There always a few phrases that come to mind when folks say one thing and do another. Practice what you preach, Physician Heal Thyself, Lead by example, etc...
I have designed many networks all over the world and without a doubt the single most important issue is redundancy. Fail over is measured in milliseconds in today's networks. When designing a network for redundancy it's the little things that get you in the end. Skimping a few bucks on this or that can cost big cash in the future.
I had that happened to me first hand last weekend. Read more
I like it when folks are proud of what they do. Not just a silly pride like; "My football team is better yours" (or course mine IS better: The Indianapolis Colts baby!!!) But the kinda pride that folks can back up with fact and take on all challengers. Read more
It's really hard to beat layer 2 hacking to really mess stuff up. While folks are up at layer 4-7 messin' around with this socket or that scripting vuln, I am down here at layer 2 all fat, dumb and... fat. Read more
Eavesdropping VOIP is the equivalent of "Just wait until your Father gets home" on the network. When folks talk about VOIP security they tend to immediately go straight to eavesdropping without considering the more valuable and resellable vectors like Toll Fraud. But without a doubt, eavesdropping is a great demo to do at a trade show or customer pre-sales call. Man, the purchase orders will just start flying out of pockets! Let's just get real here, eavesdropping is a very time consuming process for a low yield. Personally, I will take email over voice for information stealing. Read more
The more things change the more they seem to stay the same. I have been working on a few Bluetooth 2.1 hacks for the past couple of days and in the end I thought that while they worked they weren't very interesting. The time-effort::benefit ratio was more slanted towards the time-effort side of the house. Kinda like finding a security hole in Token Ring today. Read more
I just like to hack stuff. It doesn't matter really what it is, I just enjoy the challenge of figuring out how stuff works and how to bypass certain controls. I am not trying to be a whank about it and post how to steal a case of Sundrop from a Dixie-Narco vending machine, I just want to know from an engineering stand point. When I see electronic firmware based stuff work I always wonder; "How did they figure that out?" Read more
I have never been a fan of fishing with plastic worms. Not because it's a real worm Vs fake worm purest argument, heck I've fished with TNT before as a kid. Now that's a real hoot! It's because I have never ever caught a single thing with them. To me, they are ineffective and a waste of time/money.
That is how I feel about Intrusion Detection/Prevention. IDS is the plastic worm of network security devices in today's more advanced botnet orientated world. The marketing for both plastic worms and IDS is close to the same: Read more
- Looks Lifelike::Real World Based Signatures
It's over. RSA 2009 San Francisco is in the can. It was a good show, the RSA staff does a nice job organizing this event with good speakers, good training and a centralized place to find food and hotels. Which is cool because Cisco Live 09 is going to be at this same exact spot in a few months.
I got to meet some great folks that I have worked with in the past and others that I look forward to working with in the future. That's the best part of these type of shows; the personal connections. Read more
Any Paul McCartney and Wings fans out there? I really like their music although I think personally Paul McCartney is a real wanker. But man that wank can sure write some good tunes! On the album (dating myself here) "Wings Live over America" before the song Rock Show starts a promoter Dude says: "Showtime!" That's what day three of RSA was for me on paper BUT my mind was on the final two on camera interviews I had later on that day. The two I have been really looking forward to. Read more
Feet hurt, back aches, conference center food making the worst smelling farts I have let since the Tennessee Chili Cook Off of 1999. Welcome to Day Two of RSA San Francisco. The show floor was moderately crowded and the RSA staff did a nice job engineering traffic flow so we weren't bumping into folks all the time. I did shoulder chuck a few competitors and blamed it on our Producer Rick. I was major league booth trolling today. I had a camera crew with me walking around grabbing content from interesting booths. Read more
Is it me or do trade shows need to change? I am at RSA 2009 in San Francisco and just got back from a little floor walking. Now I like the RSA format: Whole bunch of good training and then a vendor area to score freebies. On the floor folks are scrambling to set stuff up all over the place. Kinda like a bunch of networking carnies assembling booths, games and other things to draw you in so that the vendor can grab the golden ring of marketing justification: The Badge Swipe. Read more
