Saturday, 24 December 2016

IT AMC support in dubai







Wednesday, 16 November 2016


Deployment
1.  Always connect Cyberoam WAN interface with a Router via a switch and NOT with cross over cable to avoid
     autonegotiation problem between Cyberoam WAN interface and Router.
2.   By default, Cyberoam sends periodic Ping requests to its default gateway to check connectivity to Internet. It is
recommended to change this setting so that Cyberoam sends Ping requests to a host on the Internet that is permanently running or most reliable, like 8.8.8.8 or 4.2.2.2.
3.   If users have browser based proxy settings, make sure configured HTTP proxy port is same in both Cyberoam
and desktop browser. By default, Cyberoam is configured for port 3128.
4.   For security purposes, Gateway mode is preferred because it uses NAT Policies to secure private addresses of
internal or DMZ networks.
5.     If Cyberoam is deployed in Bridge Mode:
      •   Do not configure Cyberoam IP address as Gateway IP address. If this happens, users will not be able to access
the Internet.
      •   Do not terminate both ports in the same L2 switch. The switch would become instable if it receives packets of
same MAC address from more than one switch ports.
6.   It is recommended to use the High Availability feature of Cyberoam for maximum network uptime.
Note:
This feature is not available in models CR15i, CR15wi, CR25wi, CR35wi, CR15iNG, CR15wiNG, CR25wiNG/6P and CR35wiNG.
7.   In case of wireless networks, ensure maximum security by using WPA or WPA2 protocols rather than WEP.
8.   Do not broadcast the SSID of your wireless networks to avoid unauthorized users from entering into the network.
Administration 
1.   Access to Cyberoam should be carefully monitored and protected. This can be done by changing the default
administration settings like:
      o    Administrator Passwords
      o    Port used to access Appliance
      o    Access Protocols (Use secure protocols like SSH and HTTPS)
2.   Create multiple administrator profiles for special-purpose administrators like VPN Administrator, Security Administrator,
      Audit Administrator, etc. Each administrator should be assigned only the required permissions according to his role in the
      organization.
3.   It is recommended to disable administrative access to Cyberoam from all zones except the internal LAN zone or
      management zone. Even from LAN or management zone, use secured protocols like HTTPS and SSH for GUI and
      CLI access.
4.  Check regularly for firmware releases and upgrade Cyberoam to the latest firmware available.
5.  Take regular backup of Cyberoam. Also, make sure you take a backup before any changes are to be made in the
     configuration of the appliance.
6.  Test your firewall rules and policies regularly.
7.  Conduct internal audits to check the health of the appliance.
8.   Enable Login security in terms of:
      o    Enabling password complexity for the administrator.
      o    Restricting number of login attempts to prevent brute force attack.
Firewall
1.  Create Firewall rule for DNS IP Address if desktops are configured with a public DNS IP address.
2.  Create firewall rule to allow required and critical traffic across each zone because, by default, complete traffic across each zone
is dropped by Cyberoam, except for LAN to WAN traffic. This will be applicable in both bridge and gateway mode. For example,
if Mail server is placed in the DMZ zone, then Cyberoam will not allow access of Mail server from LAN and WAN zone.
o    To access specific applications running on mail server, create necessary firewall rule from each zone.
o    Create firewall rule to give external world access to the Mail server.
3.   Create Firewall rule to allow access to and from applications running on DMZ as, by default, entire traffic from LAN to DMZ is dropped.
4.   If Cyberoam is configured in Bridge mode and DHCP server is running in WAN zone of Cyberoam then create firewall rule to allow
packets from DHCP server to LAN to lease IP addresses on desktop.
5.   If MX IP is bound to the WAN port of Cyberoam, create NAT and Virtual Host rules to map the private IP address of mail server with the MX IP.
6.   If the LAN zone has Routed Networks, then create static routes in Cyberoam to forward requests to and from the Routed Networks over
the Internet.
7.   If Cyberoam is configured for multiple Internet Service Providers i.e. multiple gateways then:o    To improve browsing speed and reduce latency, create a firewall rule to route the DNS IP address requests through a specific Gateway. For
example, if DNS IP address is from ISP1 and DNS request is going from ISP2 then latency will increase and time taken to resolve the site
name will also increase.
o    If access to certain application like VPN application, SAP or ERP application is allowed from specific IP address, create firewall rule to route
the application request from the specific IP address only.
o    Create a NAT policy to bind the Mail Server IP Address with MX IP. This will establish connection as well as reduce chances of return
MX check problem.
8.    It is recommended to bypass DoS screening for traffic-intensive servers like VOIP and FTP to avoid dropping of legitimate traffic.
9.    Disable NAT policies for WAN to LAN rule for Mail Server to avoid making it an open relay.
Authentication
1.    If Cyberoam is integrated with one or more external authentication servers, make sure the servers are selected for firewall authentication and
are in the order of preference.
2.    In case of AD integration with Single Sign On enabled, create clientless users for servers like VOIP server, MFDs, etc. whose manual
authentication is not feasible.
3.    After importing groups from AD, modify the order of the groups according to preference. Any user, who is a part of multiple groups, will be
mapped to the first matching group on Cyberoam.IPS
1.    Create custom IPS policies with relevant signatures to decrease packet latency and improve performance.
2.    It is recommended to apply IPS policy in WAN to LAN firewall rules for servers hosted in the network to protect them against known
and unknown attacks.
3.    IPS policy is not recommended for LAN to WAN traffic, unless it is used to control applications using custom signatures.

