Apr 23

████████ Install

Did you get that new ████████ installed yet?”

Those 8 words have haunted me for the last 80 days.

Last December we started looking to replace our Cisco ASA firewalls with a shiny new NGFW.  After talking to a few companies we decided that ████████ looked like the best choice for our environment and price point.  The vendor said they will provide free installation services through their SE’s.

After some discussions we diced to install it in “Wire Mode” underneath our current firewalls to let us get some real world experience and get used to the new management features

Getting the ████████ installed has been a nightmare. Here is a running list of what I have been through in the last 80 days:

January 29th:  ████████ arrives. I am excited.  I get it racked and  an email sent off the the SE who is going to help with the install.  Setup appointment to install firewall on the 31st.

January 30th: SE emails with the flu and needs to move the install back one week until the following Friday.

February 7th: We configure the firewall with two interfaces set to do wire mode inspection and 1 interface setup to be the WAN interface with an internal IP address to be able to update the firewalls signatures. etc.   When we plug it in it kills all the traffic on the network.   We unhook it and agree to try it again the following Friday.  Failed Install Count: 1

February 11th:  I get an email for the SE that he has a meeting in Las Vegas this week and he cant help me install the firewall on the 14th. He will get with me the following week to setup a date.

February 18th:  Send the SE an email.  Get non-deliverable bounce.  Call sales person to learn that my SE was “let go” while in Vegas and she will find me someone else to work with.

March 3rd:  Put in contact with a new SE who just inherited 1/3 of the country to try to sort through.  We are going to try the install on Friday because it looks right and should work.

March 7th:  We try the install basically the same way we did a month earlier with the exact same results. We take a PCAP and she says she will look at it and get back to me.  Failed Install Count: 2

March 9th:  I get an email suggesting it may be a routing problem and that was can make a few tweaks and get it installed on the 14th.

March 14th:  Try the install after the routing changes and it fails again. I send the SE configs from the Firewalls and Switches the ████████ is in between. Failed Install Count: 3

March 17th:  Have a meeting with my manager and director about why this install isn’t going well. They suggest pulling out the equipment and sending it back.  I talk them into letting us keep in a keep trying because of the midstream SE change.  I HATE FAILING.

March 19th:  SE sends instructions on how to do a hard reset on the ████████ to start clean.

March 28th:  Reconfigure the ████████ the same way it was configured previously and retried the install.  It failed. I failed. ████████ failed. Failed Install Count: 4

April 1st:   We regroup with a conference call with engineering who ensures us that the way we are installing it is correct and they do installs like this 40 or 50 times a week.

April 11th:  SE calls in another SE from the West Coast to look over the install.  He says it should work that way but we reset and reconfigure the firewall into layer 2 mode because he is more familiar with that setup and likes it better.  I tell him as long as it works we can install it anyway he wants.   It doesn’t work.  He doesn’t know why.   They start suggesting we send the ████████ back.  Failed Install Count: 5

April 16th:  I discuss next steps with my Boss about sending the ████████ back.  I hate to fail.  I felt like this was a huge loss for me since I suggested the ████████. 

April 21st:  We were given the day off work for the day after Easter and I didn’t have anything to speak of going on so I came in early that day and spent the next 4 hours resetting and reinstalling the firewall.  After spending some time thinking about it I decide to redo the install without the “WAN” port being an internal address.  Once I got the firewall configured this way the installation went well.   I am still missing a few logging features I need since there isnt an interface who can talk to my SIEM but it is finally installed.

I call the SE and she is glad it is installed correctly but it still puzzled why it didnt work the way it should.   We get the next generation services turned on and she promises to call me back with an explanation on why it didnt work the other way.

What I learned:
You get the installation services you pay for.
I should have taken control of the install way earlier and did it myself.
The SE’s at ████████ arent bad people they are just untrained.

Apr 20

The Missouri Capitol in Spring

The Missouri Capitol in Spring

Apr 15

How To Be A Security Expert On Twitter

So you want to be a Twitter security expert? I have come up with an easy to follow list to make sure you are:

All Cons, All The Time!
If you are not tweeting about flying to, attending, partying at, or flying home from a con at least once a month you cant be a security expert.  Also try not to mention what you actually do for a living.  It removes some of the expert shine.

Be an expert on EVERYTHING.
Heartbleed? Drones? Malaysia Airlines Flight 370? Top Secret NSA Domestic Spying Programs? Windows Patching? Programming?  All in your wheelhouse.  If you are going to be a twitter security expert you need to know this stuff.  Skimming half a wikipedia page qualifies you to speak on any subject authoritatively. 

Everything is your business.
A company you own no stock in appoints someone you dont like to their board of directors or CEO? Good thing you are an expert on EVERYTHING!  Time to be really outraged and let everyone know it!

It is all about you!
This is the main rule of being a security expert on twitter! Every time somebody expresses an opinion with which you disagree, they are doing it to anger you personally. It would be wrong to not to take it as a deeply personal insult.

