Interop New York City 2012!


While attending Interop New York a couple weeks ago, I caught myself reflecting on Interop experiences throughout my career.   Since my first Interop in San Jose, CA in October, 1991 (I was only twelve at the time  –really!)  tons of things have changed, but many remain the same.  For one, Interop was and still is a really big deal.  As a huge repository for vendor-neutral technology forums, educational sessions and wide ranging product displays.  Interop has helped us experience scads of new and cool “stuff” right there on the show room floor.  In my nubile beginnings as a Systems Engineer, my company’s senior SEs had been so emphatic we attend Interop that we would pay for the trip ourselves if the company wouldn’t sponsor us!

This year at Interop New York, IXIA|Anue had a presentation:  Big Data, Big Visibility, Big Control by Larry Hart, Chip Webb and Todd Kaloudis of OpnetCheck it out here, or download the whitepaper on Big Data.  Contrast this with Interop  ‘91, where one of the coolest   exhibitions was the SNMP Managed Toaster with its very own toaster MIB.  This wasn’t just the original toaster from the year before that controlled when to cook the bread but 1991’s toaster MIB had been extended to show off SNMP Get-Next requests so a little Lego crane could put the bread into the toaster all via network management software from the showroom floor.

Twenty one years ago we had monitored toasters.  Today, we use Network Monitoring Switches like the Net Tool Optimizer to direct traffic to multiple monitoring devices doing Application Performance Monitoring, SIEM attack detection, network diagnostics, Web Customer Experience monitoring and more.  We manage localized tool farms in huge data centers or distributed multi-interface devices like LTE MMEs and probes.  We have an incredibly cool Enterprise MIB of our own that won’t toast whole wheat but will tell you how many PCI non-compliant protocol packets just floated in off your core network TAP and let you redirect that traffic to additional tools while changing the filter based on your conditions with our flexible API.  Get-Next on that table!  Quite the Interop evolution – from toasters to network clouds.

I also had the chance to talk to people from well, everywhere; literally.  Maybe because it was the Big Apple or companies understanding that Interop is the place to go.  Here management and engineers alike can listen and learn from the best in the industry and view products and trends in network technologies.  The show is loaded with users from all walks of life and Interop provides the valuable chance to see and speak to others doing things they need to do too.

In ’91, Interop seemed like a lot of Silicon Valley types; today, it’s gone global and anyone who’s anyone has spread their wings with an international presence.   Today, global is local.  Whether its WebEx meetings about moving Big Data around the cloud or sitting on a marshmallow stool in our cool IXIA|Anue booth helping someone from Azerbaijan design a monitoring infrastructure to meet their needs, Interop lets people like me share experiences with others like we were next door neighbors.

Check out the Ixia booth at Interop NYC, as photographed with the nifty CamWow application.  The booth featured the IXIA|Anue Net Tool Optimizer, and we announced our Advanced Feature Module 16 (AFM16) at the show.

Interop was great and NYC was friendly to us – we spoke with a lot of network engineers and data center managers, some of whom were already familiar with the network monitoring switch.  Those who were not familiar were very interested, noting the power it puts at their fingertips.

Benchmarking your Network – 101


Ixia Network Visibility Solutions welcomes a guest blogger today, Tim O’Neill from LoveMyTool.

Just as a doctor uses your body temperature, blood pressure, pulse rate, etc. to evaluate your health, a network manager should have parameters, statistics or other value references to quickly evaluate the health and success of their network. Referred to as benchmarking, this practice allows you to establish acceptable statistics or values that can be used to monitor the “well being” of your network. Once network levels operate outside the tested “norms”, the network manager, just like a doctor, can treat the “condition” accordingly.

Some use the OSI stack for consideration and layer differentiation, while others use the TCP/IP stack for differentiation. It really does not matter as long as you get definitive and comparative results. The graphic below shows the OSI model compared to the TCP/IP stack and associated protocols all the way up to the application layers – after all, applications are the reason we have a network in the first place.

