The Internet has millions of pieces of technical information, and even top secret information slipping though the backbone at any minute. Some of it is encrypted, some is not. The Top Secret encrypted electronic data may be at a level of risk that we did not foresee.
The recent suspicions of China re-routing internet traffic through their networks is really much more significant than one can imagine, primarily because any miscreant that wants to hack your data no longer has to get access to it by local means.
In other words you at one time had to put a grub of some kind on the network to start directing data to you, if you were a bad guy. Now you can just redirect network traffic through your portal, and then record everything that comes through for 10 months. Then re-assemble the data and analyze it, decrypting it at your leisure.
What does this mean for the average bear?
If a rogue state wanted to gain a secret clearance and read secret data, all they have to do is direct a copy to their network and record it. As data transmits between offices, sometimes whole documents are shared and whole documents become at risk.
Formulas, equations, sophisticated cryptography primers, all are sent back and forth between offices, often encrypted, but the problem exists as you can no longer expect your packets to be routed strait to your other office. They may go through China, and it is not a difficult task now to mirror the data off a single port on a switch somewhere, completely without detection.
It used to sound like a really lame idea, but with computers now, it is easier to reassemble billions of particles of data, then decrypt it without the risk of a trail leading right to your house.
Marloe Group is an IT Management Company and Consultant to small and medium sized businesses that focuses on Internet Security Issues. Our target audience is CEO's and Office Managers that have to manage a plethora of different technologies and stay on top of threats and possible business interruptions.
Tuesday, November 23, 2010
Thursday, November 18, 2010
Port 80 Love Fest.
In an effort to subdue the tyrants, the hackers and miscreants that rule the internet right now, manufacturers of firewalls and filtering products are releasing their next generation products, or have been for the last six months. After seeing these new capabilities, the daunting task of grasping the incredible amount of change in a single year becomes obvious.
Not only hackers but software writers (the good guys), have come to a universal conclusion. They like port 80.
Everything on the internet is running on port 80 now. Well maybe not everything but just about EVERYTHING. So you can’t tell Facebook traffic from Farmville or a botnet from twitter traffic like you used to, they are not using the ports that used to be specific to them.
Sadly the black hat industry is just too big now, and the rest of the world is caught inside this war between the good guys and the bad guys that may never end. The world has to make their products work somehow, so they work on the only port available, port 80. All the other ports have been blocked by firewalls, and as you probably know already, it takes an act of congress for a company to get their network Nazis to open up any new ports on the firewall.
So to resolve the problem it is a port 80 love fest.
What does this mean for the average bear?
Your old firewall works less well every second, possibly even if you just purchased a new one recently. The technology has changed so much that hackers will have an upper hand for a solid year before the public can get prepared, and that is assuming that the public will attempt to get prepared.
This new generation of filtering will not be able to stop the new progression of attacks, but it will be able to see each one much easier. These new technologies will be able to adapt faster hopefully to deal with new issues and new tactics.
Hackers are delivering their new line of malware across port 80 with ease, and the only way to resolve this issue is to start identifying all the different applications running on the internet. Ha Ha you say that is crazy talk?
Nope, that is what must be done. Then you can start allowing and blocking specific applications and even restricting services to a specific account. For example, you don’t want Facebook open all over your network, so you only allow people access to the company Facebook account.
Sadly, no one can play Farmville anymore.
The technology has been out there for a select few, but it will have to become available for everyone if we are to stem the tide. But a sad indication is lurking in the shadows…
No one is yet going after the bad guys, and indication that we are somehow tolerating the crimes. We are just building new products to fight off their new attacks. Doesn’t this sound like an old Star Trek episode or something?
Not only hackers but software writers (the good guys), have come to a universal conclusion. They like port 80.
Everything on the internet is running on port 80 now. Well maybe not everything but just about EVERYTHING. So you can’t tell Facebook traffic from Farmville or a botnet from twitter traffic like you used to, they are not using the ports that used to be specific to them.
Sadly the black hat industry is just too big now, and the rest of the world is caught inside this war between the good guys and the bad guys that may never end. The world has to make their products work somehow, so they work on the only port available, port 80. All the other ports have been blocked by firewalls, and as you probably know already, it takes an act of congress for a company to get their network Nazis to open up any new ports on the firewall.
So to resolve the problem it is a port 80 love fest.
What does this mean for the average bear?
Your old firewall works less well every second, possibly even if you just purchased a new one recently. The technology has changed so much that hackers will have an upper hand for a solid year before the public can get prepared, and that is assuming that the public will attempt to get prepared.
This new generation of filtering will not be able to stop the new progression of attacks, but it will be able to see each one much easier. These new technologies will be able to adapt faster hopefully to deal with new issues and new tactics.
Hackers are delivering their new line of malware across port 80 with ease, and the only way to resolve this issue is to start identifying all the different applications running on the internet. Ha Ha you say that is crazy talk?
Nope, that is what must be done. Then you can start allowing and blocking specific applications and even restricting services to a specific account. For example, you don’t want Facebook open all over your network, so you only allow people access to the company Facebook account.
Sadly, no one can play Farmville anymore.
The technology has been out there for a select few, but it will have to become available for everyone if we are to stem the tide. But a sad indication is lurking in the shadows…
No one is yet going after the bad guys, and indication that we are somehow tolerating the crimes. We are just building new products to fight off their new attacks. Doesn’t this sound like an old Star Trek episode or something?
Wednesday, November 3, 2010
Rule no.5
Ghost Fleet Status
When I was in the Marines we had a radio the size of a refrigerator and it was mounted on the back of a jeep. The power supply was just as big, and that was mounted underneath the radio. When you popped open the transmitter door, immediately your eyes fell onto this one giant tube the size of a basketball. For those of you who don’t remember President Ford and Billy Beer, a tube is what we now call a chip. This was before Steve Martin suggested everyone get small. They used to be made of glass, and they were pressurized, so they popped when you dropped them. Radios used to be full of them.
