USG Pro 4 and our Company Security
-
@jmoore said in USG Pro 4 and our Company Security:
@scottalanmiller I have 600 down at home so that is slow.
What does that have to do with anything. What would the DC need more than 100 for based on his use case?
-
@jmoore said in USG Pro 4 and our Company Security:
@wrx7m $75 a month, just internet though, nothing else bundled
I pay about $50 for 100/100 from Frontier FiOS.
-
@jevans said in USG Pro 4 and our Company Security:
This is from the Rep:
"UTM (Unified Threat Management) This is where you have multiple layers of security at the gateway to protect against threats. These typically come with a subscription for regular update usually daily or even multiple times a day for their threat updates. Also DPI SSL inspection. "
This is why he was saying the USG will not be a viable option for us.
Why were you even running this by them? They don't really need to know what equipment is running in the rack.
-
@scottalanmiller said in USG Pro 4 and our Company Security:
Another really important thing to point out is that a Unifi USG is a UTM. We never talk about that because that would be a shitty way to sell firewalls. UTM is nothing more than a firewall with some extra features (that we generally recommend against because they are either stupid and wasteful, or if needed shouldn't be on the firewall as that is horrible security practice) and the USG has some UTM features that you can turn on (but most of us don't.)
Unifi themselves wouldn't classify the USG as a UTM device. Are you saying because it's a firewall it should then be classified as a UTM? Thinking a UTM is worthless is one thing, but saying a firewall is a UTM because a UTM is simple a "firewall with worthless added features," seems bizarre.
I feel like we're comparing a VW GTI with a Porsche 911. "The 911 is just an expensive GTI with fancy features." A lot of people would say the Porsche is a waste of money...that both are German cars and get you from point A to B, but they're still not the same.
Maybe Ubiquiti recently added a bunch of features you would find on a Sonicwall/Fortigate/Juniper device?
** An amendment - it looks since I last looked they do IDS/IPS so if you factor that in with the firewall it technically would meet Wikipedia's definition of a UTM, but Ubiquiti would still never classify it as such since every device in that category usually offers some sort of gateway antivirus, content filtering, application control, spam filtering, etc.**
-
@wrx7m said in USG Pro 4 and our Company Security:
@jmoore said in USG Pro 4 and our Company Security:
@wrx7m $75 a month, just internet though, nothing else bundled
I pay about $50 for 100/100 from Frontier FiOS.
Must be nice. $65 for 10/100. Good old Spectrum.
-
@frodooftheshire said in USG Pro 4 and our Company Security:
@scottalanmiller said in USG Pro 4 and our Company Security:
Another really important thing to point out is that a Unifi USG is a UTM. We never talk about that because that would be a shitty way to sell firewalls. UTM is nothing more than a firewall with some extra features (that we generally recommend against because they are either stupid and wasteful, or if needed shouldn't be on the firewall as that is horrible security practice) and the USG has some UTM features that you can turn on (but most of us don't.)
Unifi themselves wouldn't classify the USG as a UTM device. Are you saying because it's a firewall it should then be classified as a UTM? Thinking a UTM is worthless is one thing, but saying a firewall is a UTM because a UTM is simple a "firewall with worthless added features," seems bizarre.
I feel like we're comparing a VW GTI with a Porsche 911. "The 911 is just an expensive GTI with fancy features." A lot of people would say the Porsche is a waste of money...that both are German cars and get you from point A to B, but they're still not the same.
Maybe Ubiquiti recently added a bunch of features you would find on a Sonicwall/Fortigate/Juniper device?
** An amendment - it looks since I last looked they do IDS/IPS so if you factor that in with the firewall it technically would meet Wikipedia's definition of a UTM, but Ubiquiti would still never classify it as such since every device in that category usually offers some sort of gateway antivirus, content filtering, application control, spam filtering, etc.**
Apt comparison.... In both cases marketing is where the money is spent.
-
I don't know why this place provides public hotspot.. their internet sucks.
-
This is what is in the current v5 controller.
-
@JaredBusch it's amazing how much CPU power UTM features require. But makes sense when you think about what they do.
-
The "Customer Success Manager"(Rep) just emailed our CEO and President before I could have our IT meeting with them today. Here is what he sent:
"I see you are looking at using Ubiquiti hardware. That gives me pause on multiple levels.
• First Ubiquiti is not an enterprise grade system provider. While they have been making improvements on the last few years they are still pretty immature in their offerings and they are targeting the lower end of the market. I don’t have anything against them personally in fact I use some of their AP’s in my house. But for the environment you are looking to use them in where downtime is a big deal I would not look at using their equipment.
• Second is the lack of Functionality. The USG does not have the advanced security and management functionality that you will find in Fortinet and SonicWALL’s offerings.
o USG does not have any UTM options. If you will be allowing internet traffic to come and go at the branch offices and not forcing it to travers back to the centralized hub then that traffic is at risk. With using the UGS at the Atmosera Hub you will still be at risk only using a USG appliance there. I understand there has been attacks on your systems in the past (server encrypted) and the UTM protection, while not the end all be all, it is the front line defense to try and stop those types of attacks.
o DPI-SSL on the gateways is also becoming an important defensive measure. This is not something the USG can do.
