Network technologies and trends

April 20, 2015  6:49 PM

Is Palo Alto Networks heading towards the NG IPS dominance?

Yasir Irfan Yasir Irfan Profile: Yasir Irfan
NSS Labs, Palo Alto Networks

The recently released Next-Generation Intrusion Prevention System (NGIPS) Test Report by NSS labs recognizes the Palo Alto Networks Intrusion Prevention System (IPS) service for its strong security efficiency. NSS Labs performed an independent test of the Palo Alto Networks PA-5020 PAN-OS v6.1.1 with the Next Generation Intrusion Prevention System (NGIPS) Methodology v1.0.

Screen Shot 2015-04-20 at 9.41.53 PM

Source: NSS Lab Report downloaded from Palo Alto Networks 

We all know Palo Alto is making there mark when it comes to Next Generation firewalls and surpassing most of the leaders in the NG Firewall domain. The test report released clearly states that Palo Alto Networks PA-5020 was the only product that blocked 100% of the live exploits during NSS lab test. This kind of report certainly creates huge expectations from Palo Alto Networks and who knows they may dominate the Next Generation IPS domain.

Mr. Vikram Phatak, the CEO of NSS Labs says

Exploits being used by Threat Actors in active campaigns are the most likely source of compromise that enterprises face every day.  The Palo Alto Networks PA-5020 was the only product that blocked 100% of these live exploits during our test, and 98.8% against all exploits, earning a recommendation by NSS Labs for security effectiveness.

The complete report can be downloaded from the Palo Alto networks website. Lets wait and see who is going to dominate the NG IPS Segment in coming years.

April 19, 2015  5:00 PM

What is BIG-IP Access Policy Manager?

Yasir Irfan Yasir Irfan Profile: Yasir Irfan
APM, application, cloud, IPv6, Network, REMOTE, SECURE, Ssl vpn, SSO, virtual, Wireless

A BIP-IP Access Policy Manager, popularly known as BIG-IP APM is capable of securing applications, network and even cloud environment in a flexible way, and even it provides high performance access to your applications and network. The BIG-IP APM also provides quite informative insight of who is on your network or cloud, what applications they are access with what devices, from where, and what time they are trying to access and simultaneously maintaining unified, context-aware, policy-based control of their access irrespective of weather it’s a remote, local, web, wireless or a cloud access.

BIG-IP APM is available in three deployment options

  1. Add-on module for BIG-IP Local Traffic Manager ( LTM)
  2. Can be installed and run on BIG-IP LTM Virtual Edition.
  3. BIG-IP Edge Gateway.

BIG-IP APM comes our with many features like

  • AAA Support
  • IPV-6 Ready
  • Single-Sign-On (SSO) Enhancements
  • Real-time Health Data
  • Supports SSL VPN

April 12, 2015  5:01 AM

Android Installer Hijacking Vulnerability is capable of exposing Android users to malware’s.

Yasir Irfan Yasir Irfan Profile: Yasir Irfan
Amazon, Android, Google, Mobile, Palo Alto Networks, Password, samsung

It’s been estimated that almost half of Android devices are prone to newly discovered vulnerability “Android installer hijacking”. This vulnerability is capable of allowing third parties to access an Android device and empowers them to install their own surveillance malware; even they can steal the personnel data from an Android device.

Screen Shot 2015-04-12 at 7.51.31 AM

Picture Courtesy: Palo Alto Networks

The Palo Alto Networks researchers discovered this vulnerability and according them, this vulnerability triggers only when an Android app is either downloaded from any third party app store or when users clicks on the advertisements displayed by the app.

The summary published by Palo Alto is as follows

  • Android Installer Hijacking allows an attacker to modify or replace a seemingly benign Android app with malware, without user knowledge. This only affects applications downloaded from third-party app stores.
  • The malicious application can gain full access to a compromised device, including usernames, passwords, and sensitive data.
  • Palo Alto Networks worked with Google and major manufacturers such as Samsung and Amazon to inform them of the vulnerability and issue patches for their devices.

