Author Archives: sr71rocks

Another Example of Physical Damage by a CyberAttack

As a follow-up to an earlier post concerning real (physical) damage from cyber-attacks, check out this post on Wired about damage done to a steel mill in Germany. Talk about scary…and it’s just going to get worse, I’m afraid. At least until people understand that infrastructure and control networks MUST be separated and secured from the Internet and other Internet facing networks/systems. In the simplest form, you can tie the two networks together and remove the connecting cable….leave it unconnected, except only when needing to perform patches, etc. And then, lock the connecting ports up in a box of some sort, and only the CIO and Admin have the keys. (I’m not kidding folks.)

Yes, I know….this is a bit too simplistic and perhaps not viable in the real world. But, we need to take this seriously. With the escalation of nation state “cyberwar”, you will be seeing more examples of this over the next couple of years. I’m worried…are you?

A New Year – And Time for the CCNP

So, 2014 is done. And a new year has begun. I wish all of you a Happy New Year for 2015!

For me, this year will be busy as I’m going to start studying for the Cisco CCNP certification. I actually decided this a while back, plus my work has made this a requirement for being a Senior Network Engineer. I was going to start this past summer, but then Cisco revamped the CCNP (known as CCNP v2), so I decided to wait until the new v2 study materials were released (which occurred in December). I just received the new ROUTE, SWITCH and TSHOOT hard cover books and eBooks over the last couple of weeks….wow, there is a LOT of material to learn. (You can learn about the new CCNP here.)

So why get a certification? I was asked that recently by my friend Shane (he has a GREAT blog that you should check out). There are many different views about certifications…they are great, they are a waste of time, them mean nothing, or they are a great demonstration of ones abilities. To a degree, all of these views are true. So, here is my take on it…

For most people, I think certifications are a good idea. In certain areas of the country (such as Northern California where I live), certifications are either required or really desired. They might not get you a job, but they can get you an interview, and that’s half the battle. BUT, you need to know what you are talking about…no certification will take the place of experience. They both go hand in hand. As you get the experience, also start obtaining relevant certifications.

Also, as in my case, the study required for a cert makes me a better Network Engineer and employee. It fills in some gaps I may have in terms of technical knowledge and keeps me up to date on new equipment and industry solutions, which may come in handy at work some day.

Now, you may not need or want a certification…that’s ok too. But you do need to keep learning…the Networking industry is always changing and moving forward, and it is easy to get left behind if you are not careful. Obtaining certifications may help with this.

Hope this helps if you are thinking about going for a certification. Let me know what you think.

A Busy December

I can’t believe that December is already over….it feels like it just started. I looked back and realized I only posted twice in the entire month of December…ugh!! It was just too busy of a month….not bad stuff mind you, but too much going on at the same time.

The first several weeks of December was busy playing my French horn in our church’s annual Singing Christmas Tree. It was a lot of work, but a wonderful time of music and remembering that Christ really is the reason for the season. I’m on the top row, on the left…

Copyright 2014 - Brian Scott Long

Copyright 2014 – Brian Scott Long

The rest of December was busy at work and getting sick. Yes, I missed Christmas day, being sick in bed. Oh well, I’m feeling better now. I’m hoping things will calm down a bit, and I can resume more regular postings.

I hope you have a great time this evening with friends celebrating the New Year! Be safe!!

Security Worries about Critical Infrastructure are REAL

Unless you are involved in the security field, you probably have not heard much about the heightened security concerns related to critical infrastructure that are so vital here in America. This would include water, electricity, oil, mining, and other fundamental services. Let me tell you, there is a lot of work underway in trying to secure these services from hackers (and others) who would just love to damage any of these systems, especially without even having to enter the country. Not sure how real this is? Take a look at this…

Mysterious ’08 Turkey Pipeline Blast Opened New Cyberwar Era (Bloomberg.com)

This oil pipeline explosion occurred back in 2008, and is just now becoming public knowledge. One reason this is such an issue is that most of the systems that control this infrastructure are still running on old PC’s, which are running Windows XP. And they were not originally designed with security in mind. Not good at all.

Not sure about you, but this gives me the willies.

