Good read: Do you block ICMP at all places in Network?

If your answer is Yes, or you believe that blocking ICMP increases security, then please give some second thoughts for the poor support guy who gets called at 2 A.M. and needs to ping some hosts to ensure reachability….

The Problem

Many network administrators feel that ICMP is a security risk, and should therefore always be blocked at the firewall. It is true that ICMP does have some security issues associated with it, and that a lot of ICMP should be blocked. But this is no reason to block all ICMP traffic!

ICMP has many important features; some are useful for troubleshooting, while some are essential for a network to function correctly. Here are details of some of the important ICMP traffic that you should know about, and consider allowing through your network.

Read the full article at http://shouldiblockicmp.com/

Share this!

Good read: Money well spent??

A Short Story for Engineers
You don’t have to be an engineer to appreciate this story.

A toothpaste factory had a problem: Due to the way the production line was set up, sometimes empty boxes were shipped without the tube inside. People with experience in designing production lines will tell you how difficult it is to have everything happen with timings so precise that every single unit coming off of it is perfect 100% of the time. Small variations in the environment (which cannot be controlled in a cost-effective fashion) mean quality assurance checks must be smartly distributed across the production line so that customers all the way down to the supermarket won’t get frustrated and purchase another product instead.

Understanding how important that was, the CEO of the toothpaste factory gathered the top people in the company together. Since their own engineering department was already stretched too thin, they decided to hire an external engineering company to solve their empty boxes problem.

The project followed the usual process: budget and project sponsor allocated, RFP (request for proposal), third-parties selected, and six months (and $8 million) later a fantastic solution was delivered — on time, on budget, high quality and everyone in the project had a great time. The problem was solved by using high-tech precision scales that would sound a bell and flash lights whenever a toothpaste box would weigh less than it should. The line would stop, and someone had to walk over and yank the defective box off the line, then press another button to re-start the line.

A short time later, the CEO decided to have a look at the ROI (return on investment) of the project: amazing results! No empty boxes ever shipped out of the factory after the scales were put in place. There were very few customer complaints, and they were gaining market share. “That was some money well spent!” he said, before looking closely at the other statistics in the report.

The number of defects picked up by the scales was 0 after three weeks of production use. How could that be? It should have been picking up at least a dozen a day, so maybe there was something wrong with the report. He filed a bug against it, and after some investigation, the engineers indicated the statistics were indeed correct. The scales were NOT picking up any defects, because all boxes that got to that point in the conveyor belt were good.

Perplexed, the CEO traveled down to the factory and walked up to the part of the line where the precision scales were installed. A few feet before the scale, a $20 desk fan was blowing any empty boxes off the belt and into a bin. Puzzled, the CEO turned to one of the workers who stated, “Oh, that…One of the guys put it there ’cause he was tired of walking over every time the bell rang!”

$8 million vs $20    Hmmm! Money well spent?

<author unknown>

Share this!

Rules of Networking

I have to admit that I’m obsessed with RFC1925 and do my best to apply it to all aspects of my work.

Just as a note to self, I post the Twelve Networking Truths here, and hopefully add more relevant ideas I find in the course of time.

  1. It Has To Work.
  2. No matter how hard you push and no matter what the priority, you can’t increase the speed of light.
    1. (corollary). No matter how hard you try, you can’t make a baby in much less than 9 months. Trying to speed this up *might* make it slower, but it won’t make it happen any quicker.
  3. With sufficient thrust, pigs fly just fine. However, this is not necessarily a good idea. It is hard to be sure where they are going to land, and it could be dangerous sitting under them as they fly overhead.
  4. Some things in life can never be fully appreciated nor understood unless experienced firsthand. Some things in networking can never be fully understood by someone who neither builds commercial networking equipment nor runs an operational network.
  5. It is always possible to aglutenate multiple separate problems into a single complex interdependent solution. In most cases this is a bad idea.
  6. It is easier to move a problem around (for example, by moving the problem to a different part of the overall network architecture) than it is to solve it.
    1. (corollary). It is always possible to add another level of indirection.
  7. It is always something
    1. (corollary). Good, Fast, Cheap: Pick any two (you can’t have all three).
  8. It is more complicated than you think.
  9. For all resources, whatever it is, you need more.
    1. (corollary) Every networking problem always takes longer to solve than it seems like it should.
  10. One size never fits all.
  11. Every old idea will be proposed again with a different name and a different presentation, regardless of whether it works.
    1. (corollary). See rule 6a.
  12. In protocol design, perfection has been reached not when there is nothing left to add, but when there is nothing left to take away.
Share this!

Overview of ISMS

This post is my snippet of Wikipedia article about ISMS.

The governing principle behind an ISMS is that an organization should design, implement and maintain a coherent set of policies, processes and systems to manage risks to its information assets, thus ensuring acceptable levels of information security risk.

PDCA (ISO/IEC 27001:2005):
  • The Plan phase is about designing the ISMS, assessing information security risks and selecting appropriate controls.
  • The Do phase involves implementing and operating the controls.
  • The Check phase objective is to review and evaluate the performance (efficiency and effectiveness) of the ISMS.
  • In the Act phase, changes are made where necessary to bring the ISMS back to peak performance.

Continue reading “Overview of ISMS”

Share this!