“The “last mile” or “last kilometer” is the final leg of delivering connectivity from a communications provider to a customer. The phrase is therefore often used by the telecommunications and cable television industries. The actual distance of this leg may be considerably more than a mile, especially in rural areas.” I spent the last 10…
Archives for August 2012
CCNP Studies: Configuring IP Source Guard
In my last post, we built a nice foundation in switch security with DHCP Snooping, which IP Source Guard (IPSG) is reliant on. IPSG helps to prevent IP spoofing, which is when an attacker claims the IP address of a server or device on your network. By pretending to be that device, the attacker could…
Scansafe SaaS Content Filtering: Evaluation & Setup on Cisco ISR G2
At my current gig, I have been tasked to investigate web content filtering – cue groans from anyone who has ever had to answer the help desk phones and deal with false positives, performance issues, and just the plain old bitter users who can’t get to Facebook any more as the organization’s policy deems it…
The Consultant Attitude: Making It “Go Time”
I mentioned working with an architect in my previous post; one of his fellow consultants taught me something in about three seconds that has stuck with me more than half a decade. To paraphrase, it was, “Our goal is to come in and kick some ass. While the internal employees are complaining about their desktop…
Cisco IOS Device Hardening
Security is a part of everyday life and is everyone’s responsibility. As network engineers, it is our job to secure the plumbing that everything else rides on. While some people may consider Cisco devices (routers and switches) to already run a hardened OS, they are still vulnerable to attacks. This post will cover some of…
AHEAD, LLC – Chicago, Illinois, USA – Data Center Implementation Engineer
Job Summary AHEAD, LLC, Chicago’s top data center and virtualization consulting firm, is actively seeking engineers with 1 to 5 years of experience in data center technologies to join our team as one of our Ahead Certified Infrastructure Professionals (ACIP). This full-time position provides unlimited opportunities for career growth and professional development. We are looking…
Vint Cerf, Miracles and Missed Opportunities
The other day I was presented with a problem. A developer couldn’t access a database instance in the lab and the suspected culprit was Cisco ASA’s SQL*net ALG. What follows is a transcript of an actual conversation between the developer and me. Me: Could you test connectivity so that I can run a packet capture…
The Importance of Diagrams When Building A Network
Years ago, I had the opportunity to work with a real network architect. I’ll call him Rani Doisman. 🙂 I’m talking about someone who could put his fingers on a keyboard and make things work while being able to whiteboard out designs using various protocols and vendors, and dealing gracefully with the myriad logistical problems…
Obscure IOS Knowledge For CCIE Candidates: Part 1
I’ve been fingers-deep in CCIE Route/Switch prep for the better part of a year, and am coming into the home stretch with about 3 months before my anticipated lab date. Nearly all my prep time these days is in lab samples and simulations, working on my time management, and interpretation skills. One of the parts…
No, Not that Kind of Model!
We’re not selling clothes, after all. Ivan and I have been tossing emails back and forth about Openflow over the last week (too bad y’all didn’t get to listen in!). He’s really been helping me solidify a lot of things about my thinking in the OpenFlow space, so the conversation has been fun and useful…
Overview of the Cisco 887VA Router & Its USB
As I have mentioned before, I have been working on a network redesign for a non-profit organization, with an aim of deploying a (relatively) low-cost, manageable solution. For various reasons, the organization has only just approved the funding for my design, so I have had my contract extended until the end of the year, which…
Lessons Which Information Security Can Learn from the Fukushima Incident Report
Firstly, the events in Japan were horrible beyond belief. The earthquake and subsequent tsunami were horrifying to witness, let alone be a part of. The subsequent nuclear incident (currently designated a class 7, equaling that of Chernobyl in 1986) can only have torn at the hearts of those involved. My sympathies and condolences go to all those…
Does SDN Mean IT Will Be Able To Get Rid of Network People?
Over the last several months, Greg and I have talked a lot about software defined networking. SDN is a new and interesting way to look at moving traffic around a network. In fairness, some would argue that SDN is not “new” as such, but I think almost everyone would agree that it’s interesting. Yes, even…
Cisco Technical Support: There’s An App For That
Seriously. There’s an iOS app for Cisco Technical Support. It’s an official app published by Cisco, it’s free, and it allows you to do some useful things. I tested version 2.1 b2146 of the app on a 3rd-generation iPad. Here’s what the app let me do. Manage cases. If you have an open case, you…
How to Fail the CCIE Lab Exam
I have been preparing for the CCIE lab exam (Route/Switch track) for 18 months. Many hundreds of hours reading, re-reading, labbing, and practicing. Lots of lost sleep. Lots of stress at work and at home. Just over a week ago, I went to Cisco’s Research Triangle Park facility and took the exam. I failed. Some…
The Unbalanced Life of a Champion
I just watched a documentary called “Jens Pulver: Driven.” It is about an ex-UFC champion who eventually loses his last shot at a comeback and gets cut. There is a lot to it obviously, but I could see him losing as the story progressed. It was not that he is a bad fighter; I am…
Balloons, Bags, and SDNs
“It won’t scale.” These words have become an almost reflexive habit, haven’t they? Particularly in relation to SDNs, “it won’t scale,” is the mantra of an entire industry. I have a problem with this assessment, though. There are a number of problems confronting SDNS on the scaling front. There are limitations on the number of…
CCNP Studies: Configuring DHCP Snooping
I’ve been enthralled with the security features for Catalyst switches. I’ve had to plug away at the theory and lab work recently, but have probably gone a little further down the rabbit hole in this area. I feel that solid knowledge of DHCP Snooping is needed as a foundation for other security features. Both IP…
Juniper Networks – Network Solutions Engineer – Access & Aggregation
Responsibilities Access & Aggregation – Network Solutions Engineer EABU Sunnyvale, CA ABOUT JUNIPER NETWORKS Juniper Networks is in the business of network innovation. From devices to data centers, from consumers to cloud providers, Juniper Networks delivers the software, silicon and systems that transform the experience and economics of networking. Our products and technology run the…
Obscurity. Security. Reality.
It was only a year or two ago that I was informed I no longer need curtains in my house. “So long as your door locks are strong, and the house well designed,” it was said, “hiding your valuables really doesn’t make them more secure. Quit fooling yourself and simply take those curtains down, so…
