Showing posts with label Networks. Show all posts
Showing posts with label Networks. Show all posts

October 5, 2017

Reading Your Emails

So you know you typically get a message when you log on your computer at work that there is "no expectation of privacy."

Meaning...you're on the corporate network and so remember that you can be monitored. 

Well we all read that warning and sort of know it by heart.

But do you really think that someone is watching you.

Well be assured that they are!

Talking to one of my colleagues and friends recently and this is what happened.

He had to fire one of his senior guys. 

And I asked him why?

He said:
"Because he was dead wood."

I asked what he meant as this was a senior person in the organization that was being let go.

So he said:
"Well I read the last few days of his emails on his account and he was doing absolutely nothing!"

And I was like hmm, that's amazing that you actually go into his account and read his stuff.

Yeah, I know it's not really his employees--the guy is at work--but still it's his email account that he uses, seriously.

So it's not just some corporate spooks sitting in the bowls of the building in a darkened security operations center behind a lot of cool looking screens monitoring your accounts for suspicious activity.

It's your management too that can logon and see and read your stuff, whenever.

So this guy that was fired wasn't just dead wood, he was actually dead meat. 

"Smile you're on camera" in more ways then one.

So if you decide to write some juicy emails today or save some salacious files on "your" computer or on the network, the expectation surely is that they are being read--you can take that to your privacy bank. ;-)

(Source Photo: Andy Blumenthal)
Share/Save/Bookmark

November 23, 2014

Data 4 Ransom

The future of cybercrime will soon become the almost routine taking of your personal and corporate data as hostage. 

Once the hacker has control of it, with or without exfiltration, they will attach malware to it--like a ticking time bomb.


A simple threat will follow:


"I have your data. Either you pay for your data back unharmed OR your data will become vaporware! You have one hour to decide. If you call the authorities, you data is history."


So how valuable is your data to you?  


- Your personal information--financial, medical, legal, sentimental things, etc.


- Your corporate information--proprietary trade secrets, customer lists, employee data, more.


How long would it take you to reconstitute if it's destroyed?  How about if instead it's sold and used for identity theft or to copy your "secret sauce" (i.e. competitive advantage) or maybe even to surpass you in the marketplace? 


Data is not just inert...it is alive!


Data is not just valuable...often it's invaluable!


Exposed in our networks or the cloud, data is at risk of theft, distortion, or even ultimate destruction. 


When the time comes, how much will you pay to save your data?


(Source Comic: Andy Blumenthal)

Share/Save/Bookmark

November 22, 2014

Dire Warnings On CyberSecurity

This week Adm. Michael Rogers, the Director of the National Security Agency and head of U.S. Cyber Command issued a stark warning to the nation about the state of cybersecurity:

With our cybersecurity over the next decade, "It's only a matter of the 'when,' not the 'if,' that we are going to see something dramatic."

The Wall Street Journal reports that he gave " a candid acknowledgement that the U.S. ISN'T yet prepared to manage the threat!"

China and "one or two others" [i.e. Russia etc.] are infiltrating our SCADA networks that manage our industrial control systems, including our power turbines and transmission systems,.

The cyber spies from the nation states are "leaving behind computer code that could be used to disable the networks  in the future."

Can you imagine...you must imagine, you must prepare--not if, but when. 

(Source Photo: Andy Blumenthal)
Share/Save/Bookmark

September 13, 2014

6 D's Of Cyberwar

Popular Science had a interesting article that spelled out the six D's of Cyberwar:

On the offensive side, you want to destroy, deny, degrade, disrupt, and deceive.

"Unlike World War II code breaking, cyber attacks offer the potential to not just read the enemy's radio, but to seize control of the radio itself."

- Step 1: Infiltrate the enemy's networks and communications and gather/exfiltrate information.

- Step 2:  Compromise the enemy's information either by:

1) Corrupting the enemy's information, planting misinformation, sewing erroneous reports, and causing poor decision-making. 
2) Taking control of their networks, disabling or jamming them, and disrupting their command and control or harming their critical infrastructure and causing mass confusion, destruction, and death.

Examples are "not merely to destroy the enemy's tanks, but to make them drive in circles--or even attack each other" or to cyber attack an enemies control systems for electricity, dams, transportation, banking, and so on. 

With the ability to steal information, sow misinformation, seize control, or even stop the information flow altogether, cyberwar is not just another weapon in our arsenal, but "a tool to help achieve the goals of any given operation."

