Man, work has been so busy lately. If you read this monday's post on aspieteacher.com, that stuff is hitting me like a ton of bricks.
Also, I've spent a great deal of my time pouring over the technologies I have access to here at work. CS-MARS (we have a cs-mars 100), IPS (ips 4260), our ASAs (bunch of 5520 devices), and other magic tricks like IPSLA, Netflow, Cisco Security Manager, Ciscoworks Lan Management Solution, Cisco Secure ACS, and our switched LAN infrastructure have all been occupying a great deal of my time.
But I promise I have more blog posts coming. I still have to finish reading Cisco NAC volume 2 so I can write a review of it, it's really interesting stuff, I know it will be fun to write about.
Tuesday, April 28, 2009
Tuesday, April 21, 2009
Initial impression: Cisco Network Admission Control, Volume 1: NAC Framework Architecture and Design.
So, a few days ago, I received shipment of a pair of books on Cisco Network Admission Control. Volume 1 and 2, which focus on architecture/design and deployment/troubleshooting respectively.
Both are really really good books from a technical perspective. The authors, three of which are CCIEs, have a very good informational style, and aren't afraid to kick in a few jokes where appropriate. I like that as it breaks up the hard data and gives your brain a moment to process what it read, which I find is a key component to learning the information.
The information in both is relatively deep dive, but remains clear and concise enough to make a useful tool for presenting the concepts of NAC to a small audience. The books make excellent use of visio diagrams, flowcharts, tables, and other graphical data representation to really put the topic in perspective.
Here's a bit of what i've learned so far, and keep in mind I have not yet read the whole first volume.
NAC is essentially a way to control the state of devices that connect to your network. You set up a series of servers that:
You can also apply it to the VPN connections coming in to ensure that non-corporate machines connecting into the network are acceptably secure and free of viruses or worms before allowing them access to critical resources. The NAC framework actually proactively scans the connecting host for things like worms and keyloggers over the VPN tunnel prior to putting them in the Vlan they have the credentials for.
I highly recommend Cisco Network Admission Control Volume 1: NAC Framework Architecture and Design for anyone who is concerned about securing their network endpoints and corporate assets from compromise locally, on the WAN, and via VPN.
You can find more about the book at CiscoPress.com
Many thanks to my friend David Dusthimer for the opportunity to review this book.
Both are really really good books from a technical perspective. The authors, three of which are CCIEs, have a very good informational style, and aren't afraid to kick in a few jokes where appropriate. I like that as it breaks up the hard data and gives your brain a moment to process what it read, which I find is a key component to learning the information.
The information in both is relatively deep dive, but remains clear and concise enough to make a useful tool for presenting the concepts of NAC to a small audience. The books make excellent use of visio diagrams, flowcharts, tables, and other graphical data representation to really put the topic in perspective.
Here's a bit of what i've learned so far, and keep in mind I have not yet read the whole first volume.
NAC is essentially a way to control the state of devices that connect to your network. You set up a series of servers that:
- Validate the access credentials of a host coming onto the network, or
- Provide confidence that a non-user device (AP, printer) is what it claims to be
- Audit host systems for compliance with security policy
- Place hosts in the appropriate Vlan based on their credentials and level of compliance
- Remediate unacceptably non-compliant hosts before granting them access
You can also apply it to the VPN connections coming in to ensure that non-corporate machines connecting into the network are acceptably secure and free of viruses or worms before allowing them access to critical resources. The NAC framework actually proactively scans the connecting host for things like worms and keyloggers over the VPN tunnel prior to putting them in the Vlan they have the credentials for.
I highly recommend Cisco Network Admission Control Volume 1: NAC Framework Architecture and Design for anyone who is concerned about securing their network endpoints and corporate assets from compromise locally, on the WAN, and via VPN.
You can find more about the book at CiscoPress.com
Many thanks to my friend David Dusthimer for the opportunity to review this book.
