Configuring ASA -- basics

I thought I need to share with you this so that we avoid wasting time when configuring ASA for the first time.

A typical mistake junior network administrator can make when configuring ASA, by following CISCO directives: See photo below

After permit statement, if you need in insert object-group, CISCO elaborates that "Specify a service or protocol object-group after this keyword"

Here is the catch, be careful, this will only work with protocol object-group and not a service object-group.

I would suggest CISCO edit this information and make it specific "protocol object group" to avoid confusion.

You will be safe anyways if you use ASDM, because you check boxes and they create command for you !

Enjoy!

Preparing kids to be creative!

To my suprise, I received a project that I need to assist my grade1 daughter (i.e darasa la kwanza tanzania), she was supppsed to do a research and make a presentation infront of her fellow students and class teacher.

I started reflecting this to myself, and i remembered that, the only project I did with 5 minutes presentation was my fourth year final project. That was my first time sort speaking, I stood in front of other people presented my knowledge in certain area of expertise, if I exclude academic  competitions I used to participate when I was in primary school which also made me stand up in front of large group and answer questions but not explain any concept and get challenges.

Looking at project description, and thinking back what can a standard one student do, I was wondering if my daughter could do anything regarding this project. I was there to guide her and make sure that she deliver on time, but surprisingly, she new all about searching information on google, reading books from library, visiting ponds and rivers, we did all that, then she made her final presentation, drew very nice picture of ponds and animals living in the pond as well as made a final report.

This is amazing, I am not sure if I would be able to do this when I was in standard one, but also, how many form fours in Tanzania can do such a thing?

I am not blaming students, but our education system,

Cant we just copy from others if we cannot create our own working ideas?

Anyways, I waited for my daughter as she was coming back from presentation, It was Amazing!

Next morning we decided to go for a shopping as I was so impressed with a good work!

Went then for a boat ride! 

Stopped somewhere for lunch on our way back home!

Finally, we had to go back home, time is up, preparing for another day. Thats me few minutes before hitting the road again!

           IT WAS A GOOD DAY!!!

Dynamic Security hardening for Corporates, is this happening somewhere?

This is what I was thinking tonight, one day I would like to see organizations or corporates run business without security experts because we have enables them with tools to take care of security configurations across there networks in all layers.

To achieve this, we must have developed a tool that will do analysis of network traffic and dynamically come up with security implementation plan, send it to the top management for approval then push this configuration into all network equipments dynamically without human intervention.!

After which keep monitoring and upgrade and enforce security policies as business changes. What a simple life and assurance for businesses.

What I am saying is organization install networking equipment {routers, switches, firewalls, IPS, IDS etc) perform basic routing to enable traffic flow. Then deploy this little "Wizard" and get reports via email regarding what need to be configured switches, router, firewalls based on what is happening on business in real-time.

When the CTO replies that email by a "Yes", this little "Wizard" should then go ahead and apply these security changes to relevant network equipment, while updating syslog server on what changes were implemented when and thats how we start. Keep upgrading as business changes using same model (i.e business must be made aware with this little "wizard" on what it intends to do).

Along the way, we should be able to track Security hardening maturity, at day one our dashboard with show RED, as we go along color will change to amber for example, stay there for a couple of months, then change to "Green" which means we have finished basics, and keep doing minor changes as we change business rules.

Do we have similar solutions somewhere or do you think this is new Idea? Let me know you opinion regarding this.

Enabling Rural Population using ICT

Recently I launched a book, this book summaries efforts made in enhancing life of Rural Population through the use of Information and Communications Technology, part of ICT for Rural Development (ICT4RD) project. In this context, we elaborated Telecommunications Systems Design and Implementations, Applications deployments, End user training & Capacity Building for Tanzania Rural Population, including some technical details of implementation. We also summarized challenges and opportunities associated with these efforts in Rural Tanzania.

 This can be used as a very good guideline for Junior Systems Administrators in working in Linux/Unix Environment. Graduate students can also use this as a reference book when it comes to finding technical know how in implementing various network services in open source environment. Not only these two groups but also researchers could use this book as reference, in their research work along ICT for Rural development.

You can order your copy directly from this link

Or contact me for more details or if you need some price discount.