>I...T......</larger>I...S......L...I...K...E......<larger>T...Y...P...I...N...G......</larger>S...L...O...W...E...R...
-
@boomzilla said:
@Sutherlands said:
A normal VPN does "block untrusted LANs". The one in question blocks them even when you're not connected to the network, and makes you login as soon as it sees the server. Which one was "kinda the point"?
I think, "Read slower and more throroughly."
I think he was talking about the one my company enforces, and not Ender's. Because that's exactly what it does. Corporate LAN, corporate VPN, or nothing.
-
@mattbancroft said:
mostly problems of virtualization are security and management complications but according to this article I read there are some problems solvers available.
http://v12ntoday.com/blogposts/virtualization-or-networking.html
So with time new and modern technology as well standards are coming in to sort out such issues related to virtualization, but one thing that companies need to be aware of is that the benefits in one sector should not become a source of problem in another.Ladies and Gentleman, I bring to you: the WORST SPAM EVER!
-
@blakeyrat said:
Ladies and Gentleman, I bring to you: the WORST SPAM EVER!
Not even close...consider:
In Austin, Minnesota, a 16,500 square-foot SPAM® Museum opened in September 2001. Museum visitors are welcomed to the world of SPAM® Family of Products with a variety of interactive and educational games, fun exhibits and remarkable video presentations.
The SPAM® Museum is located at:
1937 SPAM™ Boulevard
Austin, Minnesota 55912
Call: 1-800-LUV-SPAM (1-800-588-7726)If you would like Austin, Minnesota, lodging and restaurant information click here.
For more information, visit www.spam.com or www.hormel.com.
MUSEUM HOURS:
May 1 to Labor Day: Mon-Sat. 10 a.m.-5 p.m.; Sun. 12 Noon-4 p.m.
Labor Day to April 30: Tues.-Sat. 10 a.m.-5 p.m.; Closed Sundays and MondaysNO ADMISSION FEE.
The SPAM® Museum is closed New Year's Day, Easter, Thanksgiving, Christmas Eve Day, and Christmas Day.
-
@TheCPUWizard said:
1937 SPAM™ Boulevard
Wait, they actually got the city to put TM on the fucking STREET NAME?
Companies slapping TM, C, R after every instance of their brand name (making them sound like a lawyer with Tourrettes) is a WTF. Being allowed to trade mark a street name is a bigger WTF.
That being said, I'd love to see the plethora of WTFs that came out of Austin, Minnesota's IT department when they tried to use a "non-standard" character. Why is there not an Error'd of a street sign that says "Spam (missing character block) Blvd."? Where are the property tax forms mailed to 1937 Spam™ Blvd.?
How much junk mail does that address get anyways? (Hint: It will be much more than before, because 1937 Spam Blvd., Austin, Minnesota, 55912 is going to be my new "You insist you need an address? Fine, shitcocker. Here's my address" address)
-
You'd be surprised how lenient some areas are with street names. One of our clients, a county government, seems to have no rules for address management or street names so anybody can have any address they want (major WTF when you can have address 4239 on the even-numbered side of the 200 block, I'd hate to work mail or package delivery there) and road names change all the time. One day they informed us of a road name change. The new street name (slightly anonymized) was "Me and Sammy Lane".
-
@mott555 said:
You'd be surprised how lenient some areas are with street names. One of our clients, a county government, seems to have no rules for address management or street names so anybody can have any address they want (major WTF when you can have address 4239 on the even-numbered side of the 200 block, I'd hate to work mail or package delivery there) and road names change all the time. One day they informed us of a road name change. The new street name (slightly anonymized) was "Me and Sammy Lane".
I once saw a Pearly Gate, which was a dead-end road.
The town I live in has gone through a bit of a street number thing recently. There is a significant Chinese population in Markham. I think I'm their token white guy. Anyways, someone moved into #4 Whatever Street. (4 being an "unlucky" number, I think because it phonetically sounds like "Death". Too lazy to google). So he petitioned the town to get his address changed, which was granted because since the neighbourhood was still being zoned, there were free, consecutive numbers next to his.
And then the city was suddenly flooded with requests to have numbers changed. Everyone (exaggeration) who had a 4 in their address wanted a new number. Everyone else (other exaggeration) thought it was not only stupid/unfair, but a waste of town money. No one could agree where a line should be drawn.
The town first said "Fine, we'll accept applications, but only for houses where there are adjacent, available, consecutive numbers-- and you have to pay $200". They were still flooded, so they said "Oh yeah, and in addition, you have to get signed affidavits from all your neighbours affirming that they have no objects to such a change, and that such a change will no cause them any hardship. Oh yeah x2, it'll cost THEM $50 a pop to file these forms".
Last I heard, that was the end of it. Smart move, town council. Smart move.
-
@Lorne Kates said:
Hint: It will be much more than before, because 1937 Spam Blvd., Austin, Minnesota, 55912 is going to be my new "You insist you need an address? Fine, shitcocker. Here's my address" address
Does your locality not have criminal obscenity laws relating to sending an envelope with offensive material on the outside? Whenever I'm forced to put an address, I add a few lines of disgusting racist bile, or some such. If anyone ever actually mails a letter to that address, they'd be committing a criminal offence.
I wonder if you can successfully sue for libel if a company sends you a letter to your name and address with 'is a paedophile/banker/some such' as address line 1.
-
@MascarponeRun said:
@Lorne Kates said:
Hint: It will be much more than before, because 1937 Spam Blvd., Austin, Minnesota, 55912 is going to be my new "You insist you need an address? Fine, shitcocker. Here's my address" address
Does your locality not have criminal obscenity laws relating to sending an envelope with offensive material on the outside? Whenever I'm forced to put an address, I add a few lines of disgusting racist bile, or some such. If anyone ever actually mails a letter to that address, they'd be committing a criminal offence.
I wonder if you can successfully sue for libel if a company sends you a letter to your name and address with 'is a paedophile/banker/some such' as address line 1.
That's-- evil. I must set up a few proxies and try that one day. I wonder if the reaction will be different if you put "Attack date: Aug 22, 2012, Code: Green" instead. :|
-
@Sutherlands said:
A normal VPN does "block untrusted LANs". The one in question blocks them even when you're not connected to the network, and makes you login as soon as it sees the server. Which one was "kinda the point"?
What if you put a firewall on your LAN which serves no purpose but to block the server? :D
-
@Lorne Kates said:
@TheCPUWizard said:
1937 SPAM™ Boulevard
Wait, they actually got the city to put TM on the fucking STREET NAME?
Companies slapping TM, C, R after every instance of their brand name (making them sound like a lawyer with Tourrettes) is a WTF. Being allowed to trade mark a street name is a bigger WTF.
That being said, I'd love to see the plethora of WTFs that came out of Austin, Minnesota's IT department when they tried to use a "non-standard" character. Why is there not an Error'd of a street sign that says "Spam (missing character block) Blvd."? Where are the property tax forms mailed to 1937 Spam™ Blvd.?
How much junk mail does that address get anyways? (Hint: It will be much more than before, because 1937 Spam Blvd., Austin, Minnesota, 55912 is going to be my new "You insist you need an address? Fine, shitcocker. Here's my address" address)
Sadly, it's actually on Main Street North, which is way less
coolWTF of a name.
