IDG Contributor Network: Will enterprise IoT become BYOD on steroids?

If you thought BYOD was a pain the neck for IT management, strap yourself in.The integration of Internet of Things (IoT) devices in the enterprise is moving beyond the hype into a much more pragmatic and operational phase of planning, execution and service delivery.There’s massive interest and buzz around IoT within companies of every type. This is largely due to the transformative business impact IoT will have. Major business will be transformed, disrupted or out completely when IoT is properly used in the business transformation process.But with IoT solutions comes new demands and a wide range of technologies, many of which will take the enterprise into unfamiliar territory, requiring different analytical skills and management tools. In other words, IoT devices quickly finding their way into to the enterprise will make life a living hell for network managers – far beyond the problems they experienced with BYOD.To read this article in full, please click here

BrandPost: What your network needs for GDPR compliance

There is nothing like a looming deadline to get people motivated. For the General Data Protection Regulation (GDPR), May 25 is that deadline. A sweeping new data privacy regulation, GDPR will soon come into effect across the European Union (EU). In practice, however, it affects any company or organization conducting business or operations in the EU (whether through a physical presence there or offering goods and services to EU residents) that collects and processes EU residents’ data. Its goal is to better protect and empower EU residents’ data privacy, and it represents the most significant change in data privacy laws in more than 20 years. For businesses too, it will be a watershed moment in how they process, handle and manage data, with heavy fines on the table for non-compliance.To read this article in full, please click here

In the IoT world, general-purpose databases can’t cut it

We live in an age of instrumentation, where everything that can be measured is being measured so that it can be analyzed and acted upon, preferably in real time or near real time. This instrumentation and measurement process is happening in both the physical world, as well as the virtual world of IT.For example, in the physical world, a solar energy company has instrumented all its solar panels to provide remote monitoring and battery management. Usage information is collected from a customers’ panels and sent via mobile networks to a database in the cloud. The data is analyzed, and the resulting information is used to configure and adapt each customer’s system to extend the life of the battery and control the product. If an abnormality or problem is detected, an alert can be sent to a service agent to mitigate the problem before it worsens. Thus, proactive customer service is enabled based on real-time data coming from the solar energy system at a customer’s installation.To read this article in full, please click here

In the IoT world, general-purpose databases can’t cut it

We live in an age of instrumentation, where everything that can be measured is being measured so that it can be analyzed and acted upon, preferably in real time or near real time. This instrumentation and measurement process is happening in both the physical world, as well as the virtual world of IT.For example, in the physical world, a solar energy company has instrumented all its solar panels to provide remote monitoring and battery management. Usage information is collected from a customers’ panels and sent via mobile networks to a database in the cloud. The data is analyzed, and the resulting information is used to configure and adapt each customer’s system to extend the life of the battery and control the product. If an abnormality or problem is detected, an alert can be sent to a service agent to mitigate the problem before it worsens. Thus, proactive customer service is enabled based on real-time data coming from the solar energy system at a customer’s installation.To read this article in full, please click here

Reaction: DNS Complexity Lessons

Recently, Bert Hubert wrote of a growing problem in the networking world: the complexity of DNS. We have two systems we all use in the Internet, DNS and BGP. Both of these systems appear to be able to handle anything we can throw at them and “keep on ticking.”

But how far can we drive the complexity of these systems before they ultimately fail? Bert posted this chart to the APNIC blog to illustrate the problem—

I am old enough to remember when the entire Cisco IOS Software (classic) code base was under 150,000 lines; today, I suspect most BGP and DNS implementations are well over this size. Consider this for a moment—a single protocol implementation that is larger than an entire Network Operating System ten to fifteen years back.

What really grabbed my attention, though, was one of the reasons Bert believes we have these complexity problems—

DNS developers frequently see immense complexity not as a problem but as a welcome challenge to be overcome. We say ‘yes’ to things we should say ‘no’ to. Less gifted developer communities would have to say no automatically since they simply would not be able to implement all that new stuff. Continue reading

BrandPost: The Path to 5G is Paved with Network Visibility

In a report entitled , Gartner discusses the widespread preparation for 5G networks, the Internet of Things (IoT), and machine-to-machine communications. These technologies are preparing to support a worldwide customer base that looks forward to smart cities, autonomous vehicles, and high-speed multimedia over broadband anywhere and anytime. To read this article in full, please click here

Google: A Collection of Best Practices for Production Services

This excerpt—Appendix B - A Collection of Best Practices for Production Services—is from Google's awesome book on Site Reliability Engineering. Worth reading if it hasn't been on your radar. And it's free!

