Show 122 – Mission Impossible: Blast Radius, Part 2

20 October 2012 by 1 Comment

In this “part 2″ podcast (show 119 was part 1), co-hosts Ethan Banks and Greg Ferro are joined by Tom Hollingsworth, Tony Bourke, Kurt Bales, Ivan Pepelnjak and Michele Chubirka aka Mrs. Y. As the show continues, we ramble on about the following:

What We Discuss

  • The future of WAN acceleration. Greg was writing this report and started to read up on some things, and then there were all these opinions…you know how it goes on this show.
  • Check Point’s not feeling the love from this crew. Perhaps a little warmth…the amount of heat you’d feel from a match struck six feet away. But then the discussion morphs into firewalls in general, where the heartfelt admiration of those chattering into their microphones is still really hard to find.
  • The security ramble continues into firewall management platforms, followed up by just how we should be securing virtualized environments.
  • Closing it out are some bits about overlay networks and how they are impacting data center design.

Fun show to record – we hope you enjoy!

Podcast: Play in new window | Download (Duration: 56:19 — 26.0MB)

Filed Under: Podcasts, Weekly Shows Tagged With: , , , , ,
About Ethan Banks

Ethan Banks, CCIE #20655, is a hands-on networking practitioner who has designed, built and maintained networks for higher education, state government, financial institutions, and technology corporations. Ethan is a host of the Packet Pushers Podcast, which has seen over one million unique downloads, and today reaches a global audience of over ten thousand listeners. Also a writer, Ethan covers network engineering and the networking industry for a variety of IT publications. He is also the editor for the independent community of bloggers at PacketPushers.net. Follow @ecbanks.

  • http://marathon-networks.com/ Dan Shechter

    A great continuation to a great show.

    Here are my comments:
    Checkpoint
    ————–

    I think that the checkpoint bashing is not rightful. I have worked with several firewalls vendors (Checkpoint, Cisco, Fortigate, OpenBSD PF, linux iptable), and IMHO Checkpoint is still leading the group.

    There are two parts in every firewall:
    1. System configuration (interface/device admin/networking)
    2. Policy

    IMHO, the Policy part is seconds to none. On the outside, one might think that nothing changed in the GUI, but over the years there were many many improvements. And they were always years ahead of any other vendor.

    Regarding the System, right until now, you had to be a system admin to run checkpoint. No CLI. Some parts are menu based, other parts are unix like commands. And here is a little secret: A person with no system admin background can’t do security. A pure networking guy does not have the deep enough understanding of how systems and application works.

    But now, they have fully functional CLI, which makes them much easier for the average network admin to install and operate.

    I think that a show about all firewalls is long due.
    Virtual Appliances
    ———————–

    The consequence of security virtual appliances, which are loading modules into the hypervisor kernel, is that all packets go through the module. Even if you have “permit/bypass any any” as a policy, all packets go through the module.

    Do we really want this to happen? Can we troubleshoot it? Does it worth it? What about non virtual server?

    Do we what to couple our virtualization_vendor/version/others_appliances_modules with our security solutions?

    I think that for most implementations, non hypervisor modules appliances, be virtual or physical, makes more sense and are easier to troubleshoot and operate.

    FIN