Monday, April 20, 2009
Guest posting is fun
So, if you dont know already, I post regularly (every monday) on sandy's blog about dealing with life in a professional setting. I wrote a post about lunch time for this weeks, and I thought i'd go into a bit more detail for those who want it. You can read the main post here: http://www.aspieteacher.com/2009/04/logan-professional-lunching/
When I say that eating in silence is a bad idea, I say it for two reasons.
One, it's a shame to lose such a valuable oppourtunity to build a personal rapport with someone in such a loose, informal setting. You might not get lunch with the IT director many times, it's important to use face time as best you can to make friends with people who can support you and help you grow professionally.
Two, sitting there in silence makes you look weak and ineffectual. Everyone around you knows about the benefits of chatting up people at lunch, and if you dont use the time they will. This goes back to my post about getting talked over, which you can also find on aspieteacher.com.
True, there is the pressure caused by the constant threat of saying the wrong thing. God has given aspies many gifts, but tact is not amongst them... And that's a risk that can sometimes make it seem smarter to stay silent.
And sometimes it is, but a great part of business is making yourself and your group look good. My boss says "perception is reality". If you are silent, there is nothing to percieve, and therefore there isnt much reality for you at all.
And who knows? They might even respect you for being blunt and honest.
When I say that eating in silence is a bad idea, I say it for two reasons.
One, it's a shame to lose such a valuable oppourtunity to build a personal rapport with someone in such a loose, informal setting. You might not get lunch with the IT director many times, it's important to use face time as best you can to make friends with people who can support you and help you grow professionally.
Two, sitting there in silence makes you look weak and ineffectual. Everyone around you knows about the benefits of chatting up people at lunch, and if you dont use the time they will. This goes back to my post about getting talked over, which you can also find on aspieteacher.com.
True, there is the pressure caused by the constant threat of saying the wrong thing. God has given aspies many gifts, but tact is not amongst them... And that's a risk that can sometimes make it seem smarter to stay silent.
And sometimes it is, but a great part of business is making yourself and your group look good. My boss says "perception is reality". If you are silent, there is nothing to percieve, and therefore there isnt much reality for you at all.
And who knows? They might even respect you for being blunt and honest.
Tuesday, April 14, 2009
Playing with the plotter
So, here at the city, we've got a civil engineering department.
For all whose ears perked up at the mention of civil engineering, I'm glad you also realize that every civil engineering department has a really big printer called a plotter. Why does a plotter interest me, then?
Network Diagrams. I'm printing a few out right now, and if they are successful, I will print more. My cube shall eventually be overrun with network diagrams.
It's fun to install and configure the switches, but it's even more fun to take a whole view of the network infrastructure organized nice and neat onto a 2 dimensional plane. Even better is then having that resource to show the rest of the world what i'm talking about when engaged in my trademark technobabble. Instead of describing something as a DMZ switch cross connected to redundant ISPs and dual firewalls, I can point at the box in between the two clouds and the two wall shapes.
For all whose ears perked up at the mention of civil engineering, I'm glad you also realize that every civil engineering department has a really big printer called a plotter. Why does a plotter interest me, then?
Network Diagrams. I'm printing a few out right now, and if they are successful, I will print more. My cube shall eventually be overrun with network diagrams.
It's fun to install and configure the switches, but it's even more fun to take a whole view of the network infrastructure organized nice and neat onto a 2 dimensional plane. Even better is then having that resource to show the rest of the world what i'm talking about when engaged in my trademark technobabble. Instead of describing something as a DMZ switch cross connected to redundant ISPs and dual firewalls, I can point at the box in between the two clouds and the two wall shapes.
Monday, April 13, 2009
Lunch
After a busy morning of coworkers, network engineering, blackberrying, emailing, calling, talking, listening and the like, I think today I shall eat tacos.
And when I'm done, I will review the book with ISBN-13 978-1-58705-260-6
And when I'm done, I will review the book with ISBN-13 978-1-58705-260-6
Saturday, April 11, 2009
The quest for bluetooth
Today, I shall venture into the wide world in search of an acceptable bluetooth headset... I may face many demons and sensory upsets along the way, but I surely must prevail, for the blackberry I was provided by the city has a very shitty internal speaker for calls, and was designed to be used with a bluetooth headset. Also, my iphone wants one too.