 

Fail Sanely

Sanitize and validate configuration inputs, and respond to implausible inputs by both continuing to operate in the previous state and alerting to the receipt of bad input. Bad input often falls into one of these categories:

Incorrect data

Validate both syntax and, if possible, semantics. Watch for empty data and partial or truncated data (e.g., alert if the configuration is N% smaller than the previous version).

Delayed data

This may invalidate current data due to timeouts. Alert well before the data is expected to expire.

Fail in a way that preserves function, possibly at the expense of being overly permissive or overly simplistic. We’ve found that it’s generally safer for systems to continue functioning with their previous configuration and await a human’s approval before using the new, perhaps invalid, data.

Examples

In 2005, Google’s global DNS load- and latency-balancing system received an empty DNS entry file as a result of file permissions. It accepted this empty file and served NXDOMAIN for Continue reading

Woot Woot! 16 Weeks of Security Learning!! — SECURITY ZERO-TO-HERO

Just signed up last week for the Micronic’s “Security Zero-to-Hero” class. I am beyond stoked and excited!  I have been searching for awhile now for a class to take to help me really “go to the next level” in Security. But I just wasn’t finding the kind of class I was looking for. Every class I saw offered was either focused on one narrow aspect of the security landscape OR focused on helping people pass the CCIE Security.  Neither or which matched what I was searching for.

The class I was hoping to find would be structured more like a semester long college class with real world production discussions and also hands on labs. A class where … over weeks of learning and labbing in my personal time… the learning would just continue to seep deeper and deeper and the “aha” moments would just keep coming.  There were lots of one week classes to choose from. But, for me,  I just don’t see a one week class as a great “immersive” experience  into the complex landscape of the world of Security.  There is a “learning limit”, for me, as to how much my brain can retain Continue reading

ISOC Engages with R&E Networking in the Asia-Pacific Region

The APAN 45 meeting was held on 25-29 March 2018 in Singapore, where Kevin Meynell presented the MANRS routing security initiative during the Network Engineering Workshop.

We’ve previously discussed the underlying trust-based issues of BGP that MANRS attempts to address in a number of blogs, but we’re particularly interested in partnering with R&E networking communities for the reasons that National Research and Education Networks (NRENs) are often early adopters of new technologies and initiatives, they’re interested in distinguishing themselves from commercial operators, and the R&E community is a collaborative one.

This engagement resulted in significant interest from a number of NRENs in becoming MANRS participants, with AARNet (Australian Academic and Research Network) signing-up shortly afterwards (AS 7575). The presentation is available on the APAN 45 website, and may be freely used by those interested in promoting MANRS to raise awareness of routing security issues and promote the initiative.

APAN (Asia Pacific Advanced Network) supports the R&E networks in the region to help them to connect to each other and to other R&E networks around the world, allows knowledge to be exchanged, and coordinates the activities, services and applications of its members for their common good. APAN and the preceding APNG Continue reading

Network Break 180: Tetration In The Cloud; Attackers Target Cisco Switches

Take a Network Break! Cisco puts its Tetration workload protection product into the cloud by announcing a SaaS version, and attackers target Cisco’s Smart Install feature on the IOS and IOS XE operating systems.

Juniper aims to entice service providers by integrating telemetry, AppFormix, and its NorthStar WAN SDN controller for improved remediation, HPE acquires a cloud consultancy, and Riverbed CEO and cofounder Jerry Kennelly retires.

Cradlepoint partners with Webroot for secure SD-WAN, an activist investor target MicroFocus to go private, and cryptomining attacks increasingly target the enterprise.

Last but not least, Gartner predicts explosive cloud growth, and IDC says lines of business will outspend IT departments on technology.

Sponsor: ThousandEyes

ThousandEyes gives you performance visibility from every user to every app over any network, both internal and external, so you can smoothly migrate to the cloud, transform your WAN, troubleshoot faster and deliver exceptional user experiences. Sign up for a free account at thousandeyes.com/packetpushers and choose a free ThousandEyes t-shirt.