On the flip side, you want to defend against the enemy's use of cyberspace to hurt us.

We need to continue to get serious about cyberwarfare and cybersecurity and become the masters in the information domain, and quickly. ;-)

(Source Photo: Andy Blumenthal)
Share/Save/Bookmark

January 25, 2014

Remodulate The Shields For Cyber Security


I really like the concept for Cyber Security by Shape Security.

They have an appliance called a ShapeShifter that uses polymorphism to constantly change a website's code in order to prevent scripted botnet attacks--even as the web pages themselves maintain their look and feel.  

In essence they make the site a moving target, rather than a sitting duck. 

This is like Star Trek's modulating shield frequencies that would prevent enemies from obtaining the frequency of the shield emitters so they could then modify their weapons to bypass the shield and get in a deadly attack. 

In real life, as hackers readily change their malware, attack vectors, and social engineering tactics, we need to be agile and adapt faster than the enemy to thwart them. 

Changing defense tactics has also been used by agencies like Homeland Security to alter screening methods and throw potential terrorists off from a routine that could be more easily overcome.

I think the future of IT Security really lies in the shapeshifter strategy, where the enemy can't easily penetrate our defenses, because we're moving so fast that they can't even find our vulnerabilities and design an effective attack before we change it and up our game again.  

And hence, the evil Borg will be vanquished... ;-)
Share/Save/Bookmark

February 2, 2013

A SCIF Can Be Yours


A SCIF can be yours...if the wallpaper is right.

According to PC Magazine, a SCIF (Sensitive Compartment Information Facility) is a secure area where classified information can be discussed and handled. A SCIF is built to prevent information from leaking, being intercepted and compromised. 


Now, your business or home office can have its own SCIF-type protection without the use of more expensive Faraday cage electromagnetic mesh (e.g. chain-link) conductive shielding or Japanese anti-Wi-Fi paint that blocks all frequencies.

BusinessWeek (31 January 2013) reports on a new wallpaper called MetaPaper that blocks Wi-Fi signals and helps "improve data security and network speeds."

The Wi-Fi shielding wallpaper is developed by the French pulp and paper institute, Center Technique du Papier (CTP). 

MetaPaper is a snowflake pattern wallpaper "printed in conductive metallic ink" that "blocks Wi-Fi signals, while still allowing FM radio and emergency frequencies to pass through."

Its filtering is 99% effective (which may not be good enough for handling state secrets, but could be terrific for safeguarding most information) and sells for $12 per square meter. 

Aside from information security, additional benefits of MetaPaper is to protect people's health in terms of attenuating electromagnetic waves that cause genetic damage and cancer as well as socially to create quiet space, Wi-Fi free zones, such as in hospitals and movie theaters. 

Here is a link to a presentation on MetaPaper's development and benefits. ;-)

Share/Save/Bookmark

June 16, 2012

Securing Transport To The Cloud

A new article by Andy Blumenthal on cyber security and cloud computing in Public CIO Magazine (June 2012) called Securing Cloud Data Means Recognizing Vulnerabilities.

"It’s the principle of inertia: An object in motion stays in motion unless disturbed. Just like a car on a highway, everything zips along just fine until there’s a crash. This is similar with information on the superhighway."

Let's all do our part to secure cyberspace.

Hope you enjoy!

(Source Photo: here with attribution to Kenny Holston 21)

Share/Save/Bookmark

March 3, 2012

In The Year 2032 And Beyond

Trends help us to see where things are coming from and potentially where they are going.

There is a Cisco Visual Networking Index (VNI) Forecast for 2010-2015 that projects global IP traffic (voice, video, and data) and the numbers are ginormous!

Here are some highlights from their highlights for where we will be in only 3 years--by 2015: 

- Annual global IP traffic will reach one zettabyte (which is about 100 million x all printed material in the U.S. Library of Congress (which is 10 terabytes)).

- Devices connected to the network will be 2 for 1 for every person on this planet (and many people who live in 3rd world conditions do not have any devices, so what does that say for how many devices the rest of us have?).

- Non-PC traffic (from TVs, tablets, smartphones, more) will reach 15% and is more than doubling every year (makes you think about when you fridge and toaster are going to be connected to the Internet).

