Archive for RB

| September 30, 2015
Comments Off on Project Management Tips for Small Engagements

Project Management Tips for Small Engagements

Project Management Tips for Small EngagementsWe have all been involved in projects that do not rate a full project team where one person has to take on multiple project roles. CircleID offers project management tips for small engagements If an engineer, developer, or technician takes on the project manager duties.

If you should find yourself in such an expanded role, the article says to be S.M.A.R.T. about the kick-off meeting. The author recommends during your kick-off meeting (call) be sure you review the statement of work (SOW) and make sure the project goals and milestones are:

Good foundationSpecific: Specificity reduces misunderstandings.

Measurable: A task that is not measurable will never be completed. How would you know when it’s finished?

Agreed upon by all parties: If a milestone or task is not agreed upon by all parties, it is not worth doing.

Realistic: It is the task of the delivery engineer to determine what is realistic and craft a plan that takes into account the client approval processes, change management restrictions, and human resources.

Time Constrained: A task or milestone that has no time constraints will always be finished “tomorrow” and never today.

ChecklistsOn small-scale engagements in which there is a finite number of project hours (aren’t they always limited?), the kickoff call may be the only structured status meeting that occurs prior to onsite project delivery. This makes the meeting more urgent: it’s your chance to open communication channels that are crucial to success.

And while you might think project goals are apparent to everyone, experience tells us that sometimes this simply isn’t the case. In fact, it is not uncommon for key personnel to have never seen the SOW.

Kick-off meetingThink about it: representatives from divisions such as network, application, firewall, network operations center (NOC), security operations center (SOC), identity management, and the Change Control Board were most likely not involved in crafting the SOW — nor were they consulted prior to the contract being signed. Although the project’s success is dependent on their work and expertise, they aren’t familiar with the project’s goals. The article correctly states it’s a mistake to assume they are in the loop, and as manager of the project, you must educate all the key players about all elements of the project.

Moving beyond covering the statement of work, the project goals, and how you plan to complete the project, the blog says you should also bring your sharpest, most probing questions to the meeting. Your goal should be to uncover obstacles encountered in the past and flesh out the details on how to overcome them.

Best practice of all: Remembering that the only dumb question is the one you didn’t ask.

rb-

Of course, all projects should have a trained project manager but if there is no PM, these are pretty good tips.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Project Management | Tags: , , , , ,
| September 24, 2015
Comments Off on IPv4 IPocalypse Strikes U.S.

IPv4 IPocalypse Strikes U.S.

IPv4 IPocalypse Strikes U.S.The world is ending. the IPocalypse is upon us! As I (and a lot of other people) have been warning for a while now, North America has finally run out of new IPv4 addresses. The American Registry for Internet Numbers (ARIN), the group that distributes Internet addresses for North America, said Thursday it has assigned the last addresses in its IPv4 free pool.

IPv4 dates back to 1981 and only has room for 4.3 billion unique addresses. IPv6, introduced in 1999, should have enough addresses to serve Internet users for generations, according to ARIN.

No more ew IPv4 addresses
Anyone who still needs IPv4 addresses can request them from ARIN, but they won’t have any to give away unless it gets more from the global Internet Assigned Numbers Authority (IANA) or returned addresses from users who don’t need them anymore.

According to PCWorld, ARIN already runs a waiting list for requests, which they set up earlier this year.  Users can also buy IPv4 addresses on the IPv4 grey market (rb- I first reported on the IPv4 grey market in 2011) from others who don’t need them and are looking to make some money. Addresses recently were going for around US$10-$12 each, according to people who follow the transfer market.

PC World speculates that more North American addresses may go on the grey market now that ARIN has exhausted its pool of fresh ones. That event triggered a change in the organization’s rules for approving transfers: There is no longer any restriction on how often an address holder can request transfers to specified recipients.

North American is just the latest to run out of IP addresses according to the Register.

  • APNIC, which allocates addresses in Asia-Pacific, ran out of available IPv4 addresses in 2011;
  • RIPE, which oversees Europe, the Middle East, and parts of Central Asia, ran out in 2012; and
  • LACNIC, which manages Latin America and the Caribbean, ran dry in 2014.

All that’s left is AFRINIC, which oversees Africa, and is expected to run out of IPv4 addresses in 2019.

The IPv4 space globally offers 4,294,967,296 network addresses – which seemed like an awful lot back in the 1970s when the internet was coming together. Vint Cerf, father of the internet, (not Al Gore) told the Register,

When we designed the Internet 40 years ago, we did some calculations and estimated that 4.3 billion terminations ought to be enough for an experiment. Well, the experiment escaped the lab

IPv6 uses 128-bit addresses, and there are 3.4 × 1038 available – that’s 340 undecillion, although, practically speaking, 42 undecillion are usable.

Rb-
I told you so again and again and again. Maybe now that North America has run out of new IPv4 addresses, the IPv6 migration might get some attention and pick up speed. Maybe.

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , ,
| September 22, 2015
Comments Off on How Safe Is Your Connected Car?

How Safe Is Your Connected Car?

How Safe Is Your Connected Car?There will be 250 million wirelessly connected cars on the road by 2020 according to Gartner (IT). The technical prognosticators believe that 60% – 75% of them will be capable of consuming, creating, and sharing Web-based data. In light of predictions like these and highly publicized car network attack demonstrations car need more security. Intel (INTC) has established the Automotive Security Review Board (ASRB) to help mitigate cyber-security risks associated with connected automobiles.