Friday, April 10, 2009
Nurse, pass the anonymizer...
Talking to new people is always fun, at least on the internet where I don't need to be near them. No offense to people, but I don't like any of you in person (except any coworkers or friends who may be reading this, I love you guys).
Talking to Patient Anonymous atm, and she is quite interesting. She has a blog at patientanonymous.wordpress.com that is quite brilliant, I recommend her highly.
Talking to Patient Anonymous atm, and she is quite interesting. She has a blog at patientanonymous.wordpress.com that is quite brilliant, I recommend her highly.
Thursday, April 9, 2009
Playing about with CS-MARS
So here at the city, we've a CS-MARS 100. If you don't know what CS-MARS is, it's a little box made by Cisco Systems (<3) that does various things relating to security monitoring, mitigation, and response.
Basically, you have a topology that includes network devices and netflow enabled intermediaries, and you ether point them at CS-MARS or you point CS-MARS at them. Since it can operate ether in passive or active modes, they both work. You just lose a bit of the features with passive mode. Active mode isn't right for every topology, so there's no worrying. CS-MARS then monitors the traffic flowing through your network and picks out things that firewalls may have missed.
It can then take steps to mitigate it by asking for rate limits or instructing the devices to drop packets, etc... It is a really powerful part of the Cisco Self Defending Network, and crucial to the Defense In Depth design methodology. You can read more about it at Cisco.com/go/MARS
Basically, you have a topology that includes network devices and netflow enabled intermediaries, and you ether point them at CS-MARS or you point CS-MARS at them. Since it can operate ether in passive or active modes, they both work. You just lose a bit of the features with passive mode. Active mode isn't right for every topology, so there's no worrying. CS-MARS then monitors the traffic flowing through your network and picks out things that firewalls may have missed.
It can then take steps to mitigate it by asking for rate limits or instructing the devices to drop packets, etc... It is a really powerful part of the Cisco Self Defending Network, and crucial to the Defense In Depth design methodology. You can read more about it at Cisco.com/go/MARS
Wednesday, April 8, 2009
Just let it go
Sometimes in life and in business, we encounter things that may offend us or that are simply hard to ignore.
Somebody might say you've got a problem, or that something about you is broken. That you are damaged and in need of fixing, some ridiculous theory explains all the problems you supposedly have, and we've got to stop doing it and find a cure for your ass and quick.
And it's fine for them to think that about themselves, if they are similar to you, but you just get so mad that they think it about you. There's nothing wrong with you, why are they saying that? Who are they to say such things? Even worse, what if people believe them? What if everyone starts treating you like a leper?
The important thing is to ignore them. Reacting to negativity breeds more negativity. It is a vicious cycle of hate that only serves the message that you are indeed broken. That's just no way to go about living.
Instead, breed an ecosystem of positive thinking. There are certainly others out there that are like you, who also dont find a thing wrong about them. Seek them out, network with them, create an alternative to the message of fear and hatred spread by others. As your positive ecosystem grows, the power of fear, uncertainty, and doubt fades into the dust, and all that remains is the truth.
Somebody might say you've got a problem, or that something about you is broken. That you are damaged and in need of fixing, some ridiculous theory explains all the problems you supposedly have, and we've got to stop doing it and find a cure for your ass and quick.
And it's fine for them to think that about themselves, if they are similar to you, but you just get so mad that they think it about you. There's nothing wrong with you, why are they saying that? Who are they to say such things? Even worse, what if people believe them? What if everyone starts treating you like a leper?
The important thing is to ignore them. Reacting to negativity breeds more negativity. It is a vicious cycle of hate that only serves the message that you are indeed broken. That's just no way to go about living.
Instead, breed an ecosystem of positive thinking. There are certainly others out there that are like you, who also dont find a thing wrong about them. Seek them out, network with them, create an alternative to the message of fear and hatred spread by others. As your positive ecosystem grows, the power of fear, uncertainty, and doubt fades into the dust, and all that remains is the truth.
