Five Tips to Keep Your Career Moving Forward

Now that 2011 is coming to an end and 2012 will soon be upon us, many will be making New Year’s resolutions. The most popular resolutions probably relate to health. However, many people also include career goals in their resolve. With the continuing economic challenges, it is tough but not impossible to feel like personal career growth is continuing. This article is only peripherally related to our current series of discussions on job roles and tasks. This is article is a New Year's Article that focuses on five key things that everyone can do to help keep their careers moving forward, even in tough economic times.

Tip 1 - Find a Mentor

Finding a mentor may be a challenge. In many cases people tend to keep what they know to themselves. Some people seem to think that if they are the only person that can do a task, they are more valuable to the organization. Furthermore, some people like to place themselves high on a pedestal and have the desire to stay there. I think we have all met people like Nick Burns. I doubt Nick would make a good mentor.

For those unfamiliar with Nick Burns, here is a video excerpt from Saturday Night Live.

A good mentor is someone that you can trust and who can help you stay on track. This is not a person that does everything for you when you get in over your head. This is a person who gently steers you in a direction that is conducive to your career or your particular role in an organization. This person can not only be beneficial for career goals, but also for specific tasks that may be a stretch for your abilities. The challenge is finding someone that is willing to take the time to share their experiences. If you cannot find someone within your immediate circle, you can always have lunch with others in the industry and learn from each other’s experiences.

Tip 2 - Build your Network

There are many networks out there, so let me elaborate. There are social networks like Facebook, Twitter, Google Plus, and LinkedIn. What I’m talking about here is YOUR network. It may consist of contacts that you have met personally, as well as a subset of individuals from any or all of the social networks I mentioned. What is important is that you start to build solid relationships for a couple of reasons. You never know when you might need a “go to” person or a subject matter expert in a particular area. Additionally, making others aware of your areas of expertise or experience can be beneficial. People are in YOUR network if you feel comfortable reaching out to them and they feel comfortable reaching out to you. Don’t abuse your network. It should be a “qui pro quo” arrangement that is mutually beneficial for you and them.

Tip 3 - Help Others

Helping others is sort of the opposite of finding a mentor. Helping others can actually help you in many ways. First, there is no better way to solidify concepts than pushing your knowledge to the point that you can explain something simply. I am not advocating that someone should share their knowledge about something that they know nothing about. However, an individual that has worked with a specific topic or technology often will initially struggle to explain it. Working through this struggle often leads to a much deeper understanding.

If you can't explain it simply, you don't understand it well enough. -Albert Einstein

Tip 4 - Continue Learning

Since you are reading an article on The Cisco Learning Network, you may naturally desire to continue learning. This is a good thing. With networking technology, I do not think there is a point that you look at yourself and think “I have arrived”. Like other career choices in technology, we must be comfortable with change. The value that you bring to an organization is your ability to work with that change. Your thirst for knowledge should not just be in deeper understanding, but also broader understanding. How technologies interact with one another is as important as knowledge about the individual technologies. Nothing lives in a vacuum anymore. All areas of technology are interoperating with other areas to achieve some business goal. Although the fact that someone can configure a router or a switch is very important, companies are looking for people that can solve the business goals and challenges.

Tip 5 - Keep your life in Balance

If you love the challenges of technology, keeping your life in balance may be difficult. I think it is important to keep your relevant areas such as family, church, health, and personal time in check. Others tend to view your priorities based on how much time you spend nourishing each of the “loves” in your life. This is valid because we tend to spend more time with those things we enjoy. So if technology is dominating ALL of your free time, you may need to schedule “technology free” times to balance out your life. I have personally witnessed family or personal issues that have had serious adverse effects on individuals’ careers.

Conclusion

I think everyone knows that many challenges exist in the current job market. The challenges seem to be even more prevalent with those who are young or inexperienced to the field in which they are seeking employment. Although technology jobs are more prevalent than some other fields, challenges still exist. If you are not employed, my recommendation is to do what you can to get employed. Even if your employment is less than what was expected, there is always room for growth. For those employed, focusing on these five tips will help keep their careers on track. As new and exciting challenges present themselves, simply gravitate to the areas that are of interest to you.

Ref:

CCIE Career

Sydney Lab View

This is the meeting area from you can see the city view as well.

