NetworkingNexus.net

Q&A: The myths and realities of hacking an election

Election hacking has become a key topic during this year's presidential elections, more so now that candidates and voters are being actively targeted by actors that are assumed to be acting with Russian support. In this modified edition of CSO Online's Hacked Opinions series, we explore the myths and realities of hacking an election, by speaking with a number of security experts.Q: Can the national election really be hacked? If so, how? "It’s unlikely that the national election could really be hacked to alter the outcome. Voter registration databases have recently proven vulnerable, but adding, modifying, or deleting records doesn’t produce the intended effect (changed outcome); it just raises questions about the integrity of the database on election day," said Levi Gundert, CP of Intelligence and Strategy, Recorded Future.To read this article in full or to leave a comment, please click here

Hacking an election is about influence and disruption, not voting machines

Every time there's an election, the topic of hacking one comes to the surface. During a presidential election, that conversation gets louder. Yet, even the elections held every two years see some sort of vote hacking coverage. But can you really hack an election? Maybe, but that depends on your goals.The topic of election hacking is different this year, and that's because someone is actually hacking political targets. Adding fuel to the fire, on Aug. 12, 2016, during an event in Pennsylvania, Donald Trump warned the crowd that if he loses the battleground state, it's because the vote was rigged.To read this article in full or to leave a comment, please click here

One election-system vendor uses developers in Serbia

Voting machines are privately manufactured and developed and, as with other many other IT systems, the code is typically proprietary.The use of proprietary systems in elections has its critics. One Silicon Valley group, the Open Source Election Technology Foundation, is pushing for an election system that shifts from proprietary, vendor-owned systems to one that that is owned "by the people of the United States."To read this article in full or to leave a comment, please click here

If the election is hacked, we may never know

The upcoming U.S. presidential election can be rigged and sabotaged, and we might never even know it happened.This Election Day voters in 10 states, or parts of them, will use touch-screen voting machines with rewritable flash memory and no paper backup of an individual's vote; some will have rewritable flash memory. If malware is inserted into these machines that's smart enough to rewrite itself, votes can be erased or assigned to another candidate with little possibility of figuring out the actual vote.To read this article in full or to leave a comment, please click here

QoS – Quick Post on Low Latency Queuing

A friend was looking for some input on low latency queuing yesterday. I thought the exchange we had could be useful for others so I decided to write a quick post.

The query was where the rule about the priority queue being limited to 33% came from. The follow up question is how you handle dual priority queues.

This is one of those rules that are known as a best practice and doesn’t really get challenged. The rule is based on Cisco internal testing within technical marketing. Their testing showed that data applications suffered when the LLQ was assigned a to large portion of the available bandwidth. The background to this rule is that you have a converged network running voice, video and data. It is possibly to break this rule if you are delivering a pure voice or pure video transport where the other traffic in place is not business critical. Other applications are likely to suffer if the LLQ gets too big and if everything is priority then essentially nothing is priority. I have seen implementations using around 50-55% LLQ for VoIP circuits which is a reasonable amount.

How should dual LLQs be deployed? The rule still applies. Continue reading

3 nightmare election hack scenarios

The question on the mind of many voting security experts is not whether hackers could disrupt a U.S. election. Instead, they wonder how likely an election hack might be and how it might happen. The good news is a hack that changes the outcome of a U.S. presidential election would be difficult, although not impossible. First of all, there are technology challenges -- more than 20 voting technologies are used across the country, including a half dozen electronic voting machine models and several optical scanners, in addition to hand-counted paper ballots. But the major difficulty of hacking an election is less a technological challenge than an organizational one, with hackers needing to marshal and manage the resources needed to pull it off, election security experts say. And a handful of conditions would need to fall into place for an election hack to work.To read this article in full or to leave a comment, please click here

Hacked voter registration systems: a recipe for election chaos

How do you disrupt the U.S. election? Hacking a voter registration database could very well do just that. Imagine thousands or even millions of citizens' names mysteriously disappearing from a database. Then when election day comes along, they find out they aren't registered to vote. Some security experts warn that this scenario isn't totally far-fetched and could deny citizens from casting ballots. "If that happens to a few voters here and a few there, it's not a big deal," said Dan Wallach, a professor at Rice University who studies electronic voting systems. "If that happens to millions of voters, the processes and procedures we have would grind to a halt."To read this article in full or to leave a comment, please click here

5 ways to improve voting security in the US

With the U.S. presidential election just weeks away, questions about election security continue to dog the nation's voting system. It's too late for election officials to make major improvements, "and there are no resources," said Joe Kiniry, a long-time election security researcher. However, officials can take several steps for upcoming elections, security experts say. "Nobody should ever imagine changing the voting technology used this close to a general election," said Douglas Jones, a computer science professor at the University of Iowa. "The best time to buy new equipment would be in January after a general election, so you've got almost two years to learn how to use it."To read this article in full or to leave a comment, please click here

IDG Contributor Network: Building an insider threat program that works — Part 2

Organizations attempting to implement a world-class insider threat program have learned from experience what doesn't work well (see Part I of this post). As a result, they have a better sense of what they require to prevail in today's evolving insider threat landscape.There is an emerging consensus that any world-class insider threat program must have the following three core characteristics:1. Preventive: Organizations want more than just a threat detection system that tells them an attack has already taken place. They need an early-warning system that allows them to prevent insider threat events through a comprehensive threat assessment framework that leverages all available internal and external data and produces far fewer false negatives and positives.To read this article in full or to leave a comment, please click here

iSCSI Cheat Sheet Released

The source of content goes to mostly Cisco Live & Cisco Validated Designs, but offcoruse it's just an extract of those information.

