Network Critical - The Window to your Network

Starting the Countdown to GDPR in the EU


If you are in the IT business and you have not yet heard of General Data Protection Regulations (GDPR), you might need to read this blog ASAP. If you have heard of it but are not sure what it is all about…same as above.

Like most government regulations, GDPR is long and uses words that are even longer. If you have your pocket data dictionary handy, you can try to look up some of the more obfuscatory terms but very likely will not find them. There are a few benefits to spending some time understanding this regulation, officially called “Regulation (EU) 2016 679.”

GDPR was passed by the European Commission, The Council of the European Union and the European Parliament. It is broad in its scope and reach across the EU, and consequences for non-compliance can be severe. If you are now worried that you may be out of compliance because you have not even read it yet, do not get your knickers in a twist. Although the GDPR was passed in April of 2016, it does not take effect until May, 2018. So in the meantime, let’s take a quick look at the purpose, scope and non-compliance consequences.

According to Wikipedia, GDPR is a regulation intended to strengthen and unify data protection for all individuals within the European Union (EU). It also addresses the export of personal data outside the EU. The primary objective of the regulation is to give residents control of their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU.

In general, regulatory compliance can be cumbersome and costly. The GDPR however, unifies data protection regulations across the EU, making it easier for international companies to understand and comply with one, rather than many, conflicting regulations. However, the penalty for non-compliance can be pretty severe. Sanctions for breach can range from a warning for first offense or non-intended non-compliance to fines up to 20,000,000 EUR for more severe cases.

Organizations that collect data from EU residents (controllers) and organizations that process data on behalf of controllers (processors) such as cloud service providers and similar contractors are governed by this regulation. Even organizations based outside the EU that collect personal data responsible for GDPR compliance. It does not matter if your organisation is small or global. If your business is deemed a “controller” or a “processor”, you must comply with GDPR.

According to Florian Douetteau, CEO at Dataiku, here are four key steps to get ready for GDPR compliance:

Application: As stated above, all companies processing or controlling personal data that have customers in the EU need to comply. Even companies in the UK, post-Brexit, who have customers in the EU will be governed by GDPR.
Data subjects rights: Data subjects are customers who provide personal data to a company. Data subjects have expanded privacy rights including the right of erasure, the right to access their data, and to question decisions made purely on algorithmic basis.
Internal record keeping requirements: There are specific record keeping requirements that may include the appointment of a Data Protection Officer.

So, you have been reading a lot about GDPR, but have not seen anything yet about pseudonymisation or anonymisation. Remember how government regulations often use long words to define a relatively simple concept? Here is an example: pseudonymisation is a word to describe encryption or other methods of disguising data so it can not be attributed to a specific data subject without a key. Further, the key must be kept separately from the pseudonymised data. Thus, the data will be effectively anonymized.

Of course there are many other requirements for GDPR compliance such as 'Privacy by Design and Default', 'Data Portability', 'Data Breach Notification' and more. Certain appliances such as Data Loss Protection and Intrusion Prevention Systems, may assist in protection from what can be very expensive breaches and sanctions for non-compliance. These appliances can be simply and safely attached to data links by using TAPs and packet Brokers without risking network performance. So, while you are preparing for GDPR compliance coming next year, be sure your perimeter protection is also up-to-date with appropriate traffic visibility and link security. For more information on visibility and perimeter protection, go to www.networkcritical.com.

It might be a little bit of a challenge working pseudonymisation into a cocktail party dialog. However, if you can, your friends will be gobsmacked.

Posted: 09/06/2017 14:05:52 by Network Critical with 0 comments

Hackers! Take Note…


Many of our blogs deal with cyber security. We talk about technical training, user training, passwords, technical advances in cyber protection and many other topics related to network traffic visibility and security. Back in January we talked about the importance of global government cooperation and information sharing as a means to track down sophisticated cyber crime organizations and individuals. We also advocated for new laws and increased penalties for cyber crime.

Cyber crime is no longer a computer geek in a basement stealing a credit card number and buying a new blender. Cyber criminals operate internationally and have developed sophisticated operations using the latest technology and increasingly sophisticated techniques. These organizations prey on corporations, individuals and governments searching for wide ranging information.

Criminal Motives

  • Outright theft of money through bank transfers and account penetration
  • Information theft with the intent of using that information to steal from corporations and individuals
  • Information theft with the intent of embarrassing corporations or individuals
  • Information theft and publication on a very large scale with the intent of influencing public opinion (see: Russian Hacking Scandal)
  • Information theft with the intent of extortion and/or blackmail
  • Information theft under the guise of activism in order to promote a cause (Hacktivism)

Scope of Operations

  • Some hacking organizations are sponsored by governments with massive resources
  • Some organizations are very small or even operated by a single person
  • Regardless of the organizational size, global reach and broad access is easy
  • Physical locations are difficult to trace
  • Cyber movement across boarders is pervasive

With that background, we see that cyber crime is a well organized, well funded and profitable scourge on civil and trusting society. However, government cooperation and commitment to bringing cyber criminals to justice is starting to pay off. Government sponsored anti-hacking organizations are finally putting significant resources behind tracking down these criminals and locking them up…for a long, long time.

Catch and Conviction
Roman Seleznev, a Russian national was convicted in United States court of 38 counts including wire fraud and aggravated identity theft. Mr. Seleznev hacked into point-of-sale devices and stole credit card numbers from over 500 businesses stealing about US$170 million from over 3700 banks. Now, it is easy to see why there were some significant resources behind the tracking, apprehension and conviction of this guy.

Mr. Seleznev was finally tracked and apprehended in the Maldives. He had servers in Ukraine, Russia and in the United States. When he was arrested, law enforcement found 1.7 million credit card numbers on his computer.
Mr. Selezney was a hero of sorts in the underground world of cyber crime. His operation was used as a model by other hackers. It took over two years to try him and he was ultimately given a 27 year prison sentence. This is believed to be the longest sentence ever given for hacking. Roman Selezney is only 32 years old so will likely be healthy enough to serve his entire sentence, being nearly 60 years old when released.

