Cisco Blogs


Cisco Blog > Perspectives

#CiscoChampion Radio S2|Ep 24. CCIE Service Provider Exam Updates

CiscoChampion200PXbadge#CiscoChampion Radio is a podcast series by Cisco Champions as technologists. Today we’ll be talking about CCIE Service Provider Updates with Cisco Technical Leader Lizabete Cacic.

Listen to the Podcast.

Learn about the Cisco Champions Program HERE.
See a list of all #CiscoChampion Radio podcasts HERE.
Ask about the next round of Cisco Champions nominations. EMAIL US.

Cisco SME
Lizabete Cacic, Cisco Technical Leader

Cisco Champion Guest Host
Ryan Booth @that1guy_15, Networking Engineer

Moderator
Rachel Bakker (@rbakkker) Read More »

Tags: , ,

Remembering the small things: IT Security

There are many tasks and responsibilities of the (lone) IT sysadmin, they are sometimes varied, sometimes monotonous.  We know what they are without thinking about them, as if they are unwritten commandments, specific to the IT world.

Security has featured greatly in the world news over the past few years, and even more so within the IT circles. We have the aspects of social responsibility, who is watching the watchers, how should they be held to account (NSA, GCHQ). We have the more particular stories, such as Heartbleed, and the “simplicity” of gaining information from a system.

Sitting down and reading about the recently highlighted issue surrounding a fake Trojan copy of the popular terminal tool, PuTTY, I realized that over all, we spend a great deal thinking about security within IT systems. But sometimes we don’t think about security in the actions we take, or we forget to think about them. Read More »

Tags: , , ,

What happened to the “Things”

We are all very caught up in the “Internet of Things” phenomenon.  There isn’t a day goes by when we don’t see an article (or sixteen) on the topic.  We see statistics quoted here there and everywhere about this is going to/already is affecting our lives, yet almost none of these articles seems to see the big picture.

In “How to Fly a Horse” by Kevin Ashton (http://www.amazon.com/How-Fly-Horse-Invention-Discovery/dp/0385538596 ) we learn that Kevin coined the phrase “Internet of Things” (IoT) in 1999 when he was trying to present a solution to the problem of tracking the sales of lipsticks.  Kevin worked at Procter & Gamble and the misplacement of lipsticks in the display case was causing a sales issue when the required color was in stock, on the display, but in the wrong place and not easily found.  Kevin put an RFID tag in the lipstick and an antenna under each location, monitored the display unit, uploaded the information to the internet and used it to make decisions about the actual sales stock position.

Since then the term has been broadened to include almost anything that is in some way connected to the Internet and is providing information that can be used. The term has almost become a part of everyday use, though it seems the understanding of the term has morphed.  In 2013 the Oxford English Dictionary included a definition for the IoT – “The interconnection via the Internet of computing devices embedded in everyday objects, enabling them to send and receive data” (http://www.oxforddictionaries.com/us/definition/american_english/Internet-of-things ). While this definition is fine, it does not capture the real essence of the concept.

OSI ETC JTC 1In 2013-4, Special Workgroup 5 under ISO/IEC JTC 1 (International Standards Organization/International Electrotechnical Committee Joint Working Group 1) spent a lot of time looking at the definition of the IoT and found over 30 definitions in common use including one from CISCO.  The group reviewed all of these and created a new definition that is currently being used in ISO – “The Internet of Things (IoT) is a global network infrastructure, linking physical and virtual objects through the use of interoperable data capture and networking methods.  Standards‐based object identification, sensors, controls, actuators, and connection capability provide for  the  development  of  independent  cooperative  services  and  applications  supported  by data analytics and characterized by a user‐defined degree of autonomy.” The work of this group can be found in a report and annexes to be found at http://www.iso.org/iso/jtc1_home.html. Read More »

Tags: , , ,

DMZ Basics

Lately I made the change from deep technical consultant to a more high-level architect like kind of consultant. I now do my work on the turning point between business and technique. One of my first jobs is to make my customer ready for an audit to use the dutch official authentication method, which is called DigID.

There are several requirements, which have to be fulfilled before the customer can make use of the DigID authentication method. One of these requirements is that all the internet facing systems are placed in a DMZ. I tried to explain the importance of a well functioning DMZ. For us as network specialists this fact is obvious, but a lot of people don’t understand the meaning and working of a DMZ. This blog is about the essentials of which a DMZ has to consist.

First we need to understand what we are trying to achieve with a DMZ
• Separation and identification of network areas
• Separation and isolation of internet facing systems
• Separation of routing and security policies

After understanding the achievements, there is another point of interest. Are you gonna build your DMZ with dedicated switches, firewall’s and ESX hosts (physical) or do u use a separate vlan (virtual). There is no clear answer; fact is that bigger organizations build physical DMZ’s more often than smaller ones. Besides the technical aspect, there is off course a financial aspect. Resulting out of the physical/virtual debate comes the debate whether to use two physical firewalls or one physical firewall with several logical interfaces. Equally to the physical/virtual debate there is not just one answer.

For me personally one physical firewall with several logical interfaces with tight configured ACL’s is as good as two physical firewalls. One could dispute this with the argument that if a hacker gains access to one firewall he gains access to the whole network. Personally I don’t think this isn’t a valid argument, because when two physical firewalls are used they are often from the same vendor and use the same firmware with the same bugs and exploits. So if the hacker’s trick works on one firewall, it will often also work on the second one.

Some images to make the above a little more concrete.

A single firewall DMZ:

DMZ Basics

Read More »

Tags: , , , ,

#CiscoChampion Radio S2|Ep 23. Cisco Hosted Identity Services

CiscoChampion200PXbadge#CiscoChampion Radio is a podcast series by Cisco Champions as technologists. Today we’ll be talking about Cisco Hosted Identity Services with Cisco Lead Architect Eric Eddy.

Listen to the Podcast.

Learn about the Cisco Champions Program HERE.
See a list of all #CiscoChampion Radio podcasts HERE.
Ask about the next round of Cisco Champions nominations. EMAIL US.

Cisco SME
Eric Eddy, Lead Architect for Cisco Hosted Identity Services

Cisco Champion Guest Host
Josh Warcop, @Warcop, Senior Consultant

Moderator
Brian Remmel (@bremmel) Read More »

Tags: , , , ,