Greg Ferro

Author Archives: Greg Ferro

IPv6 Extensions Are Already Dead

In this wiki entry disguised as a RFC 7872, “Observations on the Dropping of Packets with IPv6 Extension Headers in the Real World” highlights IPv6 Extension Headers are effectively unusable since internet providers are dropping IPv6 fragment and failing to support Extension Headers.  In IPv6, an extension header is any header that follows the initial 40 […]

The post IPv6 Extensions Are Already Dead appeared first on EtherealMind.

10000 percent more expensive SFPs

Cisco genuine SFP for 1000BASE-BX BiDi is 100 times more expensive than a compatible product. Choosing two random sites, Walmart sells Cisco genuine part for $829, Fibrestore sells same component for $7.29.

 

 

Screenshot of Safari 11 04 2017 09 33 40Screenshot of Safari 11 04 2017 09 33 30

Proving that Enterprise IT really doesn’t care about price, ROI, or value for money. Thats just management self-justifying their lack of talent and ability to measure risk.

Private Cloud will never compete with public cloud while price distortions like this are commonplace.

Link: 1000BASE-BX SFP 1310nm-TX/1490nm-RX 10km Transceiver | FS.COM – http://www.fs.com/products/29894.html

Link: Cisco 1000BASE-BX10 Downstream SFP Module – 1 x 1000Base-BX – Walmart.com – https://www.walmart.com/ip/Cisco-1000BASE-BX10-Downstream-SFP-Module/40322147

The post 10000 percent more expensive SFPs appeared first on EtherealMind.

Research: McAfee Labs Threats Report April 2017

Network professionals are the front line in cyber-defence by defining and operating the perimeter. While it is only a first layer of static defense, its well worth understanding the wider threat landscape that you are defending against. Many companies publish regular reports and this one is from McAfee.

McAfee Labs Threats Report – April 2017 – Direct Link

Landing page is https://secure.mcafee.com/us/security-awareness/articles/mcafee-labs-threats-report-mar-2017.aspx

Note: Intel has spun McAfee out to a private VC firm in the last few weeks so its possible that we will see a resurgence of the McAfee brand. I’m doubtful that McAfee can emerge but lets wait and see.

Some points I observed when reading this report:

  • McAfee wants to tell you about its cloud-based threat intelligence (which all security vendors have now, table stakes)
  • The pitch is pretty much identical to any other cloud threat intelligence.
  • The big six security companies have formed the Cyber Threat Alliance ( ….to prevent the startups from competing with them ? ) aka. Check Point, Cisco, Fortinet, Intel Security, Palo Alto Networks, Symantec
  • Big section on Mirai botnet and how it works.
  • Good summary of the different network packet attack modes in Mirai. Nicely laid out with Continue reading

Site News: RSS Feed Update

Do to ongoing problems with RSS feed hosting from Feedblitz, I am migrating the RSS feed to a new provider on Wednesday, 12 Apr 2017.

This may cause previously ‘read’ articles in your RSS feed to show as new. Its depends on how your RSS Reader the articles as “new” and what criteria they use to detect new/read.

Apologies in advance for the inconvenience but cannot continue with the unpredictable service, poor support and low quality website that Feedblitz has delivered over the last six months.

The RSS subscription is URL is unchanged http://feeds.etherealmind.com/etherealmind which should require no changes on your part.

The post Site News: RSS Feed Update appeared first on EtherealMind.

Response: Employee Burnout Is a Problem with the Company, Not the Person

This is so obvious.

The psychological and physical problems of burned-out employees, which cost an estimated $125 billion to $190 billion a year in healthcare spending in the U.S., are just the most obvious impacts. The true cost to business can be far greater, thanks to low productivity across organizations, high turnover, and the loss of the most capable talent. Executives need to own up to their role in creating the workplace stress that leads to burnout—heavy workloads, job insecurity, and frustrating work routines that include too many meetings and far too little time for creative work. Once executives confront the problem at an organizational level, they can use organizational measures to address it.

But its also your repsonsibility to balance your career plans & mental hygiene. Once you start over-working, thats becomes the level of expectation. I’ve learned that overachievement is not rewarded. You are the only person who suffers.

Your employer will take everything you have to give so that they get the money. Don’t do that.

Employee Burnout Is a Problem with the Company, Not the Person : https://hbr.org/2017/04/employee-burnout-is-a-problem-with-the-company-not-the-person

The post Response: Employee Burnout Is a Problem with the Company, Not the Person appeared first on EtherealMind.

Research: The Security Impact of HTTPS Interception

The use of TLS interception by outbound proxy servers is causing serious problems in updating the TLS standard to Version 1.3.

At the same time, middlebox and antivirus products increasingly intercept (i.e., terminate and re-initiate) HTTPS connections in an attempt to detect and block malicious content that uses the protocol to avoid inspection . Previous work has found that some specific HTTPS interception products dramatically reduce connection security ; however, the broader security impact of such interception remains unclear. In this paper, we conduct the first comprehensive study of HTTPS interception in the wild, quantifying both its prevalence in traffic to major services and its effects on real-world security.

This is the same problem that middleboxes cause anywhere on the Internet – Firewalls, NAT gateways, Inspection, QOS, DPI. Because these complex devices are rarely updated and hard to maintain, they create failures in new protocols. IPv6 rollout has been slowed by difficult upgrades. The same problem is happening with TLS. Its undesirable to fall back to insecure TLS standards that “work” but are insecure.

