Network

Skype wireless phone snipes traditional cellphones

21 Oct , 2007  

Rumors are that Skype is introducing their own cell phone in the UK, Hong Kong, Italy and Australia the end of this month. No news yet on a US offering. Calls will cost the same as calls from the Skypes PC client to outside lines but calls to Skype IDs will be free. The phone uses the iskoot software which basically acts like a Skype client on your phone. iskoot supports a number of popular existing cell phones and pdas. See who’s online, chat with them, make and receive calls on the "Skype network". Hmm… Now things are getting interesting.

While the Apple iPhone is disruptive because of Apple’s product design excellence in making a multimedia phone accessible and easy to use by the masses, the Skype phone is disruptive because of it’s free calling between Skype users. How well the rest of the phone hardware and software will be put together is yet to be seen.

Most importantly, what this validates is the trend for non-traditional players to enter the wireless cell phone game. Apple, the Google phone, and now Skype. Should any one of them really catch on it could be very disruptive. My bet is on Google, who could really tailor web 2.0 content and applications and be a real game changer in the wireless industry. Things are heating up and I have a feeling we’re seeing just the beginning of fundamental changes to how we view our cell phones.

Network

How CCIEs, MCSEs and other biases twist IT technology selection

18 Oct , 2007  

Brad Reese, Network World Cisco Subnet blogger, brings up a great question in his post Are CCIEs protecting their turf to the detriment of employers? Brad gives the question relatively light treatment in his blog entry (he is a Cisc-ite himself) but I do give Brad credit for covering topics "off the Cisco ranch" on this blog. While we don’t have any systematically collected data (that I’m aware of) to truly examine this question empirically it is worth giving the question some attention and analysis.

There certainly are very strong defacto technology vendors in our industry, such as Microsoft, Cisco and Linux to name the some of the most prolific. But each has their own dynamic in the market.

Cisco

Cisco_ccieClearly the big gorilla in networking and security, Cisco owns the market. When overtaking market share by single digit percentages would significantly move the needle for Cisco competitors, that tells you Cisco is more than just dominant in the market (of course the numbers tell the same story.)

Cisco clearly figured out the certification game early and it’s been one of the success factors that’s propelled Cisco’s growth. Certifications not only created more Cisc-ite engineers who have deeper expertise but it also invests them in Cisco products and more importantly in Cisco IOS, the Linux command line equivalent of the networking world.

The cost for Cisco certifications are very expensive, and there lots of certifications with classroom training, written and lab tests. Who in their right might would spend thousands, or even over ten thousand dollars, only to have their company go with a different vendor. Cisc-ite engineers will begin losing the skills they’ve worked so hard to earn. So yes, Cisc-ites have a vested interest in perpetuating an all or nearly all Cisco shop, to no surprise. Am I whining? No, bully for Cisco for being smart enough to pull this off.

Come on network and security vendors. Will someone please create or put their marketing clout behind an existing security certification program that will give Cisco at least a tiny run for their money? You’re not just giving ground to Cisco, you’re giving up. Competition is good, and we need other competitive certifications.

Microsoft

Microsoft_certified_systems_engineeFor the last 25 years, Microsoft has been the operating system on the personal and business desktop, and played an ever stronger server role in the data center. Who here doesn’t run Windows 2003 Server (or Windows of some sort) for domain controllers, file and print servers, email, and other business applications. Microsoft isn’t quite as ubiquitous in the data center as say Cisco but it’s pretty close.

Does the Microsoft’s family of MCSE certifications play the same strong role as Cisco’s CCNA & CCIE? Microsoft certifications play out a bit differently. Since "anyone" can pick up a Microsoft software CD, install it and claim they are proficient in Microsoft product-blah-blah, MS certs really are a tool for providing basic training [and deep technical and product training] and telling IT management that employees they hire should at least know something about what they are doing. MCSA is more equivalent to CCNA but I’d say CCNA has much more technical depth in it that an MCSA. At one point MCSEs weren’t held in that high regard but I think more and more are coming around to the value of having it.

Do they bias IT decisions? Absolutely, people go with what they know unless they are motivated to change or want to expand their horizons. No doubt. Cisco and Linux don’t provide the same easy of entry for entry level technical staff as Microsoft products.

Linux

Linux_license_plateLinux, like Apple, has it’s roots in counter culture and that’s still largely true today (though the acceptance of Linux is by far more pervasive than Apple.) Linux is free, open, totally customizable and configurable, with tons of advantage. It can, and does, replace Microsoft in many data centers, but usually must coexist alongside Microsoft technology.

