Weekend Reads 042922

Our current encryption standards protect our bank accounts, financial markets, and most of our infrastructure, not to mention the logistics/supply-chain management system in the US Defense Department. But what happens when quantum computers can decipher the current asymmetric encryption that protects our vital systems?

Local governments all over the country are choosing ISP partners and making grants from ARPA funds to help bring better broadband. Today’s blog is a warning to handle the awards of such monies in a way as to be safe from challenges from ISPs you don’t choose to fund.

In a resounding victory for companies whose business model depends on web scraping, the U.S. Ninth Circuit Court of Appeals held this week that such activity does not violate the U.S. Computer Fraud and Abuse Act.

OpenTelemetry is considered by many the future of instrumentation, and it’s not hard to understand why. In a world where successful companies are software companies, the need to collect observations from running code is almost universal. Through metrics, logs, and traces, observability data gives us the information we need to inspect how our applications run—and thanks to projects like OpenTelemetry, observability is becoming accessible to everyone.

Organizations using newer Continue reading

BGP Policies (Part 5)

At the most basic level, there are only three BGP policies: pushing traffic through a specific exit point; pulling traffic through a specific entry point; preventing a remote AS (more than one AS hop away) from transiting your AS to reach a specific destination. In this series I’m going to discuss different reasons for these kinds of policies, and different ways to implement them in interdomain BGP.

In this post I’m going to cover AS Path Prepending from the perspective of AS65001 in the following network—

Since the length of the AS Path plays a role in choosing which path to use when forwarding traffic towards a given reachable destination, many (if not most) operators prepend the AS Path when advertising routes to a peer. Thus an AS Path of [65001], when advertised towards AS65003, can become [65001,65001] by adding one prepend, [65001,65001,65001] by adding two prepends, etc. Most BGP implementations allow an operator to prepend as many times as they would like, so it is possible to see twenty, thirty, or even higher numbers of prepends.
Note: The usefulness of prepending is generally restricted to around two or three, as the average length of an AS Path in the Continue reading

Weekend Reads 042222

Agencies of the US Government have issued a joint warning that hackers have revealed their capability to gain full system access to industrial control systems that might help enemy states sabotage critical infrastructure.

Whether you consider them black swan cyber events or not, the SolarWinds attack and the Log4Shell exploit stressed some of the key ways in which organizations can prepare themselves and prevent crises.

The serious lesson from that is to acknowledge but forgive errors. “He’s said, many times, that he knew at that moment it was going to be OK,” Ellis says. “Creating a safe culture requires a lot of practices, and one of them is closure. Humor is a great way to provide closure because you rarely laugh about something that is still creating tension.”

To say that data governance and data compliance are rapidly becoming areas of immense strategic importance for businesses would be an understatement. Governments worldwide already have data protection laws in place or are busy drafting these laws.

On Sunday, an attacker managed to drain around $182 million of cryptocurrency from Beanstalk Farms, a decentralized finance (DeFi) project aimed at balancing the supply and demand of different cryptocurrency assets. Notably, the attack Continue reading

On Securing BGP

The US Federal Communications Commission recently asked for comments on securing Internet routing. While I worked on the responses offered by various organizations, I also put in my own response as an individual, which I’ve included below.

I am not providing this answer as a representative of any organization, but rather as an individual with long experience in the global standards and operations communities surrounding the Internet, and with long experience in routing and routing security.

I completely agree with the Notice of Inquiry that “networks are essential to the daily functioning of critical infrastructure [yet they] can be vulnerable to attack” due to insecurities in the BGP protocol. While proposed solutions exist that would increase the security of the BGP routing system, only some of these mechanisms are being widely deployed. This response will consider some of the reasons existing proposals are not deployed and suggest some avenues the Commission might explore to aid the community in developing and deploying solutions.

9: Measuring BGP Security.
At this point, I only know of the systems mentioned in the query for measuring BGP routing security incidents. There have been attempts to build other systems, but none of these systems have been Continue reading

Hedge 127: FR Routing Update

The FR Routing project is a fully featured open-source routing stack, including BGP, OSPF, and IS-Is (among others), supported by a community including NVDIA, Orange, VMWare, and many others. On today’s episode of the Hedge, Tom Ammon and Russ White are joined by Donald Sharp, Alistair Woodman, and Quentin Young to update listeners on projects completed and underway in FR Routing.

download

Legal and Ethical Aspects of Privacy

My second post on privacy for network engineers is up over at Packet Pushers—

Given the arguments from the first article in this series, if privacy should be and is essential—what does the average network engineer do with this information? How does privacy impact network design and operations? To answer this question, we need to look at two other questions.

