Network

Linux Home Networking

25 Jun , 2007  

Linux_quick_fix_notebookFor those of you who are do-it-yourselfers that always wanted to learn Linux but didn’t have the time, there’s a very nice site called Linux Home Networking. Created by Peter Harrison, author of the book Linux Quick Fix Notebook, this wiki site reads like a good intro book on how to set up Linux networking. Everything from the basics of setting up IP address information on your nics to using Linux to create your own hosting server.

There are a lot of books out there on the subject but I thought I’d pass along this site to anyone considering learning Linux. Now I’d be remiss if I also didn’t mention that much of what this wiki site covers are also things that Cobia can do for you without requiring you know Linux or spend any time "ice fishing" on the Linux command line. Best of luck!

Network, Security

Wireless DMZ with Cobia

18 Jun , 2007  

Martin started a series on the Cobia blog discussing various network configurations using Cobia. Most of them are oriented towards use in an SMB and his first post is about configuring Cobia with your wireless access points in wireless DMZ. I’ve included a diagram below to give you an idea.

Cobia_use_case_wireless_dmz

While only a basic scenario (we call these use cases internal at my company) it shows some of the versatility of Cobia. I’m sure other up coming scenarios Martin will be adding will do that as well. Head on over to the Cobia blog if you would like more information.

Network

Aggregation is inevitable

12 Jun , 2007  

DNS on your router? Yes. Richard Bejtlich who has a great blog over at TaoSecurity posted about it yesterday. As Richard notes, Cisco routers have been DNS-capable for the last year or so, though probably many don’t know it. There’s actually a site that describes various uses of router-DNS combination, such as having a router cache and forward DNS requests for devices within a DMZ. One of Richards concerns about combining these and other services is the potential security risk of one compromised service providing access to other services on the same device or box. The obvious solution is the one we’ve largely followed to date; apply separation of duties on different boxes.

Consolidation, functional aggregation, or convergence; regardless what you call it, this is already happening. Sure, there will always be reasons to have specialized boxes but the trends are all pointing in the opposite direction. Because of trusted relationships between devices and networks, even specialized or single function boxes still pose a very significant risk if compromised within the network.

Richard’s basic position, if I’m adequately summarizing it here, is that businesses without the sophistication or expertise will place a greater reliance on converged devices. That be the case but I believe different causes are creating this result, not lack of sophistication. In many cases, it may just the opposite. Let’s look at some of the drivers around convergence.

  • Managability – Less devices, less vendors, less disparate technology simplifies management. Smaller business have less infrastructure needs. Larger enterprises want ways to both standardize equipment at remote and smaller offices, and drive down the management costs (including people) needed to service, monitor and maintain infrastructure across the organization. Convergence helps achieve that goal.
  • Economics – While networks, computer equipment and security are all vital to maintaining a functioning business, the cost to operate and manage the infrastructure is an overhead cost. Convergence helps reduce costs by simplifying network complexity, and taking advantage of the lower cost equipment in the UTM, UNP, multi-function devices, and increasingly, general purpose computing Intel/AMD technology (both in appliances and with off-the-shelf hardware.)
  • Resources – Hardware is a delivery mechanism, not the end result. Why have five boxes if I can have two? Why have two if in this situation one meets the needs? We’ve grown up in a networking paradigm where a box does a function. What more functions – add more boxes. From a security view it makes sense; separation of duties reduces risk. But it’s the underlying software, whether burned into a chip, loaded from a flash drive, or brought in from a disk drive, that delivers the services. The hardware is the speeds, feeds, and operating platform for those services.
  • Disassociation of hardware and software – We’re coming to the realization that for most applications, the binding of services performed by software to a specific hardware platform makes just as little sense in the network as it does in the data center. Sure, switches need lots of switch ports because of the port density requirements to fulfill their role in aggregating network traffic. But does a router, firewall, DNS or other network services really have to be bound to a single piece of hardware? In most cases, not really. Matter of fact, it is a significant limiting factor because increasingly it is unnecessary to bind them together. To support the networks of the future, these bonds must be broken and even Cisco recognizes this, though it is yet unclear if they will truly make this transition "to software" successfully.

I’m not saying that Richard is wrong, necessarily, just that there are other factors at play here. Some I’ve listed above. As the network gets pushed further and further out, as the perimeter dissolves into many micro-perimeters, and as the network reaches out and interconnects more of the world we live in, economics and scale changes the game on us. Make it easier. Drive down the life cycle cost. And deliver more. Make it viable for new communities to deliver and manage these services. Those are the laws of progress that will help make convergence inevitable.