Information Security for Fun and Profit

Continuing our series of discussion of job tasks, roles and careers, I wanted to talk about security. As many of you know, I consider myself to be a jack of all trades as opposed to someone that has a deep knowledge of fewer topics. As we will soon see, this actually lends itself well to information security. In this article, I will discuss different disciplines commonly found in security and the skills that are most relevant. We will touch briefly on the certifications that are most relevant to each role and see how we can build our careers as we gain knowledge and experience.

Certifications

Since this article is part of the Cisco Learning Network, I would expect most readers to be at least somewhat interested in certifications. In technology, certifications are one of the more prevalent earmarks of knowledge. In information security, this is also the case. Cisco offers many certification programs. Some are Security centric, while others are not. Even certifications that are not focused on security usually have security components. For example the CCNA program addresses device security, access control lists, and switchport security.

The fact that security is integrated into many non-security centric exams is a theme also found in non-security centric job roles. In other words, security is part of everyone’s job in the enterprise environment, not just information security professionals. For example, one may find themselves working in a network design role. Even though that is not a security position, security is still an important skill that must be integrated into the day to day tasks of that position. Even employees in a non-technical role still need to be well integrated into a solid security program.

Regarding Security centric certifications, Cisco offers the following certifications and specializations. Some of these programs are being discontinued, but may still be associated with individuals.

• CCNA Security
• CCSP
• CCNP Security
• CCIE Security
• ASA Specialist
• Firewall Security Specialist
• IOS Security Specialist
• IPS Specialist
• Network Admission Control Specialist
• VPN Security Specialist
• Security Sales Specialist (Reseller Specialization not relevant to the enterprise infosec role)

As you can see Cisco is not only represented with actual security products, but also offers a wealth of security certifications and specializations. However, Cisco isn’t the only security vendor in the security arena. From a security perspective, I consider Cisco a network security vendor. There are other network security vendors who have security certification programs. Examples of these are PaloAlto Networks and Juniper. There are also security certification vendors that do not have an affiliation with specific product vendors. For example, ISC2 offers the CISSP certification and SANS has a variety of information security certifications.

General Security

When I think about information security, I think about data and technology. What can we do to efficiently and effectively protect these resources? A three letter acronym is often used to describe three areas of data protection— Confidentiality, Integrity, and Availability (aka CIA). Obviously this is only one viewpoint or dimension of data protection, but those key points must be maintained across critical systems and corporate data. There are actually several different types of roles that encompass these concepts and different types of people to fill the roles.

Roles

The first security role that I must mention is everyone else. Everyone else is actually everyone in the organization that does not have the word “security” in his or her title. How “everyone else” is used will largely determine the security posture of an organization. Furthermore, if you are reading this article and have the desire to get into security position, you are most likely part of “everyone else”. Security leaders who are reading this article realize that creating a security ecosystem is much easier if "everyone else" is working with you instead of against you.

So what can and should this group of employees do for security? First and foremost, they can familiarize themselves and follow the organizations policies. Possibly even more importantly, they can familiarize themselves with the norm. This will vary widely from position to position, but when someone notices a deviation from the norm, it could be a red flag that something is going on. Good security managers realize that they should never make someone feel unwelcome to bring forth such concerns.

Security Centric Roles

Now let’s talk about the positions in the organization that are security centric. These positions fall into a few categories. The first major category that I would mention is what I call operational security. Later we will also discuss audit and compliance, penetration testers, and security management (a subset of which can also be integrated into any of these roles).

Information Security Roles

When dealing with information security and security in general, operational security personnel are those who have day to day jobs that directly configure, monitor and otherwise maintain the systems that are responsible for the security of corporate data. I often find that security operations is further broken down, into network security, application security and general security operations. In my experience, it is actually difficult to find a single individual who is an experts in all of these areas.

Network Security Roles

Of these three subcategories, Cisco is obviously more prevalent in the network security. Network Security, or netsec, involves securely configuring and monitoring network devices and protocols, building appropriate security boundaries, and configuring secure connections. This infrastructure is then utilized to provide a secure and reliable connectivity for systems and applications. Netsec individuals will likely be responsible for one or more of the following:

• Firewalls
• IPS/IDS
• Router Security
• Switch Security
• Network Monitoring System
• Security Information and Event Management (SIEM)
• Network Protocol Security
• Virtual Private Networks (VPNs)

The environment that a network security individual works in (or desires to work in), influences what certifications he or she might have or be seeking. As you can see from the list above, Cisco is well integrated into this area of information security. The depth and breadth an individual is responsible for might also influence the certifications he or she might choose to pursue. For example, someone who is only making day to day firewall changes in a Cisco environment might pursue the Cisco Firewall Specialist. Someone who is making regular ASA Firewall and VPN changes might pursue the Cisco ASA Specialist certification.

