Another week of being a Human in IT Infrastructure. Are you still alive to talk about it? 
View this email in your browser
IN THIS WEEK'S ISSUE: Acceptable Losses; Your New Job; Your Internet Privacy Is Worth This Much. Please remember to enable the images; the magazine looks a lot better that way!
Table of Contents
(aka The Project Plan)

Issue Number 53

 

03/30/2017

 
The "Rhymin' and Stealin'" issue. 
 

Thought For The Week:

I'll be watching you.

1. Cybercrime Of $450B Is A Totally Acceptable Loss

by Greg Ferro


Cybercrime costs the global economy $450 billion, according to this hypetastic article from Hiscox (a company that sells cybercrime insurance no less).
 
In 2016 "cybercrime cost the global economy over $450 billion, over 2 billion personal records were stolen and in the U.S. alone over 100 million Americans had their medical records stolen," Steve Langan, chief executive at Hiscox Insurance, told CNBC.

Scary? NOT AT ALL.

The size of the global economy according to the CIA World Fact Book is $75.73 trillion. Cybercrime is just a 0.57% loss overall. That's well within the limit of acceptable losses.

 

Reality Check


Here's some data points on current IT security spending:
Cybersecurity Ventures predicts global spending on cybersecurity products and services will exceed $1 trillion cumulatively over the next five years, from 2017 to 2021. Source: Cybersecurity Ventures - The Cybersecurity Market Report (Link)
So they claim around $200 billion per year over five years. If that's ramping up at 10%, let's say it's $120 billion in 2017.

By contrast, IDC pegs cybersecurity spending at around $80 billion:
According to IDC's analysis, worldwide revenues for cyber-security related services, software and hardware will come in at $73.6 billion in 2016 and will grow at a compound annual growth rate (CAGR) of 8.3 percent through 2020. IDC noted that the CAGR for cyber-security is faster than the overall rate of IT spending growth. Source: EWeek - Global Cyber-security Spending to Top $100B by 2020: IDC (Link)
Let's split the difference and call it $100 billion of IT security spending. So what about insurance spending that would offset the risk of 'cyberthreats'?
Last year, the insurance industry took in $2.5 billion in premiums on policies to protect companies from losses resulting from hacks. That was up from around $2 billion a year before, and less than $1 billion two years before that. Source: Fortune - Lloyd's CEO: Cyber attacks cost companies $400 billion every year (Link)

The EtherealMind View

  1. Assume the numbers are grossly inflated to make headlines and create free marketing.
  2. Let's go with a cost of $250 billion to the global economy.
  3. Out of the $75 trillion total in the global economy, $250 billion in 'cybercrime' losses (gods, that's an awful term) are less than 0.2%. That's not even a rounding error.

Conclusions

  1. Companies spent about $100 billion on security in 2017 while people stole at least $250 billion.
  2. IT Security isn't financially significant.
  3. Losses to cybercrime are 2.5 times greater than the cost of protection. That's not winning.
  4. The losses are acceptable, as proven by the low uptake of cybercrime insurance.

Lloyd's CEO: Cyber attacks cost companies $400 billion every year - Fortune.com

The World Factbook - Central Intelligence Agency

Cybercrime costs the global economy $450 billion: CEO - Yahoo Finance

Global State of Information Security® Survey 2017 - PwC

Sponsor: Interop ITX

 

Where Tech Pros Go For Objective Full Stack IT Education


Interop ITX takes place May 15-19 at the MGM in Las Vegas. Join Greg Ferro and Ethan Banks for The Future of Networking Summit – a two-day session where we’ll take a deep dive into next-generation developments in wide area networks, data center networking, network operations, and software-defined security.

