Cornerstone Content
-
What is Zero Trust?
Zero Trust Castle & Moat construct (which assumes that all security threats come from outside an organization) is outdated & problematic. Shift in attitude from trusted to untrusted. Trust is a vulnerability. Workers (users) are our weakest link No trust-by-default… Instead, Why don’t we inherently distrust everything? The user today needs a variety of access methods to a multitude of systems (while simultaneously NOT trusting them). The ‘Zero Trust’ model allows workers to perform their roles & responsibilities in a much more secure, much less trusted environment. The framework was conceptualized by Forrester Research in 2010. Not “Trust, but verify” rather, “Verify, then trust…but only a little.” No person is…
-
IP Addresses, Subnet Masks, Subnetting, and Calculating Hosts
IPv4 IP addresses are a 32-bit (binary digit) value. IP addresses are just strings of 32 binary digits (bits!). ex: 11000000101010000000010000000010 Broken down into 4 groups of 8, separated by dots (periods/decimals). ex: 11000000.10101000.000001.00000010 Now each 8-bit value, octet, is converted to a decimal number between 0 and 255 (for a total a 256 options). So the above would translate to: ex: 192.168.4.2 This is “dotted decimal notation” aka “the dotted octet numbering system”. Tip: You should memorize that 0=00000000 and 255=11111111. You’ll find knowing this very helpful. Note: By definition, all computers on the same network have the same subnet mask and network ID. /24 is limited to IP…
-
The TCP/IP Reference Model and Layers
The TCP/IP model is a more concise take on the OSI model. The TCP/IP model contains four layers: Process/Application Layer Host-to-Host/Transport Layer Internet Layer Network Access Layer/Link Layer Network Access Layer The Network Access Layer defines how to use the network to transmit an IP datagram, or unit of information packet. The Network Access Layer is: the lowest layer physical, data link, network a directly attached network the protocols provide the means for the system to deliver data to other directly (physically) attached network devices. must be able to know the details of the underlying network (packet structure, addressing, etc.) Gateways are devices that switch packets between different physical networks.…
-
What is a social engineering attack?
Social engineering is using human interaction (social skills) to obtain or compromise data/information about an organization or its computer systems. This information can them be used to deploy an attack and/or penetrate a network further. Social engineering attacks are particularly dangerous because they prey on our human instincts, interactions and dealings with people and our contextual environment. An attacker may not fit the stereotype we hold in our heads. Social engineering preys on the fact that humans will have our guard up for natural signs of danger and natural enemies, but things get fuzzy when the distinction is not so clear. In social engineering, the attacker may seem unassuming, respectable…
-
Notes To Know: “Fundamentals of Telecommunications” by Roger L. Freeman—Chapter 1 Introductory Concepts
(Note: This is an evolving, evergreen post.) Chapter 1–Introductory Concepts What is Telecommunication? “Communications at a distance.” —Webster Dictionary “The transmission of signals over long distance, such as by telegraph, radio or television.” —IEEE Standard Dictionary Telecommunications is one of those words that has broad scope, meaning and coverage. It can mean different things to different individuals. “Fundamentals of Telecommunications” brings forth the following definition: “Some take the view that telecommunications deals only with voice telephony, and the typical provider of this service is the local telephone company. We hold a wider interpretation. Telecommunications encompasses the electrical communication at a distance of voice, data, and image information (e.g., TV and…
-
What is MPLS (Multi Protocol Label Switching)?
MPLS (Multi Protocol Label Switching) Challenges of MPLS (which helped drive the push to SD-WAN): Expensive connectivity Long time to deploy (60, 90, 120 days plus lead time) Cloud & mobile access are neglected Internet performance & availability Security Management With the old, pre-SD-WAN: ’Hub & Spoke’ topology Branches communicated with the hub & the data center Internet access was typically centralized out of the Home Office Cloud internet went thru Headquarters MPLS gave up predictability & availability Backhauling internet traffic to the Data Center for security consumes a lot of expensive MPLS bandwidth and it often means added latency. (The “trombone effect”!) MPLS circuits are expensive.
-
What is Access Control?
Traditional computer security revolves around access control. “It is where security engineering meets computer science.” —Ross Anderson, Security Engineering Access control is to control whom or who, has access to which resources in a system. Access control works at a number of levels from Hardware at the base, up through the Operating System, then Middleware, and up to the Application level. “As we work up from the hardware through the operating system and middleware to the application layer, the controls become progressively more complex and less reliable.” —Ross Anderson, Security Engineering Complexity tends to be at opposites with security. “Now now of the biggest challenges in computer security is preventing…
-
4). Intro to Hypervisor, Docker & Container Basics–(VMs) Virtual Machines [VIDEO]
There’s a great series of videos on YouTube giving a quick intro to telecommunication cloud basics. The videos feature Vikas Shokeen and are available in short 4-video series. The fourth one is below with some basic notes. 4). Intro to Hypervisor, Docker & Container Basics–(VMs) Virtual Machines [VIDEO] Docker Architecture See also: 1). Intro to Telco (Telecommunications Company) Cloud Basics, NFV, SDN, Architecture of Cloud Networks [VIDEO] 2). Intro to NFV (Network Function Virtualization) Basics–NFV Architecture, ETSI, NFV ManO [VIDEO] 3). Intro to SDN (Software Defined Networking) Basics–SDN & Openflow Architecture [VIDEO] Biblio: [1] vCloud NFV Reference Architecture [2] Tech Tutorial–Introduction to NFV: Network Function Virtualization [3] Introduction to Network…
-
3). Intro to SDN (Software Defined Networking) Basics–SDN & Openflow Architecture [VIDEO]
Software defined networking (SDN) SDN (software defined networking) is highly correlated with NFV. SDN is a big deal in IT and Telecom. NFV is all about building up virtual platforms. SDN is about making IP networks more flexible, more customizable, more programmable so that packet routing is possible with lots of flexibility and agility. Imagine a router, a physical piece of hardware, specifically designed and manufactured for implementing software functions that allow us control over the delivery of our data packets at its core. SDN now allows us to extract the software function from the actual piece of hardware. Now, we can take this extracted software function and apply it…
-
2). Intro to NFV (Network Functions Virtualization) Basic Concepts–NFV Architecture [VIDEO]
Network functions virtualization (NFV) Network functions virtualization (NFV) is a procedure that increases and improves network function by managing networks. NFV is an architectural framework providing a reference model where network functions are delivered through software…. The NFV framework was first developed by the ETSI (European Telecom Standards Institute) NFV Industry Specification Group set up in 2012. [1] There’s a lot of info on the internet about NFV and we culled together some sources through this post. Also, included is a great series of videos on YouTube giving a quick intro to telecommunication cloud basics. The videos feature Vikas Shokeen and are available in short 4-video series, with the second…