Category Archives: Hardware Issues

Our company’s experience with migrating from one telecom provider to another.

unpluggedWhen you’re shopping for a new vendor, it’s not uncommon to read horror stories about service providers, especially in the realm of telecommunication. So I wasn’t surprised to see the name of our previous telecom provider mentioned again and again in negative reviews. Talk about horrible customer service, high prices and slow speeds—I could write a book!
But rather than adding to the plethora of negative reviews, I want to focus on a much better experience—with our new telecom vendor.

As our telecom contract was coming up for renewal, we were determined to find better service. We’d read about the recent merger of Time Warner Cable (TWC) and Charter, and were concerned about signing up with an unknown entity. But their broadband speeds and pricing were among the best available. So we decided to make the switch to TWC.

No matter which provider we chose, the sheer enormity of a telecom migration project was overwhelming. It involved migrating multiple servers, websites and firewalls. What’s more, this project also involved migrating our phone lines from Plain Old Telephone Service (POTS) to Voice Over IP.
We tried laying as much of the groundwork beforehand as possible. And we built in one month of overlapping service, just in case problems should arise.

To be sure, there were bumps along the road. As it turned out, we would need that overlapping service. While TWC’s broadband was great from the start, we encountered several issues with Voice-over-IP. These turned out to be very challenging to troubleshoot, and required many hours (plus swapped-out equipment) to resolve. I won’t bore you with the technical details. But we were very impressed with how quickly the support team and local service technicians responded to our needs every step of the way.

Now that this project is coming to a successful completion, I’m pleased to report that our overall experience with Time Warner Cable has turned out to be surprisingly positive. Our broadband speeds have nearly tripled, while our overall telecom costs have actually decreased.

Although the TWC installation wasn’t perfect, their people bent over backwards to help us out, and make things right. Great customer service is no accident. It takes a coordinated effort, from the top levels of management down to the folks who interact with customers. Kudos to TWC for their obvious commitment to customer service.

A Security Vulnerability We Encounter Way Too Often

There were no locks on the house where I grew up in rural Wisconsin in the 70’s. And we never gave it a second thought—we knew all our neighbors. Crime was simply unheard of.

Can you imagine living without locks on your house or office today? I’ll bet you lock your doors even if you live in a relatively “safe” neighborhood. It just makes sense to take simple precautions.

That’s why my programmers and I are often surprised when clients and prospective clients don’t seem to share the same level of concern for security when it comes to their local area network.

If your small office/home office connects to the internet, it’s sitting right smack dab in the middle of a dangerous neighborhood.  Oftentimes, the only thing that stands between your computers and the criminal element is a piece of hardware called a Diagram of firewallfirewall.   In theory, your firewall is supposed to allow you to surf the internet, while keeping the bad guys at bay.

So you might be thinking, “As long as I have a firewall in place, I’m protected—right, Dave?” Maybe—But here’s a problem we see more often than you’d expect: when firewalls come from the factory, they’re preprogrammed with a default login and password—typically ‘Admin’ and ‘Password’ or something similar. If no one ever changes the login/password, there’s a good chance that your network is vulnerable. The bad guys have tools that can crack simple passwords in no time.

This is so important that I want to say it again: If nobody changes the password on a firewall that allows for remote management, you might as well paint a sign in big red letters, “COME ON IN—THE DOOR’S OPEN.” Once hackers get past your firewall, there’s not much to prevent them from rummaging through your files, taking copies of your sensitive data, trashing your website, or worse.

If you don’t know how to change the password on your firewall, please find someone who can. Since our business focuses on writing software, we don’t typically do this type of work. But we know several reputable companies who do. If you need help securing your network, let me know and we can put you in touch with professionals who know their stuff.

How to regain access to a Cisco PIX firewall after locking yourself out

Today I managed to lock myself out of our PIX firewall.  We’re moving to a new network, and I needed to update the internal IP addresses so that it’ll continue serving traffic to our web servers.

What got me in trouble:  I had tried changing the inside IP address without  enabling DHCP beforehand.   No matter which IP address I used, no matter how often I rebooted the PIX, I simply couldn’t get connected back in via telnet.

This took some serious effort which I don’t want to ever have to endure again, so I’m going to note the steps that ended up working for me…

1)      Find the blue serial null modem cable (I found it in the box labelled “misc cables” and will put it back there after I’m done)

2)      Set up a Linux box that has a serial port next to the router.  Connect the cable.

3)      On the linux box, type dmesg | grep tty and look for which port is being used for the serial port.  On this machine it was ttyS0, but might be something else.

  • If the only thing that appears is tty0 (which is the console), that might mean that the BIOS has the serial port turned off.   Sure enough, that was my situation.
  • If that’s the case, restart the machine and go into the BIOS, turning it back on.

4)      Assuming you found which port is the serial port, try running the following command:  cu –l /dev/ttyS0 –s 9600

  • I figured out after a long while, that you can’t do this as root—at least not by default.  So on my Ubuntu box, I had to exit the root shell and return to my non-privileged account in order to get cu to work properly.
  • If you get a message that cu isn’t installed, go ahead and install it using apt-get install or yum install, depending on which flavor of Linux you’re running.

5)      Once I got connected, the PIX prompted for what name it should be known by, which IP address would be the inside address, the current UTC date, and a couple of other basic things like that.  I happily provided them.

6)      After I saved the updates and disconnected, I still wasn’t able to telnet into the unit.  That left me scratching my head for quite a while—I could ping the unit, but it simply refused to let me connect via telnet.  I tried shutting down my local firewall, but to no avail.  Finally, after doing some additional digging, I realized I needed to reconnect via the serial connection and tell the PIX to allow telnet.  So I connected back in, went into enable mode, issued a conf t, and added this line:  telnet 192.168.1.0 255.255.255.0 inside   (Note that the last .0 on the IP address tells the PIX to allow telnetting from any address on the 192.168.1 network.)

After a full day of wrestling with this issue, I’m finally back online.  Hope this helps someone avoid the same pitfalls.