I read an excellent rant by prof. Victor Galitski describing the current explosion of Quantum Computing hype, and couldn’t help being reminded of the OpenFlow brouhaha we experienced almost a decade ago – you could do a simple search-and-replace and the article would have been equally valid.
Enjoy… and remember the details for the next time your beloved vendor comes along with Quantum Computing slide deck.
In this week’s episode of the Gestalt IT Rundown, I jumped on my soapbox a bit regarding the latest Pegasus exploit. If you’re not familiar with Pegasus you should catch up with the latest news.
Pegasus is a toolkit designed by NSO Group from Israel. It’s designed for counterterrorism investigations. It’s essentially a piece of malware that can be dropped on a mobile phone through a series of unpatched exploits that allows you to create records of text messages, photos, and phone calls and send them to a location for analysis. On the surface it sounds like a tool that could be used to covertly gather intelligence on someone of interest and ensure that they’re known to law enforcement agencies so they can be stopped in the event of some kind of criminal activity.
If that’s where Pegasus stopped, I’d probably not care one way or the other. A tool used by law enforcement to figure out how to stop things that are tough to defend against. But because you’re reading this post you know that’s not where it stopped. Pegasus wasn’t merely a tool developed by intelligence agencies for targeted use. If I had to guess, I’d say the groundwork for it was laid when the creators did work in some intelligence capacity. Where things went off the rails was when they no longer did.
I’m sure that all of the development work on the tool that was done for the government they worked for stayed there. however, things like Pegasus evolve all the time. Exploits get patches. Avenues of installation get closed. And some smart targets figure out how to avoid getting caught or even how to detect that they’ve been compromised. That means that work has to continue for this to be effective in the future. And if the government isn’t paying for it who is?
If you guessed interested parties you’d be right! Pegasus is for sale for anyone that wants to buy it. I’m sure there are cursory checks done to ensure that people that aren’t supposed to be using it can’t buy it. But I also know that in those cases a few extra zeros at the end of a wire transfer can work wonders to alleviate those concerns.Whether or not it was supposed to be sold to everyone or just a select group of people it got out.
Here’s where my hackles get raised a bit. The best way to prevent a tool like this from escaping is to never have created it in the first place. Just like a biological or nuclear weapon, the only way to be sure it can never be used is to never have it. Weapons are a temptation. Bombs were built to be dropped. Pegasus was built to be installed somewhere. Sure, the original intentions were pure. This tool was designed to save lives. What happens when the intentions aren’t so pure? What happens when your enemies are terrorist but politicians with different views? You might scoff at the suggestion of using a counterterrorism tool to spy on your ideological opponents, but look around the world today and ask yourself if your opponents are so inclined.
Once Pegasus was more widely available I’m sure it became a very tempting way to eavesdrop on people you wanted to know more about. Journalist getting leaks from someone in your government? Just drop Pegasus on that phone and find out who it is. Annoying activist making the media hate you? Text him the Pegasus installer and dump his phone looking for incriminating evidence to shut him up. Suspect your girlfriend of being unfaithful? Pegasus can tell you for sure! See how quickly we went from “necessary evil to protect the people” to “petty personal reasons”?
The danger of the slippery slope is that once you’re on it you can’t stop. Pegasus may have saved some lives but it has undoubtedly cost many others too. It has been detected as far back as 2014. That means every source that has been compromised or every journalist killed doing their work could have been found out thanks to this tool. That’s an awful lot of unknowns to carry on your shoulders. I’m sure that NSO Group will protest and say that they never knowingly sold it to someone that used it for less-than-honorable purposes. Can they say for sure that their clients never shared it? Or that it was never stolen and used by the very people that it was designed to be deployed against?
The escalation of digital espionage is only going to increase. In the US we already have political leaders calling on manufacturers and developers to create special backdoors for law enforcement to use to detect criminals and arrest them as needed. This is along the same lines as Pegasus, just formalized and legislated. It’s a terrible idea. If the backdoor is created it will be misused. Count on that. Even if the people that developed it never intended to use it improperly someone without the same moral fortitude will eventually. Oppenheimer and Einstein may have regretted the development of nuclear weapons but you can believe that by 1983 the powers that held onto them weren’t so opposed to using them if the need should arise.
I’m also not so naive as to believe for an instant that the governments of the world are just going to agree to play nice and not developer these tools any longer. They represent a competitive advantage over their opponents and that’s not something they’re going to give up easily. The only thing holding them back is oversight and accountability to the people they protect.
What about commercial entities though? If governments are restrained by the people then businesses are only restrained by their stakeholders and shareholders. And those people only seem to care about making money. So if the best tool to do the thing appears and it can make them a fortune, would they forego they profits to take a stand against categorically evil behavior? Can you say for certain that would always be the case?
Governments may not ever stop making these weapons but perhaps it’s time for the private sector to stop. The best ways to keep the barn doors closed so the horses can’t get out is not to build doors in the first place. If you build a tool like Pegasus it will get out. If you sell it, even to the most elite clientele, someone you don’t want to have it will end up with it. It sounds like a pretty optimistic viewpoint for sure. So maybe the other solution is to have them install their tool on their own devices and send the keys to a random person. That way they will know they are being watched and that whomever is watching them can decide when and where to expose the things they don’t want known. And if that doesn’t scare them into no longer developing tools like this then nothing will.
Productivity monitoring tools and short-sighted managers desperate to ensure employees keep busy could poison distributed work, making working from home even more unpleasant than being in the office.
The post Will Productivity Surveillance Ruin Remote Work? appeared first on Packet Pushers.
