与来自 NETSCOUT 的 Chris Partsenidis 进行专家访谈
Chris Partsenidis is a Senior Network Engineer, Editor-in-Chief of Firewall.cx, and a freelance writer who specializes in network security topics.
For the past 15 years, he's been actively involved in the IT network security arena; and he has also been heavily involved in network design and security since the beginning of his career. Over the years, he's been a part of many large-scale projects for enterprise companies, covering network security, VoIP, IP telephony, VPN networks, firewalls, wireless networks, routing, load balancing, and more.
The awarded Cisco Champion 2015 in Enterprise Networking and holder of multiple Cisco CCNA & CCNP/CCDP certifications is especially intrigued about network design and security, and has written hundreds of articles on network security threats, defense mechanisms, best practices, and securing the IT infrastructure.
Suffice to say, when it comes to networks, Chris is a good person to talk to - which is why we recently caught up with him to get his take on what companies should be doing to stay ahead of network problems and security threats. Here's what he had to say:
Tell us about Firewall.cx. When and why did you start your site? Who should be reading it?
www.Firewall.cx is an awarded website that is globally recognized amongst IT managers, administrators and network security engineers as one of the most valuable technical resources for Network Security (network infrastructure, vpn, servers, webservers, etc.), Cisco (routing, switching, wireless, VoIP, Firewalls, VPN, etc.), Microsoft (Windows servers and workstations), and Linux (administration, Linux services, security, etc.) topics.
Firewall.cx was created back in the year 2000 out of my passion to share knowledge and experience with the global IT community. In its 15-plus years, Firewall.cx has received numerous awards from leading vendors such as Cisco, and is recommended by Cisco's global CCNA Network Academy program.
With a solid reputation for its uniquely-written, high-quality technical articles, it manages to present and analyze complex networking and security topics in an easy-to-understand manner - making them suitable for novice to advanced users and IT management personnel.
Because of the broad amount of topics covered, the site is suitable for IT managers, administrators, network engineers, security experts, and students studying IT-related professions.
From your perspective, what are the most common reasons for network performance problems?
Network performance is a big topic for all organizations, many of which are experiencing problems with their networks but are completely unaware of it. Slow responses from internal network services (web servers, file servers, ERP, etc.), to high retransmission rates of data and endless broadcast storms are just a few problems to name. Unfortunately, most network performance problems are not visible unless a packet analyzer or specialized program is used to analyze the network infrastructure and examine packets flowing through it.
In most cases, the source of these problems is the network infrastructure itself. Some fine examples I've seen plenty of times are: an absence or incorrect usage of VLANs, network loops causing broadcast storms, flapping network links, poor usage of redundant links, an absence of Quality of Service, bottlenecks, poor network design, and more.
What are good habits that network administrators should have to improve network performance?
Continuous monitoring is perhaps the most important habit. A network monitoring application can provide full insight to the network's status and help the network administrator identify and take action on issues that have been discovered.
In addition, because most network infrastructures are designed and built by contractors or other departments within an organization, it's important for the administrator to gain solid knowledge and learn about best practices on network infrastructure setup and configuration. This can be achieved by not only studying vendor-specific certifications that cover the equipment used in the current infrastructure, but also by utilizing valuable resources and websites on the Internet. This will help the administrator understand his infrastructure much better and allow him to even make suggestions to further better its design.
Another pointer is to ensure that the network is segmented properly and Inter-VLAN routing is being performed by a high-speed Layer 3 switch. It is very often I see powerful Layer 3 switches being put to use as simple Layer 2 switches, which is an awful waste of money and power.
Depending on the network size and services offered, the network will need to be segmented into two or more sub-networks (VLANS). This will not only increase bandwidth availability and performance, but will also increase security and help isolate sensitive parts of the network.
What do you think are some bad habits organizations get into when it comes to managing their networks that result in vulnerability to hackers and service disruptions?
An organization's network infrastructure is a "living system" that requires continuous attention and supervision. When either organizations or their IT departments begin to neglect the infrastructure and place it on "auto pilot," that's when the problems start appearing.
In other cases, some organizations simply do not provide the necessary budget to allow IT departments to make the necessary investments in order to keep their systems and tools upgraded, patched, and secure. Unfortunately, IT departments usually take the first hit when budget cuts are around the corner.
