P
Parvardigar
A few months ago we hired a new Sysadmin. I own the company. I am not
an IT professional but know enough to get around. I'm not adverse to
change but there have been instances where I feel uncomfortable. We
have a WAN. We have a corporate office and several miles away the
factory. In Asia we have a couple of retail outlets. Over the WAN
everyone uses Citrix Metaframe to log in. We process data using
Microsoft's Navision. We've used Citrix for the last decade. Our
current OS is Server 2000, PDC. And Terminal Server with Citrix
Metaframe. We've had no issues with our Wan. I get the following
message from the admin. I don't like to change anything if it is
working. Let me know your reaction. Thanks for any insight into this
proposition. And thanks for your indulging this concern.
Message:
The DNS issue is resolved and corrected! I was able to get into
contact with one of my Network associates who is a high level
Microsoft Certified Senior Consultant and he helped me to resolve the
problem. The biggest problem is that we are on 2 separate IP naming
conventions which made it easier for the man-in-the-middle attack that
occurred. That allowed us to get DNS Poisoned. He recommended that we
move to a more secure convention. I would like to move the naming
convention to a 10.10.10.0/24 naming scheme, making it harder for an
attacker to spoof our IP address scheme. 192.168. is a home networking
IP scheme, not really good for businesses. I want to put the factory
and the Corporate on the same IP scheme, not one at 192.168.253 and
the other at 192.168.254. There is not need to separate the network
like that. This will reduce traffic and make things a lot easier.
Also, I believe this will cut costs as if we are all on the same IP
range, they will not need to log into Citrix. Of course I will not
phase out Citrix now, that is a big move but at the first of the year
it could be done away with. Also, putting things on the same IP will
allow France to do the same, do away with Citrix. All they would need
is a SonicWall Firewall like we have and they can connect directly,
again, bypassing Citrix. Citrix, if kept, has to be upgraded. There
are too many holes. It is behind years. The upgrade cost is $3,400. I
have a quote from CDW already. That is a large expense. With that
aside, I need to move the IP scheme for a more secure network. This is
relatively necessary and because he is my friend, he is only going to
charge me $350, well $300 and then $50 for travel. His company charges
$120 an hour for him and we are getting him for a complete day for
$350. please get back to me ASAP on this
an IT professional but know enough to get around. I'm not adverse to
change but there have been instances where I feel uncomfortable. We
have a WAN. We have a corporate office and several miles away the
factory. In Asia we have a couple of retail outlets. Over the WAN
everyone uses Citrix Metaframe to log in. We process data using
Microsoft's Navision. We've used Citrix for the last decade. Our
current OS is Server 2000, PDC. And Terminal Server with Citrix
Metaframe. We've had no issues with our Wan. I get the following
message from the admin. I don't like to change anything if it is
working. Let me know your reaction. Thanks for any insight into this
proposition. And thanks for your indulging this concern.
Message:
The DNS issue is resolved and corrected! I was able to get into
contact with one of my Network associates who is a high level
Microsoft Certified Senior Consultant and he helped me to resolve the
problem. The biggest problem is that we are on 2 separate IP naming
conventions which made it easier for the man-in-the-middle attack that
occurred. That allowed us to get DNS Poisoned. He recommended that we
move to a more secure convention. I would like to move the naming
convention to a 10.10.10.0/24 naming scheme, making it harder for an
attacker to spoof our IP address scheme. 192.168. is a home networking
IP scheme, not really good for businesses. I want to put the factory
and the Corporate on the same IP scheme, not one at 192.168.253 and
the other at 192.168.254. There is not need to separate the network
like that. This will reduce traffic and make things a lot easier.
Also, I believe this will cut costs as if we are all on the same IP
range, they will not need to log into Citrix. Of course I will not
phase out Citrix now, that is a big move but at the first of the year
it could be done away with. Also, putting things on the same IP will
allow France to do the same, do away with Citrix. All they would need
is a SonicWall Firewall like we have and they can connect directly,
again, bypassing Citrix. Citrix, if kept, has to be upgraded. There
are too many holes. It is behind years. The upgrade cost is $3,400. I
have a quote from CDW already. That is a large expense. With that
aside, I need to move the IP scheme for a more secure network. This is
relatively necessary and because he is my friend, he is only going to
charge me $350, well $300 and then $50 for travel. His company charges
$120 an hour for him and we are getting him for a complete day for
$350. please get back to me ASAP on this