De-Coder’s Ring

Software doesn’t have to be hard

Page 3 of 15

Slow Down: Wrong Cables

I made a bone head move this week.   I went onsite to a new customer, who we love, to install a new network sensor.  It’s been a crazy hectic few weeks with the growth we’re having @ Perch Security, but that’s not really a valid excuse.  I’m owning up to my mistake, and reflecting on it.. thankfully, our customers are super cool and they get it.

Normally, I label our sensors for easy installation.

Dang, look at that sticker

That way, our customers know which port to plug into their management network, and which port is going to be watching their mirror/span/tap.  The installation went well.  The sensor was talking to my cloud.  The problem was, the sensor was only seeing broadcast data.  No typical network traffic (HTTP, SMTP, etc.  see:  post ).  Obviously it was a mirror configuration problem.  After all, if the sensor has an IP address and can talk out, the management port CAN’T be plugged into the mirror port.  It’s not my problem, it’s the switch!    (Uh oh, bad assumption right there, it turns out).     I would have known that, if I had the right ports plugged into the right ports on the switch.   Ugh.

Of course, this time we had a lot of new things

  • New hardware build, so unfamiliar with layout of the back
  • No stickers (cause it fell off in transit, argh!)
  • No indicator on the back of the sensor to which port is which

All of these things were in place because I was rushing around like a dying chicken.  That’s a thing, right?

Now it’s time to reflect.   How do I set us up for success going forward?     I have instructions.  I have labels.   I have the know how to do it all.

I just need to slow down.  Slow down.  Slow down.

(( Thank you for reading my self reflection for the week.  If you don’t hire me some day because of this post, that’s OK.. I ain’t perfect  ))

 

Blog Name???

Apparently I need a new blog name.

People don’t like “Chris’ Blog”

That’s understandable.  It’s boring.  It’s not content descriptive. It doesn’t show my personality.

This writing and creative stuff is hard work for me, maybe I name it something like:

“Forced Technicals”

“Reluctant Writer”

“I write cause I should”

“Technical Thoughts from a Non Writer”

Any ideas?

 

Cybersecurity Arms Race: The Nuclear Option

I see you

Sandboxing files and detecting unexpected system behaviors is one of the best approaches to finding exploits.  FireEye did it really well when they first came out with their network monitoring products.   Watch a network, extract files, shove into a sandbox, explode, see what happens.  They were credited with finding a ton of 0-day type events.  Now, we can do the same with open source software.

Then you hear about malware that can detect it’s in a sandbox or a Virtual Machine.   If it detects the virtual environment, then it doesn’t explode, doesn’t infect, doesn’t do the bad things.  Then we invest money into figuring out how to hide the virtual host or sandbox from the malware.   Arms race!   Who can do it better.   I hide, you detect, you hide, I detect.  It’s one example of the cybersecurity arms race.

In traditional warfare, the winner of the arms race has a bigger gun.   Well, a bigger stick, then a  bigger rock, then a bigger bow, gun, missile, etc.  There’s an end game there.   The nukes.  Whoever has the nukes is on top.   Even when the foe has a nuke, the arms has can’t continue.  We’re at a stalemate.  Mutually assured destruction if we all use our nuclear arms.  When we all have the biggest gun, none of us can use it.    (another blog post later about moving the traditional warfare to the cybers, but that’s for later.

What’s the nuclear option for cyber war fare?

The closes thing I can think of for mutually assured destruction would be around taking down the Internet as a whole.  It may not even be possible.   Can someone wipe out all the core routers, heck, all the routers in the world?   Is that the end?   It makes me think of my favorite definition of envy (vs Jealousy).    jealousy is “I want what you have”.. not totally bad, can help motivate someone, etc.    Envy is “I want what you have, but since I don’t, you can’t have it either”.   Going nuclear on the Internet would drastically affect every life on the planet (ok, maybe not every, but anyone who’s in a ‘civilized’ place).  If it’s even possible…

Law Enforcement Backdoor – Wide Open Spaces

ATTACK!

The news this past week has been all about the terror attacks in London.  This is a horrific event.  The pointless loss of life can never be allowed and law enforcement needs to do all it can in order to stop it.   Law enforcement / governments should be asking for a back door in encryption technology.  They should be trying to crack it.

We as citizens and technologists, can not allow them to succeed.   We certainly can’t give them a back door to read all encrypted traffic!

Some of you may be thinking, “wait, those two statements are contradictory!”.   I disagree.  We, the general population, have a different set of motivations than the federal government.   They’re not necessarily competing, but they’re not the same.   The government should be trying to break encryption.  If this stops some nut job countries who are trying to launch ICBMs at us, then yes! Stop them!

If they’re using broken encryption to spy on US citizens , then heck no, we won’t go.

What is encryption?

Encryption is  a mathematical scheme that allows data to be transferred between two or more parties.  Typically, modern encryption for the web involves a private and a public key.    Party A (me) will share my public key with you.   Party B (you) will share your public key with me.   Within apps like WhatsApp or Signal handles the keys behind the scenes.  The math allows me to alter data, using your public key.  Then, I send you the data that you can use your private key to decrypt.  It’s big math, that I definitely don’t understand, but it’s near uncrackable.  The longer the keys, the harder it is to decrypt.

That sounds bad for law enforcement, let’s give them a back door

A backdoor is a short cut. It’s a ‘universal’ key that allows the key holder to read the contents.   Think about it like a letter in the mail.  I drop a letter in the mail, and since I glued it shut, no one else can read it (bear with my on this analogy).  Now, law enforcement wants to make sure they know we’re not doing anything illegal.   They want to peek into your envelope.  They want a secret code to open a secret flap on your envelope that only they know how to open.

Genius, right?

Ultimately, putting the back door in place for Law Enforcement is an awful idea and will only open the doors to the wrong people using the back door.

Imagine this.  You’re at home, and the police department calls you.   “Hey Mr Jones, we want a back door so we can know when some one is robbing you.  We want to prevent rape, murder, pillaging etc.   Just build a new entry way, and hide it.   Only we’ll know where it is”.   They  make that call to everyone in the neighborhood, and everyone complies, because you know, “we have nothing to hide!”

All goes well for a year or so.. then all of a sudden, things go missing in everyone’s house.   Identity theft goes on the rise and we can’t figure out what happened.

Remember that law enforcement back door?  Yeah, the little hoodlum down the street found it on your house.   Then your neighbors house.  Then all the houses.

Think about it from the law enforcement agency (and this may be getting real, in today’s society).   Since they have the back door, they can now log all encrypted internet traffic for finding later.  Remember that bad thing you said about the president elect?  Now he’s president…. and doesn’t like people who say bad things against you.   Once he does a search to find who said bad things.. then.. he’ll do bad things *

Long story short, backdoors for law enforcement can sound good to some people.  If they’ll prevent terror attacks or stop crimes ‘before’ they happen, then that’s awesome.  The problem though, is that we would lose our privacy.  That’s a non-starter.

 

from passiveaggressivenotes.com – http://www.passiveaggressivenotes.com/2012/11/26/nothing-to-see-here/

 

  • This is not a real scenario in the US.. Thank God on that…. let’s pray that it doesn’t ever get to that.

« Older posts Newer posts »

© 2017 De-Coder’s Ring

Theme by Anders NorenUp ↑