How many followers do you have?
Make you sure you are have at minimum one bot a week tweet about how many followers, re-tweet and mentions you have.  You need people to know how important and influential you are!

Apr 08

My goodbye letter to Windows XP

Dear Windows XP,

So this is how it feels to feel abandoned?  That is the question you have to be asking yourself this morning.  For the last 4549 days you have been a constant workhorse for PCs around the world and this morning Microsoft has decided that you are no longer worthy of support.

I remember the first time I meet you.  I was a 20 something systems admin who was in love with Redhat 7.1  and I thought you were going to be the end of the enterprise operating system.  A few service packs later you were a solid work horse who did her job without any real complaints.

You have been great to me and my career.  I owe you a lot and until Windows 7 came out you had been what I have used and supported nearly every day of my life for 10 years (I am still sorry about that fling I had with Vista in 2007. She was shiny, pretty and had so much promise. I am wrong and glad we can move on.).

I know you will live on in unprepared and underfunded schools, banks and grandparents systems for the next 10 years but  I am going to miss you.  Thanks for all the good memories you gave me and thanks for taking me this far in my career!

 Yours Truly,

Jerry Gamblin

Mar 29

“Life’s greatest difficulties always happen right before life’s greatest breakthroughs.”

Mar 28

“If you’re tired of starting over, stop giving up.”

Mar 26

How To Disable Twitter Photo Tagging

Twitter added a photo tagging feature today and like Facebook decided to have the default setting to allow anyone to tag you.

For your own saftey you should change it to this:image

The steps to do this are easy:

1) Login to Twitter.com
2) Go to the Settings tab.
3) Go to the Security tab.
4) Under Photo Tagging click “Do not allow anyone to tag me in photos”.
5) Scroll to the bottom of the page and Click “Save changes”
6) Enter your password to save your changes.

Mar 24

The Goonies is my favorite hacking movie.

My favorite conference asked the following question this morning: 

#44CON QOTW: If you could watch two hacker films the night before 44CON what would they be? Just erm… asking…

— 44CON (@44CON)
March 24, 2014

My answer was the noncontroversial WarGames and the controversial The Goonies.

My friend Steve Lord asks the question that inspired this blog post:

@JGamblin @44CON is the goonies a hacker film?

— Fake Steve Lord (@stevelord) March 24, 2014

Why yes it is. Please let me explain:

Gooines: A group of working class families are being evicted from their houses to make room for an expansion of a country club.





Hacking:  Data was the original hardware hacker.  Any security conference you attend will have at least one talk of someone hacking non security related hardware.


Hacking: The Fratellis are basically a group of blackhat hackers who think they are a smarter than they really are and can be easily defeated by a group of teenagers. 


Hacking: The hacking community is basically built on taking a group of socially awkward people and forming tight knit and caring communities.

Mar 23

“If you aren’t training new leaders you are on autopilot and you won’t succeed.”

Mar 18

Facebook vs Twitter

Today I had a “Classic Jerry” moment and had a pen explode as I was spinning it around in a meeting.

This was the aftermath:

Afterwards I post the exact same same stats to my FaceBook and Twitter account:
My pen broke while I spinning it around in a meeting it ruined my shirt and got ink all over my face.

The reactions couldn’t have been more different.

On twitter I get made fun of:

and on Facebook I get tips on how to remove the stain:

Mar 14

Computer Search

This is what it is like anytime I am asked to search someone’s computer.

Mar 12

Hammers and Social Media

I had a chance last night to speak to the Central Missouri Foster Care and Adoption Association about social media and social media security.

My opening question was simple:
What does social media and hammers have in common?

The two main points of my talk were the following:

My first point was:
You wouldn’t give your 13 year old a box of nails and hammer and tell them to go build something without first showing them how to properly use a hammer.  This means as parents you are going to need to know the difference between a snapchat and an instagram. The days of being able to say “I dont do that internet thing” are over.

My second point was:
According to the FBI 2011 496 people were killed by hammers. It was terrible and tragic misuse of the tool. The way to fix that isn’t to ban hammers. This applies to social media also. There are tons of tragic cases about when people misuse social media but that shouldn’t stop you from letting your child use this very important communication tool.  

This was one of the favorite groups I have talked to all year. These people all have amazingly loving hearts for kids and want to do what is best for them. It was great to talk to a group of such involved parents.

Mar 10

Mar 08

Name 5 People Who Are Better At Your Job Than You

Can you name 5 people who are better at your job than you are?

I was asked this question earlier today and after trying to convince myself that “no one is better than I am” I took 5 minutes and wrote out a list of  people who are better at my job than I am. 

If you could ask them 5 questions what would they be?

This wasn’t as hard and I came up with these 5 pretty quick:

What drives you?
What is the first thing you do when you get to the office?
How do you manage work and life balance?
What books have influenced your career that most?
What was your biggest failure and what did you learn from it?

Now it is your turn: Can you name 5 people who are better at your job than you are? If you could ask them 5 questions what  would they be?

Mar 07

“The truth is like a lion; you don’t have to defend it. Let it loose; it will defend itself.”