The First Question in Cybersecurity

Cybersecurity professionals know that security cannot be a bolt on process or technology. Likewise, I also believe that that the thought of including the security team is rarely  goes far enough. To be effective, security should be ingrained and it should be pervasive. With a this commitment, there is at least one primary question that every organization should be asking in regards to Cybersecurity. That question is simply “Why?

Not only should this question be asked organizationally, it should also be asked by individuals that are assuming security related roles within an organization. Some would think that the answer is simple or obvious. In many cases it is, but the complete answer WILL differ from organization to organization and differ based on the type of organization. What is important is that the organization itself agree upon the answer to this question.

Relevant answers to the Why question might be any or all of the following:

Governance—Specific regulatory requirements that the organization is required to meet. When these exist, they are often considered a top priority and a baseline requirement to transact business.

Cost/Expense—This could be direct and/or indirect. A direct example would be the typical scenario that occurs with ransomeware. Continue reading

What about other leaked printed documents?

So nat-sec pundit/expert Marci Wheeler (@emptywheel) asks about those DIOG docs leaked last year. They were leaked in printed form, then scanned in an published by The Intercept. Did they have these nasty yellow dots that track the source? If not, why not?

The answer is that the scanned images of the DIOG doc don't have dots. I don't know why. One reason might be that the scanner didn't pick them up, as it's much lower quality than the scanner for the Russian hacking docs. Another reason is that the printer used my not have printed them -- while most printers do print such dots, some printers don't. A third possibility is that somebody used a tool to strip the dots from scanned images. I don't think such a tool exists, but it wouldn't be hard to write.

Scanner quality

The printed docs are here. They are full of whitespace where it should be easy to see these dots, but they appear not to be there. If we reverse the image, we see something like the following from the first page of the DIOG doc:


Compare this to the first page of the Russian hacking doc which shows Continue reading

Microwave

Two interesting things I saw when listening to the output from my microwave:

  1. The frequency is not stable. I assume it’s not thermally controlled.
  2. Probably not a good idea to use WiFi channel 6, being 2.437GHz+-11MHz and all.

Near the microwave

Near the microwave

Some rooms away from the microwave

Separate measurement some rooms away.

Further from microwave

How to generate the graphs

# Edit usrp_spectrum_sense.py so that it prints time.time() instead of datetime.now()
./usrp_spectrum_sense.py --dwell-delay=0.1 -A RX2 -s 8000000 --real-time 2.4e9 2.5e9 > near-microwave.txt
# Edit near-microwave to remove the stupid verbose messages from the top.
cat > microwave.plot << EOF
set view map
set size ratio .9

set object 1 rect from graph 0, graph 0 to graph 1, graph 1 back
set object 1 rect fc rgb "black" fillstyle solid 1.0

set xlabel 'Time in seconds'
set ylabel 'Frequency'
set zlabel 'dB'
set terminal epslatex color
set output "near-microwave.eps"
splot 'near-microwave.txt' using ($1-1496693552.11):((($5/1000-2400000)/1000)):4 with points pointtype 5 pointsize 3 palette linewidth 30 title 'Signal'
EOF
gnuplot microwave.plot
convert near-microwave.{eps,png}

I can’t have GNUPlot output PNG directly because it hangs.

The magic value 1496693552.11 is the first timestamp in the file.

When No One Can Make Money In Systems

Making money in the information technology market has always been a challenge, but it keeps getting increasingly difficult as the tumultuous change in how companies consume compute, storage, and networking rips through all aspects of this $3 trillion market.

It is tough to know exactly what do to, and we see companies chasing the hot new things, doing acquisitions to bolster their positions, and selling off legacy businesses to generate the cash to do the deals and to keep Wall Street at bay. Companies like IBM, Dell, HPE, and Lenovo have sold things off and bought other things to try

When No One Can Make Money In Systems was written by Timothy Prickett Morgan at The Next Platform.

