bill’s blog

I voted for George W. Bush. I was an idealist! 9/11 set the US on its ear. We were fighting the wrong that was done to us but then it stopped. Don’t get me wrong I will always support our troops where ever they may be fighting but I no longer believe we were sent to Iraq to rout out terrorism, or WMDs, or saving a people from a tyranical ruler! We went there for other reasons but that’s not the point! Let’s take a moment to compare Sun Tzu’s The Art of War to that of President Bush. The Art of War is accepted as a masterpiece on strategy and often referenced by generals and theorists throughout history (McNeilly, 2001).

All warfare is based on deception!
- Sun Tzu, The Art of War, chapter 1 paragraph 18

This is probably the most famous line in the entire book and has been heavy quoted through out the ages! Sun Tzu meant this in terms of one force trying to hide the reality of their strengh and strategy! Unfortunately, President Bush used it against the people of the United States. We were decieved as a nation to the exact threat caused by Iraq! We were lead into a war under the guise of imminate danger! Saddam Hussein had weapons of mass destruction and we needed to stop the deployment of these weapons. Problem is there were no weapons.

Moving on…

Again, if the campaign is protracted, the resources of the State will not be equal to the strain.
- Sun Tzu, The Art of War, chapter 2 paragraph 3

I could have used…

There is no instance of a country having benefited from prolonged warfare.
- Sun Tzu, The Art of War, chapter 2 paragraph 18

But the first paragrapgh seems more appropreate today! The second engagement with Iraq has gone on for more than 6 years (started March 20, 2003) at a current cost of $12.5 billion per month! In today’s economic climate, that money could have gone to better use at home! Now there are many that will say President Bush couldn’t have known about the housing collapse! Oh yes he did! It was coming for a long time and when it did President Bush got to wipe his hands clean and go back to the ranch… “Yee Haw, dodged that bullet!” Anway you look at it, today’s cost is $150 billion per year minimum. Think we can use that to better our lives here in the US? Especially now. I do!

When he keeps aloot and tries to provoke a battle, he is anxious for the other side to advance.
- Sun Tzu, The Art of War, chapter 9 paragraph 19

This is where President Bush used the mask of WMD to advance on Iraq. Many Chinese scholars have read this to mean that the general is anxious to dislodge their advarceary for a strong position. Aloof? Why? Because we the American people would not see through the weak arguments or prehaps the strong position that Iraq holds is buried beneath the desert! I don’t know? Could be!

Resources:

McNeilly, Mark R. (2001), Sun Tzu and the Art of Modern Warfare, Oxford University Press, ISBN 0195133404.

It amazing… I just heard today that US Airways would be charging $15 for the first bag checked and an additional $25 for the second bag checked! Let’s just hope they don’t lose you bag in the Hudson! But seriously! I am outraged but these fees charged for checked bags! Slowly but surely we’ll be charged an access fee for the boarding ramp (once they figure out how to make that work). And why are we being charged this extra fee?

You’re looking at $1020 minimum!

US Airways presents this explanation on their website…

“We’ve simply had to look at ways to offset our increased operating costs. Approximately 67 percent of US Airways customers check one bag, and every checked bag drives our operating costs a little higher. Our revenues must keep pace with our operating costs.” (usairways.com, 2009)

While I can accept this argument… How about this! When gas prices were higher so were the cost of airline operations BUT gas prices have dropped yet these increases that were put in place to offset these cost for business never seemed to have gone away once prices dropped!

Spirit Airlines by comparison has been charging for checked bags since June of 2007.

“Instead of raising every fare in response to ever increasing fuel prices, our new luggage policy gives passengers the opportunity to control their cost of travel by packing lighter,” says Barry Biffle, Spirit’s senior vice president (Stoller, 2008).

Do they think we’re stupid? Hey I can fly for cheaper if I pack lighter. I’m going to Asia for a month… Let me just pack my underwear… I’ll get by!

