Hello, world! I’m the first contributor that Jimmy has brought on to help flesh out nat0.net a bit. I’m Henrik, a thirty-something (I’m milking the term now, as my 40th birthday is 29 days from now…) married man in a medium-sized Swedish town. I’ve been working with computer networks full time since 1997, and since 2007 I hold the title of Senior Network Architect IP/MPLS for an ISP, or rather Multi-Service Operator, in another European country – I work from home full-time, but occasionally honour my colleagues with visits in person.
For reasons of confidentiality I won’t disclose the company I work for, but I can tell you this much background: We started out as a cable-TV company and later branched out into the usual triple-play offering (TV, Internet, telephony); and through partnerships, expansions and aquisitions, we now deliver our services across a multitude of access platforms (ranging from DSL via PON and active ethernet deployments, and of course the ubiquitous HFC networks, as well as wholesale capacity) to both residential and small-and-medium business customers. We are also the country’s largest IPv6 provider, except for the university network; a deployment project I’m in charge of.
From a skill-set standpoint, I got into networks by the way of Novell Netware server administration, and later moved on to Cisco networking equipment, interspersed with various other vendors, such as Extreme Networks, Foundry (now Brocade) and Alteon (now part of the Radware family). Some ten years ago, I started working with Juniper Networks products, and that’s become more and more of my focus in the last few years; we run pretty much all of our critical infrastructure (be it routers, switches or firewalls) across Juniper equipment – peering edge, core or data centre networks makes no difference. Naturally we also still have quite a bit of Cisco equipment in our network, as well as some other vendors – RadwareAlteon and Palo Alto Networks spring to mind. I don’t exclusively work with security – my core skills are really IP routing and MPLS as well as firewalls – however as an architect, security is always part of my job description…
And that’s what I hope to bring to this blog from a purely product standpoint. Juniper and it’s JunOS contains a lot of security features, and a big bonus is that configuration is identical between platforms (except of course very platform-specific features – a layer 2 switch doesn’t know about trust zones, and a core router doesn’t know VLANs (although they do know bridge-domains!)) – something us network admins really appreciate. Also, both Palo Alto’s PanOS and Alteon’s AlteonOS (seriously, who comes up with these clever and unique names?) are somewhat strange beasts that might need some explanation. I’ll try to do my best here.
On a more philosophical note, network security can sometimes feel like a lost cause – I mean, the whole purpose of interconnecting devices is to allow them to communicate, right? The whole concept of network security, on a very high level, might seem to be to PREVENT devices to communicate – but it’s so much more than that. In an era where we trust more and more of our personal business and information to the Internet – be it banking, shopping, dating, gaming, chat, emails, photo sharing or whatever – we need to know that the data we transmit can’t be intercepted, and that the fluffy little cloud that stores it can’t be accessed by unauthorized and evil people. Of course, you should strive to always build network security into everything you build from scratch, but you must also constantly evaluate the platforms you have and critically assess where what you have is Secure Enough, or if you need to make changes to improve it.
Anyway – that’s a little bit about me. I’ll be posting my first proper article in a few days, and I think it’ll be a Palo Alto-related post… Look forward to hearing from all the readers once we get going!
(Now if I can only get Jimmy to add some new, non Cisco-related categories to the list…)