Discover how mastering email communication can boost business efficiency, avoid common pitfalls, and ensure secure, respectful online interactions.
Turkey Revenge
The turkeys are pissed this Thanksgiving they are seeking revenge.
Germs Infest 60% of Americas Phones
60% of Americans sleep with their phones, harboring germs. Cleaning regularly with UV sanitizer or alcohol wipes can help keep your phone and bed germ-free.
Smartphone Sanitizing: A Practical Guide
Securely erase personal data from your old smartphone before recycling. Protect your identity from hackers—easy steps to follow.
Why Soft Skills Matter in Today’s Job Market
Boost your career with essential soft skills like communication, teamwork, and emotional intelligence. Learn why they’re crucial for workplace success.
Did NSA Subvert IPv6 Security?
Cryptographer and Electronic Frontier Foundation (EFF) board member Bruce Schneier has given advice on how to be as secure as possible. “Trust the math,” he says. “Encryption is your friend. Use it well, and do your best to ensure that nothing can compromise it. That’s how you can remain secure even in the face of the NSA.”
All UR emails R mine
Mr. Schneier confirms to Infosecurity that the growing consensus is that Bullrun‘s greatest success is in subverting the implementations of encryption and not in the ability to crack the encryption algorithms themselves. The general belief is that the NSA has persuaded, forced or possibly even tricked companies into building weaknesses or backdoors into their products that can be exploited later.
Infosecurity says the bottom line, however, is that the fabric of the internet can no longer be trusted. Meanwhile, John Gilmore, co-founder of EFF and a proponent of free open source software, has raised a tricky question: has NSA involvement in IPv6 and IPSEC discussions effectively downgraded its security? IPSEC is the technology that would make IP communications secure.
Mr. Gilmore told the author that he was involved in trying to make IPSEC “so usable that it would be used by default throughout the internet.” But “NSA employees participated throughout, and occupied leadership roles in the committee and among the editors of the documents.”
The result was “so complex that every real cryptographer who tried to analyze it threw up their hands and said, ‘We can’t even begin to evaluate its security unless you simplify it radically‘” – something that never happened EFF’s Gilmore observed.
Mr. Gilmore doesn’t explicitly say that the NSA sabotaged IPSEC, but the fact remains that in December 2011, IPSEC in IPv6 was downgraded from ‘must include’ to a ‘should include.’ He does, however, make very clear his belief in NSA involvement in other security standards.
Discussing cellphone encryption, the EFF co-founder says “NSA employees explicitly lied to standards committees” leading to “encryption designed by a clueless Motorola employee.”
To this day, Mr. Gilmore notes that “no mobile telephone standards committee has considered or adopted any end-to-end (phone-to-phone) privacy protocols. This is because the big companies involved, huge telcos, are all in bed with NSA to make damn sure that working end-to-end encryption never becomes the default on mobile phones.”
rb-
Following the Snowden leaks revealing Bullrun – the NSA program to crack the world’s encryption – the article states that there is an emerging consensus that users can no longer automatically trust any security.
Other articles say that NSA has compromised SSL so the NSA has access to credit cards and your 4G phones. This is another unnecessary attack on US e-commerce business who is going to buy something online when your account numbers are in the hands of US government hackers.
Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedIn, Facebook, and Twitter. Email the Bach Seat here.
PoE Overworked
Gary Audin at No Jitter warns that Power over Ethernet (PoE) is not always a plug-and-play environment and PoE should be monitored, managed, and efficient. In this article, Mr. Audin observes that PoE has evolved into an electrical power device utility platform. POE started out as a centralized power source for IP phones, backed up with an Uninterruptible Power Supply (UPS). (rb- Click here and here for my overview of PoE) Since those early Cisco dominated days. The article says PoE now is called upon to support wireless access points; environmental controls; point, tilt, and zoom cameras; lighting control; clocks; door controls; Bluetooth devices; RFID; now laptops, and still more to come.
The LAN switch is the PoE source, but the article warns it can be overwhelmed with the power drain, which produces headaches for IT. Unless properly managed, the PoE function can experience:
A blown-out power supply. Smoke is an indicator of this condition.- Reduced power to all devices with degraded service from all the attached devices.
- An added PoE device does not work.