50% off SanDisk Extreme PRO 128GB USB 3.0 Flash Drive, Speeds Up To 260MB/s – Deal Alert

The SanDisk Extreme PRO USB 3.0 Flash Drive features a sizable 128GB of storage, and read speeds of up to 260MB/s lets you easily transfer a full-length movie in seconds. The sophisticated design and durable aluminum metal casing help to protect against every day wear and tear on the outside, while the included SanDisk SecureAccess software provides 128-bit AES file encryption and password protection on the inside for your private files. The SanDisk Extreme PRO USB 3.0 Flash Drive is backed with a lifetime limited warranty. It currently averages 4.6 out of 5 stars on Amazon from over 550 people (80% rate the full 5 stars: see reviews here), and its typical list price has been reduced a generous 54% to just $64.99. See this deal on Amazon.To read this article in full or to leave a comment, please click here

What Extreme’s string of networking acquisitions means for enterprises

Extreme Network’s recent string of acquisitions – including it’s recent $100 million auction-buy of Avaya’s networking business, it’s purchase of Brocade’s Ethernet IP networking assets and its purchase of wireless vendor Zebra Technologies last year – should cause enterprise end users to potentially rethink their network infrastructure buying decisions when it comes time for their next hardware refresh, according to Forrester analyst Andre Kindness.Kindness says in the immediate short term, there are not likely to be any major changes to offerings from these vendors; all current Avaya and Brocade networking gear will still be supported. But given Extreme’s acquisition spree, it’s expected there will be some consolidation and blending of products over the medium and long-term. “As with anything, it will take some time to reconcile the moves and figure out the new direction,” says Kindness.To read this article in full or to leave a comment, please click here

What Extreme’s string of networking acquisitions means for enterprises

Extreme Network’s recent string of acquisitions – including it’s recent $100 million auction-buy of Avaya’s networking business, it’s purchase of Brocade’s Ethernet IP networking assets and its purchase of wireless vendor Zebra Technologies last year – should cause enterprise end users to potentially rethink their network infrastructure buying decisions when it comes time for their next hardware refresh, according to Forrester analyst Andre Kindness.Kindness says in the immediate short term, there are not likely to be any major changes to offerings from these vendors; all current Avaya and Brocade networking gear will still be supported. But given Extreme’s acquisition spree, it’s expected there will be some consolidation and blending of products over the medium and long-term. “As with anything, it will take some time to reconcile the moves and figure out the new direction,” says Kindness.To read this article in full or to leave a comment, please click here

What Extreme’s string of networking acquisitions means for enterprises

Extreme Network’s recent string of acquisitions – including it’s recent $100 million auction-buy of Avaya’s networking business, it’s purchase of Brocade’s Ethernet IP networking assets and its purchase of wireless vendor Zebra Technologies last year – should cause enterprise end users to potentially rethink their network infrastructure buying decisions when it comes time for their next hardware refresh, according to Forrester analyst Andre Kindness.Kindness says in the immediate short term, there are not likely to be any major changes to offerings from these vendors; all current Avaya and Brocade networking gear will still be supported. But given Extreme’s acquisition spree, it’s expected there will be some consolidation and blending of products over the medium and long-term. “As with anything, it will take some time to reconcile the moves and figure out the new direction,” says Kindness.To read this article in full or to leave a comment, please click here

Florida wants to be a major host of data center facilities

Welcome to the relaunch of my blog. We are undergoing a slight change in direction here at Network World, and with it a change in direction for this blog. Instead of covering Microsoft issues, I will be focused on data center issues, a change I am looking forward to because I love all things big iron. So, on to the show.-----------------------------------------------The state of Florida is not the first place you think of when it comes to tech. IBM had that legendary Boca Raton facility, and there are a few firms here and there, but it pales in comparison to California, Oregon, Washington and Texas.The state is looking to change that in a unique way. Instead of luring tech firms, it’s looking to lure data centers. The state legislature has passed, and Governor Rick Scott has signed, legislation for sales tax exemptions for large data center projects. The law goes into effect July 1, 2017.To read this article in full or to leave a comment, please click here