Register for Interop ITX and attend other hands-on workshops like The Future of Data, Container Crash Course, Dark Reading Cyber Security Summit and the Open Source IT Summit. The event’s Conference tracks focus on Security, DevOps, Cloud, Infrastructure, Data & Analytics – all the technologies you need for a successful Full Stack IT strategy. If you’re looking to accelerate your career, there are also plenty of sessions on leadership and professional development. Plus, check out over 100 vendors at Interop ITX’s Business Hall where you’ll have an opportunity to meet with leading and emerging tech vendors.

Join us at Interop ITX this May. Use promo code: PACKETPUSHERS when you register, and you’ll receive 20% off any pass.

We want to see you in Vegas, so visit interopitx.com and reserve your spot today.

2. Your New Network

by Ethan Banks


Congratulations! You landed the new gig. Welcome to your cube. Inhale deeply. That's the smell of your new home. I hope it's not too musty. And hey, if you're working from home and it still smells musty, that's on you.

Now. To work. You've got a new network to get a handle on. You're the shiny, happy network engineer they hired, after all. Time to start earning your keep. How then do you go about gaining control over your new network?

 

Discover


You'll spend the first couple of weeks or so on discovery. As you go through this process, be sure to trust only what you see for yourself. Don't believe your well-meaning colleagues who will tell you about this switch or that firewall. Maybe they know. Maybe they don't. Take all of the information down as interesting, but don't believe any of it. Information people give you is, at best, potential facts. At worst, they are gross distortions of reality.

Along the way, you'll likely find a folder with diagrams. These are all lies. Most likely, those diagrams reflected reality from some engineer's point of view at some time in the past. By the time you lay your eyes on them, they are almost assuredly fiction. That's not to say historical network diagrams aren't helpful. You can reap IP addresses, VLANs, interconnects, and so on that are worth checking out. More potential facts, you see.

You'll convert potential facts into actual facts using CLI-fu, LLDP/CDP recon, STP root finding, routing neighbor tables, and some careful SNMP queries. From there, you can move onto the next phase of gaining control over your new network.

 

Evaluate


With a handle on the network as it actually is, you can develop a sense of horror at what has been revealed. The horrifying things you've discovered need to be documented and prioritized. For example, you might end up with a list as follows.
 

Single Points of Failure

  • Only one copper cable connecting entire QA environment to core.
  • Secondary sup engine has failed on core switch 2.
  • Link between campus building 2 & 3 is down, triangle is just a V.

Security Problems

  • SNMP community strings left at defaults.
  • VLAN 1 is neither used nor pruned.
  • NMS user/pass of admin/admin is used by entire IT department.
  • No RBAC for routers & switches.

Suboptimal Issues

  • Bogus routing path between core 1 and campus switch 2 via WAN router.
  • STP root for VLAN 221 converged on edge closet switch in floor 3. Why is that a transit?? SIGH.
  • Closet switch in Redwood building keeps losing OSPF adjacency at ~2pm every day for 3 minutes. Why?

And so on. Know your enemy. Once you do, you can move into the next phase.
 

Seek & Destroy

Now that you know what's bad, you can work on making it right. Some of the things you discover are likely to be significant business risks. Many single points of failure are this way. You need to sit with your manager, explain your findings with the potential risk, and recommend a course of action to rectify the situation.

You might want to go for the low-hanging fruit first—the things you can fix with little or no disruption to the business. Bigger changes requiring a significant change window can be tough to get as a new staff member. If you can notch some small wins to demonstrate your ability, you'll earn the confidence of management. That confidence is the foundation for approval of more significant changes you might desire to make later.

Consider that you aren't doing massive re-design in this phase. You're fixing what's critically broken, ensuring that the network functions in a trustworthy fashion, and addressing the most egregious business risks. In other words, you're making the best of what you've got.

After you've sorted out all the things on your network that are keeping you up at night, you can relax. At least a little bit.

 

Maintain & Tweak

A network that isn't undergoing constant repair or upgrades is being maintained. In this phase, you can work on all the things that you don't have time to get to during major projects. This includes checking those things that you tend to ignore.

