How to Think Like a (bad) CIO

October 14th, 2013

1. Go to a magazine, blog, or website that purports to summarize IT information for executives. Alternatively, go to an airport men’s room.

2. Look at all the pictures, captions, and words in ads printed in large fonts. If in the airport men’s room, take note of whatever is advertised at eye level above the urinals.

3. Become obsessed with leveraging next-generation synergies with the emerging technology described, above.

4. Take the marketing to the next level. One way to do that is the expansion of benefits ad infinitum: if one of those devices/software platforms is good for a company, then one per user ought to be awesome. For example, if one firewall will protect a company, then one firewall per user will provide awesome protection. Another example: if one load-balanced virtual server cluster is good for a company, then getting every user his or her own load-balanced virtual server cluster will definitely deliver those leveraged next-generations synergies.

5. Present the next-level solution to your IT team and express confidence that they can get the implementation done right.

If you can do this and you are an IT professional, you will be ahead of the curve when the orders come down from above, and you’ll be ready to roll with the project.

PROTIP: having budget numbers ready to go on the outlandish ideas is a great way to get the project canceled. Don’t present the budget numbers with a negative attitude. Instead, present a can-do “we can raise the money!” attitude about the massive costs, wait a week or two, and it’ll be quietly moved to the back burner in the next big emergency.

PROTIP: If the big budget doesn’t scare the top brass, then celebrate! Your company is awash in cash and you will get loads of experience on some sweet new equipment. Don’t worry about the waste. Seriously, if you can get it all to work, you’ll have some of the funnest days at your job, ever. If not, well, keep up appearances and it’ll still probably get moved to that back burner in the next big emergency.

Every Fibre Optic Is a Loaded Fibre Optic

September 18th, 2013

Although not every fibre optic cable will have power sufficient to burn out a human eye, there are enough out there that can to warrant a caution to never direct the end of a fibre optic at an eye, unless one intends to do that eye grave harm.

Would that that was the only cautionary tale to go with fibre. But, alas! It is not! There is also the danger of scraps of fibre from an installation landing on your hands… and then you rub your eyes with your hands… and AIIIEEEEEE! Not a good situation. Or, you could be installing fibre and little bits of it fly through the air, direct to your eyes, and… AIIIEEEEEE! Put on the wraparaound safety glasses and keep them on. Remember that eyes are very much like computers: you take care of the ones you want to keep.

So are your innards. That’s why it’s a good idea to never have food or drink near where you’re working with fibre. Most people cannot eat glass, due to the harm it causes them. You are most likely in the category of “most people.” Therefore, exercise caution.

With a few proper safety measures, you can have a safe and happy fibre optic installation. But there is one safety tip that is best of all…

… get a disposable minion to install the fibre optic for you. Then, when the fibre is all up and running, toss the minion into the shoggoth pens so he doesn’t track up the office with all those nasty particles of glass and what-not that go with fibre installations.

Networking Lab of Doom

August 25th, 2013

If you’re just now learning about networking, try this one out for fun.

1. Get a switch. Plug in a few client PCs and devices. Give them all static IP addresses on the same subnet.
2. Have the devices ping each other, maybe access a file share or two. Life is good, right?

Well, that’s not the lab. It really starts in step 3.

3. Take a network cable and plug both ends of it into the switch.
4. NOW try to ping or share files. Not so good, is it?

Watch what the switch does between plugging in the cable and unplugging it. Learn to spot the difference because if you see this thing in real life, you will want to be able to stop it, and quick.

Backup Or Die

August 18th, 2013

So your boss comes in and says, “Hey, we need some backup software. Check out some vendors and let me know who to go with.” What do you do?

Most people panic and go with whatever they saw was used at the last place they worked at. It’s like they never heard of Google. Most people, it seems, have never heard of Google. Remember that: in the land of people that never search, the one-search man is king.

Those that don’t panic tend to do a perfunctory search and then find a vendor that looks pretty good. Then, like the guys that panicked, they order just one kind of software without checking to see if it’s compatible with their enterprise needs.

Bunch of morons…

If you have mail servers and databases, make sure that the software is able to back up those platforms without requiring that they shut down. What about VMs? Do you need a specialized agent for those? Centralized tracking? Alerts for jobs that didn’t complete? Image storage? Archiving? Did you even think to ask those questions? If not, start asking them and get answers so that your backups will actually accomplish something and not just be money spent on nothing.

And if the backup system is already in place when you show up on day one, make sure that they’re set up properly. What if they guy that was there before you set everything up with trial software that expired the day he walked out the door? What if there’s an error that happens every night because the main database backup isn’t executing properly and the guy that set it up two years ago told the night operator just to ignore it and click through the error? Yeah, you want to check things out, because if you don’t do your due diligence up front, it’ll catch you in the behind.

So You Want a CCENT…

July 24th, 2013

OK, so you want a CCENT…

You want Wendell Odom’s book: Cisco CCENT/CCNA ICND1 100-101 Official Cert Guide
You’ll then want the sequel for your CCNA: CCNA Routing and Switching ICND2 200-101 Official Cert Guide
You’ll then want to round things out with: CCNA Routing and Switching 200-120 Flash Cards and Exam Practice Pack

Wendell Odom is a great tech writer and I enjoyed his books for my CCENT/CCNA prep. I took the tests that expire in September. These books are for the new versions of the tests. Read them and do the practice tests until you get 95% or better every time you take a practice test. Repetitive? Yes. That’s how it’s done.

