When your network engineer quits the job?

When your network engineer started to search for a new job opportunity? When he/she applied for a new job? I know the answer and I will share it with you. It was Monday.

I know it because I was operating a job board for network engineers as a part of this web site. I was checking the statistics for productivity and effectiveness of my campaigns.  I realized that network related job searches have a peak of 20% every Monday. It is a statistical meaningful difference but not a big thing alone.

The surprising truth is people click at least %100 more what they have been offered. They are ready to accept any new job offer two times more than any other days.  It becomes 2.4 times when we multiplied with search tendency. Within the week, figures declining day by day and weekends are so calm. This means Mondays also have a trailer effect on following days.

So, what to do? You should do something for Monday mornings. It would be an extensive “Good Morning” session, per person, a common breakfast or a similar activity (e.g. tai chi). For sure it should not be and official jour fixe. You should free your Monday mornings for the team. If you can hit the ground from the very first day of the week, you will have them for the rest of the week.

Happy Fridays are not working, we need happy Monday mornings!

Network Engineer Job Description

It is a very difficult process to get approval for a new hiring. Especially for a senior network engineer position, it is getting harder because of its high budget. The next steps is to prepare a attractive job posting.

I just prepared a generic list for job description and required qualifications for a network administrator position. I made a list  of all possible skills /qualifications. It can be used by just removing any unnecessary lines. Unnecessary skills requested in a job post,  reduce the amount of applications and of course increase salary expectations. Please comment if you have any suggestions.

Name of the Position / Vacancy

Junior / Senior Network Administrator

Junior / Senior Network Engineer

Network Support Specialist

Network Support Technician

Education / Certifications
Associate / Bachelor’s / Master’s Degree in Information Technology, Computer Science or a related discipline
CCNA / CCNP / CCIE certification or equivalent experience required
CompTIA Network+ certification

Technical Skills & Experience
Experience in an ISP / Enterprise / Academic environment strongly preferred
Expert knowledge of networking technology and concepts
Demonstrated experience with Cisco Switches, Routers and Firewalls
Experience with the configuration of Routers, to include IP addressing, routing and Access Control Lists
Experience with the configuration of network switches including VLANs and VLAN Trunking.
At least 5 years’ experience in operating large routed and meshed VPN
At least 3 years’ experience in troubleshooting, operating and maintaining both IPSEC and SSL client supporting VPN
At least 4 years’ experience with the configuration of network firewalls including access policies and VPN tunneling
At least 6 years in a lead role as a network administrator in a Cisco environment
Experience with network monitoring tools
Some experience with voice, telephony and VOIP systems

Nontechnical Skills
Experience in vendor negotiations
Strong leadership and interpersonal abilities
Strong documentation and/or technical writing skills
Ability to write reports, guidelines, and procedure manuals
Communicate effectively in both oral and written forms
Detail oriented and ability to work independently or as part of a team
Ability to use good judgment, problem-solving and decision-making skills
Have the ability to handle multiple tasks at the same time
Proven analytical, evaluative, and problem-solving abilities
Ability to effectively prioritize and execute tasks in a high-pressure environment
Ability to work in a deadline-driven environment and respond to multiple priorities
Excellent organization skills
Excellent customer service skills
Ability to read, analyze, and interpret corporate guidelines, standard documents, design templates
Ability to effectively present information and respond to questions
Ability to work well with people from many different disciplines with varying degrees of technical experience

Valid driver’s license
Green card or U.S. Citizenship required for this position
U.S. citizenship required
Must meet eligibility requirements for access to classified information
SECURITY CLEARANCE REQUIRED: Must be able to maintain a clearance at the TOP SECRET/SCI level

Working Conditions
Willingness to work irregular hours on both weekdays and weekends
Willingness to put in extra hours as projects and priorities dictate
Willingness to sitting for long periods, speaking on the phone
The position may require travel to other domestic and international sites
Shift work is required
Ability to lift 50 lbs.

Just took 642-902 ROUTE Exam and failed

I have been slapped on my face when I started the exam. My CCNA Certification was about to expire. I do not need certifications deadly but I wanted to keep the achievements, which I already had. I booked the exam and leave two weeks for preparations. In the end, I failed.

I used mainly Cisco learning network. Some practice question sets gave an impression about the exam. There are some preparation documents too. I also found some web sites most of them were prepared for BSCI exam that could also be helpful for new route exam. Of course, these statements were valid until exam date.

