Security Rant: Phishing Prevention and Mitigation

I think there are 3 parts to phishing defense. 1. Investigation You have to gather statistics on the current state of the environment. Should the customer even invest in training or tools to prevent links from being clicked?  They won’t know until they run a campaign to find out how many users fall prey to … Continue Reading

JUNOS Space Security Director Rules

JUNOS Space 14.1 and Security Director 14.1 have been out for a few months now.  With this version, I can finally start recommending the widespread adoption.  I’ve actually started using it and started installing it for customers.  It’s finally usable and workable! Juniper’s documentation is usually one of the better vendors out there, but for some reason, the … Continue Reading

DDoS Protection with NetFlow

DDoS Protection: The Problem with NetFlow

“Netflow collection.” This is what I kept hearing from DDoS providers when I asked how they monitored networks.  But there are a couple problems with utilizing NetFlow. Problem 1: Sampling Rates… I’ve very rarely seen a sampling rate of 1 on routers.  Cisco’s CRS shelves and ASR9ks as well as Juniper’s TX Matrix Plus and MX960s are certainly capable … Continue Reading

Gracefully Upgrading JUNOS Devices with Dual RE’s

One of the coolest things about the routing plane with Juniper routers is the fact that you can have dual/redundant independent routing-engines. Routers are constantly making decisions, running algorithms, and updating the database for the correct way for traffic to get to every destination possible.  They do this to always have the quickest/most efficient route … Continue Reading

Update JUNOS Config with Remote API slax/juise

Mike over at High on PHP recently showed everyone the coolest thing in the world …. How to run SLAX on JUNOS boxes remotely with JUISE…. Seeing this in action nearly made me pee my pants! Too COOL! I went through his setup with ease…once I upgraded my Linux distribution.  (It requires curl libraries that were … Continue Reading

Dual routing-engines/control ports on a @JuniperNetworks SRX

The Juniper Networks SRX architecture is frequently deployed in a redundant configuration. Especially the data-center SRX’s (SRX1400, SRX3400, SRX3600, SRX5600, SRX5800). It’s pretty obvious why. When you think about the data that the firewall is protecting, uptime is just as critical to the security of the system, sometimes even more-so. Production web, database, storage, and … Continue Reading

Here we go… JNCIE-SEC Exam scheduled!

I just scheduled my JNCIE-SEC exam for June 19, 2013! I’m fairly confident I could take it now and pass, but I thought I’d give myself a couple of months to truly dive into configs, case studies, etc.  I already have the other 2 JNCIE’s and the lab-based JNCIP, so I know how the testing … Continue Reading

Juniper SRX Op Script: op-monitor

On the data center SRX’s running “show security flow session summary” will return all of the sessions on each SPC.  This can be a bit time consuming when your SRX is fully loaded with SPCs.  A great way to find out how many sessions are on each SPC at any given moment is the “srx-monitor” … Continue Reading

Embrace the Future (SDN)

The rought draft of this blog was written in vi.  I live and breathe the CLI.  I spend most days in a terminal pouding out commands pretending to be a hacker from the 80’s movies.  Some would say I’m a CLI elitist, and I admit, there have been times I’ve had to force myself to … Continue Reading