Network World: How to reduce cloud costs

The more workloads that you migrate to the cloud, the more difficult it becomes to predict monthly cloud costs. While it is great that you’re only paying for the services you need, trying to parse your monthly bill requires the skills of a CPA, a software engineer, a commodities trader and a sharp eye for the details. There are numerous helpful tools and services to help, and also several reasons to consider using them. You might be in the market to switch to a new provider in order to add features or because you aren’t happy with your provider’s downtime or level of customer support.

You can read my post for Network World here, where I provide details on more than a dozen different offerings. (Cloudorado is shown above.)

Network World: New ways enterprises can use VPNs

The pandemic has accelerated the development of better ways to serve and secure remote workers, which make it a good time to re-examine VPNs. Recently VPNs have received technical boosts with the addition of protocol options that improve functionality far ahead of where they were when first invented. At the same time, new security architectures zero trust network access (ZTNA), secure access service edge (SASE), and security service edge (SSE) are making inroads into what had been the domain of remote-access VPNs.

In my latest post for Network World, I talk about ways that VPNs can complete ZTNA.

Network World: Lessons learned from the Atlassian network outage

Last month, software tools vendor Atlassian suffered a major network outage that lasted two weeks and affected more than 400 of their over 200,000 customers. It is rare that a vendor who has been hit with such a massive and public outage takes the effort to thoughtfully piece together what happened and why, and also provide a roadmap that others can learn from as well.

In a post on their blog last week, they describe their existing IT infrastructure in careful detail, point out the deficiencies in their disaster recovery program, how to fix its shortcomings to prevent future outages, and describe timelines, workflows and ways they intend to improve their processes. I wrote an op/ed for Network World that gleans the four takeaways for network and IT managers.

Avast blog: How to protect your network from a future attack

A new report on how to protect your networks from attack can be a helpful document that covers a lot of different bases within the cybersecurity landscape. The report, Proactive Preparation and Hardening to Protect Against Destructive Attackswas written by several cybersecurity analysts “based on front-line expertise with helping organizations prepare, contain, eradicate, and recover from potentially destructive threat actors and incidents,” in the words of the authors.

It contains hundreds of tips for protecting Windows deployments, including command-line strings, adjusting various group policy parameters, and other very practical tips that could indicate potential compromised systems.

I summarize a few of the more important ones in my blog post for Avast.

The evolution of internet faxing

Almost 30 years ago, two computer geeks – Marshall Rose and Carl Malamud — put together the first wide-scale attempt at sending faxes over the internet. In the beginning, it was fairly modest, with service reaching a few select cities in the USA and Canberra Australia. The two geeks were fans of the campy 1960’s movie “The President’s Analyst” which was why they named their venture TPC.INT. If you haven’t ever seen a .INT domain name, here is a list of them according to Wikipedia, they are websites for various international organizations. In true Rose/Malamud fashion, they wrote a series of internet RFCs (here is one) to document how the thing worked. (Here is a short history of TPC.INT domain and here is a collection of the first set of faxes they received at their launch.) It relied on a series of volunteers who would have internet-connected computers that would connect to a standard phone line and make local fax calls (this was before long distance VOIP lines were common, let alone cell phones) and make a call to an actual fax machine. The duo called TPC “an experiment in remote printing” because that was the concept: sending a document to a fax-based “printer” that was located at some other place in the world.

While TPC was getting together, PC component vendors were building in fax modems as part of their overall modem electronics. For those of you that think a modem is what connects you to the internet through your cable or DSL provider, back in the dial-up days we had modems that plugged into ordinary analog phone lines. One of the first successes was add-in board from Intel that was called SatisFAXtion. This allowed you to fax directly from your DOS applications. Here is a box shot of the adapter.

Anyway, those early experiments brought about an entire service industry that is now dominated by the likes of eFax and jFax. While TPC was just for sending faxes via email (and later via a web browser), these services have expanded to also receiving them (via a fax-to-email interface) and using a variety of modalities, including your mobile phone, cloud storage and dedicated clients.

