Short Take: Security as a Tradeoff

We often treat security as an absolute, “that which must be done, and done perfectly, or is of no value at all.” It’s time to take this myth head on, and think about how we should really think about security.

Worth Reading: Monitoring on End Hosts

Many enterprises monitor their networks using passive measurements techniques such as NetFlow. Although monitoring functions on routers or middleboxes can be convenient from a deployment viewpoint, they miss a lot of information about the performance of the network as they need to infer the state of each connection. —Olivier Tilmans @APNIC

Worth Reading: Boosting Security with Adjuvants

In medical treatment there is a concept of an “adjuvant” — an agent that enhances the effect of other agents. It’s not the cure, but it helps the cure be more effective. Adjuvants are added to medicines to enhance their responses and lengthen their effect. We can use this same concept for security work —Raymond Pompon @Dark Reading

The Network Collective: State of the Podcast

In this edition of the Network Collective, Eyvonne, Jordan, and I talk about where the ‘cast has been, and share some thoughts on where it is going. While we like technology as much as anyone else, the NC is really all about community.

In particular, we discuss the upcoming subscription service. We have a lot of new, exciting, material being recorded around the skills needed to be a better engineer exclusively for the subscription service. For instance, we’ve started a series on communication that does not take the standard line, but looks at how to communicate from the perspective of our experience in living on every possible side of the network engineering world, and developing and delivering every possible kind of content. And we have our first Q&A guest lined up, as well as a lot of fantastic material from Rachel Traylor already being recorded. This is going to be fantastic material, designed to push your career forward in a way that includes technology, but goes beyond technical skills, as well.

Worth Reading: Increasing Bandwidth Demands

More fiber almost always solves bandwidth problems. When in doubt, lay more fiber. Fiber is king, there is no issue here with that assertion. In fact, the entire wireless spectrum can be contained in a single fiber optic cable. —Steve Daigle @Cisco

What Reading: Integrity in Security

What happened to integrity in cybersecurity? I don’t mean integrity in terms of a company’s missteps in disclosing a data breach, nor around the ethics of sketchy security “research” practices. I’m talking about integrity as a foundational approach in protecting valuable data and systems. —Tim Erlin @Dark Reading

Research: Robustness in Complex Systems

While the network engineering world tends to use the word resilience to describe a system that will support rapid change in the real world, another word often used in computer science is robustness. What makes a system robust or resilient? If you ask a network engineer this question, the most likely answer you will get is something like there is no single point of failure. This common answer, however, does not go “far enough” in describing resilience. For instance, it is at least sometimes the case that adding more redundancy into a network can actually harm MTTR. A simple example: adding more links in parallel can cause the control plane to converge more slowly; at some point, the time to converge can be reduced enough to offset the higher path availability.

In other cases, automating the response to a change in the network can harm MTTR. For instance, we often nail a static route up and redistribute that, rather than redistributing live routing information between protocols. Experience shows that sometimes not reacting automatically is better than reacting automatically.

This post will look at a paper that examines robustness more deeply, Robustness in Complexity Systems,” by Steven Gribble. While this Continue reading

Worth Reading: Surviving Mediocrity

“I’m surrounded by lazy, marginally competent people. The boss is no better, and neither is the boss’ boss. What we’re doing is Not Even Wrong, it’s bureaucratically lame. I have much better ideas than my ‘superiors’, but no one understands, no one cares…” —Jean-Louis Gassée @Medium

Weekend Reads 051818: Botnets and Throwhammer

The Facebook freak-out provides an outlet for fears regarding the digital environment we inhabit. A few companies control most channels of information. The gadgets that we use for convenience and entertainment also create the mechanisms for near-total surveillance, from tracking devices in our pockets to wiretaps in our homes—hi, Alexa! Someone besides Santa is watching and knows whether you have been naughty or nice. —Nathanael Blake @Public Discourse

