Posts

Showing posts from September, 2018

Firewalls and the Need for Speed

Image
I was looking for resources on campus network design and found these slides  (pdf) from a 2011 Network Startup Resource Center presentation. These two caught my attention: This bothered me, so I Tweeted about it. This started some discussion, and prompted me to see what NSRC suggests for architecture these days. You can find the latest, from April 2018, here . Here is the bottom line for their suggested architecture: What do you think of this architecture? My Tweet has attracted some attention from the high speed network researcher community, some of whom assume I must be a junior security apprentice who equates "firewall" with "security." Long-time blog readers will laugh at that, like I did. So what was my problem with the original recommendation, and what problems do I have (if any) with the 2018 version? First, let's be clear that I have always differentiated between  visibility and control . A firewall is a poor visibility too...

Twenty Years of Network Security Monitoring: From the AFCERT to Corelight

Image
I am really fired up to join Corelight. I’ve had to keep my involvement with the team a secret since officially starting on July 20th. Why was I so excited about this company? Let me step backwards to help explain my present situation, and forecast the future. Twenty years ago this month I joined the Air Force Computer Emergency Response Team (AFCERT) at then-Kelly Air Force Base, located in hot but lovely San Antonio, Texas. I was a brand new captain who thought he knew about computers and hacking based on experiences from my teenage years and more recent information operations and traditional intelligence work within the Air Intelligence Agency. I was desperate to join any part of the then-five-year-old Information Warfare Center (AFIWC) because I sensed it was the most exciting unit on “Security Hill.” I had misjudged my presumed level of “hacking” knowledge, but I was not mistaken about the exciting life of an AFCERT intrusion detector! I quickly learned the tenets of network...