Wrote a letter to one of my state's senators.

This is a copy of an email I just submitted to Senator Aaron Burr, (R, NC)

Dear Senator Burr, I would like to know where you stand on rape and sexual harassment at work. My understanding from your recent vote against an amendment proposed by Sen. Al Franken to the defense appropriations bill (http://www.opencongress.org/roll_call/show/6179), which sought to limit funding to government contractors who use mandatory arbitration clauses to prevent employees from taking action in the case of rape or assault, is that you as a person and a United States senator fully support and condone the crime of rape and the covering up thereof. I for one am happy to live in a state where the most established and influential person representing us to the nation supports rape. All those family values we've had to deal with for so long were so restrictive, i'm glad that you're taking such a progressive stance on allowing rape in the workplace. Normally i'd expect a liberal to be the one voting pro-rape, it's refreshing to see a good christian like yourself standing up for the little guys, the government paid contractors who violently and shamefully abuse their female employees.

Yours, Logan Williams

Open question to Google and all DLP vendors

Earlier today, I was in my divisional assistant director's office with my boss discussing NC public records law as it relates to email, web usage, documents and etc... As you may or may not know, I work for a local government, and the proportional chunk of our budget that we spend to retain public records is non-trivial and mandatory.

Even so, we face many challenges. The challenge i'm hoping someone at google can address for me today relates to classification of documents and integration with 3rd party solutions.

Some background:

Even though a large portion of what we do is public records, a non-trivial portion of it is by no means public records, and in fact we have a legal obligation to protect some of the data from being accessed outside of whatever use it is intended for. Personnel records are considered proprietary, as is information we have concerning direct deposit for employees, etc... Things that a lot of lawsuits would be filed over should they fall into the wrong hands.

The problem for us is that unmanaged document sprawl has both public records and private information scattered across terabytes of storage in a forest of directories, complicating our compliance efforts to no end. Also, not everything that is not private information needs to be retained per public records law, and so can be deleted to lower storage costs once the information is no longer relevant. Imagine signup sheets for 10+ years of employee birthday parties, directories misused for music storage, pictures of someone's kid, etc...

We would also like to explore the possibility of DLP to protect what needs protecting at some point in the future, as part of a larger and ongoing risk management and security management process.

I proposed automating the classification process with a sort of google appliance, or the appliance of a search competitor (dont know much in the document management space), and once we have a handle on that, using that appliance to provide data classification for a DLP solution down the road. In my mind, I can see the perfect solution to all those challenges on one box, but I want to check in with google and the internet to see if it's possible, been done, or being done.

My iPhone isnt good for everything, i guess...

So, today as I was chilling out in the boonies with my family (grandfather's birthday was a few days ago), I thought to myself "Hey, the safari browser on my iPhone is based on the one i'm using on my mac, I wonder how compliant it is." Being an IT professional, compliance is important to me. If something just isn't compliant, my coworker in web development will spaz out and then get paid to have a hissy fit, while they interrupt the task of infrastructural engineering. It's really quite interesting.

Anyways, I had already been in the internet because I was checking out latitude for the iPhone which I have to say wasn't as cool as I'd hoped. Mostly because I have no friends for it set up. Maybe I just don't have any friends... Also, it's a web app. What the fuck? The default mapping application on the iPhone IS google maps, and apple wants latitude to be a web app? I'm just gonna write this off as a decision made in steve's absence and let it go.

Being in the boonies with my grandparents, of course I am using my iPhone as a wireless modem to post this. Despite that, it still performs pretty adequately as far as pulling pages for two devices at once.

Here are my Acid results:

So, I remembered I have a blog!

Man, work has been so busy lately. If you read this monday's post on aspieteacher.com, that stuff is hitting me like a ton of bricks.

Also, I've spent a great deal of my time pouring over the technologies I have access to here at work. CS-MARS (we have a cs-mars 100), IPS (ips 4260), our ASAs (bunch of 5520 devices), and other magic tricks like IPSLA, Netflow, Cisco Security Manager, Ciscoworks Lan Management Solution, Cisco Secure ACS, and our switched LAN infrastructure have all been occupying a great deal of my time.