Here, you can make your tools work for you. Perhaps you would develop a script that polls interfaces on key switches for Ethernet errors and mails you a report. You could dig deep into the alerting capabilities of your NMS, and make sure it's telling you everything you need it to. You might define standard configuration templates, and make sure all gear is compliant. How about getting those pesky interface descriptions up to date?

In the maintain & tweak phase, you'll be doing a lot of clean up and perfecting work. As you do that, you'll also be learning the business better. You'll discover where the network is working well for the business, and where it isn't. When you find the operational problems, you'll be ready for the next phase.

Rearchitect

Before making significant design changes, you'll have needed to get through the first four phases first. You'll need a solid network that's stable, predictable, and well understood before you start knocking down walls and busting out windows.

Network changes are (or at least should be) driven by business needs. Changes might be as simple as needing a few more ports in the data center to handle a few more servers inbound. Changes might be a radical as a completely redesigned Internet edge to bring in capacity and redundancy.

When you get to the "change" phase, you've gotten a solid handle on the business and how it leverages the network. You've also developed a good relationship with your co-workers as well as management. Therefore, recommending nice-to-have changes and specifying need-to-have changes comes from a position of confident knowledge and human relationships.

And now that you've come this far, it's not your new network anymore. It's your old network. Your friend. In some ways you hate to admit, your family. But even so, maybe it's time to find another new network. Somewhere fresh you can stamp with your expertise. Maybe. Just maybe.

Sponsor: Viptela

 

Join Viptela and the Packet Pushers at Centrifuge!

If you're attending Interop ITX in Las Vegas, you're invited to join Viptela, the Packet Pushers, and your networking peers for live event with food, drink, and great conversation.

Bring your questions, challenges, and future projections to discuss, and get an opportunity to learn about the latest in SD-WAN from network architects and engineers. And don't forget to say to 'Hi' to Greg Ferro and Ethan Banks from the Packet Pushers.

Register here and we'll see you in Vegas!

When: Monday, May 15, 6:30 pm
Where: Centrifuge MGM

3. How Much Is Your Internet Privacy Worth? Here's How Much

by Drew Conry-Murray


The United States Senate and the House of Representatives have voted to overturn FCC regulations that would have required ISPs and mobile broadband providers to get their customers’ consent before selling customer information to third parties.

If President Trump signs the legislation, the rules will officially be killed. According to a story by Jon Brodkin at Ars Technica, a White House statement indicates the President is likely to sign.

As you might imagine, many people were outraged about this turn of events. (Some political action before the votes rather than outrage after would have served everyone better, but here we are.)

In fact, at least two people decided that when it comes to Internet privacy, turnabout is fair play. They’ve launched GoFundMe projects to raise money to buy and publish legislators’ Web browsing information:

Search Internet History
Buy Congress' Data

I don't know if these efforts are 1) legitimate 2) legal or 3) feasible, but as this newsletter was going to press, they'd raised more than $215,000 combined.

Meanwhile, The Verge followed the money. The site posted an article that lists each senator and representative who voted to undo the privacy rules, and the donations those congresspeople have received from the telecommunications industry in their most recent elections.

Some of the biggest winners in the Senate include
  • Kentucky’s Mitch McConnel: $251,110
  • South Dakota’s John Thune: $215,000
  • Missouri’s Roy Blunt: $185,550
  • Mississippi’s Roger Wicker: $151,800
  • My own PA senator Pat Toomey: $143,456

Other senators were much cheaper. John Kennedy from Louisiana priced your Internet privacy at a mere thousand bucks. That's quite a bargain.
Join the Datanauts on their mission to bust silos and explore the latest developments in cloud, convergence, data centers, and more. Sign up free here.
Network Break is a weekly podcast that delivers news & analysis on the networking industry in a fun, fast-paced style. Subscribe here!

Internets Of Interest 

A collection of pre-loved links that might interest you. "Pre-loved" because I liked them enough to put into this newsletter. It's not true love. 