Moral of the Story
Hackers beware. Governments and corporations have broad reach and deep pockets. They now realize that hacking is no longer a prank and see it for the sophisticated criminal organization that it is. The Selezney case has set a precedent. You might be elusive but governments and corporations will track you down like a dog. When you are caught, you will be handed the most severe prison sentences allowed. Further, those sentences are getting longer as the legal community comes to understand the true nature of these crimes. Unless you like the color Orange, find another business.

Posted: 26/05/2017 15:40:24 by Network Critical with 0 comments

One Throat to Choke


Systems Integrator: One who integrates systems. (Just kidding). However, this simple and obvious tongue-in-cheek definition tells an interesting story. Systems integrators (SI) build computing and networking systems for clients by combining hardware and software products from multiple vendors into a single working system. While the term can be used in many other industries it is most commonly used in the computing industry.

By bringing together different sub-systems into a single operational system, the SI ensures that those subsystems from a variety of different vendors will function together (in peace and harmony) as a single coherent system. Why is this important?

It’s Complicated
Let’s look at the example of building a Data Center (DC). The components involved include routers, switches, firewalls, servers, data storage, racks, AC and DC power devices, wiring, connectivity and visibility equipment, environmental equipment (cooling), raised flooring, physical security, cyber security, software and applications, and likely other components that I did not think about. Now, there are many competitive vendors providing an array of specialized equipment for each of these sub-systems. Each vendor’s design has advantages and challenges. The DC designer must develop a plan and pick vendors that are most likely to fit into the plan.

Vendor selection alone is a daunting task. It involves many meetings with sales and engineers from this vast pool of potential vendors for each piece of equipment. Decisions must be made regarding features and functionality of the each piece of equipment being evaluated. Further, each piece must also be evaluated regarding is relative position in the network and its compatibility with other equipment under consideration creating a very large and complex matrix. Next up is determining who in the organization has the competence to evaluate all the piece parts.

Specialist vs Generalist
It is easy to see from the above list that product evaluation and compatibility review is a daunting task. The DC designer must be able to map out the master plan but also be an expert in every piece part in the design. This is not likely, so what are the alternatives. The DC designer will need to develop and lead a massive team of experts to evaluate individual pieces and submit sub-system designs for integration into the master plan. This can be accomplished by direct hire, subcontracting individual consultants or hiring a Systems Integrator.

Have Specialists, Will Travel
There are many Systems Integrators available in many industries, including technology. For the purposes of our discussion, lets continue with the DC design. Systems Integration is all about having the specialized resources in place and being able to draw upon those resources in a timely manner. This allows the right specialists to be available when needed and not sitting around wasting resources when other aspects of the design are in play.

The larger SI companies employ an army of specialists from which they can draw at the appropriate time. These specialists usually work on many projects at the same time so they are always busy but bill according to the time spent on each unique project. This allows the DC designer to have the specialists they need at the time needed and only pay for their time working on the project.

Loyalty to the Client
While Systems Integrators have relationships with many vendors, their loyalty is to the client. The SI specialists learn many products within their specialty and attend trainings often organized by various vendors. Their prime mission, however, is to understand the needs of the client and what product is the best fit for the system being built.

Individual product vendors can be evaluated by the DC designer and staff. However, these presentations are often biased by the strengths and weakness of the individual vendor product. The vendor presenters also may not be familiar with the other products that will be connected to theirs. By relying on an independent third party for vendor selection the client has a high probability of success using experts with a systems focus beyond expertise on a specific product.

The Systems Integrator generally assumes end to end responsibility for project success. So, rather than chasing vendor tails and dealing with finger pointing round robins, the Systems Integrator contract offers a single point of contact for project support. Put another way, when something goes wrong, you have one throat to choke until the problem is solved.

Final Thoughts
There is no single “best practice” for designing complex computer, network and security systems. Todays blog takes a look at one idea which may work well for certain projects. Other practices such as individual vendor analysis by consultants and Web research, relying on local VARs who represent a variety of products and sub-systems, complete in-house project staffing for the necessary product and systems analysis or any combination of the above. Each project needs to examine complexity, resources, timing and desired outcome before picking a project team. For more information about project support options and independent specialist recommendations go to support@networkcritical.com.

Posted: 12/05/2017 14:24:56 by Network Critical with 0 comments

Losing by Default


In sports if one team does not have enough players to field a team they lose by default. In a court of law, if the defendant or the plaintiff does not show up they lose by default. This is the easiest win for the victorious party. Not a drop of sweat was produced. There was no risk of injury or embarrassment. The only thing the victors had to was show up and they get to notch a “W” on their record or take home the trophy.

This is also the most disappointing loss for the party on the other side. They may have had other priorities. They may have forgotten the date of the contest. They may have been stuck in traffic. No matter the reason, they still lose. In amateur sports the loss is mostly pride and bragging rights at the local pub. In court, the loss could be costly in property or currency. In many cases, the loss could have been prevented had the loser been more diligent in managing their calendar or more focused and committed to the contest.

What does this have to do with cyber security or data breaches? The moral of this story is that cyber criminals are being handed default wins every day. They must be saying, “I can’t believe how easy this is!” It is easy because those in charge of safeguarding their critical network infrastructure and its contents are not as focused, diligent and committed as they could be/should be. Here is one important example that is exploited often but is easy and inexpensive to fix.

Default Username and Password
Default username and passwords are used by manufacturers to allow initial access to system hardware and software for the purpose of initial configuration or to restore after resetting the system to its factory default settings.

A Tripwire study concluded that 30% of IT professionals and 46% of users do not change passwords from the manufacturers default setting. This is a dangerous practice as all of the manufacturers default settings are available on the internet to anyone who knows how to search “default settings!”

What is worse is that these initial user name and password settings generally provide full administrative access privileges. This means that with these passwords the hacker will have total access to the system, be able to change settings IP addresses.

An Interesting Conundrum
Computing and networking is no longer the singular domain of the IT department. With BYOD, multiple device access, and a panoply of applications running in the business world, network access is the required of nearly every worker. So, the company that believes the network is secure because the IT department is skilled and savvy is wrong. Every employee who has access to email, web and other corporate applications needs to be educated on network security protocol and be diligent with their access privileges.

Changing from default settings to a strong user name and password immediately upon accessing any new device is a critical step in keeping hackers our of the network. The conundrum is this…a simple password is easy to remember, easy to enter and, therefore convenient for the user. A strong password is hard to remember, difficult to remember and a pain in the backside for the user. So, what will the typical user do when forced to create strong passwords? They will write the password down on a post it note or enter it in the notes section of their device. In other words they will make the password easy for hackers to find. Thus the strong password now becomes a weak password.