Blog, Network

Cisco IOS hints and tricks blog

4 Jun , 2007  

I happened across a great blog by author and Cisco CCIE Ivan Pepelnjak covering hints, tips and tricks for Cisco IOS. Ivan is a well published author with books about firewalls, MPLS, VPNs and EIGRP. He also has a blog on AJAX and XLM.

Check out Ivan’s blogs at:

Network, Podcasts, Security

Podcast #40 – The Big Four Oh, Vegas Style!

2 Jun , 2007  

We’ve hit 40 on our podcast count. Pretty amazing and it’s been a lot of fun getting here so for. Lets hope the next 40 are just as fun or more so.

This week it’s Alan and me talking about the happenings at Las Vegas Interop (at least most of the happenings), giving you our unique perspective on what the show was about, who announced what, and the things that stood out to us as important.

I always enjoy having guests on our show but it is nice once in a while to give it a rest and kick back and listen to ourselves talk, lol. We do have a long list of exciting guests that we lined up while at Interop, including a podcast with Microsoft and TCG, so keep your podcast ear buds close to the ground for an announcement coming up about that.

In this week’s The Converging Minute I talk about the ecosystem (that seems to be the word these days) developing around the unified network platform, Cobia, and how ISVs, hardware manufactures, OEMs and VARs are finding new avenues for revenue through this convergence platform.

During our special edition of This Week In Security, Las Vegas Interop Style Alan and I discuss the Microsoft/TCG announcement, Google’s acquisition of Green Border (Is Google a security play now?), the move to 10G and gigabit IPSs, the prevalence of SMG and wireless at Interop, and a few other tasty morsels.

This week we have a new feature. Our friends from South Africa, Senseposthave a special offer for those who would like to attend their hackingclasses at Black Hat this year.  Anyone who signs up for this offer canalso pick up a StillSecure T-shirt by coming by our booth at Black Hatwith proof of signing up for the course.  Please have a listen to thismessage and visit their site.

We really enjoy hearing from you, especially your questions and topic ideas so please email us at podcast@stillseccure.com.  Thanks for listening!

Icon_enclosure_music_7mp3 file

Network, Security

A short flight home

24 May , 2007  

Interop_cherieI’d say it’s been a very successful Interop for all involved in my company. As usual today was comprised of many more vendors selling vendors, and competitors stopping by to try and to snag a tidbit or two. Now, for packing up our stuff and heading home.

I’d like to take a moment and thank everyone involved in putting together our presence at Las Vegas Interop this year. Cherie, John, Aimee, Rob and Sonya all did a bang up job and it’s really appreciated. I’d like to thank Jason, our Cobia community volunteer who worked the show with us. And of course everyone form the sales and technical team who worked the booth. Bizdev of course played a huge role bringing in the partnerships and programs we announced. Most of all, thanks to Cherie for leading the effort for our Interop presence.

Until next time (can you say "Black Hat"?) everyone, many thanks.

Update: I failed to mention one very important person in my original post and that is Tova Sand of tovadesign.com. Tova did all of the graphics and layout work for the booth, online and print materials. Fantastic job, Tova. Thanks for all great work!

Network, Security

I love it when a plan comes together

24 May , 2007  

I always like to get my hands dirty on the projects I work on. Not programming as much anymore (I work with too many code wizards who would show me up very badly) but more the networking, security and product design and management. And I get pretty wrapped up in it too. I can’t help it because of the sense of ownership I have, and the responsibility I feel to all the people who invest so much of themselves in products.

Interop_3Every once in a while something happens where I have the opportunity to sit back and gain another perspective on things. That’s happened this week at Interop.

Almost all of my time this week has been filled with analysts, press and partner (current and future) meetings. As a result, I’ve not been able to spend very much actual time in our booth at the show. As I walked back to the StillSecure booth on Wednesday after one such meeting, I came up upon our booth and I had to take pause. I probably observed the happenings there for several minutes.

Interop_2The booth was a beehive of activity. Demos were happening at each of our demo stations, led by members of our development and QA team. The benches were filled and even more people were standing in the back to hear the presentation by our product evangelist. Marketing team and sales team members were engaged in dialog with people in the isles.

