lensblog

I know I’m starting to. And I haven’t consciously recalled a dream since about 18 years ago.

My head is filling up with terminology and jargon, from both the Checkpoint Firewall-1 side of things and our own internally developed monitoring systems that we deploy at client sites.

This morning, I woke up, with the word “CACT’s” on my mind… Complex ACTions. Packets being dropped by the firewall. My staple diet of support tickets, these days. And something that is often difficult to interpret. I sometimes spend an hour or two to retrieve the logs, format them in Excel and Access, then do SQL queries to filter out the “trash” data to determine the culprits. And even then, I cannot always be sure of my analysis until I verify some facts with the network diagram or ask a colleague to double check my findings.

Thus far, I’ve found some DDOS attacks, some portscans, a virus infection, peer to peer software abuse and some really dodgy DNS systems.

Anyway… this weekend is rAge. First one that I will be attending. Looking forward to see what we here in South Africa call a gaming expo, seeing as we always see coverage of the overseas expo’s but never our own.

Hope you all have a good weekend. See you on the other side.

My first month at ISA (Information Security Architects) draws to a close soon, and looking back at the past few weeks, I’m surprised at how the time has flown. Not that I’ve been so hectically busy that I never noticed the time, but rather that I’ve been engaged at a level that I haven’t experienced in a very long time.

Initially I was just supposed to get up to speed with F-Secure, their AV product range, and refresh my knowledge of Trend Micro as well, but seeing as we haven’t received many tickets for either set of products, I’ve kept myself occupied by jumping in the deep end with Checkpoint firewall support.

Well, not so much the support side of things just yet. Changes, I leave to those a little more qualified than I am, for the moment. No, my major task these past two weeks has been firewall log forensics. Breaking down thousands upon thousands of lines of logged events to spot trends, looking for attacks, potential network issues, etc.

I found it funny that I ended up using some of my old development tools in order to do so. SQL queries are amazing at breaking things down into manageable chunks of data…

I must admit, though, that I feel really stupid sometimes, having to ask my colleagues for advice all the time, but considering I haven’t yet gone on training for the product, I think I’m doing the best I can under the circumstances.

My other project has been building a MS ISA server for testing purposes, collecting browsing data for our Dev Team. And learning Websense again.

All in all, feeling a little overloaded, information-wise, but still enjoying it. The people at work are great, the environment is pleasant and I hardly notice the time there, in fact, I leave most evenings well after my finishing times. Mostly to miss traffic, but it’s also great to sit and chat with fellow geeks, play some pool, etc until such time as we all head our different ways.

For the first time in a long time, I feel at home in the IT industry again.

Well, I’ve survived my first week at the new company. No, survived is the wrong word, I think. Enjoyed, is a better choice.

Granted, I haven’t started any of the real hard work yet, rather, I’ve been studying their products, getting to know the staff, building my PC and subsequently my virtual PC’s to run and test the products.

I’ve been made to feel very welcome by all involved and have met some very interesting people. Amogst them, I’ve found some kindred spirits that share my passion for certain things in life: photography, esoteric studies, music, even gaming. It was very amusing to find that at least two of my colleagues are playing or have played World of Warcraft.

Next week the pace will increase somewhat… but I’m ready and looking forward to it. For all the obstacles that I felt were in front of me on leaving the old company, I feel the path ahead is now the right one.

Change is one of those many constants in life.

Or at least it should be, to avoid being left behind, stagnating and losing touch with the ever-evolving, ever changing universe around us.

This month for me, brings change. A necessary one, but not one without it’s repercussions.

At the end of this month, I leave my position as a system administrator for a junior position at an information security architect, to begin studying towards being a senior security engineer, or some such mouthful.

7 years ago, I was a system administrator. Then the company I was with retrenched a good many of us. It was a big setback for my career. From then till now, I’ve stagnated, barely creeping forward, trying to regain that original status and now that I have it again, I find myself unhappy, needing change.

Change found me, this time around, in the form of one of the vendors at the company I was contracted to. He then suggested I meet with the security firm in question and did some ‘selling’ on my behalf, to ease my way in.

I just wish I had more time to exit gracefully from where I am now. My timing is not the best for those involved and I’m afraid I may have lost more than just an employer in the process, but also one of my oldest colleagues.

Nothing to do now but finish what I started and move on. I cannot afford regrets anymore.

Today, I think, I made a few enemies at work. How? 3 words. Websense Remote Filtering.

What does this mean? It means that no matter where you are, what connection you are using, etc on your company laptop, this service will poll the Websense policy server to see what you are and what you are not allowed to browse.

So the guys using company laptops, their 3G cards or phones, etc to bypass the proxy restrictions at work, have suddenly found themselves back where they began. Filtered and blocked.

I’ve been called everything from the Grim Reaper, to the Bastard Operator from Hell, to a Harbinger of Doom… Guess one has to just shrug it off as having to follow orders from above.