Kerry Thompson BSc., DipCompSci., CISSP, CCNA
Portfolio of Recent Works



Certifications








Recent Works

The following is a list of recent works and projects that I have been involved with. Most recent ones are at the top.


Description   Technologies

Multiple installations of Juniper SSG series firewalls for small and medium businesses. Including areas such as firewall policy development and implementation, site-to-site VPN, remote access (dial-up) VPNs for roaming remote access.
  • Juniper SSG firewall installation and support
  • Juniper ScreenOS installation, upgrades, support
  • Firewall policy development
  • Site-to-site IPSec VPNs
  • Roaming client dial-up IPSec VPNs
  • Shrew IPSec VPN client

Network upgrade for a complex enterprise LAN/WAN environment with redundant WAN links to remote offices. This involved migrating an enterprise network with routing performed by low-end Cisco routers to one performed by new Juniper SRX router/firewalls.
  • Juniper SRX firewall/routers installation and support
  • JUNOS installation, upgrades
  • JUNOS Enterprise Routing - OSPF
  • Juniper SRX VPNs : site-site IPSec, Dynamic VNP
  • Cisco IOS - JUNOS integration
  • Telecom OneOfice integration

Advanced Unix/Linux C programming. A short stint developing Unix system software written in C.
  • Unix/Linux system programming
  • Shared memory structures, semaphore locking
  • Messaging, queuing
  • Unix process control
  • Networking interfaces : sockets, TLI

Network and Security systems design for a major telecoms company.
  • Advanced & complex telco network design
  • Data centre strategies
  • Security requirements specification & implementation
  • Cisco, Netscreen, F5 technologies

Network strategy and design for large enterprise. Covered such items as rearchitecting the core network, implementing Intrusion Prevention Systems (IPS) and developing a stratagy for network architecture in an expanding enterprise.
  • Core network architectures for multi-gigabit switching
  • Service Oriented Architecture strategies
  • Tipping Point Intrusion Prevention Systems
  • Cisco 6509 switches
  • WAN acceleration products (such as Riverbed and F5)
  • VOIP architectures

Two articles for SysAdmin magazine written and submitted for publishing. The first on using OpenSSL and GPG for encrypting backups (published March 2007), and the second on using PasTmon for measuring application performance by passively monitoring network traffic (published July 2007).
  • UNIX/Linux backup & recovery
  • OpenSSL, GPG
  • Encryption and key management
  • PasTmon

Network design in an ISP environment, remodelling a classical 3-Tier network architecture into an architecture modelled on Sun's SDN (Service Delivery Network) model. Extensive analysis of existing application connectivity and network architectures.
  • Switching, routing, firewalls
  • Sun Service Delivery Network (SDN) architecture
  • Analysis of application data flows and network requirements for applications

Testing of an GSM SMS router for mobile messaging systems.
  • Telsis SMS Router equipment
  • SMSC's & SMPP protocol testing
  • Perl::SMPP library

Installation of a Cisco MDS 9216 Fabric Switch
  • SAN topologies, VSAN switching

Presented a paper at the Bright*Star 2006 Security Summit Conference in Auckland. Topic covered was "Incident Response Best Practices"
  • Incident response procedures & practices

CCNA recertification. See CCNA Tips II
  • Cisco switching
  • Cisco routing
  • ... and the rest of the CCNA syllabus!

Network design work for large ISP/Telco. Plenty of switching, routing, firewall design and troubleshooting.
  • Cisco switching
  • Cisco routing
  • Checkpoint firewalls
  • Cisco FWSM firewalls
  • Microsoft Word advanced
  • Microsoft Visio network diagrams

Implementation of a system to replicate a Linux OS image throughout a cluster of 50 servers taking part in a computing cluster for Bioinformatics. By using SystemImager and a system for autonomous network booting, a system for automatically installing and updating the OS on many systems was implemented.
  • SystemImager
  • SystemConfigurator
  • ISC DHCP server
  • SysLinux, PXELinux installation & build environments
  • SuSE Linux 9.3 Professional

Implementation of a file and print server for a small company, including migration from a legacy Windows NT server for approx 25 users. Linux server installation and lots of Samba work, including a seamless migration from a Windows server to a Linux server for all file and print services.
  • SuSE Linux 9.2 Professional
  • Samba v3
  • CUPS printing system
  • AVG anti-virus for Windows workstations (update server for Linux)
  • Amanda backup and recovery
  • mkcdrec "bare metal" recovery
  • Postfix MTA
  • Nagios service monitoring
  • NTOP network monitoring

Diagnosis of VPN issues between Windows XP PPTP VPN clients and Windows 2003 Server. DSL routers at each end ( Netgear and Linksys ). Lots of packet capturing and analysis.
  • Windows 2003 server VPN services (PPTP)
  • Netgear DG834G ADSL router & wireless access point
  • Ethereal packet capture and analysis

HP-UX Recovery Exercise. A trial recovery of a midrange HP9000 server running HP-UX.
  • HP-UX
  • HP-UX Ignite system recovery

AIX Recovery Exercise. A trial recovery of a low-end IBM RS/6000 AIX based server.
  • IBM AIX v5.1
  • AIX mksysb backup/recovery system

Network design for WiFi access portal. Design of network infrastructure and security model for the servers which service a public-access WiFi network.
  • Cisco routing/switching
  • Cisco FWSM firewalls
  • Advanced network security modelling

Linux server automated build and configuration control system for IBM blade servers running RedHat Enterprise Linux v3. Using a combination of the RedHat Kickstart building tool, and CFEngine - a tool for maintaining system configurations for large numbers of servers.
  • CFEngine
  • RedHat Kickstart
  • RedHat Enterprise Linux v3

Migration of multiple VLANs from a haphazard array of small Cisco switches to a single ( stack ) of three 3750 switches.
  • Cisco IOS switching
  • Cisco 3750 stackable switches

Migration of a laboratory information system to Linux. The system code consists of approx 90,000 lines of C which implements a transactions-processing and communications environment to support application programs written in Cobol and connecting to Oracle. Originally designed to run on SVR4 ( and variants such as AIX, SCO Unix, etc ), the system was ported to run on Linux systems.
  • Linux C programming
  • Linux TCP/IP interface programming
  • Microfocus Cobol
  • Oracle Pro*Cobol
  • Oracle RDBMS

Paper : A Security Review of the ASB Netcode Authentication System - an unsolicited review of a two-factor authentication system fielded by the local bank.
  • Authentication models
  • Internet security models

Management of core data network and security systems for large ISP. Security Operations ( including 7x24 support ) for a large core data network and associated firewall systems. Includes design and architecture input covering many varied project implementations.
  • Cisco IOS switching & routing
  • Cisco FWSM firewalls
  • Checkpoint firewalls
  • Rainwall HA for Checkpoint firewalls
  • Sun Solaris OS
  • RSA SecurID authentication

Published two papers in SysAdmin magazine (now defunct) related to DNS Security : DNS Security Protocols I: Dynamic Updates and DNS Security Protocols II: DNSSEC
  • ISC BIND Server
  • DNS
  • DNS Dynamic updates and TSIG signatures
  • DNSSEC ( DNS Security protocol )