Author: Calin

Calin is a network engineer, with more than 20 years of experience in designing, installing, troubleshooting, and maintaining large enterprise WAN and LAN networks.

Undersea cable connect east Africa to high speed networks

An undersea cable plugging east Africa into high speed Internet access went live Thursday, providing an alternative to expensive satellite connections.
The cable links southern Africa to Europe and Asia.

SEACOM, the cable provider company, opened its 17,000 kilometer submarine cable, capable of 1.28 terabytes per second, allowing the region true connectivity.

Most Africans rely on expensive and slow satellite connections, which make the use of applications such as YouTube and Facebook extremely trying.

“This is going to reduce the cost of doing business in Africa, within Africa and with international parties” said Suveer Ramdhani, SEACOM spokesman in South Africa.

Source: CNN

Active Template Library (ATL) Vulnerability

Certain Cisco products ( Cisco Unity 4.x, 5x., and 7.x ) that use Microsoft Active Template Libraries (ATL) and headers may be vulnerable to remote code execution.

In some instances, the vulnerability may be exploited against Microsoft Internet Explorer to perform kill bit bypass. In order to exploit this vulnerability, an attacker must convince a user to visit a malicious web site.

Cisco will release free software updates for products that are affected by this vulnerability. Workarounds that mitigate this vulnerability are available.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20090728-activex.shtml.


Multiple Vulnerabilities in Cisco Wireless LAN Controllers

Multiple vulnerabilities exist in the Cisco Wireless LAN Controller (WLC) platforms. This security advisory outlines the details of the following vulnerabilities:

Malformed HTTP or HTTPS authentication response denial of service vulnerability
SSH connections denial of service vulnerability
Crafted HTTP or HTTPS request denial of service vulnerability
Crafted HTTP or HTTPS request unauthorized configuration modification vulnerability

Cisco has released free software updates that address these vulnerabilities.

This advisory is posted at: http://www.cisco.com/warp/public/707/cisco-sa-20090727-wlc.shtml

What’s the deal with the new Cisco Architect Certification

In the last weeks more and more people are speaking about the new Cisco Architect Certification. The truth is that the details about this certification is still very unclear and nobody seems to know in which direction this will head to.

Let’ see what I understood from the process of achieving this certification.

First, at the basic level, you need to have a valid CCDE certification to be able to apply for Architect certification. Application for this certification will involve your CCDE number, a Resume of your professional work experience to be verified by Cisco and a summary of a project in which the candidate acted in the role of an architect or designer. Now, if the first 2 things are quite clear, the last one can be tricky. How Cisco will verify that you actually where in that role and for which project? Call the company that hired you and discuss details? Another issue would be, if you had signed a non-disclosure contract with a certain company for which you had the role required. If the company that it’s contracts in serious, and usually they do than you can find yourself in situation that you can apply for the Cisco’s certification but maybe than you have to appear in court for breaking the contract with company. Of course it’s specified that “a summary” has to be presented, meaning that maybe you should tell what you had to do, and not how you achieve it.

Second, If you pass over the application phase, then you have a pre-board exam work. Cisco state that:  “Candidate will receive an architectural challenge from the board and must respond accordingly” and that the response should include: “A functional specification (not to exceed 50 pages); High-level architecture diagram(s); Summarized business requirements document; Rationale supporting the proposed architecture; Outline of presentation about the proposed architecture for the board” . It’s not stated in which manner this exam will take place. It will be like in the actual lab exams, 8 hours + / – in a room where you have to achieve the desired result, or you get the subject over the e-mail you come along with your engineer friends for a night of brain storming and you send back the result over the e-mail? After you submit your work,  “the board will evaluate the submission against scoring rubrics” (which one?!) “and determine what questions should be posed to the candidate” in the next step. Again the details are not so clear. You can fail in this step just because your way of doing diagrams is not on committee’s preferred way? This step for me seems very subjective, because it tend to test your personal skills and not your professional knowledge. I mean maybe you are one of the best in the branch, but you have a problem with clear explaining what your intentions are in regard to the architecture. That’s why in a company there are more people involved in a project, otherwise one person can be the technical department and the sales one.

And now step 3, which is actually the exam and it’s called Board exam. In this step you appear and present your architecture in from of an “executive team”, respond to the technical questions of a “design team” and try to solve a “what if” change in your original architectural challenge. At the end of the board meeting, the judges will independently assign final scores against defined scoring rubrics. The scores will then be tabulated and the candidate will be notified of certification status. First issue that I see here is that the individuals of which English is not there native language may encounter problems here. Maybe in the your head everything is well defined and you can put it on a paper, but when you’ll explain it looks like a complete drama. I’m sure that most of engineer which have the level to apply for this certification will have no problem with English language, but still it’s a disadvantage. Then you have to convince the board that your solution is the right one (of course you have to be sure of this) if they question your work and by doing this you can offend then (let’s be honest who likes to admit that he’s wrong) leading to subjective marks. Again, I hope that this boards are selected carefully from persons who have the maturity to understand that other might be right.