No meetings!
Today is a perfect follow up for yesterday. After that nerve wracking meeting with our strategic partner, I just went home and collapsed on my bed for about six hours, so it's great to have no meetings today.
I really do hate being the center of attention like that, even for the short while I had to wrangle people's attention towards the presenters. You know what else is strange? Getting calls from strangers.
This woman from a company i'd obtained a whitepaper from called me this morning from California. At 9:30 my time, it has to be early in California. I can appreciate the dedication to her job, after all, she is in sales. Still, no way would I call someone at that time of day in the hope they buy stuff from me.
I really do hate being the center of attention like that, even for the short while I had to wrangle people's attention towards the presenters. You know what else is strange? Getting calls from strangers.
This woman from a company i'd obtained a whitepaper from called me this morning from California. At 9:30 my time, it has to be early in California. I can appreciate the dedication to her job, after all, she is in sales. Still, no way would I call someone at that time of day in the hope they buy stuff from me.
Tuesday, April 7, 2009
That meeting earlier
So, our strategic partner came by and gave us the presentation at three. I wasnt sure how many of anyone would be there, but for the record, this was the final distribution of roles within the organization at the meeting:
I had to lead, despite being the absolute lowest rung on the organizational ladder, which as you can imagine took a bit out of me. When you're dealing with senior management, you have to remember that their time is extremely valuable, and so if a meeting lacks direction for even a minute, they likely have things they want to discuss with SOMEONE in the room, and so you have to keep things going. Lucky for me, my boss helped me out when I would stall for a second getting things started, and our strategic partner spent most of the time talking.
Overall, I learned a lot, everyone else learned a lot, and we got an idea of how to solve a lot of the problems present in our environment with a setup like this. We have some problems like an overall user culture of keep-things-on-the-drive, off-the-network, which creates data security problems, and also is brutal overhead if we get sued and need to provide our public records data to a company or individual. There's a big push for Disaster Recovery purposes to buy expensive laptops for all employees, which VDI can eliminate the need for. Two zero clients are way less expensive than a single laptop, so you can keep one on the desk and let the customer have one at home in case there's an inch of snow and our fair southern city shuts down.
The best part of all is that if we decide to go with Desktop Virtualization, there is very little work required from the network side, as almost all the infrastructure required is already in place, and we would only need to bring up a new environment for the VMware ESX host cluster.
- 3 assistant directors of information technology, representing Infrastructure(woot!), Strategy and Planning, and Customer Relationship Management
- 4 supervisory role managers, Deployment, PC lifecycle, Infrastructure Systems Engineering, and Infrastructure Network Engineering(my boss)
- 3 Systems Engineers
- 1 Customer support agent
- 2 Business applications interns, a Java dev and a Web dev
- 1 Business communications intern
- 1 Enterprise training intern
- 1 Enterprise Infrastructure Network Engineering intern (me)
- 2 Datacenter solutions archetects
- 1 VDI solutions consultant
I had to lead, despite being the absolute lowest rung on the organizational ladder, which as you can imagine took a bit out of me. When you're dealing with senior management, you have to remember that their time is extremely valuable, and so if a meeting lacks direction for even a minute, they likely have things they want to discuss with SOMEONE in the room, and so you have to keep things going. Lucky for me, my boss helped me out when I would stall for a second getting things started, and our strategic partner spent most of the time talking.
Overall, I learned a lot, everyone else learned a lot, and we got an idea of how to solve a lot of the problems present in our environment with a setup like this. We have some problems like an overall user culture of keep-things-on-the-drive, off-the-network, which creates data security problems, and also is brutal overhead if we get sued and need to provide our public records data to a company or individual. There's a big push for Disaster Recovery purposes to buy expensive laptops for all employees, which VDI can eliminate the need for. Two zero clients are way less expensive than a single laptop, so you can keep one on the desk and let the customer have one at home in case there's an inch of snow and our fair southern city shuts down.