It would probably be an understatement to say that Linux advocates bias IT decision making. In this case it is because of all the personal investment in learning the technology, the benefits Linux brings, and frankly the zealotry that comes from believing in something so strongly as to help continue its counter culture nature and proliferation.

Is there Linux in XYZ’s IT shop? Drive through the parking lot or cruise the IT cubicles and look for the Linux license plates, bumper stickers or tshirts. Nuf said.

———————————-

Correction and Editor’s Note:

I typo’d when talking about Microsoft and comparing and MCSE with CCNA. [Thanks to my colleague Jake R for pointing out that mistake.] That should have been a comparison of MCSA and CCNA.

My son Phil is getting his Microsoft training now (with the encouragement of Dad). Microsoft gets it, just as much or maybe more than Cisco, about the value of certifications. Salaries have also increased for Microsoft certified IT staff, helping them in their careers. Microsoft software is much more accessible to the masses than a piece of Cisco gear. That’s especially true when you consider the relative barriers to entry of Windows UI vs. the IOS command line, so Microsoft has a clear advantage attracting technology users to their products. MCSA and MCSE accelerates that. Cisco will run into this same issue again with Microsoft’s entry into the unified communications market (but that’s for another blog post.)

The call to action is to other network and security vendors to create industry valuable, game changing certifications, like Microsoft and Cisco have done.

Network

Securing a WiFi access point is easy

16 Oct , 2007  

Door_matDo you really think turning off broadcasting the SSID of a wireless 802.11 access point increases security?

It may hide it from your non-technical neighbor who might want to dine-n-dash on your broadband connection but it certainly wouldn’t stop a minimally competent hacker who’d just sniff traffic and watch the SSID fly by as devices associate and authenticate to a wireless access point. PC magazine blog agrees. It’s no better than hiding your house key under the front door welcome mat.

Your best bet – secure it with a good password using WPA or WPA2. For a bit (just a bit) more complicated solution, put the WAP on you firewall DMZ port and only allow authenticated users past the firewall into the network.

Don’t both messing with turning off SSID broadcasting or MAC address filtering lists. Those are "feel good" security features that only take your precious time to set up and don’t help keep real intruders out.

Network

The telco room from hell!

3 Oct , 2007  

Telco1I was organizing some pictures tonight and I ran across some old jpg’s from my days building broadband networks. In a previous life I was part of one of the most fun teams I’ve ever worked with. In less that 14 months we deployed over 450+ POPs in COs and colos across the county. And we had a blast doing it.

We literally had a factory running where we’d rack ‘n’ stack network racks with gear, wire them, pre-load them with configurations, perform burn in, and then ship them out bolted to a pallet destined for some city like Salt Lake, New York or Tempe. When they arrived on site, all you had to do was drop in power, ground, circuits, fuses and then find some brave soul to throw the -48V circuit breaker. (Most people hated this because of the danger from a fuse, wiring or ground problem but they always went just fine other than an occasional bad fuse.) Every time a new site came up we’d fire off the air horn and scare the crap out of everybody! 🙂 The pre-assembly was done in a leased warehouse in east Denver we called the DLF (delf), short for Distribution Logistics Facility. (See, I was doing marketing even back in the late ’90s when we came up with that name.) That was also the only management job I’ve ever had where two employees broke into a fist fight, but that’s for another blog post!

Telco2Anyway, I digress. One of the telco rooms I had the "pleasure" of visiting (and one of the first) had to be the scariest place I ever stepped into. I was afraid to touch anything – wires were crisscrossed everywhere, all the way around the room, and most were DS1s or DS3, along with a good amount of fiber. You might say, "there aren’t that many orange tags (hi speed) in those pictures." Well, most of the circuits didn’t have orange tags on them cause you’d never have been able to get to the punch down blocks if they were all marked. It was a very narrow room, so much that a tool on your belt or your cell phone could easily snag some lucky copper wire. What was scary is this was the main telco room that every carrier used to get in and out of a neighboring CO, and if you touched the wrong thing while stringing up a circuit it could be curtains for somebody’s network or lots of people’s networks.

I thought you might enjoy a few pics of the place. I only have shots of two walls, but the third was even worse. It does bring back memories though. That was a lot of fun.