A Good Network Engineer – Alert and Aware

I had an interesting lunch today. I went to my favorite fast-food place (Chic-Fil-A….they have the best ice tea!!). Anyway, when I arrived the parking lot was full of California Highway Patrol vehicles…I remember thinking that lunch today will be very safe! It was also raining (much needed here in CA), and so I put my iPad under my trenchcoat, up under my left arm-pit, and clamped down on it with my left arm. As I walked into the restaurant, I walked down an aisle full of CHP officers, all chatting and laughing with their peers.

So…it was about then that I decided to remove my iPad.  (Yeah, I know…what was I thinking.) So I put my right hand into my trenchcoat and grabbed the iPad. It was at that time that a whole bunch of eyes were instantly fixed on me as I pulled out the iPad. As soon as they saw the iPad, their eyes went back to their friends. What was interesting is they never stopped talking or laughing…being this aware and alert was normal for them. I bet most of them didn’t even realize what they just did. In other words, they have trained to be alert and aware, and it worked.

So, why bring this up? As network engineers, we need to practice being aware and alert to what is around us. When passing some users, did you hear them mention something about slow Internet? Make a mental note. Did you notice the SSH session pausing momentarily as you scrolled through some configurations from a remote router? Make a mental note. (This happened to me recently….it didn’t feel right, so I tested and found out this circuit was experiencing an above average packet loss.) Heard some users complaining about how slow the ERP application was? Make a mental note.

As you start making these notes, you may see a picture emerging that could very well point to an issue in your network. Or perhaps an issue higher up the protocol stack…maybe not even your problem, but you could alert the correct department and let them run with it. (Years ago, at another company, I noticed some people randomly complaining of slow Internet response. I started doing some testing, and was able to confirm that a random issue was occurring. It ended up being some old BIND DNS servers that were using old “hints” files. We downloaded updated hints files from ISC, and the problem was fixed…and the users even noticed the quicker Internet response!!)

As network engineers, we are uniquely positioned to notice most any issue with the network…as long as we are alert and aware. So if being aware is not second nature to you, start practicing it everyday. Don’t tune the world out…but listen to it. You will end up being a better network engineer.

Time to Give Thanks

It’s that time of the year here in America when we give thanks for the blessings in our lives. I hope you take just a bit of time, away from the TV and craziness of life, to do just that.

I want to thank the Lord for his many blessing in my life…a wonderful wife, great kids, abilities and talents in the IT field, and a great job with a great company. And most importantly, I want to thank the Lord for his son Jesus and his sacrifice on the cross. To Him be the Glory, for Ever and Ever. Amen.

Have a great and safe Thanksgiving holiday.

Security News – Regin and WordPress

Folks, here is one nasty piece of malware: Regin. Symantec has a fascinating and rather detailed write-up on Regin here. Very scary stuff. Most reports show that Regin has been in the wild since 2008, but I’ve seen a report or two that points further back to 2003. Due to the incredible complexity of Regin, consensus is that a nation state is the author, and the best choices are USA, Great Britain, China, or Israel. (Notice that no infections have been reported in USA or China.)

If you run a blog or website on WordPress (like I do), then note that WordPress has issued an update of their software which fixes a number of bugs and security vulnerabilities, including a critical flaw that could be used in a XSS (Cross-Site Scripting) attack. Exploits for this are most likely already out in the wild, so it is highly recommended that you apply the updates. You can view the security notice here.

Book Recommendation – Newton’s Telecom Dictionary

A Great First Book for Your IT Library

A Great First Book for Your IT Library

If you don’t already have Newton’s Telecom Dictionary, then you need to get it. Yes, it’s that good. If you are new to the IT field or a student working towards a career in IT, then this is a must have book. Why?

Put simply, this book is full of the answers you need when you need them. It’s crammed full of definitions for every technical term and abbreviation you will come across, and believe me the IT field is FULL of abbreviations! And more important, the information is presented in a very readable format. Plus, the author has sprinkled throughout the book his unique humor in just the right amount. A couple of examples…

Betazed –  A planet in the second Star Trek TV series, inhabited by Betazoids, beings with great powers of empathy and telepathy.

Bunny Suit –  A layered, hooded outfit that covers every part of your body, except your eyes. Bunny suits are worn by people who work in places where cleanliness is absolute. The human skin sheds about 30,000 particles of skin a second. If one of these particles made it into a semiconductor or a piece of optical fiber it could seriously impair the usability of the device.

This book is a must have book for any IT person. It is full of helpful information and humor. Grab a copy and pick a random page and start reading….you will be hooked!!

