Gee, how do I get one of those Telepresence things on my desk? Can I get one free if I open a bank account or buy a the Kraft-O-Matic bed? Well, not yet but Telepresence is being brought down more to the “personal” level and is becoming more affordable (if you call $33,000 USD affordable). Seriously, I do look forward to the day when everyone will have one, however, when I am that age, maybe I won’t be as handsome and won’t want to be seen on High Definition TV anymore (ha-ha).
Checkout this story on the new Personal Cisco Telepresence units…
ALSO, please checkout my article on Cisco Telepresence if you are unfamiliar with it-
Petri Knowledgebase: What is Cisco Telepresence and what does it take?
I know, I know, could it be true? Could Cisco be chosen as the computer security company of the year? Or has the ISSA just been watching too many Cisco commercials?
Well, it is hard to say. Don’t get me wrong, I love Cisco hardware. It is rock solid. However, there are a lot of security companies out there and, comparatively, Cisco’s solutions aren’t the strongest, at least in my opinion.
Never the less, they didn’t ask me, and ISSA has chosen Cisco Systems as the “2007 Security Organization of the year”. For more information, read on…
I’ll be honest with you, I don’t know the answer to this question but I was introduced to Woven Systems by their a friend at their PR firm who shared the following story with me about Woven. Their equipment and solutions sound VERY impressive and their switch was “good enough for Einstein” so it sounds worth looking into if you need a high performance Ethernet switch…
Today I had a personal conference call with representatives from Nevis Networks. The purpose of the call was to find out what the Nevis Networks NAC solution offered, as compared to other NAC solutions.
In my opinion, the NAC Maketspace is truly in a “mess” right now with vendors making all sorts of claims and the end users (like myself) are really scratching our heads, trying to make “heads or tails” of it.
The Nevis Networks NAC solution is unique, for one reason, because their offering is only INLINE. The advantage to that is that they can truly do something about that malicious traffic.
One of the problems with NAC solutions today is that “Briefcase Bypass”. That means that partners & guests need to be allowed into the network. Because of this, everything becomes a threat. And, because of that, you need ubiquitous security, or security everywhere. Thus, security has to be IN the NETWORK, NOT at the endpoints.
The solution presented by many companies (Microsoft and Cisco included) is perimeter security. Perimeter security cannot do all that is needed because it isn’t “in the network”.
Here were my notes on the various options currently in use today:
- Desktop – security in “userland” doesn’t help (AV, AS, HIPS) – in fact those apps can even become the hole
- Zone security – chunks of security – like securing a submarine – that doesnt work & its not “identity aware” – ISS &
- Tippingpoint or Checkpoint or Juniper firewalls
- Network Admission Control – preconnect to the network (let you on the VLAN or not), doesn’t consistently know your identity, just checks you, then puts you on the network – doesn’t know what bad stuff you might be doing – has a bot on his PC just awaken?
Plus, what do you do about legitimate users that are malicious? They pass all the checks but still have malicious intent?
To me, and to Nevis, IDENTITY is really the key – you need to know and be able to verify who is who. You aren’t trying to stop devices or MACs, or IPs, you are trying to stop users or roles (make up of users).
Nevis predicts that Microsoft will be the biggest winner in the NAC/NAP market. As people upgrade to the new Windows platforms, NAP will be the big winner. Nevis extends NAP in to the network & protect non-NAP devices.
The Nevis appliance runs inline between switches that you don’t want to rip out. The further you are from the threat, the more you allow the threat to spread. The appliance gives them the visibility that they have never had before – it knows about all the REAL USERS, besides just IP and MAC address.
You don’t want end users to be blocked with no reason why. Nevis provides feedback to the end user and they are notified by a custom message with a reason why. Not any other NAC vendors that are doing that.
Nevis customer GEHA has documented its entire NAC deployment project with an unbiased technical blog at www.bumpinthewire.com.
I really like the Nevis security lifecycle:
Nevis has a ton of whitepapers on their website covering a variety of NAC topics. I hope you will check them out.
In conclusion, I would say that while Cisco and Microsoft get all the NAC press, there are a ton of other, very valid, and even more complete NAC options out there that network admins, like us, should check out before opting to just “go with Cisco” or “go with Microsoft”.
What do you think? What has been your NAC experience? Have you checked out anyone besides Microsoft & Cisco?
What is the name that everyone thinks of when they think of firewalls? The “PIX” firewall, right?
Sadly, the PIX will be discontinued by Cisco, as of January 27, 2009. This was announced on January 28, 2008 in this Cisco Press Release. If you are a PIX owner, the good news is that Cisco will support it until the year 2013 so, no rush huh?
Of course, we all know that the PIX will be replaced by the ASA 5500 line. When the ASA was announced we all saw this coming, even though Cisco said that they had no plans to discontinue the PIX and that there was a place in the marketplace for both. Still, it just made sense to discontinue the PIX.
But seriously, the ASA is a very strong firewall and it can do a lot of things that the PIX could not do because the ASA is a real “UTM” or “Anti-X Appliance”. That means that, when combined with the CSC-SSM card (the card that really provides the Anti-X / UTM), the ASA is a much more complete firewall. The ASA is what businesses need today because, today, it isn’t enough to just maintain TCP states and drop traffic. You need intrusion prevention. You need filtering of traffic for viruses, worms, and malicious attack signatures in the real time. You want content filtering of web traffic. The ASA can do all that and more.