Solutions?
There are password technologies such as Single Sign On and LDAP that can assist users with access while providing strong password protection. Network security training on a consistent basis with all employees (not just computer related functions) is another important step. Employees need to understand that strong passwords are inconvenient but necessary and entering passwords in notes, pretty much defeats their purpose.

Regardless of password strength, changing from the default password to a new, unique password is still better than taking no action. No one should allow a globally published default password to control access to the corporate network.

Final Note
Regardless of how good your password policy, how hard you train employees, and how severe of the consequences for policy violation, there will be a sub-set of employees who opt for the convenient rather than the secure option. It is important for networks to have perimeter network protection such as Next Generation Firewalls with Intrusion Prevention, Data Loss Protection and other access security appliances protecting the network.

Posted: 28/04/2017 14:49:12 by Network Critical with 0 comments

Enter The Drag-n


Do you remember the 1973 Bruce Lee movie Enter The Dragon? The movie opens with a martial arts competition. The competition is fierce and brutal. During the competition, our hero discovers a dark underbelly of unsavory activity. As the fight to clean up the mess progresses, more and more challenges confront the good guys. The stakes are high and there is no room for failure.

This scene may also sound familiar if you have ever tried to deploy security or analysis appliances with TAPs using Command Line Interface (CLI) or a typical GUI with a hierarchical structure. At first, things don’t seem so bad. Perhaps you are attaching a sniffer to look at email traffic. No problem. You enter the string of commands to filter all traffic except email, connect the appliance, and done. Everything is working well until your boss comes in and says, “We need to monitor web traffic more closely.” Then he comes back in a half hour and says, “I am concerned about ransomware vulnerability. We also should add on some Data Loss Protection and Intrusion Prevention Systems. Complete network security is our top priority!”

You call your local VAR and purchase some of the best performing security appliances. Now, it is time to deploy and you realize you have already filtered out all the traffic downstream from the email analysis device you just installed. Now, none of the new appliances can see any of the packets they need to do their job. No problem, just reprogram the TAP.

This is where things become very interesting. With hierarchical devices, once you have filtered certain types of packets, you can not get them back. So now you have to take all your appliances and write a detailed mathematical plan. What appliances need to see what packets? Then create the hierarchy so that packets that are filtered out early are never required by another appliance downstream. Also, you don’t want to send too much information to the upstream appliances reducing their efficiency. This is a difficult and time consuming task that gets more complex as more appliances are needed.

You are smart, however, and work your way through it with a well thought out and very detailed filtering and port-mapping plan. After you deploy it and test for accuracy you will find some issues where you have blocked data that should have been passed. You re-write the plan and fix the bugs. Turn it all up and it works! As you are celebrating with a half-caf latte, your boss comes in and has an idea. “Here is a data sheet on a new appliance that actually learns traffic patterns and can help prevent attacks before they cause network damage. I want you to add that to our security stack.” You suddenly realize that you have to re-write your filter and port map plan from the beginning because the hierarchy must be pure end-to-end.

Enter the Drag ’n…or Drag-n-Vu™ that is. Network Critical has defeated the dreaded hierarchy. Through years of brutal research and development, Network Critical engineers have created a TAP and Packet Broker deployment plan that does all the math for you in the background. This new program provides independence from complex hierarchical commands with the simplicity of drag and click mapping.

With Drag-n-Vu™, there are no commands. There is no hierarchy. Instead, there is a clear visual map of the ports. The network administrator simply decides which network tool plugs into which port, then drags the cursor from the input ports to the output ports. Filters are simply created and stored so they can be dragged and dropped to whatever port combinations are needed. Best of all, the filters are independent. For example, if http traffic is filtered out in map number one but required in map number two…no problem. Different traffic types can be filtered and reused anywhere in the process and as many times as needed. This ingenious new development not only simplifies deployment planning and installation, it also allows for simple and fast changes. In the tech world, changes happen quickly so it is critical to be able to be able to adapt to changes with utmost efficiency.

Drag-n-Vu™ also improves accuracy, reducing the potential for mapping errors that can drop links or create bottlenecks. With simple drag and drop deployment, it is easy to see what traffic is going where so the plan is deployed with complete confidence the first time. In fact, the process is so simple, it actually can be managed by network administrators, freeing up engineers for other more complex tasks. This saves OPEX in a budget-conscious world.

Since the entering of the Drag-n-Vu™ by Network Critical, the dark and looming menace of hierarchical port mapping and filtering has been defeated. The bright and colorful graphical user map from Network Critical is the bright star of security and appliance deployment. You can see the trailer to the Drag-n-Vu™ movie at www.networkcritical.com.

Posted: 12/04/2017 21:10:52 by Network Critical with 0 comments

March Madness


Welcome to March Madness. In the United States, the major colleges engage in a 64 team single elimination basketball tournament. The teams are assigned to brackets early and in March and many Americans fill out their own version of which teams will progress and which will fall away.

As the tournament progresses, fans need to follow the bracket changes and root for their favorite teams. This is done day and night throughout the month meaning that work time is also used to update brackets, manage office betting pools and actually watch games. With games now being multicast across a variety of devices it is easy to watch any team at any time. The estimated productivity loss for U.S. businesses during the month of March is about US$2.1 billion.

Another form of March Madness that is expensive to U.S. businesses is data theft. This cyber crime takes on many different personas but distracted employees are a favorite target. On March 2, 2017 NSC Technologies Worldwide was breached by a phony email scheme and employees sent the W-2 tax forms of all the company employees to the hackers. The W-2 form contains important personal information for each employee including wages and social security number. This information can be used by cyber criminals to file false income tax returns in the names of these employees and have the refunds sent to false bank accounts.

March, 2015 Morongo Casino among others fell to this scam. March 2016 the Main School System, Sunrun, Sprouts Farmers Market, Seagate Technology among many other firms were targeted. In fact this W-2 phishing scam is growing by 25% according to the Vice President of Data Breach at Experian. Why March? Because that is “tax season” in the US when employees are compiling their income data and forms to file with the Internal Revenue Service.

