99 Problems and Configuration and Telemetry Ain’t Two

Isn’t SNMP just great? I love monitoring my network using an unreliable transport mechanism and an impenetrable and inconsistent data structure. Configuring my devices using automation is equally fun, where NETCONF has been subverted into something so ridiculously vendor-specific (and again, inconsistent), that each new device type (even from a single vendor) can mean starting again from scratch. Is there any hope for change? OpenConfig says yes.

Monitoring The Network

Love it or hate it (hate it), SNMP remains the de facto standard for alerting and monitoring. I think we cling on to SNMP as an industry because we’re scared that any replacement will end up being just as clunky, and we’d simple be putting expensive lipstick on a particularly ugly pig. If we want to get rid of SNMP, whatever comes next will need to bring significant benefits.

Configuring the Network

If you’re dedicated to making changes manually, it’s likely you don’t care much about the mechanisms currently available to automate configuration changes. However, I can assure you that writing scripts to make changes to network device configurations is a frustrating activity, especially in a multi-vendor environment. I should add that I consider automating CLI commands and screen-scraping the Continue reading

Take them seriously — you could change the world

We often think that because we’re engineers, squirreled away in the basement suite (we used to have a fireproof suit hanging in the basement elevator as a little joke on the IT world at one job), we can’t have a huge impact on people. Or maybe it’s because you don’t think you’re famous enough — you don’t have a blog, several books published, multiple speaking engagements, and you don’t work for some big vendor. Whatever the reason for thinking you don’t — or shouldn’t — have an impact in someone’s life, let me say this.

You’re wrong.

The impact of one person can hardly be underestimated; from a book I read recently, for instance:

I turned and walked out of his office, closing the door with the characteristic rattle of the frosted glass pane. Though I could not have put it into words then, I was a different person from the one who had walked into that office ten minutes earlier. A person for whom I had the highest regard had taken me seriously. If he thought I was worthy of an hour of his time every week, then just maybe I was worth something. -Michael Card, The Walk

The Continue reading

FCC: 10 percent of Americans still lack access to proper broadband

Last week, we reported on the strides Internet services providers in the United States have made to improve broadband connection speeds, but noted how ISPs still have a lot of catching up to do. Case in point: As Endgadget reported Friday, a new Federal Communications Comission report shows that as of 2014, roughly 10 percent of Americans still didn’t have access to a broadband Internet connection that meets the FCC’s minimum definition of broadband (25 megabits per second download; 3Mbps upload—a standard that the agency set in early 2015).To read this article in full or to leave a comment, please click here

The Microsoft Exchange Server settings you must get right

Microsoft has invested millions of dollars into Azure and Office 365, and their competitors are following suit with bona fide public cloud offerings of their own. But public cloud solutions are not for everyone. Organizations of many stripes have legitimate reasons for not wanting their restricted data on systems beyond their total control.For many of these entities, on-premises Exchange Server is a messaging must. Microsoft continues to update the software with the assurance that any improvements made to its cloud-based stack will eventually trickle down. Increasingly, these features are adding layers of complexity to the already daunting task of running an enterprise-grade messaging system. It's easy to get lost when going through hardware capacity planning, setting up DAGs (database availability groups) and site resiliency, configuring mail routing, and making sure your users can actually connect to the system.To read this article in full or to leave a comment, please click here

Why Syncsort introduced the mainframe to Hadoop

When you think of leaders in big data and analytics, you’d be forgiven for not listing Syncsort among them. But this nearly 50-year-old company, which began selling software for the decidedly unglamorous job of optimizing mainframe sorting, has refashioned itself into a critical conduit by which core corporate data flows into Hadoop and other key big data platforms. Syncsort labels itself "a freedom fighter" liberating data and dollars -- sometimes millions of dollars -- from the stranglehold of big iron and traditional data warehouse/analytics systems.In this installment of the IDG CEO Interview Series, Chief Content Officer John Gallant spoke with Josh Rogers, who was named CEO this week, as well as outgoing CEO Lonne Jaffe, who remains as Senior Advisor to Syncsort’s board. Among other topics, the pair talked about why Syncsort was recently acquired by Clearlake Capital Group, and how Syncsort’s close partnership with Splunk is dramatically improving security and application performance management.To read this article in full or to leave a comment, please click here(Insider Story)

Why Syncsort introduced the mainframe to Hadoop

When you think of leaders in big data and analytics, you’d be forgiven for not listing Syncsort among them. But this nearly 50-year-old company, which began selling software for the decidedly unglamorous job of optimizing mainframe sorting, has refashioned itself into a critical conduit by which core corporate data flows into Hadoop and other key big data platforms. Syncsort labels itself "a freedom fighter" liberating data and dollars -- sometimes millions of dollars -- from the stranglehold of big iron and traditional data warehouse/analytics systems.To read this article in full or to leave a comment, please click here(Insider Story)

Your license plate: Window to your life

Big Brother watching you is bad enough. But Big Brother allowing hackers to watch you as well is worse.And that is increasingly the case, thanks to the indiscriminate, and insecure, collection of vehicle license plate data, according to recent reports from the Electronic Frontier Foundation (EFF) and the alt-weekly DigBoston.The technology at issue is Automated License Plate Readers (ALPR) – cameras mounted on patrol cars or stationary roadside structures like utility poles that record not just the plate number, but metadata including the date, time and location of the vehicle.EFF reported late last year that it had found, “more than a hundred ALPR cameras were exposed online, often with totally open Web pages accessible by anyone with a browser.” Those cameras were in several Louisiana communities; in Hialeah, Florida; and at the University of Southern California.To read this article in full or to leave a comment, please click here

OED tools: Chocolatey

The problem Install software on Windows and keep it updated is a boring and repetitive task. Linux and BSD/OSX users can install software from packages and keep it updated with a simple apt-get update;apt-get upgrade command. Wouldn’t it be great to have the same feature on Windows? The automation Chocolatey is a package manager for […]

Lenovo Thinkpad T420: Another excellent, inexpensive Linux laptop

For the past three years, I have been using a Lenovo Thinkpad T400 as my main platform for researching open-source network simulators and emulators. The T400 is an excellent, inexpensive computer that, even today, offers excellent value.

lenovo-thinkpad-t420-1

But, I need a computer that supports high-resolution external monitors so it must have a DisplayPort output. I also want to expand the number of VMs I can run concurrently with adequate performance so I need a processor that supports HyperThreading. I want to switch to the Ubuntu Linux distribution and the Ubuntu Unity desktop environment needs just a bit more processing power to run smoothly.