Along the way, I wrote a few articles for businesses that wanted to use these services, such as “Faxing on the Go” in 1999 for Computerworld and another column for PC World about their basics in 2009. For years I maintained a table comparing services on my website, but given that there are so many places to find more in-depth reviews of these services (including PC Magazine, Tom’s Hardware, and NYTimes’ Wirecutter, just to name three), I gave up trying to keep the table current. If you are looking for an internet fax provider take a look at the Tom’s review. If you scroll down, they will help you frame your decision (do you need multiple inbound fax numbers, custom cover pages, searchable archives, and so forth). The two services that I currently use are eFax (I got on board their free service and still have a working inbound fax number) and FaxZero (which is great for the once-in-a-blue-moon frequency that I need to send faxes). The three review sites have their favorites based on various criteria.

Why was I thinking about internet fax? Last week I was opening a new IRA account. I began with a simple online application, then I needed to send in some documents to the bank. My delivery choices were as follows:

  • A secure file upload web portal
  • Sending regular postal mail with my check (not a good idea, given the state of the USPS these days)
  • Sending an overnight letter (to a different address than above, of course)
  • Or sending a fax.

If I used the portal or fax, I would need to talk to a bank representative to provide my existing bank account that they could use to collect the funds. I chose the portal. The experience was far from seamless, which is more a matter of why fax continues to this day. It seems when I have to deal with a bank, an insurance company, or a doctor’s office, all of them still use faxes.

Certainly, we have come a long way since those early days when fax machines used special paper that would fade in strong sunlight. And while there are a number of ways to securely send files (as I wrote about recently for The Verge here), sending a fax is still a lot easier.

Network Solutions blog: How Microsoft Teams Enhancements Protect Collaboration

As remote working has increased in popularity, better collaboration tools have become more of a necessity. Microsoft has been paying attention to this trend of course and recently announced numerous enhancements to its Teams platform. Teams has been around for more than a year and combines chat and instant messaging with video conferencing. Most of its newest features are only available on the latest version of its Windows desktop app that was released at the end of July: the web browser and Mac versions are not yet at feature parity.

If you think of Teams as just being a mind-meld between Slack and Webex, you would be underestimating what Microsoft is trying to do with this software. And with the latest update, Microsoft aims to make Teams more of the connective tissue that will bring together its various Office applications, as well as a platform that can enable better collaboration among office workers. This post for Network Solutions’ blog goes into the details.

 

Network Solutions blog: Tools and tips for best practices for WFH network printing

Now that more of us are working from home (WFH), one of the key technologies that can cause problems is surprisingly our networked printers. Hackers target these devices frequently, which is why many IT departments have taken steps to prevent home laptops from connecting to them. In my latest blog post for Network Solutions, I suggest several strategies to help you understand the potential threats and be able to print from home securely, including what IT managers can do to manage them better and what users can do to avoid common security issues.

Network Solutions blog: How to sell your spare IP address block

For the past 27 years, I have owned a class C or /16 block of IPv4 addresses. I don’t recall what prompted me back then to apply for my block: I didn’t really have any way to run a network online, and the Internet was just catching on at the time. The transaction took moments with the exchange of a couple of emails, and there was no cost to obtain the block. 

Earlier this year I was reminded that I still owned this block and that I could sell it and make some quick cash. What was interesting is that in all the years I had the block I had never really used it for anything. I had never set up any computers using any of the 256 IP addresses associated with it. In used car terms, it was in mint condition. Virgin cyberspace territory. So began my journey into the used marketplace that began just before the start of the new year. I document some of this journey in a blog post for Network Solutions. I tell the story about what I learned and what I would do differently knowing what I know now. You can see that block transfers have become a thing from this graph.

I also wrote an eBook for them based on this experience if you want to learn more about the address block aftermarket. And in this more personal post,Beware that it isn’t easy or quick money by any means. It will take a lot of work and a lot of your time.

The evolution of the network protocol sniffer

Last month I caught this news item about Microsoft building in a new command-line feature that is commonly called a network protocol sniffer. It is now freely available in Windows 10 and the post documents how to use it. Let’s talk about the evolution of the sniffer and how we come to this present-day development.