If this individual is promoted (or desires to be promoted) from a firewall administrator to a firewall architect or engineer, he or she might pursue the CCNP Security or CCIE Security certification. Typically a person in this field of work who is an engineer or an architect has a broader and deeper knowledge. This person has very likely performed advanced work in many or all of these key netsec areas. Additionally, this senior person will likely manage and/or mentor those who work in their respective areas so they can gain a deep knowledge of the components they are responsible for and how they affect other areas of netsec and the organization holistically.

Application Security Roles

The next key area of information security is application security. Honestly if application security could always be solid, netsec professionals would only need to secure the underlying infrastructure and protocols. Since application security is often overlooked, netsec professionals make an effort to augment the shortcomings. So why is application security such an issue? My opinion is that most developers are naturally focused on providing functionality. Even though they may have concerns about security, it is usually not the primary concern. As a result, a lot of software bugs and vulnerabilities exist. From a netsec perspective, firewall administrators typically permit or deny traffic based on IP addresses, protocols and ports. As a result it is difficult for a firewall to detect anomalous traffic that is potentially malicious against a service that is provided by vulnerable software. This is especially true when the applications perform some type of encryption to further hide conversation details from network security professionals.

So what can an application security professional do? The answer to that really depends on the type of environment that he or she is working in. In some cases, an organization develops their own software, or software for other organizations to use. In those cases, the application security professional might oversee a secure development process. In other organizations, only commercial software may be used. In those cases, an application security professional would need follow various bugtrack sites and understand the ramification of vulnerabilities that have been found in the software used by their organization. In my personal experience, it is difficult to find a single person who is strong in both application security and network security. SANS offers certifications and training that are fairly relevant to application security.

General Operation Security Roles

In the operational security category, there is one more group or type of individual. This position might be simply called operation security (even though it is a subset of the operational security category that I initially mentioned), or something similar. This crucial position or discipline is interested in how an organization processes interact with one another as well as interact with the network and applications securely. Even if an organization has a relatively secure network with relatively secure applications, the methods in which the systems and technology are used can leave the organization very vulnerable. Additionally, a single process may not have any apparent risks. However when that process is combined with other processes in an organization, the risks may be exponential.

A person in this general security position should understand the interaction between systems and processes, making the organization fully aware of operation risks. In a smaller organization, this may be part of the role of the CSO or CISO. This category of individual would benefit from knowledge gained in appsec and netsec as well as understanding the business process that make up their organization. Since these processes vary so widely from organization to organization, certifications may be less relevant. A certification program that provides a broad scope, such as ISC2’s CISSP, may be beneficial though.

Audit and Compliance Roles

I grouped the last three categories of security professionals into one major group that I called operation security. Audit and Compliance is typically a separate group but most work closely with other areas of security. One reason for the separation is to avoid conflicts of interest. This area must be intimately familiar with the ins and outs of all applicable regulatory guidelines. They must work with the respective individuals to establish how each of the guidelines are being met. If there are shortcomings or inadequacies, audit and compliance professionals may further educate the nonconforming area of the regulatory requirements. Although InfoSec is a major component of audit and compliance, it is not the only area of concern.

Penetration Testers:

Earlier I mentioned that it is difficult to find someone who has solid expertise in application security, network security and general operational practices. Penetration Testers, or pen testers, must have expertise in all of these areas. These professionals are individuals who break into systems for fun and profit. The purpose is not to humiliate those responsible for inadequate controls, but to educate the organization regarding weaknesses in their systems.

Penetration testing should be done to some degree by the individual network and application security professionals. This would to test the adequacies of the controls they configured. However, penetration testing that is to be reported to a CEO, board of directors, or other responsible or certifying party, should be performed by an independent third party that has no conflicting interest. It certainly makes little sense for the person who designed and configured a firewall to be the person who is reporting to the board of directors how secures the implementation is. If security is important, an independent assessment should be done. Furthermore, a pen test should go beyond just a firewall, but test the processes and the security posture holistically.

