BOSTON (05/15/2000) - Week 10: Pat wrestles with unlabeled ports, yearns for Win 2k compatibility and wonders about switchingI thought my first day back in the office after my flight from Orlando would be uneventful. I was dead wrong. I hadn't even walked into the building when I received a page that I had to call our server administrator right away. When I got to my office, I was informed that the call center couldn't reach our Microsoft Corp. Windows NT domain.
The call center has its own domain in case something like this happens, so I didn't see the need to rush to fix it.
The answer was simple: The routing table had become unstable and needed to be flushed, eliminating the old rules about which traffic would be routed where so that the router could construct a new and valid table. The rest of the week was quite boring to say the least - lots ofe-mails to catch up on and phone messages to return.
Comfortable in My Skin
I must say, I'm finally beginning to feel truly capable and ready to tackle my new position. After the SANS conference, I feel renewed with a sense of purpose about where to start and a clear understanding of how to achieve my goals.
During the past couple of weeks, I have been somewhat scattershot in how I have been tackling my projects. And I haven't really used Microsoft Project 2000 as much as I've wanted to. I was instructed by my boss to try to use it every day for about an hour and organize what I had achieved that day and what I was going to work on tomorrow.
I began by prioritizing what truly needed to be finished first and why. A secondary firewall for a subsidiary that wants to get a T1 line is definitely a high priority. It has its firewall but not the T1, which left a back door open on our internal network.
My boss had mentioned before I left for the conference that anyone can spend money and achieve his goals, but great people do it on a tight budget.
Along those lines, he asked why we couldn't just buy a four-port Ethernet card (about $500) and put it in our current firewall so we didn't have to buy the Nokia Corp. IP 440 Ipsilon appliance (about $13,000). I told him thatthe Nokia device would provide a moresecure firewall and that we could add three more four-port Ethernet cards as our needs grew. He said that since we use NT and have all the patches and service packs applied, we should be as safe as the versionof FreeBSD used in the Nokia. Dammit - I really wanted that firewall box.
I had already ordered two four-port network interface cards (NIC) from our buyer. One was a D-Link Systems Inc. card that cost about $120, and the other was an Adaptec Inc. card that cost $550. I made sure I could return both if the testing didn't work out. Still, I was amused at the difference in cost.
Everyone knows the quality of Adaptec's drivers and products. But, although I don't know D-Link too well, I was willing to give the company a shot.
The cards arrived last week while I was in Orlando. I was a bit upset with the Adaptec only because the physical labeling on the LEDs and the cable adapters wasn't what it should have been. I ended up reinstalling NT Server and FW-1 on my lab box because I had the cables out of order. I didn't notice this until I read the instructions and looked at the picture in the back of the manual, not the front.
Well, that was six hours of boredom. So far, the Adaptec is performing great, and other than the confusion over which port is which, the installation was painless and easy.
Next week, I will have a hub connected to a machine to see if I can test the routes between two of the ports while routing between the DMZ and the Internet.
I haven't installed theD-Link yet, but each port has its own set of LEDs, and they're numbered 1 to 4, left to right, unlike the Adaptec.
The next project that carries a high priority is the intrusion-detection system that we will implement in our network. I got the funds approved the day before I left for Orlando, and I think I'll go with CyberCop from Network Associates Inc. I was in the lab again, spending half my time on the firewall project and the other half learning how toinstall CyberCop and becoming familiar with the interface. The bad news is that I learned that the monitor that checks for attacks in real time isn't Windows 2000-compatible.
Up on the Soapbox
With Windows 2000, a lot of software vendors aren't stepping up to bat with timely releases of Windows 2000-compatible software or upgrades. In fact, many are six to eight months away from such releases. Microsoft caused this problem by changing a lot of the Windows 98 code between the last beta release and the release to manufacturing. This caused all the software vendors to rewrite their code twice. Who loses in the end? We, the customers.
Quite frankly, it ticks me off. I can't use Check Point Software Technologies Ltd.'s SecuRemote VPN; Intel Corp. doesn't have software ready for Shiva products; and Internet Security Systems Inc. has some functionality, but that's only because Microsoft invited the company to have some product integration with Windows 2000.
The CyberCop Suite was very easy to install and configure. I didn't even read the instructions. I don't want to be too detailed now, but I'll have a full report when I get the product in.
Switching and Security
Until next week, my friends. I'll be taking an opinion poll about the direction in which you think intrusion detection is moving in regard to a switched environment.
Companies need high-speed, 100M-bps or Gigabit Ethernet switched networks. But in a switched environment, where packets are sent directly to the recipient without going through a hub, intrusion detection suddenly gets much harder.
Some vendors say, "Hey, just mirror the ports." But what do you tell your boss when you just spent $250,000 on a nice Layer 2 or 3 switch and a couple of stackable switches, and performance drops back down to 10M-bps because you're mirroring allthe traffic to a single port for intrusiondetection?