Recommended wireless AP for 400 users office

Paul Nash paul at nashnetworks.ca
Wed Feb 4 13:48:53 UTC 2015


It’s the “remote capture” that scares me.

I was testing some Meraki kit, called their NOC to try to debug some Radius issues, tech tells me “oh yes, I can see your traffic going hither and yon between the test client and test server that are both in your office, and looking at the packet contents I can see ….”

With Ruckus (or almost any other) gear, I have to either open up a hole through my firewall or grab the packet traces and send them to the tech folk.  They don’t have uncontrolled access to my internal traffic out of the box.

	paul


> On Feb 4, 2015, at 8:31 AM, Ray Soucy <rps at maine.edu> wrote:
> 
> Honestly, in a lot of cases you don't even need a device to support
> packet capture as a feature to add it as a feature once its
> compromised.  This is just FUD IMHO.
> 
> On Wed, Feb 4, 2015 at 7:24 AM, Paul Nash <paul at nashnetworks.ca> wrote:
>>> I love the built-in remote packet captures,
>> 
>> You, the NSA, and lots and lots of hackers, ALL love the remote packet capture.  If Meraki support can turn it on, so can someone who penetrates their systems (by getting a job there or by hacking), and then they get to see everything happening INSIDE your network.  Not just your WAN traffic, which would be bad enough.
>> 
>>        paul
> 
> 
> 
> -- 
> Ray Patrick Soucy
> Network Engineer
> University of Maine System
> 
> T: 207-561-3526
> F: 207-561-3531
> 
> MaineREN, Maine's Research and Education Network
> www.maineren.net




More information about the NANOG mailing list