Here is what happens. The hackers sent phony emails to employees that looked like they came from the CEO of the company. The CEO, in the email, asks the employees to download a file with all the employee W-2 forms and send it to him immediately. Of course, the email was not really from the CEO so the employees who thought the email was real, sent all the W-2 information to the hackers.

Now, if you think about this scam you wonder. What were these employees thinking…or, were they thinking? There are two solutions to this problem. One is technical and one is personal.

Personal

I you work in Payroll compiling employee data and filling our forms, how often do you get emails from the CEO? How often does he ask you to send him information for which he already has full access? What on earth would the CEO of the company want with the W-2 form for every employee in the company? If employees would just use a little common sense and think about these requests, it would be pretty obvious that this request, at a minimum, should be vetted prior to being executed. Further, why do these payroll and finance employees have download access to all the W-2 files in the company? This leads us to the technical part.

Technical

There is no substitute for hiring smart, inquisitive employees. There is also no substitute for continually training all employees in computer safety, security and how to recognize potential scams. All employees should also be given safe email policies and procedures to follow.

But there are technical solutions to network security that should also be investigated, budgeted and deployed. One particular solution that fits in nicely this March tax scheme is Data Loss Protection (DLP). Data Loss Protection appliances connect to network links and allow policies to be set for what data can be downloaded, to what devices and who has download privileges.

For example, a social security number has the format xxx-xx-xxxx. A company can set a policy in the DLP appliance restricting any data with this unique format from being sent to certain devices. This appliance deployed with the proper policies could eliminate the possibility that employees could inadvertently send this critical information to outside requestors regardless of who they thought they were.

Now these appliances also need to bp connected in-line and work real time on the network. In order to set up DLP appliances and not impact network availability or reliability, intelligent TAPs should be deployed as the connection between the DLP appliance and the network link.

Summary

Hire inquisitive employees, not drones. Set prudent email communication policies and train all employees in policy and consequences. Deploy technology to prevent embarrassing and expensive breaches. The cost of robust network protection equipment and employee training is far less than enduring the embarrassment and expense of remediating critical breaches.

The teams that will survive the early rounds of the tournament and play in the “Final Four” will be the teams with a good game plan, smart players and strong defense…and the team that wins it all will also have a little luck as well.

Good luck on your brackets!

Posted: 30/03/2017 15:18:43 by Network Critical with 0 comments

What's the Worst that could Happen?


That question could be aptly described as the modus operandi for almost every security professional I know. But today, ‘fearing the worst’ has begun to creep beyond the realms of hypothetical scenarios and is far closer to a real, meaningful possibility.

We all know why cyber-crime has earned its place on the political agenda and why the threat of cyber warfare on a global scale is also enjoying its share of headlines. In some ways, it’s reassuring that the potential threat of a devastating attack has the visibility it needs. It’s been a long-time coming.

My main concern is that the common tone of the debate suggests that it’s tomorrows problem; in reality, the size and scale of the threat is too big to dismiss.

Virtual doomsday

And for all we know, our ‘virtual doomsday’ (when it all hits the fan), may not be in amongst clear political turmoil. It could just turn out to be an ordinary day.

Before you even have the chance to shower or grab some breakfast, one arbitrary glance at your phone to check your various social networks or news channels could notify you that they are all being held to ransom by denial of service.

With exception of course, to one dedicated channel which tells you that we are being attacked on a national scale.

Then you go to switch on a light, only to realize that the electricity supply has also been compromised and your local grid has been taken down. You’d like to make a pot of coffee to give yourself a sense of calm but the one remaining controlled newsfeed also tells you that there may have also been a chemical attack, so using the water supply could also be a bad idea.

By this point, you’ll probably have realized that it’s going to be a long day in the office and an even longer one if you represent our military forces. Our highly-networked U.S. Defense system has turned out to be a double-edged sword that (if an attack is well-timed or undetected) could do us as much damage as we could do to our enemies.

And with the potential for our combat systems to be affected, there’s a lot more at stake than being able to check your timeline.

With all this disarray, you may figure that there is strength in numbers, so you decide to brave-it and head into work, but the trouble is all public services have also been affected. The entire subway network is disabled, the roads are gridlocked in panic, gas stations are depleted and all airports are on high-alert because air traffic control has also been compromised.

On the one hand, you could dismiss this as a weak sequel to the Die-Hard series. On the other and in the cold light of day, it is well within the realms of possibility.

Strength in sophisticated numbers

If you take-into-account real-world attacks, that have included the ceasing of US Military email used by joint Chiefs of Staff, it shows how easily we are potentially brought to our knees in panic.

History says the bad guys like to hit us where it hurts and the devastating capability of cyber-attacks is only gaining strength.

One clear area where we can marginalize our risk is by beginning to share best practice more proactively and by bringing ideas to the table that instigate change for the better.

We may be increasing our ability to react in the event of an attack, but in order to go toe-to-toe with the bad guys, we need to diversify our approach and share ideas within what is, without exception an industry awash with intelligent, forward-thinking professionals.

The worst thing that can happen has become a possibility - the best thing we can do is to outsmart, outpace and outmaneuver; and that needs proactive ideas, followed by action.

You can join my closed-door LinkedIn Group – ‘The Cyber Defense Forum’, here.

Posted: 30/03/2017 13:18:10 by Network Critical with 0 comments

It's a Mod Mod World


With apologies to William Shakespeare, “To be (modular) or not to be (modular). That is the question.” Many network products from TAPs and Packet Brokers to security appliances and switches offer varying levels of modularity in their design. The associated advantages and risks with each design approach make for an interesting discussion.

Modularity The primary advantage to a modular design is flexibility. A product that is designed with groupings of ports in modules is a chameleon. A single chassis can support a variety of applications, speeds, media and connections. After the initial design, when needs and/or speeds change down the road, a complete system change is not usually required. One can simply replace one module with an different version to accommodate the new requirement.

A modular TAP is a good example. TAPs are used to efficiently connect security and analysis appliances to network links. TAPs offer secure and fail safe tool connections so network managers can protect, analyze and enhance network performance. However, many networks have a variety of physical connections, speeds and media throughout the network. Modular TAPs embrace a variety of connection requirements by making standard modules that fit in a single chassis. This way multi-mode fiber connections, single mode fiber copper connections, 1Gbps connections, 10Gbps, can all be accommodated by a single chassis.