VPN

1.    Create VPN to LAN firewall rules to enable Threat Free Tunnelling, i.e., protect the network from malicious traffic through the VPN tunnel.
In these rules, NAT policies should be disabled to allow access to internal resources.
2.    For additional security, use CHAP and MSCHAP Handshaking Protocols for PPTP remote access VPN.
3.    If VPN connectivity is to be configured between a Head Office and multiple Branch Offices, create a Hub and Spoke VPN configuration,
i.e., create virtual tunnels from each Branch Office directly to the Head Office.
Antivirus
1.   For scanning of HTTP and HTTPS traffic, configure the Scan Mode as “Real Time” rather than “Batch”. The Real Time scan mode allows
virus scanning of files as soon as their download starts while Batch scan mode waits for download of the complete file before scanning.
2.   Configure Cyberoam to disallow access to HTTPS websites with invalid certificates.

Antispam

1.   Configure Cyberoam to “Accept” oversized emails to avoid dropping of emails that might be useful.
2.   Enable Spam Digest to allow end users to manage quarantined mails by themselves.
3.   Configure Cyberoam to verify IP Reputation of senders of all emails to improve Antispam performance.
QoS
1.   Create appropriate QoS policies for mission critical applications.
2.   Assign highest priority to real time traffic like VOIP and lowest priority to bulky protocols like FTP or P2P file transfer for better managed
bandwidth.

Monday, 26 September 2016

Showing 1–12 of 101 results

Netmate information technology

IT support in dubai

Network Firewall and VPN:
We cater your entire needs for the up to date information and technology inmplementation,by providing best network,physical firewalls devices and creating vpn networks for you
AMC contracts
WE provides services level agreements which entain all the company’s requirements to their satisfaction and needs,we will fulfill all service and maintencance  needs
Data storage solution
For data protection you can count on,a strong technology platform and a secure cloud insfrastructure are essential .But you need more.you need a partner with a team of data recovery experts
Consultancy
we provide consultancy on IT matter for you ,so that you will have peace of mind that you have been guided with professional advices for setting up new comapny IT department.
Business telephony solutions
Ip-telephony is required by almost every modern organisation,to collect all the comprehensive information about daily calls,we provide best devices according to your company needs
Structured cabling
we design entire infrastructure keeping in view the demand of todays technology in simple and easy to manage network and telephone cabling system,with racking and secure leak proof cabling
On demand support
we cater small business,with our on call and on demand support on daily basis,where time is not critical and budget is less,so that you can concentrate on your business without worry of IT in-house person.

Wednesday, 7 September 2016


DrayTek

Posted On November 10, 2015 at 1:03 pm by / No Comments

DrayTek

is a manufacturer of broadband CPE (Customer Premises Equipment), including firewalls, VPN devices, routers and wireless LAN devices. The company was founded in 1997 by a team of experienced engineers who decided to form their own company and create what they feel are superior network products. Their earliest products included ISDN based solutions, the first being the ISDN Vigor128, a USB terminal adaptor for Windows and Mac OS. This was followed by the ISDN Vigor204 ISDN terminal adaptor/PBX and Vigor2000, their first router. Their head office is in Hsinchu, Taiwan with regional offices and distributors worldwide.
DrayTek was one of the first manufacturers to bring VPN technology to low cost routers, helping with the emergence of viable teleworking. In 2004, DrayTek released the first of their VoIP (Voice-Over-IP) products which has become one of their key areas. In 2006, new products aimed at enterprises debuted, including larger scale firewalls and Unified Threat Management (UTM) firewalls products however the UTM Firewalls did not sell in sufficient volume and the UTM products ceased development and production.
DrayTek’s product line offers business and consumer DSL modems with support for the PPPoA standard compared to the more the widely supported PPPoE for use with full-featured home routers and home computers without more expensive ATM hardware. PPPoA is used primarily in the UK. Most Vigors also allow a virtual private network (VPN) connection directly to the router, without the need to pass the VPN packets through to a VPN server running on a computer. With appropriate configuration it is possible to make a VPN connection remotely to a Vigor router, use Wake on LAN to start up a computer connected to it, and make a remote administration connection to control the computer.
DrayTek was floated on the Taiwanese OTC securities market in 2001. Google Finance Page.
Contents
1 Vigor 2200USB
2 Wireless LAN Central Management
3 Vigor 2860Ln Series
4 IPv6
5 BT MCT SIN 498 Compliance
6 Products
7 Notes
8 External links
Vigor 2200USB
DrayTek released the Vigor2200USB router in the UK in 2002, a unique router for ADSL, the only router able to be connected to BT’s newly launched USB-modem based ADSL service. The router did not incorporate a modem, but allowed certain specified USB ADSL modems to be connected; at the time many Internet Service Providers required their USB modems to be used rather than allowing connection of ADSL equipment directly to the telephone line (“wires-only” service). The product was devised in the UK by SEG Communications and developed by DrayTek engineers. This was the only router supporting a separate USB modem, and was the only router compatible with BT’s new USB ADSL service. These factors made it very popular and firmly established DrayTek as a key player in the broadband Internet hardware market in the UK.[1]
Wireless LAN Central Management
DrayTek released their wireless LAN management system in 2014. It allows their compatible wireless access points to be centrally managed.
Vigor 2860Ln Series
DrayTek released the Vigor2860Ln in October 2015 which was DrayTek’s first router with 3G/4G cellular services built-in. It was otherwise based around the existing Vigor 2860 series.
IPv6
In 2010, DrayTek began adding IPv6 support to its range of routers. By 2012, most of its top selling models support IPv6 in both native (dual-stack) and broker tunnel modes. In 2012, DrayTek also published their book Real World IPv6 [1]. As of 2015, all current DrayTek products support IPv6.
BT MCT SIN 498 Compliance
For the UK market, DrayTek were granted MCT approval for their VDSL2 products in 2015, a mandatory requirement for products connected to the UK network operated by BT Openreach (used by most ISPs).
Products
DrayTek Vigor 2110n

Thursday, 12 May 2016

ip-telephony-digium-digital-Netmate information technology

ip telephony digium analog system


Showing 1–12 of 50 results