I was mainly raised by my Grandmother as punk kid growing up in the hills of Tennessee. Of course she had a ton of catchy sayings that probably would have made her a bumper sticker or refrigerator magnet millionaire. One of my favs is: "Knowledge is no good unless it is shared" I have tried to live my life as close to that as possible. I teach an Internet Safety class to parents to help get them to not be afraid of the Internet for their kids and their use. One of the Dudes came up to me and asked if it is possible to see what imagines their employees are actually looking at online. Read more
I was conducting a hacking 101 security training session at a users group meeting about a month ago. After some Newcastle and Pizza (mando requirement) I had went over a common character overflow limit on a Solaris box I discovered a while back when a skinny dude (for Wisconsin) stood up and said, "How did you figure that out?" I told him that I fuzzed it. At that point, the entire talk shifted from running canned exploits to finding your own via fuzzing. I loved it! A 90 minute presentation went on for over three hours. Read more
I just finished reading the NWW article on Top 10 Technology Skills. Read more
Besides the awesome bell bottom britches one of the coolest things about the United States Navy was all the countries I got to visit. Now, I am from a small town in Tennessee and just going to San Diego was a major league culture shock for me. But another country, well that was something all together different. I learned that just because something is cool or acceptable in the States it can get your butt kicked overseas. For example, when I first went over to the Middle East I would give folks a rousing good ole’ American thumbs up sign. Read more
Whether I am programming an EEPROM, JTAG'ing a device or restoring old pinball machines and arcades, I love to jump into maintenance/diagnostic mode so I can get a feel for what the code jockeys were trying to accomplish. In arcade machines they have an attract mode feature that makes different sounds and screen shots to entice you to pump-n-dump your quarters into the coin box. However, if you pull the EEPROM off the board you can find all kinds of stuff, like other games and hidden commands to totally change the behavior of the device. Read more
Based upon the comments I received on the last NMS Sucks blog, this should the shortest blog ever! In researching various NMS options, one of the best NMS products I tested was the Network Analysis Module 2. I love that hardware! Now I have tested the NAM1 a few years back and truthfully, I just classified it as a distributed packet sniffer for the 6500 which is cool for sure. I do not know about y'all but it is hard for me to drop some nickels and dimes on a product I feel I can build myself with optimized hardware and TCPDump. Read more
As much as I would like to be proactive as possible when it comes to network security, all too many times, I am in reactive mode. For example, I just received a nicely done email from a Facebook pal to go look at a YouTube video. Hey man, I am always up for a good laugh especially in the middle a mind numbingly boring conf call discussing Power Point font types or something like that. However the link looked a different, so I sandboxed and sure enough, it was a redirector to a site in Poland. As the conf call got dimmer and dimmer in my focus I shifted into reversing mode!! Read more
Network Management...
I could almost end this blog with just that statement alone. What is it with NMS that feels like were are riding in the back seat from Wisconsin to Florida with our stinky second cousin Bert. Anytime, I sit in a vendor meeting and they are trying to hock their NMS off on me I can picture signs for "See Rock City" or "Wall Drug" for the east coast to west coast survivors. Read more
One of my neighbors knocked on the door yesterday. I figured he wanted to borrow some tools or wanted me to fix his computer because he came over with a six'er of Newcastle. I think Dr. "Bones" McCoy said on Star Trek IV, "Beware of Romulans bearing gifts..." And English Ale beats the crap out of Romulan Ale any day! Come on in!!! Turns out, he was updating the firmware in his home router and accidentally kicked the power cord out of the router in the middle of an update. Can anything be done? I stalled for time until the last Newcastle was gone and then said maybe we can JTAG it. Read more
Advertisement: |
Jimmy Ray Purser is the technical co-host for Cisco's TechWise and BizWise TV. Jimmy Ray also conducts advanced training for engineers across North America and Europe and regularly speaks at industry conferences such as VON, CeBIT, N+I, and Networkers. As a field engineer, Jimmy Ray experiences networking first hand behind the console or in the rack. He is an active member in the IEEE and the Ethernet Alliance and has designed, installed and tested numerous networks for Fortune 500 companies, the United States military and other institutions worldwide. He holds 3 U.S. patents for Ethernet security algorithms with two others pending and one defensive publication, as well as numerous other vendor certifications in networking and security.
Purser holds a Bachelor of Science degree in electrical engineering from Southern Illinois University is currently pursuing a master of science degree in electrical engineering and is a licensed professional engineer in Wisconsin.
The Leader in Network Knowledge
