September, 2008

What happened to your data?

The HR department isn’t technical enough to understand that critical & invaluable company data can easily walk out the door (or out the network) any day of the week. There are SO many ways to get data out if you really wanted to. Most companies don’t monitor outbound email, they don’t control what you copy to a thumb drive, nor can they monitor what you might upload to a website or web-based email account. Those are just 3 that come to my head. Today, Cisco announed the 10 most common ways that data is lost from companies (and how to try to prevent it). Below are the 10 most common ways, you can read more about how to prevent it (from a Cisco networking & security perspective) at their website. Whether you use Cisco equipment or not, you need to consider all of these sources of data loss as they may not all be controlled using a “firewall”, let’s say.

The following is from Cisco’s press release: Cisco Research Reveals Common Data Loss Mistakes

Of the many behavioral findings, the 10 most noteworthy were:

1. Altering security settings on computers: One of five employees altered security settings on work devices to bypass IT policy so they could access unauthorized Web sites. This was most common in emerging economies like China and India. When asked why, more than half (52 percent) said they simply wanted to access the site; a third said, “it’s no one’s business” which sites they access.

2. Use of unauthorized applications: Seven of 10 IT professionals said employee access of unauthorized applications and Web sites (e.g. unsanctioned social media, music download software, online shopping venues) ultimately resulted in as many as half of their companies’ data loss incidents. This belief was most common in countries like the United States (74 percent) and India (79 percent).

3. Unauthorized network/facility access: In the past year, two of five IT pros dealt with employees accessing unauthorized parts of a network or facility. This was most prevalent in China, where almost two of three respondents encountered this issue. Of those who reported this issue globally, two-thirds encountered multiple incidents in the past year, and 14 percent encountered this issue monthly.

4. Sharing sensitive corporate information: In a sign that corporate trade secrets aren’t always secret, one of four employees (24 percent) admitted verbally sharing sensitive information to non-employees, such as friends, family, or even strangers. When asked why, some of the most common answers included, “I needed to bounce an idea off someone”, “I needed to vent”, and “I did not see anything wrong with it.”

5. Sharing corporate devices: In a sign that data isn’t always in the hands of the right people, almost half of the employees surveyed (44 percent) share work devices with others, such as non-employees, without supervision.

6. Blurring of work and personal devices, communications: Almost two of three employees admitted using work computers daily for personal use. Activities included music downloads, shopping, banking, blogging, participating in chat groups, and more. Half of the employees use personal email to reach customers and colleagues, but only 40 percent said this is authorized by IT.

7. Unprotected devices: At least one in three employees leave computers logged on and unlocked when they’re away from their desk. These employees also tend to leave laptops on their desks overnight, sometimes without logging off, creating potential theft incidents and access to corporate and personal data.

8. Storing logins and passwords: One in five employees store system logins and passwords on their computer or write them down and leave them on their desk, in unlocked cabinets, or pasted on their computers. In some countries like China (28 percent), employees reported storing logins and passwords to personal financial accounts on their work devices, leaving their identity and finances at risk. The fact that some employees leave devices unattended magnifies this risk.

9. Losing portable storage devices: Almost one in four (22 percent) employees carry corporate data on portable storage devices outside of the office. This is most prevalent in China (41 percent) and presents risks when devices are lost or stolen.

10. Allowing “tailgating” and unsupervised roaming: More than one in five (22 percent) German employees allow non-employees to roam around offices unsupervised. The study average was 13 percent. And 18 percent have allowed unknown individuals to tailgate behind employees into corporate facilities.

PacketTrap releases new network management system - Perspective

PacketTrap is a new “startup” network management company. I have been a fan of their free “pt360″ tool that gives you a single console for a variety of network management & troubleshooting tools. Besides the free version, they also have commercial versions of the pt360 that offer more features like built in Cisco management tools.

Recently, PacketTrap launched a whole new product - a network management & monitoring product called “perspective”. Perspective is solely a commercial product but there is the option to “try/eval” it. The name comes from the concept that it shows you the network from the “perspective” of the device that you are monitoring/managing. Perspective competes with products like IPSwitch WhatsUp, Solarwinds Orion, and others. Perspective is meant to be a true enterprise network management & monitoring application. It also integrates with the pt360 troubleshooting tool.

While I am not here to sell you anything, I just like to share the word about new & innovative products (especially the free ones). So, if you are looking for a tool for network management & monitoring, I encourage you to evaluate PacketTrap’s Perspective. Additionally, for network troubleshooting, you should look at pt360 (especially as you can use the free version to start with).

Does your network management utility manage VMware?

More and more of the typical “physical computer” management & monitoring tools are being retooled to manage the new virtual infrastructure. I have talked with both Packettrap and Solarwinds and both have rumored that they will soon offer versions of their well known network management tools that will now recognize, not only network devices and physical servers, but the virtual guest operating systems that are on those physical servers.

For example, your network management & monitoring tool could query either each individual ESX server using traditional SNMP calls or it could query the VMware Virtual Center server using VMware’s API to obtain an inventory of what virtual guest is on what physical server, performance statistics for both host and guest systems, and status of guest systems (ie: which are powered on or off).

