You may have read Monique Morrow’s posting in late December about A Faster Internet for 2009. Something to keep in mind also is that some of the slowness you perceive in Internet performance may in fact be related to the network within your home, especially if you have wireless. So, even though a faster Internet is on the near horizon, there are some things you can do right now to make your home wireless Internet experience impressively faster. I just made one simple change at home while I was off this week that now has us surfing the web at warp speed.The big change I made was to simply swap out our venerable old Linksys WRT54G router (which has served us well for several years), with a new Linksys WRT610N Simultaneous Dual-N Band Wireless Router (pictured below). The WRT610N is full of new features that deliver speed and higher wireless performance in your home: Dual bands, extended range, and support of the 802.11 n Draft standard (“n” is much faster and delivers your web pages, video and other data much more quickly). I am startled by the faster performance — I feel stupid I didn’t do this many months ago. To be honest, even though I knew the technology has been improving steadily, I had put off swapping to a more modern router, because I figured that most of the computers in our house use the 802.11g standard and wouldn’t benefit from the higher speed and throughput of 802.11 n. But the general improvements in technology seem to have provided quite an upgrade in network performance even for old laptops we have that are using 802.11 g. And, we had forgotten that our iMac desktop purchased last year already has 802.11 n capability built in, so it is now zooming! In short, the improved wireless performance feels like an instant upgrade to all of the computers and gaming systems in the house (since a lot of what happens on all of these is via the network) and the new router — even with all these bells and whistles — cost well under US$ 200. By the way, while you’re saving your pennies for a new router, there are a few things you can do to improve wireless networking in your home that are good general practice, such as moving the router away from wireless phones, obstructions, baby monitors, etc. Our Linksys.com Home Networking Tips page offers many tips on how to get the most from your home wireless network.And, I really do recommend you upgrade to a new router like the WRT610N. Here’s CNET’s Review of the WRT610N which tells all about it. (The CNET gang make fun of the geeky product name, but really seem to like everything else )That’s my tip for the new year. Enjoy!
Normally I don’t get too excited about the idea of having video tutorials about how to use a web site. I mean, web sites should be “easy and intuitive,” right?But in truth, there are sometimes complicated functions on a site that require explanation and demo.Here’s a really nice example of video demonstration from Colin McNamara, who has put together a short demo for partners of how to use the Online Interactive Configurator.Enjoy!
This Cisco Live in Second Life TechChat featured Shelly Cadora, PhD, and Ken Hook, technical marketing engineer, for Identity-Based Networking solutions at Cisco. During this TechChat, Cadora and Hook discussed how Cisco’s Identity-Based Networking Services (IBNS) help businesses by providing an innovative, scalable, and flexible solution to manage identity; the foundation for securing your network and business resources.View this online discussion to hear how IBNS:– Helps you understand and control who is on your network- Reduces overall investment by enabling identity of legacy hardware- Enables cost-effective management of changes throughout the organization- Is a scalable and more flexible identity solution, making it easier to deployClick play below to view the archive.We need your feedback. Please complete a brief survey on the Dec 11th event.Register for Cisco Live 2009 in San FranciscoDownload today’s presentation:Cisco IBNS presentation (PDF – 2.5 MB)Read the 802.1x technology foundation posts for this event:Part IPart IIPart III
If you’ve ever managed a web project, you know how vexing it can be to get started with a clear scope and direction, especially if a redesign is part of the agenda. Maybe you’ve worked on a web project in the past where some important starting criteria wasn’t identified early, or the team forgot to define some specific items like success objectives, or calls to action, or desired metrics or customer needs. When this happens, this definition gap causes resets and rework. Worse, if you were working with an outside web design vendor, this rework and redefinition probably slowed down the project, degraded final quality, and added to the final cost of design and delivery. So, it’s important to get projects started on the right track. We do so at Cisco by way of a magical document called a Web Design Brief. I thought you might be interested in the format we use, and may find it useful in your own organization. So, you can download our Web Design Brief template here. The idea of the Design Brief is simple: (1) Answer some key project questions in a friendly PowerPoint format, and then (2) share it with your web team and designers or (if the project is big) prospective design vendors. It’s an easy and effective way of figuring out what you’re really trying to do with a new design or section revamp.A design brief will save you time, aggravation, and money, by answering fundamental questions such as:
- Why are you embarking on this new web project, anyway?
- What are your primary business objectives and success measures?
