Why Cisco owes us

So I’m back for round 2, much later than I thought I would be.  Let’s just say that having a 4 week old infant in the house and trying to start the Internet’s most rockin’ infosec and “in the trenches” IT blog isn’t easy. 

So today I want to gripe a little about Cisco, the company sysmins everywhere love to hate.     I guess it was easy for them during the Internet boom; They could build networking hardware that was difficult to configure and manage because they were the only game in town.   I’m sure this was great when the Internet mostly consisted of Gopher connected to university libraries and about a dozen dinosaur pictures on the web.  People didn’t mind waiting 3 days for their connections while the engineers got approval to pay Cisco’s huge phone support fees to figure out why their interface wouldn’t come up or trying to sort whether the problem was with the telco, the hardware, the engineer, the janitor, or Monica Lewinsky. 

Fast forward to today.  I went to install an 1801 router bridged to a DSL connection.  Pretty easy day 1 stuff right? Not anymore.   I start configuring the device, logging in with the default username and password of cisco and cisco, and figure “hey, I’ll change it later after I get the connection up”.  I walk away to take a lunch break after doing about 20 minutes of good solid programming, returning to find that you can use the cisco ID ONCE.  If your session times out and you didnt’ change it, time to go back to defaults.  Thank goodness I hadn’t written my changes to flash yet, or I would have gone through the long, arduous ROMMON defaulting process, costing my customer more time and money.  a quick reboot to the router and I was ready to start over.

This time I changed the user ID and password having learned from my previous mistake.  I assigned my public static IP and my default route to the appropriate FastEthernet interface and was ready to start configuring my internal connectivity.  I try to assign an IP to one of the 8 other interfaces on the unit, only to be greeted by an error stating this was a Layer 2 port and couldn’t be assigned an IP.   Of course! Why would I want a router that could be attached to TWO networks at once? Isn’t the basic definition of a router to route traffic between TWO or more networks? A quick trip to Experts Exchange revealed you have to take a port and place it in a separate VLAN, assign that VLAN an IP, and change the access mode of the port.  I’m sure this is all in the name of security, to prevent traffic from the outside hitting your other internal hosts attached to the router, but to me this seems like trying to cram features that should be performed on the firewall into the router.  Cisco makes firewalls…Good ones too…why would they want to discourage people from buying them???

So after that snafu, I finished my setup and tested my configuration.  Worked like a charm on the first try.  I decided to ahead and enable telnet access so I could pop back into the router from the internal network later and finish a few things (Yes I know I should be using SSH but I need  a quick and dirty solution that I can hit from any workstation).  I did the usual line vty 0 4 config and added a login statement.  Swing and a miss! Seems now Cisco adds an access list by default preventing telnet traffic from hitting the router. 

The point of all this…Cisco owes me one for putting up with this crap.  Yes I applaud them for trying to make their products more secure, but security is an all or nothing game.  If they’re so worried about security they are making things take twice as long to set up, why not use a more regular patching cycle to plug gaping security holes faster? I encourage everyone to check out this article.  Notice the HUGE gap between patch releases.  Can you imagine the chaos this is going to cause when admins try to apply 6 months worth of fixes to their hardware at once? It’s more incentive to NOT do it (Are you listening Oracle???).

In addition Cisco owes me $375 for failing the CCNA 3 times.  In what real world scenario could you possibly be expected to program routers at 4 sites with automatic routing updates in under 7 minutes? Despite the fact that I have designed complex voice routing, connectivity, and failover solutions using cisco hardware, I can’t call myself a qualified technician because I can’t meet the purely ridiculuous requirements of their exam.  If it was just me I could buy that I’m just a crappy test taker (despite having passed all my MCSE exams, Security+, Linux+, and CEH tests on the first try), but EVERYONE has problems with this test, including guys who are a lot smarter than me. 

So in conclusion, these are my arguments that Cisco owes the IT community as a whole better products.  The next time a vendor comes peddling cisco, take a look at some of the other options on the market before taking the plunge.

We’re all cowards

If you’re reading this, my first blog post EVER (and as such my first journey into the terrifying world of being a Web 2.0 whore), then aren’t you lucky…And I’m sure you’re also wondering why I’m doing this, and where I came up with such a ridiculous name for a blog. Well you’re about to find out…

To answer the first question, I was inspired by a friend of mine who started his own blog (shameless plug for him: www.digitalbush.com). He seems to use it as a creative outlet for whining about his job and throwing ideas on writing code out for the world’s scrutiny, and I thought it was a pretty sweet idea. While I’m not a coder by trade, I am a voice and data engineer for an IT consulting company, and I think we share many of the same frustrations.

As for the name, I adapted it from a speech a client gave me once. On one of my first trips to their office, I had set up a PC and user profile in a slightly different manner than the others machines were. Quite proud of myself, I expected to get some praise for making things easier for the users, streamling their processes, and so forth. Instead, I got a 30 minute lecture on how the users there are (you guessed it) robots and monkeys, who unless they see the same output every time at every workstation have no idea what to do. The speech struck me as quite humorous and a reflection on the IT industry as a whole. As IT professionals, we fear change, but we know it’s unavoidable. How many of us have appliances on our network with firmware 2-3 years out of date, just because, despite fixing several security vulnerabilities and bugs in the product, we’re afraid the upgrade is going to mess up that one feature the CEO uses? Or even worse, we leave servers unpatched and vulnerable because we’re afraid of causing downtime? I think it’s a sad statement when Microsoft releases Windows Server 2008 and publicly admits they don’t expect anyone to migrate to it anytime soon, despite the great new feature sets it brings to the table. All this is a long, roundabout way of imploring my fellow IT professionals to control the technology, not let the technology control you. In the end, you’ll be glad you did when your networks are stable, secure, and feature rich.

Future posts will contain more specific ranting and musing about Microsoft, Cisco, Linux, Dell, wireless, and pretty much anything else I can think of. Stay tuned.