Another Busy Week…but Very Successful

Hello again. As a follow-up to last weeks post (read it here), this past week was once again way too busy. I spent the entire week at the new office, working 12 hour days, getting it ready for move in and go-live. The following tasks were accomplished…

  • All network cabling was installed, labeled and tested. This consisted of about 60 workstations, running two data cables to each workstation. The cabling vendor is a company I’ve worked with for many years…they know what they are doing and it shows in the final product. No worries here.
  • A solid wall of backboard was installed in the MPOE, and on that was mounted a swing-out Chatsworth rack. A bit pricey but worth the extra money…the whole rack can pivot to the side, giving access to the rear of the equipment. (Check out Chatsworth’s Swing Gate if you are interested.)
  • Network router (Cisco 2851), Cisco switch stack (3750’s), and several Cisco Access Points were installed, configured and tested.
  • The new PRI circuit was tested and 100 DID’s (Direct Inward Dialing) were ported over from our old PRI circuit.
  • The wireless broadband is working well, but I am still keeping my eye on it. Not sure if the vendor fine tuned it or not, but I am seeing better performance.
  • Security cameras and a key-fob access system was installed.

It was a long, but successful week. I am also glad this type of project does not occur often.

I hope you had a great weekend!!

The Busy Life of a Network Engineer

Sorry about the lack of posts this week…I have just been way too busy, and working some long hours.  I will get back on track this weekend. Here is a quick summary of my week…

  • Suffered a network outage at one of our busiest District Offices. I had to travel to the location and work with the carrier (a major fiber and Internet carrier), and troubleshoot with them over the phone. As always, they said the issue was with my equipment. (Carriers almost ALWAYS say the issue is with your equipment.) And like always, I have to prove to them that it’s their issue…which it was. Somehow, the VLAN carrying my traffic was changed which brought my network down. We finally got the circuit back up at 2 AM, twelve hours after it went down. Ugh.  And 3 days later, they still cannot tell me how that happened. I’m like “Is there really that many people that can make those types of changes? Don’t you track your changes?”  I guess they don’t.
  • I’m the PM (Project Manager) for the IT part of a new District Office which is going live in a couple of weeks. Yes, this is the location in which we have had major issues with the LEC (Local Exchange Carrier). Check out some earlier posts (Part 1 and Part 2) which talks about these challenges. We did finally get a PRI circuit installed, but no fiber Internet. I ended up using a vendor that offers high speed wireless broadband. I was onsite for a couple of days, bringing this up and testing. The circuit is 15 Mb, up and down. It’s working relatively good, but I’m seeing a bit of an issue with large packets (over 1100 bytes)…I have a consistent packet loss of between 1-2%. I know that does not sound like much, but when you are moving large files around, that ends up pushing your through-put way down to around 6 Mb. I will say this…the vendor is very easy to work with, and they already are going to work with me next week to resolve this.
  • I had an MPLS T1 circuit at a very remote site giving me fits all week long. It was taking errors pretty much 24×7, and even going down for several hours at a time almost every day. The carrier dispatched out multiple times before finally getting the issue resolved. (They had to replace multiple jumpers, and redo some splices.) It’s now been running clean for almost 48 hours straight. My thanks to the technician who hung in there and got this fixed.
  • We recently opened up a temporary site out in the boonies…like way out. This site has no copper facilities at all…no phones, no network circuits…nada. However, it is located right next to a major Interstate, and there is a Verizon tower nearby. I was tasked with getting a Cradlepoint router (with a 4G Verizon card attached) to run DMVPN (Dynamic Multipoint VPN), and connect with a Cisco router at my Data Center. This was a challenge, especially since Verizon likes to run double NAT’ing in their 4G networks. Yep, the 4G card gets a valid public IP address, but that’s not what’s seen on the Internet. Somewhere upstream, still within Verizon’s network, it gets NAT’d again with a different public IP. (Way to go Verizon.) Well, I did get DMVPN to work after much trial and error. We are testing now to see how stable it is, and hope to install it at the site in the next week or two.

As you can see, it was a busy week. And next week will be just as busy.  I’m going to be down at the new District Office most of the week, overseeing all of the cabling, cutting over to the new PRI, installing the network equipment, and working on resolving the packet loss issue. Wish me luck.

And, have a great weekend!!