You’ll also want GNS3 and Cisco Packet Tracer to simulate hardware, unless you happen to have some handy in your house. If you do plan on getting your own hardware, check here and we can let you know if it’s a good deal or not… or what you may want to make sure about the product before you buy. I bought my own hardware after reading about people getting burned buying “certification lab bundles”. I’m glad I did, as I got more good hardware for less than what someone was charging for a bundle of gear that was good for the last rev of the cert exam…

Google is your friend. Ask a question, then Google up the answer. If you don’t understand the answer, Google some more or find a discussion forum for networkers and bring them your question. You learn a lot that way and you feel sure about your knowledge.

Segment Your Network

July 19th, 2013

Properly functioning, networked computers are the most polite things you’ll ever work with.

When one of them makes an announcement, they immediately all pay attention, drop whatever conversation they may have been having, and focus completely on what the speaker is saying. They spend enormous effort in listening to and carefully considering every announcement made in their presence.

Therefore, segment your network so it’s not bogged down by broadcast traffic.

Fibre Channel and iSCSI

July 17th, 2013

In SAN environments, admins can choose between Fibre Channel (FC), FC over Ethernet (FCoE), and iSCSI to get their data from users and servers to the storage system. So what are the differences?

FC is like the guys from Top Gear going down a perfect ribbon of road in three Italian supercars. They can floor it, swing around the corners crossing both lanes, and arrive at their destination in good order while telling us we all need a Ferrari convertible. iSCSI is a dozen Mini Coopers pulling off the Italian Job. They’ll get to their destination, just don’t ask how they got there.

iSCSI is also a good deal cheaper, unless you already have a massive fibre network that you want to justify keeping around. Just be careful to not overload your iSCSI system with nodes: gridlock with Mini Coopers is still gridlock… and the lads in the Ferraris will just laugh at you.

The Importance of Physical Security

July 16th, 2013

No amount of software hardening can overcome lax physical security with your network devices.

Let’s say a bad person, we’ll call him August Derleth, gets physical access to one of your Cisco switches that’s been tucked away in a broom closet. He gets it into ROMMON mode and sets it so it will reboot without challenging him for a password. Now he reboots the switch and then does a copy startup-config running-config command. He now has the original config loaded and full access to it. He can now create an account for himself, copy all the details on that config, and then choose a port on the access switch to open up for his own purposes, be it a rogue switch, server, or router. He could disable DHCP snooping and DAI so he could use a man-in-the-middle attack to capture all the voice traffic on that switch.

None of the software security configurations you have made will give you aid in the event of a physical access compromise.

So put a lock on that door. Now our man August cannot get to that switch because there is a lock on the door… so he can only try to attack it from the outside, which means BPDU Guard and Root Guard and DHCP snooping and DAI keep him frustrated in that respect.

OK, so Mr. Derleth gets a crowbar and breaks the lock and gets in… we are back at the original scenario. We have to face the possibility that an unauthorized person gains physical access to a system. There need to be alarms and cameras on that entrance so that when security is breached, we have a record of it. There needs to be a double entrance with a person on duty in the middle space at all times – a night backup operator, for example. Key cards, combination locks, etc. could all be considered.

Now for the switches themselves: There need to be keepalive monitors on EVERY sensitive device so that reboots and power outages are monitored and documented. Once the physical security has been breached, the main concern is not frustrating the further attacks of the hacker with configurations on the compromised device, but in gathering forensic data so he can be properly apprehended and prosecuted. The compromised device is a lost cause. Mr. Derleth may not care for alarms going off if he’s planning a smash and grab operation: his goal may be to gain access to an information store, copy it or physically transport it, and then get out before the police arrive. The alarms, however, provide a trail of evidence for later use.

So what if Mr. Derleth wants to implant systems to observe traffic and intercept communications from removals eastbourne? In that event, the alarms allow us to see where the breach began and logging servers will note when devices’ configs have been altered – or when devices have been logged into. Now we can hopefully check over those other devices and roll their configs back to an earlier saved config kept in a location inaccessible from the network.

Get your physical security house in order: locks, monitoring, and logging are all part of a complete physical security strategy.

What’s the Best Way to Learn? Teach.

July 13th, 2013

If you’re pursuing any IT certification worth having, you’re going to have to learn lots of stuff. The higher the level of certification, the more information you’re going to have to have crammed into your tiny little human being brain. The best way to get that information into your head is to teach it.

Even if all you’re doing is to keep a diary of your learning progress, the act of composing your thoughts to communicate them to another person will force you to both understand and remember the particulars of what you communicate. Copying and pasting what another person wrote won’t cut it: you need to rephrase it in your own words.

Yes, this takes on the risk of being wrong. That goes with being a human, so quit whining and hurry up and make your mistakes so you can get on with learning from them. If you come out and say something wrong, ask someone to correct you, check the suggested correction, and go forward from there.

But above all, if you actually put down something that’s accurate – and if you do all you can in order to *be* accurate – then you’ll learn that topic in the best way possible.

Security Threat to Monolith Gateway Products

June 2nd, 2013

R’lyeh Consulting has become aware of attempts made by illiterate hominids to compromise the integrity of Monolith Gateways deployed in remote sites. The attempts seem to be denial-of-service attacks with an eye towards physical damage to the devices.

The attack signature involves the illiterate hominids forming a band around the base of the monolith. The hominids then begin to scream and shout, which can interfere with Monolith transmissions in the range of audible sound. The hominids will also attempt to gain physical contact with the devices. The hominids involved in these attacks have been implicated in at least one murder, and are to be assumed to be armed and dangerous. Do not attempt to confront them if you discover them: Instead, contact R’lyeh Consulting for a proper response to their aggressive threats.