This design also simplifies power requirements. Rather than racking up a number of different chassis each with its own power requirement, a single modular chassis can be racked and powered using different modules as required.

Another benefit is growth accommodation. Since the chassis is usually the least expensive component in this design, managers can deploy a larger chassis than what is currently required and add ports as needed down the line for growth.

Reliability is another consideration. While the design of a modular system may be very reliable, modular systems have more opportunity for human error by improper insertion of modules damaging connectors. Once everything is installed and connected, modular and fixed systems have similar reliability results. So, with proper training and care, modular systems can closely match reliability of fixed systems but human error must be more closely managed.

Modular systems add a little to manufacturing costs because there are more components and a more complicated design than a single use fixed platform. This extra cost may be mitigated by the benefits noted above. Over the long run, total cost of ownership may actually be lower than a fixed system.

Fixed Systems Even though modularity has many benefits, fixed systems have a place in the network equipment market as well.

Fixed systems are cheaper to design and manufacture. There are fewer connection points and fewer components needed to perform the required function. So, if the application is fixed and not expected to grow or change, some budget money may be saved using a fixed configuration system.

Reliability is generally good with fixed systems. There are fewer components and connectors that can cause problems. The installation and deployment functions are usually simpler with fewer opportunities for human error. Not that I say fewer opportunities for human error. We all know that no product is completely “human proof.”

Overall reliability relies on many factors including the engineering and manufacturing quality of the vendor. One of the critical issues with fixed systems is that if the product fails, there is no way to partially fix it. The solution to a failure is usually to return the entire system for repair or replacement. Depending on the criticality of the function, a failure may bring the network down or require severe work arounds until the product can be replaced or repaired. Modular systems, by comparison, may have replacement modules in local stock for simple and fast replacement of failed components.

Hybrids Many systems offer a hybrid solution providing basic port connections augmented by slots for a variety of application and connection requirements. The systems provide the best of both worlds in flexibility and growth and also similar, although less critical, problems associated with fixed systems.

There are some cost savings by integrating base connection functionality with the chassis. If the base configuration fits your needs this solution can be attractive. The extra slots, if flexible in speed, connectivity and media can provide for easy management of growth and network changes. Problems with the connections in the integrated base chassis may still require a system change but problems in the modules may be easily mitigated.

Conclusion The conclusion here is that “it depends.” There is actually no right or wrong solution when it comes to the fixed vs modular discussion. Like many other design issues, your specific requirements will guide the decision. It is important to look at all options in relation to what you are trying to accomplish and available budget.

The message here is that there is no substitute for thorough, thoughtful and meticulous planning. Chart our your needs for speed, media, connectivity, reliability, future flexibility, growth and cost. Search out a vendor that provides the solutions that meet your requirements grid.

Fortunately, companies like Network Critical offer solutions that are completely modular, completely fixed and hybrids. You will find a wide variety of network monitoring solutions in the Network Critical portfolio supported by a team of experts to help you develop and support your specific network needs. For more information or to talk with a network monitoring expert go to www.networkcritical.com.

Posted: 17/03/2017 13:44:07 by Network Critical with 0 comments

Is America Dreaming?


We may be one of the most (if not the leading) technologically advanced nations in the world. But I can promise you this:

It’s highly likely we’re not as prepared as we think we are.

Just this morning, I read an article that suggested our country is the most appealing target for cyber criminals. This targeting of our systems and infrastructure is not just because of our wealth and wide access to technology. We are also targeted for our ideological views as well, a factor which I believe is the most vital factor in the war on virtual crime.

While we’re left picking up the pieces after the latest cyber attack attack, the criminals are already planning their next 3. It’s almost impossible to prepare ourselves for the latest threat, because exactly what that threat is stretches beyond definition. The constant process of evolution and refinement based upon how successful it is, is never ending, making what we’re fighting against hard to pinpoint.

I know this. You know this. Our community knows this, and yet, the majority of our industry is still far too reactive.

And with the stock markets consequently suffering a sobering loss of $136.5 billion in value back in 2013 because of a fake tweet from the Associated Press (accessed via a successful spear-phishing email opened by an Associated Press journalist), it has become clear that there is a lot more at stake than our pride.

Despite our collective experience, most of us are already on the back foot; I appreciate not everyone in the community will agree with me given our marked progress in recent years, but can we really afford to risk complacency? The phishing attack intended to influence Iran’s most recent presidential election proves that national infrastructures are being lined up and told to face the wall; you don’t need me to tell you our country’s safety is at risk..

Sharing is caring

Just because they’re getting increasingly smarter however, doesn’t mean we’re forced to simply wait and scramble to repair the damage whenever they choose to attack next. On the contrary, we should be fighting fire with fire.

Let’s face it, cyber criminals aren’t the type to retreat when they fail, and they certainly aren’t the type to rest on their laurels once they succeed.

They’ll be collaborating, sharing which approaches have worked (as well as which haven’t) and they’ll have started planning their next attack before long. In fact, it’s probably what they’re doing right now, and we’d be foolish not to explore the possibilities of using a similar approach.

They’re working together and discovering new methods of best practice, so we need to start working together.
They’re sharing previous experiences, so we need to start sharing experiences.
It’s not a matter of being extra secure. We no longer have a choice.

We’re dealing with an ever-evolving enemy which presents consequences which no longer just affect us. With our national security on the line, we can’t afford to simply win today’s battle and ignore tomorrow’s war.

The private LinkedIn forum I recently created isn’t the sole answer to all our problems, but I believe it’s a step in the right direction. By bringing together like-minded individuals to discuss how we’ve overcome cyber-attacks and what methods of defense have paid off, as well as the future of our industry, we can turn the tables and put the cyber criminals on the back foot.

It’s time we stopped talking about the latest high profile cyber security breach, and started making moves to prevent them from happening. If you’re on the same page, then click through below and get involved in combatting the criminals threatening our virtual security.

Posted: 16/03/2017 19:37:12 by Network Critical with 0 comments

Moaning and Droning in the Asia Pacific Region


The Asia Pacific region has had a particularly difficult year when it comes to cyber crime. According to Security Asia, some of the high profile attacks in the region include cyber attacks on the database of 55 million voters at the Philippines Commission on Elections, the National Payment Corporation of India, the Bangladesh Central Bank, and massive data leaks as shown by the Yahoo data incidents. This small sample includes attacks on the financial industry, government and technology.