In this Network Break Quick Take, Greg Ferro and Drew Conry-Murray discuss a partnership between NVIDIA and Palo Alto Networks in which NVIDIA’s Bluefield-2 Data Processing Unit (DPU), will accelerate networking function on virtual instances of Palo Alto Networks firewall. Listen to the full Network Break episode from July 19, 2021. You can subscribe to […]
The post NVIDIA, Palo Alto Networks DPU Partnership Hints At More Interesting Things To Come – Video appeared first on Packet Pushers.
There was a tweet making the rounds this last week that gave me pause. Max Clark said that we should embrace single points of failure in the network. His post was an impassioned plea to networking rock stars out there to drop redundancy out of their networks and instead embrace these Single Points of Failure (SPoF). The main points Mr. Clark made boil down to a couple of major statements:
I’m sure more networking pros out there are practically bristling at these suggestions. Others may read through the original tweet and think this was a tongue-in-cheek post. Let’s look at the argument logically and understand why this has some merit but is ultimately flawed.
I’m going to tackle the second point first. The idea that you can use cheaper gear and have cold standby equipment just sitting on the shelf is one that I’ve heard of many times in the past. Why pay more money to have a hot spare or a redundant device when you can just stock a spare part and swap it out when necessary? If your network design decisions are driven completely by cost then this is the most appealing thing you could probably do.
I once worked with a technology director that insisted that we forgo our usual configuration of RAID-5 with a hot spare drive in the servers we deployed. His logic was that the hot spare drive was spinning without actually doing anything. If something did go wrong it was just as easy to slip the spare drive in by taking it off the shelf and firing it up then instead of running the risk that the drive might fail in the server. His logic seemed reasonable enough but there was one variable that he wasn’t thinking about.
Time is always the deciding factor in redundancy planning. In the world of backup and disaster recovery they use the acronym RTO, which stands for Recovery Time Objective. Essentially, how long do you want your systems to be offline before the data is restored? Can you go days without getting your data back? Or do you need it back up and running within hours or even minutes? For some organizations the RTO could even be measured in mere seconds. Every RTO measurement adds additional complexity and cost.
If you can go days without your data then a less expensive tape solution is best because it is the cheapest per byte stored and lasts forever. If your RTO is minutes or less you need to add hardware that replicates changes or mirrors the data between sites to ensure there is always an available copy somewhere out there. Time is the deciding factor here, just as it is in the redundancy example above.
Can your network tolerate hours of downtime while you swap in a part from off the shelf? Remember that you’re going to need to copy the configuration over to it and ensure it’s back up and running. If it is a consumer-grade device there probably isn’t an easy way to console in and paste the config. Maybe you can upload a file from the web GUI but the odds are pretty good that you’re looking at downtime at least in the half-hour range if not more. If your office can deal with that then Max’s suggestions should work just fine.
For organizations that need to be back up and running in less than hours, you need to have fault tolerance in your network. Redundant paths for traffic or multiple devices to eliminate single points of failure are the only way to ensure that traffic keeps flowing in the event of a hardware failure. Sure, it’s more complicated to troubleshoot. But the time you spend making it work correctly is not time you’re going to spend copying configurations to a cold device while users and stakeholders are yelling at you to get things back online.
Let’s look at the first point here. Single box solutions are better because they are simple to manage and give you everything you could need. Why buy a separate switch, firewall, and access point when you can get them all in one package? This is the small office / branch office model. SD-WAN has even started moving down this path for smaller deployments by pushing all the devices you need into one footprint.
It’s not unlike the TVs you can buy in the big box stores that have DVD players, VHS players, and even some streaming services built in. They’re easy to use because there are no extra wires to plug in and no additional remote controls to lose. Everything works from one central location and it’s simple to manage. The package is a great solution when you need to watch old VHS tapes or DVDs from your collection infrequently.
Of course, most people understand the drawbacks of this model. Those devices can break. They are much harder to repair when they’re all combined. Worse yet, if the DVD player breaks and you need to get it repaired you lose the TV completely during the process instead of just the DVD player. You also can’t upgrade the components individually. Want to trade out that DVD for a Blu-Ray player? You can’t unless you install one on its own. Want to keep those streaming apps up-to-date? Better hope the TV has enough memory to keep current. Event state-of-the-art streaming boxes will eventually be incapable of running the latest version of popular software.
All-in-one devices are best left to the edges of the network. They function well in offices with a dozen or so workers. If something goes bad on the device it’s easier to just swap the whole thing instead of trying to repair the individual parts. That same kind of mentality doesn’t work quite so well in a larger data center. The fact that most of these unified devices don’t take rack mounting ears or fit into a standard data center rack should be a big hint that they aren’t designed for use in a place that keeps the networking pieces off of someone’s desk.
I smiled a bit when I read the tweet that started this whole post. I’m sure that the networks that Max has worked on work much better with consumer all-in-one devices. Simple configurations and cold spares are a perfectly acceptable solution for law offices or tag agencies or other places that don’t measure their downtime in thousands of dollars per second. I’m not saying he’s wrong. I’m saying that his solution doesn’t work everywhere. You can’t run the core of an ISP with some SMB switches. You should run your three-person law office with a Cat6500. You need to decide what factors are the most important for you. Don’t embrace failure without thought. Figure out how tolerant you or your customers are of failure and design around it as best you can. Once you can do that you’ll have a much better idea of how to build your network with the fewest points of failure.
I’ve just published the latest episode of Heavy Strategy with Johna Til-Johnson. In this episode we discuss five issues that we think IT Architects should be considered for 2021. The discussion on why and why not should be helpful for your own thinking and prepare you for discussions in your own organisations. You can find […]
Pays bug bounty pittance, spends big on speculative productFly.io founder Kurt Mackey explains how an app hosted on Fly.io goes multi-region. It’s pretty much just a CLI parameter. There’s more to it, of course, but they take care of the heavy lifting. Hear the full show. Visit Kurt on Twitter. You can subscribe to the Packet Pushers’ YouTube channel for more videos as […]
The post Easy Multi-Region Apps With Fly.io (Kurt Mackey) – Video appeared first on Packet Pushers.
