Tuesday, January 24, 2012

I’ll tell you what I want, what I really, really want from a Cloud Provider


If you want my business, you better make it fast
Self-service: 7x24 add, remove, change resources, workloads, and connectivity
Elastic: scale up or down automatically within the limits I set
Available: stand up to hurricanes, DDOS, and replication storms. Your mistakes should never be my problem.
If you want my data, you better make it secure
Auditing: network and management
Network – I need to audit and or inspect all the traffic between my systems. This includes but is not limited to traffic between users, systems, and applications even where they share the same physical host and virtual switch.
Management – I need to see all management events that may impact the security or configuration of my systems. This includes but is not limited to privileged access to my systems or data through the hypervisor or cloud management APIs.
Control: policy and assurance
Policy – I need to express and apply security policies via a method that is both human understandable and translatable into a machine-interpreted language.
Assurance – I need to know when an event or incident occurs that violates a policy and I need a method for testing that controls exist and are effective for enforcing my policies.
Metrics: continuous and interoperable
Continuous – Per our agreed standards of measurement I must be able to quantify the security attributes of my system. This may include but is not limited to measurements for: vulnerability, configuration, performance, incident detection, incident response, and incident containment.
Interoperable – All security relevant data and events must be available in a documented machine-readable format. It should either comply with standards such as Cyberscope and SCAP or my preferred GR&C system.
If you want my money, you better not ask for much
Value – Not just cheaper than if I do it myself. Your services should give my organization new capabilities to meet our objectives. These capabilities could include user experience, logistic support, and accessibility …
No lock-in – I should be able to easily move my data and workloads back inside my enterprise or to one of your competitors.

Thursday, January 19, 2012

Tell me again where these devices are made?

I’ve been “upgrading” my home infrastructure:

Seagate GoFlex Network Storage
Netgear WNDR3800
(other stuff)

All my toys run linux, so imagine my surprise when this starts showing in my logs:
[LAN access from remote] from 210.51.17.227:40986 to 192.168.35.119:22, Thursday, January 19,2012 16:56:47
[LAN access from remote] from 210.51.17.227:39316 to 192.168.35.119:22, Thursday, January 19,2012 16:56:36
[LAN access from remote] from 210.51.17.227:37023 to 192.168.35.119:22, Thursday, January 19,2012 16:56:32
[LAN access from remote] from 210.51.17.227:34192 to 192.168.35.119:22, Thursday, January 19,2012 16:56:28
[LAN access from remote] from 210.51.17.227:50809 to 192.168.35.119:22, Thursday, January 19,2012 16:56:21
[LAN access from remote] from 210.51.17.227:47558 to 192.168.35.119:22, Thursday, January 19,2012 16:56:16
[LAN access from remote] from 210.51.17.227:44530 to 192.168.35.119:22, Thursday, January 19,2012 16:56:11
[LAN access from remote] from 210.51.17.227:42159 to 192.168.35.119:22, Thursday, January 19,2012 16:56:07
[LAN access from remote] from 210.51.17.227:39236 to 192.168.35.119:22, Thursday, January 19,2012 16:56:02
(repeat about 500 times)

whois 210.51.17.227?
Answer someone inside a /16 registered to Beijing Tongtai IDC of China Netcom.

Turns out my Seagate device was advertising port 22 via upnp and my Netgear was helpfully port mapping it to the Internet.

Go figure.