Held for Ransom

As part of my Master’s Degree pursuit I will be dedicating a section of my blog to InfoSec topics and discussion. Updates will happen weekly.

Ransomware is one of the hotter topics for security leaders, especially in the Healthcare space. With a slew of attacks making the news this year, I started wondering how can organizations reduce their exposure to ransomware?

Currently the most profitable cybercrime, ransomware is experience significant growth. And because it mainly spreads via email, the infection is proving tough for organizations to defend against. After all email is an integral part of nearly every business, and almost every employee has a corporate email account.

Defending against Ransomware from a technical standpoint requires a layered approach. Email, endpoint, and possibly DNS security products can all help slow the number of attacks. However, Tom Walsh, CISSP, argues that one of the easiest ways to cut down on the number of attacks is to simply block all access to personal email accounts on the corporate network. This notion is not one I had heard before, and I think coupling it with continual education and technical solutions is an excellent way to reduce and organizations risk to infection.

ICMP Redirects Broke the Voice Network – Understanding Traffic Flows

Some time ago Phil Gervasi tweeted about understanding traffic flows and it got me thinking about situations where I did not quite understand how the production network was functioning. Phil’s tweet was more about fault tolerance, but I think it applies to general Network Engineering. If you do not understand how data flows, it becomes very difficult to troubleshoot your network.

Continue reading →

Cisco NX-OS and SNMPv3 – Securing LibreNMS

Cisco NX-OS and SNMPv3 – Securing LibreNMS

This weekend I have spent a bit of time in the lab playing around with SNMPv3. Why SNMPv3? Well I am a big proponent of securing any and all control plane communications, and SNMP traffic should certainly be secured. The configuration is not much more difficult, but the result is a fully encrypted SNMP payload that cannot be intercepted. Continue reading →

Learning Python – A Network Engineer’s Journey with Python

Overview:

As I reflected on my career as an engineer and laid out my goals for 2016, I realized that one of the areas I really needed to focus on was my ability to automate network tasks. Not only can network automation lead to large increases in efficiency, but there are multiple compliance benefits to automating the network. Continue reading →

2016 – Goals and Getting Things Done

It is a new year – 2016 is upon us! The blog got a facelift right before the new year and I renewed the SSL certificate a few days late (whoops…’Hey Siri, set a reminder to renew vlan50.com’s cert on 12/28/2016′). A facelift is not worth much if the site does not get updated more often (see Goal #1), so what better way to start than with a 2016 goals post?

Goals for 2016

Goal 1: Post More Often

Quite a generic goal isn’t it? The fact is a lot of things changed for me in 2015 and after starting off on the right track, I stopped posting around April. That was never my intention, time simply slipped away. I spent most of the summer developing four college courses, moved into a project management role in the fall, and then 2016 showed up.

Things have slowed down a bit, or perhaps I have gotten used to the new normal. Either way, in 2016 my goal is simply this – 26 posts by the time I write my 2017 Goals post (not counting this one). My expanded role has offered many writing opportunities and I have every intention of continuing my professional development as an Engineer. With that in mind, I should have ample chances to post quality content.

Goal 2: About That Professional Development

2015 was an interesting year in the Networking space. A lot of press would have you believe it was the year of SDN. I think you could argue that with Cisco’s ACI only having 1,000 customers, perhaps 2015 was a foundational year for SDN.

How does that relate to my professional development? SDN might not be here yet, but network automation is. As a result I plan to sharpen up my programming skills and put them to use, specifically focusing on Python.

There is more than that though. The way I got things done as an Engineer does not scale well with several other Engineers reporting to me. I will work to develop a project management skill set that translates and scales well. I believe in the Lean process and think that kanbans can be used effectively in Operations, just as in Development.

Finally I will be continue my journey down the Cisco Certification trail. Sometimes Engineers (myself included) put a little too much weight in the paper, but I believe Cisco Certifications are still a solid measuring stick for professional development.