This Network Break Quick Take discusses why HPE acquired Zerto and Ampool. Zerto operates a cloud-based continuous data protection service, and Ampool offers a cloud-based SQL analytics platform. To hear the full Network Break podcast, listen here. You can subscribe to the Packet Pushers’ YouTube channel for more videos as they are published. It’s a […]
The post HPE Buys Zerto And Ampool To Make GreenLake Stickier For Customers – Video appeared first on Packet Pushers.
Major Hayden tells how his insanely popular passion project, ICanHazIP.com, got started. Never heard of ICanHazIP.com? It gets billions of hits a day–not an exaggeration. The site got so big that Major has handed over the project to the loving embrace of CloudFlare. We tell the story on Heavy Networking in the July 9, 2021 […]
The post How Did ICanHazIP.com Get Its Start? – Video appeared first on Packet Pushers.
Last week we explored the basics of unnumbered IPv4 Ethernet interfaces, and how you could use them to save IPv4 address space in routed access networks. I also mentioned that you could simplify the head-end router configuration if you’re using DHCP instead of per-host static routes.
Obviously you’d need a smart DHCP server/relay implementation to make this work. Simplistic local DHCP server would allocate an IP address to a client requesting one, send a response and move on. Likewise, a DHCP relay would forward a DHCP request to a remote DHCP server (adding enough information to allow the DHCP server to select the desired DHCP pool) and forward its response to the client.
The traditional wisdom claimed that a Cisco IOS router cannot compare routes between different OSPF routing processes. The only parameter to consider when comparing routes coming from different routing processes is the admin distance, and unless you change the default admin distance for one of the processes, the results will be random.
Following Vladislav’s comment to a decade-old blog post, I decided to do a quick test, and found out that code changes tend to invalidate traditional wisdom. OSPF inter-process route selection is no exception. That’s why it’s so stupid to rely on undefined behavior in your network design, memorize such trivia, test the memorization capabilities in certification labs, or read decades-old blog posts describing arcane behavior.
I planned to take my summer break seriously and stop blogging until late August, but then I shouldn’t have looked at my Twitter feed (my bad), where the AI algorithms selected just the right morsel to trigger the maximum rantiness. I would strongly recommend you read the original tweet and all the responses first – it looks like it was a serious suggestion, not a trolling exercise.
Not the app but the integration
</figure>
I’ve worked for a Value Added Reseller (VAR) in the past and it was a good run of my career before I started working at Tech Field Day. The market was already changing eight years ago when I got out of the game. With the advent of the pandemic that’s especially true today. Quite a few of my friends say they’re feeling the pressure from their VAR employer to stretch beyond what they’re accustomed to doing or outright being treated in such a way as to be forced out or leaving on their own. They tell me they can’t quite understand why that’s happening. After some thought on the matter I think I know. Because you represent debt they need to retire.
We don’t start our careers knowing everything we need to know to make it. The industry spends a lot of time talking about careers and skill paths and getting your legs under you. Networking people need to learn Cisco or Juniper or whatever configuration language makes the most sense for them. Wireless people need to learn how to do site surveys and configure access points. Server people need to learn operating systems and hypervisors. We start accumulating skills to land jobs to earn money and hopefully learn more important skills to benefit our careers.
Who benefits from that learning though? You certainly do because you gain new ways to further your career. But your VAR gains value as well because they’re selling your skills. The “value added” part is you. When you configure a device or deploy a network or design a system you’re adding value through your skills. That’s what the VAR is charging for. Your skills are their business model. No VAR stays in business just reselling hardware.
Accumulating skills is the name of the game. Those skills lead to new roles and more responsibility. Those new roles lead to more money. Perhaps that means moving on to new companies looking to hire someone that has your particular expertise in an area. That’s a part of the game too, especially for VARs. And that’s where the whole debt mess starts.
Your skills are valuable. They’re also debt. They represent a cost in time, money, and resources. The investment that your VAR makes in you is a calculated return on that debt. If your company primarily deploys Cisco networks then the training you get to install and configure Cisco switches is a return on your VAR being able to hire you out to do that skill. Being able to install and configure Juniper switches isn’t a valuable skill set for them unless they move into a new line of business.
People are no different. We acquire skills that suit us for a time that we may or may not use forever. It’s like riding a bike. We use it a lot when we’re young. We stop using it when we start to drive. We may start again when we need to use a bike for college or for living in a large city or if we pick up cycling or mountain biking as a sport. However, the bike riding skill is always there. It is a sunk cost for us because we acquired it and keep it with us.
For a VAR, your skill is not a sunk cost. It’s a graph of keeping the amount of billable hours you contribute above the line of debt that you create to the company. If you spend 85% of your time installing Cisco switches you are well above the debt line to the company. But if your company stops installing so many switches your value starts to fall as well. It could be that the technology is old and no one is buying it. It could be that companies have shifted the way they do business and need different resources and technology. It could be that a new partnership has created competition inside your organization.
No one wants to the be a last buggy whip manufacturer. VARs thrive on attacking markets that are hot with huge potential for profits. When a skill set becomes a commodity VARs are competing on pricing they can’t always win. That drives them to investigate new markets to offer to the customer base. In order to deliver those new technologies and solutions they need skilled people to install and configure them. The easiest solution is to acquire talent to make that happen. As above, VARs are always willing to pay top dollar to professionals with the specific skill sets they need. Bringing someone in to do that new line of business means they’re producing from Day One and keeping their value above the debt line of their salary.