• My third concern is support. Having supported a number of customers in the past that used Ubiquiti hardware for their WiFi and internal network hardware, their support model has not been impressive.
• Ubiquiti is fine for internal WiFi or network switching but I would not recommend them for gateway front line security." -
@jevans said in USG Pro 4 and our Company Security:
The "Customer Success Manager"(Rep) just emailed our CEO and President before I could have our IT meeting with them today. Here is what he sent:
"I see you are looking at using Ubiquiti hardware. That gives me pause on multiple levels.
• First Ubiquiti is not an enterprise grade system provider. While they have been making improvements on the last few years they are still pretty immature in their offerings and they are targeting the lower end of the market. I don’t have anything against them personally in fact I use some of their AP’s in my house. But for the environment you are looking to use them in where downtime is a big deal I would not look at using their equipment.
• Second is the lack of Functionality. The USG does not have the advanced security and management functionality that you will find in Fortinet and SonicWALL’s offerings.
o USG does not have any UTM options. If you will be allowing internet traffic to come and go at the branch offices and not forcing it to travers back to the centralized hub then that traffic is at risk. With using the UGS at the Atmosera Hub you will still be at risk only using a USG appliance there. I understand there has been attacks on your systems in the past (server encrypted) and the UTM protection, while not the end all be all, it is the front line defense to try and stop those types of attacks.
o DPI-SSL on the gateways is also becoming an important defensive measure. This is not something the USG can do.
• My third concern is support. Having supported a number of customers in the past that used Ubiquiti hardware for their WiFi and internal network hardware, their support model has not been impressive.
• Ubiquiti is fine for internal WiFi or network switching but I would not recommend them for gateway front line security."Maybe you should take @scottalanmiller up on his offer for a phone call to this "sales rep" with your CEO on mute. Would definitely be beneficial.
-
@jevans said in USG Pro 4 and our Company Security:
The "Customer Success Manager"(Rep) just emailed our CEO and President before I could have our IT meeting with them today. Here is what he sent:
That alone is grounds to fire a vendor. CEO and President are generally not technically inclined, and even if they are, should not be the ones making this sort of decision.
We already know this is a sleaze bag trying to sell the company things it doesn't need. Period, end of story.
-
@jevans said in USG Pro 4 and our Company Security:
The "Customer Success Manager"(Rep) just emailed our CEO and President before I could have our IT meeting with them today. Here is what he sent:
"I see you are looking at using Ubiquiti hardware. That gives me pause on multiple levels.
• First Ubiquiti is not an enterprise grade system provider. While they have been making improvements on the last few years they are still pretty immature in their offerings and they are targeting the lower end of the market. I don’t have anything against them personally in fact I use some of their AP’s in my house. But for the environment you are looking to use them in where downtime is a big deal I would not look at using their equipment.
• Second is the lack of Functionality. The USG does not have the advanced security and management functionality that you will find in Fortinet and SonicWALL’s offerings.
o USG does not have any UTM options. If you will be allowing internet traffic to come and go at the branch offices and not forcing it to travers back to the centralized hub then that traffic is at risk. With using the UGS at the Atmosera Hub you will still be at risk only using a USG appliance there. I understand there has been attacks on your systems in the past (server encrypted) and the UTM protection, while not the end all be all, it is the front line defense to try and stop those types of attacks.
o DPI-SSL on the gateways is also becoming an important defensive measure. This is not something the USG can do.
• My third concern is support. Having supported a number of customers in the past that used Ubiquiti hardware for their WiFi and internal network hardware, their support model has not been impressive.
• Ubiquiti is fine for internal WiFi or network switching but I would not recommend them for gateway front line security."And your CEO didn't fire them on the spot? What is your CEO doing taking calls from salespeople that are trying to sabotage your company?
-
@travisdh1 said in USG Pro 4 and our Company Security:
That alone is grounds to fire a vendor.
Way beyond grounds for that.
-
@travisdh1 said in USG Pro 4 and our Company Security:
CEO and President are generally not technically inclined, and even if they are, should not be the ones making this sort of decision.
Yup, this is a social engineering attack in progress. This is a hacker trying to get access to your company's money by tricking the poorly informed.
-
@jevans said in USG Pro 4 and our Company Security:
First Ubiquiti is not an enterprise grade system provider.
Says this, then trying to sell SonicWall. WTF. Talk about brazen.
-
@pmoncho said in USG Pro 4 and our Company Security:
USG does not have any UTM options.
Just flat out lying. Not even trying to be tricky.
-
@pmoncho said in USG Pro 4 and our Company Security:
If you will be allowing internet traffic to come and go at the branch offices and not forcing it to travers back to the centralized hub then that traffic is at risk.
And that's different with the Unifi how, exactly? And what kind of risk is it, exactly? I think some explanation is due here.
-
@jevans said in USG Pro 4 and our Company Security:
If you will be allowing internet traffic to come and go at the branch offices and not forcing it to travers back to the centralized hub then that traffic is at risk.
This is not UTM anyway.
This is simply routing.
-
@JaredBusch said in USG Pro 4 and our Company Security:
@jevans said in USG Pro 4 and our Company Security:
If you will be allowing internet traffic to come and go at the branch offices and not forcing it to travers back to the centralized hub then that traffic is at risk.This is not UTM anyway.
This is simply routing.
Yeah, just normal, every day routing.