Responsibility

Thus far we have talked about different roles that are actively involved in security. We have also discussed roles that confirm that the organization is compliant with any regulatory mandates. Additionally, we have touched on the role of a pen tester, who can also look for vulnerabilities that may have otherwise been missed. Now we need to talk about responsibility. Responsibility can be assigned at almost any point in the organization. In all actuality, everyone is responsible for their own actions. However, the person I am now talking about is likely an officer in the corporation. When something happens, this is the person that will have to answer the tough questions and explain how this could have happened (given the investment that the company has already made [or thinks it has] in security).

In a larger organization, this person may be the CIO (Chief Information Officer), CISO (Chief Information Security Officer) or CSO (Chief Security Officer. The CIO is typically the person that is responsible holistically for the information systems and data. The CSO and CISO are more focused on security. CSO is more generically related to security, where CISO is focused on information security. Organizations can have any or all of these roles. The CIO often reports directly to the CEO or in some cases, directly to the board of directors. A CISO or CSO may report to the CIO, another member of executive management or directly to the board.

Physical Security

The final thing that should be mentioned about security is that we must not forget about physical security. So those individuals in the organization who are responsible for physical security are very relevant to information security as well. We can install the best firewalls, anti-virus and use the strongest possible encryption. If someone can walk through the front door and carry out a storage enclosure, our information security was all for naught. Hopefully we had full drive encryption, but we are still taking an outage (and that is the third component of CIA).

Conclusion

Security is a constantly evolving area. Specifically with information security, new vulnerabilities are found daily. New threats are coming from some of the least suspecting sources. Like other areas of technology, my advice is to always gravitate toward areas that interest each person individually. If you enjoy deep and broad research and application of technology, information security might be a good career choice.

Ref:
Security Roles

Network Management and Operations - Tools of the Trade

Cisco has most recently addressed this in their Service Provider Operations certification track, however there has always been a certain degree of an "ops" perspective seeded throughout most Professional certifications. My approach is more about the tools, methodologies, and tasks that one utilizes on a daily basis to successfully maintain an enterprise network.
Before we embark down the path of being truly successful in managing our enterprise, let us examine why they call it "Operations":
Quoted from http://dictionary.reference.com/browse/operation
op·er·a·tion [op-uh-rey-shuhn] noun
1.an act or instance, process, or manner of functioning or operating.
2.the state of being operative (usually preceded by in or into ): a rule no longer in operation.
3.the power to act; efficacy, influence, or force.
4.the exertion of force, power, or influence; agency: the operation of alcohol on the mind.
5.a process of a practical or mechanical nature in some form of work or production: a delicate operation in watchmaking.
For us, bullet points 1 and 5 are most relevant. As a fellow VIP - Scott Morris - has mentioned more than once, you can often break down any given task into a subset of smaller, simpler tasks. Network Management is the epitomy of this if you really dive into the details; this is why "operations" is the key word given to most groups that execute the Network Management responsibility. It is a series of processes and acts that collectively comprise a full suite of capabilities to help you maintain your IT infrastructure, in this case specifically the network. As most folks that have been in the industry for a bit know by now, networks grow - whether organically or by design. With that growth comes the need to scale your operations to maintain efficiency and reign in costs. Several tools and processes come to mind which allow us to do just that, which we'll discuss in this blog series. Several of these topics will be expanded on in successive blog posts independantly. However, the holistic goal here for now is to show people what tools are out there from a conceptual perspective, why they are important, and what they can do for you individually.

Network Monitoring

One of the primary tools that will enable us to run our networks is a capable network monitoring system. This facilitates near real-time visibility into the status and health of our network. Tools such as SolarWinds Orion, HP OpenView, NetCool, SMARTS, all give the network team the ability to see what is happening based on SNMP and Up/Down tracking of devices. Often called "alerts", when the notification comes through that any given metric has surpassed a threashold, it allows the Network Team to react to it. Most times this involves a ticket being created to track this event. I'll circle back around to incident management down the road, but that is the system you would ideally have in place to facilitate these "tickets".

When you first roll out a monitoring tool, especially if this is the initial introduction of a tool like this in that environment, you may choose to start only with up/down monitoring enabled. This allows the IT staff to really come to terms with dealing with alerts, having the network tell them what is going on, how to use the software, etc. Up/Down alerts are a good way to break staff into this kind of growth of responsibilities/capabilities. Over time you can introduce link status, errors, utilization, et al.

