Long, long-time followers will know my sordid history with Check Point FireWall-1 and various issues related to network security. I'm all too familiar with how companies can--and do--restrict their users. My employer is no exception. While they have loosened their stance on responsible use of certain applications over the years, one of the fundamental things about the network is that in order to get out to the Internet, you must go through an HTTP proxy.

Enter two new applications I've looked at recently; Yugma and Tungle. Yugma is like WebEx or GoToMeeting. Tungle allows you to more easily schedule meetings across corporate boundaries. Both are exceptionally useful applications.

My acid test for any application is the corporate network. If it can work in our corporate network, chances are, it will work anywhere. Skype is a wonderful example of an application that works everywhere--including on our corporate network. On one hand, I find it scary from a security standpoint, but as a user, I appreciate that it just works.

Some applications fail the HTTP Proxy test. SightSpeed--one of my favorite ways to video chat--simply won't work through the corporate firewall. You can blame SIP for not working through an HTTP proxy, which SightSpeed can't do much about.

Tungle is another one that fails the firewall test, particularly the part that synchronizes free/busy with the Tungle server so your friends can schedule a meeting with you. Other parts of Tungle will work just fine with a regular HTTP proxy. Furthermore, there's no way to even configure proxies into Tungle. The folks at Tungle are aware of these limitations and are addressing them.

Yugma, at least, seems to have some support for HTTP Proxy. It pops up a dialog box after spinning its wheels for a while, realizing it might need one. However, my experience is that I can't make session sharing to work in this configuration.

It's a challenge to work around all the various firewall issues. However, for large-scale corporate adoption of your product, this is a must.

Creative Commons License photo credit: roney

You want to know what I do at Nokia? Support platforms like these guys. Firewalls, intrusion detection, VPNs. Yup, that's what I do.

Today, our little corner of Nokia officially announces the availability of the Nokia IP2450 geared specifically at the IDS market. The Nokia IP2450 has been available as a firewall platform for the past several months. Not a new platform, therefore, but new for the IDS market.

This 2U badboy will push 4 gigabits of data in a passive or inline mode and is expandable to 24 copper or fiber gigabit Ethernet ports. This means the box can sit inline on 11 different segments or monitor 23 segments passively. And yes, you can mix and match inline and passive mode ports.

The IDS on these boxes is provided by Sourcefire, which are the folks behind the popular open-source snort IDS tool. It runs on Nokia's Linux-based IPSO-LX OS. And, of course, it's backed by Nokia's worldwide technical support organization, of which I am a part of.

Don't ask me what these badboy's cost. I work in support, not sales. ;) Seriously, if you're interested, Contact Nokia or a Nokia partner for more details.

When I was 11, which puts me in 6th grade, our school had a couple of Apple ][e's in the library. There wasn't any network connectivity to speak of, but I knew then I had a future in them.

However, this just blows my mind. A sixth-grader in Millbrook, Alabama becomes the network administrator for a small, private school. He puts in a firewall, upgrades PCs to run Windows 2000, and generally tries to make the computing life better for the students and faculty of his school. And he has to justify certain expendetures in front of the school board. Talk about a hardcore lesson in the school of the IT business.

Both my kids have been in front of computers ever since they had enough of an attention span. I don't know that they will have any exceptional aptitude at this, but if they ever want to practice their IT skills, I've got the equipment here at home they can practice on. ;)

The scary thing is, this will likely be the most useful part of Jon Penn's education he will receive. Certainly was for me in college when I was one of a couple of students helping to maintain the main engineering computing lab. Hopefully, he will continue to hone his IT skills and become certified. I bet he'll make a mint at it, too.

Image from Network World

A friend of mine just sent me the following, which may be of interest to some of you:

The Academy (http://www.theacademy.ca) officially launches its web site today providing instructional videos for the information security community. For the first time ever, the average user to the most seasoned industry expert will be able to watch instructional videos on how to install popular products, address common configuration issues, and troubleshoot difficult problems. The Academy is a user driven community and videos are created at the request of its members. Vendors can also leverage the site to showcase the features and capabilities of their products. The Academy is an ideal place to find and share knowledge with others practicing or interested in the information security field.

Back when I was knee-deep in Check Point, it would have been nice to make videos of the stuff I was troubleshooting and make them available, much like I did with FAQs and the like. These guys have done just that with Check Point and a number of other security products. You have to register to see the videos, but there's a lot there!

Well that and I generally just don't care for the sound quality of Bluetooth headsets:


If you're not using it, keep your bluetooth off. Simple as that.