Organizations should always consider the value of their data, network uptime, and costs associated having their systems non-operative. They also must take into consideration that IT is a fast-paced sector that requires continuous investments in order to keep things running safely and reliably.
Finally, IT departments should always monitor their systems in every aspect. This includes examining system resources (CPU, memory, link utilization); automating and periodically analyzing log files from any Intrusion Prevention Systems or Intrusion Detection Systems present; and ensuring workstations and servers are always updated and fully patched on both the system and antivirus levels.
Name a few things every organization should be doing to better protect its networks from security breaches.
Network security involves undertaking a number of important security measures. Here are a few that come to mind:
- Encrypt all sensitive data.
- Ensure Layer 2 security has been applied to user-facing access ports to help deal with common Layer 2 attacks such as VLAN hopping, STP manipulation, MAC address spoofing and ARP poisoning.
- Installing Intrusion Prevention Systems and Intrusion Detection Systems to identify and mitigate attacks to the network.
- Keep all operating systems and installed applications fully patched and updated.
- Enforce strict security policies regarding user access, passwords, and access to network resources.
- Segment the network into different VLANs and restrict access between them.
- Enhance encryption algorithms and technologies on VPNs used by the organization. There are still many organizations out there that still use outdated VPN technologies such as PPTP.
- In case of the existence of a VoIP network, ensure it's located in a separate and isolated network/VLAN.
What do you think are the bigger-picture issues that network executives in an organization should be paying attention to today?
Each organization has its own IT problems, and these are usually best known by the people working and supporting the IT infrastructure on a daily basis. Network executives are often evaluated by management based on their performance, project completion ratio, etc. These all translate into numbers, which unfortunately tend to become an obsession for most executives who overlook other important details.
Network executives should embrace their team and work closely with them, listen to their problems and needs, and seek a way to make their job easier and more efficient. Training is also very important. Every network executive must make sure their team has been properly trained to support and secure their infrastructure while utilizing it to every possible extent.
As we all know, it's the people who make a company; and behind every successful department within a company is a successful manager.
What headlines are you following closely today as they relate to enterprise networks? Why are they significant?
I've been personally following the adoption of Unified Communications in organizations these past few months for a number of projects I am running. Unified Communications is a natural extension to VoIP and has become a real trend these past years for organizations seeking to replace their out-of-date communications platform.
The interesting part here is that many organizations fail to see the security measures that must be taken to help secure the Unified Communication infrastructure. At the same time, companies selling these solutions often overlook the client's current infrastructure and ability to safely support a Unified Communications platform. It's usually after the initial sale where problems begin appearing.
Unified Communications are extremely important to enterprises today for many reasons. Here are just a few:
- They open new communication paths with the rest of the world, including video conferencing, messaging, and more.
- They allow employees to become mobile workers by forwarding their office extension directly to their mobile phone without any additional cost (in most cases).
- They significantly reduce telecommunication costs by utilizing SIP providers that can provide cheap or free (in some cases) calls to land lines and overseas destinations.
- They enable real-time presence status of all employees. People are able to see who's available, on a call, busy, or away from their office.
- Instant messaging ensures people are able to quickly exchange messages or files between each other, which saves time and money while making their communication more efficient.
One of the most critical details in Unified Communications solutions is security, and this is where many implementations unfortunately fail. We see this every day with the alarming increase of attacks leading to call frauds and direct access to IP PBXs, costing companies millions of dollars every year.
Unified Communications use the underlying network infrastructure to deliver its services, and this means that the network infrastructure must be secured correctly and running efficiently as possible.
What innovations are you most excited about for how they'll improve network security and reliability?
As a network security expert with a strong focus on Cisco products, I've been very excited about Cisco's latest offering in network security, the Next Generation ASA Firewalls with FirePOWER services.
The ASA 5500-X Platform with FirePOWER services provides threat-focused security services to the enterprise and promises to protect against known and advanced threats, including malware attacks.
Because the ASA Firewall platform is Cisco's flagship security product that's widely used by organizations all over the world, this much-welcomed addition will help thousands of organizations upgrade their network security perimeter and achieve first-class malware and threat protection that was never before possible with a single device.
Visit NETSCOUT to learn the business value of performance management.
Have the Cloud and Mobile Got Your Enterprise Out of Control? Grab It Back
BYOD: 进入退出观望？BYOD 未来的实际情况
风险行业：7 个您需要立即停止的 BYOD 习惯
考虑何时起草 BYOD 政策时的关键事项