Barry Biffle goes on to say… “The positive reaction that you get out of the 90%, is, ‘Wow, you can keep fares even lower?’ ” (De Lollis, 2007)

Please that’s not what I was hearing from 90% of the people on line with me when I flew Spirit to Myrtle Beach!

American Airlines is somewhat less clear about whose going to be charged? We’ll see shortly but one of their claims is that if I purchase a full price ticket I’m exempt from the charge (aa.com, 2009) So my question is, “What is a full-fare Economy Class ticket? And how would I know?” I purchased a ticket I paid my fare you sold me the ticket… it’s a done deal. That is until you show up at the airport and the airline tells you differently. Are you just not going to pay the charge and NOT get on the plane? I think not… You will and you’ll be bitter about it.

The best part about all this is that you can still carry luggage on without being charged a fee. Now I can’t tell you how many times I’m sitting on a plane and some inconsiderate passenger decides they want to place their gear above your seat. They stand there forcing an oversized bag into a compartment that is way to small for it… banging and cursing all the way through the process!

OR they prevent you from exiting the plane because the only compartment opened when boarding is in the back of the plane… can they try getting to the gate on time. OR how about there’s not enough room in the compartment where you placed your bags… They stuff their bags into the compartment even though they know it won’t fit, crushing the contents within my bag!

Now I can see the reasons why airlines may feel they’re justified for charging for checked bags BUT build it into the price. The last thing a customer needs to do is start paying for things at the counter again. There’s not enough help now. Kiosks have become all the rage. Slide you credit card or passport to check in… Try and find you luggage tags. This will only leave people more enraged that the business they are paying there hard earned money too doesn’t give a crap about them… It’s all about the bottom line.

Yes I do know the airlines are businesses and are in it for the profits BUT the lack of regulations means they can do what they want until the customers have had enough. The flying public are held hostage to inconsiderate airline employees but on the ground and in the air. And when you try to push back you are threatened with Federal laws and who needs the hassle of having to defend your rights. It’s not worth it and the airlines know this! Maybe the airlines should have to pay the expenses on a lawsuit for a wrongly charged individual!

How about this… Charge us for the ticket… It includes everything that passengers want… In flight movies (headphones included), Snacks and/or meals (depending on the flight) and checked baggage. Charge use all the same rate. Discounted fares you never get the information when purchasing your ticket. Fly the flight… It’s not my fault that you didn’t get enough passengers cause you charge so much!

Resources:

De Lollis B., (3/6/2007), Spirit Airlines charges for baggage, beverages, Retrieved on April 24, 2009 from http://www.usatoday.com/travel/news/2007-03-06-spirit-airlines-charge-baggage-fare-sale_N.htm

Stoller, G., (2/18/2008), Airlines want you to pack less — or pay more, Retrieved on April 24, 2009 from http://www.usatoday.com/travel/flights/2008-02-18-checked-bags_N.htm

Unknown, (2009), New baggage policy, Retrieved on April 24, 2009 from http://www.usairways.com/awa/content/faqs/newpolicy.aspx#exemptions

Unknown, (2009), Baggage Exemptions, Retrieved on April 24, 2009 from http://www.aa.com/aa/i18nForward.do?p=/utility/baggageExceptions.jsp

At some point in your career as a system administrator you will be called upon to gather network traffic to find out where a system is failing. Sure ping and traceroute are wonderful tools that are down and dirty. They will tell you whether or not you have a basic IP connection and where it is failing BUT it doesn’t tell you much more than that. We at times will need to find out what is failing. Is it a mis-configured application? Are we sending data in cleartext when it should be encrypted? Are we “speaking” to the right DNS server? There are many ways to skin a cat in our profession BUT getting a packet dump really gives you insight to what is being put out onto the wire. There are a couple of things to consider before you actually start to collect data.