Here are a few favorite alarms that I've seen companies track:

• Up/Down Status
• CPU Utilization
• WAN Link utilization
• WAN Link health (errors, drops, etc)
• Critical LAN link status/health

There are myriad more alerts that most systems employ, but those are ones you typically see at any given shop, earning them a spot on the list of what I call universal favorites.

Configuration Management

With a capable configuration management tool you can automate many tasks that may otherwise tie up valuable man-hours. Suppose you need to update an on-call number within SNMP for EVERY DEVICE in the network. That could be 30k devices! If you have 30, maybe logging in and changing that one variable is feasible. However, for 30k, that could literally take weeks. With configuration management, you are looking at writing a script to update the configuration, and then selecting the scope of devices to run the script against, and viola - done! Just be sure your script works prior to blasting it out to 30k devices......

Another example is deploying devices - you can have your staff deploy a switch with the meat of the config, VLANs, VTP, uplinks, etc. They get it up and running - and then you pull it into the management domain and deploy your management template. This can include SNMP, AAA, security ACLs, etc. All centrally managed - which reduces the chance of error.

These tools can often be useful as well to execute custom poll scripts to devices. This can help you tool reports to specifically target a special case that exists on your network, or target specific information you need without having to poll through an entire "show run" or "show tech". This is especially useful the larger your network gets.

Biggest benefits you often gain out of configuration management systems:

• Historical configuration backup
  • Easy way to find last known good config during outage
• Mass change function
  • Intelligent scripting can cut time on large-scale simple changes
• Config reporting
• Ability to quickly poll a stored data set for patters/configs w/o impacting production network

Incident Management

This is the fabled "ticketing system", which tracks incidents via records, also known as trouble tickets, event tickets, work orders, task orders, etc. There are as many names for it as there are versions out there. Remedy is one prevalent platform, as is Heat. I've worked on several internally developed platforms that usually outperform both, but that is because they were built from scratch for exactly those environments. Tough to do from a template.

The Incident Management System(IMS) is typically seen as the chronological life of the network from an operations perspective. You can track chronic issues at sites, you can track trends, you can track man-hours spent on projects, you can track the utilization of your personnel, etc. Often times you can use these metrics to justify a project/expenditure : "we currently work 3000 unique tickets a week, with this upgrade we could cut that to 500, freeing up X man hours". On the flip side, the IMS can also serve as the record for changes made on the network for break-fix situations.

Common things that IMS tickets are used to track are as follows:

• Timeline for incident
• What troubleshooting was done
• What was found to be the exact problem
• What actions were taken to resolve
• What was root cause of problem

The need to document all of the above cannot be overstated. To be able to sit down and say "we have 12 tickets with this root cause a week, we need to investigate why this is occurring", is invaluable. If you can resolve the root cause moving forward, you have then just avoided those future issues. While this kind of analysis typically benefits larger scale organizations, the thought-process and methodology can benefit any size shop. This is the kind of optimization that can really save a company money under the IT budget, and everyone loves doing that.

Change Management Controls

This is many people's worst enemy - change management! The idea is to keep a historical record of all the changes that go on in the lifecycle of the network. The benefit of having this kind of looking glass into the past is multifaceted; metric tracking, root cause analysis, accountability to stakeholders(more on that later....), and perhaps above all - providing visibility into the stability of the network.

Part of the difficulty many organizations face with change management is fully integrating the business facet into the IT world. Not only does this require the IT group accepting the fact that the business has the power to approve/decline changes, it also requires the business to understand the strategic and tactical nature of how their IT systems support and/or drive their business vertical. Without going into specifics, if a business is in the process of making you money, you want the network to ASSIST in that process, not be the cause for financial loss. Robust, well developed, and fully integrated change management policies paired with an easy to use tool to track this is critical for companies to develop stringent control over the lifecycle of the network.

When a business unit fully realizes the control and peace of mind that can result from this kind of framework, they often buy into it and get involved. Balancing business versus IT needs can often be precarious at best, a well forumalted decision matrix can help ease those tensions. When the change control process is followed dogmatically by all of the parties involved, two huge benefits are realized. The vertical can now hold IT accountable for outages they cause - which makes for a more calculated approach to dealing with network changes. On the other hand, the IT group can then say "we made no changes", and the business vertical should have a reasonable level of trust that this is true by looking into the change management system. Checks and balances should always exist, and I've seen large scale shops build in scripting tools to track EVERY keystroke of an engineer and log it to a third party within the company for reconciliation purposes. While this is an extreme case - it goes to show you how far this kind of concept can be taken to balance the need for action and the requirement to follow policy.

