Security Rant: Phishing Prevention and Mitigation

I think there are 3 parts to phishing defense. 1. Investigation You have to gather statistics on the current state of the environment. Should the customer even invest in training or tools to prevent links from being clicked?  They won’t know until they run a campaign to find out how many users fall prey to … Continue Reading

JUNOS Space Security Director Rules

JUNOS Space 14.1 and Security Director 14.1 have been out for a few months now.  With this version, I can finally start recommending the widespread adoption.  I’ve actually started using it and started installing it for customers.  It’s finally usable and workable! Juniper’s documentation is usually one of the better vendors out there, but for some reason, the … Continue Reading

East to West Data Center Security? #netsec

I always recommend layered security. And East-to-West Data Center Security is no different!  However, security for the sake of security isn’t ever a good thing. So let’s take a look at East-to-West DC security. I’d also wholeheartily agree with intrusion prevention (IPS) and possibly application layer security on east-to-west data center traffic.  Hackers are breaching East-to-West … Continue Reading

DDoS Protection with NetFlow

DDoS Protection: The Problem with NetFlow

“Netflow collection.” This is what I kept hearing from DDoS providers when I asked how they monitored networks.  But there are a couple problems with utilizing NetFlow. Problem 1: Sampling Rates… I’ve very rarely seen a sampling rate of 1 on routers.  Cisco’s CRS shelves and ASR9ks as well as Juniper’s TX Matrix Plus and MX960s are certainly capable … Continue Reading

Layered Security on A Network Device

I recently co-authored a whitepaper discussing the layered network security approach typically implemented with PCI Compliance. This got me thinking about layered security in general. Data center security, network security, application security, physical security, and national security… One thing these entirely different security architectures have in common is the layered approach to securing critical assets. … Continue Reading

Gracefully Upgrading JUNOS Devices with Dual RE’s

One of the coolest things about the routing plane with Juniper routers is the fact that you can have dual/redundant independent routing-engines. Routers are constantly making decisions, running algorithms, and updating the database for the correct way for traffic to get to every destination possible.  They do this to always have the quickest/most efficient route … Continue Reading

Update JUNOS Config with Remote API slax/juise

Mike over at High on PHP recently showed everyone the coolest thing in the world …. How to run SLAX on JUNOS boxes remotely with JUISE…. Seeing this in action nearly made me pee my pants! Too COOL! I went through his setup with ease…once I upgraded my Linux distribution.  (It requires curl libraries that were … Continue Reading

Dual routing-engines/control ports on a @JuniperNetworks SRX

The Juniper Networks SRX architecture is frequently deployed in a redundant configuration. Especially the data-center SRX’s (SRX1400, SRX3400, SRX3600, SRX5600, SRX5800). It’s pretty obvious why. When you think about the data that the firewall is protecting, uptime is just as critical to the security of the system, sometimes even more-so. Production web, database, storage, and … Continue Reading

Here we go… JNCIE-SEC Exam scheduled!

I just scheduled my JNCIE-SEC exam for June 19, 2013! I’m fairly confident I could take it now and pass, but I thought I’d give myself a couple of months to truly dive into configs, case studies, etc.  I already have the other 2 JNCIE’s and the lab-based JNCIP, so I know how the testing … Continue Reading