1. What data are you trying to collect?
2. What does the network topology look like?

It’s important to know what data you’re looking to collect because it will determine where to place your network-monitoring tool. Are you looking to collect the traffic between your web server (in a DMZ) and your internal network? Or are you looking to collect the traffic from that web server out to the world? If you’re using 2 NICs to separate out your traffic the monitoring tool will need to be placed on the interface that you are looking to capture the data of. Now this may sound simple (and in this case it is) BUT your typical SMB (small or medium business) network is often a lot more complicated. Another scenario is the ever-popular WLAN. What traffic are you looking to collect? Do you want to capture beacon frames or are you only looking at higher layer traffic? Hopefully you get the idea…

Next… How is the network laid out? Is it a HUB based network or is it a switched environment. Why is this important? Well let’s look at the mechanics of each. A Hub takes a packet that is received on one port and passes it to every other port on that port regardless if the packet’s final destination lies connected to that port. So in essence, any NIC that is connected to a hub can see all the network traffic that passes through the hub. If the traffic you are looking to capture all takes place on that hub your job is made easy. Practically speak… this is not realistic. The network issues surrounding a hub based environment (packet collisions) and the ever-dropping cost of switch technology makes this scenario highly unlikely.

Switches have all but replaced hubs in SMB environments. This presents some obstacles in gathering the traffic we are looking for. The Data Link Layer of the OSI model is where we tie the Network layer (IP address) to a physical attribute (MAC) of the machine we are working with. And while there is one additional layer to the OSI, all traffic is really run through the Data Link layer. SO what does this have to do with the price of rice in China? Well, a switch builds what’s called ARP tables. ARP (or address resolution protocol) matches an IP address with a computers MAC address. The switch then directs traffic received on one port to the port where the final destination resides! That destination is based on the MAC address of the host in question.

Remember… we are talking about hubs and switches. These are pieces of hardware! That being said because the traffic is directed between the receiving port and the destination port, other ports are not privy to the conversation between the two. Because there is still a need to ‘see’ the traffic that is passed between two ports (think network monitoring!), switch manufacturers have come up with a solution can the SPAN port (Switched Port ANalysis). This allows traffic to destined or sent from one port to be mirrored on another. There is a down side to this. Under heavy loads, packets can and will be dropped! This could and often does cause for the misinterpretation for the data collected.

The last option is called a TAP. Taps are hardware devices that are placed on the network and used when the need arises. Adding or removing the TAP from the network will result in network outages. The benefit to a TAP is that it preserves the full-duplex nature of a switched environment! It will not drop packets (that is if the line being monitor is NOT over-utilized). TAPs need to be strategically placed. Remember… What traffic are we looking to capture? There is a downside to TAPs. They are more difficult to set up! In order to properly implement these devices special configuration for NIC and/or the purchase of specialized hardware is required to combine the trace together. TAPs are usually used in places where putting a switch doesn’t make sense and you want to maintain the full bandwidth of the line!

WOW… I played with Legos growing up and we’d try to make weapons… Especially after Star Wars came out! We never came close to anything like this!

Wireless networks do not offer the same protect as a wired network… At least in terms of physical access! That being said… Any traffic that goes over a wireless link should be encrypted… whether it through the use of SSL or a VPN tunnel. There are zero guarantees of privacy without this!

Most consumer-based and many enterprise based APs use a technology similar to basic hubs. All traffic on the AP can be ‘seen’ by any other host attached to the AP (and for that matter any node using the same SSID). This is exactly the type of environment that makes hacking enjoyable… sit back and watch the password pass in cleartext . In other words, it is not a switched environment! Meru Networks does offer AP that are ‘switched’… however these devices are quite pricey and out of reach of most companies!

With the prices of wireless access point dropping, anyone can set up one in a corporate environment without great effort. Unfortunately, there are security risks involved with this. Now any one within range of the WAP can attach to the AP and have at the corporate resources. In a truly secure environment, all wall jacks would not be active until a computer is attached to it. There’s nothing stopping the end-user from unplugging their workstation and jacking in their newly acquired device and running their desktop and a wireless client. Scanning for Rogue access points helps to minimize this risk… but it needs to be performed on a regular basis!