OSI Example for Ethernet Media - TCP/IP Stack


The first level to consider is the physical layer or transport layer. To evaluate this level you must have a promiscuous NIC card for the layer you are reviewing to establish your criteria for success. Some of the different physical layers are Ethernet, WAN (i.e. Frame Relay, T/E1, T/E3, cable, XDSL, etc.) and WiFi. For any of these physical layers you need to review them individually or at a conversion point, such as the TAP (Telecommunications Access Point) at your main Ethernet connection. This is the most common visualization point for evaluating a network.

When evaluating and establishing any measure point or stat, one must consider delta times, time of day, day of week, day of month, etc. as the evaluation points can change due to many variables. For example, maybe the accounting segment is usually very busy at the close of a month or quarter. Just as you know that your pulse rate will be higher just after you run, for your network it’s important that every evaluation point have all the necessary variables accounted for in the comparison equation.

When looking at the physical layer with a real TAP for access, make sure you are using a competent datascope (i.e. Network Instruments or Garland Tech). The screen shot below contains some of the values one might want to consider at the Ethernet physical layer.

 Want to consider at the Ethernet physical layer


What is important in the Physical Layer? 

First, if you are using a Monitor port or SPAN off of a switch, you will not get all, or possibly any, of the Errors as the switch bus grooms and drops all errored frames. This can cause a number of issues. The timing or basic stats will also be offset, however the good frame counts will be close enough for comparison.

The Frame Error level is really part of the second layer of the OSI stack. The Data layer is really the Frame layer but there is more as you will see below.

Each physical layer will have its special set of important values and revelance to how the information was acquired and which method was used to aquire it.

Below are some WiFi physical layer stats for comparison from a AirPCAP card from CACE Techology (now RiverBed Technology) with Wireshark (Gerald Combs).

This is an example of the basic Wireless information from Wireshark that can be available for later comparison and evaluation.

 basic Wireless information


A Flow Graphic overview from Wireshark:

A Flow Graphic overview from Wireshark


The next layer to consider is the data layer…In the TCP/IP model the physical layer and data layer are considered as one layer. This is acceptable as long as there is not an intermediate physical layer like WiFi. Also the data layer has many other valuable statistics for consideration above the physical layer statistics, such as VLAN with Channel info, Subnets, IP addresses and Packet/Protocol types.

Once you get above the physical and data links you get into the heart of the TCP/IP stack. There are any number of statistics that you can use for benchmarking from the basic to the complex. See below for examples.

 statistics that you can use for benchmarking from the basic to the complex


Connection and protocol:

Connection and protocol


You can use any or all (although all is a bit much) of these as benchmarks for your network. You can use a SPAN/monitor port for a benchmark of who is connected to whom, and types of protocol being used. The SPAN can also be used for many other studies, except those that are time based or those that require checking frame errors. A TAP is the best and most technically sound method for accessing your frames for benchmarking.


A very good stat on % packets from Wireshark:

good stat on % packets from Wireshark


So much potential … so little time!

The best starting point is to find what is important in your network from the physical layer up and create evaluation statistics to regularly monitor the health of your network.

Find the “pulse”, “temperature” etc. of your network and compare those baseline statistics against the different levels of your network, at any given time, to see if there are issues you need to address. The next step is to determine why your baseline changed.

Do not be blindfolded… get into your networkDo not be blindfolded… get into your network, look at it as many ways as you can and find the essential weighting points. Use them regularly to evaluate and verify the success of your network while being alerted to potential issues. There are no set rules just look at your network layers with a good analyzer or even several different analyzers – from Wireshark to commercial analyzers. Filter your view with a tool like the Ixia NTO and make it your network stethoscope! Regular visits to your doctor make sense. Keeping tabs on the ongoing health of your network does too.

I wish you great success….




