The Network Operating Center-A Holiday Story

By: Dan O’Donnell

‘Twas the night before Christmas, when all through the NOC
Not an alarm light was blinking, not even the clock
The cables were hung in their brackets with care
In hopes that OSHA will never be there

The night shift was restless, longing for their beds
While visions of hackers danced in their heads
And the boss in his tie and I in my cap
Sat down to check an SNMP Trap

When up on the screen there arose such a sight
Of red blinking icons glowing in the night
Away to the terminal I flew like a flash
Put in my pass code to prevent a crash

The code on the display said it was a D.O.S.
I knew that our systems would be put to the test
But then I remembered, and it gave me a tickle
My tools are connected with Network Critical

With IPS protection on every link
And aggregation to my tools I was in the pink
My Sourcefire blocked the menacing hack
And protected my network from a Christmas Eve attack

My boss whistled and shouted and called me by name
“Wow, what a job, he smiled and exclaimed!”
“I thought we were done for; an end of year crash”
“With my job and my paycheck, gone in a flash.”

My network design, built by the rules
Adhering to standards, using all the right tools
Was the hero tonight in the corporate DC
Saving the necks of my boss and me.

When things have calmed down I returned to my station
And started working on Common Malware Enumeration
With my shift almost over at about midnight
I toasted the season and was feeling alright

As we count our blessings and offer good cheer
I wish you a reliable and secure New Year
From the company that helps build networks right
Happy Holidays to all and to all a good night!

© 2010 Network Critical

Best Wishes from Network Critical

Having to Buy TAPs is not a Bad Problem

By: George Bouchard & Tim O’Neill

Note from Author and Technical Editor- Not all addictions or obsessions are bad and most should be taken seriously, like drug, alcohol, and many others that are life threatening.

There are also good addictions, and one that we feel, tongue in cheek, all network managers need to catch: Tapping, or focusing on getting real visibility into their network, so they can finally really see what is going on!  There are many reasons to become a “TAPaholic” and all of them are good!

So this article is about a good addiction or obsession – becoming a “TAPaholic,” really getting to know your network, and helping those “SPANaholic’s” get a better path in their professional life so they, for once, can see what is really in their network!

So you bought your first TAP to review and solve your compliance problems.  You became a hero for solving that problem and it hardly cost anything.  Now, you’re wondering how many more problems you can find using TAPs.  You’ve taken this first step for “TAPification” of your network, but you may be in danger of becoming a “TAPaholic.”

From now on you will have to be extremely careful or else you may fall into the TAP abyss.  There are still so many problems to solve on your network.  You have in-line appliances that can kill your live traffic if they should fail, and every time you need to apply software patches, you need to reserve a maintenance window.  Worrying about it keeps you and your colleagues up at night.

But now that you bought your first TAP, you begin to wonder:

1. Could a TAP solve that in-line appliance problem for me?
2. Can I safely place an active security appliance on my most critical links?
3. Can I do so without the worry of losing our critical “bread and butter” link in the event that anything goes wrong with the security appliance?
4. Can I do software upgrades and maintenance on the security appliance without having to schedule a maintenance window for the critical link?

I am TAPman and I’m here to tell you, YES!  Yes, you can!

How, you say? – Because a TAP that is specially designed to work “in-line” can provide 100% protection for that critical link. And the bonus is, now that the security appliance is “in-line”, it can be placed in the active mode.  You can take action on a security threat as soon as it is seen, keeping your network safer and letting you and your colleagues sleep like babies at night (or whenever it is that you sleep).  But, beware, all this success may be setting you up to become a hopeless “TAPaholic” because the more TAPs you buy, the more heroic you become to your peers, and the more you look for network problems, the more these TAPs can save the day.

You yearn to solve all those nagging problems that have kept you up at night.  You also want to save your organization a great deal of budget money so they can go out and buy bigger and better routers, switches, and firewalls.  All of this success feeds your addiction to use TAPs. Now, you’re looking for more reasons to put them in anywhere you can, to see new things you have never seen before.

You see your company growing because the network is running more smoothly and efficiently than ever before, plus you now know your network and how it is being used better.  The employees are happier and more productive because they no longer have to wait for the network, in fact, the network is always waiting for them.  Everything is going great, but, there is something wrong. Lately, your life seems to have less meaning.  You can’t think of why.  Then it dawns on you: You haven’t bought a TAP in over a month…Ha! That’s where I, TAPman, come in. I can sell you any kind of TAP you may need. I can let you see your network problems so you can fix them…after all you can’t fix what you can’t see.