Note: Don’t purchase desktop machines with both a NIC and a Wireless card installed!

Bluetooth is another technology that needs to be monitored. More and more, users are taking advantage of technologies that until recently were slow to make their way into corporate environment. While limited in scope with regard to network-based resources. They still can be used to store data that the company may not want you to take off the premises.

The date April 8, 2009 is one that should have never come. It has been reported that ‘cyberspies’ have gained access to the US power grid and could take control at anytime. Seems to me that this could have been avoided. Why? Because the United States has known this could happen as early as June 1997! During that second week of June, The NSA (or National Security Agency) sponsored cyber-warfare exercise called Operation: Eligible Receiver. The Objective of the exercise was for the NSA “RED Team” to take control of the computer systems of the US Pacific Command. The NSA was successful at compromising their ‘primary’ objective and additionally was able to compromise various systems controlling the US power grid. Lastly, they were able to compromise the systems controlling the 911 emergency call network. The scary thing about Operation: Eligible Receiver was the vectors of attack were not overly complicated. The attackers were able to use the following:

• DOS (Denial of Services) attacks
• Email spoofing
• Brute-force/dictionary password cracks
• Brute-force/dictionary password cracks
• Mis-configured services
• Social engineering attacks

The lessons learned from the exercise showed serious problems with defending critical information systems and infrastructures, on which the DoD (and the nation) depend (Janczewski, et. al., 2008). If that were not enough to draw some attention to the serious nature of the problem, in February of 1998, computers within the Navy, Marine Corps, and Air Force came under real attack. Solar Sunrise (as the attack came to be known as) exploited a well-known vulnerability in the Solaris operating system and was believed to have originated from, the Middle East.

As part of the Wall Street Journal’s online presence, polls are taken of readers for reader reactions to major articles. The poll for April 8th was, “How worried are you that a cyber attack could damage U.S. infrastructure?”

Source: Wall Street Journal Online.

Incredibly, 940 votes were cast indicating that they were not very worried about an attack against our electric infrastructure here in the US. How can you not be! The sad thing is that the companies that maintain these systems were not the ones that discovered the compromise! The discovery was made by U.S. intelligence agencies. NERC (or the North American Electric Reliability Corporation) is an international, independent, self-regulatory, not-for-profit organization, whose mission is to ensure the reliability of the bulk power system in North America (nerc.com, 2009). As part of the organization’s role in fulfilling its mission is the publication of compliance standards to help minimize the risk of cyber-attacks. NERC Standard CIP–002–1 deals with the identification of critical assets within the bulk Electrical Delivery Systems. Just yesterday, Michael Assante, Vice President and Chief Security Officer for NERC released a memo urging members to take a “fresh comprehensive look” at the evaluation of their Critical Assets. The memo was prompted in part because of the results of a recent survey that suggests that certain qualifying assets may not have been identified as “Critical” (Assante, 2009). It seems as though many suppliers are not identifying critical components in the delivery system leaving them exposed to these types of cyber-attacks.

SO why are we dealing with this today? …Because these systems are not government resources. These systems are private networks. Congress approved $17 billion in funding to protect government networks. The bill did not disclose which systems/networks would benefit from the funding however a senior Pentagon official said Tuesday the Pentagon has spent $100 million in the past six months repairing cyber damage (Gorman, 2009).

Now some may say this is the stuff of science fiction but let’s take a look:

Worchester Airport, Massachusetts, 1997 – A hacker was able to gain access to the communication system there disabling the radio transmitter that activated the approaching runway lights.

Arizona, 1998 – A 12 year-old gains access to the SCADA systems controlling Roosevelt Dam (though this has been disputed).

Queensland Australia, 2000 – Vitek Boden hacks into the Maroochy Shire Wastewater System and releases raw sewage into the parks, rivers and grounds surrounding the Hyatt Regency hotel.