- The more power is drawn by PoE, the shorter the UPS battery life. The original UPS design could last 20 minutes. Added PoE devices could shorten this to 3 minutes.
PoE IP phones and other devices can signal to the PoE network what class of device it belongs to and how much power it may need. Class 0 devices, usually older devices, do not indicate their PoE power requirements. These devices may draw any power level from none to maximum. The other standard classes, 1-3, range from very low power to mid-level power consumption.
Class 4 is a newer class of device requiring PoE+ (802.1at) and needs to draw more than the 12.95 Watt maximum provided by the original standard PoE. Class 4 devices must be powered by PoE+ ports and may not function correctly on an 802.3af PoE port. Most IP phones are in class 2. IP phones with color screens and other advanced features may be categorized as class 3 devices.
PoE Access Points Wireless LAN access points are also common PoE devices, many of which started out as class 2 and 3 devices. As the wireless speeds increased, so did the power requirements. The 802.11ac standard means that the access points (AP) will have a 1 Gbps connection back to the switches and routers.
At issue is the PoE required. It is likely that each AP could need 20 to 30 watts, the limit that the 802.1at PoE+ standard delivers. Many installed switches cannot support PoE+. So the enterprise has to buy new switches or power supplies or power injectors. (rb- add this to your site-survey when you plan to implement 802.11ac)
Mr. Audin spoke to Tim Titus, CTO, and founder of PathSolutions, (they happen to sell a network management tool) about what he considers a good approach to monitoring and managing POE. He told No Jitter,
“Regardless of whether there are any PoE or PoE+ devices on a network, it can be very helpful to monitor the health of our network equipment’s power supplies. The best monitoring system watches the status and power consumption of each power supply, what percentage of utilization it is running, and which interfaces are drawing power, so power policing can be achieved.”
He provided this example of missing power management.
“Keeping an eye on power supplies avoids unpleasant discoveries. One unlucky network administrator had two power supplies installed in a network chassis (one primary and one backup). Unfortunately, when the primary power supply stopped working, nobody knew, since the backup power supply was doing its job of keeping everything running. The problem wasn’t noticed for over six months. Nobody was in the empty remote wiring closet to notice the lack of lights on the power supply. The users remained blissfully unaware of impending doom until the wee hours of a weekend when the second power supply was shut off by a circuit-breaker trip!”
Mr. Titus pointed out to Mr. Audin, that monitoring should happen at the port level,
“Not only will a monitoring system show you what mode a PoE port is operating in, but it should also provide a view of relevant error counters.
- MPS Absent and Invalid Signature errors frequently point to broken or defective powered devices.
- Overload conditions and short-circuits typically point to wiring problems (or somebody re-wiring devices in use).
- Denied errors can point to devices asking for more power than the switch has available, and may indicate that it is time to consider adding another power supply to a large Ethernet chassis.”
How did that happen?
Finally, many network engineers try to buy limited PoE due to the cost premium of POE ports, only to find that half of their PoE ports are used by non-PoE devices such as PCs. With a monitoring tool, the engineers could have avoided buying expensive PoE ports or purchased less expensive “ordinary” Ethernet ports. The engineers should have an up-to-date PoE port inventory and use it to avoid over-buying the PoE by playing safe in their design. (rb- Been there done that, I’ve been in many customer’s closets and found POE switches full of PC and printer access ports.)
rb-
The author warns not to assume that PoE is always a plug-and-play environment. PoE should be handled like a utility–monitored, managed, and efficient.
I have tried to build custom fields by working with reports in SolarWind’s Orion by working with MIBs, it’s not the funnest thing in the world. I wonder if this product does a better job.
Related articles
- Have you ever stopped to think…that PoE is good for the environment? (lukefrostblog.wordpress.com)
Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedIn, Facebook, and Twitter. Email the Bach Seat here.
Is Connected Car Data Worth $1,400 Annually?
Michael Strong at TheDetroitBureau.com reports that Continental AG and Cisco (CSCO) recently demoed a highly connected car using the internet to improve vehicle safety and infotainment options at the recent Center for Automotive Research Management Briefing Seminars in Traverse City, MI.
The firms believe they’ve produced a connected car that provides a balance between giving consumers a safe, connected driving experience while providing companies with a chance to offer services that enhance the driving experience: for a price.