Show Links:

Cisco Tetration Now Available As A Cloud Service And Virtual Appliance – Packet Pushers

Cyber-Espionage Groups Are Increasingly Leveraging Routers in Their Attacks – Bleeping Computer

Attackers Exploit Cisco Switch Issue as Vendor Warns of Yet Continue reading

The Week in Internet News: AI Goes to the Dogs

Do you trust this documentary? Do You Trust This Computer? is a new documentary from filmmaker Chris Paine that’s dedicated to the dangers of artificial intelligence. Elon Musk, who’s been vocal about the potential downsides of the technology, appears in the film and has promoted it. But The Verge finds the film a bit overly dramatic, saying “feels more like a trailer for a bad sci-fi movie than a documentary on AI.”

Or you could just get a dog: Speaking of AI, researchers at the University of Washington in Seattle are using canine behavior to train an AI system to make dog-like decisions, reports MIT Technology Review.  The researchers are using dog behavior as a way to help AI better learn how to plan, with hopes of helping AI better understand visual intelligence, among other things.

News apps meet the Great Firewall: The Chinese government has temporarily blocked four news apps from being downloaded from Android app stores, ZDNet reports. The apps, with a combined user base of more than 400 million, have been suspended for up to three weeks in an apparent government media crackdown. Meanwhile, Chinese regulators have permanently banned a joke app for supposed vulgar content.

Continue reading

At RSA USA 2018 in San Francisco this week? Join the IoT Security conversation on Tuesday, April 17

Are you attending the RSA USA 2018 Conference this week in San Francisco? If so, please plan to join this panel session happening Tuesday, April 17, 2018, from 3:30 – 4:14pm (PDT):

IoT Trust by Design: Lessons Learned in Wearables and Smart Home Products

Moderated by my colleague Jeff Wilbur, Director of the Online Trust Alliance (OTA), the panel abstract is:

The world has awakened to the need for tighter security and privacy in consumer-grade IoT offerings. This panel will present a trust framework for IoT, and wearable and smart home experts will discuss top attack vectors, typical vulnerabilities in devices, apps and systems, common reasons for design compromise, the evolution of security and privacy in IoT and where it needs to go.

They will be discussing the OTA’s IoT Trust Framework, as well as some new mechanisms available to help enterprises understand the risks associated with IoT devices.

If you believe securing the Internet of Things is a critical step to having a secure Internet, please join Jeff and his panelists to learn more.

Unfortunately there appears to be no live stream available but they do seem to be recording many of the sessions. If Jeff’s Continue reading

Notes on setting up Raspberry Pi 3 as WiFi hotspot

I want to sniff the packets for IoT devices. There are a number of ways of doing this, but one straightforward mechanism is configuring a "Raspberry Pi 3 B" as a WiFi hotspot, then running tcpdump on it to record all the packets that pass through it. Google gives lots of results on how to do this, but they all demand that you have the precise hardware, WiFi hardware, and software that the authors do, so that's a pain.


I got it working using the instructions here. There are a few additional notes, which is why I'm writing this blogpost, so I remember them.
https://www.raspberrypi.org/documentation/configuration/wireless/access-point.md

I'm using the RPi-3-B and not the RPi-3-B+, and the latest version of Raspbian at the time of this writing, "Raspbian Stretch Lite 2018-3-13".

Some things didn't work as described. The first is that it couldn't find the package "hostapd". That solution was to run "apt-get update" a second time.

The second problem was error message about the NAT not working when trying to set the masquerade rule. That's because the 'upgrade' updates the kernel, making the running system out-of-date with the files on the disk. The solution to that is make Continue reading

My letter urging Georgia governor to veto anti-hacking bill

February 16, 2018

Office of the Governor
206 Washington Street
111 State Capitol
Atlanta, Georgia 30334


Re: SB 315

Dear Governor Deal:

I am writing to urge you to veto SB315, the "Unauthorized Computer Access" bill.

The cybersecurity community, of which Georgia is a leader, is nearly unanimous that SB315 will make cybersecurity worse. You've undoubtedly heard from many of us opposing this bill. It does not help in prosecuting foreign hackers who target Georgian computers, such as our elections systems. Instead, it prevents those who notice security flaws from pointing them out, thereby getting them fixed. This law violates the well-known Kirchhoff's Principle, that instead of secrecy and obscurity, that security is achieved through transparency and openness.

That the bill contains this flaw is no accident. The justification for this bill comes from an incident where a security researcher noticed a Georgia state election system had made voter information public. This remained unfixed, months after the vulnerability was first disclosed, leaving the data exposed. Those in charge decided that it was better to prosecute those responsible for discovering the flaw rather than punish those who failed to secure Georgia voter information, hence this law.

Too many security experts oppose Continue reading
1 1,652 1,653 1,654 1,655 1,656 3,849