Network Critical - The Window to your Network

Hackers! Take Note…


Many of our blogs deal with cyber security. We talk about technical training, user training, passwords, technical advances in cyber protection and many other topics related to network traffic visibility and security. Back in January we talked about the importance of global government cooperation and information sharing as a means to track down sophisticated cyber crime organizations and individuals. We also advocated for new laws and increased penalties for cyber crime.

Cyber crime is no longer a computer geek in a basement stealing a credit card number and buying a new blender. Cyber criminals operate internationally and have developed sophisticated operations using the latest technology and increasingly sophisticated techniques. These organizations prey on corporations, individuals and governments searching for wide ranging information.

Criminal Motives

  • Outright theft of money through bank transfers and account penetration
  • Information theft with the intent of using that information to steal from corporations and individuals
  • Information theft with the intent of embarrassing corporations or individuals
  • Information theft and publication on a very large scale with the intent of influencing public opinion (see: Russian Hacking Scandal)
  • Information theft with the intent of extortion and/or blackmail
  • Information theft under the guise of activism in order to promote a cause (Hacktivism)

Scope of Operations

  • Some hacking organizations are sponsored by governments with massive resources
  • Some organizations are very small or even operated by a single person
  • Regardless of the organizational size, global reach and broad access is easy
  • Physical locations are difficult to trace
  • Cyber movement across boarders is pervasive

With that background, we see that cyber crime is a well organized, well funded and profitable scourge on civil and trusting society. However, government cooperation and commitment to bringing cyber criminals to justice is starting to pay off. Government sponsored anti-hacking organizations are finally putting significant resources behind tracking down these criminals and locking them up…for a long, long time.

Catch and Conviction
Roman Seleznev, a Russian national was convicted in United States court of 38 counts including wire fraud and aggravated identity theft. Mr. Seleznev hacked into point-of-sale devices and stole credit card numbers from over 500 businesses stealing about US$170 million from over 3700 banks. Now, it is easy to see why there were some significant resources behind the tracking, apprehension and conviction of this guy.

Mr. Seleznev was finally tracked and apprehended in the Maldives. He had servers in Ukraine, Russia and in the United States. When he was arrested, law enforcement found 1.7 million credit card numbers on his computer.
Mr. Selezney was a hero of sorts in the underground world of cyber crime. His operation was used as a model by other hackers. It took over two years to try him and he was ultimately given a 27 year prison sentence. This is believed to be the longest sentence ever given for hacking. Roman Selezney is only 32 years old so will likely be healthy enough to serve his entire sentence, being nearly 60 years old when released.

Moral of the Story
Hackers beware. Governments and corporations have broad reach and deep pockets. They now realize that hacking is no longer a prank and see it for the sophisticated criminal organization that it is. The Selezney case has set a precedent. You might be elusive but governments and corporations will track you down like a dog. When you are caught, you will be handed the most severe prison sentences allowed. Further, those sentences are getting longer as the legal community comes to understand the true nature of these crimes. Unless you like the color Orange, find another business.

Posted: 26/05/2017 15:40:24 by Network Critical with 0 comments

One Throat to Choke


Systems Integrator: One who integrates systems. (Just kidding). However, this simple and obvious tongue-in-cheek definition tells an interesting story. Systems integrators (SI) build computing and networking systems for clients by combining hardware and software products from multiple vendors into a single working system. While the term can be used in many other industries it is most commonly used in the computing industry.

By bringing together different sub-systems into a single operational system, the SI ensures that those subsystems from a variety of different vendors will function together (in peace and harmony) as a single coherent system. Why is this important?

It’s Complicated
Let’s look at the example of building a Data Center (DC). The components involved include routers, switches, firewalls, servers, data storage, racks, AC and DC power devices, wiring, connectivity and visibility equipment, environmental equipment (cooling), raised flooring, physical security, cyber security, software and applications, and likely other components that I did not think about. Now, there are many competitive vendors providing an array of specialized equipment for each of these sub-systems. Each vendor’s design has advantages and challenges. The DC designer must develop a plan and pick vendors that are most likely to fit into the plan.

Vendor selection alone is a daunting task. It involves many meetings with sales and engineers from this vast pool of potential vendors for each piece of equipment. Decisions must be made regarding features and functionality of the each piece of equipment being evaluated. Further, each piece must also be evaluated regarding is relative position in the network and its compatibility with other equipment under consideration creating a very large and complex matrix. Next up is determining who in the organization has the competence to evaluate all the piece parts.

Specialist vs Generalist
It is easy to see from the above list that product evaluation and compatibility review is a daunting task. The DC designer must be able to map out the master plan but also be an expert in every piece part in the design. This is not likely, so what are the alternatives. The DC designer will need to develop and lead a massive team of experts to evaluate individual pieces and submit sub-system designs for integration into the master plan. This can be accomplished by direct hire, subcontracting individual consultants or hiring a Systems Integrator.

Have Specialists, Will Travel
There are many Systems Integrators available in many industries, including technology. For the purposes of our discussion, lets continue with the DC design. Systems Integration is all about having the specialized resources in place and being able to draw upon those resources in a timely manner. This allows the right specialists to be available when needed and not sitting around wasting resources when other aspects of the design are in play.

The larger SI companies employ an army of specialists from which they can draw at the appropriate time. These specialists usually work on many projects at the same time so they are always busy but bill according to the time spent on each unique project. This allows the DC designer to have the specialists they need at the time needed and only pay for their time working on the project.

Loyalty to the Client
While Systems Integrators have relationships with many vendors, their loyalty is to the client. The SI specialists learn many products within their specialty and attend trainings often organized by various vendors. Their prime mission, however, is to understand the needs of the client and what product is the best fit for the system being built.

Individual product vendors can be evaluated by the DC designer and staff. However, these presentations are often biased by the strengths and weakness of the individual vendor product. The vendor presenters also may not be familiar with the other products that will be connected to theirs. By relying on an independent third party for vendor selection the client has a high probability of success using experts with a systems focus beyond expertise on a specific product.

The Systems Integrator generally assumes end to end responsibility for project success. So, rather than chasing vendor tails and dealing with finger pointing round robins, the Systems Integrator contract offers a single point of contact for project support. Put another way, when something goes wrong, you have one throat to choke until the problem is solved.

Final Thoughts
There is no single “best practice” for designing complex computer, network and security systems. Todays blog takes a look at one idea which may work well for certain projects. Other practices such as individual vendor analysis by consultants and Web research, relying on local VARs who represent a variety of products and sub-systems, complete in-house project staffing for the necessary product and systems analysis or any combination of the above. Each project needs to examine complexity, resources, timing and desired outcome before picking a project team. For more information about project support options and independent specialist recommendations go to support@networkcritical.com.

Posted: 12/05/2017 14:24:56 by Network Critical with 0 comments