- Mobile Data traffic is practically doubling (or 92%) annually meaning a growth of 2,600% over 5 years (and according to the New York Times (5 Jan 2012) "The Top 1% of Mobile Users Consume Half of The World's Bandwidth" and the top 10% of users consume 90%!).

- Video traffic (TV, Video on Demand, Peer to Peer, etc.) will be almost 2/3 (or 62%) of all consumer internet traffic (and services like YouTube, Skype, FaceTime, Hulu are WebEx all play a role as we want to see as much or more than hear what is going on).

The takeaway for me from all this is that truly information transmission is exploding over the Internet, and we will continue to need more advanced technologies to "pipe" it all to where its going and do it faster than ever. 

However to build on these forecasts, over the longer term (further out in time, so more risky, of course)--say 20 years or so--some of my colleagues and I studying at National Defense University project the following:

- Rather than transmitting voice, video, and data over the Internet, we will be focused on transmitting thoughts (mental activity rather than spoken) and transmitting matter (like the Transporter on Star Trek).  

- Transmission of thoughts will occur in real-time, through persistent connections, probably implants in teeth, glasses, subcutaneous, etc.

- Safety and health will be monitored through these same "connections" and medicine or other physiological treatments for routine things will be administered remotely through the same.

- Education will be through instantaneous zaps of information to your brain (like in The Matrix) from a universal database, rather than through traditional in-class or online courses.

- Like now, the contextual policy and legal issues will be around privacy and security--and you will need to pay dutifully for each in a world where not only what you say and do, but rather what you think, can get you in lots of trouble. 

Okay, for these things to happen by 2032 is probably a little aggressive, but don't rule any of them out over time.  ;-)

Share/Save/Bookmark

February 28, 2012

The Star Wars Internet


I just love the creativity of this Star Wars-like animation video to explain how we communicate over the Internet (using the guidelines of Transmission Control Protocol/Internet Protocol, TCP/IP).

From the initiation of the data packets to the transport over the LAN, WAN, and Internet, and through the routers, switches, proxy servers, and firewalls.

The data is packed, addressed, transmitted, routed, inspected, and ultimately received.

This 13 minutes video explains Internet communications in a simple, user-centric approach. It helps anyone to understand the many actors and roles involved in ensuring that our communication get to where it's going accurately, timely, and hopefully safely.

I guess to make this really like Star Wars, we need the evil Darth Vader to (cyber) attack and see how this system all holds up. Where is Luke Skywalker when we need him? ;-)

Great job by Medialab!

Share/Save/Bookmark

December 12, 2010

3G, 4G, XG...Huh?

There is a huge need for speed on our networks—as we demand the latest and greatest download streaming of books, movies, games, and more.

The network generation (or mobile telephony) standards have evolved to soon to be 4th generation (or 4G).

While 3G standards require network speeds for voice and data of at least 200 kbit/s, the 4G-performance hurdle jumps (500x) to 100 mbit/s.

The chart from Wikipedia shows the various standards and how they have evolved over time.

What are interesting to me are two things:

1) Network carriers that are competing for your business are already boasting 4G deliveries even though they do not meet the standards set out by The International Telecommunication Union (ITU), an agency of the U.N. According to Computerworld (22 November 2010), the 100 mbit/s standard is “about 10 times the performance that any carrier…can offer today.” Moreover, technologies such as LTE-Advanced and WiMax 2 that are expected to be 4G complaint aren’t “expected to go live commercially until 2014 or 2015.”

2) While the carriers are touting their various breakthrough standards, most people really have no clue what they are talking about. According to the Wall Street Journal (4 November 2010) on a survey by Yankee Group that “of more than 1,200 consumers found 57% had either never heard of 3G or didn’t understand the term. [And] With 4G, the ranks of the confused jump to 68%.”

Some lessons learned:

In the first case, we need to keep in mind the principle of caveat emptor (or let the buyer beware) when it comes to what the Wall Street Journal is calling the “increased rhetoric underscoring the high-stakes games played by the carriers as they jockey for position.”

In the second, vendors and technologists should understand that they are losing the consumer when they talk “techno-geek.” Instead, all need to use plain language when communicating, and simplify the technical jargon.

The comic in Computerworld (22 November 2010) summarized it well with pictures of all the various GGGG… technologies and the people next it to it saying, “At this point the labels are ahead of the technology.” Of course, I would add that the labels are also ahead of most people’s ability to understand the geek-speak. And we need to fix the communications of both.