The EtherealMind View

The business need for proxy servers or protocol interception is for a small range of activities

  1. Scan Internet content for malware Continue reading

RFC 8114 IPv4 Multicast over IPv6 Multicast. Ouch.

While most people are getting excited about ‘cloud’ there are multi-billion dollar businesses working on upgrading their networks to early-2000’s level technology.

This proposed standard complexifies a carrier network to a whole new level. I understand that some carriers are delivering legacy video over their networks with IPv4 Multicast, but wow, keeping this running and finding high quality software apps won’t be a fun place to work.

This document specifies a solution for the delivery of IPv4 multicast services to IPv4 clients over an IPv6 multicast network. The solution relies upon a stateless IPv4-in-IPv6 encapsulation scheme and uses an IPv6 multicast distribution tree to deliver IPv4 multicast traffic. The solution is particularly useful for the delivery of multicast service offerings to customers serviced by Dual-Stack Lite (DS-Lite).

Some people networks are making money out of this stuff. I can’t imagine how much it costs to support the inherent complexity.

RFC 8114 – Delivery of IPv4 Multicast Services to IPv4 Clients over an IPv6 Multicast Network, MARCH 2017 – Proposed

The post RFC 8114 IPv4 Multicast over IPv6 Multicast. Ouch. appeared first on EtherealMind.

Opinion: Why You Will Never Be Better Than Automation

Michelin starred restaurants are serving Nespresso coffee . Why ? Because automation produces a consistent coffee. With sufficient quality inputs (coffee, machine etc), you will achieve a better overall outcome:

… in most cases mechanisation is competing not against the artisanal best but against the human mean. So, even if the very best coffee is still made the traditional way by a skilled, human barista, all Nespresso need do is produce better coffee than the majority of baristas, whom most coffee fanatics describe as incompetent anyway.

Its not just about automating coffee, leading restaurants are focussing on the quality of the inputs, system design and the outcome.

Even at El Bulli in Spain, voted the world’s best restaurant for a record five years before it closed in July 2011, this basic principle was evident. Head chef Ferran Adrià and his core team were not actually the ones preparing the food on the night. Their main role was to develop dishes, in a form of gastronomic R&D, during the six months of each year that El Bulli was closed. The restaurant kitchen itself was really just a very fancy production line. ‘You have to function like perfect machines,’ Adrià was shown telling the Continue reading

Research: Toward new possibilities in threat management – PWC

Report derived from annual Global State of Information Security® performed by PWC.

Good for managers and executives who can ‘t speak technology to introduce them to the ideas around cloud-based data analytics and how its taking over the security infrastructure market.

When it comes to threat intelligence and information sharing, the cloud platform provides a centralized foundation for constructing, integrating and accessing a modern threat program.

See what I mean. Obvious stuff.

This graphic stood out because it highlights that lack of real IT Security tools in place.

Screenshot of Safari 28 03 2017 13 48 22

Few capabilities are more fundamental to proactive threat intelligence than real-time monitoring and analytics. This year, more than half (51%) of respondents say they actively monitor and analyze threat intelligence to help detect risks and incidents.

Wowser. More than half, that’s real progress!!!

Its a good read for about 10 mins and worth passing into the higher layers. They might learn something.

Link: Key Findings from The Global State of Information Security® Survey 2017 – PWC http://www.pwc.com/gx/en/issues/cyber-security/information-security-survey/assets/gsiss-report-cybersecurity-privacy-possibilities.pdf

The post Research: Toward new possibilities in threat management – PWC appeared first on EtherealMind.

Response: AT&T Joins The Linux Foundation as a Platinum Member

Once upon a time its was all vendors in the Linux Foundation.

The Linux Foundation, the nonprofit advancing professional open source management for mass collaboration, today announced that AT&T has become a Platinum member.

This follows news of the company’s contribution of several million lines of ECOMP code to The Linux Foundation, as well as the new Open Network Automation Platform (ONAP) Project based on production-ready code from AT&T and OPEN-O contributors.

Are we really seeing a resurgence of customers doing it for themselves ? In particular, customers that are far larger than the traditional IT vendors are staking out positions in the open source community.

Link: AT&T Joins The Linux Foundation as a Platinum Member | The Linux Foundation – https://www.linuxfoundation.org/announcements/att-joins-linux-foundation-as-a-platinum-member

The post Response: AT&T Joins The Linux Foundation as a Platinum Member appeared first on EtherealMind.

Cisco IOS and IOS XE Software Cluster Management Protocol Remote Code Execution Vulnerability

Serious and easily exploited flaws in older Cisco IOS software. Commonly used, but old, switches used for Campus and SME Data Centres. Serious problem.

Thoughts:

  • Demonstrates how older Cisco devices are fundamentally insecure.
  • Cisco wasn’t focussed on security back then. They were happy if it even worked properly.
  • Cisco was slow to adopt SSH in IOS because customers weren’t asking for it. Microsoft should shoulder a lot of blame for not including an SSH client and we slowed operational adoption 1 (seriously, getting putty installed in many enterprises was a major problem)
  • Cisco has responded promptly and professionally to offer fix.
  • Customers should replace most of this kit, not fix it. You can expect many more security flaws in these NOS’s because security was a minor design issue for Cisco at that time.

The Cluster Management Protocol utilizes Telnet internally as a signaling and command protocol between cluster members. The vulnerability is due to the combination of two factors

  • The failure to restrict the use of CMP-specific Telnet options only to internal, local communications between cluster members and instead accept and process such options over any Telnet connection to an affected device, and
  • The incorrect processing of malformed CMP-specific Telnet Continue reading
1 46 47 48 49 50 75