According to the article, the companies involved in bringing the Internet to cars collect an enormous amount of information about drivers. This presents a variety of challenges when it comes to privacy, who owns the information, how can or should it be used and what’s it worth?
While privacy and data ownership issues are still up in the air thanks to the U.S. government. Andreas Mai, director of product management at Cisco, believes data generated by a connected car is worth about $1,400 a year. He breaks it down this way:
- Drivers can save $550 through better fuel economy, less time stuck in traffic, lower insurance rates, etc.
- Society can save $420 by employing car platoons to speed up traffic and increase a road’s capacity.
- Service providers can earn $150 by providing traffic guidance, navigation, parking, emergency services, etc.
- Automakers can save $300 in lower warranty costs, profitable apps, etc.
The key, according to the article, is to maximize the information that can be collected (and re-sold) is convincing drivers that they get a tangible benefit from releasing the data, such as shorter commutes or lower insurance rates (thanks Flo). According to a survey by Cisco, 74% of drivers were willing to share vehicle information. However, who or what owns that information still needs to be sorted out, he said. They must balance all of those things against the driver’s wants and needs: connectivity, infotainment, and cutting-edge safety features.
The firms believe they’ve produced a connected car that provides a balance between giving consumers a safe, connected driving experience while providing companies with a chance to offer services that enhance the driving experience: for a price.
Continental and Cisco teamed up to keep the bits flying. As a vehicle moves it needs to prioritize the critical needs of drivers and passengers for network connectivity, according to the article. Digital Trends explains that Continental will supply the hardware and Cisco will provide the software. The car can switch between 3G, 4G, WiFi, and Dedicated Short Range Communication (DSRC) on the go, depending on service quality and cost to the customer. DSRC system is part of the emerging vehicle-to-vehicle (V2V) technology system that allows cars to communicate with each other directly – and autonomously.
A Cisco software router loaded in Continental hardware performs the network switching. The router sends signals first to a Cisco-managed “Connected Car Cloud,” which then relays information to whatever network appears optimal at the moment.
The Cisco on-board software system can seamlessly switch between available 3G, 4G, and other wireless networks based on cost and quality of service preferences. “Connected vehicles are opening up a vast field of opportunities for services to make driving safer, more efficient, and more comfortable,” said Ralf Lenninger, head of innovation and strategy, Continental’s Interior Division. “This is why we are looking at ways to connect the moving vehicle in a highly secure, fast, and reliable way.
The Cisco and Continental proof-of-concept connected car show how auto manufactures can provide the same amount of network security that is available at home (oh NO!) or in the office. Cisco provides one highly secure software gateway that delivers Cisco’s core networking capabilities and optimizes multiple communication links and mobility services to and from the vehicle. Security against cyber attacks will become more important as more vehicles include connected functions.
rb-
I recently covered Ford’s efforts to understand connected cars by studying the commlinks of space-based robots here.
The savings claims seem suspicious to me. The “lower insurance costs” are just cash savings. Oh, yeah Walmart is still in business. What is going to be the costs to the drivers after the insurance companies get their Hadoop big data analytics on the data from the magic boxes they are installing? Will they use the data you provided them to change the rules on your policy to raise your rates? It only takes a small leap to think about what the NSA could do with the data.
Just in case someone at Cisco or Ford or anybody else is reading this, here are some suggestions from Veracode to secure connected cars..
Infographic by Veracode Application Security
Related articles
Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedIn, Facebook, and Twitter. Email the Bach Seat here.
Six Steps to Avoid BYOD Pitfalls
In a recent article on the Forbes CIO Central blog, Dan Woods interviewed Brian Madocks, CEO of PC Helps, a services firm that provides supplemental help desk services for more than 1.6 million end-users. He has been on the front lines as many of its clients have opened up BYOD.
In the article, Forbes offers advice on how IT departments can respond to users who show up at work and declare: “I want an iPad.” The author warns that ignoring the corporate use of personal devices (smartphones, iPad’s and other tablets) leave both end-users and the IT department quite unhappy.
Mr. Madocks says the biggest myth is that allowing personal devices to be used for work-related purposes reduces the support burden. At first, this seems strange. If people use devices they know well, shouldn’t they need less help? Also, if an employee is using an iPhone or iPad, won’t their support questions be handled by AppleCare, Apple’s support arm? Mr. Madocks says no. Consumerization reduces some types of support but generates others. Here’s what happens.
