Research: Toward new possibilities in threat management – PWC

Report derived from annual Global State of Information Security® performed by PWC.

Good for managers and executives who can ‘t speak technology to introduce them to the ideas around cloud-based data analytics and how its taking over the security infrastructure market.

When it comes to threat intelligence and information sharing, the cloud platform provides a centralized foundation for constructing, integrating and accessing a modern threat program.

See what I mean. Obvious stuff.

This graphic stood out because it highlights that lack of real IT Security tools in place.

Few capabilities are more fundamental to proactive threat intelligence than real-time monitoring and analytics. This year, more than half (51%) of respondents say they actively monitor and analyze threat intelligence to help detect risks and incidents.

Wowser. More than half, that’s real progress!!!

Its a good read for about 10 mins and worth passing into the higher layers. They might learn something.

Link: Key Findings from The Global State of Information Security® Survey 2017 – PWC http://www.pwc.com/gx/en/issues/cyber-security/information-security-survey/assets/gsiss-report-cybersecurity-privacy-possibilities.pdf

The post Research: Toward new possibilities in threat management – PWC appeared first on EtherealMind.

Response: AT&T Joins The Linux Foundation as a Platinum Member

Once upon a time its was all vendors in the Linux Foundation.

The Linux Foundation, the nonprofit advancing professional open source management for mass collaboration, today announced that AT&T has become a Platinum member.

This follows news of the company’s contribution of several million lines of ECOMP code to The Linux Foundation, as well as the new Open Network Automation Platform (ONAP) Project based on production-ready code from AT&T and OPEN-O contributors.

Are we really seeing a resurgence of customers doing it for themselves ? In particular, customers that are far larger than the traditional IT vendors are staking out positions in the open source community.

Link: AT&T Joins The Linux Foundation as a Platinum Member | The Linux Foundation – https://www.linuxfoundation.org/announcements/att-joins-linux-foundation-as-a-platinum-member

The post Response: AT&T Joins The Linux Foundation as a Platinum Member appeared first on EtherealMind.

Cisco IOS and IOS XE Software Cluster Management Protocol Remote Code Execution Vulnerability

Serious and easily exploited flaws in older Cisco IOS software. Commonly used, but old, switches used for Campus and SME Data Centres. Serious problem.

Thoughts:

• Demonstrates how older Cisco devices are fundamentally insecure.
• Cisco wasn’t focussed on security back then. They were happy if it even worked properly.
• Cisco was slow to adopt SSH in IOS because customers weren’t asking for it. Microsoft should shoulder a lot of blame for not including an SSH client and we slowed operational adoption 1 (seriously, getting putty installed in many enterprises was a major problem)
• Cisco has responded promptly and professionally to offer fix.
• Customers should replace most of this kit, not fix it. You can expect many more security flaws in these NOS’s because security was a minor design issue for Cisco at that time.

The Cluster Management Protocol utilizes Telnet internally as a signaling and command protocol between cluster members. The vulnerability is due to the combination of two factors

• The failure to restrict the use of CMP-specific Telnet options only to internal, local communications between cluster members and instead accept and process such options over any Telnet connection to an affected device, and
• The incorrect processing of malformed CMP-specific Telnet Continue reading

Google takes Symantec to the woodshed for mis-issuing 30,000 HTTPS certs [updated] | Ars Technica

Its become clear that the only way to improve security of certificate authorities is to follow through on threats. Symantec has been delinquent since 2012 in securing their processes and software. We have seen multiple instances of certificate falsely issued to domains (including Google’s domain). As the owner of Chrome browser, it has decided that Symantec is no longer fit to be considered a root authority for TLS (SSL) certificate.

Effective immediately, Chrome plans to stop recognizing the extended validation status of all certificates issued by Symantec-owned certificate authorities, Ryan Sleevi, a software engineer on the Google Chrome team, said Thursday in an online forum. Extended validation certificates are supposed to provide enhanced assurances of a site’s authenticity by showing the name of the validated domain name holder in the address bar. Under the move announced by Sleevi, Chrome will immediately stop displaying that information for a period of at least a year. In effect, the certificates will be downgraded to less-secure domain-validated certificates.

This is necessary. Politically this is a sound move. Taking down a major company that is US-based following removed of Chinese and Eastern European CA root certificates sends a message of fairness and balance. The repeat Continue reading

Video: Software Secures the World

Martin Casado doesn’t have a proper job since he left VMware. This gives him times to think deeply about the future of IT security as part of his role of wasting investors money at A16Z and considering where the next advances or futures will be. This video makes a lot of sense to me.

