Information Technology

Three Common Problems With SSH-Keychains

Three Common Problems With SSH-Keychains

Part of keeping a secure network is periodically backing up data or system logs, but if you have more than a handful of computers then logging on to each individual workstation can be a hassle.  So what's a lazy (I prefer "efficient") Systems Administrator to do?

Why, automate it through scripts, of course.

Typically, in order to automate retrieving data from multiple workstations, you need to build a script that remotely logs on to each workstation using secure shell, or SSH. Unfortunately, the process of using SSH to access a workstation requires you to authenticate with each workstation, preventing you from automating it without either:

  • Embedding the username and password into your script
  • Disabling authentication completely
  • Manually typing in the username and password each time you run the script

Fortunately, there is an alternative:  SSH-Keychains.  SSH-Keychains utilize Public Key Infrastructure (PKI) to generate a public and private key to authenticate the server and account with each workstation without the use of a normal password.

Creating an SSH-Keychain should be a quick process using the ssh-keygen command and copying the public key (id_dsa.pub) to the ~/.ssh/authorized_keys file, but sometimes the process still hangs up.  So you'll need to troubleshoot the issue using ssh -v to determine why the SSH is failing.  It could fail because:  Destination is not found in the known_hosts, public key failed, or failed keyboard-interactive (configuration file settings).

Sony Pictures and Cyber Warfare

Sony Pictures and Cyber Warfare

On November 25th, Sony Picture Entertainment was hacked by a group calling itself the Guardians of Peace, where millions of records of passwords, social security numbers, e-mails, salaries, and other extremely sensitive information was released to the public.  The exact scope of the data extracted from Sony is hard to fully grasp but, so far, the following information has been released to the public:

  • 47,426 Social Security Numbers
  • 3,000 employee records with salaries, benefits, passports, and contact details
  • 600+ plain text passwords, IP addresses, root certificates and other IT data
  • Financial reports, acquisition strategies, and budgeting forecasts
  • 19,944 e-mails.
  • 4,013,780 anti-piracy take-down notices

And while this is a staggering amount of information to be lost, it's a relatively insignificant event for the vast majority of Americans; yet we find ourselves equating the event to 9/11 and promising swift and equitable retribution on some fairly shaky evidence.

Defense In Depth

Defense In Depth

Security can be an overwhelming topic to get started and as a result, a concept known as Defense in Depth has been making its way across the industry for the last couple of years.  Defense in Depth is an organized and systematic way to ensure that your network is as unattractive to hackers as reasonably possible. Keep in mind that there is no such thing as “unhackable,” so the object of security is to make the costs of attacking your network more than the benefit of doing so without incurring more cost in defense than your network’s security is worth. Defense in Depth does this by breaking the security process down into eight distinct phases.

  • Security Through Obscurity
  • Establishing Identity
  • Encryption and Hashing
  • Hardening your Devices
  • Preventing Intrusion
  • Adhering to Laws
  • Routine Maintenance
  • User Education

These sections are only a snippet of the fifteen pages that I've dedicated to security and privacy in my 140pg book, Understanding IT: Decoding Business and Technology. I've posted this to introduce the concept of Defense in Depth as it relates to the Malware Business Model and as a precursor to Cutting The Cord, Episode Four: Securing Your Network [Episode One and Two]. The topics covered here may be broad strokes, but before a specific technical understanding can be reached, the frameworks have to be established.

Hang on, I'm Saving the Internet

Hang on, I'm Saving the Internet

By now, it's pretty self-evident that I spend a lot of time blogging about issues that could have a direct, negative, impact on the Internet as we know it: SOPA (et al), PRISM, and the new Net Neutrality issues.  To our credit, the collective will of the Internet has been heard to prevent, reform, or significantly alter all of these issues (PRISM is in progress) and Net Neutrality is no different.

Net Neutrality means that Internet service providers may not discriminate between different kinds of content and applications online. It guarantees a level playing field for all Web sites and Internet technologies; but all that could change.