Within just 10 days of the disclosure of two critical vulnerabilities in GPON router at least 5 botnet families have been found exploiting the flaws to build an army of million devices. Security researchers from Chinese-based cybersecurity firm Qihoo 360 Netlab have spotted 5 botnet families, including Mettle, Muhstik, Mirai, Hajime, and Satori, making use of the GPON exploit in the wild. —Swati Khandelwal @The Hacker News

Exploitation of Rowhammer attack just got easier. Dubbed ‘Throwhammer,’ the newly discovered technique could allow attackers to launch Rowhammer attack on the targeted systems just by sending specially crafted packets to the vulnerable network cards over the local area network. Known since 2012, Rowhammer is a severe issue with recent generation dynamic random access memory (DRAM) chips in which repeatedly accessing a row of memory Continue reading

Saints in Form

Worth Reading: TLS 3.0

Rest assured, the day TLS 1.3 is official won’t be a “Y2K bug” moment for encrypted traffic — and for everyday Web users, the update will likely go unnoticed. However, for security teams, the time to prepare for the new standard is now. —Mark Urban @Dark Reading

Worth Reading: Google asks for “please”

Google on Monday showed off a slew of new features coming to its wide range of consumer products, from an addition to its Android OS that encourage users to take breaks to a feature in its Google Assistant that praises kids (and, perhaps, adults) for using the word “please.” —Rachel Metz @Technology Review

Worth Reading: Securing Geolocation

Geolocation is often targeted for manipulation in order to impersonate (if location is used to reinforce authentication) or other location-dependent benefits, such as access to copyright-protected media and localized news. —AbdelRahman Abdou @APNIC

Short Take: Telecommuting

Worth Reading: Supply Chain Security

All of our computerized systems are deeply international, and we have no choice but to trust the companies and governments that touch those systems. And while we can ban a few specific products, services or companies, no country can isolate itself from potential foreign interference. —Schneier on Security

Worth Reading: The Spin Bit

The spin bit and VEC were designed to be a minimal-risk, maximum-utility signal fit for a single purpose: on-path measurement of end-to-end RTT, to generate RTT samples for a variety of passive latency measurement tasks. —Brian Trammell @APNIC

History of Networking: BGP Security

Worth Reading: Pay attention to performance

In some recent design situations, I’ve spent some time looking at routers and firewalls, looking for some fairly hefty performance characteristics. That’s where it became quite clear (if it wasn’t clear enough already), that router and firewall performance costs a lot more, compared to switches. As covered in the previous blog. —Pete Welcher @Netcraftsmen

Worth Reading: The Internet is going the wrong way

Facebook is taking the place of blogs, but doesn’t permit linking, styles. Posts can’t have titles or include podcasts. As a result these essential features are falling into disuse. We’re returning to AOL. Linking, especially is essential. @Scripting News

Research: Bridging the Air Gap

Way back in the old days, the unit I worked at in the US Air Force had a room with a lot of equipment used for processing classified information. Among this equipment was a Zenith Z-250 with an odd sort of keyboard and a very low resolution screen. A fine metal mesh embedded in a semi-clear substrate was glued to the surface of the monitor. This was our TEMPEST rated computer, on which we could type up classified memos, read classified email, and the like. We normally connected it to the STU-3 through a modem (remember those) to send and receive various kinds of classified information.

Elovici, Mordechai Guri, Yuval. “Bridgeware: The Air-Gap Malware.” Accessed May 13, 2018. https://cacm.acm.org/magazines/2018/4/226377-bridgeware/abstract.

The idea of TEMPEST begins way back in 1985, when a Dutch researcher demonstrated “reading” the screen of a computer using some relatively cheap, and easy to assemble, equipment, from several feet away. The paper I’m looking at today provides a good overview of the many ways which have been discovered since this initial demonstration to transfer data from one computer to another across what should be an “air gap.” For instance, the TEMPEST rated computer described Continue reading