Implementing a Zero Trust Security Architecture

The old mantra of “trust but verify” just isn’t working. “Never trust and verify” is how we must apply security in this era of sophisticated breaches. Looking at 2014 in the rear-view mirror there has been a myriad of security breaches. Target’s breach exposed over 40 million credit card numbers, 70 million pieces of personally identifiable information resulting in over 1 billion dollars in related costs(1). To further the hit list of this years victims, as of late November 2014, Sony Pictures Entertainment’s entire corporate network is offline due to a suspected breach, which has seen staff cease electronic work entirely due to a corporate wide, self imposed network shutdown(2). In a time where attacks are both prevalent from inside and outside of business IT and security departments must ask themselves the question Who can you trust? This blog first appeared on NetworkInferno, vNetadmin and blog.shin.do What is a Zero … Continue reading

Upgrading to Log Insight 2.5

Log Insight provides log management, aggregation and visual representation of events within both the physical and virtual network. It has the ability to manage the logs of thousands of distributed devices and systems and allow administrators a simplified portal for log management. Log Insight just got an upgrade to version 2.5. My current pseudo-production environment was running 2.0 GA and I wanted to take advantage of the new features in 2.5 – namely the cluster load balancer and events trend analyser. At a high level Log Insight supports the continuous ingestion of logs from a number of different platforms. It can take logs in and provide the ability to perform complex visual lookups, provide integrated regex lookup through logs, and graph events based on these logs. The architecture is quite simple and very powerful. When Log Insight is upgraded the master node is logged into and upgraded first. The worker … Continue reading

SPARK: VIRL is launched!

Cisco VIRL Cisco VIRL has been officially release. Cisco VIRL is Ciso’s network topology platform that allows the study, testing, simulation and validation of enterprise and service provider topologies in a lab environment. Built on KVM using OpenStack, this platform enables network administrators to build powerful topologies that allow test, validation and architecture exploration of new technologies. It also allows old dogs like me to study against it for my CCIE certification. As per the VIRL site, virl-dev-innovate.cisco.com‘s words Build highly accurate models of existing or planned networks. Design, configure, and operate networks using authentic versions of Cisco’s network operating systems – IOSv, IOS-XRv, NX-OSv, and CSR1000v. Integrate 3rd-party virtual machines, appliances, and servers. Connect real and virtual networks into high-fidelity, high-scale development and test environments. Design and test anywhere – VIRL is portable! There are two ways to purchase VIRL. Both are annual subscriptions which in my opinion are … Continue reading

Don’t forget how to be a user

## Don’t forget how to be a user I work for a large technology company that provides many product offerings. I live in a world that is at the forefront of the network industry that delivers a leading edge technology. There are so many parts of my companies offerings that I have nothing more than a users view of the world. You know what? That is absolutely fine. I look at end-user computing with absolute marvel. I do not know how to administer it. I do not know how to optimise and scale the environment. I do not know why certain applications are published in a certain way. What I do know is I can use any application published to my app catalogue on my iPad, hand over to my laptop and continue working seamlessly. Where application publishing is not enough I can gain access to a floating Windows desktop and … Continue reading

Palo Alto GlobalProtect + Yosemite

One of the clouds I have access to is protected by a Palo Alto firewall. It has its own VPN client which allows me access to it. It is known as GlobalProtect. As an avid Mac user I have upgraded to Yosemite the moment it came out. Whilst I had run most of my software in a Yosemite VM, I had not tested this client. Before the release of Mavericks, Apple told developers they would increase the stringency of their code signing. There would be tighter checks and increase security as a result. The kext signing would aid in helping protect users. Herein lies the problem. There are a number of applications which are not following new signing rules and Yosemite will nip them in the bud. What occurs with PAN’s GlobalProtect is that it will fail to establish a VPN. Certain parts are code signed. There is a fix … Continue reading