A Frost and Sullivan’s 'Asia Pacific Cyber Security practice' reports that Singapore lost about US$19 million through Business Email Compromise (BEC) attacks during the first nine months of 2016. Growing at 20% YoY, this type of cyber crime is predicted to overtake Ransomware in 2017. The report goes on to speculate that BEC attacks can potentially become the main type of cyber threat in Asia Pacific.

We know that DDoS attacks have become a menace and are being enabled by the growing global popularity of IoT and its corresponding lack of device security. Internet attacks accomplished by creating huge volumes of traffic from thousands of unsecured, connected devices such as traffic cameras have the potential to shut down urban intelligent transport systems, airport traffic control systems and other critical infrastructures.

Cyber attacks including BEC, Ransomware and DDoS attacks are growing and becoming a big business in APAC as well as other regions around the world. Many areas in the APAC region that are technologically advanced are actually more vulnerable due to the volume of connected devices and systems. Intelligent transit, WiFi and WiMax, digital street surveillance, web enabled government services are all great conveniences to local populations. However as the population adjusts and learns to depend on these new technologies, they become more vulnerable to attacks.

One of the newer cyber attack modes is using drones to scan for unsecured WiFi networks. Singapore University of Technology and Design has demonstrated that it is possible to launch cyber attacks using only a drone and a smart phone. As drone technology develops and improves, the criminals will certainly use it as another tool in their criminal arsenal.

So, there is no shortage of scary stories about cyber crime and its potential for mass carnage against large populations. The question is what are we going to do about it? Whose responsibility is it to protect us from this devious and largely anonymous threat? The answer is ours.

Governments must increase information sharing and cooperation. Laws and enforcement agencies must work hard to catch up and keep up with this fast evolving threat. Device makers must design security measures into connected equipment. Sure, yes, and absolutely for all those ideas. However, right here, right now in the Asia Pacific Region, businesses and individuals must be educated and vigilant against these crimes.

Business networks need to establish and enhance their cyber security departments. Security budgets must expand to include the introduction of new appliances that help anticipate attacks by learning normal network patterns and isolating anomalies.

Appliances such as Data Loss Protection, Intrusion Protection and Next Generation Firewalls must be deployed through independent TAPs on network links. Other specialized appliances should also be considered for specific vulnerabilities. There are appliances that will isolate all emails with an attachment to a “sandbox” and test the attachment for malware prior to sending it on to the recipient. This is a potential defense for BEC attacks. It is always prudent to regularly backup and store critical data off-line.

TAPs and Packet Brokers can help manage the maze of specialized appliances by allowing fail-safe connection to links, mapping what data goes where, and filtering out packets and ports that are not relevant to each appliance. These security devices simplify deployment and make it easy to make additions and changes to your security stack as new technologies advance.

So, don’t moan about the drone. Enhance your security profile, educate your employees, and deploy strong defenses to block breaches rather than repairing the damage after a devastating attack.

Posted: 10/03/2017 15:15:10 by Network Critical with 0 comments

Network Critical Moves USA Headquarters


Network Critical, a global innovator of network access and visibility products, announced today that they are moving their USA headquarters in Alpharetta, GA. The move will enable an increase in support and services to their growing customer base in The Americas: North, Central and Latin America and the Caribbean.

Alpharetta is known as the Technology City of the South, and for good reason. Over 77% of the workforce is employed in professional/technical positions. Major global tech companies such as HP, Microsoft, Lancope and Verizon have a significant presence in the area. Further, companies can draw talent from outstanding universities such as Georgia Tech, University of Georgia and Georgia State University among others. Alastair Hartrup, CEO of Network Critical said, “We are now very familiar with the rich talent and activity which surrounds Alpharetta. The new move will ensure that our relationship with the local tech industry remains strong, whilst allowing us to extend the global reach of the produts and services we provide.”

The new office address is:

Network Critical NA LLC.
3755 Marconi Drive
Suite 107
Alpharetta
GA 30005
USA

About Network Critical:

Network Critical is an industry leader in network access technology. Our technology ensures 100% continuous network visibility. Network Critical products eliminate any concerns of downtime and scale easily as the network grows. The health of your network is always secure with Network Critical products. Our range of TAPs and Packet Brokers are used with IDS, IPS, network traffic monitoring tools, sniffers and more, to provide 100% network visibility with zero packet loss. For more information, visit http://www.networkcritical.com.

Posted: 02/03/2017 17:05:06 by Network Critical with 0 comments

Something Needs to Change


Before I weigh in with my two cents worth, I’d like to share a personal experience. Way back in spring 2006, I was awarded a contract to assist the Department of Transportation as they worked to submit the required systems Certification and Accreditation to OMB.

It was a tall order, but nonetheless I looked forward to the assignment; I assumed the only downside would be the pages of Government paperwork that I was required to submit before I could even step inside DoT headquarters. In order to obtain my ID badge, I had to provide personal details not just about myself, but my family and friends as well.

Fast forward to summer 2015, when OPM notified me that their database had been compromised; as many as 21.5 million individual records had been stolen and there was a “strong possibility” that the personal data included in my DoT paperwork was amongst them. Now it’s fair to say that this ‘strong possibility’ wasn’t an absolute certainty. But given that my family and close friends information was stolen as well as my own, let’s just say that I wasn’t very open to considering the ‘possibility’ that my data had been untouched. Would you have been?

Sure, I’ve since been offered a prepaid subscription to an identity theft monitoring program, but let’s be candid. That’s the virtual equivalent of deciding to install smoke detectors in your home, after it’s been burned to the ground. Taking steps to protect the people you’re responsible for, only after they’ve been compromised, means you’ve failed. It’s that simple.

I’ve since heard that OPM has introduced two-factor authentication as a common working practice since the incident. But given that’s a feature found on most iPhones, why did it take so long for a Government department to implement it as a basic security measure?

No matter where you stand politically, no one can deny that we share a mutual concern; virtual criminals are becoming increasingly sophisticated by the day, so a level paranoia comes with the territory in the Public Sector. What continues to alarm me is that we’re all seem to be victims waiting for the next headline to hit. We are so preoccupied with fixing the destruction caused by the last attack we didn’t see coming, that we don’t have time to be proactive about preventing the next one.

