I’ve implemented plenty of ASA 5525-X firewalls with the integrated IPS software module. While the legacy Cisco IPS module does what it’s intended to do, it leaves a great deal to be desired in terms of customization and usability. That’s why I’m very excited to try out Cisco’s new ASA with FirePOWER services. This is the SourceFire implementation when Cisco bought them back in mid-2013. SourceFire was at the top of their game when Cisco bought the company out for $2.7 billion. So it will be very exciting to see how it turned out. NSS Labs performed preliminary testing and found that the ASA/SourceFire combo was more affective at stopping malware than any other vendor including Fortinet and Palo Alto. Looks like good times ahead for Cisco network security in 2015!
I ran into an issue when troubleshooting with Cisco TAC which required I take some packet captures using a SPAN port off a Cisco switch using Wireshark. Wireshark is the de-facto packet capture program out there. It’s free, powerful and it works really well. I’ve never had a problem with it until recently. And in all fairness, it wasn’t a problem with Wireshark, but with the AV software installed on my Windows laptop. If you find yourself taking captures and only seeing the initial Syn or Ack coming back…and you have ESET security on your laptop like I did, then you will find this useful. First, disable your ESET protection completely. You’ll need an administrative password for the software to do so if you are in an enterprise environment.
If you’re like me, I always forget the command needed to see hashed passwords on Cisco ASA’s. This is especially useful when you’re making changes to VPN tunnels. In any case, here is the command you need:
Rush Limbaugh is one of the most polarizing figures in America. As a fellow tech geek, I love to hear his comments on Apple products and the company as a whole. And even if you don’t agree with Rush’s politics, he’s dead on when it comes to his opinion on everything Apple.
If you’ve been having problems with getting Java 7 applications to run while connected to Cisco Anyconnect version 3.0 or 3.1 you’re not alone. There is an issue with how Java 7 handled IPv6 that causes it not to run within the VPN tunnel. Fortunately, there are some workarounds.
It seems that no matter what the technology is, hackers have to come along and ruin it with malware in an attempt to cheat unsuspecting users out of their hard earned money. Smartphone technologies seem to be of particular interest for cyber criminals in 2012 and 2013. Everything from bluetooth to NFC has already been abused, and in some cases it’s better to not even use the technology anymore because the danger is so high.
Hackers have apparently gone so far that they are using non-technical means to peddle their malware infected sites. A new and growing trend seems to be the placement of malicious QR codes in high-traffic areas. These codes can either be placed near legitimate advertisements or used as stand-alone ads. QR code users will then use the QR codes to load a webpage — not knowing that the code took them to a site that infects their device with malware or brings them to a phishing site in an attempt to steal identities.
I’m a battery junky. Since I’m always on the road — and always using my phone, tablet, laptop and 4G jetpack, I’m painfully aware of just how dependent I am on battery power. Every night, it’s quite a chore to make sure I plug in each device at night before I go to bed. It’s therefore easy to imagine that I can’t wait for the day where wireless power becomes a reality. And indeed, it will likely happen in my lifetime. But for now, I’d settle for a decent wireless charging solution so I could walk in my house or office and no longer have to worry about plugging stuff in. It would just start charging automatically.
Love them or hate them, technology buzz words are here to stay. Often they’re helpful to get people interested in a new technology. But other times, a buzzword becomes so overhyped that it becomes loathed. The term “cloud computing” nearly became a hated buzzword a few years ago, simply because everyone used it, but didn’t really know what it meant. Over time however, people eventually learned the true power of the cloud and the term was accepted because it became a legitimate technology to the IT community.
For past couple of years, there’s been a battle raging in the enterprise-WiFi space. There are several promising wireless vendors out there, but each one had definite strengths and weaknesses. Wireless network administrators have had the difficult decision of having to choose which features they desired more, at the expense of others.
One of the little talked about benefits of the latest-gen smartphones and tablets is the fact that manufacturers are finally starting to implement wireless chips inside them that can utilize 802.11n at 5 GHz. Many people don’t realize, but before the iPhone 5 and iPad 3, all of Apple’s smartphones and tablets only leveraged wireless chips that operated at 2.4 GHz. This is a problem for many that have a great deal of wireless interference on 2.4 GHz while 5 GHz has far less congestion. Additionally, utilizing 802.11n at 5 GHz allows you to achieve much better performance.
Every WiFi implementation is different. That being said, there are some general categories that you can group WiFi environments into. Here are the categories and some examples: Continue reading
One of the major differences between 802.11n and all previous WiFi standards is the fact that 802.11n can operate within a 20 MHz channel like 802.11a/b/g — or it can consume two consecutive channels for double the bandwidth! With twice the bandwidth, it seems like everyone should configure 802.11n to operate in a 40 MHz channel, right?