To keep it short I will summarize my findings.

  • It would really help to have official training documents for ROUTE exam (at least the book CCNP ROUTE 642-902 Official Certification Guide)
  • Things like BGP properties , OSPF LSAs should be memorized (to know something about them is not enough)
  • You should made some configuration examples on a lab or simulator on all subjects
  • You should examine all related show commands (I mean in lab or simulator environment)
  • Some of the questions can be time consuming, You should be steady, sure about your answer and do not paused after answered

I am not sure if I will be able to enter this exam again before my CCNA has expired. However, I am sure I will continue to study on these subjects as I mentioned above. This is something more than certification for me now. I realized that I am dulled in years and I have to fix this immediately.

Cisco Auto MDI/MDIX Switch Support Matrix

You don’t need to use a crossover cable anymore to connect a switch to another one. Actually, the correct name of this switch feature is Auto MDIX (Medium dependent interface crossover). Let’s make a long story short. You just need a straight-through cable in between the PC (MDI type) and switch (MDIX type). A crossover cable is necessary when you have the same type on both ends like PC-to-PC or switch-to-switch connection. If the device supports Auto MDIX, it changes its port type itself according to the other side.

You MUST enable speed and duplex auto negotiation as prerequisite. You have to write down below commands on a Cisco switch to enable it.

speed auto
duplex auto
mdix auto

However Auto MDIX does not supported by all Cisco Catalyst switches.

Cisco Switches without Auto MDIX support
Catalyst 2950
Catalyst 3550
Catalyst 4948

Cisco Switches with Auto MDIX support
Catalyst 2940
Catalyst 2960
Catalyst 2970
Catalyst 3560
Catalyst 3750
Cisco IE 3000

FAQ Section:
Q1) Which pins are in use in MDI &MDIX type ports?
MDI : Pins:1 , 2 transmit 3 , 6 receive
MDIX : Pins:1 , 2 receive 3 , 6 transmit

Q2) Does it work if I use a crossover cable with an Auto MDIX port?
Yes, it does. Both straight-through and crossover cables work fine.

Q3) Can I fix speed & duplex and use Auto MDIX?
No. Auto MDIX uses speed negotiation process to recognize the other side’s port type. You have to use a crossover cable if you want to fix speed and duplex.

Q4) Do I need Auto MDIX on both interfaces to let it works?
No. It is enough if just one interface supports Auto MDIX but speed and duplex should be auto on both interfaces.

Cisco Network Monitoring Common Mistakes

I am going to touch on common mistakes in network monitoring in this post . You know for sure that you need a network-monitoring tool for managing your network. There are wide varieties of tools available that range from simple to complex and free to enterprise ones.
If you get one monitoring tool and install it, can you say that everything is under control? Are you going to be aware of what happened in your network? I will try to warn you about common mistakes in network monitoring. Actually, these mistakes are common for any kind of network however my experience on Cisco environment.

1. Monitoring without documentation
If you are monitoring your network while you don’t have the proper network documentation, then it will not be clear whether monitoring is complete or not. How can you be sure about reliability of your monitoring system without knowing exact number of devices, their models and their interconnections?

2. Only network specialists should watch over network.
Network specialists must setup network monitoring systems, but watching over them and taking first action should not be their task. If you have network monitoring screens, then such screens should be watched over by –
• A monitoring team – if the network is big enough (e.g. a NOC)
• Help desk – if you have
• End user support team
Any alert (alerts, events, mails, SMSs) should be directed to help desk or end user support team. The receiver must be able to handle it immediately. Alertness is the key here and therefore this task should not be assigned to staff who is involved in projects and moving often. Help desk staff should be intimated first and then information should move upwards based on the hierarchy, finally reaching the network admin to sort out the issue.

3. Unhandled alerts
All alerts should be checked and cleared. If there is expected maintenance on some devices, then they have to be excluded from monitoring system (This is a must have for a network monitoring tool). If some alerts stay on the monitoring system for a long time, then it will cause alert blindness on the team. False alerts may also drop your confidence in the monitoring system.

