There are many tasks and responsibilities of the (lone) IT sysadmin, they are sometimes varied, sometimes monotonous. We know what they are without thinking about them, as if they are unwritten commandments, specific to the IT world.
Security has featured greatly in the world news over the past few years, and even more so within the IT circles. We have the aspects of social responsibility, who is watching the watchers, how should they be held to account (NSA, GCHQ). We have the more particular stories, such as Heartbleed, and the “simplicity” of gaining information from a system.
Sitting down and reading about the recently highlighted issue surrounding a fake Trojan copy of the popular terminal tool, PuTTY, I realized that over all, we spend a great deal thinking about security within IT systems. But sometimes we don’t think about security in the actions we take, or we forget to think about them. Read More »
Tags: it security, malware, security, security breach
We are all very caught up in the “Internet of Things” phenomenon. There isn’t a day goes by when we don’t see an article (or sixteen) on the topic. We see statistics quoted here there and everywhere about this is going to/already is affecting our lives, yet almost none of these articles seems to see the big picture.
In “How to Fly a Horse” by Kevin Ashton (http://www.amazon.com/How-Fly-Horse-Invention-Discovery/dp/0385538596 ) we learn that Kevin coined the phrase “Internet of Things” (IoT) in 1999 when he was trying to present a solution to the problem of tracking the sales of lipsticks. Kevin worked at Procter & Gamble and the misplacement of lipsticks in the display case was causing a sales issue when the required color was in stock, on the display, but in the wrong place and not easily found. Kevin put an RFID tag in the lipstick and an antenna under each location, monitored the display unit, uploaded the information to the internet and used it to make decisions about the actual sales stock position.
Since then the term has been broadened to include almost anything that is in some way connected to the Internet and is providing information that can be used. The term has almost become a part of everyday use, though it seems the understanding of the term has morphed. In 2013 the Oxford English Dictionary included a definition for the IoT – “The interconnection via the Internet of computing devices embedded in everyday objects, enabling them to send and receive data” (http://www.oxforddictionaries.com/us/definition/american_english/Internet-of-things ). While this definition is fine, it does not capture the real essence of the concept.
In 2013-4, Special Workgroup 5 under ISO/IEC JTC 1 (International Standards Organization/International Electrotechnical Committee Joint Working Group 1) spent a lot of time looking at the definition of the IoT and found over 30 definitions in common use including one from CISCO. The group reviewed all of these and created a new definition that is currently being used in ISO – “The Internet of Things (IoT) is a global network infrastructure, linking physical and virtual objects through the use of interoperable data capture and networking methods. Standards‐based object identification, sensors, controls, actuators, and connection capability provide for the development of independent cooperative services and applications supported by data analytics and characterized by a user‐defined degree of autonomy.” The work of this group can be found in a report and annexes to be found at http://www.iso.org/iso/jtc1_home.html. Read More »
Tags: #ciscochampion, internet of things, IoT, IP connectivity
Lately I made the change from deep technical consultant to a more high-level architect like kind of consultant. I now do my work on the turning point between business and technique. One of my first jobs is to make my customer ready for an audit to use the dutch official authentication method, which is called DigID.
There are several requirements, which have to be fulfilled before the customer can make use of the DigID authentication method. One of these requirements is that all the internet facing systems are placed in a DMZ. I tried to explain the importance of a well functioning DMZ. For us as network specialists this fact is obvious, but a lot of people don’t understand the meaning and working of a DMZ. This blog is about the essentials of which a DMZ has to consist.
First we need to understand what we are trying to achieve with a DMZ
• Separation and identification of network areas
• Separation and isolation of internet facing systems
• Separation of routing and security policies
After understanding the achievements, there is another point of interest. Are you gonna build your DMZ with dedicated switches, firewall’s and ESX hosts (physical) or do u use a separate vlan (virtual). There is no clear answer; fact is that bigger organizations build physical DMZ’s more often than smaller ones. Besides the technical aspect, there is off course a financial aspect. Resulting out of the physical/virtual debate comes the debate whether to use two physical firewalls or one physical firewall with several logical interfaces. Equally to the physical/virtual debate there is not just one answer.
For me personally one physical firewall with several logical interfaces with tight configured ACL’s is as good as two physical firewalls. One could dispute this with the argument that if a hacker gains access to one firewall he gains access to the whole network. Personally I don’t think this isn’t a valid argument, because when two physical firewalls are used they are often from the same vendor and use the same firmware with the same bugs and exploits. So if the hacker’s trick works on one firewall, it will often also work on the second one.
Some images to make the above a little more concrete.
A single firewall DMZ:
Read More »
Tags: #ciscochampion, ACL, Cisco ASA, DMZ, firewall
#CiscoChampion Radio is a podcast series by Cisco Champions as technologists. Today we’ll be talking about Cisco Hosted Identity Services with Cisco Lead Architect Eric Eddy.
Listen to the Podcast.
Learn about the Cisco Champions Program HERE.
See a list of all #CiscoChampion Radio podcasts HERE.
Ask about the next round of Cisco Champions nominations. EMAIL US.
Eric Eddy, Lead Architect for Cisco Hosted Identity Services
Cisco Champion Guest Host
Josh Warcop, @Warcop, Senior Consultant
Brian Remmel (@bremmel) Read More »
Tags: #CiscoChampionRadio, byod, Cisco ISE, Cisco Security, Cisco Security Service
Cisco Partners are the backbone of a global, scalable and consistently excellent Cisco customer experience. And, just as we work to make improvements that will ensure our customers are always delighted with their Cisco experience, we also pay special attention to the unique Partner experience. This ensures we are best enabling you to deliver the right solutions to solve our customers’ most complex business challenges.
We’ve heard you say that our online tools are too complex and too disconnected. You’ve told us you want a seamless online experience that helps you do your job faster and better, without frustrating and potentially costly delays. To that end, our Partner team is rolling out tool improvements, taking into account your specific feedback and distinct needs. I’ve invited Jennifer Petty, Director of Cisco’s Partner Experience Transformation team to give an update and explain some of the improvements.
By Guest Author Jennifer Petty
Using Cisco’s Partner tools can put your multi-tasking skills to the test. For example, there’s an online tool to register for a program, another to check sales figures and yet another to get quotes. We know this is not an ideal experience and we want to simplify this for you in every way possible. A redesign is underway to streamline the user experience with all our Partner tools. It will take some time to complete, but we have a few early changes to share with you. Read More »
Tags: onboarding, partner experience, pricing optimizaion, registration, we-are-listening