Titan Rain, Nov. 14, 2004 – Chinese hackers compromised computers at U.S. Army Information Systems Engineering Command in Fort Huachuca, Ariz., the Defense Information Systems Agency in Arlington, Va. and the U.S. Army Space and Strategic Defense installation in Huntsville, Ala (zdnet.com, 2005).

Estonia, 2007 – A distributed denial of service attack was launched against the websites of the Estonian parliament and the national bank.

San Francisco, California, 2008 – Terry Childs is accused of tampering the city’s email system and locking out network administrator from the city’s FiberWAN network. Child’s gained access to the root password on the city’s routers and could effectively turn-off the city’s network.

This is not the first time a power grid has been the object of a hacker’s attack. CIA analyst Tom Donahue told utility engineers at a conference last year that in other countries, hackers had broken into electric utilities and demanded payments before disrupting power – in one case turning off the lights in multiple cities (ap.org, 2009). In the case of the recent discovery the SCADA (Supervisory Control And Data Acquisition) systems were said to be compromised. SCAA is a standardized and open solution that is used in the operations of many industrial control systems. Systems that use SCADA processes include:

• Electrical distribution facilities
• Drinking water distribution centers
• Sewer treatment plants
• Oil and gas pipelines systems
• Nuclear power plants
• Airports

Protecting the electrical grid and other infrastructure is a key part of the Obama administration’s cyber-security review, which is to be completed next week. The Obama administration is weighing whether to expand the program to address vulnerabilities in private computer networks, which would cost billions of dollars more (Gorman, 2009).

OK we’ve lived through blackouts before… the government will fix this BUT… The point is the government has known about this for years and yet it happened. The Cybersecurity Act of 2009, gives the President of the United States the authority to declare a cybersecurity emergency and order the limitation or shutdown of Internet traffic to and from any compromised Federal government or United States critical infrastructure information system or network (section 18, paragragh 2). Now, the United States Government control vast amounts of the Internet… definitely critical infrastructure! BUT… where does that end? For certain any of the above mention SCADA systems but how about systems in hospitals? Or how about financial systems? A little over-reaching? Perhaps! BUT maybe we should look at fixing the systems not pulling the plug!

BTW, The systems that were comprised are said to have been ‘purged’ of all installed malware.

Resources:

Assante, M., (2009, April7), Critical Cyber Asset Identification, Retrieved on April 8th, 2009 from http://www.nerc.com/fileUploads/File/News/CIP-002-Identification-Letter-040709.pdf

Espiner, T., (Nov 23, 2005), Security experts lift lid on Chinese hack attacks, Retrieved on April 8th, 2009 from http://news.zdnet.com/2100-1009_22-145763.html

Gorman, S., (2009, April 8 ) Electricity Grid in U.S. Penetrated By Spies, Retrieved on April 8th, 2009 from http://online.wsj.com/article/SB123914805204099085.html

Janczewski, L., & Colarik, A., (2008), Cyber Warfare and Cyber Terrorism, IGI Global, Hershey PA

Robertson, J., & Sullivan, E., (2009, April 8 ), Spies compromised US electric grid, Retrieved on April 8th, 2009 from http://hosted.ap.org/dynamic/stories/T/TEC_ELECTRIC_GRID_HACKING?SITE=AZPHG&SECTION=HOME&TEMPLATE=DEFAULT

Unknown, (2009), North American Electric Reliability Corporation, Retrieved on April 8th, 2009 from http://www.nerc.com/page.php?cid=1|7|10

Various, (2009, April 9), (POLL) How worried are you that a cyber attack could damage U.S. infrastructure?, Retrieved on April 9th, 2009 from
http://forums.wsj.com/viewtopic.php?t=5653

Never act without purpose and resolve, or without the means to finish the job.

- Marcus Aurelius

WOW… I can´t believe that you´re a year old. This has been the fastest year of my life. You´ve grown so fast and you bring such happiness to this house. Mommy and Daddy love you very much!