Share/Save/Bookmark

November 5, 2010

Turning Consumerism Into Collaboration

I’m sure you’ve noticed that we are historically and fundamentally a consumerist society.

We spend a lot of time and money shopping and buying things—many of the things that we buy, we acknowledge that we don’t even need—just check your attic lately? :-)

Many compulsive buyers have even self-proclaimed themselves “shopaholics.”

Aside from being somewhat obsessive compulsive in the way we treat buying and owning things, we tend to be pretty wasteful in buying and throwing out things, often from individualized, single use servings—think fast food, as one example.

The result, according the Environmental Protection Agency (per WiseGeek), the average American produces 4.4 pounds of garbage a day or 1,600 pounds a year (and that doesn’t include industrial waste or commercial trash).

On the flip side of all the tossing out we do, are “hoarders” or those with the tendency to keep lots of things, often piled high in every corner of their homes and offices; there is even a show called by the same on A&E television dedicated to this.

So we shop a lot, spend a lot, buy a lot, and then consume it, hoard it, or toss it. And we do this with enormous volumes of things and in ridiculously rapid cycle times—for example, how many times a week do you find yourself in the stores buying things or then taking out the trash generated from it? (I can practically hear the lyrics of the Hefty commercial playing: ”Hefty, Hefty, Hefty—Stinky, Stinky, Stinky…”)

Overall, it’s a crazy system of conspicuous consumption driven by perceived needs for materialism, highly refined and effective marketing and advertising techniques, and people’s feelings of relative deprivation.

Yet despite these, there is movement underway to change from a society obscured by habits of personal ownership and consumption to a more healthy and balanced approach based on sharing and reuse.

And this is approach for sharing is happening not just in terms of personal consumption, but also in terms of our organizational use of technology, such as in service-oriented architectures, common and enterprise solutions, virtualization, and cloud computing.

We see change happening as a result of the huge financial deficits we have piled on individually, organizationally, and as a nation; the depletion of our vital natural resources (including concerns about our future energy supplies and other limited raw materials like precious metals etc.); and the fear of pollution and the poisoning our planet for future generations.

An interesting article in Wired called “Other Peoples Property” (Sept. 2010) talks about how we are moving finally toward a model of sharing through peer-to-peer renting sites like at www.zilok.com (with 150,000 items listed including cars, vacations, tools, electronics, cloths, and more) and other swapping sites for books, CDs, video games, etc. like www.swaptree.com. Of course, Zipcars and property timeshares are other fashionable examples of this new way of thinking!

Further, the article references a new book by Rachel Botsman called “What’s Mine is Yours: The Rise of Collaborative Consumption,” about how we are moving to a new consumption model that emphasizes “usefulness over ownership, community over selfishness, and sustainability over novelty.”

With new technologies and tools there is more opportunity than ever to share and reuse, for example:

  • Online repositories of goods and advanced search capabilities provides the ability to find exactly what we are looking for.
  • Embedding everyday items with microprocessors, networking them, and aiding them with geolocation, enables us to get self-status on their presence, health and availability for use.
  • E-commerce, electronic payment, and overnight shipping, gives us the ability to have the items available when and where we need them, and we can then return them for someone else to take their turn to use them.

If we can get over the stigma of sharing and reuse, perhaps, the day is coming when we can think of many non-personal items more in terms of community use and less in terms of mine and yours, and we’ll all be the richer for it.


Share/Save/Bookmark

September 17, 2007

Organizational Awareness and Enterprise Architecture

In User-centric EA, we are focused on the end-user and that means that we are not only aware of the needs of the end-users, but that we are organizationally aware as well. This situational awareness includes an understanding of the actors as well the formal and informal structures they play in and the influence they wield.

The Wall Street Journal, 21 August 2007 reports that “one of the competencies in every study of outstanding leaders is their degree of organizational awareness—reading the informal networks, like influence in the organization.…misreading the choke points, sources of influence, or all of those whose rings need kissing, can spell disaster.”

The chief enterprise architect is responsible for identifying the baseline and establishing the target and transition plan. Setting targets and establishing transition strategies that will really be adopted by the organization (and hence really work) requires a keen sense of the organization, the stakeholders, and the networks (formal and informal).

You can't just plop a plan down and say “here it is, follow it!” Instead, the plans and strategies must truly reflect the people of the organization, their needs and requirements, and be accepted by its power brokers at all levels.


Share/Save/Bookmark