Here’s a little bit about Tim:

Tim O’Neill - The “Oldcommguy™”
Technology Website -
Committee Chairman for Cyber Law Enforcement training and Cyber Terrorism
For Georgia State Senator John Albers
Please honor and support our Troops, Law Enforcement and First Responders!
All Gave Some – Some Gave All – All deserve our Respect and Support!

What Keeps the Network Monitoring Team Awake at Night, and How Ixia Anue’s AFM16 Can Help


The hype surrounding the iPhone 5 release demonstrates one thing – the seemingly unlimited demand from users to do more with their mobile devices is nowhere near satiated. With more and more use of cloud networks, application delivery, and networks-over-the-Internet, the promise and problems of Big Data paradigms will become obvious and well known to all operators – challenges that include capture, storage, search, sharing, analysis, and visualization.

Big Data is large amounts of information that exceed the demands of a typical network because of the size and speed of the data traveling over the network. Big Data is different from traditional IT in many ways, but it still requires monitoring. Key focus areas when managing Big Data are application behavior, network performance and security. The measure of  network monitoring to optimize network traffic sent to monitoring tools lies in the ability to improve the effectiveness and performance of monitoring tools.

Network monitoring is critical to network visibility in the enterprise data centers and the IP-based segments of telecommunication service provider networks. The importance of monitoring is reflected in the large investments large enterprises and service providers make in monitoring tools and the staff to manage them. These network monitoring teams face several challenges, including the following:

  1. Demand for higher data rates outpaces the ability of monitoring tools to keep up
  2. Complying with strict privacy regulations
  3. Increased scrutiny of network performance
  4. Containing the cost of network monitoring


  1. 1.     Demand for Higher Data Rates Outpaces Gains in Monitoring Tool Performance

With networks growing in speed and little budget to upgrade tools, network engineers are looking for ways to get better performance from their existing monitoring tools. Some of the issues that drain tool performance include:

More than 50% of packets arriving at a monitoring tool could be duplicate packets. Also, some tools only need the packet header for analysis, in which case most of the data that arrives at the tool are useless. The challenge is to remove the performance-robbing packets from the traffic before they reach the monitoring tool.

  1. 2.     Complying with Strict Privacy Regulations

Businesses that handle sensitive user information are obligated (by SOX, HIPAA, PCI, etc.) to keep such data secure. Some tools provide the ability to trim sensitive data from packets before they are analyzed or stored. However, this comes at the expense of precious computing and tool bandwidth resources. The challenge is to offload the privacy function from tools so they can focus all resources on the analysis and storage for which they were intended.

  1. 3.     Increased Scrutiny of Network Performance

Network performance is under great scrutiny in some network applications, such as high-frequency-trading. For such applications, there are purpose-built monitoring tools that can time each packet as it traverses the network. These latency-sensitive tools depend on timing the packets as close to source as possible. However, such proximity implies exclusive access to the network, which is not practical. The challenge is to deliver both the packet and its timing data to the latency-sensitive tools without compromising access for other network monitoring tools.

  1. 4.     Containing the Cost of Network Monitoring

Network engineers are under pressure to do more with less, including in network monitoring. Successful network monitoring teams not only find ways to save costs, they also find smart ways to leverage their current investment.

There is a rich selection of tools on the market to monitor IP networks. However, in certain parts of the IP-based service provider networks, most of these tools are rendered useless, because the IP traffic is encapsulated using MPLS, GTP, and VNTag. The challenge is to find a way to expose the tunneled IP traffic so widely available tools, including tools the organization already owns, can be deployed.

Ixia Anue has just introduced its Anue Advanced Feature Module 16, which provides advanced packet processing technologies to eliminate redundant network traffic, secure sensitive data and enhance monitoring tool effectiveness. It is the industry’s first high-density, high-capacity advanced packet processing solution designed specifically to enhance network and application performance at large enterprises and data centers.