More to Follow.....

With that background, in future blogs I will go on to show you how you can tie these tools together using policies and processes. Each of these tools alone provide great value in and of themselves, but they truly shine and provide an exponential ROI when your internal practices leverage them properly. Before I can show you that, though, they would need to be up and running in your environment, no? So, I will give you a few walk-throughs on basic deployment of these tools within your environment. Considerations that need to be addressed, how to pick the best product, the pros and cons of buying Commercial Off The Shelf products versus developing some of them in-house, and so on.

Once we can get them up and running, we are going to discuss integrating your business model as an IT shop around them, how to work with your customers - whether internal or external - and re-tool your relationship with them based on these new capabilities. In addition I'll try and show you can leverage them to provide SLA agreements with internal customers, what you can do to use these tools to bring truth in advertising to other groups within your organization, and a few other neat features that you'll find.

I hope you've enjoyed this blog, if you have any questions or requests, please leave a comment! I will try to respond as best I can, if you don't get a timely response PM me and point me towards the thread.

Thanks everyone for reading!

REF:
Network Monitoring Tools

Network Specialist: Wireless Network Engineer

When looking at any specialization, the deeper you go, the more you realize how much you still have to learn. As I dig deeper into the Wireless area of networking, I have discovered just how much details are involved in being a Wireless Specialist! Although I work in many different Networking areas, wireless is one where I spend a considerable amount of time and an area I am getting deeper into.

First, a wireless specialist has got to have a solid understanding of the physical layer they are working with. That's right, I am talking about RF! All that boring talk in your physics class comes to life in wireless. Things like EIRP, dBm and bandwidth are foundational principles that will promise you failure in the wireless realm if you do not understand them. Understanding the electromagnetic spectrum is a wonderful start. This base RF knowledge is a requirement in performing one of the most important tasks that a Wireless Engineer can have, performing a site survey!

Now performing a site survey in and of itself can be a monumental task and takes a lot of time. There are several things to keep in mind just when preparing to do a survey.

1) Understand what the customer wants. This can be one of the hardest things especially if the customer isn't exactly sure what it is they want other than they want their wireless network to just work.

2) Understand what restrictions the FCC or any other regulatory body may impose on your RF environment.

3) Know the facility you are surveying. There may various procedures, policies and even restrictions that you need to keep in mind. For example, you may need a security clearance to even get inside the building before you can start a survey. There may be OSHA and other fire and safety requirements that must be followed.

4) Plan out what type of survey you are doing. Are you surveying for a Data network, Voice, Location or some combination? Each type will have different RF and AP requirements.

Once you have a plan, start your survey. Typically when I do surveys, I will go over a building map and trace the map with colored pencils what kind of walls, doors or windows there are and then import that map into WCS or some other predictive survey tool. Then, I enter such information to give me a semi accurate predictive survey. It’s a lot of work, but worth it. Next, I take a spectrum analyzer and do a walkthrough of the building just to see what potential interference issues I may come up against. You may be surprised at what you find.

Next, is the Layer 2 survey. Here is where you really look at signal strength, plan out channel placements and survey the overall performance and coverage of the AP you are surveying. I will try to place a few temporary APs in locations that I determined with my predictive survey tool. Then I would take a laptop and perform the Layer 2 survey by slowly walking through the building, gathering Wi-Fi stats from my WNIC. Now there are several ways to approach this. I started out just using the Advanced Stats on my Intel Pro WNIC. It gave be the basic information, but really didn't give things like data rates, transmission errors and those real details that happen in a live wireless network. During some studies, I was introduced to Airmagnet and anyone who is serious about doing a quality survey will want it or a tool like it.

Once your survey is complete, I have already walked the building at least 3 times if not more. First to get the details for my map, second, to perform a Layer 1 survey with a spectrum analyzer and then another with a Layer 2 survey.

Now it’s time to deploy your APs! Where are they being placed, how are they being mounted, how are you powering them up? There are many many considerations when deploying APs. I will typically mount APs in the ceiling when possible and will prefer to use Power over Ethernet to power up the devices and using APs with internal antennas. Now there will be special cases where you will want to use APs with external antennas.

