Last updated: 
3 months 2 weeks ago
Blog Manager
One of Jisc’s activities is to monitor and, where possible, influence regulatory developments that affect us and our customer universities, colleges and schools as operators of large computer networks. Since Janet and its customer networks are classified by Ofcom as private networks, postings here are likely to concentrate on the regulation of those networks. Postings here are, to the best of our knowledge, accurate on the date they are made, but may well become out of date or unreliable at unpredictable times thereafter. Before taking action that may have legal consequences, you should talk to your own lawyers. NEW: To help navigate the many posts on the General Data Protection Regulation, I've classified them as most relevant to developing a GDPR compliance process, GDPR's effect on specific topics, or how the GDPR is being developed. Or you can just use my free GDPR project plan.

Group administrators:

Things that Go Bump in the Night

Thursday, July 11, 2019 - 10:21

Apparently Miranda Mowbray had been wanting to do a talk on "Things that Go Bump in the Night" for some time, and it made an excellent closing keynote for the 2019 FIRST conference in Edinburgh (recording now available on YouTube). Although "things" may increasingly need an Internet connection to operate, there are significant differences between them and end-user devices such as PCs, laptops and phones that defenders can use to their advantage.

First, the range of communications required by a "thing" should be much narrower than a general-purpose computing device. Both the protocols and destinations involved in its traffic should be easier to enumerate. Whereas networks of end-user devices may be too troublesome to do more than alert on unexpected traffic, for networks connecting things the precautionary principle of "block unknown traffic until we understand it" probably can, and should, still apply.

Where traffic is allowed, similar things (unlike similar PCs) ought to behave similarly. An unusual pattern of behaviour by a single thing – especially if that behaviour then spreads to nearby things – is probably a sign of trouble. Bumps in the night are, indeed, worth listening for: configuration changes and administrative access should happen during working hours.

But the most extreme oddities may well be mis-configurations, rather than hostile action. Two atmospheric dust sensors showed very similar peaks suggesting, perhaps, a passing dustcart. Except that their reported positions were continents apart: Boston, Massachusetts and Antarctica. After some thought it was realised that an owner swapping Latitude and Longitude was the most likely cause of this particular long-leggity beastie!