So, how do I boil goal two into something measurable – a bulleted list!

  • Brush up those Python skills – build a tool to pull network inventory information
  • Project Management – Develop a style and measure its success
  • Cisco Certification – In the air, but I believe CCNP R&S would be a great goal for 2016.

Goal 3: Contribute More

In 2016 I plan on focusing some efforts in the open source community. Last year I wrote a series of scripts to help migrate from Observium to LibreNMS. That post has been wildly successful and I hope that I can continue to contribute to various open source tools that I use. The networking community is a special one, always willing to help each other and in 2016 I would like to focus a majority of my posts on helping other engineers.

Conclusion

2015 was an interesting year for me. With additional responsibilities and other projects taking a lot of time, I did not post nearly enough. Goal one is simply to rectify that – 26 posts by the time I write the 2017 goals post. Goal two and three will really facilitate the success of #1. Goals are great – they feel nice to set, even better to write about, but success is not defined by writing things down. Success is defined by doing things, 2016 will be the year of ‘getting things done.’

Migrating from Observium to LibreNMS

You may not have heard about LibreNMS yet, but I have a feeling you will be hearing lots about it in the near future. LibreNMS is a fork of Observium, an excellent network monitoring system. The fine folks behind LibreNMS have promised open, active development and a desire to help as many people as they can.

LibreNMS Demo Screen

I heard about LibreNMS on /r/networking and decided to give it a shot. I started with my lab and slowly started adding a few IT switches into the mix. After some time in the IRC channel (there are awesome people in there) and fiddling with things, I decided it was time to convert. Our Observium server was a couple years old and an upgrade was on the to-do list anyway. I went with a custom Ubuntu 14.04 build, however LibreNMS offers a ready-to-go VM image on their site.

My production Observium server has about two years worth of information and, like anyone, I did not want to lose all of my historical data. Additionally we were monitoring around 125 devices with Observium, all of which were going to require setup on the new LibreNMS server. Even more troublesome, the original Observium server was running on 32-bit Ubuntu, and RRD files cannot move between architectures.

With that set of constraints, I set out to see if I could automate the migration and move all of the historical data to LibreNMS. This post is the result of that attempt.

Continue reading →

Output of iperf -c

Testing Network Throughput with an Iperf Server

Every now and again I need to test throughput on a local segment of our LAN. Other times I want to test the throughput of an offsite VPN connection. I am able to accomplish this with Iperf, Iperf2 specifically.  This post will focus on setting up iperf2 in server mode on an Ubuntu 14.04 machine and then using iperf2 from a Macbook.

Continue reading →

Cisco UCS Blade

Cisco UCS Service Profiles – 642-999 DCUCI Study Guide

When it comes to certification exams, part of the process is going through the blueprint provided by Cisco and making a best guess at where to focus your time. Cisco provides a percentage to give an idea of where to focus your time. These notes fall into section four of the 642-999 Exam Blueprint – Provision Cisco UCS Compute Resources.

Continue reading →

Cisco UCS Resource Pools – 642-999 DCUCI Study Guide

When it comes to certification exams, part of the process is going through the blueprint provided by Cisco and making a best guess at where to focus your time. Cisco provides a percentage to give an idea of where to focus your time. These notes fall into section four of the 642-999 Exam Blueprint – Provision Cisco UCS Compute Resources.

Continue reading →

Console Session Running

Cisco Console Access from Your Mac

I occasionally have to use the console port on the back of various Cisco devices. What is a trivial task on Windows with TeraTerm or PuTTy, can be a bit more involved for Mac users. Today I wanted to walk through two methods I use to connect via console on a Macbook. First we’ll need to find a console cable with compatible Mac drivers. Most Prolific based Serial to USB adapters will work and the Mac has support for FTDI out of the box. Now that we have taken care of the equipment, lets look at two ways to get console access.

Continue reading →