And no, I don’t think I brought anybody’s circuit down – at least as far as I know. But there was that one time… Hmm.

Network

Do you IPv6?

1 Oct , 2007  

Are you considering your plans for IPv6 yet? You can never start planning too soon and the first step is to come up to speed on IPv6 itself. Cisco has a recorded whiteboard intro presentation on IPv6 if you need a primer.  Click here to view the video.

Network

Should IPS kick wireless users off the network?

26 Sep , 2007  

Downed_towerJamey Heary of the Network World Cisco Subnet blog discusses the benefits of the Cisco IPS’ ability to request wireless access points disconnect offenders when malicious traffic is detected. Is this something many people use? Or is this a "feature" masking the need for better IPS capabilities needed in WAPs compared to the Layer 2 IPS built into most wireless access points? Seems like a poor substitute for designing an IPS implementation that addresses coverage of wireless traffic.

Unless it’s very finely tuned, this is likely to generate lots of calls to the help desk line. Kicking users off the network completely, wireless or not, when an IPS finds some offending traffic is likely to create more cry wolf events than thwarting real attacks. Blocking packets and stateful sessions is much more the norm. Seems like one of those features you’d try out and then very quickly turn off after a few false alarms.

Blocking offending packets or quarantining users with limited access is likely the better solution. But maybe I’m wrong and am missing something here. I would be very interested to hear if any Cisco IPS and WAP customers use this feature and what their experiences have been.

Please email me with your experiences if you would. Thanks.

Network

home continuity at work

4 Sep , 2007  

UpsOne of the major justifications for disaster recovery, equipment and services redundancy, and network security is business continuity. I found out tonight that the same applies to the home network.

I’m sitting here writing my blog post while my home network (Cobia router/firewall, wireless access point, switches, and broadband cable modem) runs on UPS power and I am using my battery powered laptop (still at 79% power remaining).

The whole neighborhood is in a blackout this evening, likely due to the energy consumption during a long 90+ degree day.

Flashlight at the ready should the power outage last longer, I’m finding that a little bit of UPS infrastructure in the home skill keeps me wired to the world. Now, if I could only find the leash to go walk the dogs.

Network, Security

Good chemestry for Aruba and wireless IPS

24 Jul , 2007  

Aruba’s purchase of NetChem’s wireless IPS technology is not a surprising move but actually one I think has been long in the coming. It’s a natural fit for the wireless gateway management products to extend their product lines into wireless intrusion prevention.

The question is will Aruba start to embed more of NetChem’s IPS technology into their existing product line over time to further differentiate them in market, or continue with a parallel product line of wireless IPS products. Integration makes sense but selling separate boxes for gateway and w-IPS needs could be a hassle for customers who want fewer boxes (but could be more profitable). This could signal a buy of other w-IPS vendors AirDefense, AirMagnet and AirTight (but I’m not so sure of that yet.) Either way, this is a good move and we’ll wait to see what Aruba does.

Network, Security

Oooo free stuff, and you can help with product design

23 Jul , 2007  

We’ll be doing tests of the Cobia and Strata Guard IPS module user interface designs at Black Hat (August 1-2) and LinuxWorld (6-9). If you are interested, please send your contact info (email, phone number) to cobia@stillsecure.com.

Strata_guard_module

Oh, yes. There is some free stuff for those who participate. Thanks!

Network

Cobia receives official VMware certification

25 Jun , 2007  

This week we announced that Cobia is officially certified by VMware as a Certified VMware Virtual Appliance. VMware has a pretty rigorous process where they look closing at how your product is configured for and using VMware. Various Cobia configure settings were reviewed and optimized, and they also checked to make sure Cobia is fully compatible and stable on VMware products.

We’ve been shipping Cobia as a VMware download for quite some time. As a result of the certification process, we were able to consolidate our VMware download images for Windows and Linux into a single download file for VMware (all settings are now common to both OS’s.) We also updated some of the Cobia documentation for VMware installations and various settings and software options that help make the most out of Cobia on VMware.

The significance of this announcement is that users can comfortably run Cobia in VMware in their networks, for firewalling, routing, DHCP and future network, security, VoIP and video services.

Vitualization is not only impacting the way we design and run data centers but will have the same impact on networking and security and other networking applications. Virtualization is something I’ve designed into Cobia from its very beginning and we have significant virtualization capabilities in the works beyond running Cobia in VMware.

Check out Cobia’s VMware download at http://cobia.stillsecure.com.