Top Panel
Top Panel
Top Panel
Network management best practices PDF Print E-mail
Written by Alexei Spirin   
Friday, 31 January 2020 16:45

Just first 10 things that came to my mind. Actually I can't imagine living in a decent network without those things. Yeah, it takes time to implement all those but it'll pay off HUGELY in case of any problems.

Last Updated on Friday, 13 March 2020 06:39
How to block Skype using Cisco devices PDF Print E-mail
Written by Alexei Spirin   
Wednesday, 28 October 2009 13:36

Skype is an excellent VoIP and IM program and many people just love it because of its easiness and quality, but when it comes to a corporate world, a lot of things must be considered. Do we ready to give bandwidth for a non-business traffic? Do we completely trust skype developers? What about data leakage prevention - can we control data exchange inside skype protocol?

Usually, the answer to most of these questions is "no, we don't and we can't". So the next step is finding the right tool for the right job - blocking skype.

Last Updated on Sunday, 23 May 2010 13:10
Changing CSA MC hostname PDF Print E-mail
Written by Alexei Spirin   
Sunday, 19 October 2008 22:22

Hi! Sometimes we need to change CSA MC domain name but CSA MC has a SSL certificate which is tied with FQDN. Cisco's documentation isn't particularly clear so I decided to tidy up a bit in this place :)

Last Updated on Friday, 24 October 2008 22:24
IOS: NTP secure configuration article PDF Print E-mail
Written by Alexei Spirin   
Tuesday, 12 February 2008 22:24

NTP is abbreviation for Network Time Protocol which is used for clock synchronization of various devices on the net. There are three typical implementations of NTP in network infrastructure: a) no implementation b) useful implementation c) vital implementation.

The first option is an indicator that network is in poor condition. It has no real owner or owner isn't a network professional, etc.

The second option is the most common case for serious corporate network. The owner cares about event logging (at least) and event correlation in different parts of network. Complex debugging, security incident investigation requires the "right time" to be set. But still network functioning in general or service availability isn't tied with NTP.

And we have the third option. Vital dependency is when your network can't function without reliable NTP infrastructure. If your devices have wrong time that means no service for end-user. That's bad, isn't it? :)

I can name at least four technologies which comes to mind when we talk about NTP vital dependency:

Last Updated on Friday, 24 October 2008 22:28
Multiple IPSec peers behind PAT PDF Print E-mail
Written by Alexei Spirin   
Wednesday, 06 February 2008 18:36

I was always curious how the IPSec session looks like after PAT translation. As we discovered in IPSec basics: IPSec through NAT article, IPSec must use some NAT-avoiding mechanism to work through NAT/PAT. I have to say (for those who aren't IPSec fan) that most IPSec connections are made through the NAT (at least most Remote Access VPN connections). So that is a common case when IPSec session encapsulated in udp packets (in case of NAT-T).

Let's see what happens with one (first) IPSec session before and after PAT.

Last Updated on Friday, 24 October 2008 22:29
<< Start < Prev 1 2 Next > End >>

Page 1 of 2