Florida wants to be a major host of data center facilities

Welcome to the relaunch of my blog. We are undergoing a slight change in direction here at Network World, and with it a change in direction for this blog. Instead of covering Microsoft issues, I will be focused on data center issues, a change I am looking forward to because I love all things big iron. So, on to the show.-----------------------------------------------The state of Florida is not the first place you think of when it comes to tech. IBM had that legendary Boca Raton facility, and there are a few firms here and there, but it pales in comparison to California, Oregon, Washington and Texas.The state is looking to change that in a unique way. Instead of luring tech firms, it’s looking to lure data centers. The state legislature has passed, and Governor Rick Scott has signed, legislation for sales tax exemptions for large data center projects. The law goes into effect July 1, 2017.To read this article in full or to leave a comment, please click here

OneLogin and Password Managers

An interesting incident this last week brings password managers back to the front of the pile—

OneLogin, an online service that lets users manage logins to sites and apps from a single platform, says it has suffered a security breach in which customer data was compromised, including the ability to decrypt encrypted data. —Krebs on Security

I used to use LastPass, but moved off of their product/service when LogMeIn bought them—my previous encounters with LogMeIn have all been negative, and I have no intention of using their service again in any form. During that move, I decided it was important to make another decision about the tradeoff between an online (cloud based) password manager, or one that keeps information in a local file. The key problem with cloud based services of this kind are they paint a huge target onto your passwords. The counter argument is that such cloud based services are more likely to protect your passwords than you are, because they focus their time and energy on doing so.

First lesson: moving to a cloud based application does not mean moving to a situation where the cloud provider actually knows what you are storing, nor how to access Continue reading

HPE Looks Ahead To Composable Infrastructure, Persistent Memory

Over the past several years, the server market has been roiled by the rise of cloud computing that run the applications created by companies and by services offered by hyperscalers that augment or replace such applications. This is a tougher and lumpier market, to be sure.

The top tier cloud providers like Amazon, Microsoft, and Google not only have become key drivers in server sales but also have turned to original design manufacturers (ODMs) from Taiwan and China for lower cost systems to help populate their massive datacenters. Overall, global server shipments have slowed, and top-tier OEMs are working to

HPE Looks Ahead To Composable Infrastructure, Persistent Memory was written by Jeffrey Burt at The Next Platform.

Researchers find gaps in IoT security

Researchers from the University of Michigan and Stony Brook University published a paper explaining a novel approach to IoT security challenges (pdf). The researchers pose the question:  “What are the new intellectual challenges in the science of security when we talk about the Internet of Things, and what problems can we solve using currently known security techniques?” This research approach is very accessible because it uses existing categories and concepts by comparing security methods developed for smartphones, PCs and the cloud to identify the gaps and challenges to IoT security. The IoT stack is defined with the familiar layers:To read this article in full or to leave a comment, please click here

Researchers find gaps in IoT security

Researchers from the University of Michigan and Stony Brook University published a paper explaining a novel approach to IoT security challenges (pdf). The researchers pose the question:  “What are the new intellectual challenges in the science of security when we talk about the Internet of Things, and what problems can we solve using currently known security techniques?” This research approach is very accessible because it uses existing categories and concepts by comparing security methods developed for smartphones, PCs and the cloud to identify the gaps and challenges to IoT security. The IoT stack is defined with the familiar layers:To read this article in full or to leave a comment, please click here

IDG Contributor Network: The rise of SD-WAN: what does it mean for your company?

It’s hard to come by any enterprise that operates offline these days. Enterprise connectivity is now central to any digital workplace strategy. A tech-savvy workforce also demands robust, stable, and fast infrastructure that would enable them to be at their most productive. However, keeping pace with all the changes technology can be a real challenge for enterprises.Workplaces are also increasingly becoming collaborative. Projects are now utilizing remote teams where members can be geographically distributed all over the world. As such, the infrastructure must be able to accommodate remote access not just but cross-border as well. Mobile enterprise is also on the rise.To read this article in full or to leave a comment, please click here

Open Networking for Large-Scale Networks

Shawn Zandi and I recently recorded a new webinar for Ivan over at ipspace.net around open source and disaggregated networking. If you have ever wanted to find out about these topics, this webinar is a great place to start in understanding what options are available, and how easy/hard it is to get this kind of thing running.

The webinar is available here.

The post Open Networking for Large-Scale Networks appeared first on rule 11 reader.

1 2,032 2,033 2,034 2,035 2,036 3,845