To learn more about Ixia’s Anue AFM16 and the Anue Net Tool Optimizer, stop by booth #531 at Interop New York, currently taking place at the Javits Convention Center. At the event, Ixia’s Larry Hart and Chip Webb will lead an industry conversation titled “Big Data, Big Visibility, Big Control” on Oct. 3 at 2 p.m. ET.

For more information on the AFM16 module, see the press release

Bring Your Own Device (BYOD) is Pure Evil


I spent a few days at ConSec ’12 this week and heard a lot about Bring Your Own Device (BYOD). It is a rapidly growing phenomenon that enterprise security experts are grappling with.  BYOD is becoming accepted by many companies of all sizes.  Interestingly, it often begins when a senior executive pops by IT with an iPad or a Mac and insists on using that device instead of a corporate standard.  Then the floodgates open.  People tend to like the freedom of choice and the convenience of BYOD. 

The Security, Audit, Continuity, and DIR full-day workshops

Security risk with BYOD

Did you know that when you access corporate email on the mobile device you own, there are countless security risks?  For example, if your phone is stolen, it is surprisingly easy to gain access to all the data on the device.  If you have the email password stored, well, all of your email is available to the hacker.  They can steal anything and even worse yet, – impersonate you.  In fact, a good hacker in possession of your device, can decrypt your stored passwords in a matter of minutes.

Enterprise IT needs to focus on protecting what really matters – the corporate network,  applications, and most of all, business-critical data.If you think that a remote wipe will take care of this – think again. A remote wipe requires that the device is powered on.  So, if the bad guy powers it off and removes the SIM card –remote wipe won’t be wiping anything.

If you use your device for personal purposes, you might download some fun apps and games.  There is nothing that guarantees these applications are not malware.  And it’s possible they behave well for 6 months and then become malware.

Employee-owned devices are extremely difficult to control or trust.  The key seems to be to develop a strategy where the device is known and expected to be EVIL.  Enterprise IT needs to focus on protecting what really matters – the corporate network,  applications, and most of all, business-critical data.

Monitor for anomalies

Enterprises need to focus on monitoring for anomalies that can strike its key assets:

  • The corporate network
  • Business-critical applications
  • Business-critical data

Ixia's Anue Net Tool Optimizer® (NTO) will revolutionize the way you monitor your network.With BYOD, the risk of network contamination and information leakage significantly increases due to poorly developed or malicious apps, the increased attack surface of all of these devices and fun-loving human nature.  Ixia is in the business of providing network visibility with products such as the Anue NTO, which can really help secure production networks.

In the past, IT managed users with a work-owned device, which was most likely configured and locked down. Today, IT is faced with users with as many as three devices- laptops, iPads and Phones/smartphones- all out of their control.  That is triple the devices, and all present a tasty attack surfaces plus an increase in in network bandwidth requirements.  Oh dear.

So, you might develop a policy that IT must control and monitor all devices that are used for business purposes.  Good luck on that – the privacy and legal issues in the US get sticky.  In EMEA and other regions with stricter privacy policies for their citizens, forget about it.  Scenario: you have a security incident and you need to force wipe out an employee’s iPhone – and you wipe out the last picture of grandpa before he died.   The jury would tear up right there.

And do you really want to deal with the drama around confiscating an employee’s personal device and invading his privacy and finding scantily-clad pictures of his fiancée?  Oh dear.

The answer is to focus on securing what really matters: enterprise data, network and applications.  Lock down and monitor what really counts to your business.  Expect employee-owned devices to be Evil, and you will not be disappointed.

Having said all that, there is a new category of products called Mobile Device Management (MDM) that can enforce device policy, encrypt local data and secure contained partitions.  It is a nascent category, but there are already over 40 companies moving in to solve mobile device security concerns.   In addition, at ConSec ’12 AT&T was talking about a new technology to  provide a “toggle” feature, where there are two settings – one for work purposes and one for personal purposes.  With this, you might be able to effectively carry out information security practices for the device.

More to come soon…

VMworld – Surprise! Network and Security Professionals are Getting Included!


