Russ

Author Archives: Russ

Big Data for Social Engineering

First, it integrates with corporate directories such as Active Directory and social media sites like LinkedIn to map the connections between employees, as well as important outside contacts. Bell calls this the “real org chart.” Hackers can use such information to choose people they ought to impersonate while trying to scam employees. From there, AVA users can craft custom phishing campaigns, both in email and Twitter, to see how employees respond. via wired

This is a white hat tool, of course, a form of social engineering penetration testing. Two points of interest, though.

First, you can be pretty certain hackers are already using this sort of tool today to find the right person to contact, how to contact them, and to discover the things they know people will respond to. The rule of thumb you should keep in mind is — at least 80% of the time, hackers are already using the tools researchers come up with to do penetration testing. Remember all those fake people inhabiting the world of twitter, facebok, and the like? Some of them might not be just another click farm — some of them might be clickbait for hackers to find out who you Continue reading

Are Walled Gardens the Future of the ‘net?

From the very beginning, the walled garden has been the opposite of what those who work on and around the ‘net have wanted. The IETF, and the protocols it has developed over the years, have always been about free and open access to anyone who wants to learn networking, coding, or even just what the latest baseball score for their favorite team. Of course, a number of tech giants (remember Compuserve?) fought to build walled gardens using the tools of the Internet. A user would dial into a modem pool, and access the world through a small portal that would provide a consistent and controlled interface for their entire experience, from email to news to chat to…

The same battle rages in recent times, as well. Phone makers, mobile providers, and even social media networks would desperately like to make your only interface into the global Internet a single O/S or app. From this one app, you’ll be able to talk to your friends, pay your bills, save all your data, and, in general, live your entire life. And for those times when you can’t get to what you want outside the app or social network, they will gladly Continue reading

Worth Reading: New Port Mapper DDoS Attack

In hopes of warding off significant attacks, Level 3 Communications is trying to spread the word among ISPs of a major new distributed denial of service (DDoS) threat. The threat was identified after Level 3’s security monitoring detected unusual activity that appeared to be bad actors testing out and then using a new DDoS threat vector, Portmapper. via lightreading

The post Worth Reading: New Port Mapper DDoS Attack appeared first on 'net work.

Liskov Substitution and Modularity in Network Design

Furthering the thoughts I’ve put into the forthcoming book on network complexity…

One of the hardest things for designers to wrap their heads around is the concept of unintended consequences. One of the definitional points of complexity in any design is the problem of “push button on right side, weird thing happens over on the left side, and there’s no apparent connection between the two.” This is often just a result of the complexity problem in its base form — the unsolvable triangle (fast/cheap/quality — choose two). The problem is that we often don’t see the third leg of the triangle.

The Liskov substitution principle is one of the mechanisms coders use to manage complexity in object oriented design. The general idea is this: suppose I build an object that describes rectangles. This object can hold the width and the height of the rectangle, and it can return the area of the rectangle. Now, assume I build another object called “square” that overloads the rectangle object, but it forces the width and height to be the same (a square is type of rectangle that has all equal sides, after all). This all seems perfectly normal, right?

Now let’s say Continue reading

Engineering Lessons, IPv6 Edition

Yes, we really are going to reach a point where the RIRs will run out of IPv4 addresses. As this chart from Geoff’s blog shows —

ipv4-exhaustion

Why am I thinking about this? Because I ran across a really good article by Geoff Huston over at potaroo about the state of the IPv4 address pool at APNIC. The article is a must read, so stop right here, right click on this link, open it in a new tab, read it, and then come back. I promise this blog isn’t going anyplace while you’re over on Geoff’s site. But my point isn’t to ring the alarm bells on the IPv4 situation. Rather, I’m more interested in how we got here in the first place. Specifically, why has it taken so long for the networking industry to adopt IPv6?

Inertia is a tempting answer, but I’m not certain I buy this as the sole reason for lack of deployment. IPv6 was developed some fifteen years ago; since then we’ve deployed tons of new protocols, tons of new networking gear, and lots of other things. Remember what a cell phone looked like fifteen years ago? In fact, if we’d have started fifteen years ago Continue reading

Worth Reading: Vagrant and Cumulus

Cumulus recently announced their CumulusVX platform, which is a virtualized instance of their operating system typically found on network switches. They’ve provided a few options to run this, and in this blog post, I’ll be exploring the use of Vagrant to set up a topology with Cumulus virtual devices. via keeping it classless

Matt has a greater starter up on running Cumulus IX on a Vagrant installation — since Vagrant is available on a few widely deployed machines, this is a great tool for learning the environment. As soon as I can get one of my Ubuntu machines local, or figure out how to get enough drive space on one of my laptops to install this, I’ll be getting Vagrant set up to use on a few different things.

LinkedInTwitterGoogle+FacebookPinterest

The post Worth Reading: Vagrant and Cumulus appeared first on 'net work.

Worth Reading: The Crisis of Attention

Recently, my father, who has worked in technology education for a long time, texted me a picture from an airport restaurant in which he was eating. In the picture, a waiter stood at a table waiting for a family of six to finish looking at their iPads. Each person had bent his or her head to stare at the iPad screen, ignoring one another and the waiter. via the Washington Free Beacon

The post Worth Reading: The Crisis of Attention appeared first on 'net work.

IT/IT: The Future of Network Engineering

Two different articles caught my attention this last week. They may not seem to be interrelated, but given my “pattern making mind,” I always seem to find connections. The first is an article from Network Computing discussing the future of network engineering skill sets.

It’s a new day in enterprise technology, with Chuck Robbins at the helm of Cisco. But John Chambers left a lasting dark impression with the audience at Cisco Live in June. He essentially dropped a hand grenade, predicting the end of IT as we know it, and walked offstage.

Patrick Hubbard goes on to talk about the hand grenade John Chambers left in the room 3 that there would be major mergers, failures, and acquisitions in the next twenty years, leaving the IT industry a very different place. The takeaway? That individual engineers need to “up their game,” learning new technologies faster, hitting the books and the labs on a more regular basis. Given the view in the industry of Cisco as a “safe harbor” for IT skills, this is something of a hand grenade in the room, coming from Chambers at Cisco Live.

The second article predicts a hand grenade, as well, though of a Continue reading

Clear Writing

For most of us most of the time, our dense writing indicates not the irreducible difficulty of a work of genius, but the sloppy thinking of a writer indifferent to his readers.
The Craft of Research, Kindle Location 2392

LinkedInTwitterGoogle+FacebookPinterest

The post Clear Writing appeared first on 'net work.

1 146 147 148 149 150 159