Do you have a Cisco ASA? What do you think of it? I’d like to hear from you!
For more information on the Cisco ASA, checkout the ASA homepage over at Cisco.com
I am pleased to announce that 8 of the top 30 Searchnetworking.com articles of 2007 were written by – who? – David Davis!
As these were so popular, I hope that you will check them out! Here is the list:
3. Screencast: Configuring VLANs by David Davis
VLANs are a convenient way to connect ports from different switches and different buildings onto the same network and broadcast domain, preventing the need for a complex system of subnets. Learn how to configure a VLAN in this step-by-step, automated, 15-minute demo.
2. Cisco wireless access point configuration from scratch by David Davis
Learn what the Cisco 1242 wireless access point can do for you and how to configure one from scratch.
4. Configure Cisco wireless bridges for point-to-point networking by David Davis
Point-to-point wireless bridging is ideal for many business networks. In this tip, learn how point-to-point wireless bridging can help you, the pros and cons of using it, and the configuration of the Cisco wireless bridges that make it work.
1. How routers work by David Davis
Learn how routers use routing tables to direct IP packets, find the best route to a destination, modify Ethernet packets with their MAC addresses, and perform encapsulation, or convert protocols, to route traffic through your network.
3. Network summarization — Supernetting and wildcard masks by David Davis
Network engineers need to understand supernetting, how to read routes received from other providers and how to create an access list that references these multiple networks in a single summarized statement. In this tip, you’ll learn more about the IP addressing-related topics of network summarization, supernetting and wildcard masks.
9. Screencast: Hardening your router — Increasing security with ACLs by David Davis
Learn how to harden your router in this step-by-step, automated, ten-minute demo. Expert David Davis walks you through the steps you’ll need to take to use Cisco IOS access control lists (ACLs) to define and filter traffic for increased network security.
7. Configure network monitoring for optimal performance by David Davis
Learn how to optimize network performance monitoring settings so that the monitoring system conserves bandwidth and takes into account the optimal performance of the network.
8. Using VMware to test open source network analysis tools by David Davis
Find out how open source network analysis tools can be beneficial to your network monitoring strategy, and learn how you can try out the open source network protocol analyzer Wireshark inside a VMware Player Guest OS.
I wanted to mention to all my blog readers out there about a video that I posted on my website entitled: Harden your Cisco Router with IOS ACLs
In this video, I walk you through:
- What you need to know about Cisco IOS Access-lists (the 3 P’s of ACLs)
- How to create an ACL
- How to apply an ACL to your router
Keep in mind that ACLs aren’t just used to restrict or filter traffic. ACLs are used across many functions of a Cisco router – from security, to encryption, to QoS, to route filtering!
For all those new to ACLs or if you would just like a refresh on ACLs – this tip is for you!
Recently, in my forums at my personal website, I have a VLAN Question thread going with over 20 posts and 638 views. Additionally, I have a free video where I demonstrate how to configure VLANs in the Cisco IOS. This video is one of the most popular free videos on my site.
Because of the popularity of these two sites, I wanted to take a second to cover the basics on VLAN configuration. Here are some crucial VLAN “show” commands on a switch:
Show vlan brief
Show interfaces switchport
Show ip interface brief
Show int trunk
And here is how you would configure a VLAN routing on your router with some show commands:
Interface fastethernet 4.1
Encapsulation dot1q 10
Interface fastethernet 4.2
Encapsulation dot1q 20
Interface fastethernet 4
Show ip interface brief
And here is how you would configure a VLAN on your switch:
Interface fastethernet 2/0
Switchport access vlan 10
Interface fastethernet 5/0
Switchport access vlan 20
Interface vlan 10
Ip address x.x.x.x y.y.y.y
Interface vlan 20
Ip address x.x.x.x y.y.y.y
I hope that sample configuration helps you out and don’t forget about my VLAN Configuration video where you can see how it is configured, step by step.
Being a CCIE myself, I just love CCIE History. I read a great article over at NetworkWorld submitted by Brad Reese.
Here are some cool things I learned from the story:
- The CCIE was announced on September 27, 1993
- Now the very successful CEO of Cisco Systems, John Chambers was insturmental in getting the CCIE certification launched. Back then, Mr Chambers was a “merit vice president”.
- The very first CCIE number was 1024 and was assigned to the testing lab. They did not start the number at 1.
- Stuart Biggs (who designed the lab and wrote the test) was assigned CCIE# 1025
- The first non-Cisco employee to achieve the CCIE was Terry Slatterly, with CCIE# 1026.
You can read more about Terry and the history of the CCIe at Terry Slattery – the very first Cisco CCIE in history and at Terry’s Blog.
I’d like to take a moment to offer some “link love” (as they say on “the net”) to a couple of great Cisco blogs I have found and have learned a lot from. They are:
Both of these guys post some excellent Cisco tips regularly and I want to take a moment to offer them both a public THANK YOU!