The new cloud computing landscape requires greater innovation, performance and confidence to push system and software delivery to the next level.We did a survey at the Ixia booth at VMworld ’12 to find out more about what VMware practitioners want and need from vendors like us.  We surveyed over 150 people, and some of our findings were surprising given the audience: people clearly drinking the virtualization Koolaid.  Have to admit, I expected far more right wing VMware practitioners, viewing anything physical as a complete waste of time.  In fact, about 20-25% of the people I spoke with were network engineers!  I had several great conversations about the abyss that used to exist between network and security pros and the “VMware guys.”

The abyss is disappearing.  Surprise!  Not really, considering that enterprises are moving from the old days where the virtualization team was off “doing their own thing” to the new reality where networking and security pros have to be brought into the fold, because mission critical apps are being virtualized now.  Gone are the days where virtualization teams held network engineers in contempt and network engineers responded by dropping a big trunk for the virtualization team and walking away from the whole situation.

Here are our survey results from VMworld 2012:


  • 98% of all respondents thought visibility into VMware environments is critical to their success.  This was not that much of a surprise.
  • Moving forward, 82.4% of respondents plan on using a mix of physical and virtual monitoring tools, which was a surprise to me at this event – I expected a far greater number to answer purely virtual. 
  • A whopping 32.4% were already using the vSphere Distributed Switch, which was only introduced last year with vSphere 5.0.  Only 9.4% never plan to use it, and only 23.6% were unfamiliar with it.  This was a bit of a surprise, since VDS is only available with Enterprise Plus licensing, and it’s still pretty new.
  • When asked if they would use a virtual TAP from a third party versus the capabilities provided by VMware and Cisco to acquire information from a virtual environment for analysis with physical tools like IDS, another surprise!, only 13.5% would use a third party vTap.  In conversation, the only reason people gave for using a third party was better support.
  • 84.6% saw a network monitoring switch as a critical infrastructure component for virtualization.
  • Our theory was the issue in moving packets from the VMware environment to the physical environment would hinge on the host physical NIC.  31.7% were concerned with utilization of the limited pNICs on a host.  41.2% were concerned with bandwidth.  From conversations with practitioners, it appears that the density of VMs on hosts drove the response – if they had higher VM density they were more concerned with bandwidth.  Only 8.1% of respondents didn’t plan to move packets from VMware to physical tools.


Good event for us, and I love Surprises like this!

The Importance of Optimism (and Visibility)


I just got back from a Mediterranean cruise, where I went to both Greece (Athens, Corfu, Santorini and Mykonos) and Croatia (Dubrovnik), among other places. The difference between the Greek cities and Dubrovnik was remarkable. The Greek people I met seemed, defeated while the Croatians struck me as the most enterprising and optimistic people that I have encountered, which shows the importance of optimism and visibility.
With the Ixia Anue Net Tool Optimizer (NTO), you can eliminate SPAN port and TAP shortages

It seemed everyone in Dubrovnik “had a shingle out” to make money. If they had a boat, they were looking for tourists to take on a tour. If they had a house, they were looking for a boarder. If they had neither, they were looking to sell handmade crafts for a profit. Remarkable, it was their resilience in a tough economy, and their willingness to just work hard.

Contrast this with people in the Greek cities. They seemed defeated and despondent. There were very few entrepreneurs actively vying for the tourist dollars. The desperation and hopelessness was palpable, which is striking, given the tours we were taking highlighted the grandeur of ancient Greek cultures. Greece’s per capita income is impressive, but it appears that the statistic may be deceptive.   A climate with limited visibility and a perception of deception – a lack of visibility – can’t be a good long-term strategy.

So why am I blogging about this?  From my perspective, the Greek people have lost visibility and corruption has ensued.

A couple of months ago Ixia acquired Anue Systems for the express purpose of adding production network visibility into their portfolio of products. While we can’t solve Greece’s problems, I sure wish we could. Visibility could get rid of that “deceptive image.”