- Who are you audiences and what are your users key requirements?
- What similar sites or projects inspire you?
- What kinds of customer data and site metrics do you have available to inform the design?
- Who are the key contacts and stakeholders, and what other related projects are underway?
- What is the global reach of the project?
- The objectives of the project are clear, so projects get kicked more efficiently with our design resources, saving time and money
- The projects get completed more predictably, since there are fewer restarts and resets
- Considerations like metrics plans and global deployment aren’t surprises, since they’re flagged up front
- Design estimates with vendors tend to be better, since the project is well defined
This is part III in the series of technical foundation posts leading up to our December 11 TechChat“Networks That Know You: Cisco Identity-Based Networking Services”.
Have you ever left the house and forgotten to lock the front door? It can ruin your day, especially if you remember it as you’re pulling up to the office after a grueling commute. But maybe, being a security geek, you’ve installed a security web-cam over the front door. So you fire up your browser and monitor the house. You may not be able to lock the door remotely, but you can at least see if anyone tries to break in.Authenticating someone’s identity without enforcing some form of authorization is like having an unlocked door with a web-cam: you can’t physically prevent anyone from gaining access, but you can see who goes in and out. This kind of visibility is a non-trivial asset. Knowing that someone is watching may be enough to deter some intruders. Still, authentication (the web-cam) by itself may not be an adequate long-term security policy for most homeowners. The same goes for networks. Once you’ve authenticated endpoints and users with IEEE 802.1X or MAC-Authentication Bypass (MAB), it’s time to enforce network access restrictions based on the established identity of that user or endpoint. The rest of this blog looks at the different forms of authorization in Identity-Based Networking Services (IBNS) today.Default Authorization: The default authorization in an 802.1X-enabled network is binary: on or off. All endpoints and users that pass authentication get full access to the statically configured VLAN on the port. Those that can’t authenticate get no access. This is how 802.1X was originally designed to work. However, this default authorization policy may be too black-and-white for real world networks. In the real world, giving every authenticated user and device the same level of access in the statically configured VLAN may not offer enough granularity to meet the goals of your security policy. In addition, you may have good reasons to offer limited access to users who can’t authenticate. Other forms of authorization can be used to accomplish these goals.Dynamic Authorization: Instead of putting all authenticated users into the same static VLAN, some corporations need to be able to grant differentiated access, where one group of known users (“œEngineering”) gets access to different network resources than another (“œFinance”). Dynamic VLAN assignment is a form of dynamic authorization where the AAA server (the centralized security policy server) tells the switch to assign a VLAN to the port based on the identity of the user or device that authenticated. Engineers go in the Engineering VLAN, accountants go in the Finance VLAN. While this form of dynamic authorization is a powerful tool for differentiating access for different user groups, it comes at a cost. Supporting multiple VLANs on every switch may require changes to the network architecture and addressing scheme. In addition, VLANs isolate traffic at Layer 2 in the OSI stack so dynamic VLAN assignment by itself cannot restrict access to specific subnets (at Layer 3) or applications (Layer 4 and above). However, dynamic VLAN assignment does provide the foundation for virtualizing IT resources using Network Virtualization Solutions. Get more information on how Network Virtualization can increase security with path isolation and virtualized services. Local Authorization: With local authorization configured, the switch can allow access to the port in special VLANs in the absence of a successful authentication: endpoints that are not 802.1X capable can be assigned to the Guest VLAN; endpoints that fail 802.1X can be assigned to the Auth-Fail VLAN, endpoints that can’t authenticate because the AAA server is unavailable can be assigned to the Critical-Auth VLAN. With local authorization, endpoints that would otherwise be denied network access entirely can get some form of access. Different networks need different kinds of authorization policies. Many large customers have successfully deployed 802.1X and IBNS on wired networks using the techniques I described above. But other customers still find it challenging to deploy 802.1X. In our Second Life TechChat next week, we’ll talk about new and upcoming innovations in all three kinds of authorizations -default, dynamic and local -that will make IBNS simpler to deploy and easier to customize.Written by Shelly Cadora, PhD**Shelly will be one of our speakers during the December Cisco Live in Second Life TechChat. She is a technical marketing engineer for Identity-Based Networking solutions. She is a 10 year Cisco veteran with a CCIE in Routing and Switching (#16318). Prior to becoming involved with Identity and 802.1X, she was involved in the development of the ASA firewall and Cisco IP Telephony solutions