There tends to be a reliance on assumptions and ‘what we know’. But given the increasingly unpredictable and unparalleled nature of these attacks, is what we know good enough anymore?

With far more exciting targets such as the NSA and the Pentagon, I for one would’ve completely dismissed anyone who predicted the possibility that a Government agency such as the OPM would be targeted, and I’m willing to bet I’m not the only one.

Back in 2011, Iran admitted to overriding and taking control of a US drone and amazingly, the story once reported seems to have disappeared from our minds. Clearly, the political and military consequences were discussed but surely there should be more time committed to asking “if a drone can be hacked, what else can?”

We need to consider the far-fetched, worst-case scenario given our current climate. If a drone can be overridden, who can absolutely guarantee the same wouldn’t happen to a plane with a pilot onboard? Is a commercial air traffic control tower just as at risk of being compromised as the OPM? Are similar, low visibility departments at risk, like the Department of Veteran Affairs?

More recently the Chinese military unveiled their latest fighter aircraft the Chengdu-J20. The aircraft bears a striking resemblance to our F-22 advanced fighter. Anyone who has seen the J-20 can’t dismiss the fact that somehow the Chinese were able to hack into either a DoD or subcontractor network and steal proprietary specifications and designs for the F-22. Fortunately stealing the designs appears to be a simpler task than duplicating the sophisticated technology that provides the F-22 pilot the ability to see and fire upon enemy aircraft even if the enemy is behind them.

Fighting fires once the damage has been done is an all too common practice. But as for best practice? That comes with discussion, sharing our experiences and bouncing ideas off each other - and I’m not referring just to our world and industry leaders.

It’s time we took a more proactive role in actually preventing the constant threat of cyber criminals that we face daily, instead of simply waiting for the latest breach to make the news, and reacting to it.

For an industry that operates in the background to ensure our information is protected, we’re being caught in the headlines way too often, and for the wrong reasons.

Sometimes it’s on a global scale, sometimes it’s personal. But one things for certain, something needs to change.

Last week I created a LinkedIn closed group to bring together informed, like-minded people who want to take a different, more proactive approach to combatting cyber security.

The group isn’t designed to be a passive, voyeuristic forum. Its purpose is for those that want to come to the table with strong ideas, share best practice in a trusted environment and are ready to hit the issues head-on together.

That way, we have a fighting chance of preventing more disastrous headlines.

You can join ‘The Cyber Security Forum’ here.

Posted: 01/03/2017 03:38:45 by Network Critical with 0 comments

The New Battlefield: Cyber Space

Cyber warfare is real. It is happening now. In fact, while you are reading this blog, government and corporate cyber resources are under attack around the globe. Here are a few recent examples:

Department of the Navy - Hacked through contractors emails. 134,000 sailors have had their personal information and social security numbers stolen. This information will likely be sold for the purpose of identity theft. This is not just stealing information to make credit cards and buy stuff on a fictitious account. This hack is more. This is cyber warfare. This hack is compromising the families and distracting the focus of service men and women in the Navy.
National Security Agency - Hacked by the Shadow Brokers. This group actually hacked a hacking group within the NSA called the Equation Group. According to Kaspersky Labs, the code that was leaked by Shadow Brokers is used by Equation Group for its own hacking and decryption operations. This is real spy vs spy stuff but it is all done behind the cyber curtain. Today it is code vs code.

People’s Liberation Army Unit 61398 is a division of the Chinese military that is dedicated to hacking corporations and governments around the world. A report by computer security firm Mandiant provided detail on this organization and, after many diplomatic denials, the Chinese government actually confirmed the existence of the group.
The CIA and FBI have confirmed that Russian hacking groups have been very active in trying to influence the outcome of the 2016 United States election. Congressional investigations are being organized to gather more detail on the scope and influence of these efforts.

Following is a quote from former US President Obama on the subject: “America’s economic prosperity, national security, and our individual liberties depend on our commitment to securing cyberspace and maintaining an open, interoperable, secure, and reliable Internet. Our critical infrastructure continues to be at risk from threats in cyberspace, and our economy is harmed by the theft of our intellectual property.”

Cyber warfare is our biggest threat today. It is more effective than blowing up buildings and roads. It is more effective than killing and capturing opposing forces. It is the warfare of the 21st century. It is warfare that captures minds and hearts, not just bodies. The new bombs are fake news, leaked emails and violent propaganda. The United States spends hundreds of billions of dollars on new fighter jets, bombs and automatic weapons. Yet, the Marine Corps database, managed on contract with HP, was not secured. This is what allowed SQL injection breach to the Marine Corps Intranet by the Navy hackers noted above.

The latest budget proposal from Obama significantly increases the federal spend on cyber security to $14 Billion. While this is good news, the United States cyber security spend is still a tiny fraction of the overall military budget of almost $600 Billion. Imagine the future potential if the military budget included $2 Billion dollars of scholarships to West Point and Annapolis for promising students to study cyber security and cyber warfare. Imagine the potential of funding $1 Billion in research into cyber warfare initiatives. These should be the budget priorities of the future.

For the time being, however, it is also important to recognize and act on the urgent need for vigilant management of network security profiles, continuous training, and permanent monitoring and management with tools that are available now.

Tapping links and utilizing Firewalls, Intrusion Prevention Systems (IPS), Data Loss Prevention (DLP) and other threat landscape reduction tools are a promising start to deterrence of debilitating breaches from foreign governments as well as domestic hackers. Packet Brokers are capable of providing simplified connection of multiple security tools. These devices allow mapping of data flows to specific tools and provide fail-safe protection to the network in case one of the security tools goes off line. Further, tools may be connected redundantly for maximum security without compromising network availability.

Cyber warfare is the new battlefield. It is quiet but effective. It is hidden from public view but very much a public threat. We have some good tools to fight it now but must up our game for the future. Military investment must maintain our traditional fighting forces but must also support a rapid transition to fighting a new type of war.