The number of calls about how to use the device may go down. People know how to use their phones, get on the Internet, and use Facebook. But the number of calls about how to get their corporate email, calendar, and contacts working on phones or tablets may go up. With Apple (AAPL) iPhones and iPads and the fragmented Google (GOOG) Android versions out there it’s even more complicated. The PC Helps CEO reports that users can be frustrated when they go to Apple’s Genius Bar, AppleCare, or to Google for Andriod support and find out that they won’t get any help there because the staff doesn’t know how to support your corporate environment or the applications used within it.
With a multitude of personal devices in your workforce, the support burden may increase and your help desk may not be able to keep up with the unique features and aspects of all the devices. Mr. Madocks concludes that no matter how you allow access to the corporate resources the support burden NEVER disappears.
The support experts from the PC Helps brain-trust, developed a playbook for organizations considering a Bring Your Own Device model:
Don’t just say no to “bring your own technology”: The cat is out of the bag. End users are more productive when they have a vote on the tools they use and their support. PC Helps suggests IT show some leadership and help figure out how to get BYOD (PDF) right so that the company is protected and the users are happy. Recognize that consumerization means giving up some control; learn to live with that.
Listen to the end-users: Create an internal customer advisory group to allow end-users to explain what they want and what they don’t. The article says one of the primary drivers of consumerization is the wish to have work and personal content and capabilities on a single device. Craft a draft set of policies and guidelines based on this input.
Research and test your approach: Consider a pilot program before full rollout that includes a mix of key users. Discover the range and types of preferred devices as well as the corporate systems, networks, and applications users will need access to. The blog recommends that you incorporate your findings into the broader rollout plan.
Document and communicate a clear set of policies and guidelines for end-users: Everyone should know what the company policies are for personal devices and where to find them. Explicit review of policies and testing for understanding should be performed from time to time, or as new devices arrive and raise new issues. The policies should set forth:
- Which devices will be supported.
- How to request new/more devices,
- Which apps are authorized,
- Which apps are forbidden,
- How to get approval for new apps,
- What company data is allowed on personal devices,
- How to get support for devices and applications.
The policies should also answer the following questions:
- When a device is no longer used for work or an employee leaves, what are their responsibilities to securely deletion corporate data?
- Where and how will devices be backed up?
- Who is responsible for backup?
- Are lock and password-protection required, and how is it managed?
- Who will provide support?
- What kind of support questions should be directed to device manufacturers?
Plan for a more complex support burden: Allowing personal devices means a world with more devices, which in turn multiplies the knowledge needed from the help desk. There will be more questions on setup, remote access, and use of corporate applications, as well as problems unique to the different devices. There will be more complex support scenarios, such as, how to use Microsoft Office applications on non-PC devices. Be sure you have a support plan and trained people in place.
Don’t rely on device manufacturers for support of your end-users: Manufacturers can handle break/fix and warranty support on products, but they won’t know your corporate policies, processes, nor the core office applications your users work with every day. Apple iPad owners have access to AppleCare and Genius bars, but this is all geared to consumers. AppleCare won’t help with many synchronization issues related to accessing corporate email on the iPad, nor provide urgent support for deadline-related business situations.
End-users may get the run-around, going to the manufacturer and then to their wireless service provider, to your internal help desk, and to peer support for help, wasting time and productivity on something that could be solved in a single call. Devices for corporate use should have corporate support or they will present a risk to IT’s reputation in the organization.
Prepare your help desk for the task: The help desk in a BYOD IT environment is a different type of organization, one that must be able to respond to the unexpected. Mixed device environments require specialization and expertise, as well as ongoing training and skill-building. Your existing help desk staff may need to be retrained, expanded, or supplemented.
In the end, Mr. Madocks reports that the firms PC Helps assists in consumerization don’t regret their decision. “While consumerization creates complexity for support … The company’s workforce is happier and more productive, and the reputation of IT as a supporter of the business is greatly enhanced.” The end result is generally happier users and happier IT, but there are complications.
rb-
It is my experience that most people who push consumer devices into the enterprise, don’t have a plan. They want their iPads, for valid or not so valid reasons. Some staff seemed surprised when they could not print to the enterprise printer on the enterprise network with the iPad they just brought in.
