This page links to resources that might be interesting or useful during class. It’s not an assignment and nothing here is required reading. But as we move through the week, I’ll post links related to class topics, assignments, and other interesting nuggets.

Monday June 23

  • You may find the story of Claude Shannon interesting. His work made modern data communications possible. If you prefer your history in movie form, there is a cute short documentary about him. You needn’t watch the whole thing (it’s on Amazon Prime if you want to), but you might find at least the trailer interesting. The flaming trumpet and AI mouse are just bonus material. And where do you think Anthropic got the name for their AI? (If you’re on an FDIC or State computer, that last link may be broken, sorry. We’ll talk about why in class…)

  • If you’re bored by history, that’s a shame, but just know that Claude S is the guy who figured out that we should use bits to process, store, and communicate information. It might seem obvious now, but it was quite revolutionary in 1948. There – now you don’t need to watch a tedious historical documentary! How do you think Shannon’s work influenced how banks operate today?

  • Remember that great horrible day in October 2021 when all of Meta’s properties (meaning Facebook/Insta/WhatsApp/etc) disappeared from the internet for about 6 hours? This is why that happened. The article is pretty detailed, and you probably won’t grok it all quite yet, but a quick scan might give you some ideas. By the time we’re through with class, you’ll know enough to understand most of it. What if it had not been Meta, but a Core Banking Service Provider who had suffered this fate? Could that happen?

Tuesday June 24

  • I mentioned that I am involved with a tiny fiber ISP called Mansfield Community Fiber here in Northern Vermont. Broadband to the people!

  • Some companies are so powerful that they can just re-write lots of protocols and do things their way. That’s what Google did when they developed and began using the QUIC protocol to make up for what they perceived as weaknesses in TCP. If you ever use Google Chrome as your browser, you’ve almost certainly used QUIC.

  • Here’s a living document I’ll continue to develop this week, a glossary/risk list for topics in this class. It’s incomplete and kind of lame at this point, it will get better this week. That is, if you help me keep an eye on it and ask good questions for me to answer and add. Don’t forget that there’s also a great FFIEC glossary that - while not super-detailed in IT, does overlap with our topics somewhat.

  • As you can see, one physical layer risk is cable tapping. It’s hard to imagine that being done against a community bank, but hey, never say never! The US did this during the cold war, a crazy story that’s outlined in this fantastic book.

Wednesday June 25

Thursday June 26

  • Here are the questions you developed during the exercise yesterday. I’m a txt kind of guy, so it’s just a .txt file. Not pretty, but easy to copy and paste into whatever format you prefer…

  • If you were paying attention yesterday you heard me mention “Salt Typhoon” and you may have wondered where crazy names like that come from. Gary shared this great article in the chat, and I want to make sure you don’t miss it: How Microsoft names threat actors.

  • Here’s a great short explainer on how TCP does its amazing job. We don’t have time to talk about all the details of TCP, like error correction and flow control, but they are super cool.

  • The Internet Society on how TLS works. It’s a bit old but still largely correct and clear.

  • Cloudflare has a great explainer on Public Key Cryptography and some other crypto things.

  • We talked about business services for network availability that are available from major network providers. Many of these use equipment from Cradlepoint, acquired last year by Ericsson.

  • An article from Webroot on the importance of DNS security, and here’s another pretty good article from Infosec on the same topic.

  • There is a relatively new, more secure version of the DNS protocol called DNSSEC, which is just beginning to see broad deployment. Cloudflare has a great short article on how it works.

  • Cryptography is hard, but it’s less hard when it’s filled with adorable Japanese manga. Check out this Manga Guide to Cryptography, it’s crazy and actually technically pretty deep! Maybe you need a gift for that millenial crypto-geek on your shopping list?

  • As we saw in class, here’s the SSL Labs tool that lets you see how secure a bank’s (or anyone’s) website is.

Friday June 27

Some of the contents of my “daily” folder