It’s the “remote capture” that scares me. I was testing some Meraki kit, called their NOC to try to debug some Radius issues, tech tells me “oh yes, I can see your traffic going hither and yon between the test client and test server that are both in your office, and looking at the packet contents I can see ….” With Ruckus (or almost any other) gear, I have to either open up a hole through my firewall or grab the packet traces and send them to the tech folk. They don’t have uncontrolled access to my internal traffic out of the box. paul
On Feb 4, 2015, at 8:31 AM, Ray Soucy <rps@maine.edu> wrote:
Honestly, in a lot of cases you don't even need a device to support packet capture as a feature to add it as a feature once its compromised. This is just FUD IMHO.
On Wed, Feb 4, 2015 at 7:24 AM, Paul Nash <paul@nashnetworks.ca> wrote:
I love the built-in remote packet captures,
You, the NSA, and lots and lots of hackers, ALL love the remote packet capture. If Meraki support can turn it on, so can someone who penetrates their systems (by getting a job there or by hacking), and then they get to see everything happening INSIDE your network. Not just your WAN traffic, which would be bad enough.
paul
-- Ray Patrick Soucy Network Engineer University of Maine System
T: 207-561-3526 F: 207-561-3531
MaineREN, Maine's Research and Education Network www.maineren.net