The suggestion from Palo Alto Networks is to install a vulnerability scanner, which Palo Alto Networks developed especially for this vulnerability.Pick up the free installer from the Google Play Store. The only way to avoid being affected by these kinds of vulnerabilities is to download the apps, which are available in Google Play Store.

The complete report can be read at this link.

April 5, 2015  8:15 PM

Palo Alto Networks Migration Tool 3.0 is out.

Yasir Irfan Yasir Irfan Profile: Yasir Irfan

When it comes to migrating towards Next Generation Firewalls like Palo Alto firewall, the task becomes quite challenging and tedious. It’s not easy and practical to migrate rule by rule from the traditional firewall to Palo Alto next generation firewall. Under these circumstances the migration tool, becomes quite handy and makes the life of Network Security Engineer quite easier especially when this tool is capable of migrating various firewall rules, addresses and service objects to a PAN-OS XML config file, which can be imported into a Palo Alto Networks next-generation firewall. This stands true if the rules are few and one knows how Palo Alto firewall works.

Screen Shot 2015-04-05 at 11.07.28 PM

Recently Palo Alto Networks announced the Migration Tool 3.0, which comprises of the following features.

  • Third-party Migrations to a Palo Alto Networks firewall
  • Adoption of App-ID and User-ID
  • Policy optimization to clean and improve policies and objects
  • Consolidation of third-party firewalls into multiple virtual systems
  • Centralized management with Panorama

Despite of migration tools from Palo Alto, the task is quite complex, often we see people ending up going with Professional Services of Palo Alto. If the migration becomes easier with these kinds of tools it certainly adds value to business and one can debate of the flexibility of the Next Generation Firewall offers.

April 3, 2015  7:58 AM

According to Opus One research, Cisco Email Security ranks as Industry leader in Anti Spam Efficiency.

Yasir Irfan Yasir Irfan Profile: Yasir Irfan
Cisco, Email, Email security, Gartner, Iron Port, Network, Networking, Spam

Recently Opus One, an independent research firm released report for most popular anti-spam solution for the year 2014, where Cisco Email Security ranked as industry leader for the second year in a row. T

Optus one tested all the anti-spam solutions in Gartner’s July 2014 “Leaders,” “Visionaries,” and “Challengers” for a period of one year and declared Cisco Email Security as no 1.

Screen Shot 2015-04-03 at 10.46.52 AM

Based on my experience with various players in the Email Security area, I discovered Cisco Email Security solutions lead from the front. Had many opportunities to migrate from some of the Non Cisco Email security solutions to Cisco Email Security solutions and did saw the huge improvement especially in the area of anti-spam emails. Cisco Email Security out stands among its competitors, however this doesn’t remains the same in Web Security area.

Opus one tested all those solution providers based on the following criteria to declare Cisco a leader in Anti Spam efficiency

  • Approximately 10,000 messages were selected at random for testing each month, with a total of 130,227 messages in the final evaluation set
  • Messages were drawn from actual corporate production mail streams
  • Messages were received live and tested with less than a one-second delay
  • Tested products were acquired directly from the vendor or through normal distribution channels and were under active support contracts. Cloud-based solutions were only used when an appliance-based solution was not available. Tested products were “up to date” with current released software and signature updates and all settings were reviewed by each vendor’s own technical support team
  • Messages were hand classified as “spam” and “not spam” to ensure data validity
  • Each of the tested products included the vendor-recommended or integrated reputation service in the results

Further details of this report can be accessed from this link.

March 30, 2015  5:46 AM

CCDE lab dates for year 2016 are announced

Yasir Irfan Yasir Irfan Profile: Yasir Irfan
CCIE, Certifications, Cisco

After CCIE if any other Cisco Certification do have a value and hard to achieve is Cisco Certified Design Expert, Cisco does offer CCDE exam only once is three months and one can take maximum of four attempts per year. There are really very few CCDEs in world. Like any Cisco expert exam CCDE does cost 1600 USD. Its worth considering CCDE especially when, it is one of the reputed and hardest Industry certificate.