I can give you visibility into your network by providing access for your:

1. Network Analysis tools
2. Security tools
3. Lawful Intercept
4. Forensics
5. Data Leakage
6. Bandwidth Shaping
7. Content Filtering
8. Deep Packet Inspection
9. Deep Packet Analysis tools
10. High Availability applications

I can do it all and easily satisfy that empty feeling you have, so call me!  I may not be able to cure that empty feeling, but is it really so bad to keep on letting you see where your network problems are by using TAPs?

To learn more about Network Critical, please visit networkcritical.com

How to Prevent your Company’s Data on WikiLeaks Website

By: Daniel O’Donnell and Ellen Carruthers

There are several key system network vulnerabilities that have been highlighted and become more apparent by the recent publication of many US State Department classified documents on the WikiLeaks website.  It is a troublesome situation to say the least not only for the US Government but for all foreign governments and commercial businesses dealing with sensitive data on their IT networks.

There are many issues now under discussion and review as a result of this incident.  Legal cases are being developed regarding punishment, if any, for the perpetrators.  Congress is in full PR mode making sure the finger of blame points anywhere but at them.  Media companies are wrestling with the ethics of what to report and what to hold as protected information for national security.  The website at WikiLeaks is currently under attack by multiple fronts.   A government IT security review is under way.  In fact, an AP/Huffington Post article states the Pentagon is establishing new policies that disable removable media and change the way in which information is moved between classified and unclassified computers.

Here’s an article from Federal Computer Week about the WikiLeaks Fallout: White House Orders Classified Data Security Review

There are three relatively inexpensive solutions that have the ability to secure your confidential information, allow access to authorized personnel while maintaining reliability. This approach includes a Data Loss Prevention appliance, a Policy Management appliance and a flexible, reliable, Smart Network Access device that connects the appliances to the network while providing protection to the network data in the case of a appliance error.

A Data Loss Prevention (DLP) can be implemented into a Network by installing the appliance virtually “in-line” on a network link.  All the Network data that passes through that link is analyzed and compared against a set of rules established by the DLP appliance. The objectives of the rules are customized by the Network Administrator and provide parameters for deciding what data is allowed to leave the corporate site, be downloaded to a portable device or be blocked.

One of the most valuable features of DLP appliances is the ability to send alarms to appropriate personnel when requests for the sensitive data are being received.  Websense is one of many companies that make DLP sensors.

Policy Management products provide authentication and access to various clouds and or servers within the network.  There can be many layers of policies set up to allow access to certain IT assets and deny access to others.  A sophisticated policy management plan and the right equipment to enforce the policies will allow access to authorized clients while blocking others.  Companies like Layer 7 are protecting corporate IT assets with a product array of in-line appliances.  These appliances are installed in the access link.  As data flows, certain authentication and authorization codes must be received before access to the cloud or servers will be allowed.

To be most effective, these appliances must be connected to the network “in-line” while maintaining uptime, reliability and availability.  This is where the Network Access device becomes crucial. These are Smart Access devices which allow multiple appliances to connect and manage information in-line while providing a “fail-safe” link operation if the appliance is compromised or goes off-line.

Network Critical provides an in-line Network Access device that connects to the data link and provides monitor ports to the appliances.  The modular SmartNA architecture allows incremental additions for multiple appliances while maintaining link uptime in the event of appliance failure, power disruption or off-line maintenance requirements.

Chances are there may be some areas of concern with respect to securing your network from outside attacks and inside threats such as seen with the recent US State Departments lose of confidential property.  Don’t wait for your own WikiLeaks scandal. Do not wait until you are called into the CEO’s office to answer this question, “How could this have happened?”

By installing relatively inexpensive appliances into your network architecture you can provide sophisticated access policy, manage threats from inside as well as outside your network by connecting it all through Smart Network Access devices.

Be proactive and lock down your confidential information from public view while allowing uptime and information to authorized personnel.  Don’t be another WikiLeak victim.  Be a security champion!

Click Here to learn more about Network Critical’s SmartNA System.

Follow us on Twitter

Become a Fan on Facebook