I place a great deal of the blame at the feet of Apple. I have had Apple engineers look me straight in the face and tell me that iPads are consumer devices and not designed for the enterprise and that Apple does not intend to fix it.
They do not use standard protocols and BYOD proponents don’t even know what Bonjour is, let alone the limitations of Bonjour.
http://blogs.forbes.com/ciocentral/2011/02/07/i-want-my-ipad-avoiding-it-consumerization-pitfalls/
Related articles
Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedIn, Facebook, and Twitter. Email the Bach Seat here.
802.11ac Wi-Fi Clears the Way for Collaboration
The emerging gigabit 802.11ac, Wi-Fi standard is the current darling of the hype machine. The standard will be finalized in February 2014. However, that has not stopped manufacturers from shipping 802.11ac routers, access points, and mobile devices. Shortel (SHOR) recently provided their opinion on what this means for your business.
The article points out that more people are using mobile apps and devices. Shortel calculates that a typical worker may have three IP addresses, while digital natives may have up to six IP addresses. These stats suggest that mobility has become a must-have and the author claims that 802.11ac can meet the needs of increasing mobility because 802.11ac is faster, more reliable, and delivers more Wi-Fi capacity. 802.11ac is:
- Faster – 802.11ac is three times faster than 802.11n Wi-Fi. 802.11ac will deliver up to 1.3 Gbps, which is about three times faster than 802.11n. This capacity will be ideal for real-time applications, such as IP voice and streaming video. Faster data throughput means better battery life for mobile devices, too.
- More reliable – 802.11ac is more reliable with less interference. 802.11ac operates at 5 GHz, which is far less crowded than the 2.4 GHz band that by 802.11b/g/n access points — as well as cordless phones, automatic garage door openers, and other home appliances. That means that there’s less interference from other Wi-Fi-enabled devices, which will result in a better user experience.
- Improved throughput. 802.11ac uses multiple antennas for transmitting and receiving RF signals, and that means better data throughput. More specifically, MIMO, or Multiple-Input and Multiple-Output, is key to providing wireless performance that is more switch-like, compared to the shared media nature of 802.11n.
Shortel believes that Gigabit Wi-Fi can be a real asset for unified communications, streaming media, and other bandwidth-hungry apps. They plan to use the greater capacity of 802.11ac to support more devices and more apps. In the workplace, teams want to engage and share without hassle using modern collaboration tools with the devices of their choice creating the need for BYOD.
The newest generation of workers are digital natives, who are more inclined to use videoconferencing for quick chats or to share ideas. In addition, many people use tablets to stream media, and more organizations are turning to streaming media over Wi-Fi for digital signage, training, company meetings, and customer support. And those bandwidth-hungry applications will love the new gigabit Wi-Fi.
Shoretel reassures those that have deployed an 802.11n WLAN recently, you don’t need to be in a hurry to move to 802.11ac. You can be confident in the investment that you made, as the first-generation 802.11ac will offer only incremental benefits over 802.11n. But if you are replacing old Wi-Fi or expanding your wireless LAN or looking to downsize your wired network in favor of wireless, you should weigh the options between 802.11n and the new 802.11ac.
rb-
802.11ac will only get faster, the theoretical max speed of 802.11ac is just shy of 7Gbps, which you will never see in the wild, but don’t be surprised to see link speeds of 2Gbps or more in the next few years. At 2Gbps, you’ll get a transfer rate of 256MB/sec.
To reach such Wi-Fi speeds, chipset and device makers will have to figure out how to make second-generation chipsets with four or more 802.11ac streams in software and hardware. The engineers at Broadcom (BRCM), Qualcomm (QCOM), Marvell (MRVL), and Intel (INTC) are already working on ways to implementing four and eight-stream 802.11ac solutions. A lot of work will need to be done by the chipset and device makers to make sure that advanced features, such as beamforming, comply with the standard and are interoperable with other 802.11ac devices.
In general, then, you can certainly expect some impressive speeds from 802.11ac in situations where you don’t need the performance and reliability of wired GigE. But I do not believe that 802.11ac will replace a wired Gigabit Ethernet network just yet.
What do you think?
Related article
- Cisco Unveils Cloud-Based 802.11ac Access Point (eweek.com)
Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedIn, Facebook, and Twitter. Email the Bach Seat here.