The schedule for year 2015 and 2016 is as follows

Exam Date Date Registration Closes* Pearson Professional CenterLocation

   May 19, 2015
 Monday,May 18, 2015 Worldwide locations. Schedule your exam at location nearest to you

August 19, 2015
 Tuesday,August 18, 2015 Worldwide locations. Schedule your exam at location nearest you

November 19, 2015
 Wednesday,November 18, 2015 Worldwide locations. Schedule your exam at location nearest you

   February 25, 2016
 Wednesday,February 24, 2016 Worldwide locations. Schedule your exam at location nearest you

   May 17, 2016
 Monday,May 16, 2016 Worldwide locations. Schedule your exam at location nearest you

   August 31, 2016
 Tuesday,August 30, 2016 Worldwide locations. Schedule your exam at location nearest you

   November 17, 2016
 Wednesday,November 16, 2016 Worldwide locations. Schedule your exam at location nearest you

You can find more detail at Cisco Learning Network website. As far training is concerned there are few trainers who are providing CCDE training or boot camp. INE is one of the leading training providers in CCDE, however Orhan Ergun is offering online CCDE training for CCDE exam. Worth contacting INE or Orhan for the training they are offering.

March 29, 2015  4:45 PM

Is CCIE is an addiction?

Yasir Irfan Yasir Irfan Profile: Yasir Irfan
CCIE, CCIE consultancy, Cisco, Network

Generally it’s observed that most of CCIE’s always attempt for their second CCIE Certification in another track and they are successful in obtaining the second CCIE certification. What does this mean? Its been well said by boss “ CCIE is an addiction” He himself is a CCIE but not dual like me.

Screen Shot 2015-03-29 at 7.40.35 PM

I feel most us are carried out by the success of first CCIE and the thought of having second CCIE, never goes of the mind. So most of them attempt for their second CCIE in different track and so on.

What makes one to attempt the second /third /forth /fifth on so on CCIE certification attempts?

The question has many answers I left this to dual, triple or penta CCIE to answer.

Well there are many certifications which are as valued as CCIE, yet most of the CCIE’s fail to embrace them. The question is when is one does get satisfied? What value does a dual CCIE adds to one?

As far as the feedback from the dual CCIE they didn’t experienced a drastic change in their pay. Nor they got the special recognition? Yet they peruse.

When I think of seriously about second CCIE certainly I will ask myself the same questions which asked when I started the journey of CCIE,

  1. Why do I want to be a CCIE ?
  2. What is stopping me from becoming a CCIE ?
  3. What extra mile I can go to over come my obstacles to achieve my CCIE?
  4. What resources I should choose to pass the CCIE?
  5. Who else in my professional group are interested in CCIE ?
  6. What impact will have on me after CCIE ?
  7. What is the time line I am looking for to complete CCIE ?

If its worth certainly I will peruse but not for the sake of fame or addiction.

March 29, 2015  3:29 AM

Cisco’s Hackathon is here

Yasir Irfan Yasir Irfan Profile: Yasir Irfan
Cisco, firewall, IPS

Cisco is currently conducting couple of challenges in the month of April -2015; one of the challenge Cisco is conducting is called Security Challenge. Cisco is teaming with HackeRank to conduct this contest from April 9 -2015 to April 11-2015.

Screen Shot 2015-03-29 at 6.27.41 AM

Basically Cisco is challenging everyone to break their new ASA firewall or IPS, which are powered by Firepower. With introduction of Firepower into their ASA’s, Cisco is aiming to provide the features of Next Generation Firewall like visibility, continuous control, and advanced threat protection.

This happens to be a litmus test for both Cisco and the contenders. Cisco is rewarding the successful contenders with MacBook pro and much more gifts. More details can be found from Cisco Security Challenge home page. Best of luck to those who really want to prove themselves.

