Instead of using fear as a tactic to sell cybersecurity services, I find people who are already concerned about their risk, and offer them calm confidence in exchange for money.

#CallMeIfYouNeedMe #FIFONetworks

Cybersecurity - Networks - Wireless – Telecom – VoIP

There’s a lot of misleading advertising about residential (consumer grade) VPNs. The purpose of this post is to clarify the difference between IP Masking and Virtual Private Networks.

WHAT IS A VPN?
From the official IETF documentation:
RFC 4026, Paragraph 3.10. Virtual Private Network (VPN)
“VPN is a generic term that covers the use of public or private networks to create groups of users that are separated from other network users and that may communicate among them as if they were on a private network. It is possible to enhance the level of separation (e.g., by end-to-end encryption), but this is outside the scope of IETF VPN working group charters.”

What does that mean in non-technical terms? It has two parts:
1) A VPN is a private link between two endpoints connected to each other over a network that is also used by others.
2) The private link may be encrypted (and often is), but that’s not a requirement to be classified as a VPN. (For those who are trying to wrap their head around the idea of an unencrypted VPN, I’ll give one example without going into any technical explanation: an unencrypted GRE tunnel is a VPN).

WHAT IS IP MASKING?
Refer to the middle picture. IP masking is when you use a relay service to hide the source IP address, or the destination IP address, from interested third parties.

WHAT’S MISLEADING?
Refer to the bottom picture. You don’t need to pay for a VPN service to do safe online purchasing or banking. Every time you see the padlock in your browser, or the “https” prefix on the address, you’re using an encrypted VPN connection.

THE LESSON
Next time you see an ad for residential VPN service, pay attention to the wording. What are they really trying to sell? The privacy of the VPN is automatic with https. All they’re really offering is IP masking. Do you need it? (Some people really do).

#CallMeIfYouNeedMe #FIFONetworks

Cybersecurity - Networks - Wireless – Telecom – VoIP

The client's firewall was blocking VPN attacks from IP addresses in the USA. Randomized timer with attempts anywhere from 2 seconds to 15 minutes apart. Brute force attack using first initial, last name. In the lower left corner, 19:47:05 is the last entry before I blocked the entire Class B address range.

#CallMeIfYouNeedMe #FIFONetworks #cybersecurity

Cybersecurity - Networks - Wireless – Telecom – VoIP

There are two laptops in my backpack on this trip: my regular laptop, and my air gapped laptop. The air gapped laptop is for work I do for clients when I have an NDA.

Carrying the extra weight became necessary when AI products started analyzing everything: emails, schedules, Word documents, spreadsheets, PDF files - even the simple Notepad app is now infected with spyware.

I'm now getting NDAs from clients that have specific requirements to not expose their information to AI.

On this trip I spent some time engineering a new network. When I finish the design back in my office, I'll send it to the client using encryption on a secure channel.

(Photo: my backpack keeping me company during lunch at TGI Fridays in DFW Terminal E.)

#CallMeIfYouNeedMe #FIFONetworks +1 206-465-2422

Cybersecurity - Networks - Wireless – Telecom – VoIP

Want to reduce "alarm fatigue" caused by false positives? Then quit alarming the wrong stuff. Here’s how to decide what needs to be alarmed:

If it requires immediate human attention, it's an alarm. Otherwise, it's a log entry.

This is one of the most common mistakes I see in the field when I’m working with clients on streamlining their operations and reducing downtime. There is a strong (super-strong!) tendency to say, “I’m not sure, so I’d better make this an alarm.”

In many organizations, there’s also a fear factor: “If I decide not to alarm this, and then we have a critical system outage that could have been prevented, I’ll get blamed for not enabling this alarm.”

The cure for this is twofold: (1) alarm-or-log decisions should be made by a team, so no one person has the weight of the company’s downtime on their shoulders, and (2) the manager over the alarm-or-log team needs to review and approve the team’s plan and take full ownership of it. The manager needs to have the kind of personal integrity it takes to say, “I’m responsible.”

SIDENOTE: In the Navy I was taught, “You can delegate authority, but you can never delegate responsibility. You are responsible for everything your team does.” In the civilian world I’ve seen a lot of bad managers rise in power by blaming a subordinate, and then “fixing” the problem by firing and replacing the scapegoat.

This environment of fear results in everything being alarmed, and the result is that nothing is effectively alarmed.

