Hey Guys,

So I just moved from working in a 50/50 linux/windows environment as a systems administrator to a position as a network administrator in a 95% windows facility. While is bothers a little because I love working with Linux - its allowing me to get a huge amount of Cisco experience which will be worth it's weight in gold.

What was pretty cool about this position was the "shop" like feel. They said as long as you can find a good reason to implement something we will consider it and allow you to a few hours a week for a lab. This goes for both Windows and Linux technologies.

I come to the community for a good source of ideas on where to implement linux into this mostly windows network. I have a mind set for security so the first things that come to mind are honeypots and proxies - but with the cisco ASA's guarding the gateways it seems a little trivial.

What are some suggestion for incorporating a little linux love into the network? Are honeypots outdated with today's security appliances?

Thanks guys! Look forward to hearing some opinions.

Well, I used to sell IPS and Cisco's IPS was not even on our radar (the dominant players were Tipping Point (HP), ISS (IBM), McAfee, and Palo Alto was starting to gain momentum). Just take a look at some of the independent IPS bake-outs for IPS and look at how the Cisco ASAs perform.

I'm sure everyone has their favourite security trick, but I always liked to use SquidGuard with Squid in transparent proxy mode. Blocks a your web clients from accessing a lot of malware infested hosts as well as the usual tricks (SQL injection, cross-site scripting, buffer overflow, etc). I used to also block entire countries in the firewall I had no business with - Russia/China/etc. Helps blocking much of botnet/CnC activities.

Just my 2 cents.
Good luck with the job.

Congratulations on the job! Sounds like it could be fun.

I work as a networking consultant to a stock exchange, in the security operations group. Work with Cisco ASA products, Juniper SRX, Cisco Ironport proxies, Splunk on RH, McAfee and VMware/Shavlik products and the aforementioned IPS modules on the ASAs. (yeah, kinda yuck. I've seen rebooting those modules break firewall clusters and wreck the VPN config in the cluster in the process.) Metasploit and Nessus are installed but I haven't really done anything there up to this point. Quite a bit of my time over the last four months has been setting up a syslog service on a RH host for receiving syslogs, and nfdump components for netflows. That data gets funneled into Splunk. It's a great job and I get to travel to lower Manhattan every few months too. The people with whom I work are fantastic. I really couldn't ask for a better job.

However, I think you're putting the cart in front of the horse by targeting solely Linux solutions for projects that don't exist. Don't get me wrong -- I was known as the Linux Bigot at one job I had, because I'd only look at that as a solution. However, I would think the best thing to do is establish a goal, and then look at the possible solutions from there. This will involve analyzing the existing environment, assessing weak points and then develop a goal. You should also involve your cow-orkers, which would be a better idea as any proposed project will always be better accepted if there is input and cooperation between the affected parties. Oh -- my title as 'Linux Bigot' has effectively been relegated to the past. I believe in using the most effective solution for the project. Sure, Linux is probably going to be one of the finalist, but if I found something that did the job better, I'd have to choose that.

Also, do you have remote access? You would be able to increase your time regarding the lab dramatically if you did. Of course the vast majority of my work is done remotely, via VPN tunnel. If you could gain access to your lab this way, you'd show initiative which is always a good thing. You would also be able to dramatically increase the results of your lab work, possibly providing a solution of some sort for whatever issues that might exist considerably earlier than you would have otherwise.

I'd lay off the crusading charge, and just adjust to the new job for a bit. Learn the capabilities of the network, the strong points and the weaknesses, and also who are the power players. The politics of any job is important, and you need to know who you will be dealing with in the long run. Rolling out a half-baked networking solution will get you into big time trouble. You'll see criticism coming out of the woodwork. If you want to piss some managers off, restrict or shutdown access to something their employees need to work. I work in a fairly restrictive environment, but we also try to balance access with that security. It's not easy, and overall I'm not the one establishing policies. I do what I'm told, beyond that, it's up to the guy for whom I work at the exchange and the policy makers there. Implementing sweeping reform isn't my job -- and you should be weary of taking that responsibility. It's an easy way to make enemies.

Actually, what are the networking polices regarding this company? I'm not asking you to reveal them here, but this is something you should take into account. There has to be some sort of policies in existence already.

Good luck in your new endeavor.

1 members found this post helpful.