March 26, 2015  9:40 AM

A review for “Troubleshooting and Maintaining Cisco IP Networks (TSHOOT) Foundation Learning Guide: (CCNP TSHOOT 300-135)”

Yasir Irfan Yasir Irfan Profile: Yasir Irfan
CCNP, Certifications, Cisco, Cisco Press

First and foremost I would like to thank my Professional friend Jamie Shoup for providing me the copy of this book. When it comes to preparations for Cisco certifications Cisco Press books are awesome. Cisco Press titles are written based on the blue print and topics covered for the exam.  The Cisco Press title “Troubleshooting and Maintaining Cisco IP Networks (TSHOOT) Foundation Learning Guide: (CCNP TSHOOT 300-135)” is crafted for the CCNP TSHOOT exam 300-135.

CCNP Tshoot

This title consists of 10 chapters covering following topics

  • Chapter 1 Troubleshooting Methods
  • Chapter 2 Structured Troubleshooting
  • Chapter 3 Network Maintenance Tasks and Best Practices
  • Chapter 4 Basic Switching and Routing Process and Effective IOS Troubleshooting Commands
  • Chapter 5 Using Specialized Maintenance and Troubleshooting Tools
  • Chapter 6 Troubleshooting Case Study: SECHNIK Networking
  • Chapter 7 Troubleshooting Case Study: TINC Garbage Disposal
  • Chapter 8 Troubleshooting Case Study: PILE Forensic Accounting
  • Chapter 9 Troubleshooting Case Study: Bank of POLONA
  • Chapter 10 Troubleshooting Case Study: RADULKO Transport

The author is quite smart in discussing the troubleshooting approaches in chapter 1, this really gives a good understanding of troubleshooting approach one could adopt in any given situation. Personally I liked the chapter that deals with the Network Maintenance best practices as the author discusses every aspect of troubleshooting including the most neglected part like documentation and policy.

The case study chapters are quite interesting and prepares a CCNP aspirer to think out of the box at times to troubleshoot the problems reported in day to day network operations and also now you have the liberty of downloading the typologies and diagrams from the Cisco press website for your own reference.

To conclude a good title, quite easy to understand what the author is trying to express, the only suggestion Cisco might consider is offering Virtual labs for the cases mentioned in this book or at least share the VIRL typologies so that one can have good hand on before appearing for the CCNP TSHOOT exam 300-135

March 23, 2015  5:09 AM

Being CCIE is an ultimate thing in life?

Yasir Irfan Yasir Irfan Profile: Yasir Irfan
CCIE, Certifications, Cisco certifications, Networking

Recently I received a message in LinkedIn, asking about CCIE, the question put forward to me was as follows

 ‪”I’m just curious about network technologies. There is a lot of hype about CCIE; it is said once you pass CCIE lab there are plethora of opportunities waiting for you. Some even speculate starting salary of 25k SAR in KSA. Is CCIE a global certification which is accepted worldwide even in North America?

‪Do you agree with aforementioned assertions? Please share some insights.”


Many of the Networking or non-networking professionals have certain beliefs related to CCIE, some of them are

  • CCIE is an ultimate certificate.
  • Once one passed the  CCIE lab, he conquered the world.
  • Companies around the World will approach to him with amazing 3 digit offers.
  • A new horizon will open for him; he will be welcomed everywhere

Well all these things are wrong beliefs. Certainly it does adds value to one’s career, but at the same time he /she should justify the CCIE certificate he/she posses.

Recently trends are changing even college graduates with no networking experience started to prepare for CCIE labs and they are successful in passing the lab. Does this justify that; they have the same caliber of the experienced Network Engineer, certainly not. At one end this is a good sign, this shows how CCIE is valued in the professional world. But at the same time CCIE is losing its value due to huge increase in the number of CCIE s.

I believe experience and knowledge is what matters, not the certifications. Many people have a wrong perception towards CCIE; they think by passing the CCIE lab they can conquer the world. Well this is obsoletely wrong.

Wisdom and experience cannot be replaced by certifications, certifications does add value to those, who  already posses good experience in the field. Yes CCIE is one of most prestigious certification and accepted world wide, yes CCIE does offer a good remuneration provided that you are experienced and can justify your CCIE.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: