First, thanks to everyone who responded.
I got a _very_ large volume of mail as a result of my posting.
Since much of this is new to me, I am still digesting the
information and am not in a position to draw any detailed
conclusions. In any event, I thought it best to post at least
an overview of the responses now so as not to seem ungrateful.
Here is a summary of the responses.
My original post was:
We are looking into an Internet connection for our site. One
potential provider (PSI) has suggested a 56kb connection, putting
a DSU and a router at our site. Our initial use will be rather low
volume email with occasional large (20 mb+) overnight file transfers.
I have several questions:
1. Is 56kb adequate capacity?
Answers:
Response ranged from "This is overkill." to "On a 56kb link it will take
1/2 to 11/2 hours to transfer a 20mb file and it will kill all other activity
on the link." I was also warned that a news feed could consume
considerable bandwidth if we took everything. Also, Mosaic puts a
considerable load on the link. Netscape is a bit more efficient.
My conclusion is to go with the 56kb link to start with and, taking the
advice of several of you, negotiate an option to upgrade by paying
the difference between the 56kb link and the higher speed line.
2. Is there any good packet filter software which I can use
to enhance system security?
Routers provide some packet filtering capability. Morningstar and
Cisco were mentioned. There seems to be some difference of
opinion as to whether packet filtering alone provides sufficient
security.
For increased security I was advised to dedicate a cpu to serve as a
firewall. Two books were recommended on the subject of security:
"Practical Unix Security" - O'Reilly
"Firewalls and Internet Security" - Addison Wesley
There is also a mailing list on the subject: Majordomo@GreatCircle.COM.
Someone sent me the FAQ from Fwalls-FAQ@tis.com. A good summary
on the security issues of connecting to Internet. I am still digesting it.
The FAQ noted, BTW, that even a firewall cannot totally protect against
attacks in which something is mailed to one of the internal hosts and
then executed.
As far as firewall products are concerned there is TIS Firewall Toolkit
(ftp.tis.com)
(public domain?) as well as a commercial product called Firewall-1 from Sun
or from Checkpoint.
3. What do people think of the proposed hardware configuration?
We have 7 Sun workstations (2 Solaris 2.x, the remainder
Sun O/S 4.x).
My intent with this question was to determine whether the router
and DSU/CSU setup was appropriate for our current network
configuration. That appears to be the case.
4. Anyone have any experiences (good, bad, indifferent) with
Internet providers)?
I got an earfull on this one. PSI received some favorable reviews as
well as some warnings to avoid them at all costs. Other providers
also received some negative reviews though not as extreme.
It appears that the ISPs and the network are stretched rather thin
by the increased demand. The result is a decline in service.
The two best bits of advice I got were
1. Call all of the providers who service our area and note what sort of
pre-sales support we get. Service will not get better after we become
a customer.
2. Find out how direct the connection is between our site and the
principle sites we will be communicating with. I believe that the
term for this was "hop count" (experts will excuse me if I got this
wrong.)
Thanks again to everyone who responed.
Peter Schauss
pschauss@aol.com
Gull Electronic Systems Div
Parker Hannifin Corp
Smithtown, NY
This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:09:16 CDT