4. Correct probe points & traffic behavior
You have to understand your routing infrastructure very well, especially for flow monitoring. Sometimes, you can find undesirable traffic so easily, but it does not happen always. In case of a huge download, you just have to look at the right point in the backbone. In case of an antivirus update, traffic is one to many, you have to summarize collected data by source or target upon direction of traffic and in the case of many to many traffic like virus infections, you have to know or guess characteristics of undesired traffic (like tcp port). If you ignore these details, you can look at your netflow monitor and can swear that all seen traffic is necessary.

5. No history
If you have your monitoring system ready, but you monitor just some nodes and think that you can monitor any necessary point if something untoward incident happens (I mean SNMP monitoring),then you are playing with the fire! When something happens, to analyze it you will have to compare this condition with the normal conditions but you will be too late for that. It won’t be possible to acquire this information anymore. Therefore, you must monitor all ports and the interfaces that have to be monitored from the first day. Your monitoring technique is correct only when it is complete.

6. We have a huge tool – problem is over
This is about decision phase of network monitoring. You should define your needs well and choose fitting tool for your network. No more, no less. This decision is not just about cost. The concept will be clear with an example and a good example is Cisco Works. It is huge, capable and a brand that is trusted all over the world. However, if you don’t have a dedicated staff for this, then it is really hard to install and use it. I have come across many people who purchased Cisco in anticipation that it will be very beneficial to them, but did not make use of this powerful tool completely. It is like buying a truck and trying to park it in your car garage, which is a foolish decision!

7. Network monitoring is not a mission critical process
How much loss do you incur if your network monitoring system stops working? Is it going to stop production, sales or logistics? The answer is no. So, network monitoring system is not a mission critical system. This could be true. Network itself is mission critical. Everything stops when it stops. Network problems should be fixed immediately. You have to find the problem (here you need monitoring) in minutes. Nevertheless, your monitoring system can be down because it is not a mission critical system. If this is the case, you should connect each device separately and look for errors. It is similar to a situation in which you are driving on the highway with broken gauges (fuel, temperature, speed). Good luck!

These are the seven common mistakes in Cisco network monitoring. You are in charge of keep them away from your network.

Network Security first-step

I am writing my first book review here in my blog after almost two years. I guess it is the only technical book that I read within this period “Network Security first-step”. Honestly, I do not feel the necessity to read a book. I can easily googling on the Internet write on forums or better ask my contracted partner for the necessary info.

I was sitting lazy in the office; one of my colleagues came and said “if you want to order a book this year, find it on Barns&Noble and send me the link until afternoon”. Some ideas flow over my mind
– No I don’t need a book
– Maybe a reference book would be good. No I am using Cisco web site and it’s searchable
– Exam preparation books maybe. No they are boring.
– If I found a book that I can read before sleep. Well written, easy to read, but not marketing mambo jambo, to get some real purified info.
I started to search than.

Network Security first-step cover

The book “Network Security first-step”

It has been written by Tom Thomas, published by Cisco Press in 2004. ISBN number is 1-58720-099-6. It has red cover with a lock on it, 431 pages. It has $29.95 price tag on behind.

It is a must read for any IT guy who has “security” word in his/her title or job definition. If you are teaching any kind of information security courses /classes, you too. It is also a must read for all networkers on security specialization path and Information security auditors.

It is nice to read if you are CIO or IT technology manager/director and any kind of networker.

The Content
It starts with basics of hacking; terminology, methods and organizations working against hackers.
It talks about security technologies like ACLs, NAT and TACACS. Continue with security protocols like DES, MD5, PPTP and SSH, A full chapter for firewalls, a full chapter for router security. A very clear and detailed VPN chapter has been followed by wireless security. Wireless security includes both technology related titles like WEP, EAP and history of war walking and wireless hacking tools. IDS chapter is so informative and honeypots was a new term for me explained in this chapter. Last chapter is about real world hacking tools.

Most interesting thing in this book for me was second chapter completely dedicated for security policies. Explains basics of building security policies and than it gives some reusable security policy samples.

Mentioned tools mostly open source tools which you can easily download from Internet and work on your own in more detail. Related URLs has been given for tools and organizations. This will let you use this book as a start point for your further security studies.

He mention about his own company (Granite Systems) in some points. I have to say there are some hidden advertising on it.

This book does the trick. Get one copy of it for your own. I am aware this book has been published in 2004 and I am suggesting it in 2009. You can preview some chapters at Amazon website. You will see why I suggested it.