ComputerWorld Blogger Eric Lundquist wrote that we have outsmarted our competition by not only focusing on bringing real economical value to the ongoing ‘green’ movement these days but doing so while others have focused on new home technology and such. “In a slow economy, companies are only going to invest in projects with a measurable ROI and a cost saving equation. In this shattered economy, the ROI imperative rules supreme.” Eric wrote. He went on to say “Microsoft and H-P took their eye off the ball when they all became enamored with developing in-home media networks rather than networks that would monitor and manage home power and utility use.” Thanks Eric. I of course agree. Hope all of you can see the geeky details behind all of this when we air our next TechWiseTV epsiode “Network Energy Efficiency” on February 19.
One of the most visited booths at NRF in New York was focused on security and the PCI Architecture that Cisco offers. This is always a sticky subject of course and it is interesting to see the foundational nature of security still given some focus in a bad economy. Now, in my experience, people talking about security and people actually working on it and/or spending money to improve can often be from two different groups. None-the-less, take a look at this short overview I got from Wayne Kennedy while I was out there.Robb
This can be a tough topic to understand for sure. A Private is not a VLAN nor do any of the essential VLAN rules apply. A VLAN is a layer 2 boundary and a Private VLAN is really a layer 1 boundary kinda… A Private VLAN is really port isolation. When I config up a private VLAN I am basically telling the switch, ignore port X from your bridge table. A Private VLAN is really allowing YOU the network admin to dictate communication behavior. Consider, I have a hotel or apartment and I want to provide Internet access for all folks BUT I do not want them to see each other. With the VLAN model, I have to route to do this PLUS carry all of the VLAN protocol overhead.A better way, would be to define one common port for Internet access that every port would access, lets say port 1. On a 48 port switch, the other 40 ports, need only to access port 1 and that is it, but the remaining 5 ports need to talk to each other because they are the door security system. So a private VLAN fits the bill here in a simple fashion. port 1 is a community port. I would set up a private vlan that would allow ports 2-43 to access only port 3 and the is it. Then another private vlan would be for my security system which would allow the doors to communicate with the server, but that is it.So the REAL question is, are they secure? Well, they can indeed isolate your ports in their own micro segment. If a hacker cracks one device they can not use it as a jumping off point to all the rest in that subnet. I caution folks when calling VLANs and Private VLANs a security feature. In my testing here in the code cave, I have noticed that a packet sent from a device on an isolated port to another device on another isolated port will not be passed by the switch. Works as planned right? Very true but a packet sent from a device to the MAC address of the default gateway will be passed through the switch. If at an IP layer, it’s addressed to another isolated device, the GW will pass it. I always recommend access lists as to protect against this behavior. I love ‘um and use them often, I just know they are part of my security tool chest and not the end all to be all. Of course in security, what is? Summing it up:Private VLANS: Are only used per switch.VLANS: can span the entire networkPrivate VLANS: allow only data traffic to and from the mapped portsVLANS: allow maintenance protocols per VLAN like NTP, VTP, ICMP, etcPrivate VLANS: have specific uses like; service providers, hotels, DMZ’sVLANS: are used for applications like wireless, voice, political boundaries, etc..Jimmy Ray Purser
New Cisco technology called ‘EnergyWise’ is being announced today and we are very fortunate to be featuring it in our next episode ‘Network Energy Efficiency: The New Frontier’ on February 19. I used to think that ‘going green’ was perhaps not in line with basic business functions and the desire to make money. So given the state the economy is in, my first thought would have been that we are going to see rapid deceleration of green initiatives. Au contraire -- we are seeing much more evidience to the contrary: economic trouble is actually ‘driving’ green initiatives. We have covered the subject of green before our TechWiseTV episode 36: ‘Energy Efficiency in the Data Center’ . Cisco makes announcements today however that we are excited to be a part of. Read More »
The NRF (National Retail Federation Show) in New York last week had a ton of innovation. It was a much more technology laden conference than I would have expected despite the fact that it is one of the best ‘business oriented’ conferences around. The show floor was huge and packed. Packed with vendors of course…but a few less customers this year given the challenging economy. The overwhelming focus within every discussion was around the need to focus on investments that would not only bring measurable results but also bring them in the short term. I will be trickling out video that we captured at the event as things get edited. Scopix Solutions was in our Cisco ‘Connected Retail’ booth and had a small crowd consistently hovering as they were doing something that I did not know was even possible. Read More »