Writing Updates

As many of you may recall, I've been working on a book, Understanding IT: A Guide for Business Leaders, and I had recently decided to publish my graduate thesis under the title Current Trends in Business Intelligence. What you probably haven't known is the progress that I've made on these projects.

Understanding IT is a book that aims to give a high-level overview of the Information Technology science, career, and best practices from bus architecture to databases while being specifically targeted towards small business leaders or newly appointed manager over IT assets and personnel.

Current Trends is my graduate thesis outlining how companies have traditionally acquired data, turned it into knowledge, and used that knowledge to make money; why business intelligence has traditionally been a privilege of the silicon valley giants; and why the rise of open source products and MOOCs are making business intelligence more applicable to smaller firms.

I'm about five of ten chapters completed with my rough draft of Understanding IT, and about 1/3 completed with the 30pg thesis that Current Trends represents, so I'm feeling relatively confident that I can have a rough manuscript completed by late April or early May.  After that, I'll hand the manuscripts off to an editor (in this case Gabriel Fitzpatrick), come up with something for the cover art, and do a whole bunch of administrative junk associated with self publishing.

My goal is to be completed sometime around Christmas with a publication date of January 2015!

Peering and Net Neutrality

There's been a lot discussion over the last few weeks after the Federal Communications Commission's "Net Neutrality" regulations were over turned and allegations of throttling for content heavy providers ensued.  These allegations are a lot more complicated than they would first appear, and it's not as simple as "Verizon is throttling Netflix."  In fact, the way that internet traffic is exchanged between multiple internet service providers (ISP), like Sprint and Verizon, is a bit complicated under a concept known as peering which is explained by the Electronic Frontier Foundation below:

 

Connections between web service providers, web sites, and ISPs depend on agreements to exchange Internet traffic with each other, or “peering” links. Operators of backbone and web services make peering agreements with ISPs about how to exchange Internet traffic so that data can be carried efficiently from one part of the Internet to another.

 

Mitch Wagner explains how this works with a little less jargon:

 

Two networks of comparable size will exchange traffic for free if each is sending roughly the same amount of traffic to the other. However, when the relationship is disproportionate, the network that sends significantly more traffic will often write a check to the receiving network to cover the costs. It's kind of like if everybody is going to a potluck dinner. If everybody brings the same amount of food that they eat, that's OK. But if one person habitually eats more than he brings, everybody else might ask that person to pay some money just to keep everything fair.

 

Peering agreements were traditionally handled at the ISP level (Comcast and Sprint, for example) where ISPs would agree what, if any, fiscal compensation was required to level the data transfer requirements, and typically these negotiations are transparent to the customer.  However, as Cogent and Sprint users might remember from 2008, they can spiral out of control enough to cause traffic outages.  Furthermore, ISPs have been known to withhold critical infrastructure upgrades to gain leverage in peering negotiations to the detriment of their consumers.

  

However, for all of the faults that we've seen as a result of peering, it has been overwhelmingly in our benefit.  Take Africa and South America for example; these continents are notorious for ISPs competing with one another and refusing to peer. As a result, the internet connectivity in these regions is astonishingly poor (maps).  So for all of the negative publicity that peering has gotten over the last month, it's worth remembering that it has ushered in a new era of high speed connectivity and globalization.

 

So what does this have to do with Netflix?  The prolific Comcast and Netflix deal signifies a shift from ISP - ISP peering to ISP - Product peering agreements.  Some pundits stipulate that this could signal a downward spiral of internet innovation as the ISP market increasingly collapses to a smaller number of superpowers where the peering burden is increasingly placed on the product owners.  While this is absolutely a possibility, we still have a few more steps before internet innovation is harmed.

  

Most notable among these steps is to prevent anti-trust abuses of ISPs and to ensure that while barriers to entry remain high, they are not artificially fabricated by the oligarchy of ISP superpowers. Unfortunately, this can be a little tricky to navigate as ISPs and city governments have a history of shady courtship prior to installing new infrastructure.  Similarly, as we've seen in politics at the federal level, lobbyists of superpowers can be difficult to ignore, making the free market more difficult to maintain.