If we turn back the clock to the middle 1980s, there was a company called Network General that made the first Sniffer Network Analyzer. The company was founded by Len Shustek and Harry Saal. It went through a series of corporate acquisitions, spin outs and now its IP is owned by NetScout Systems.

The Sniffer was the first machine you could put on a network and trace what packets were being transmitted. It was a custom-built luggable PC that was typical of the “portable” PCs of that era — it weighed about 30 pounds and had a tiny screen by today’s standards. It cost more than $10,000 to purchase, but then you needed to be trained how to use it. You would connect the Sniffer to your network, record the traffic into its hard drives, and then spend hours figuring out what was going on across your network. (Here is a typical information-dense display.) Decoding all the protocols and tracking down the individual endpoints and what they were doing was part art, part science, and a great deal of learning about the various different layers of the network and understanding how applications worked. Many times Sniffer analysts would find bugs in these applications, or in implementations of particular protocols, or fix thorny network configuration issues.

My first brush with the Sniffer was in 1988 when I was an editor at PC Week (now eWeek). Barry Gerber and I were working on one of the first “network topology shootouts” where we pit a network of PCs running on three different wiring schemes against each other. In addition to Ethernet there was also Token Ring (an IBM standard) and Arcnet. We took over one of the networked classrooms at UCLA during spring break and hooked everything up to a Novell network file server that ran the tests. We needed a Sniffer because we had to ensure that we were doing the tests properly and make sure it was a fair contest.

Ethernet ended up wining the shootout, but we did find implementation bugs in the Novell Token Ring drivers. Eventually Ethernet became ubiquitous and today you use it every time you bring up a Wifi connection on your laptop or phone.

Since the early Sniffer days, protocol analysis has moved into the open source realm and WireShark is now the standard application software tool used. It doesn’t require a great deal of training, although you still need to know your seven layer network protocol model. I have used Sniffers on several occasions doing product reviews, and one time helped to debug a particularly thorny network problem for an office of the American Red Cross. We tracked the problem to a faulty network card in one user’s PC which was just flaky enough to operate correctly most of the time.

Today, sniffers can be found in a number of hacking tools, as this article in ComputerWorld documents. And now inside of WIndows 10 itself. How about that?

I asked Saal what he thought about the Microsoft Windows sniffer feature. “It is now almost 35 years since its creation. Seeing that some similar functionality is now hard wired into the guts of Windows 10 is amusing. Microsoft makes a first class Windows GUI tool, NetMon, available for free and of course there is WireShark. Why Microsoft would invest design, programming and test resources into creating a text-based command line tool is beyond me. What unfilled need does it satisfy? Regardless, more is better, so I say good luck to Redmond and the future of Windows.”

So you wanna buy a used IP address block?

For the past 27 years, I have owned a class C block of IPv4 addresses. I don’t recall what prompted me back then to apply to Jon Postel for my block: I didn’t really have any way to run a network online, and back then the Internet was just catching on. Postel had the unique position to personally attend to the care and growth of the Internet.

Earlier this year I got a call from the editor of the Internet Protocol Journal asking me to write about the used address marketplace, and I remembered that I still owned this block. Not only would he pay me to write the article, but I could make some quick cash by selling my block.

It was a good block, perhaps a perfect block: in all the time that I owned it, I had never set up any computers using any of the 256 IP addresses associated with it. In used car terms, it was in mint condition. Virgin cyberspace territory. So began my journey into the used marketplace that began just before the start of the new year.

If you want to know more about the historical context about how addresses were assigned back in those early days and how they are done today, you’ll have to wait for my article to come out. If you don’t understand the difference between IPv4 and IPv6, you probably just want to skip this column. But for those of you that want to know more, let me give you a couple of pointers, just in case you want to do this yourself or for your company. Beware that it isn’t easy or quick money by any means. It will take a lot of work and a lot of your time.