The other way that VARs compete in these new markets is by training existing professionals on the new technology. Everyone that has ever worked in a VAR knows of the people that get tasked with learning how to deploy new storage systems, new network equipment, and even entirely new solutions that customers are asking for. I know I was that person at my old VAR. If it needed to be learned I was the one to do it first. I jumped in to deploying iSCSI storage, wireless access points, and even VoIP phone systems. Each time I had to spend time learning those new skills and adding them to my existing set. It was a cheaper method in the short term than bringing entirely new talent on board.
The friction in the training approach comes when it’s time to value your employees and their skill sets. If I’m getting paid to deploy Cisco switches and now my company wants me to learn how to install Palo Alto firewalls then I’m going to eventually get a raise or a new role to cover this expanded skill set. And rarely, if ever, do employee salaries get adjusted downward to compensate for old skills that are no longer relevant being supplanted by new marketable skills. Suddenly all those technologies I spent so much time learning are technical debt my VAR is paying for.
VARs need to be able to jump into new lines of business in order to survive. And that sometimes means shedding technical debt. If you’re a highly paid employee that earns twice as much as someone that has the specific skill set your VAR needs for a new project then your value to the at this current moment is likely much closer to the negative line of skills versus debt. You may have more experience or more familiarity with the process but that doesn’t translate as well into real value. If it did contractors wouldn’t be as well compensated as they are.
Now your VAR has a choice: keep paying you a lot and investing in their technical debt or bring on someone new that moves more closely with their new lines of business and start the escalator ride all over again. Unless you’re an exceptional employee or you are moved into a management role that usually means you’re let go or encourage to find another role somewhere. Maybe you get lucky and another VAR needs exactly what you offer and they’re willing to pay to get it. No matter what, the VAR is ridding themselves of technical debt. It should be no different than retiring an old laptop or installing new software to do help desk ticketing. But because it’s a person with a life and a family it feels wrong.
Is there an answer to this problem? If there is I don’t think we’ve found it yet. Obviously the solution would be to keep people on staff and pay them what their skill set is worth to the company. But that could entail retraining or readjustment in compensation that people aren’t always willing to do. VARs aren’t going to pay hefty salaries for skills that aren’t making them money. Other VARs may want to pay you for your skills but that’s not always a guarantee, especially if your skill set is extremely specific.
The other possibility is more akin to the contractor system, where you’re only hired for your skills for the period of time that they are needed. In theory that works very well. In practice the challenges of capital asset acquisition and personal benefits make contracting full-time almost as much of a hassle as changing jobs every few years chasing a bigger paycheck or a company that values your skills. There isn’t a clear-cut answer. Part of that reasoning is because the system works just fine the way it is. Why fix it if it’s not broken? It would take a massive shift in IT toward a new paradigm to force the kind of soul searching necessary to change the way VARs handle their staff. Cloud is close. So too is DevOps and programmatic IT. But for the kind of change we’re talking about it’s going to take something even bigger than those two things combined.
After reading this I’m sure half of you are scared to death and swear you will never work for a VAR. That’s a bit short-sighted. Remember that they’re a great source of training and experience. Customer networks stay fairly static and only require specific kinds of maintenance from time to time outside of deployments. If you want to hone your skills on a variety of technologies and get very good at troubleshooting then VAR life is absolutely where you need to be. Just remember that you are a resource with a value and a burden. Despite the mantra of being a “family” or other feel-good nonsense you will eventually reach the point of being the uncle that constantly incurs debt for very little return. Every family shuns those kinds of members. Make sure you know your value and how you can contribute. If that’s not possible where you are now then make sure it is wherever you land with whatever skills you need.
In 2019, over half of businesses were the victims of ransomware attacks with an average cost of $761,106. In 2020, attacks grew even worse with an estimated total price tag of $20 billion. Successful ransomware attacks are growing increasingly common despite the dozens of solutions that claim to provide 100% protection against ransomware. So, what’s going wrong?
Most companies are aware of the threat of ransomware and have taken steps to protect against it. However, the number of successful attacks demonstrates that these approaches aren’t working. Most common anti-ransomware solutions fail because they don’t address the real problem.
Many organizations’ cybersecurity awareness training discusses the threat of ransomware and how to protect against it. They talk about the risks of phishing emails and why it’s important not to click on a link or open a suspicious attachment. They also push the benefits of antivirus. However, ransomware attacks are still occurring, and in fact, growing even more common. The reason is that most anti-ransomware training and strategies are not aligned with today’s real threat.
In 2020, the main ways in which organizations were infected by ransomware was not via email or other automated processes. Instead, it was by human actors manually targeting and penetrating organizations using various software and tolls such as the Remote Desktop Protocol (RDP) or Virtual Private Networks (VPNs) with credentials that were purchased on the darkweb. In cases where the credentials didn’t work the operators would leverage brute force attacks. These aren’t “fire and forget” phishing emails designed to drop ransomware on a target system. They’re human-driven campaigns where an attacker gains access to an organization’s network, explores it, exfiltrates sensitive data, and runs ransomware exactly where and when they want to.
Ransomware is malware, so an anti-malware solution, aka endpoint protection solutions, seem like the perfect protection against ransomware. In theory, installing and frequently running an up-to-date endpoint protection solution should fix the problem, but does it?
While endpoint solutions can defeat most known variants of malware, they can be evaded with relative ease. To effectively detect malware these solutions must have intelligence about the malware in advance of a real-world encounter. When a new, never-before-seen variant of malware surfaces (zero-day malware) , the effectiveness of these solutions is marginal at best. Complicating things further is that the attackers often test their malware against endpoint security solutions in advance of deployment to ensure that it remains fully undetectable.
What’s more problematic is that it takes organizations an average of 280 days to detect a data breach and it takes attackers less than 30 minutes to establish what amounts to an irrevocable foothold. This means that the attackers can explore victim networks for an extended period of time, steal credentials, deploy additional malware, and more. Given this fact, breached organizations can not realistically guarantee the security or safety of their networks without a complete overhaul.
