|
|
Question : Problem: Using Cisco 3560\3750 SFP port for Tape Library
|
|
I am going to be setting up a tape library. I am told with the library that I'm getting that there are two ways to set it up,
[svrs to be backed up]----->thru the lan---->[backup svr]--->SCSI--->[tape library]
or
[fiber nic]------>[fiber bridge]------>[tape library]
My question is, can I use a cisco switch (3560\3750) and plug the tape library in one of the spf ports on it?
I want to buy the switch to act as the 'fiber bridge' and since it's a gb switch and all the servers have gb nics, i just want them to have a gb connection to the tape library which itself is connected by fiber.
Also, in buying the switch, it says the SFP ports are empty, do I need to purchase a specific gbic or fiber module to plug into the spf port? And i'm assuming this module will depend what type of fiber connection is coming off the tape library, would that be correct? like SC to LC or someting another
|
Answer : Problem: Using Cisco 3560\3750 SFP port for Tape Library
|
|
commonly, there are two ways the guy could use:
1. external -> internal: remote computer -> internet -> DSL router <-> internal server/workstations (public IP) (internal IP)
in this scenario, the guy could allow himself to access your network and relevant internal hosts by opening specific port(s) on your DSL router. e.g. he can enable TCP port forwarding at 3389 port to one of your internal XP computers, then access this XP and other computers from the XP, just as a local user.
to prevent this: check your DSL routers configurations, make sure there is no ANY such incoming access allowed. additionally, you may also disable all the remote access functions, such as remote assistance/remote desktop connection/VNC, of your server and each workstation, if you dont need them for remote management.
2. internal -> external: remote computer -> internet <- DSL router <-> internal server/workstations | gateway
in this scenario, the guy could install a special agent program (malware: spyware/trojan/keylogger/worm...) on at least one of your internal computers, then gather your private or business information, and even access your computers remotely. a gateway server might be used as a bridge to connect the remote malicious computer and your internal computer. even your DSL router is well configured here, this could still happen because it is an outgoing access, not incoming access.
to prevent this: 1) check the installed software to determine if there are some programs unknown to you. 2) install and run anti-spyware software to determine if there are some known malware have been installed, you may keep the anti-spyware running to monitor strange outgoing access. microsoft anti-spyware is not bad, you may feel free to try it.
frankly speaking, in this scenario, if the guy is a skilled professional and he has installed a not well-known malicious program on your internal computer(s), it is really difficult to check, for a common user.
please notice the arrows and their directions in my diagram above.
hope it helps, bbao
|
|
|
|