By Greg Ferro and Drew Conry-Murray

Learn Programming or Perish(?)


Matt Oswalt dives into the debate on whether network engineers need to become programmers. His post sets out some points he raised in a recent Packet Pushers podcast on the same subject. You should read the whole post, but I'll risk summarizing it in a couple of points.

First, network engineers should learn to write and maintain scripts. Second, don't confuse vendor certifications with an understanding of fundamental networking concepts. Certs can get you in the door, but a deep knowledge of fundamentals will enable you to solve problems and get creative.

 
"If painters learned like the network industry wants us to learn, then art schools would only teach how to replicate the Mona Lisa."

Will Elon Musk Save Us From Artificial Intelligence?


Vanity Fair has a compelling story on an intramural debate among Silicon Valley billionaires and computer researchers on whether AI will usher in a new era of  prosperity, or be the downfall of the human race. Though light on technical detail, the story pits Elon Musk, an AI sceptic, against folks like Larry Page and Mark Zuckerberg who are racing full speed ahead to develop computer intelligence.

My own opinion is that if and when we get real AI (like porn, AI is hard to define, but you know it when you see it), it will for a short time be a source of wonder and possibility.

And then it will be co-opted for the acquisition of wealth and power, just like everything else.

Corporations In The Age Of Inequality


Speaking of wealth and power, an article in the Harvard Business Review examines how inequality has increased not just among workers, but among corporations as well. Using Google as an example, the author examines the impact of the "winner-take-most" dynamic that has emerged in the technology sector, enabling the most powerful companies to drive up salaries and benefits for a relatively small number of people.
 
"...much of the rise of between-firm inequality, and therefore inequality in general, can be attributed to three factors: the rise of outsourcing, the adoption of IT, and the cumulative effects of winner-take-most competition."
The Weekly Show channel is our one-hour deep dive on networking technology. Subscribe today!
Priority Queue tackles niche and nerdy tech topics and cutting-edge research projects. Subscribe here!

Product News


Find out about interesting new products, or get essential information about things you might already be using.

VMware Kills Off Third-Party vSwitches


VMware is announcing the end of the road for third-party vSwitches, including Cisco's Nexus 1000V. VMware will deprecate, and eventually eliminate, API support for all vSwitches except vSphere Standard and Distributed Switches, and the Open Virtual Switch (OVS).

LINK

Recent Podcasts

The last five podcasts published on Packet Pushers

PacketPushers.net - The Last Five

Watch This!

Where we collect some videos that make us reflect, think about our inner lives, or just entertain us. 
This short, animated sci-fi piece plays like a movie trailer for a Ridley Scott-esque concept.
Can't get enough newsletters? Check out Link Propagation, our newest publication. We send you a free weekly digest with tech news, interesting blogs, and industry announcements, all curated by the Packet Pushers. It's an easy way to keep up and stay informed. Subscribe at packetpushers.net/link-propagation.

Quick Survey: Internet Privacy


Now that Congress has opened the door for ISPs to resell customers' data, will you use a personal VPN?

A. I already use a personal VPN
B. I'll pay for a personal VPN service
C. I'll use a free VPN service
D. I'm not worried about it
E. It doesn't matter what I do. They'll get me somehow


 

Last Issue's Survey Results

Did We Miss Something? 


Got an link or an article to share? Email it to humaninfrastructure@packetpushers.net

The End Bit

Sponsorship and Advertising - Send an email to humaninfrastructure@packetpushers.net for more information. You could reach 1 people. 

Human Infrastructure is bi-weekly newsletter with view, perspectives, and opinions. It is edited and published by Greg Ferro and Drew Conry-Murray from PacketPushers.net. If you'd like to contribute, email Drew at drew.conrymurray@packetpushers.net.

We don't give away your email address or personal details because that would suck. 

Copyright © 2017 Packet Pushers Interactive LLC, All rights reserved.


unsubscribe from this list    update subscription preferences