Profile

Stuart Kendrick

Edit My Profile


My Content

1 to 9 of 9 total
Posted By Stuart Kendrick 06-22-2022 06:17:18 AM
Found In Egroup: Wireless Local Area Networking
\ view thread
We have a building supported by ~75 Meraki MR32 (end-of-life: mid-2024) and ~75 Meraki MR33 (mid-2026) -- the gear is intermingled (no geographical delineation). The simplest approach would be to replace all (150) APs somewhere prior to mid-2024, likely with WiFi 6/6e APs. But that would also be expensive ...
Posted By Stuart Kendrick 06-16-2022 05:21:51 AM
Found In Egroup: Network Management
\ view thread
Anyone have a Stratum 1 NTP appliance manufacturer / model to recommend? --sk Stuart Kendrick Allen Institute ------------------------------ Stuart Kendrick Systems Engineer Allen Institute ------------------------------
Posted By Stuart Kendrick 05-26-2022 03:50:15 PM
Found In Egroup: Network Management
\ view thread
Does anyone use a NetFlow platform (open-source or commercial) which you like? --sk ------------------------------ Stuart Kendrick Systems Engineer Allen Institute ------------------------------
Posted By Stuart Kendrick 05-26-2022 03:14:21 PM
Found In Egroup: Network Management
\ view thread
I'm measuring throughput across a site-to-site VPN tunnel to AWS (one end terminated on a beefy box on our end; the other on an AWS Virtual Private Gateway). And am topping out at ~750Mbps, for TCP traffic ... we see significant frame loss at this rate, so it is unsurprising to me that we aren't going ...
Posted By Stuart Kendrick 05-24-2022 05:21:00 AM
Found In Egroup: Network Management
\ view thread
I have spent most of my career at research outfits relying heavily on publicly routable /16 space ... and then the last ~7 years now at an outfit in which everything uses RFC1918 addresses, because we only have a single /24 of public IPv4 space (the Firewall manages the Virtual (public) IPs, which get ...
Posted By Stuart Kendrick 02-27-2022 06:45:00 AM
Found In Egroup: Network Management
\ view thread
I'll chime in with Fortigate as well -- the community we consulted when we made this choice in 2017 suggested the following: - Palo Alto leads the pack in terms of quality of protection and usability, but costs a lot - Fortinet is a strong contender and particularly shines in bang-for-buck when it comes ...
Posted By Stuart Kendrick 02-21-2022 08:41:26 AM
Found In Egroup: Network Management
\ view thread
And why are you wary of just permitting QUIC entirely? Thus far, it seems like a trade-off as follows: (a) Improves performance under some circumstances (b) Supports Apple's latest security / privacy features (aka Private Relay) (c) Makes cybersecurity and trouble-shooting harder (loses the rich inspection ...
Posted By Stuart Kendrick 02-21-2022 05:39:00 AM
Found In Egroup: Network Management
\ view thread
Has anyone figured out how to weigh the pros and cons of permitting QUIC (https://datatracker.ietf.org/doc/html/draft-ietf-quic-manageability-11) across institutional Firewalls? I am trying to understand what breaks if I disallow it and what capabilities / vulnerabilities surface when allowed --sk ...
Posted By Stuart Kendrick 02-21-2022 05:05:39 AM
Found In Egroup: Network Management
\ view thread
Has anyone else seen issues with OS X Monterey and Safari Web browsing? I am analyzing pcaps which suggest the following: - Monterey consults Apple servers (mask-t.apple-dns.net and mask.apple-dns.net) regularly - When those servers go dark, Monterey stalls Safari access to Web sites until they respond ...