East to West Data Center Security? #netsec

I always recommend layered security. And East-to-West Data Center Security is no different!  However, security for the sake of security isn’t ever a good thing. So let’s take a look at East-to-West DC security. I’d also wholeheartily agree with intrusion prevention (IPS) and possibly application layer security on east-to-west data center traffic.  Hackers are breaching East-to-West … Continue Reading

DDoS Protection with NetFlow

DDoS Protection: The Problem with NetFlow

“Netflow collection.” This is what I kept hearing from DDoS providers when I asked how they monitored networks.  But there are a couple problems with utilizing NetFlow. Problem 1: Sampling Rates… I’ve very rarely seen a sampling rate of 1 on routers.  Cisco’s CRS shelves and ASR9ks as well as Juniper’s TX Matrix Plus and MX960s are certainly capable … Continue Reading

IDP isn’t a job, it’s a profession

Originally Posted on the Juniper Champion Community There are network engineers, there are security engineers, and then there are IDP (intrusion detection and prevention) engineers. Or at least there should be. I can’t count the number of times I’ve told enterprises during an IDP integration, “The configuration and setup I’m giving you is a good … Continue Reading