Week 10 – Aadhaar’s Security Problem

An interesting article popped up on Mashable.com this week about India’s biometric database Aadhaar. The Aadhaar database is India’s method to make up for the lack of birth certificates and other identification of Indian citizens. For many years, according to the article, the majority of people in India did not have birth certificates. To help combat this, the Indian Government designed Aadhaar.

Aadhaar is a biometric database which contains information on 99% of India. This database is used for more than just identification though. The government of India has plans to do away with credit cards, moving to fingerprint based transactions. In addition to being a payment gateway, Aadhaar is also poised to pivot into a digital wallet. India’s citizens will be able to load their health card and driver’s license into an electronic wallet of sorts, removing the need for normal cards.

This sounds great, but the problem is the database has never gone through an assessment or audit process. This, of course, has led to falsified entires into the database. These falsified entries are being used for all types of scams and a complete lack of oversight is leaving the citizens with little to no privacy.

My take – This is why we develop with a security first mindset. Aadhaar is already so big that it will be hard to transition into a more secure platform. If security would have been considered during software development, some of these problems could have been avoided.

Additionally, the government needs to consider routine audits of the database. A risk management strategy would really help the Indian government accelerate their chances of securing Aadhaar. Many identities are at risk if they do not adopt a risk management strategy for this database. A continuous assessment plan should be considered and adopted. This would certainly help with falsified records.

Week 9 – President Trump Fires White House CISO

In a follow-up to my Week 7 post about President Trump using a 5-year old Android phone, he has now decided to fire the CISO that President Obama hired in 2015. TechTarget Senior Reporter, Michael Heller, reports that the President is likely using his private security firm to handle duties until a replacement is hired.

When President Obama hired Cory Louie back in 2015, he wanted to help the White House better understand the risks and threats that they faced. While there was never much publicity about this hire, it is obvious that the former President and his staff felt the need to better protect the White House. I would tend to agree. As stated in my week 7 article, there are no laws dictating what types of technology the President can use, therefore it is easy to see why the President may want a security advisor. It is likely that Louie helped shape the President’s security strategy as well as making recommendations for how the President should use technology.

Frankly, if the President Trump’s private security team is allowing him to use a five year old phone, I have to question whether or not they can guide the White House away from security threats. I believe President Obama made the right decision in hiring a CISO for the White House, and am hopeful that President Trump will hire a replacement.

ICMP Redirects Broke the Voice Network – Understanding Traffic Flows

Some time ago Phil Gervasi tweeted about understanding traffic flows and it got me thinking about situations where I did not quite understand how the production network was functioning. Phil’s tweet was more about fault tolerance, but I think it applies to general Network Engineering. If you do not understand how data flows, it becomes very difficult to troubleshoot your network.

Continue reading →

2016 – Goals and Getting Things Done

It is a new year – 2016 is upon us! The blog got a facelift right before the new year and I renewed the SSL certificate a few days late (whoops…’Hey Siri, set a reminder to renew vlan50.com’s cert on 12/28/2016′). A facelift is not worth much if the site does not get updated more often (see Goal #1), so what better way to start than with a 2016 goals post?

Goals for 2016

Goal 1: Post More Often

Quite a generic goal isn’t it? The fact is a lot of things changed for me in 2015 and after starting off on the right track, I stopped posting around April. That was never my intention, time simply slipped away. I spent most of the summer developing four college courses, moved into a project management role in the fall, and then 2016 showed up.

Things have slowed down a bit, or perhaps I have gotten used to the new normal. Either way, in 2016 my goal is simply this – 26 posts by the time I write my 2017 Goals post (not counting this one). My expanded role has offered many writing opportunities and I have every intention of continuing my professional development as an Engineer. With that in mind, I should have ample chances to post quality content.

Goal 2: About That Professional Development

2015 was an interesting year in the Networking space. A lot of press would have you believe it was the year of SDN. I think you could argue that with Cisco’s ACI only having 1,000 customers, perhaps 2015 was a foundational year for SDN.

How does that relate to my professional development? SDN might not be here yet, but network automation is. As a result I plan to sharpen up my programming skills and put them to use, specifically focusing on Python.

There is more than that though. The way I got things done as an Engineer does not scale well with several other Engineers reporting to me. I will work to develop a project management skill set that translates and scales well. I believe in the Lean process and think that kanbans can be used effectively in Operations, just as in Development.

Finally I will be continue my journey down the Cisco Certification trail. Sometimes Engineers (myself included) put a little too much weight in the paper, but I believe Cisco Certifications are still a solid measuring stick for professional development.

So, how do I boil goal two into something measurable – a bulleted list!

  • Brush up those Python skills – build a tool to pull network inventory information
  • Project Management – Develop a style and measure its success
  • Cisco Certification – In the air, but I believe CCNP R&S would be a great goal for 2016.

Goal 3: Contribute More

In 2016 I plan on focusing some efforts in the open source community. Last year I wrote a series of scripts to help migrate from Observium to LibreNMS. That post has been wildly successful and I hope that I can continue to contribute to various open source tools that I use. The networking community is a special one, always willing to help each other and in 2016 I would like to focus a majority of my posts on helping other engineers.

Conclusion

2015 was an interesting year for me. With additional responsibilities and other projects taking a lot of time, I did not post nearly enough. Goal one is simply to rectify that – 26 posts by the time I write the 2017 goals post. Goal two and three will really facilitate the success of #1. Goals are great – they feel nice to set, even better to write about, but success is not defined by writing things down. Success is defined by doing things, 2016 will be the year of ‘getting things done.’