During the survey and installation process a big issue is channel allocation. For the 2.4 GHz band, there are only 3 non over lapping channels. You need to make sure that your APs are using these channels and are all being separated from each other. There is nothing worse than causing your own interference problems by placing 2 APs on the same channel right next to each other! Technologies such as RRM are a big help in this regard.

Whew! That is a lot of work and we are just getting started! Now this is just the survey and installation of a Wireless network. There are many other design aspects, such as what kind of security to use. Ah, security. You can't leave your wireless network without it, unless you want a pounding headache that not even morphine can cure! There are 2 aspects to security in Wireless. The first security aspect is authentication. You want to know who is on your network and permit who is and is not allowed to use it. Authentication is the mechanism to do this. There are various forms of authentication. The most popular are Open, which is basically no authentication, mac address authentication, although it is not scalable and very easy to spoof. Then we have EAP (Extensible Authentication Protocol). With EAP, there are various flavors and the Wireless Specialist will be familiar with those flavors and be ready to implement whatever their customer requires. The most popular EAP methods being:

EAP-TLS - which is certificate based
PEAP - uses user credentials passed through a secure tunnel
EAP-FAST - similar to EAP-TLS but does not use certificates, it uses a Pac file instead.

The second part of security is encryption. Typically in today’s networks, TKIP or AES encryption are used. If no encryption is used, it really isn't too hard to sniff traffic out of the air and see what is going on in the wireless world around you. Because I am paranoid, I will typically use a VPN when connected to a public Wi-Fi hot spot, just to provide encryption.

When choosing a security type, there are many considerations. The main consideration is "do your clients support it"? It won't do you good to choose EAP-FAST if your clients don't support it. PEAP and EAP-TLS, WEP and WPA-PSK are the typical methods that most clients support.

Wireless security doesn't stop there. Remember that the wireless network is an extension of the wired LAN and so you need to not only secure the clients and APs via the air, but you need to take measures to secure your APs on the wired side as well. One of the most deadly threats are rogue APs. You know, the APs that are not a part of your network but are seen by your network, either over the air or on the wire. Things like rogue detection, ACLs, MFP, vlans & firewalls, RADIUS servers, weather its ACS, IAS or some other kind of RADIUS server and the Wireless LAN Controller are all used to help protect your wireless network.

Once the WLAN is installed and secured and users are using it all is well, right? Maybe, hopefully, but there may be times where there are problems and you will need to troubleshoot what is going on.

Now, troubleshooting wireless is a little different than your standard wired network. Why? Unless you’re Superman, you can't see the physical layer. Part of troubleshooting a wired network is checking your physical layer. Well in wireless you need to use tools to help you detect and mitigate interference. One tactic is to use the 5 GHz band. Since most interference sources reside in the 2.4 GHz band, I try to use the 5 GHz band whenever I can. I also suggest to clients to try to get wireless devices that are dual band. There are a surprising amount of devices that claim that they are 802.11n, but only support the 2.4 GHz band. A great troubleshooting tool that helps with interference is Cisco's CleanAir technology that is found in their newer APs. These APs have a spectrum chip in them that help identify the interference sources, such as Bluetooth, analog cameras, microwaves and so on.

Also, look at the load of your APs. Remember, APs are half duplex like hubs and are a shared medium. The more clients on your AP, the slower it will get.

What else does a wireless specialist do? Well what is the point of having a wireless network? Usually it’s for mobility reasons. There is little point in having a wireless network if you don't need to roam around and be somewhat mobile. Things like roaming come into play, weather its setting up mobility groups on a controller or using WDS on an autonomous solution. Being mobile is what makes wireless so cool. A wireless specialist is going to make sure that mobility is one of the basic functions of your WLAN and that it works well.

As we live in the days of Unified networks, it won't be too uncommon where Specialists of various areas will work together to create the network as a whole. A Wireless Specialist may work with a Security specialist regarding wireless security. The Wireless Specialist may work with a Routing & Switching Specialist to tie in the WLAN to the wired back bone. The Wireless specialist may work with a Voice expert when a customer requests Voice over WLAN services.

A wireless specialist will also work with outdoor wireless such as MESH and wireless bridging. Although there seems to be many general areas of a wireless specialist and there are, the wireless specialist works with RF as the physical layer to deliver the same applications that we are used to using on the workstation that is plugged into the wall. As wireless continues to explode, you will continue to see a demand for the wireless specialist out in the field. All of today’s coolest gadgets are all wireless devices and they are not going away any time soon!

Ref:
Wireless Specilaist

Just what DO you want to do with your life???