The Croatians are painfully aware of political dispute, and have had their share of suffering. While they have been through significant negativity and political dispute, what is remarkable is their response. It seems they choose to view the glass as half full, and to endeavor to get that glass full.

Unfortunately, for global politics, a network visibility vendor like us can’t offer the technology to give the Greeks the visibility they need. It is admittedly an oversimplification of a very complex political situation, but visibility and clarity into any situation – be it network performance or a national economy – has extreme value. Deception and lack of visibility is a poor long-term strategy.

This shortage of network access ports reduces monitoring effectiveness and limits network visibilityWhen there is a lack of visibility, it appears corruption follows – according to Wikipedia, “Greece has the EU’s second worst Corruption Perceptions Index after Bulgaria, ranking 80th in the world, and lowest Index of Economic Freedom and Global Competitiveness Index, ranking 119th and 90th respectively. Corruption, together with the associated issue of poor standards of tax collection, is widely regarded as both a key cause of the current troubles in the economy and a key hurdle in terms of overcoming the country’s debt problem.”

As a technology vendor, we bring value to our customers by providing improved network visibility. Increased network visibility is beneficial in reducing internal enterprise politics, which can become a sort of internal corruption.

In looking at this situation and the contrast between Croatia and Greece, simply put the way to defeat useless politics and corruption is to see the facts clearly. Ixia’s network visibility solutions help network engineers and security professionals see the true facts and avoid “internal corruption.”   Hopefully the Greeks will find a way to do likewise and regain some of their ancient grandeur.

Ixia and Gigamon Have 147% Market Share in Network Visibility


I know. I know. Two companies can’t actually have more than 100% market share, but since I read it on the Internet – it must be true! Right?!?

According to Gigamon’s website they have 90% market share in Intelligent Traffic Visibility Networking.  From their website today: 

Gigamon’s website they have 90% market share in Intelligent Traffic Visibility Networking

This is the same market segment in which Ixia’s Network Visibility Solutions (NVS) participates. Ixia’s acquisition of Anue Systems provided some early financial transparency to this nascent market of visibility controllers (aka, Network Packet Brokers, Intelligent Management Aggregation Networks, network monitoring switches, packet aggregators, traffic aggregators, visibility fabrics, bypass switch and many, many more). Gigamon’s IPO filing provided even more and opened up their revenue to public scrutiny.

Here are the facts related to market share: With the S1 and a little bit of math, you can derive their most recent reported 12 months of revenue at $74.7M (ending March 2012). For the same period, Ixia’s NVS group delivered $47.6M in revenue as reported in the acquisition press release.  If 90% market share is garnered with $74.7M in revenue, the combined revenues of the two companies yields an astonishing, and impossible, combined market share of 147%.

Preposterous? Yes!

Gigamon sales teams have told customers for years that they dominate this market segment so it’s a welcome relief to finally have the data to refute their self-aggrandized view of market domination. We knew all along this wasn’t the case. Our customers knew it as well, which is why so many chose us. Yet, our primary competitor continued to beat the drum hoping everyone would simply believe and buy.

To hearken back to the days of President Reagan standing at the Berlin Wall, let me proclaim, “Gigamon, tear down this web page!”To hearken back to the days of President Reagan standing at the Berlin Wall, let me proclaim, “Gigamon, tear down this web page!”

BTW and in case you’re wondering…neither company derives all its revenue from visibility controllers, but both derive a majority of their revenue from this business making this analysis, shall we say, directionally correct.




Monitoring Without Tears


Anue 5200 Net Tool OptimizerTM (NTO) series allows for complete network visibility with the easiest drag-and-drop interface in the industry. Common network monitoring issues can make even the toughest member of your team cry. The continually increasing demands for a more secure network is putting a strain on IT capabilities. How can data centers increase network security without adding expensive infrastructure?  The key to delivering higher quality network security without making large capital investments into IT infrastructure is to get more out of the network monitoring equipment that you already have in place.

