Saturday, December 29, 2012

Looking ahead to 2013

With 100+ post in the last 3 years tracking my progress and adding a little bit more to the contents to this blog, I want to thank you all for your support and comments. Special thanks to those who have been following me on twitter.


I want to thank all the people with whom I have worked with. It has been an absolute pleasure.
I look forward to contribute more to the networking world.

Highs of 2012

I have worked for 3 different organizations in this years. I have had the pleasure of working with greg ferro. I have worked across a range of technologies but Routing, Switching, MPLS & Datacenter technologies being the center piece. I was in the UK the entire year not missing the games held this year. The amount of technical learning I have had was immense and the amount of learning in corporate politics was also huge. I have built some great relationships during this year both personally and professionally.

Lows of 2012

I have not lived life to the fullst. I have not had the amount of fun I should have had. I should have planned better for some projects and a little less for others. The biggest was missing out on preparing fully for CCIE Security

Looking ahead to 2013

I am looking forward to attain 2 more CCIE in the span of next 3 years i.e Triple CCIE by 2015.
I am looking at CCIE Datacenter and CCIE Security. But Datacenter will be the core.
I will be blogging a lot. There will be a lot more technical writeups.
I will be co-authoring some posts on DCN360 which will be datacenter only  posts.
I am looking forward for your continued interest to ccie-dash blog and more interactions.
I  hope and pray the year ahead brings lots of joy and success.

I pray and wish each and everyone reading my blog a fantastic year 2013 .

Sunday, December 9, 2012

Network Security & the year ahead - Part 1

I have been tremendously busy sculpting away design for datacenter spanning across the globe. I have been working across timezone to the point that I sleep and wake up at different time everyday. My body is taking the toll but the sheer pleasure of visualizing and implementing the DC keeps me going.

I truly believe network security will be the primer for me the year ahead along with the datacenter  designs. Security has become important as it was never before. With the innovation in technology and devices the amount of restriction you can pose has gone down, which means you need to watch every packet and beef up the security but at the same time not compromise on the throughput of your network.

Cisco and other vendors are constantly coming up with new devices and technologies to keep the networks safe. But every customers network is different and every customers ability to invest is different. This is where we need to understand how and what to deploy with a certain product or should i say products.

Think of security and the first obvious thing to pop in the head is the firewall. The first line of defence is always the firewall. It is always best to visualise a multi vendor firewall design so that if one gets compromised the other will protect and vice versa. In other words one firewall to keep all the nonsense of the internet out and the other to inspect the assumed legitimate traffic is legitimate.

Going in with a multi-vendor approach increases the investments to be made, but again there is a option of using vendors or ISP themselves who provide managed perimeter security.
Firewalls are not the only security measure,With security requirements at its peak, I beleive security needs to be  classified into different categories namely;

  • Datacenter Security - This is a broad classification but mainly deals with a core DC being setup
  • Branch Office network Security - This might be small to large branch office where only users work out of
  • Enterprise network Security - This will comprise of large enterprise with a large variant of users and equipments being used
  • Remote Access Security - This comprises of security when remote users connect to the office
  • Inter Connectivity Security - This might be a layer 2 or layer 3 link that connects two offices or DC
  • Access Security - This deals with the ability of users and equipments to access the network
  • Communication Security- This deals with messaging

It may not be fancy terms but this is the way I  dice up security whenever I design networks. It is imperative that each of this has varying needs, except for that they need to be as secure as possible.

Network Security is a Horizontal that spans across different types of networks.

It is very interesting to see the videos of hackers looking for information on the honeypot systems. It is very important to understand the weakness of the protocols, which will help us enable secure them.Using case studies of networks which were compromised, we can try and understand what the weakness was, how they exploited it, what defence was in place & what was the solution/workaround.

I have noticed that once there is a weakness or flaw in the security that is exploited this information seems to spread rapidly across the blackhats. But unfortunately the same is not true with people who secure the network. Anybody can become the victim of the same exploit.

Top 7 popular posts on cciedash !