Intel logoAn Intel presser says ASRB researchers will do ongoing security tests and audits. They will codify best practices and design recommendations for advanced cyber-security solutions and products. Intel will publish automotive cyber-security best practices white papers, which the company will update based on ASRB findings. Chris Young, senior vice president, and general manager of Intel Security said in the presser.

We can, and must, raise the bar against cyberattacks in automobiles … Few things are more personal than our safety while on the road, making the ASRB the right idea at the right time.

Secure car networks

It is the right time to secure the networks in cars. A study released by Atlanta-based PT&C|LWG Forensic Consulting Services looked at what made cars vulnerable to attacks.
Robert Gragg, a forensic analyst with PT&C|LWG told CSO cars with the highest risk of cyber threat tended to have the most features networked together, especially where radio or Wi-Fi networks are connected to physical components of vehicles.

radio or Wi-Fi networks are connected to physical components of vehiclesToday’s modern automobile uses between 20 and 70 computers, each with its own specialized use. The article explains that engine control units oversee a wide array of electronic sensors and actuators that regulate the engine and maintain optimal performance. Vehicle manufacturers use the generic term “electronic control units” (ECUs) to describe the myriad of computers that manage various vehicle functions.

For example, the author says ECUs control vehicle safety functions, such as antilock brakes and proximity alerts. The ECU which governs climate control systems receives temperature data from sensors inside the cabin and uses that to adjust airflow, heating, and cooling.

modern automobile uses between 20 and 70 computers

What is a controller area network

Typically, all of a vehicle’s computer systems can be accessed over a vehicle’s controller area network (CAN) via the radio head unit, a computerized system that runs a car’s or truck’s communications and entertainment system.

firmware can be used to compromise the vehicleMany of today’s modern vehicles can be accessed via cellular, Bluetooth, or even WiFi connectivity. While no easy task, the CSO article says, once a hacker gains access to the vehicle’s head unit, its firmware can be used to compromise the vehicle’s CAN, which speaks to all the ECUs. Then it’s just a matter of discovering which CAN messages can control various vehicle functions.

Car attacks

These attacks can happen at a distance. PT&C|LWG study estimated minimum distances from which a vehicle could be hacked according to the wireless communication protocol it is using. For example, a passive anti-theft system could be access from 10 meters, a radio data system (or radio head unit) could be hacked from 100 meters, a Bluetooth system could be accessed from 10 meters, a smart key from five to 20 meters, and a vehicle equipped with Wi-Fi… well, it could be hacked from anywhere there’s Internet access (rb- I wrote about this vulnerability in 2011).

That may be a problem. Increasingly, carmakers are coming out with vehicles that include Wi-Fi routers for Internet connectivity. PT&C|LWG’s Gragg said.

In more advanced vehicles — the ones that have infotainment systems — wireless security and wireless access points are all connected into the navigation system. So those are more susceptible to hacking because there are just more wireless access points … Anything open to wireless capabilities is susceptible to the hacking.

rb-

In May, both General Motors (of ignition switch cover-up infamy) and the Auto Alliance, the car maker’s lobbyist, testified against a proposed exemption in copyright law that would allow third-party researchers to get access to vehicle software. A decision in that matter could come any day from the U.S. Copyright Office.

Ralph NaderThe Auto Alliance has also threatened to run to Congress should the Copyright Office rule in favor of the researchers to cover up threats to the consumer, like Volkswagen and GM. The lobbying group calls legitimate researchers attackers in a letter to a Congressional subcommittee investigating the auto industry’s ability to thwart cyber attackers; “Automakers are facing pressure from the organized efforts of technology pirates and anti-copyright groups to allow the circumvention of protected onboard networks, and to give hackers with the right to attack vehicles carte blanche under the auspices of research”.

This would set a dangerous precedent for devices connected to the Internet of Things (IoT) to be unregulated. If the automakers are successful in their DMCA claims, it would be deadly for everyone on the road too. 

Who remembers “Unsafe At Any Speed“?

 PT&C|LWG infographicRelated articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Cars | Tags: , , , , , , , , , , , , , , ,
| September 17, 2015
Comments Off on HFCC More Secure Than Most

HFCC More Secure Than Most

HFCC More Secure Than MostNYC based security reputation firm SecurityScorecard just released its 2015 Higher Education report (PDF) which has some surprising results. According to ArsTechnica the security startup pegged MIT near the bottom of its security posture list. What the Ars article did not tell us what universities had excellent security postures.

The other surprising result is that Henry Ford Community College, in Dearborn, Michigan has the 5th best security posture in the SecurityScorecard report of 485 colleges and universities.

Henry Ford Community College

The report says HFCC is among the best securing their network. HFCC scored well in all phases of the online security studied including:

  1. Web Application Security,
  2. Network Security,
  3. Endpoint Security,
  4. Hacker Chatter,
  5. Social Engineering,
  6. DNS Health,
  7. IP Reputation,
  8. Patching Cadence, and
  9. Password Exposure.

The report explains that each category consists of dozens of security-risk indicators, resulting in a holistic security assessment.

rb-

As an alumnus and former instructor at HFCC, I say well done!

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , ,
| September 16, 2015
Comments Off on Back At It

Back At It

Back from several days of vacation in Mackinaw City, completely unplugged, and enjoyed every minute of it.

Bach Seat at Mackinaw bridge
Went for a swim in Lake Michigan. The water was 65, the sun was out and 80 degrees, not as cold as I expected for the middle of September.

Sat on the beach with my toes in the sand and a drink in my hand.

Waugoshance point

Oh well, back at it on the Bach Seat.

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , ,
« Older Entries   Recent Entries »