Feel free to share your idea, I'm always looking to improve this if I find any other material to add here.

Click here to download iSCSI Cheat Sheet

iSCSI Cheat Sheet Released

The source of content goes to mostly Cisco Live & Cisco Validated Designs, but offcoruse it's just an extract of those information.

Feel free to share your idea, I'm always looking to improve this if I find any other material to add here.

Click here to download iSCSI Cheat Sheet

Panasonic sends data by human touch

Panasonic has developed a prototype data transmission system that sends data via human touch.

Worth Reading on Network Guru

Just wanted to point you to two excellent blog posts recently published by Russ White.

Reaction: DevOps and Dumpster Fires

If teaching coders isn’t going to solve the problem, then what do we do? We need to go to where the money is. Applications aren’t bought by coders, just like networks aren’t.

Cisco ACI Multipod

Since 2.0, Multipod for ACI enables provisioning a more fault tolerant fabric comprised of multiple pods with isolated control plane protocols. Also, multipod provides more flexibility with regard to the full mesh cabling between leaf and spine switches. When leaf switches are spread across different floors or different buildings, multipod enables provisioning multiple pods per floor or building and providing connectivity between pods through spine switches.

A new White Paper on ACI Multipod is now available

http://www.cisco.com/c/en/us/solutions/collateral/data-center-virtualization/application-centric-infrastructure/white-paper-c11-737855.html?cachemode=refresh

US tech giants say they didn’t do Yahoo-style email spying

Reports of a secret Yahoo program to search through customers' incoming emails has spurred other tech companies to deny ever receiving a similar request from the U.S. government.The program, reportedly created last year through a classified U.S. order, involves Yahoo searching through hundreds of millions of user accounts at the behest of the National Security Agency or FBI.Other U.S. tech companies, including Google, Microsoft, Twitter and Facebook, denied doing anything like it. Most also said they would challenge such a request in court.Privacy advocates said the government enlisting Yahoo to assist in email monitoring would be wrong.To read this article in full or to leave a comment, please click here

US tech giants say they didn’t do Yahoo-style email spying

Five questions about taking Google’s new phones to work

Google unveiled a massive strategic shift on Tuesday, announcing that it is officially getting into the business of designing and releasing its own smartphones. The Pixel and Pixel XL, announced at a special event in San Francisco, are the company's first forays into that market after working with outside manufacturers for several years to produce its Nexus line of devices. The phones are snazzy gizmos packed with some of the latest features that Google could come up with, like a new intelligent assistant and a high-quality camera. It feels like one of the best Android smartphones on the market and could be a serious contender to take on Apple's iPhone, especially for people looking to purchase a flagship smartphone.To read this article in full or to leave a comment, please click here

OpenConfig, RESTCONF, and Automated Cable Verification at iNOG9

Last week I was in Dublin for business which just so happened to overlap with iNOG9, which was last Wednesday. As luck would have it, I had the opportunity to speak at iNOG9 about network automation.

You can watch the video if you want to see the presentation, but the three mini demos I gave were:

Cable verification on Juniper vMX devices using Ansible
Automating BGP on IOS-XR using OpenConfig BGP models using Ansible
Using Postman to explore and demo the new RESTCONF/YANG interface on IOS XE.

Few words about each.

Cable verification

Usually when the topic of network automation comes up, configuration management is assumed. It should not be as there are so many other forms and types of automation. Here I showed how we can verify cabling (via neighbors) is accurate on a Junos vMX topology. Of course, the hard part here is having the discipline to define the desired cabling topology first. Note: links for sample playbooks can be found below on the GitHub repo.

OpenConfig BGP Automation with Ansible

I built a custom Ansible module built around NETCONF (ncclient), but uses the OpenConfig YANG model for global BGP configuration. For example, this is the Continue reading

A Triple-Provider Vagrant Environment

In this post, I’d like to share with you some techniques I used to build a triple-provider Vagrant environment—that is, a Vagrant environment that will work unmodified with multiple backend providers. In this case, it will work (mostly) unmodified with AWS, VirtualBox, and the VMware provider (tested with Fusion, but should work with Workstation as well). I know this may not seem like a big deal, but it marks something of a milestone for me.

Since I first started using Vagrant a couple of years ago, I’ve—as expected—gotten better and better at leveraging this tool in a flexible way. You can see this in the evolution of the Vagrant environments found in my GitHub “learning-tools” repository, where I went from hard-coded data values to pulling data from external YAML files.

One thing I’d been shooting for was a Vagrantfile that would work with multiple backend providers without any modifications, and tonight I managed to build an environment that works with AWS, VirtualBox, and VMware Fusion. There are still a couple of hard-coded values, but the vast majority of information is pulled from an external YAML file.

Let’s take a look at the Vagrantfile that I created. Here’s Continue reading