What about the price? Cisco say it will be around 15000$, but that’s it. When you will have to pay this money? If  it’s on the beginning of phase 1 and you’re not qualifying, that means that your throw on the window $15K

Training? There is no formal training programs available for the Cisco Certified Architect certification. Here I agree with Cisco. I mean what book or course can teach you in some weeks the full knowledge that a professional achieved in 10 years of experience, certifications and participation in different projects.

Impact over the current certifications. This is like a knife with two blades. On one hand the professionals which achieve this Architect Certification will not have to worry about their IT career. The existing CCIE certifications will lose some of their value, even this is not fair as the knowledge will still be there and the efforts to achieve one of this certification level is considerable, but that’s this industry. From the income / salary perspective this will mean also a decrease as CCIEs will not be the “top” of the certification chains. An example for now, just look at the CCNA level. In  most of the cases when you go to an interview and you have this certification, the employeer looks at you as you were born with it and not get it after hard work (I know, I know…skip those one that use Pass4Sure or other tricks to get it, please).

The future will answer to me if I’m right or wrong, or maybe you can do it. One thing is clear. This certification will be one of the big challenge on the market, and for sure some engineers will be proud of their new certification and level of  recognition in IT industry.

Routing + QoS + Security all free for you and your small business

OK, you catch me as this is not from Cisco, but is related to networking and security, so I believe it fit in the idea of this blog. What I’m talking about here?! Well, let’s assume that you are the IT guy of one small business or even your home network, and like all of us, you want what’s the best for your network. With today’s key words (even I don’t understand why) like saving, cost reduction, zero budget for new deployments no manager will approve new hardware to be bought. And to be fair enough why would you like to buy an expensive Cisco 6500 if you have 50 PCs in your network and some servers? Cisco and other brands in the same line are good, actually very good, and money worth spending to have them, but only if they are really required. Continuing on this idea, somebody asked me to find a solution for his small to medium business as he has a small user network and some servers. Of course he wanted all the possible features and security but without investing too much, or if possible nothing. To keep everything into this limits, I had the idea to use a Linux box with 3 NICs and a bunch of software for achieving the other features like QoS, routing and so on. But I found something better to manage and to maintain over the time.

The product is called Untangle and I found out to be perfect for my solution and maybe for yours if you want to give it a try. Among the other good features that it has integrated, you will see that this is a FREE product. Of course nothing is just white and black, and if you want some features you have to pay for them. Anyway I managed to do everything without paying anything. Untangle can be installed on a dedicated machine or as an application in Windows. Installing on Windows is …how can I say…useless, at least from my point of view. I mean who put the trust of his network gateway on a Windows machine?!  As a dedicated machine is one of the best solutions that I tested.

As explained on the Untangle documentation, this solution can be installed on any regular Intel / AMD machine with some decent configuration. If you want to keep this solution for a longer time and logs I would recommend something dual core with 2 GB of memory and at least 80GB hard-disk capacity. The minimum requirements from the developers would be a 800Mhz processor with 512KB of memory and 20GB hard-drive, if you plan to run this for a network with less than 50 stations. The process is very simple, you download an image, burn it on a disc and then install it. If you ever installed another OS, you will handle this for sure.

The new device can be deployed as a router or as a transparent bridge:
untangle-deployment On my private installation I deployed it as a router, as I wanted this to be the main gateway and to separate the LAN from the DMZ area.  After you configure the basic stuff, you may want to choose what services you will use on this machine. Everything is modular. You have a virtual rack in which you insert free or paid applications. Maybe you are wondering which are the free applications. Here is the list: Web Filter, Virus Blocker, Spam Blocker, Ad Blocker, Attack Blocker, Phish Blocker, Spyware Blocker, Firewall, Routing & QoS, Intrusion Prevention, Protocol Control, OpenVPN, Reports. This covers most of my basics needs for a small network. If you want advanced features like WAN Load Balancer, WAN Failover or Remote Access Portal than you have to buy this applications. Of course I would preferred to have this also for free, but as I said in other articles, nothing is 100% free on this world.

Every module is than configured in a graphical interface with easy to understand and follow menus. You can choose what to activate, what traffic to be inspected, what packets to be subject of QoS and may more. One thing before you proceed to test this. By routing please don’t understand Dynamic Routing Protocol or other advanced features. Like I said before this solution is for small to medium sites which does not have to support complex routing environment. However it does support basic routing and it can be installed as a router. Regarding the support you get for this product there is good forum and also a Wiki page

Below I prepared a small gallery with screenshots from Untangle. The screenshots are copyrighted to Untangle.com and can be found on there site together with a some nice video presentations of the product.

Please be aware that this site is not affiliated in any way with Untangle.com. The opinion presented here represent my own experience with Untagle product.

[nggallery id=16]