  

So where does that leave your average consumer?

  

Potentially screwed.  The free market only operates at equilibrium if everyone acts in their own self interests.  If you are waiting for legislation to force companies to act in your self interest, you are going to be sorely disappointed. So if you find yourself giving your business to a company that isn't furthering your own interests (be it Wal-Mart, Verizon, or General Motors), change companies!



Why It's Not About Privacy

Why It's Not About Privacy

I've faced some opposition recently based on my views that the Electronic Frontier Foundation did a disservice to their constituents by focusing so much of their efforts on privacy, rather than data ownership.  With that in mind, I pose two ethical scenarios to help illustrate my (and the Guardian's) point that solving the data ownership debate will solve far more than just the privacy debate.

Our laws are focused on data collection, but the existence of data is not the concern; it’s the usage and sharing of data.  In today’s interconnected world, individuals are no longer as concerned about what a given company knows about them, but how it’s used and with whom that information is shared.  These are issues that cannot be solved when we limit the scope of our conversation to privacy, but must be evaluated in the larger discussion of establishing ethical data ownership legislation.

Understanding IT, an Introduction for Business Leaders

I've been toying with the idea of writing a professional book for the better part of three years now, and after some thought, I've decided to pursue this endeavor between the completion of my Graduate Certificate (May 2014) and the starting of my Masters in Business Administration (August 2017).  I've already acquired about 3/4 of the notes required, by virtue of my obsessive note taking throughout my academic and professional career, but this will still be a rather large undertaking.

The book's premise will be a survey of the Information Technology field as a whole, from the component level all the way to the business analytics and "big data" level.  As far as I can tell, there are no books that explain the concepts, technologies, and histories of these fields in plain English, without a lot of fluff, and without costing an arm and a leg.

I'll be writing more about this as time goes on, so be on the look out for references to "The Book" (which has not been named).  In the mean time, have a teaser into the layout:

 

  1. Building the Computer
  2. Understanding the Operating System
  3. Programs and Languages
  4. File Systems
  5. Network Theory
  6. Configuring Your Network
  7. Maintaining Your Domain
  8. Certifying Your Administrators
  9. Web Servers
  10. Databases

 

 

This will likely evolve over time, but I think this layout is a pretty good starting point.  One thing I want to do with this, since it is going to be a self-published, digital copy only, book is to include a lot of inline references that will point back to an appendix in which there will be an annotated bibliography of everything I used to create this book.  

The reasoning behind this is that this book will be covering such a large amount of information that I will be leaving a lot of stuff out.  For example, while I intend to cover the basic history and evolution of Windows, Mac, Linux, and Unix, I cannot cover every detail; nor would I want to.  The compromise here would be that a reader who wants to know more about the history of Linux, simply needs to click the link in the paragraph(s) talking about Linux, be shuttled to the back of the book, and write down the references associated with Linux.

I hope to have it ready to edit before I start my MBA, in which case, I would hope to have it published by 2015.

Oh Look, Another "Cybersecurity" Bill

Oh Look, Another "Cybersecurity" Bill

Back in March, I posted a detailed post about PICP/SOPA and Lamar following a massive outcry of netizens across the world.  At first, it would have appeared that boycott lead by Google, Reddit, and Wikipedia was successful.  However, the ruling party simply does not seem to want to give up.  Don't worry though, we're not alone.  Some other countries have similar laws on the table; among them are the obvious choices (Korea, Iran, etc).  However, what may surprise you  also The United Kingdom

" The British government is about to unveil proposals to block the Internet for copyright enforcement purposes. The confirmation came in a Parliamentary debate yesterday on Intellectual Property, in which pro-copyright MPs had a little ‘chit-chat’ about the allegedly ‘anti-copyright’ government, and indicated their desire for the activation of the Digital Economy Act"