On a more serious note...Uverse IS bad for Business
ATT has been marketing Uverse as a way for a business to get a lot of bandwidth on the cheap. Usually, this is a non-issue/no-brainer for business. After all, who would not want a bunch of bandwidth on the cheap, whether you are a business or not.
The implementation for home is for the most part, pretty dull. You plug the Uverse box in to the various plugs, plug your internet devices into a port on the box, or an attached switch, and you are pretty much done. You can configure your router to route to the right machine, and away you go. For home this is a pretty sweet deal, and gives you some alternative methods of putting a machine hosting web pages out there if you spring for static IP addresses.
Business networks are a little more complicated than that, and this is where Uverse falls on its backside. The rest of this gets a little technical, so your eyes can glaze over right about now and skip the rest of the article, or just post a comment or something.
Normally, a router will offer something called NAT or Network Address Translation that will take allow you to map an IP address doing some external IP business like SMTP, FTP, Web hosting, etc. and allow you to point it to an internal IP address. This is a pretty cool deal in that users on the inside can still access the machine and do what they need to with it, while on the outside. You combine this with Port Forwarding, which takes an unused external IP address and allows you to point anything coming in on that IP and point any traffic for a specific service to the machine handling that service. This allows you to have separate servers running FTP, HTTP, SMTP, and say LDAP to have the same external IP address, even though they reside in totally different boxes internally.
Uverse does not map machines according to IP address, it maps according to MAC address. A MAC address is a unique number that is associated with the network card that is accessing the network. On a home network, this is usually a non-issue. However for a business that is used to mapping by IP, and used to having NAT we now have a problem. The Uverse router will either put a machine on the inside, or the outside, but no virtual machines doing both. In order to do anything like that, you have to use the built-in DHCP to assign the IP address (internal OR external). The only IP address that can do port forwarding, is the gateway, or the router itself. This strikes me as a kind of a security risk, and a real good example of ATT engineers (or salesman, or some other white shirt) falling down on the job.
Why is this a security risk? Because now anyone who can figure out if an IP address is in the Uverse network has to do a little less work probing the network. That www host on the Uverse network may actually be a server in the DMZ, or it is a port forwarded by the router itself. If the latter, they can portscan that particular IP and see if there are any vulnerabilities that the Uverse routers have, or WILL have, that they can take advantage of.
Why is this falling down on the job? This isn't what this product was designed for, but an update to the firmware could have made this router ready for prime time for business. Adding some better NAT, Port Forwarding, and Virtual IP addresses wouldn't require a substantial change to the hardware, but would make it a lot more functional for a business implementation.
The implementation for home is for the most part, pretty dull. You plug the Uverse box in to the various plugs, plug your internet devices into a port on the box, or an attached switch, and you are pretty much done. You can configure your router to route to the right machine, and away you go. For home this is a pretty sweet deal, and gives you some alternative methods of putting a machine hosting web pages out there if you spring for static IP addresses.
Business networks are a little more complicated than that, and this is where Uverse falls on its backside. The rest of this gets a little technical, so your eyes can glaze over right about now and skip the rest of the article, or just post a comment or something.
Normally, a router will offer something called NAT or Network Address Translation that will take allow you to map an IP address doing some external IP business like SMTP, FTP, Web hosting, etc. and allow you to point it to an internal IP address. This is a pretty cool deal in that users on the inside can still access the machine and do what they need to with it, while on the outside. You combine this with Port Forwarding, which takes an unused external IP address and allows you to point anything coming in on that IP and point any traffic for a specific service to the machine handling that service. This allows you to have separate servers running FTP, HTTP, SMTP, and say LDAP to have the same external IP address, even though they reside in totally different boxes internally.
Uverse does not map machines according to IP address, it maps according to MAC address. A MAC address is a unique number that is associated with the network card that is accessing the network. On a home network, this is usually a non-issue. However for a business that is used to mapping by IP, and used to having NAT we now have a problem. The Uverse router will either put a machine on the inside, or the outside, but no virtual machines doing both. In order to do anything like that, you have to use the built-in DHCP to assign the IP address (internal OR external). The only IP address that can do port forwarding, is the gateway, or the router itself. This strikes me as a kind of a security risk, and a real good example of ATT engineers (or salesman, or some other white shirt) falling down on the job.
Why is this a security risk? Because now anyone who can figure out if an IP address is in the Uverse network has to do a little less work probing the network. That www host on the Uverse network may actually be a server in the DMZ, or it is a port forwarded by the router itself. If the latter, they can portscan that particular IP and see if there are any vulnerabilities that the Uverse routers have, or WILL have, that they can take advantage of.
Why is this falling down on the job? This isn't what this product was designed for, but an update to the firmware could have made this router ready for prime time for business. Adding some better NAT, Port Forwarding, and Virtual IP addresses wouldn't require a substantial change to the hardware, but would make it a lot more functional for a business implementation.