I recently purchased a used Lenovo Thinkpad T420 laptop, which offers everything I want and more. It is a five-year old product but it offers all the ports and performance I need. Because it is well past its depreciation curve, anyone can purchase a used T420 for a very low price. Read on to learn more about the Lenovo Thinkpad T420, another excellent and inexpensive Linux platform.

The Lenovo Thinkpad T420

The Lenovo Thinkpad T420 is a business-class notebook produced in 2011 that was leased in large volumes by companies for use by their employees. Now, Continue reading

11 tips for spotting insider threats

Security pros are constantly being warned about insider threats. We’re told our companies need next-generation software, integrated threat intelligence, and the ability to correlate massive amounts of event logs and context to arm ourselves against these threats.We’re told that these tools are necessary to block attacks and to recover from attacks, should they be successful. Unfortunately, when companies eventually figure out that they’ve been compromised, they also discover their systems had been compromised for an extended period of time.“Insider threats can include a combination of malicious insiders, compromised insiders, and careless insiders,” says Wade Williamson, director of product marketing at Vectra Networks. “You will need clear visibility for identifying all of these threats, but they will differ in behavior and how security will be able to detect them.”To read this article in full or to leave a comment, please click here(Insider Story)

Uncovering the Seven Pointed Dagger

The full report “Uncovering the Seven Pointed Dagger: Discovery of the Trochilus RAT and Other Targeted Threats” can be downloaded here. Threat actors with strategic interest in the affairs of other governments and civil society organizations have been launching targeted exploitation campaigns for years. Typically, these campaigns leverage spear phishing as the delivery vector and often […]

Uncovering the Seven Pointed Dagger

The full report “Uncovering the Seven Pointed Dagger: Discovery of the Trochilus RAT and Other Targeted Threats” can be downloaded here.

Threat actors with strategic interest in the affairs of other governments and civil society organizations have been launching targeted exploitation campaigns for years. Typically, these campaigns leverage spear phishing as the delivery vector and often include malicious attachments designed to bypass typical detection controls. In other cases, spear phish directs users to websites that would otherwise be trusted but actually have been compromised by threat actors seeking greater access to fulfill their actions and objectives.

In late 2015, ASERT began investigations into a Strategic Web Compromise (aka “Watering Hole”) involving websites operated by the government of Myanmar and associated with recent elections. All indicators suggest that the compromises were performed by an actor group known to collaborators at Cisco’s Talos Group as “Group 27”. These initial findings – focused around the PlugX malware – were released by ASERT in a report called “Defending the White Elephant.” Analysis of PlugX malware configuration suggested that Special Economic Zones (SEZs) in Myanmar were of interest.

Following the trail of emergent threat activity, ASERT has discovered a new Remote Access Trojan (RAT) in use Continue reading

REVIEW: MailScanner and ScrolloutF1 are standouts in open source email security

Email security is of paramount concern in any organization. A significant percentage of malware is delivered via email, on the premise that an unsuspecting user will open the message, allowing the malware payload onto the user’s machine. From there, malware can worm its way into the network and wreak various kinds of havoc, often undetected, sometimes for months or even years.It should then come as no surprise that a significant industry has grown up around the serious business of containing email threats. We decided to review four open source products to see if they could deliver enterprise-grade security. The four products were CipherMail, MailScanner Scrollout F1 and hMailServer.To read this article in full or to leave a comment, please click here(Insider Story)

Best open source email security products

Email securityEmail security is of paramount concern in any organization. A significant percentage of malware is delivered via email, on the premise that an unsuspecting user will open the message, allowing the malware payload onto the user’s machine. From there, malware can worm its way into the network and wreak various kinds of havoc, often undetected, sometimes for months or even years. We decided to review four open source products to see if they could deliver enterprise-grade security. The four products were CipherMail, MailScanner Scrollout F1 and hMailServer. Read the full review.To read this article in full or to leave a comment, please click here

NZ IPv6 & DNSSEC Update

A year ago I published a table of New Zealand ISP IPv6 support. At the time support was fairly poor. I’m pleased to report that things have gotten better over the last year. There has also been a very pleasing uptick in DNSSEC support.

IPv6 Changes

The big movers here are Trustpower & Orcon, who have both enabled IPv6 by default for their users. So now we have the two largest ISPs still only offering IPv4, but all of the next tier of ISPs are offering IPv6. New Zealand has a flexible ISP market, and almost all consumers can change provider quickly & easily. This means that IPv6 is effectively available for all who want it.

NZ-IPV6

New Zealand IPv6 Availability – Click image to see APNIC data

The numbers are still small, but we can see a move upwards towards the end of the year when Orcon & Trustpower enabled IPv6. Many legacy home routers have IPv6 disabled, but as these get replaced/reconfigured, I expect to see a steady increase in IPv6 uptake across those ISPs.

The two market leaders – Spark & Vodafone still only offer broken promises. In 2014 Vodafone implied it was not far away: “I can Continue reading