There are a few challenges that these vendors face:

• do you go directly to each virtual host or to a centralized management server?
• do you support only VMware ESX Server or do you try to support other virtualization platforms such as Microsoft’s Hyper-V?
• how do you learn about guest VMs that have been “VMotion’ed” (for lack of a better term) from one host system to another? And what about the performance statistics when the storage for a guest is “SVMotion’ed” from one datastore to another?

So, “stay tuned”, as they say, for physical tools to now recognize the virtual world. And, if your vendor isn’t already doing this or doesn’t have plans to do it, I recommend that you pressure that vendor to make their product “virutalization ready” (or else you may have to go find another vendor).

How will the Cisco Nexus 1000V change your job role?

Recently, I posted a new TechRepublic article about the new Cisco Nexus 1000v. While you cannot even purchase this product yet, I truly believe that it will change the way that virtual networks are administered. Even better, for network admins, it will put the power of network administration back in the hands of the network administrators.

The new Cisco Nexus 1000v virtual switch will integrate with the next version of VMware ESX Server, due out in early 2009.

For more information on this new virtual networking switch, read my article How will the Cisco Nexus 1000V change your job role?

When to prefer Open Shortest Path First (OSPF) route over an EIGRP route

The shortest path between two points is always a straight line or in this case it’s the administrative distance. OSPF has an administrative distance of 110 while EIGRP has only 90. Therefore, EIGRP would be picked because of its lower administrative cost.

If you want to use OSPF over EIGRP, then change the administrative distance in router configuration mode.  Whether you want to change the distance for all routes in the area (intra-area), the distance from one area to another (inter-area), or the distance from other routing domains (external), you can aim closer to the distance using this command. Currently they all have a default distance of 110 but you can change it with one easy command in router configuration mode. Here is the full command:

distance ospf {[intra-area dist1] [inter-area dist2] [external dist3]}

Also a really good incentive to use the distance ospf command is when you have multiple OSPF processes, and you might want to prefer internal routes from other external routes.  For more information on OSPF, see the article, OSPF Configuration Management with SNMP documentation.

Keep it simple with Route Summarization

Summarization lumps a series of subnets, or supernets as they are sometimes called, into a single address. This summarization of various subnets have several advantages. It can drastically reduce the size of your routing table and the recalculation of your network because your routing tables are so much smaller.

Unlike EIGRP and OSPF, RIP and IGRP protocols are two examples of automatic summarization because they do not send the subnet mask to the routing table so you can advertise 1 network instead of several networks.  Class C networks are usually subnetted by ‘borrowing’ host address bits and using them for a portion of the network.  You would enable router summarization with the auto-summary command in global configuration mode. An example of continuous subnets would be converting 211.30.192.0/24 through 211.30.195.0/24.

The end result that you would advertise would be 211.30.192.0/22.

Check out the article on IP Routing Protocols for more information.

Five ways that a Cisco router initiates a routing request out of an interface

As I’m sure you know, a switch switches and a router routes. Among other things, It routes packets of data and it routes requests. Listed below are five ways that a router will automatically initiate a routing request.
1. The router has been booted or rebooted.
2. A primary IP address was changed. An interface has several secondary IP addresses but only one primary IP address. If that IP address has been changed, the router will start a routing request out its interface.
3. Of course, if the interface goes down this will automatically cause a routing request.
4. If you make a change to the router’s configuration such as an IP address change.
5. If you issue the clear ip route command.

Cisco to buy instant messaging company - Jabber

Cisco’s access to the technology necessary to provide a complete instant messaging & presence tracking solution is complete. Today, Cisco purchased Instant Messaging company, Jabber.

Cisco aims to be #1 in the communication & collaboration business. To do that, they needed what Jabber had - an enterprise messaging product that would scale well, had strong presence features, and supported open standards. Jabber’s XMPP is used by GoogleTalk and Jabber is one of the pioneers in IM and presence.

Jabber is based in Denver and Cisco didn’t disclose the financial detail of their purchase. The acquisition is expected to be completed by the first half of 2009.

Cisco just completed PostPath, Inc, an e-mail and calendaring company.

What’s this mean to you? We should all be on the lookout for the result of Cisco’s acquitisitons - a powerful collaboration and communication tool for “the masses”.

You can learn more about Jabber at their homepage and/or read about Cisco’s official announcement that they are buying Jabber.

What is AAA and how do you configure it in the Cisco IOS?

Whether you are studying for the Cisco CCNA, CCNP, Cisco Security certifications, the Security+, or the CISSP, you must understand AAA.

AAA is authentication, authorization, and accounting.

Learn about AAA as it relates to Cisco routers and switches, and how to configure it in the Cisco IOS by reading my new article What is AAA and how do you configure it in the Cisco IOS?

Monitor Cisco routers and switches using the IOS environment command

How do you know what the temperature is where your router or switch is? This can tell you if the device is overheating due to fans being out or improver ventilation in the room where the Cisco device is. Additionally, you would want to know if the fans were running and what their speed is. Oh yeah, and what about the status of your power supplies?

You can find out all this and more using the Cisco IOS show environment command. You can also configure the switch or router to alert you when there is an environmental alarm.

To see how it is done,  read my article Monitor Cisco routers and switches using the IOS environment command