The best part of all is that if we decide to go with Desktop Virtualization, there is very little work required from the network side, as almost all the infrastructure required is already in place, and we would only need to bring up a new environment for the VMware ESX host cluster.
Monday, April 6, 2009
Leading a meeting...
So, as anyone who has ever been in an environment where meetings are common will tell you, on occasion I have to call a meeting in order to get something done. The convention at my workplace is, if you called the meeting, you own the meeting. Even if the directors of finance, public works, Information Technology, the mayor, and the City Manager are there, I am the leader for the purposes of the meeting.
T0sday, I have a meeting scheduled between some senior IT managers and a company referred to as a strategic partner. Essentially, a strategic partner helps take ownership of your environment. The better off your environment is, the better off your strategic partner is. A strategic partner will attempt to make your infrastructure as stable and reliable as possible, because they know they have done a good job if they never have to send engineers over at 12 am.
The meeting is about Virtual Desktop Infrastructure, and if you're not familiar with that, i'll keep it simple and just tell you that it's the opposite of regular computing, using very small cheap computers instead of expensive ones. This creates a lot of headaches in pushing to get it adopted. The advantages and cost savings are huge, but in government, unlike private industry, soft costs are not tracked.
Fortunately, there is an economic downturn and barrack obama passed a big piece of paper saying we can get money for projects that are kind of like this. We'll see how slaughtered I get at my own meeting.
T0sday, I have a meeting scheduled between some senior IT managers and a company referred to as a strategic partner. Essentially, a strategic partner helps take ownership of your environment. The better off your environment is, the better off your strategic partner is. A strategic partner will attempt to make your infrastructure as stable and reliable as possible, because they know they have done a good job if they never have to send engineers over at 12 am.
The meeting is about Virtual Desktop Infrastructure, and if you're not familiar with that, i'll keep it simple and just tell you that it's the opposite of regular computing, using very small cheap computers instead of expensive ones. This creates a lot of headaches in pushing to get it adopted. The advantages and cost savings are huge, but in government, unlike private industry, soft costs are not tracked.
Fortunately, there is an economic downturn and barrack obama passed a big piece of paper saying we can get money for projects that are kind of like this. We'll see how slaughtered I get at my own meeting.
I should um... write something?
So, This particular blog is supposed to be about living as a young adult with AS.
Fun thing about AS, as ryan pointed out, it's really almost impossible to say asperger's without thinking "hah, assburgers". I realize some might find this offensive, but really part of being an adult is letting the fuck go of things that are insulting or offensive. If I wanted to take offense at everything anyone ever did or said to me that I disagree with, i'd get no work done.
Dunno about you guys, but I have to eat, and eating takes money. I just dont have the time to be offended anymore. I think i'm gonna go have some ass burgers and some adults pie.
Fun thing about AS, as ryan pointed out, it's really almost impossible to say asperger's without thinking "hah, assburgers". I realize some might find this offensive, but really part of being an adult is letting the fuck go of things that are insulting or offensive. If I wanted to take offense at everything anyone ever did or said to me that I disagree with, i'd get no work done.
Dunno about you guys, but I have to eat, and eating takes money. I just dont have the time to be offended anymore. I think i'm gonna go have some ass burgers and some adults pie.
Saturday, April 4, 2009
So what's an adultspie?
An Adultspie is an adult who has Asperger's syndrome, or AS. Hopefully someone with classical autism will coin Adultie to mean adult autie.
I use the term because AS and Autism are mostly seen as a children thing. Well, children grow up. Mommies and Daddies cant take care of their kids forever, and my blog is about how I learned to be my own adult.
I use the term because AS and Autism are mostly seen as a children thing. Well, children grow up. Mommies and Daddies cant take care of their kids forever, and my blog is about how I learned to be my own adult.
I guess I need a blog...
Aspieteach (aspieteacher.com) told me I was the last one without a blog, so now I have one. God bless google.
Subscribe to:
Posts (Atom)