Posted: 21/02/2017 16:54:58 by Network Critical with 0 comments

Why Network Critical Loves RSA


The first full day of exhibits at the RSA Conference opens on February 14, 2017. There will be many very smart men and women roaming the aisles, talking to experts and learning about the latest advancements in cyber security. Network Critical will once again have a presence at the show talking about TAPs and Packet Brokers, the window to network traffic inspection, analysis and protection.

Before we get into the technical stuff, however, I will remind you to be sure to call home this evening! I know that it is easy to get wrapped up in the planning and excitement of the event but February 14 is also Valentine's Day. Your spouse, significant other, better half, partner…someone who loves you…is likely at home helping kids with homework, cooking and taking care of home-oriented business. It can sometimes be tough being on the road at certain times but it is also tough taking care of things at home when your loved ones are gone. So, send flowers and call to say thanks for taking care of things while I am away and I LOVE YOU.

This brings us around to thinking about why we love RSA. There are a lot of trade shows around the globe all year long. RSA, however, is uniquely focused on cyber security and it is located in the global heart of cyber technology. The Silicon Valley is birthplace of solid state technology, The Intel 8080, ARPANET, Internet, the Mouse, GUIs, Ethernet and many other technological firsts.

So, now here we are at the RSA Conference, where the world talks security. A few of the seminars available include Securing the Converged Cloud, Advanced Information Risk Practices, Ransomware, Security Foundations and many more. One of the speakers on the Monday agenda will talk about Analytics, Intelligence and Response which brings us to the actual point of this blog. Why does Network Critical love RSA?

When we talk to security engineers, network managers, IT directors we hear that they are interested in learning more about advances in TAP and Packet Broker technology. It is not that they have never heard about TAPs. It is not that they are not up to date on the industry. It is often that they do not associate TAPs with cyber security. Many believe TAPs are physical. TAPS are for testing. TAPs are for diagnostics. TAPs are for trouble. This is all correct but TAPs are more.

Many security experts still do not recognize the importance of permanently connected, fail safe visibility for all security appliances. So, here at RSA, we get to share this important message…TAPs are for security. TAPs are non-invasive. TAPs are safe. TAPs help security tools operate more efficiently. TAPs are simple to deploy. TAPs are not very expensive. TAPs are the foundation of your security appliance platform.

We are surprised when we hear that many think that Packet Brokers are the same as TAPs. While some Packet Brokers can have integrated TAP functionality, their primary function is different. Packet Brokers add efficiency and simplicity to more complicated networks of security appliances. They also contribute to the efficiency of connected appliances as well as the reliability of the networks they serve. Packet Brokers are security appliances. Packet Brokers provide the foundation for building a robust security, analysis and performance appliance stack in more complicated networks.

Being at RSA and being in the heart of the Silicon Valley, gives us the opportunity to meet, educate and advise industry experts who will be driving internet security practices for our industry. From the early conferences at Stanford University to the much larger current events at Moscone Center, RSA has always been a conference focused on idea exchange and education over promotion.

We look forward every year to the RSA Conference for the opportunity to share best practices about utilizing multiple specialized appliances for robust, high availability network protection. We look forward to learning from others at the RSA conference so we can continue to improve our contribution to cyber security. For more information or to schedule appointments with our technical experts at the show visit www.networkcritical.com/contact-us.

Posted: 14/02/2017 17:14:30 by Network Critical with 0 comments

Yin and Yang of Buying and Selling


Heat and Cold. Male and Female. Dark and Light. Buying and Selling. Masculine and Feminine. These are all opposing forces of nature. In Chinese philosophy, however, Yin and Yang, which represents these opposing forces, are not exclusively oppositional. There is interaction, interplay and interchange between the two. Although they are in opposition of each other, they are also complementary of each other.

The masculine and feminine, for example, are opposites but they also need each other. The differing qualities of each, compliment each other and are necessary for each to become whole. Buying and selling is prime example of the Yin and Yang of business. The buyer has a need and the seller has a product or service to fulfill that need. There is interplay between the parties. If the proper balance is achieved during negotiation, the buyer receives value from the purchase and the seller receives currency in return.

Many think of the buying and selling relationship as adversarial. When approached correctly, however, it is actually complimentary. Just as the Yin and Yang interact and interplay, the key to a proper buyer and seller relationship is education, interaction and communication.

Buyer, Know Thyself - Being prepared for the process is critical to the buyer. The thought that the buyer should just call a sales person and learn everything he needs to know from that single interaction could be a costly shortcut. The sales person may enjoy that interaction because it potentially gives him the upper hand in creating a scenario that best fits the product he has to sell. The sales person can direct the conversation and influence the buyers position on the key requirements of the buyer. In fact, it is the responsibility of the buyer to know and prioritize his specific requirements prior to the sales conversation. This allows the buyer to better understand how the product that the sales person is presenting fits the buyers actual requirement priorities.

It is also desirable for the buyer to do some preliminary research on potential solutions prior to engaging the sales person. By investigating options from competitive companies, the buyer will have a better understanding of which solutions may be the most beneficial for his particular need. Then, when meeting with representatives from the prospective providers, the buyer will be in a better position to probe about strengths and weaknesses of the various proposals.

Seller, Listen Before You Talk - Taking a quote from Covey Leadership Center’s book about the habits of highly effective people, “Seek first to understand, then to be understood.” Many sellers start right off with a detailed presentation of their product and all the wonderful features that it contains without first asking the buyer about his primary needs. The buyer should actually be doing most of the talking during the first part of the presentation. The seller should be questioning and listening and understanding the needs of the buyer.

More experienced and expert sales representatives may even probe to understand non-product related potential buying motivations. Beyond product features, there may be undertones of politics, job preservation, brand loyalty or other emotional forces at play.

Finally, understand why this purchase is important to the prospective buyer. This question is key to focusing the presentation. The list of features is your menu. No one goes into a restaurant and orders everything on the menu. The sales rep needs to understand what menu items will satisfy the hunger of the buyer and match the meal to the hunger.

Yin and Yang are interactive. Buying and selling are interactive. The most productive business relationships develop around the cooperative interaction between the educated buyer and the interested seller. Obviously, there are many more details and complications in every business interaction. Both buyers and sellers learn with experience and training how to best navigate these relationships. Understanding the basic Yin/Yang philosophy, however, is a great foundation for developing beneficial relationships between vendors and customers.

Posted: 03/02/2017 13:52:39 by Network Critical with 0 comments