Backups can be an invaluable tool for recovering from a ransomware attack. The traditional ransomware model is based on denying access to data. Assuming that your backup is very recent and wasn’t encrypted as well, then it can be cheaper and easier to restore from it than to pay the ransom.
The problem is that ransomware gangs know this too and have adapted their tactics. In recent years, ransomware gangs have begun performing “double extortion” attacks, which involve data theft on top of the data encryption. If the victim refuses to pay the ransom, then their data is posted publicly or sold to the highest bidder.
These types of attacks mean that relying on backups is not an effective strategy. Regulators don’t care that you’ve restored your data if the exposed data is protected by law. On the bright side, if you don’t have backups, double extortion attacks mean that you can restore your data by downloading a copy, just like everybody else!
Some companies take the approach of paying the ransom demand. In theory, this puts an end to the problem by allowing them to restore their data and making the cybercriminals go away. In reality, this approach does not always work. In some cases, ransomware gangs fail to hand over the decryption key when the ransom is paid. In others, the promised decryptor doesn’t work as well as advertised. This was the case in the recent Colonial Pipeline breach, where the company shelled out $4.4 million for a decryptor that was so slow that the company went back to restoring from backups.
Making the Colonial Pipeline breach even more interesting is that, for the first time ever, the FBI was able to recover most of the funds. To pay the ransom, Colonial needed to exchange ~$4.4 million into 63.7 Bitcoin (BTC) and then transfer the BTC to one of the DarkSide wallets. In a short time, the FBI was able to compromise the private key belonging to that specific wallet and recover all 63.7 BTC. This may sound like a victory but between the time the ransom was paid and recovered the value of BTC declined sharply. As a result, the value of the recovered 63.7 BTC ~$2.3 million resulting in a loss of $2.1 million dollars. Moreover, it’s very likely that any data that was stolen will be published.
Paying a ransom also doesn’t mean that the cybercriminals will go away. In fact, it labels a company as a mark that’s willing to pay up. We’ve witnessed this firsthand. Just recently, a new customer engaged Netragard because they had been the victim of ransom attacks three times by the same group over the span of 4 years. Our consulting team helped them to drastically improve their overall security posture and to try and prevent a fourth incident.
These breaches never go without at least some public notice, even if a victim pays up. Attackers often advertise their victims on the darkweb which entices other attackers to either buy access to their networks or to attack them as “soft” targets. Two screenshots of such sites are provided below just as an example.
Cybercrime has become a business, and that business is maturing. A major part of this increased maturity is the emergence of role specialization on a macro scale. Not all cybercriminals are wunderkids who can do everything. Instead, cybercrime groups are specializing and forming their own “as a Service” economy.
The modern ransomware threat landscape is a perfect example of this. Today’s ransomware campaigns are broken up into two main stages: gaining access and achieving objectives.
Increasingly, groups like the DarkSide behind the recent Colonial Pipeline hack are offering “Ransomware as a Service”. They create the ransomware and other teams (specialized in gaining access to corporate networks) deliver it. Alternatively, a cybercrime group will gain a foothold in an enterprise network and sell it to someone else to use. This is likely what happened in the Equifax hack and is a common part of ransomware operations today.
This evolution of the ransomware campaign creates significant challenges for enterprise cybersecurity. A defense strategy built around antivirus and “don’t click on the link” training won’t deter a professional, well-researched attack campaign. Having a strong lock on the front door doesn’t help much if they come in through the back window.
If traditional approaches to ransomware prevention are not effective, then what is?
Modern ransomware attacks are human driven. Sophisticated cybercriminals can gain entry to a network through a variety of different ways, including many that a vulnerability scanner, industry standard penetration test, or anti-phishing solutions, etc. will never catch.
Preventing these types of breaches requires forward-thinking intelligence about how today’s threat is most likely to align with an organization’s existing points of risk and exposure. The most effective way to gather this intelligence is to experience a real-world attack at the hands of a qualified team that you trust and control. This is where Realistic Threat Penetration Testing comes into play. Realistic Threat Penetration Tests are not provided by most penetration testing firms and are notably different than Red Team engagements. Some of the key characteristics include, but are not limited to:
The product of a Realistic Threat Penetration Test is a technically detailed report that contains the intelligence required to defend against bad actors. This intelligence generally includes information about what vulnerabilities exist, areas where lateral and/or horizontal movement are possible, misconfigurations, gaps in detection capabilities, suggestions for hardening and defending, and more. Of course, the report is the starting point for building a plan and a roadmap to remediate the weaknesses and make the job harder, if not impossible for the bad actors!
To learn more about Realistic Threat Penetration Testing, and how to render your environments more secure, please contact Netragard at sales@netragard.com or info@netragard.com.
The post How to protect against the Modern Ransomware Attack appeared first on Netragard.
Many ways to converge .... Many types of convergeBecause why own it ?Instructor Tony Bourke & Packet Pushers’ Ethan Banks discuss EVPN for network engineers in this 10 part series. The final installment covers lab recommendations and tips for self-learning. You can find the full series playlist here. More Tony @ Datacenteroverlords.com. More Ethan @ Packetpushers.net. You can subscribe to the Packet Pushers’ YouTube channel for more […]
The post Intro To EVPN With Tony Bourke: 10-Self Learning & Labbing Recommendations (Video) appeared first on Packet Pushers.
We’re halfway through 2021 and it’s been going better than last year. Technology seems to be rebounding and we’re seeing companies trying to find ways to get employees to come back into the office. Of course, that is being met head on by the desire to not go back at all and continue to do the job from home that has been done over the past year. Something is going to have to give and I don’t know what that might be.