First you will want to acquaint yourself with getting your ownership documents in order. In my case, I was fortunate that I had old corporate tax returns that documented that I owned the business that was on the ownership records since the 1990s. It also helped that I was the same person that was communicating with the regional Internet registry ARIN that was responsible for the block now. Then I had to transfer the ownership to my current corporation (yes, you have to be a business and fortunately for me I have had my own sub-S corps to handle this) before I could then sell the block to any potential buyer or renter. This was a very cumbersome process, and I get why: ARIN wants to ensure that I am not some address scammer, and that they are selling legitimate goods. But during the entire process my existing point of contact on my block, someone who wasn’t ever part of my business yet listed on my record from the 1990s, was never contacted about his legitimacy. I found that curious.

That brings up my next point which is whether to rent or to sell a block outright. It isn’t like deciding on a buying or leasing a car. In that marketplace, there are some generally accepted guidelines as to which way to go. But in the used IP address marketplace, you are pretty much on your own. If you are a buyer, how long do you need the new block – days, months, or forever? Can you migrate your legacy equipment to use IPv6 addresses eventually (in which cases you probably won’t need the used v4 addresses very long) or do you have legacy equipment that has to remain running on IPv4 for the foreseeable future?

If you want to dispose of a block that you own, do you want to make some cash for this year’s balance sheet, or are you looking for a steady income stream for the future? What makes this complicated is trying to have a discussion with your CFO how this will work, and I doubt that many CFOs understand the various subtleties about IP address assignments. So be prepared for a lot of education here.

Part of the choice of whether to rent or buy should be based on the size of the block involved. Some brokers specialize in larger blocks, some won’t sell or lease anything less than a /24 for example. “If you are selling a large block (say a /16 or larger) you would need to use a broker who can be an effective intermediary with the larger buyers,” said Geoff Huston, who has written extensively on the used IP address marketplace.

Why use a broker? When you think about this, it makes sense. I mean, I have bought and sold many houses — all of which were done with real estate brokers. You want someone that both buyer and seller can trust, that can referee and resolve issues, and (eventually) close the deal. Having this mediator can also help in the escrow of funds while the transfer is completed — like a title company. Also the broker can work with the regional registry staff and help prepare all the supporting ownership documentation. They do charge a commission, which can vary from several hundred to several thousand dollars, depending on the size of the block and other circumstances. One big difference between IP address and real estate brokers is that you don’t know what the fees are before you select the broker – which prevents you from shopping based on price.

So now I had to find an address broker. ARIN has this list of brokers who have registered with them. They show 29 different brokers, along with contact names and phone numbers and the date that the broker registered with ARIN. Note this is not their recommendation for the reputation of any of these businesses. There is no vetting of whether they are still in business, or whether they are conducting themselves in any honorable fashion. As the old saying goes, on the Internet, no one knows if you could become a dog.

Vetting a broker could easily be the subject of another column (and indeed, I take some effort in my upcoming article for IPJ to go into these details). The problem is that there are no rules, no overall supervision and no general agreement on what constitutes block quality or condition. IPv4MarketGroup has a list of questions to ask a potential broker, including if they will only represent one side of the transaction (most handle both buyer and seller) and if they have appropriate legal and insurance coverage. I found that a useful starting point.

I picked Hilco’s IPv4.Global brokerage to sell my block. They came recommended and I liked that they listed all their auctions right from their home page, so you could spot pricing trends easily. For example, last month other /24 blocks were selling for $20-24 per IP address. Rental prices varied from 20 cents to US$1.20 per month per address, which means at best a two-year payback when rentals are compared to sales and at worst a ten-year payback. I decided to sell my block at $23 per address: I wanted the cash and didn’t like the idea of being a landlord of my block any more than I liked being a physical landlord of an apartment that I once owned. It took several weeks to sell my block and about ten weeks overall from when I first began the process to when I finally got the funds wired to my bank account from the sale.

If all that seems like a lot of work to you, then perhaps you just want to steer clear of the used marketplace for now. But if you like the challenge of doing the research, you could be a hero at your company for taking this task on.