Weekend Reads 041522

Quantum computing startups are all the rage, but it’s unclear if they’ll be able to produce anything of use in the near future.

A few years ago, Ken Crum started getting uncomfortable with how much of his life seemed to be online. The long-time computer programmer was particularly concerned by what companies appeared to know about him.

In a future release of Windows 11, you’re going to see significant security updates that add even more protection from the chip to the cloud by combining modern hardware and software.

The classic line “I have a bad feeling about this” is repeated in every Star Wars movie. It’s become a meme for that uneasy feeling that as bad as things are now, they are about to get much worse. That’s an accurate portrayal of how many of us feel about cybersecurity.

Wouldn’t it be funny if Google ends up being the stalwart supporter of the X86 architecture among the hyperscalers and cloud builders?

In 2019, the US Government Accountability Office (GAO) released a report highlighting the ten most critical legacy systems that needed modernisation.

The gold standard for retailers and financial organizations when it comes to protecting sensitive cardholder data, PCI DSS Continue reading

Hedge 126: George Michaelson on ISDN

ISDN, while an old technology, is still around in many parts of the world. When will it go away? George Michaelson joins Tom Ammon and Russ White to discuss the end of ISDN. The conversation then veers into old networking technologies, and the importance of ISDN in setting the terms and ideas we use today—ISDN is one of the key technologies around which network engineers built their mental maps of how to build and maintain networks.

download

Upcoming Training: Network Troubleshooting

I’m teaching a three-hour webinar on troubleshooting on the 22nd of April:

This training focuses on the half-split system of troubleshooting, which is widely used in the electronic and civil engineering domains. The importance of tracing the path of the signal, using models to put the system in context, and the use of a simple troubleshooting “loop” to focus on asking how, what, and why are added to the half-split method to create a complete theory of troubleshooting. Other concepts covered in this course are the difference between permanent and temporary fixes and a review of measuring reliability. The final third of the course contains several practical examples of working through problems to help in applying the theory covered in the first two sections to the real world.

This is offered on Safari Books Online through Pearson. I think that if you register for the course, you can watch a recording later.

Register here.

Hedge: April Update

You can register for my network troubleshooting course here.

Information about the IEEE Network Softwarification Conference can be found here.

Our upcoming episodes for this month are George Michaelson on the death of ISDN and old networks; an update on the FR Routing project; and Rick Graziani on college and network engineering. Thanks for listening to the Hedge!

download

Weekend Reads 040822

These guidelines are not about finding a perfectly secure solution but about practical, immediate possible actions with respect to email, instant messaging, voice and video chats, and other important security measures to consider.

The governance of an IXP can deeply affect its development. The difficulty of stating a clear management policy for IXP is the main challenge that limits the growth, sustainability and success of IXPs. In the past years, there have not been enough initiatives that support creating such policies for IXP management.

European telecommunication service providers are being pushed to pick up the pace regarding 5G adoption. However, the next-gen technology requires immense data capacity and transmission speeds, thus setting up the new infrastructure is no easy task for telcos.

With businesses around the globe—especially in the United States, Canada, and Western Europe—bracing for potential cyber-attacks orchestrated by Russia or its hackers, a leading cyber security firm is warning most software upgrades are not adequately addressing the most vulnerable component of the “modern cyber-attack surface.”

Now, a new lawsuit is giving consumers an unprecedented peek into this opaque world, and illuminating just how easily a data broker can lose control of the user information it collects.

Sure, Continue reading

Hedge 125: Brooks Westbrook and DC Fabric Design

DC fabric design is more of an art than a science—a lot of factors come into play, such as future growth, lifecycle management, security, and costs. How can network engineers balance these various factors—how do they even know what questions to ask? Brooks Westrbook joins Tom Ammon and Russ White to discuss three- and five-stage DC fabric design, OPEX, CAPEX, and other topics on this episode of the Hedge.

download