It may sound like I’m advocating for you to go back into the office and the nine-to-five grind all over again. That’s not quite the point though. What I’m advocating for is figuring out what’s the best way to get your job done. There are numerous stories in the news about companies asking their workers to return, hearing the refusal, and then making it a mandate to get back to their office to do some part of their job that can’t be done remotely.
The refrain of “I’ve been working remotely for the last year” is a pretty common answer to the call for coming back to the office. But have you been doing 100% of your job remotely? Has every aspect of what you do been able to be completed away from your desk? And if it has, are you doing 100% of the work you were doing in January 2020? I think a lot of the remote work that we’ve seen as of late is a consequence of our jobs needing to be done away from the office but also a reduction in things that have to be done in person. We are able to do our jobs from our house because we’ve reduced or eliminated the things that have to be done face-to-face.
I can say for sure that my role, even having been remote in the past, isn’t the same as it was in early 2020. I used to be on airplanes at least twice a month. I’m finally getting back on one for the first time in over a year next week. The idea of almost foreign to me at this point. And it’s because we knew that there were things that were going to need to change at work due to our inability to do them in person. So while I can say that I can do my job entirely from my house right now it’s only because the part of my job that requires me to get on an airplane all the time hasn’t fully come back into force yet.
This rings even more true for companies that have specific in-person needs. Apple is making news because they’re still pushing to have their employees come back to Cupertino where necessary. That may sound draconian to some until you remember that there is a lot work work on hardware prototypes and development that happens in that building. Those aren’t really things you can do at home. And given how tightly Apple holds that information there’s no way they’re going to allow it to be outside their walls unless absolutely necessary. I don’t know what the right answer is for Apple or for hardware companies in general but the extremes of both sides aren’t likely to get their way entirely.
Several of my friends have remarked that they hate the phrase “new normal” when referring to how society has changed over the past year. The idea that the things we’re doing are going to be permanent parts of our lives from here on out. Yet, for all the grousing about wearing masks or supply shortages or lockdowns when the situation benefits us we’re happy to make it permanent.
The working from home mandates we’ve seen should be examined just like those other measures that aren’t “normal”. It was an emergency measure designed to keep the doors open as long as possible until we could pull through everything going on. Now that it’s time to look at those decisions again people are chafing because this is the one thing they actually like out of the whole pandemic response.
Compromise doesn’t work like that. You don’t get to pick and choose the things you get to have your way on. Instead, you need to figure out what makes the most sense and implement the things that are best for those all around. If that means going back into the office two days a week to do things that can only be accomplished there then maybe that’s what needs to happen. Granted there are still ways to find common ground and negotiate. Maybe you can work from home every other Friday. Or you can adjust your schedule in other ways. But holding out hope that the situation will continue to benefit you as it is right now without any form of further compromise isn’t a likely scenario.
I know it sounds a lot like “doom and gloom” for those that want to continue to work from home all the time. As someone that has been doing it for a while I don’t know if I could ever go back into an office full-time. But I also know that when the time comes soon for me to get back to my “office” on an airplane that it’s going to need to happen. Because we can’t get back to the old normal without getting back to the way things were done before. There very well could be a paradigm shift on the horizon for working in offices and how our jobs can be changed to not require in-person work. But I don’t think we’re going to see that happen directly after what we’ve all experienced. That road has more twists and turns yet to come whether it’s headed back to the office or all the way home.
John Capobianco walks Ethan Banks through his Merlin project. In this video, John gathers data about a network interface using Merlin and then uses text-to-speech and Twilio to call Ethan’s phone when the interface goes down. Merlin…https://github.com/automateyournetwork/merlin John’s Blog…https://automateyournetwork.ca More John on Packet Pushers…https://packetpushers.net/?s=capobianco You can subscribe to the Packet Pushers’ YouTube channel for more […]
The post Network Voicebots Using John Capobianco’s Merlin OSS Project (Video) appeared first on Packet Pushers.
Instructor Tony Bourke & Packet Pushers’ Ethan Banks discuss EVPN for network engineers in this 10 part series. You can find the full series playlist here. More Tony @ Datacenteroverlords.com. More Ethan @ Packetpushers.net. You can subscribe to the Packet Pushers’ YouTube channel for more videos as they are published. It’s a diverse a mix […]
The post Intro To EVPN With Tony Bourke: 09-Populating L3VNI Routes + Type 2 Sequence Numbers (Video) appeared first on Packet Pushers.
Instructor Tony Bourke & Packet Pushers’ Ethan Banks discuss EVPN for network engineers in this 10 part series. This episode covers hardware requirements to support EVPN. You can find the full series playlist here. More Tony @ Datacenteroverlords.com. More Ethan @ Packetpushers.net. You can subscribe to the Packet Pushers’ YouTube channel for more videos as […]
The post Intro To EVPN With Tony Bourke: 08-EVPN Hardware Requirements (Video) appeared first on Packet Pushers.
In February 2018, Irena Marčetič joined ipSpace.net to fix the (lack of) marketing. After getting that done, she quickly took over most of sales, support, logistics, content production, guest speaker coordination… If you needed anything from us in the last few years, it was probably Irena answering your requests and helping you out.
She did a fantastic job and transformed ipSpace.net from Ivan and an occasional guest speaker to a finely tuned machine producing several hours of new content every month. She organized our courses, worked with guest speakers, podcast guests and hosts, participated in every guest speaker webinar to take notes for the editing process, managed content editing, watched every single video we created before it was published to make sure the audio was of acceptable quality and all the bloopers were removed… while answering crazy emails like I need you to fill in this Excel spreadsheet with your company data because I cannot copy-paste that information from your web site myself and solving whatever challenges our customers faced.
