A Single Glass of Pain

On two separate occasions now, a coworker has said ‘…a single glass of pain…’ rather than ‘…a single pane of glass…’

I’m thinking it’s subconscious.

New Year, New Role – The First Month! Part .5

I have now been in IT for over 20 years – I started in 1996 as a cabling tech, working on phones and data cabling (including IBM mainframe COAX cable, that is some dirty work!)

For that entire span, I have worked mostly as a network engineer and as an infosec engineer. I have found that these two fields can be quite complementary and have had a pretty good run in both fields.

At the beginning of the year, 2017, I started in my new role with LogRhythm, as a Sales Engineer. I am so excited for this opportunity, and I can’t even begin to express how much fun it has been so far. I am just starting to get up to speed, and to be totally honest, we have an awesome SIEM offering. But I want to address the elephant standing on the gorilla in the room…People keep saying,’Oh, you went over to the Dark Side!’

If this is, in fact, the Dark Side, then yes, I have gone and with relish!

But really, all this stuff is so new to me, and this is the first time I have been on this side of the table.

The Sales Engineer is paired with sales execs, and in my case, I have been paired with two very fine human people. We’ll see how that works and translates in to quotas met and all. So far, they have shared with me their philosophies on selling, and we are all simpatico – We don’t do hard sells, we are not going to be cheesy or icky or the like, and we are going to be honest and ethical. Sound like the Dark Side? Nope.

All this drinking from the firehose has left me reeling…In the best possible way!

IT Career Truths – Part Zero

I started writing my list of IT Career Truths on LinkedIn, and I think they are totally awesome.

Here’s my original list.

  • GREP is your friend – I have not made a t-shirt of this yet, but I still want to.
  • Always check the logs – ALWAYS CHECK THE LOGS.
  • Break out the ‘Sniffer’, the packets tell the story – Learning to read sniffs is the second best thing I have done for my career.
  • When you imagine sitting ‘IN THE ROUTER’, it is easier to figure out which interface you want to focus on and which direction the traffic is flowing.
  • You can never Telnet to a UDP port (no matter how much you want to). I can’t even recall how many times someone has told me that they couldn’t telnet to SNMP’s well known port 161 (UDP).
  • GREP is your friend. GREP IS YOUR FRIEND.
  • Pick a layer and work up or down from there methodically – Reference models are here to help us, they are not just pretty posters. I usually start at physical, but that’s only if I have zero idea of what I am looking at.
  • Your ‘gut’ may tell you something, and it may even be correct, but it is not a substitute for facts – All this stuff, the internet, *NIX, all of it, was created and developed by physicists, engineers and other scientist types. Your gut may lead you there, but once there, deal in facts, please.
  • GUIs come and go, but command lines are forever.

20 Years On…

Whenever I am asked now (and even when I am not asked), I always tell whomever will listen that learning Linux to the level I have is the best thing I have ever done for my career. And I mean BEST THING – Including Cisco certs, InfoSec certs, all of it.

I have some idea why learning Linux and using Solaris are so important to me, and I think it has to do with having closer access to what the machine is actually doing.

I realize this is a very imprecise statement, since the machine is doing something physical and the OS is doing something else, but the point is that the inner workings of the system are not as much of a black box as they are with an OS like Windows – From the perspective of a fairly normal user, that is. If you are a Windows OS MVP, that’s a level of skill very much like that of the old Bearded Wizards of the UNIX world, so Kudos! Most of us are not at that level, however. In Windows, at least in my mind, it is much more difficult to get to that level of Gong Fu than it is for a person to install a flavor of Linux and start banging away at it.

I am grateful ‘Angry Mitch’ to his friends, for MAKING me learn *NIX commands when I started working for him in 1997. The command line was intimidating at the very least, and I came from a background that included very little computer usage, let alone any UNIX/Solaris/Linux. Mitch made me learn, in the context of maintaining a RADIUS server for ISDN RAS user authentication, and it was extremely uncomfortable and difficult for me. Now, I can’t imagine NOT having learned *NIX. I’m not some guru hardcore Linux/Unix admin, but I am definitely not unskilled either.




Rumination Nation

‘Thems who don’t learn from mistakes are destined to repeat them.’

Destined? No, but likely to repeat them.

And I know, ‘Thems’ is bad, but it’s meant to be.

Whatever the quote is – History is destined to repeat or whatever – has been shown to be true time and again in my memory. But ruminating on it, on mistakes and what-might-have-beens, does not one bit of good.

This is not a post on the results of the recent election, or not entirely at least. A good buddy of mine posted on Facebook that he’s going to post altruistic awesomeness – some article or site about someone or someones doing good for others. Selflessly and without expectation of reward. I love this idea. It’s very easy to get caught up in negatives and not easy to break out of being negative. I told this friend that we all win when he posts those positive items.

It’s the same reason that I sometimes like to look at pictures of cute puppies and other baby animals.

I think that this particular deceased equine is sufficiently battered. Onward and upward.

Bogons and other IP Lists I Love to Block

I love the Team Cymru Bogons lists. Bogons are unallocated IP ranges from which you should never receive traffic. These ranges are used in DDoS attacks. Like RFC 1918 addresses, these should be blocked explicitly at your network borders.

Another question I have been asked more than once recently: ‘How do you determine which IP address ranges to block?’

My answer is: It depends. If you have a business that has no interaction with China or Myanmar, find the IP ranges for these places and block them. If you only do business domestically, block the rest. If your device can handle it and has enough memory.

The minimum to block is any and all nations that the US State Department has embargoed. Traffic from Iran is not likely going to be anything but suspect if it’s hitting your firewall.