Month: August 2018

The Hack-proof Conceit

Lorin Olsen
John-McAfee-Invites-Hack-Attack
John McAfee Invites Hack Attack

John McAfee and Bitfi offered a bounty to anyone who could hack a Bitfi wallet. After a very short time, John and Bitfi raised the bounty to $250,000.  As of two days ago, a hacker has claimed that bounty. Bitfi (and John) are saying that this was not a valid hack of their wallet. So there is a tremendous disagreement about whether John (and Bitfi) will pay the bounty.

I do think that the hack was successful. But whether I believe that the hack occurred or not is irrelevant. What I do believe is that no system is impenetrable – or “hack-proof”.  Over the past few decades, I have seen every secure system successfully attacked (and usually overwhelmed) by a determined hacking entity. These successes come in many forms. For some systems, hackers have leveraged a software vulnerability. For other systems, attackers have leveraged a vulnerable person. If you don’t believe this, then look no further than the DNC in the 2016 election cycle.

I would say that anyone who boasts in their impenetrability is merely inviting an attack. This axiom should remind us of a few important things.

1. Don’t boast! Pride is a deadly sin.

2. If you can be inconspicuous, then strive to become (and remain) inconspicuous. If you are not a target of a determined person or group, then don’t offer to become a target. For companies like Bitfi, the organization should not make outlandish claims. For you, I recommend that you not boast (on social media) about the things that you own. And don’t tell people when you are leaving your house for a splendid vacation. And for John McAfee, I say that he has exceeded his “best used by” date. Therefore, we need to dismiss him.

3. If you are part of a large group of targets, then be better (and more secure) than the other members of the group. For example, if you have online accounts, then use strong passwords. If you use strong passwords, then use two-factor authentication. If you use two-factor authentication, start using a virtual private network that will obscure your identity.

4. Remember that if you are a discrete target, then a determined hacker will probably defeat you – unless you are an equally skilled hacker. Therefore, make sure that you have a plan for the time when you are hacked. This includes backups. But it also includes a press statement about what you are doing (and will do) to minimize risk to your customers. After all, they are trusting you to protect them.
 

Consolidating Micro Data Centers

Lorin Olsen

Cloud-based-Microservices
Cloud-based Microservices

Cloud computing is an information technology (IT) paradigm that enables ubiquitous access to shared pools of configurable system resources and higher-level services that can be rapidly provisioned with minimal management effort, often over the Internet.”

Using this definition, the key elements of cloud computing are as follows:

  • Network access
  • Shared groups of systems and services
  • Rapid (and dynamic) provisioning
  • Minimal  management

Nothing in this definition speaks to the size of the “data center” which houses these systems and services. Most of us probably think of Amazon, or Google, or Microsoft when we think of cloud services. But it need not be a multi-million dollar investment for it to be a part of cloud computing.

Data Center Consolidation

This past weekend, we closed one of our data centers. Specifically, we shut down the facility in Waldo, Missouri. This “data center” was a collection of systems and services. It hosted the web site, the file servers, and one of our DNS servers. But these weren’t housed in a vast data center. The services were located in a room within a  residential property. For the past four months, we ran this site remotely. And this past weekend, we consolidated all the Waldo services at our Elgin facility.

Like most moves, there was a plan. And the plan was fluid enough to deal with the challenges that arose. And as happens with most consolidations, some spare gear became available. We reclaimed the DNS server (a Raspberry Pi). And we re-purposed the premise router as a test platform at our Elgin site.

Since this site was both business and residential, we had to re-architect the storage infrastructure to accommodate multiple (and dissimilar) use cases. We also moved key data from local storage on the servers to the consolidated storage farm. 

Once cleared out, we returned the property back to the landlord.

Service Consolidation

As noted, we consolidated all of the file servers into a single storage farm. But we did need to migrate some of the data from the servers and onto the new storage. Once we migrated the data, we consolidated the streaming servers. The overall experience for our streaming customers will become much simpler.

Hardware Re-use

With the release of one of our routers, we are now able to put a test bed together. That test bed will run DD-WRT software. The process of converting the Netgear infrastructure to DD-WRT was quite tedious. It took four (4) different attempts to reset the old hardware before we could load the new software. This wasn’t anticipated. And it took us beyond the anticipated change window. Fortunately, we kept our customers informed and we were able to amend customer expectations.

Once deployed, the new network build will provide VPN services to all clients. At the same time, we will be turning up DNSSEC across the company. Finally, we will be enabling network-wide QOS and multi-casting. In short, the spare gear has given us the chance to improve our network and our ability to deliver new services.

The Rest of the Story

All of this sounds like a well-oiled plan. And it did go without any real incidents. But the scale of the effort was much smaller than you might expect. The site in Waldo was a room in a rental. The servers were a desktop, a couple of laptops, a NAS box, a cable modem, a Netgear R8000 X6 router, a Raspberry Pi, and a variety of streaming devices (like a TV, a few Chromecast devices, and the mobile phones associated with the users (i.e., members of my family.

So why would I represent this as a “data center” move? That is easy: when you move connected devices across a network (or across the country), you still have to plan for the move. More importantly, cloud services (either at the edge or within the confines of a traditional data center) must be manged as if the customer depends upon the services. And to be fair, sometimes  our families are even more stringent about loss-of-service issues than are our customers.