THE WRONG SOLUTION TO ALARM FATIGUE
The wrong solution to alarm fatigue is excessive automation. Listen to me: there is no automated detection system in a complex network that can evaluate every combination of events. The speed and scale of automated monitoring systems is essential in large networks, but they augment the human agents, they don’t replace them.

#CallMeIfYouNeedMe #FIFONetworks +1 206-465-2422

Cybersecurity - Networks - Wireless – Telecom – VoIP

Best Cybersecurity Hire...
Your best cybersecurity hire is a VP of Operations. That's right. You heard me.

Hire an Operations VP who completely overhauls your company's operations with the objective of removing as much sensitive data from the Internet as possible.

Internet connectivity is for sales and advertising. Everything else gets moved offline.

Wow. Think about how much easier you could breathe!

#CallMeIfYouNeedMe #FIFONetworks +1 206-465-2422

Cybersecurity - Networks - Wireless – Telecom – VoIP

"Find the differences in these two pictures."
You know those sets of almost identical pictures, and you're supposed to figure out how they're not exactly alike? Well, I actually get paid to do that!

A client has a cell tower on their property. The lease is with a tower management company, who then subleases the tower to mobile phone system operators (wireless carriers). My client received a request for modification to one of the carriers' systems.

As always, they asked me to review the proposed changes and submit a report with observations, comments, and recommendations.

The carrier submits construction drawings to the tower management company, who then forwards them to the lessor (my client). Then I review them.

The construction drawings include an "existing" drawing and a "proposed" drawing.

I don't just look at the described changes - I look at everything.

Well. I found a construction change in the proposed drawing that wasn't listed in the request to modify.

Is it a typo? An innocent mistake? Or an attempt to slide in a change?

"Find the differences in these two pictures."

I take that very seriously.

#CallMeIfYouNeedMe #FIFONetworks +1 206-465-2422
 
Cybersecurity - Networks - Wireless – Telecom – VoIP

Is anyone talking about IAM for AI agents? Someone needs to be making Identity and Access Management for AI agents.

When you realize this and make billions from the idea, remember to thank me proportionally.

#CallMeIfYouNeedMe #FIFONetworks +1 206-465-2422

Cybersecurity - Networks - Wireless – Telecom – VoIP

Enabling cloud connectivity to/from printers may be convenient, but it’s not without risk.

I installed this HP printer on Saturday for a small business client. I configured scan-to-folder for each employee. It took some time and would have disrupted the normal workflow, so the owner preferred a weekend remove-and-replace operation.

What struck me was how pushy HP was about setting up cloud services and wireless printing from mobile devices. For this client, the answer is “no” to all of those. Regarding HP’s request for analytics, I didn’t even ask the client; I just selected no to all.

There are a few lessons here.

1) Bandwidth is a finite resource. The more printers and other devices in the LAN that have vendor analytics enabled, the more LAN bandwidth is consumed. Is your network slow? Do your switch port statistics show a ton of traffic? How much can you reduce that traffic by denying permissions for vendor analytics?

2) Where is your data going? You may think you have it all locked down in your Azure/AWS/Google account, and then you discover a printer that someone has configured to use HP cloud services, or some other storage you’re not monitoring.

3) Clicking “yes” on one of the questions requesting analytics for product improvement during installation is all it takes to open a path to a system on the Internet that you don’t control.

4) When you’re all done with your new printer installation and configuration, before you disconnect from the management GUI, take one last look at the cloud management menu (in this example, “HP Cloud Connection.” You may have enabled a cloud connection without even realizing it.

#CallMeIfYouNeedMe #FIFONetworks +1 206-465-2422

Cybersecurity - Networks - Wireless – Telecom – VoIP

Someone isn’t playing nice.
I’m doing end-of-month maintenance for one of my clients. This includes reviewing the firewall logs to look for problems. I found someone with an IP address based in the USA repeatedly trying to login to my client’s system. It was an automated “dictionary” attack. They kept hammering away at it with a “dictionary list” of common login names. They were consistently “denied due to bad credentials,” but I went a step further and blocked their IP address. Now they can’t even communicate – they can’t enter a username on my client’s system to even try.

#CallMeIfYouNeedMe #FIFONetworks +1 206-465-2422

#MSP #RemoteTechSupport #cybersecurity