Unfortunately, Irena decided to go back to pure marketing and is leaving ipSpace.net today. Thanks a million for all the great work – we’ll badly miss you.
Instructor Tony Bourke & Packet Pushers’ Ethan Banks discuss EVPN for network engineers in this 10 part series. You can find the full series playlist here. More Tony @ Datacenteroverlords.com. More Ethan @ Packetpushers.net. You can subscribe to the Packet Pushers’ YouTube channel for more videos as they are published. It’s a diverse a mix […]
The post Intro To EVPN With Tony Bourke: 07-Understanding EVPN VRFs Part 3 IP VRF L3VNI With Symmetric IRB (Video) appeared first on Packet Pushers.
I’m trying to figure out what makes a network engineer truly a “senior” engineer. What skills, mostly non-technical, do they possess in order to bring value to the work place?
I’ll share my opinions based on my experience having held junior and senior IT engineering roles, as well as multiple managerial stints with engineers as direct reports. I’m mostly going to address IT engineering broadly rather than networking specifically, as my opinion is the same no matter which tech silo an engineer might hail from.
As Ravi asked about “mostly non-technical” skills, I’ll be brief here. From a technical perspective, I believe a senior IT engineer is primarily differentiated from a junior in one word–experience. The senior engineer has installed more systems, planned more changes, fixed more problems, and survived more outages than a junior engineer in the same organization.
Ideally, that experience has led to wisdom about how technology can best serve the business needs of an organization. This wisdom will tend to eschew needlessly complex designs, nerd knobs, and “science experiments” conducted in production. This wisdom will also result in difficult problems being resolved more quickly. Experienced folks know somewhat instinctively the root causes of many problems because they’ve been there before.
Certification aficionados might believe paper credentials are the fastest road to seniority. Shouldn’t technical prowess count for something? Of course, technical skills are crucial to an engineering team. However, I would place an uncertified network engineer with ten years of experience into a senior role before a CCIE with two years of experience. With all kindness to any wunderkinds, I view a CCIE with only two years on the job as a potential risk to be carefully managed.
From a non-technical perspective, I believe a senior IT engineer has many of the following characteristics. To me, a senior IT engineer…
Understands the business. A senior engineer understands the role they and the IT team at large plays in furthering the business goals of an organization. A senior grasps the organization’s mission, competitive landscape, business & accounting cycles, crucial IT systems, and ongoing projects. With this context, a senior can more ably balance the riskiness and usefulness of an IT initiative and advise business stakeholders appropriately.
Engages other IT groups. A senior IT engineer recognizes that application delivery is facilitated by an integrated IT stack. Their technology silo doesn’t exist in a vacuum. Therefore, a senior doesn’t blindly fulfill tickets from other IT groups. Instead, the senior reviews requests with a systemic view, engages requestors to understand what’s driving a request, and then fulfills the request with a solution that’s best for the business and the IT system as a whole.
Documents. A senior engineer creates and maintains clear procedures and accurate, relevant system documentation. A senior engineer’s documentation is prioritized, enabling the rest of the team, and therefore the organization, to function capably in their absence. If an engineer is the only one able to perform certain tasks, then the organization they serve is at risk.
Mentors. A senior is willing to share their technical knowledge and experience, and possesses the ability to do so effectively. A senior does not hoard knowledge or accrue exclusive system privileges to themselves.
Shares glory. A senior IT engineer gives others on the team the opportunity to succeed, and gives credit where due.
Is reliable. A senior engineer can be relied upon to show up to the workplace whether remotely or in person for the culturally expected hours. They are performing their expected work, and can be counted on by their teammates and co-workers across the organization to play their part.
Takes ownership. A senior leads & drives projects by seeing themselves as a stakeholder. They care about their projects, and want to see them delivered well. During an outage, a senior owns a problem resolution rather than being defensive about their pet technology or insisting, “It’s not me!” Whether the problem is with “their” tech or not, they commit to helping find a resolution that will put the business back on track.
Finds answers. A senior stays abreast of relevant technology, researching industry state and making potential recommendations to the business. While researching, the senior, due to a healthy skepticism, avoids breathless hype cycles.
Understands problems clearly. Trouble tickets often lie. For example, the classic “the internet is down” ticket rarely means that the internet is down. A “network down” ticket citing an HTTP 500 error as a symptom indicates the network is, in fact, up. A senior knows how to obtain the information necessary to quickly facilitate problem resolution.
Communicates clearly. Clear communication involves understanding the audience and sharing the data key to that audience while avoiding both over- and under-communicating. Seniors have honed their communication skills in IT meetings, in project discussions where business stakeholders are present, and in writing to technical groups (usually project-related) and to non-technical groups (such as outage or maintenance notifications).
Pushes back maturely. A senior engineer appropriately pushes back when too much is requested of them. Capable engineers sometimes develop a martyr complex, where they’ll take on work beyond their scope of responsibilities or that would diminish the work they are chiefly engaged to do. Senior engineers recognize the danger of burnout and risk to a business when too much is being asked of them, and can properly present this risk to leadership, no matter the outcome.
If you have more thoughts on how to separate junior and senior engineers, please let me know. Maybe you disagree with my categorizations. I’m happy to field those comments as well. Send them my way. My DMs are open on Twitter as well as the free Packet Pushers Slack group.
Instructor Tony Bourke & Packet Pushers’ Ethan Banks discuss EVPN for network engineers in this 10 part series. This installment includes a discussion on stretched VLANs and Spanning Tree. You can find the full series playlist here. More Tony @ Datacenteroverlords.com. More Ethan @ Packetpushers.net. You can subscribe to the Packet Pushers’ YouTube channel for […]
The post Intro To EVPN With Tony Bourke: 06-Stretched VLANs & Spanning Tree (Video) appeared first on Packet Pushers.