Once upon a time, we thought of security measures as being built like a wall around a medieval city. Then, as threats grew in complexity, we began to think of it more like securing a city or nation-state. Finally, security grew alike to aerial warfare — mobile, quick, wide-ranging. Each of these new modes for thinking about security represented a major misalignment between the security threats that had evolved and our strategies/tactics for dealing with them.
Now we are once again at another such major misalignment — thanks largely to the cloud and new complexity — requiring both a shift in how we think about and respond to threats. But we also have security “overload” given the vast size of our systems and scale of notifications.
How do security threats develop? How should CEOs and CSOs think of planning for them? What role will AI and Continue reading

Human Infrastructure And Always Planning to Quit and Move On

I did a video for “Speak With A Geek” where I sat down with David Sparks where I talk about approaching your career in a similar fashion to approaching your technology. Your value to the business is determined by how good you are as a piece of human infrastructure.

When you show you can do it for yourself, the people in charge will see that and want to invest in you to bump you up to the next level of productivity. Human infrastructure is no different than physical technical infrastructure, argued Ferro. You purchase a small infrastructure and then you scale it up, spending more money on it, make it bigger, more valuable, and able to do more. That’s no different in how you invest in yourself.

No matter how good your situation is, Ferro advised to “always have one eye on the door.” There is always a better opportunity even when you think yours is the best. For that reason, keep your skills and resume polished at all times and be available for what’s next.

The post Human Infrastructure And Always Planning to Quit and Move On appeared first on EtherealMind.

Video: “…You can either be a farmer, or join a politically motivated global hacking collective” – YouTube

Funny and insightful. Maybe.

Jake Davis, former Anonymous and LulzSec hacker, shares his hacker journey while exploring just what makes hackers tick…

“…You can either be a farmer, or join a politically motivated global hacking collective” – YouTube : https://www.youtube.com/watch?v=E0h_pNv1a98&app=desktop

The post Video: “…You can either be a farmer, or join a politically motivated global hacking collective” – YouTube appeared first on EtherealMind.

Cisco equipment Comprehsively Pwned by US Government

Tough day for Cisco. A large number of Cisco software releases and devices were comprehensively pwned by US Gov spy agencies. This isn’t surprising, thats what they are supposed to do but now the details have been published on WikiLeaks.

This LinkedIn blog post outlines some of what has been found.

When I took a quick look at Wikileaks data, the range of possibilities is substantial but require access to the device itself. The Cisco post has details on the range of exploits in their response published today: http://blogs.cisco.com/security/the-wikileaks-vault-7-leak-what-we-know-so-far which says its too early to frame a response. I agree.

Some thoughts:

1. Waiting to hear if other vendors are impacted, not known at this time but it seems likely.
2. Now that these vulnerabilities have been published, your networks are at risk.
3. There isn’t much that Cisco can do yet.
4. Cisco as a dominant vendor is a target because one exploit can be widely applied to more targets and because targets are likely to have Cisco assets.
5. The published vulnerabilities are for older equipment but more recent documentation will be released in the next few weeks. It could get worse if newer equipment is also vulnerable.
6. While it seems Continue reading

Video: Disk Drop

I do sometimes miss the old days of having a ‘private office’ (aka computer room) to play with stuff.

Link: Disk Drop – YouTube –

The post Video: Disk Drop appeared first on EtherealMind.

My ITIL Experience In An Org Chart

Some time back, someone challenged me to explain how ITIL impacted my workflow.

The diagram is largely inspired by my time working for a Top 5 IT Consultancy which was utterly convinced that more managers and project managers would improve the efficiency of the work performed because we could improve the process. In the end there were twelve project managers plus three manager-managers to schedule the work for just three engineers.

I pointed out that hiring another another engineer would improve work output by 33% but none of the ITIL project managers could understand this. It wasn’t about productivity, the customer, or address the need, the only focus was about hitting the deadlines, planned work hours and budgets.

ITIL is a disease. Kill it with fire.

The post My ITIL Experience In An Org Chart appeared first on EtherealMind.

Response: Cisco’s Identity Crisis: Complexity, Pride, and SD-WAN

An excellent post from Eyvonne Sharp highlights one of Cisco’s weakest areas, its enduring passion for too many products, too many options, too much complexity:

With that in mind consider Cisco, a company in love with complexity. They’ve built their business making complex systems. Their culture breeds nerd knobs. They’ve built certification tracks — through which many network engineers have built their careers — to develop expert level understanding of their products.