But I promise I have more blog posts coming. I still have to finish reading Cisco NAC volume 2 so I can write a review of it, it's really interesting stuff, I know it will be fun to write about.

Initial impression: Cisco Network Admission Control, Volume 1: NAC Framework Architecture and Design.

So, a few days ago, I received shipment of a pair of books on Cisco Network Admission Control. Volume 1 and 2, which focus on architecture/design and deployment/troubleshooting respectively.

Both are really really good books from a technical perspective. The authors, three of which are CCIEs, have a very good informational style, and aren't afraid to kick in a few jokes where appropriate. I like that as it breaks up the hard data and gives your brain a moment to process what it read, which I find is a key component to learning the information.

The information in both is relatively deep dive, but remains clear and concise enough to make a useful tool for presenting the concepts of NAC to a small audience. The books make excellent use of visio diagrams, flowcharts, tables, and other graphical data representation to really put the topic in perspective.

Here's a bit of what i've learned so far, and keep in mind I have not yet read the whole first volume.

NAC is essentially a way to control the state of devices that connect to your network. You set up a series of servers that:

1. Validate the access credentials of a host coming onto the network, or
   
2. Provide confidence that a non-user device (AP, printer) is what it claims to be
3. Audit host systems for compliance with security policy
4. Place hosts in the appropriate Vlan based on their credentials and level of compliance
5. Remediate unacceptably non-compliant hosts before granting them access
   

That really allows a company to ensure that finance people are always in the finance Vlan wherever they connect up, and that network guys are always in the network Vlan wherever they connect up. It also decreases the costs of support by giving users the ability to self-serve things like required patch updates and critical virus definitions for products like McAffee or Norton on a regular basis.

You can also apply it to the VPN connections coming in to ensure that non-corporate machines connecting into the network are acceptably secure and free of viruses or worms before allowing them access to critical resources. The NAC framework actually proactively scans the connecting host for things like worms and keyloggers over the VPN tunnel prior to putting them in the Vlan they have the credentials for.

I highly recommend Cisco Network Admission Control Volume 1: NAC Framework Architecture and Design for anyone who is concerned about securing their network endpoints and corporate assets from compromise locally, on the WAN, and via VPN.

You can find more about the book at CiscoPress.com

Many thanks to my friend David Dusthimer for the opportunity to review this book.

Guest posting is fun

So, if you dont know already, I post regularly (every monday) on sandy's blog about dealing with life in a professional setting. I wrote a post about lunch time for this weeks, and I thought i'd go into a bit more detail for those who want it. You can read the main post here: http://www.aspieteacher.com/2009/04/logan-professional-lunching/

When I say that eating in silence is a bad idea, I say it for two reasons.

One, it's a shame to lose such a valuable oppourtunity to build a personal rapport with someone in such a loose, informal setting. You might not get lunch with the IT director many times, it's important to use face time as best you can to make friends with people who can support you and help you grow professionally.

Two, sitting there in silence makes you look weak and ineffectual. Everyone around you knows about the benefits of chatting up people at lunch, and if you dont use the time they will. This goes back to my post about getting talked over, which you can also find on aspieteacher.com.

True, there is the pressure caused by the constant threat of saying the wrong thing. God has given aspies many gifts, but tact is not amongst them... And that's a risk that can sometimes make it seem smarter to stay silent.

And sometimes it is, but a great part of business is making yourself and your group look good. My boss says "perception is reality". If you are silent, there is nothing to percieve, and therefore there isnt much reality for you at all.

And who knows? They might even respect you for being blunt and honest.

Playing with the plotter

So, here at the city, we've got a civil engineering department.

For all whose ears perked up at the mention of civil engineering, I'm glad you also realize that every civil engineering department has a really big printer called a plotter. Why does a plotter interest me, then?

Network Diagrams. I'm printing a few out right now, and if they are successful, I will print more. My cube shall eventually be overrun with network diagrams.

It's fun to install and configure the switches, but it's even more fun to take a whole view of the network infrastructure organized nice and neat onto a 2 dimensional plane. Even better is then having that resource to show the rest of the world what i'm talking about when engaged in my trademark technobabble. Instead of describing something as a DMZ switch cross connected to redundant ISPs and dual firewalls, I can point at the box in between the two clouds and the two wall shapes.