Not exactly. The problem is, when you consume two channels, you end up shrinking the number of non-overlapping channels available. If you enable 40 MHz channels in the 2.4 GHz spectrum, you only have two non-overlapping channels to choose from – as opposed to three when using 20 MHz channels. That means your likelihood of interference increases dramatically. In the 5 GHz spectrum, things are a bit better as you shrink your non-overlapping channels from 23 down to 11. In fact, the use of 40MHz channels at 5GHz will increase the coverage area at higher data speeds.
Now that it’s Christmas 2012, the 7 inch tablet market has reached a fever pitch. We now have high-end devices (with mid-range prices) like the Samsung Galaxy tab, Google Nexus 7, Amazon Kindle Fire HD and even the Apple iPod mini are the talk of the town. But there’s one little tablet that’s been around for a long time now that just won’t go away. The Nook Color. And despite the Nook Color falling behind in the specifications department, it’s still fully capable and highly hackable — which makes it a tech geeks go-to tablet despite all the newcomers. After all, it is one of the only tablets out there with an micro-SD card slot. And to top it off, there are great deals on the Nook Color — everything from new units going for $99 on Black Friday, to refurbished units going for $79 online. In my opinion, the Nook Color is a perfectly capable tablet that’s going to find it’s way into plenty of Christmas stockings this year. And if you’re looking for something to tinker around with, for under $100, you can’t go wrong.
From the looks of it, enterprise owned and operated WAN acceleration and optimization appliances are quickly becoming a extinct. One recent example is Ecessa Corp., a manufacturer of WAN acceleration hardware appliances. Seeing the writing on the wall, the company decided to pivot from their focus on hardware manufacturing and sales to a WAN acceleration services and support model. Ecessa will continue to sell hardware, but consider it to be “legacy” arm of their new business strategy. Future customers and revenue streams are expected come primarily in service form that will be sold through their existing VAR network.
In my line of work, I frequently get asked “what causes WiFi interference?”. In a word: everything. WiFi signals in both the 2.4 GHz and 5 GHz ranges are susceptible to all obstructions. It’s just that some cause more interference that others. For example, a dry walled partition isn’t going to slow down your wireless signal much, but a plaster or cement block wall certainly will. Below is a short list of indoor and outdoor obstructions I’ve had to deal with over the past few years when designing, deploying and performing wireless site surveys for various businesses:
It’s likely that your business already has WiFi. But when your wireless requirements were first spec’d, the original WiFi design probably didn’t consider things like smartphones and tablets. Additionally, take a look at the latest laptops and you’ll see an interesting phenomenon — many of them are now rolling off the manufacturing floors without Ethernet ports. While you can purchase Ethernet port adapters, most will simply want to connect wirelessly.
I was recently at a remote site trying to bring up a site-to-site connection between a Cisco IOS router and an ASA firewall. Everything was working properly except for IKE phase 1 and 2 proposals. When you get mismatches on either of these two phases, the tunnel won’t come up and it can be confusing to know what part of the IOS configuration is IKE phase 1 and what part is phase 2. Hopefully, I’ll be able to sort this out for everyone.
Economics sometimes works in strange ways. During slow economic times — such as the one we’re currently going through — low-end and cheap products sit on the shelves while high quality and more pricy ones seem to do just fine. This is the situation with the smartphone and tablet case market right now. OtterBox makes a high quality, yet expensive case and it’s flying off the shelves. My most recent OtterBox case is the Defender for my new iPad, and I absolutely love it.
I was recently tasked with setting up an Autonomous System Number (ASN) which is a unique number to identiy companies that want to control their own routing of public IP space. In my case, the company wants to design their network for ISP redundancy using BGP. In the United States, all ASN’s are registered through the American Regristry for Internet Numbering (ARIN). And while ARIN has instructions on how to register and ASN, they’re a bit long and overly complex. Therefore, I’ve created my own set of instructions that you can use…and hopefully answer some of the questions you may have. After using this process, ARIN gave us an ASN in just a few days!
Steps on How to Register an AS Number:
When I first unboxed the new iPad this morning, my first impression was “meh”. Because, as we all know, the new iPad hardware is nearly identical to the old one. While I’m a bit disappointed in the lack of physical design changes, I completely understand Apple’s thinking. Just look at the current MacBook Pro design as a comparison. The MBP has been relatively unchanged for nearly four years now and still is a beautiful piece of hardware.