Jerry Joyce presenting on Security Features of the Disco Adaptive Security Appliance (ASA) family of Devices, at BNUG meeting 3/7/2017


Summary of Jerry's talk:


Jerry shared his learning about Cisco switches. They range greatly in speed and cost.  Switches can talk with each other, and advanced protocol does intelligent routing.


Encryption is a key part of communicating between switches, so we discussed private key/public key encryption. The clever idea here is that if you have Sam's message encrypted with Sam-Private-key and Mona's Public key, and Sam sends it to Mona, she'll be able to open it with HER private key and Sam's PUBLIC key, and this also guarantees that Sam really sent it.


We noted that when using Cisco equipment, adding capability means paying for subscriptions.


The "DMZ" -- this is a space which has an IP address on the internet (or on a router talking with internet) and an IP address on the local network, allowing both to have access. This allows people from outside to access the machine -- for example, it could be a web server-- and allows people inside to add content to it. But someone from the outside can't touch a machine in the local network. I wonder if a better term for this would be "visitor center".


The ranges of cost of Cisco routers is large, from a used switch for $50, to a 40G per second device for $150K.


Jerry emphasized that although these devices can be used to create VPNs, it requires many arcane commands to make it work safely.


(Transcribed by Adam Frost, Computer Care and Learning