Throughout the IT industry, people have different roles. Some people are very deep into one particular technology or niche. Other people are very broad across multiple technologies.

There is always interest in the "I wonder what they do?" question. It likely stems from some version of the grass always being greener on the other side, but we figured we would take some time and write a little bit about what it means to be a Network Specialist.

This is often useful information in determining what things may be interesting to you as you start, change or otherwise morph your career! (e.g. the ever-important question of "What do you want to do with your life?"!!!

In a previous blog, we already had some exposure to the Network Generalist. So now the questions abound... What's different? What's interesting? What's annoying? What do you actually do with your day? So really following in-line with Cisco's method of certification tracks (and not necessarily in any order), we have:
Routing & Switching
Security
Wireless
Service Provider Operations
Design
Unified Communications

Between each of the VIPs, we will attempt to hit on each of these areas in order to share our views and a little about our jobs/lives with you along the way! We certainly appreciate commentary and hope that it sparks some great additions and discussions from others who are in similar situations!
But all in all, the idea is about sharing experiences. And helping to give perspective to newcomers who are trying to decide what they want to do with their lives!
Keep in mind that these perspectives are our own and certainly aren't going to contain every possible scenario! But they will give you some idea about both the interesting and entertaining aspects of these technical fields and the roles that go along with them!
We have also pondered the idea of adding some management (from team lead to director/manager to CIO roles) into the mix as well. We will certainly enjoy any feedback that we receive along the way and will react accordingly!

All of us hope that you enjoy the series, and get ready to ask whatever interesting questions you can think of!
---------------
Ref:cisco.com

Safe browsing best Practices....

The importance of Internet Security is heard by most of the PC users but actually taken care by few of them. Safety while browsing sites on the web is very important. When I talk about Internet Security it reminds me of famous old saying ‘Prevention is better than cure’ also applies here better be prevented rather than been attacked by virus, trojans and scammers and run in trouble. So its require that you take safe techniques to prevent your pc from being hacked or served with trojans.

Following are the steps to ensure that you stay away from the harmful content on the web. I have summed up all together points.

• 1. Beside have antivirus protections its better to have a software dedicated for internet security. Few such programs are Kaspersky Total Internet security and Norton Internet Security which not only comes for Antivirus but offers spyware protections too. These security tools to keep you away from viruses, spyware, worms, phishing, Online identity thefts, cybercriminals, dangerous downloads, infected websites. This will cost you few dollars but will ensure your pc is safeguarded from virus as well as internet protection.
• 2. So everyone knows that you can earn money online and since you know you must be searching out for the content online. Be away from frauds like – ‘Decrease your weights in 10 minutes’, ‘become millionaire over night’ and other such things which looks like supernatural. I believe that ‘things which are above the normal level are always scam or fraud method’, to I stay away from those. This is the most easiest ways to get yourself into trouble, which may lead to unsecure payment or unsecure downloads.
• 3. Its better to keep your personal information limited to certain access on the web. Make sure what is necessary and what is not and proceed accordingly.
• 4. Try to keep your email ID secure and provide where ever its essential. Once caught it will be added to. I receive at least 100 such Phishing mails, scam mails daily to my Gmail inbox but thanks to Gmail that I never look at that folder since it delete them after 1 month automatically.
• 5. Try to memorize your password or Login credentials instead of letting your browser to remember password and login details. If browsing from internet cafe or shared computers or college PC’s then ‘Remember my password’ is strict No No.
• 6. Try to avoid or its better not to open adult sites, porn sites on your computer browser. Its found that searching for keygens, key finder, cracks and serial keys also injects virus. Most complaints from people comes because of them since they inject malware to your pc if you don’t have a latest updated antivirus.
• 7. Its better to disable cookies on your browser and if wanted you can enable it by visiting your trusted sites. Google AdWords generally places cookies on your browser but they doesn’t poses any risk.
• 8. Always block pop-ups windows on your browser. Firefox had Ad Block plus for blocking pop-ups. It’s shocking that Indian’s official railways portal pop-ups at least 2 ads when clicked on any page and this is one of the largest access portal for train information. I noted that it makes Rs 10 crore’s from all advertising networks. So security hear is also important.
• 9. Never download/install untrustworthy software’s and make sure you download them from trusted and official sites.
• 10. Never open or visit pages which distribute harmful software’s and also this might steal private information or might damage your system.