At the same time, engineers operate in a culture were we believe configuration and operational complexity have inherent value. We unconsciously embrace the following logic: Networks are complex. One must be smart to understand networks. I understand networks. Therefore, I’m smart.

We extrapolate this logic and believe that complexity, for complexity’s sake, makes us superior. In truth, our pride has tied gordian knot with complexity and we don’t know how to unravel it.

Using SD-WAN as a use case to highlight Cisco’s love of its own complex technology instead of radically redefining itself. Cisco has limited traction in SD-WAN space because its current technology is hard to design, harder to operate and lacks features. While the business units are doing their best to make it simple, building on Continue reading

Response: IETF RFC 8033 Proportional Integral Controller Enhanced (PIE)

Proportional Integral Controller Enhanced (PIE) is another active queue management algorithm for dropping packets.

Similar to RED, PIE randomly drops an
incoming packet at the onset of congestion. Congestion detection,
however, is based on the queuing latency instead of the queue length
(as with RED). Furthermore, PIE also uses the derivative (rate of
change) of the queuing latency to help determine congestion levels
and an appropriate response. The design parameters of PIE are chosen
via control theory stability analysis. While these parameters can be
fixed to work in various traffic conditions, they could be made
self-tuning to optimize system performance.

We know that Bufferbloat is problem, and there are many algorithms proposed. PIE might be suitable for existing network hardware since its approximates Random Early Discard. BBR Congestion Control has been suggested and implemented by Google (related to QUIC/HTTP2) and possibly has the momentum, so I’m not sure if PIE

Link:https://www.rfc-editor.org/rfc/rfc8033.txt

Link: BBR: Congestion-Based Congestion Control – ACM Queue – http://queue.acm.org/detail.cfm?id=3022184

The post Response: IETF RFC 8033 Proportional Integral Controller Enhanced (PIE) appeared first on EtherealMind.

Research: The Business Bene ts of Automation and Orchestration – Cisco

Whitepaper from Cisco SPBU that nicely sums the advantages of orchestration and automation. Although its focussed on the service provider market, you could easily use this for an Enterprise proposal and make the case.

The overall savings in time and motions ranged from 60 to 70 percent, with the related OpEx avoidance from 50 to 70 percent. Over five years, that translated to an ROI of 383 percent and savings of $3 to $16.7 million for Tier 3 to 5 providers. The data for Tier 1 and 2 operators shows an estimated savings over five years that exceed $70 million.

Link: The Business Bene ts of Automation and Orchestration – http://www.cisco.com/c/dam/en/us/products/collateral/cloud-systems-management/network-services-orchestrator/white-paper-c11-738289.pdf

The post Research: The Business Bene ts of Automation and Orchestration – Cisco appeared first on EtherealMind.

Frequently Asked Questions: Submarine Cables 101

Useful background information on oceanic cabling from Telegeogrphy.

I’ve been involved with TeleGeography’s research on submarine cables since 2000. Over the years I’ve fielded numermous questions about the submarine cable industry from journalists, investors, family, and friends.

It seems as good a time as any to provide a compilation of answers to some of the most commonly asked questions.

Worth a read.

Frequently Asked Questions: Submarine Cables 101

The post Frequently Asked Questions: Submarine Cables 101 appeared first on EtherealMind.

Cisco Shrinks in Switching, Routing and DC

Cisco shrinking overall ~2% per quarter (fifth straight down quarter). 10% down in routing, 5% down in switching, 4% down in DC. Increases dividend, investors happy.

Cisco reported $11.6 billion in revenue for Q2 2017 on February 15, 2017, a 2% YoY decrease, but in line with guidance of a 2-4% YoY decline.

Revenue breakout:

Product, $8.49B (down 5.5%); Service, $3.09B (up 4.9%).

By segment:

Switching, $3.31B (down 5%); NGN Routing, $1.82B (down 10%); Collaboration, $1.06B (up 4%); Data Center, $790M (down 4%); Wireless, $632M (up 3%); Security, $528M (up 14%); Service provider video, $241M (down 41%); other, $116M (up 53%

“Cash” of $71.8 billion at the end of Q2 2017, with only $9.6 billion in the US. The introduction of a Corporate Tax Holiday could have huge positive ramifications for Cisco.

