Security Rant: Phishing Prevention and Mitigation

I think there are 3 parts to phishing defense. 1. Investigation You have to gather statistics on the current state of the environment. Should the customer even invest in training or tools to prevent links from being clicked?  They won’t know until they run a campaign to find out how many users fall prey to … Continue Reading

DDoS Protection with NetFlow

DDoS Protection: The Problem with NetFlow

“Netflow collection.” This is what I kept hearing from DDoS providers when I asked how they monitored networks.  But there are a couple problems with utilizing NetFlow. Problem 1: Sampling Rates… I’ve very rarely seen a sampling rate of 1 on routers.  Cisco’s CRS shelves and ASR9ks as well as Juniper’s TX Matrix Plus and MX960s are certainly capable … Continue Reading

Layered Security on A Network Device

I recently co-authored a whitepaper discussing the layered network security approach typically implemented with PCI Compliance. This got me thinking about layered security in general. Data center security, network security, application security, physical security, and national security… One thing these entirely different security architectures have in common is the layered approach to securing critical assets. … Continue Reading

SSH to a New Cisco IOS-XR Device

If you have a Cisco device you’re wanting to get SSH access to, you can’t just SSH into the box right from the get go. There are a couple things to do first:  Add an IP Address to an Interface (from config mode)

Enable SSH (from config mode)

Create a DSA key (from … Continue Reading

Configure Fabric Extender to Nexus 5k via Port-Channel

First, let’s just enjoy this moment.. This is my first Cisco-centered blog…. EVER! Ok, now that we’re done with that collective “WHAT?!!”, let’s get to business! Cisco has a pretty neat technology called Fabric Extenders. If you follow my blog, then you’re probably a Juniper gear-head, so think of it as EX virtual-chassis’ using the … Continue Reading

The Value of a Certification

Originally Featured on The Champion Community Blog “What’s in a name?”  Who would have thought that Shakespeare’s observations about names in Romeo and Juliet would still have relevance almost 400 years later, especially in the tech field.  These were two star crossed lovers who could care less about names and identification, but not the rest … Continue Reading

Route Distinguishers (auto vs. manual)

Automatic Route-Distinguishers vs. Manual Route-Distinguishers Every MPLS VRF needs a unique route distinguisher.  This is needed for BGP to tell the difference between two of the same prefixes on two different VPNs.  You wouldn’t want the route-selection process to perform a route-selection between the two because they’re in separate routing domains. Both JUNOS and IOS-XR … Continue Reading

Yet Another Definition of QoS

In today’s modern networks, subscribers of certain services (e.g. VoIP and/or video) demand that their services are always available and also have an acceptable quality.   In order to ensure that availability and quality, it is first necessary to group traffic into classes where traffic in a single class requires the same treatment, and then … Continue Reading

Wow…. Am I Psychic? #bgp #Juniper

So, only 18 days after I posted “What’s wrong with the Internet”, the Internet had another hiccup (read more here) and millions of users couldn’t surf/browse the Internet. No, it wasn’t hacked, but at this point does it really matter? It’s like I’m psychic… Or maybe there REALLY IS SOMETHING WRONG like I’ve been saying. … Continue Reading