Network Operations Engineer Curt Norris discusses with host Ethan Banks how Juniper certs helped him get better at automation and whether he’s going to bother getting any more certs. It’s complicated. Listen to the entire episode here. You can subscribe to the Packet Pushers’ YouTube channel for more videos as they are published. It’s a […]
The post Can Certs Boost Your Automation Skills? (Video) appeared first on Packet Pushers.
It’s time for another this is what we did in the last six months blog post. Instead of writing another wall-of-text, I just updated the one I published in early January. Here are the highlights:
That’s about it for the first half of 2021. I’ll be back in early September.
Some of the best blog posts I’ve read described a solution (and the process to get there) someone reached after a lot of struggle.
As always, Julia Evans does a wonderful job explaining that in exquisite details.
TL&DR: If you’re about to miss a deadline, be honest about it, and tell everyone well in advance.
I wish some of the project managers I had the “privilege” of working with would use 1% of that advice.
</figure>
It’s not a secret that it’s hard to get stuff done. Procrastination is practically a super power for me. I’ve tried so many methods and systems to keep myself on track over the years that I should probably start a review site. Sadly, the battle of my executive function being on constant vacation and the inability to get organized saps a lot of my ability to execute. It’s gotten to the point where I’ve finally realized that I need to start tricking my brain into getting things done.
Any reputable researcher will tell you that dealing with neurodivergent behaviors like ADHD is all about understanding the reasons why you do the things you do. I know what needs to be done. I just don’t want to do it. Worse yet, anything that I can do to avoid working on something is going to capture my attention because I’d rather be doing something unproductive as opposed to something I don’t like. This can manifest itself in strange ways like preferring to do the dishes instead of writing a blog post or mowing the yard instead of practicing a presentation.
It’s taken me a while but I’ve finally come up with a system that makes it easier to get me into a rhythm to get things done. And because you wouldn’t remember it unless I made it spell out some memorable word, we’re going to call it the FUN System. Because more than three points would likely have gotten lost anyway.
F – Fake It! – It’s going to sound silly but the first step in convincing yourself to do something is often to lie to yourself about how much better it will be when you get it done. Your brain has convinced itself that this is bad and you shouldn’t be doing it. So in order to get it done you’re going to have to convince it otherwise.
We do this all the time to others. Telling kids that veggies taste good. Telling our friends that they should do something for us so they feel better. Selling pretty much anything to anyone. It’s all about convincing someone skeptical to do something they don’t want to do. Your brain is no different. You need to convince yourself to get the thing done. Maybe you promise yourself a reward or some extra downtime or something that just gets you moving. You don’t even have to keep the promise. The key is to use it to overcome the objections your brain has already but up. Fake it however you need to in order to make something happen.
U -Understand It – This one is especially powerful for me. I love learning. Like a lot. Enough that I can often convince myself to get a bigger task accomplished more quickly by learning about it. Understanding the details or the process or figuring out how to make it all work. I binge watch documentaries on Youtube and enjoy reading up on random things to learn more about how they work or why they are the way they are.
This extends to things beyond emails and simple tasks for me. Cooking was something that was easier to accomplish and do more often when I learned how it all works together. Why 350 degrees is the magic baking temperature, for example. Or how different spices can create different styles of flavors. It’s all about learning the ins-and-outs of what you’re trying to do.
The key here is not to fall down the hole of learning more about what you’re trying to do than actually doing it. It’s very easy to get paralyzed by over learning and just sitting there going over the details again and again instead of putting them into practice. Using the above example you may have to tell yourself you can come back to the investigation after you’ve tried it once or twice. Ensure that you use the desire to learn as the driver for getting something accomplished before you procrastinate your day away.
N – Next On The List – The third way I tell myself to get things done is to move them down on the list behind an easy task. It’s a cruel trick that relies on momentum. I tell myself that I got the little easy thing done so I might as well tackle the bigger thing. And it works more often than you might think.
The brain only needs a little dopamine from a sense of accomplishment to keep going. It’s the idea that you’re being productive. So if you need to write something long then put it after a short response email. If you’re dreading a phone call then do it after you’ve tidied your desk or taken out the trash. Doing something small will help you get prepared for the big task and ensure that you can carry forward that little extra push to get through it. As a bonus, the sense of accomplishment from that extra big task will carry forward to a couple others! It’s a like a productivity feedback loop.
The usual disclaimers apply here. This is my method and it may not work for you. You have to learn how your brain works and find ways to keep it moving and working. There are other things that help create the sense of accomplishment, like routine or the enjoyment of results. But in the long run the key is finding a way to get your brain out of the funk of not wanting to do stuff. My FUN System helps me and maybe it will help you too. Try it out if you’re struggling and use it as a basis to make your own fun.
Aaron's Worthless Words
About Networks
BGPmon.net Blog
Brian Raaen
Bridging the gap between CCIE RS and SP
CCIE in 3 Months - Is it Possible?
Chewtoy's Technical Musings
Cioara's Cisco Blog
Evil Routers
FirstDigest
Honest Networker
IPEngineer.net
In Search of Tech
Jason Edelman's Blog
Layer 1 Transport
Loopback Mountain
Masood Ahmad Shah
Moving Packets
My CCIE Training Guide
My Etherealmind
Network Design and Architecture
Networker's Online
Packet Pushers
PacketLife.net Blog
Peter's CCIE Musings and Rants
Potaroo blog
Router Jockey
Routing Freak
SNOsoft Research Team
ShortestPathFirst
The Data Center Overlords
The Network Therapy Blog
The Networking Nerd
Vijay Gill's Blog
XKCD Comics
ipSpace.net Blog (Ivan Pepelnjak)
Last updated:
July 26, 2021 01:00 AM
All times are UTC.
Powered by:
Contact Me