The Q3 2017 outlook calls for revenue to decline by 2% or to remain flat YoY.

Data Center

Total product revenue was down 4% and let me walk through each of the product areas. Switching declined 5%, driven by weakness in Campus partially offset by strength in the ACI portfolio, which was up 28%

Cisco ACI is holding Continue reading

Sponsor: FutureWAN – a virtual conference on SD-WAN

A couple of months Packet Pushers hosted an open format, non-boring, live discussion about the reality of operating a SD-WAN with people who have lived through it. This was part of the Future WAN Virtual Summit series from Viptela which are now available online.

The session format was live questions & answers from the audience (via chat window)  we answered them live, on air.

Packet Pushers Open Mic Live: Real SD-WAN Challenges Live Q&A

Ethan Banks & Greg Ferro, Analysts, Packet Pushers Date: Jan 17 2017, 0900PST Duration: 45 mins

Direct link to Access 

On a separate note, I would welcome any feedback about the “Virtual Summit” idea. The sessions were recorded and now available for anyone to watch.

Which has me thinking about the potential of running a “virtual conference”.

Could that work ? Drop a note in the comments or email me I would love to hear what you think.

The post Sponsor: FutureWAN – a virtual conference on SD-WAN appeared first on EtherealMind.

Response: Network Icons – ‘net work

These are great icons for network diagrams from Russ White. Much more useful for all diagrams purposes than most other icons.

I’ve developed this set of vendor neutral network icons for drawing diagrams in presentations, books, and the like. I’m placing them here in the public domain in four different formats

Network Icons – ‘net work : http://rule11.us/net-icons/

Personally, I use simple shapes and colours for my diagrams for simplicity but I suspect these will appeal to people who are Visio-centric in their workflow.

The post Response: Network Icons – ‘net work appeared first on EtherealMind.

Response: AT&T, Microsoft Ventures back networking startup SnapRoute in $25 million round

How does a BGP/OSPF routing app on a network device cost more than Microsoft Office ? One is really complex with thousands of features, complex interface and must support a huge range of hardware. The other one is an BGP or OSPF app. 

“His” refers to Jason Forrester, formerly global data center network manager at Apple and now the founder and chief executive of SnapRoute. The startup now has roughly 32 employees, Forrester told VentureBeat in an interview. Forrester figures that the startup has around 35-50 customers, and its software is being used on 12,000-13,000 switches. He declined to name any of SnapRoute’s customers, but Facebook employees have repeatedly mentioned the company’s software by name in recent months.

1. Snaproute is clearly gaining momentum with their networking apps with comapneis
2. The software is simpler, focussed and more reliable: “Sure enough, Forrester said, while Cisco’s code runs to 30 million lines of code or more, SnapRoute’s takes up perhaps 100,000.”
3. A modern startup can compete with established vendors on features and get substantial sales in markets that they cannot reach

AT&T, Microsoft Ventures back networking startup SnapRoute in $25 million round | VentureBeat | Entrepreneur | by Jordan Novet : http://venturebeat. Continue reading

Research: Router Optics Evolution and Market Trends

Timely information on the future of optics and SFP modules. The current situation of price overloading by vendors is seriously grim (markups of 1000% are common) and this could help to increase your knowledge in the area.

• Router Optics vs. Transport Optics
• Router Optics Evolution
• 100G Optics Status and Challenges
• Higher 100G Density Considerations
• Router Optics Market Trends

Router Optics Evolution and Market Trends 2_Liu_Optics_Evolution_And_v1.pdf

https://www.nanog.org/sites/default/files/2_Liu_Optics_Evolution_And_v1.pdf

NB: From a NANOG meeting but haven’t been able to track down the exact link.

The post Research: Router Optics Evolution and Market Trends appeared first on EtherealMind.

Research: BBR: Congestion-Based Congestion Control – ACM Queue

The BBR algorithm appears to be building critical mass of support in the Internet community which makes reading this research paper even more worthwhile.

When bottleneck buffers are small, loss- based congestion control misinterprets loss as a signal
of congestion, leading to low throughput. Fixing these problems requires an alternative to loss-based congestion control. Finding this alternative requires an understanding of where and how network congestion originates.

BBR: Congestion-Based Congestion Control – ACM Queue : http://queue.acm.org/detail.cfm?id=3022184

The post Research: BBR: Congestion-Based Congestion Control – ACM Queue appeared first on EtherealMind.