This jeep radio thing was awesome. You could take it to a parking lot like at the grocery store, set up the antennae and crank up the radio, wait a few seconds and hear yourself talk. The signal went around the world. It would also light up all the florescent lights in the store and in the parking lot when you keyed the mic.
One day, when prepping for a deployment through the air, I noticed the jeep was being prepared to be dropped out of an airplane. I told an officer that was with me, “Sir… I don’t think this is going to make it.”
“What do you mean?”
“This tube is going to shatter upon impact... It's too big to withstand an air drop isn’t it?”
“Awe hell no, we do it all the time.”
Hours later, the plane flew over, and out popped the jeep. It was huge, and you could see it from anywhere in America I think. The first thing I noticed was the tremendous speed. I thought that maybe over the years, since it had a governor on the engine, and it had to carry 800 pounds of radio, it had never gotten the opportunity to go very fast. Although every driver that had gotten behind that black plastic wheel, had their foot to the floor all day long, it was not very agile, and I felt that maybe this was more than just an air deployment for that jeep.
The jeep fell like a rock. It was balanced very well, the weight of the engine and the weight of the radio made it fall flat, but the parachute on the back pulled the rear higher, high enough so that it looked like it was screaming down the highway. Looking back now, maybe it was.
The parachute apparatus failed to deploy. It was like a long tail trembling in the wind behind the jeep, and seeing it my first thought was, they do this all the time? The jeep landed and created what we in the business call negative Earth. It was definitely a suicide. The officer that was with me turned and looked right at me, “I guess you were right about that tube.”
Those radios were decommissioned eventually. When we decommissioned an old radio, we pretty much made it as new as possible before retiring it into the Ghost Fleet. The Ghost fleet is awesome, because it is this magical place where time absolutely stands still. Old tanks planes and ships go to these places where they are used for parts or just to stand by in the event we need them.
In IT we have to do the same thing. We have to decommission our old equipment, and some of it gets recycled and some gets retired to the Ghost Fleet. Either way, there are rules that you have to follow.
Otherwise, if not, if you fail to follow common business procedures, and you have done like some people do – run it into the ground, then you have to rebuild it, fix it or otherwise make it work. The point is you have to be able to get the data that you are by law required to produce, from whatever means you used to produce it before. If you ran that server into the ground and it died, you will be trying to fix a seven year old machine just to put it in a closet somewhere.
That is not money well spent.
When I was in the Marines we had a radio the size of a refrigerator and it was mounted on the back of a jeep. The power supply was just as big, and that was mounted underneath the radio. When you popped open the transmitter door, immediately your eyes fell onto this one giant tube the size of a basketball. For those of you who don’t remember President Ford and Billy Beer, a tube is what we now call a chip. This was before Steve Martin suggested everyone get small. They used to be made of glass, and they were pressurized, so they popped when you dropped them. Radios used to be full of them.
This jeep radio thing was awesome. You could take it to a parking lot like at the grocery store, set up the antennae and crank up the radio, wait a few seconds and hear yourself talk. The signal went around the world. It would also light up all the florescent lights in the store and in the parking lot when you keyed the mic.
One day, when prepping for a deployment through the air, I noticed the jeep was being prepared to be dropped out of an airplane. I told an officer that was with me, “Sir… I don’t think this is going to make it.”
“What do you mean?”
“This tube is going to shatter upon impact... It's too big to withstand an air drop isn’t it?”
“Awe hell no, we do it all the time.”
Hours later, the plane flew over, and out popped the jeep. It was huge, and you could see it from anywhere in America I think. The first thing I noticed was the tremendous speed. I thought that maybe over the years, since it had a governor on the engine, and it had to carry 800 pounds of radio, it had never gotten the opportunity to go very fast. Although every driver that had gotten behind that black plastic wheel, had their foot to the floor all day long, it was not very agile, and I felt that maybe this was more than just an air deployment for that jeep.
The jeep fell like a rock. It was balanced very well, the weight of the engine and the weight of the radio made it fall flat, but the parachute on the back pulled the rear higher, high enough so that it looked like it was screaming down the highway. Looking back now, maybe it was.
The parachute apparatus failed to deploy. It was like a long tail trembling in the wind behind the jeep, and seeing it my first thought was, they do this all the time? The jeep landed and created what we in the business call negative Earth. It was definitely a suicide. The officer that was with me turned and looked right at me, “I guess you were right about that tube.”
Those radios were decommissioned eventually. When we decommissioned an old radio, we pretty much made it as new as possible before retiring it into the Ghost Fleet. The Ghost fleet is awesome, because it is this magical place where time absolutely stands still. Old tanks planes and ships go to these places where they are used for parts or just to stand by in the event we need them.
In IT we have to do the same thing. We have to decommission our old equipment, and some of it gets recycled and some gets retired to the Ghost Fleet. Either way, there are rules that you have to follow.
- Servers when decommissioned must go into the Ghost Fleet for at least 30 Days. That way if the new server is unstable we can go right back to the old one and keep on working.
- What dictates the server Ghost Fleet status is also tapes. If you have a tape drive in that machine, and your company policy dictates you retain the tapes for three years, that means your server will be in Ghost Fleet status for three years.
- It has to be working.
Otherwise, if not, if you fail to follow common business procedures, and you have done like some people do – run it into the ground, then you have to rebuild it, fix it or otherwise make it work. The point is you have to be able to get the data that you are by law required to produce, from whatever means you used to produce it before. If you ran that server into the ground and it died, you will be trying to fix a seven year old machine just to put it in a closet somewhere.
That is not money well spent.
Subscribe to:
Posts (Atom)