That can be easier said than done, however. Improving network security will require a dedicated effort to collect and analyze information about network operation so that areas for improvement can be recognized and implemented. As outlined in this white paper, realizing significant network monitoring performance improvement comes with its own set of challenges.

First, network switches typically only have oneSPANport that can be used to connect network monitoring tools. This severe limitation in the ability to connect monitoring tools means that network traffic cannot be captured or analyzed in a comprehensive way because only one network monitoring tool at a time can be connected to the network switch. One monitoring tool simply cannot provide the thorough and complete network traffic analysis needed to realize significant performance improvement. It takes a full complement of monitoring tools to fully analyze how a network operates.

one network monitoring tool at a time can be connected to the network switchNetwork speeds continue to increase, but sometimes monitoring tools are not upgraded to keep up with the network such as, a 10G monitoring tool connected to a 40G network link. Outdated network monitoring tools can be overwhelmed, leading to lost information that could be critical in analyzing network security.

Duplicate packets generated by SPANports are another common issue leading to overwhelmed monitoring tools. Many SPANports generate duplicate network traffic packets that are then sent to monitoring tools. This excess data causes problems for many monitoring tools like capture devices – significantly reducing their capability and effectiveness. Plus, it is more difficult for network engineers to successfully use monitoring devices since so much of the data consists of duplicate packets that provide no value, not to mention inaccurate reports.

Using a network monitoring switch can solve common networking issues by providing features to:

  • Connect various diverse monitoring tools to a singleSPANport
  • Remove duplicate packets generated by theSPANport
  • Direct the right traffic to the right tool to prevent data overflows and dropped packets using filter and traffic controls


The right investment into improved monitoring can bring big returns and ensure you get the most out of your network monitoring efforts – painless and without tears!

Security Visibility: Do You Know Who’s Been In Your House? (Part II)


Ixia Network Visibility Solutions welcomes a guest blogger today, Tim O’Neill from LoveMyTool.

On Wednesday, we looked at three of the top ways network visibility can help keep your network secure. Below are a few more:


Learn how security teams use the network monitoring switch to resolve SPAN and TAP shortages, monitor virtualized environments and automate adaptive monitoring for incident response.4. Focus on what’s important. As the network manager, you know where your corporate gold – the important and sensitive data that cannot be compromised – is in your network and servers. You must create your views, and check your security policies and procedures, with protecting this gold in mind. If you do not know where the corporate gold is, you really should go find it as it deserves your full protection!


5. Monitor with purpose. As the network engineer and manager it is your duty to monitor to protect this corporate gold, as well as to find any illegal, immoral or misusage that can compromise your company. If someone is using your network for attacks, illegal solicitations, identify theft or worse, not only will your security be compromised, but you and your company could potentially be held liable. The U.S. Secret Service and the FBI estimate that more than 20% of cybercrimes were aided by insiders. This statistic should send chills down a network manager’s spine!

6. Monitor for attacks and losses from attacks or illegal usage. Attacks should be able to be recognized by several features and the data attached to an attack should be stored so that the attack can be stopped in the future. This can also help mitigate and provide the depth of any losses. For example, knowing the number of customers that had their information compromised potentially can save your company millions of dollars.


7. Take advantage of relative time filtering. Now, with the advent of relative time filtering you can use a huge variety of tools for a new, unique level and special view into your network, sessions, server access and applications. Filtering allows you to use many tools, from open-source to commercial, without having to buy high data rate and expensive tools. Filtering allows us to use inexpensive and/or open-source tools – by deleting out the non-essential information or directing it to another tool, this allows these tools to handle the data rate.

In general, it is important to choose a filtering solution that is field-upgradable (you do not have to send it back for upgrade); one that was built from the ground up to be a real filter, not a SPAN port in a new chassis; one that has been tested and certified by real labs; one that is easy to program so everyone on your team can use it; one that is truly proactive within as well as capable of fitting into your external network management system; and one that withstand scrutiny when using records for civil or criminal evidence.

