Lessons from nPetya one year later

This is the one year anniversary of NotPetya. It was probably the most expensive single hacker attack in history (so far), with FedEx estimating it cost them $300 million. Shipping giant Maersk and drug giant Merck suffered losses on a similar scale. Many are discussing lessons we should learn from this, but they are the wrong lessons.


An example is this quote in a recent article:
"One year on from NotPetya, it seems lessons still haven't been learned. A lack of regular patching of outdated systems because of the issues of downtime and disruption to organisations was the path through which both NotPetya and WannaCry spread, and this fundamental problem remains." 
This is an attractive claim. It describes the problem in terms of people being "weak" and that the solution is to be "strong". If only organizations where strong enough, willing to deal with downtime and disruption, then problems like this wouldn't happen.

But this is wrong, at least in the case of NotPetya.

NotPetya's spread was initiated through the Ukraining company MeDoc, which provided tax accounting software. It had an auto-update process for keeping its software up-to-date. This was subverted in order to deliver the initial NotPetya Continue reading

Packet Size, It Matters

As I mentioned in a previous post, I have been studying the materials for the Cisco CCDE. One thing that has come up only a time or two is that of MTU. MTU, or maximum transmission unit, is the maximum size a chunk of data can be for a given interface. In this article, we are speaking specifically of IP MTU and this is an important distinction that I will clarify later. Network design should incorporate a clear understanding of MTU challenges and operators need to understand what to look for when it is not properly built and configured.

A simplistic example of a problematic design is when there is a link with a smaller MTU somewhere between two endpoints capable of creating larger packets (see the image below). While this environment may work fine, understanding the interaction required between the hosts and the network devices is very important to network design.

A few years ago I wrote an article that outlined some of the behavior that can be witnessed when there are MTU discovery issues. Let’s quickly recount what path MTU discovery (PMTU-D) is, how it works, how it fails and some logic around appropriate design.

General Facts Around Continue reading

Worth Reading: The power of hyperscale

The growth of cloud-IT adoption continues unabated. Today’s landscape of cloud providers is dominated by a small handful of companies based in the U.S. and China that deploy company-owned hyperscale data centers. For the foreseeable future, these few will account for much of the growth in the cloud-IT market as many businesses decide to give up owning their own data centers and move their applications to cloud platforms. —Marc Cram @The Data Center Journal

I Didn’t Even Know I Was Sick

This piece was originally published in the Packet Pushers’ Human Infrastructure Magazine, a publication about the human side of working in technology. HIM is sent every other week or so to Packet Pushers Ignition members. Sign up for free.

I recently tweeted…

I’ve become okay with only having so much time in my schedule. Would adding this { new | random | unexpected } thing to the mix stress me out? Yes? Then I can’t do it. Have to leave some space. Have to execute well on the things already on the list.

I grabbed a couple of replies that especially impacted me.

Cutting Things Loose Has A Cost

The hard part for me is deciding when to cut things loose in order to make room for new things that are more valuable. Sometimes it’s natural, like a job transition, but most of the time it’s not. I’d rather make intentional choices, not wait until I’m burned out. Of course, often the major problem with intentionally stopping a project is the social cost. Disappointing people is expensive for multiple reasons. And it’s very difficult to weigh that against the benefit of doing something new.

@bensons

Benson crammed a whole lot Continue reading

I Didn’t Even Know I Was Sick

This piece was originally published in the Packet Pushers’ Human Infrastructure Magazine, a publication about the human side of working in technology. HIM is sent every other week or so to Packet Pushers Ignition members. Sign up for free.

I recently tweeted…

I’ve become okay with only having so much time in my schedule. Would adding this { new | random | unexpected } thing to the mix stress me out? Yes? Then I can’t do it. Have to leave some space. Have to execute well on the things already on the list.

I grabbed a couple of replies that especially impacted me.

Cutting Things Loose Has A Cost

The hard part for me is deciding when to cut things loose in order to make room for new things that are more valuable. Sometimes it’s natural, like a job transition, but most of the time it’s not. I’d rather make intentional choices, not wait until I’m burned out. Of course, often the major problem with intentionally stopping a project is the social cost. Disappointing people is expensive for multiple reasons. And it’s very difficult to weigh that against the benefit of doing something new.

@bensons

Benson crammed a whole lot Continue reading

Get the facts on SD-WAN: Understanding the most common myths

The topic of SD-WAN has been a hot one over the past several years. This makes sense because in most companies, the WAN hasn’t been updated for decades and SD-WANs have the potential to modernize the network and bring it into alignment with the rest of IT.However, like most new technologies, I find there are a number of common misconceptions when it comes to SD-WANs. Part of the problem is that the vendor ecosystem has exploded, and the many vendors that approach the market from different angles muddy the waters — making it hard to discern what’s real, what’s misleading, and what's downright wrong.[ Click here to find out more about SD-WAN and why you’ll use it one day and learn about WANs and where they’re headed. | Get regularly scheduled insights by signing up for Network World newsletters. ] The top SD-WAN myths To help buyers make sense of what's happening in the SD-WAN world, here are seven myths to watch out for — and why they aren't correct.To read this article in full, please click here

Get the facts on SD-WAN: Understanding the most common myths

The topic of SD-WAN has been a hot one over the past several years. This makes sense because in most companies, the WAN hasn’t been updated for decades and SD-WANs have the potential to modernize the network and bring it into alignment with the rest of IT.However, like most new technologies, I find there are a number of common misconceptions when it comes to SD-WANs. Part of the problem is that the vendor ecosystem has exploded, and the many vendors that approach the market from different angles muddy the waters — making it hard to discern what’s real, what’s misleading, and what's downright wrong.[ Click here to find out more about SD-WAN and why you’ll use it one day and learn about WANs and where they’re headed. | Get regularly scheduled insights by signing up for Network World newsletters. ] The top SD-WAN myths To help buyers make sense of what's happening in the SD-WAN world, here are seven myths to watch out for — and why they aren't correct.To read this article in full, please click here

1 1,547 1,548 1,549 1,550 1,551 3,836