Interop_1You’ve heard quarterbacks describe how the game goes into "slow motion" where they can see all of the playing field, and the play develop right before them. I stood there for what seemed like several minutes just taking it in. The scene was like observing the movement pieces in a fine chronograph watch, all doing their part to create such highly accurate time which we take for granted all too often.

As I approached closer I was promptly handed three business cards of interested partners who stopped wanting to learn more about our programs. Then two different parties descended into two threads of a Q and A conversation wanting me to join in. Back to real time. Time for observing is over. Get back in the game.

Interop_4Interop_5_2I tell you about this because it helped me appreciate how much hard work goes into such an event. My general rule is that when things look easy, it’s because a lot of people (here and in the office) put a ton of hard work into it. Aimee, John, Rob, Sonya and Jayson for example, put in a ton of work behind the scenes. And of course there’s our entire program management, product design and product development teams. That’s why all of this looks so easy. I’m just thankful that in the thick of things, something created that moment for me to pause and take in what everyone’s hard work has created. Cherie is our trade show leader. My hat’s off to her and the entire team for all helping make Interop a success for the the company.

I love it when a plan comes together. Better even yet, when your team members’ talents, skills and passion make that plan come to life. Thanks team.

Network, Security

10G, NAC, Security, VoIP, SMB,”You like-a?”

22 May , 2007  

BoratAt every "show", like Interop this week, a theme emerges of what the dominate product interest and announcements are about. It seems the last several RSA and Interop shows were all about NAC…NAC…NAC. Will it be a repeat again at this show? As Borat would say (smiling); "In my country, you they would like-a, 10G, a-vera mucha. NAC? You, not so mucha." (and then stop smiling).

We’re always enthralled with the "next" thing when it comes to speed and while most networks today wouldn’t yet benefit from 10G, that’s certainly where we are all headed. Heck, I even have a 1G switch in my home network. While I think 10G will be a good bit of what we heard about at Interop this week, I actually believe that this year we will hear about a wider range of interests. VoIP of course is a big topic but SMB is picking up steam too (that’s where our Cobia is focused for course). So stay tuned and we’ll see how the week unfolds.

Network

Universities interested in Cobia development

16 May , 2007  

I’m having conversations with universities about structuring organized student projects using Cobia. We are also putting some ideas together for other Cobia programs at universities teaching networking and security.

If you are interested in having a program like this at your school, then please contact me at mitchell@stillsecure.com. I’m talking to international and U.S. education programs.

Here’s a little more background. Cobia is an excellent development environment for universities that helps students develop software in a robust, structured, distributed, next generation software architecture. The Cobia Framework is a suite of services which Cobia modules use to interoperate as part of the Cobia platform. Services such as data persistence, configuration management, dependency registration, meta data representation and UI web services provide developers with a software infrastructure to rapidly develop new Cobia modules. Students also have the Cobia community to work with and get support from via our online forums. What a great start for a student to get engaged in a community like Cobia.

In the classroom Cobia is an excellent teaching tool, not just for development, but also for networking and security classes, and labs. Entire complex networks can be configured as virtual network nodes using VMware software freely available from VMware’s site. And of course Cobia is free to use for as many installations as you want to use it in the classroom, lab or on students’ computers.

Anyone interested, just give me a shout! Thanks.

Hardware, Network

Open source is good for vendors

15 May , 2007  

That is, vendors who embrace it and are public about it. The rest run scared and won’t admit when then do use it. And far too many use it and won’t admit it for fear that customers learn and see through the expensive prices paid for appliances driven by open source with a "nice gui".

Dana Blankenhorn and Howard Anderson recently shared their views on open source, that it is a great equalizer in the market (my summation.) There are many things in their posts I agree with, and some I definitely don’t (open source is not a religion, btw.) Open source changes the playing field. If users have a free, open source alternative, commercial products have to work harder to justify their prices and be competitive.

Open source gives users an immediate solution to their problems, whether that be an IPS, router, VPN, firewall, web server or any number of network services. Developers can take things further by extending, fixing, enhancing or just plain understanding what the source code does.

Of course my examples of open source changing the game come back to Cobia. If you just bought a firewall or a router, you likely wasted your money. Could have had a V8, eh? Yes, could have downloaded Cobia instead of paying more dollars to proprietary appliance vendors (who may have just sold you a good bit of open source packaged on a hardware appliance.)