Remember even if you can capture all the data in your network, without filtering on the important information it would take you years to review the unfiltered and focused information! Get REAL, Get FOCUSED, Be SUCCESSFUL through Filtering!

Here’s a little bit about Tim:

Tim O’Neill – The “Oldcommguy™”
Technology Website –
Committee Chairman for Cyber Law Enforcement training and Cyber Terrorism
For Georgia State Senator John Albers
Please honor and support our Troops, Law Enforcement and First Responders!
All Gave Some – Some Gave All – All deserve our Respect and Support!

Security Visibility: Do You Know Who’s Been In Your House? (Part I)


Ixia Network Visibility Solutions welcomes a guest blogger today, Tim O’Neill from LoveMyTool.

Almost anyone could tell you who is in their homes, at almost any time of day. So why do most network managers not know who is in their network and what they’re doing?

In our modern day networks we pass trillions of bits, bytes and frames of data through our networks every minute, 24 hours a day and 365 days a year. Most of the data we pass has some degree of confidentially either for ourselves or for our organizations. Despite the tremendous amount of crucial data at stake, we have far less visibility into this type of security than we do into who’s walking through our homes.

It can be a daunting task to keep up with whether users are sticking to network security policies and procedures, whether they’re leaving connections up when they go to lunch or worse until the next day, and whether they’re getting into applications and data to which they’re not supposed to have access.

But with the correct monitoring strategies – and the correct filtering technology for monitored data – all these questions can be answered and tracked with more ease then one would imagine. In this blog, we will discuss the first three of six key tips to improve the security and visibility of your network. Check out Ixia’s Network Visibility Solutions blog Friday for more.

1.     Get a baseline. Learn what is normal for your network. Things like response times, loads, access list of data servers and overall statistics can be the indicators of the health or sickness/weakness of the network. So if malware-like redirects, compromised DNS addresses, DDOS attacks and other issues start slowing the network, you will be able to notice the declining stats of your health parameters, such as response times, DNS errors, incorrect Internet site access, retransmissions and failed sessions – and take action to mitigate the attack and limit losses.

2. Get access to the good, bad and ugly. Anyone who wants to perform real network monitoring and analysis must have access to all the REAL data that flows – the good, bad and ugly – in relative time. The only real way to achieve this is to have TAP access to your network flows. To read more about TAPs versus SPAN technology and the other under-achieving methods of acquiring network information, click here:

3. Use technology built with filtering in mind. If your goal is win the Indianapolis 500, you would not build a car using a 1959 Nash Rambler body as the frame foundation. You would get a titanium frame built for Indy racers. It’s important to think of network technology in the same way – look for equipment that is tested, certified and built for real-world network applications. In the data access and filtering world, one should choose a product that was built from the hardware up – not as a SPAN/monitor afterthought as many filters are.

Ixia’s Anue Net Tool Optimizer is a fully proactive network management solution – it can act on network events, make changes in its operations as well as the direction of flows, filter changes and ingress and egress ports, based on internally set parameters; and the NTO automation feature can let you report and respond to any SNMP communications. The NTO also has been tested and certified for reliability by Tolly Labs to the highest level of NEBs certifications, level 3. It was the first filtering solution to handle 40G paths and today is the most flexible and long range filtering solution with a real easy to use GUI interface.

These are a few of the ways you can improve the security of your network by gaining a clearer view of your network activity – check out Part II in our series Friday.

Here’s a little bit about Tim:

Tim O’Neill – The “Oldcommguy™”
Technology Website –
Committee Chairman for Cyber Law Enforcement training and Cyber Terrorism
For Georgia State Senator John Albers
Please honor and support our Troops, Law Enforcement and First Responders!
All Gave Some – Some Gave All – All deserve our Respect and Support!