This page links to resources that might be interesting or useful during class. It’s not an assignment and nothing here is required reading. But as we move through the week, I’ll post links related to class topics, assignments, and other interesting nuggets.

Monday December 1

  • What do you know about Cloudflare? They are one of the (mostly) hidden heroes of the modern internet, and are critical to the smooth functioning of many services you and small banks use every day. But last week they had a big problem, one a a few lately. How well does that article explain what happened?

  • You may find the story of Claude Shannon interesting. His work made modern data communications possible. If you prefer your history in movie form, there is a cute short documentary about him. You needn’t watch the whole thing (it’s on Amazon Prime if you want to), but you might find at least the trailer interesting. The flaming trumpet and AI mouse are just bonus material. And where do you think Anthropic got the name for their AI? (If you’re on an FDIC or State computer, that last link may be broken, sorry. We’ll talk about why in class…)

  • If you’re bored by history, that’s a shame, but just know that Claude S is the guy who figured out that we should use bits to process, store, and communicate information. It might seem obvious now, but it was quite revolutionary in 1948. There – now you don’t need to watch a tedious historical documentary! How do you think Shannon’s work influenced how banks operate today?

  • Remember that great horrible day in October 2021 when all of Meta’s properties (meaning Facebook/Insta/WhatsApp/etc) disappeared from the internet for about 6 hours? This is why that happened. The article is pretty detailed, and you probably won’t grok it all quite yet, but a quick scan might give you some ideas. By the time we’re through with class, you’ll know enough to understand most of it. What if it had not been Meta, but a Core Banking Service Provider who had suffered this fate? Could that happen?

  • Here’s the homepage of my little ISP in Northern Vermont: Mansfield Community Fiber. Is there any risk in a small bank using a startup ISP like this, and not, say, AT&T, Verizon, or Comcast?

  • A crazy story of AI Deepfaking being used for fraud by faking the voices and presences of executives. The worker who transferred the money “put aside his early doubts after the video call because other people in attendance had looked and sounded just like colleagues he recognized.” Whoa.

Tuesday December 2

  • Gah, sorry, I forgot about T-Mobile at the end of class on Monday! Remember that there are basically only three MNOs (Mobile Network Operators) in the US - Verizon, AT&T, and T-Mobile. All the other “Cellular providers” are actually not MNOs but MVNOs (Mobile Virtual Network Operators) who use the networks of the big three. Here’s a list of who uses whom. Note that sometimes an MVNO will use more than one MNO because it wants redundancy or extended geographic coverage.

  • Ethernet is usually considered secure because it’s used in controlled physical environments, but sometimes (especially in campus or large building deployments) both ends are not as well-controlled as you’d like. For situations like this there’s MACsec.

  • Cradlepoint (now owned by Ericsson) does lots of stuff, but they got their start making cellular failover devices and services for bank branches and others that need better uptime then they could get from their fixed internet service alone. We saw their devices in at least one of the topologies we looked at yesterday.

  • Don’t forget the very useful What is My IP Address for figuring out your external IP address. How do you find your “internal” IP address?

  • Downdetector is a great way to know if it’s you or them that are having problems.

  • If you’re interested in more detail about how vLANs work, this is a pretty good illustration. Nice little animations too.

  • It seems most important sources seem to agree that hiding your SSID doesn’t do much good. I do get the attraction though.

  • The spy world has all the fun! - Here’s a link to the Stuxnet movie called Zero Days that we discussed (it’s on Amazon Prime). It proves you don’t need network access to get malware into a system if you have USB drives and some creativity. A crazy espionage story, well told.

Wednesday December 3

  • Speaking of the physical layer, I was given this physical site checklist by a student. I think it could be very useful on exams so I pass it along here.

SD-WAN selection exercise, by table number:

  1. Cisco Meraki
  2. Fortinet
  3. SonicWall
  4. Palo Alto
  5. Ubiquiti
  6. Verizon Business

Thursday December 4

  • I might have looked a little harder for this yesterday, but Downdetector is actually quite transparent about their methodology.

  • As we saw in class, here’s the SSL Labs tool that lets you see how secure a bank’s (or anyone’s) website is.

  • Here is a clear and simple article about how TCP does its amazing job.

  • Some companies are so powerful that they can just re-write important protocols and do things their way. That’s what Google did when they developed and began using the QUIC protocol to make up for what they perceived as weaknesses in TCP. If you ever use Google Chrome as your browser, you’ve almost certainly used it.

  • Here are a few books we discussed or that came up during class discussion:

  • We briefly discussed Graphical Traceroute tools, but didn’t have time to play with them much. You can do it yourself with G Suite Tools’ visual traceroute tool. Remember that DNS can be deceptive - as far as I can tell, G Suite has nothing to do with Google!

  • Deflock.me is a crowdsourced effort to document the location of Flock (and other) ALPRs. Given our discussion yesterday about privacy, you might be a bit concerned by this article.

Friday December 5

  • Here’s a list of public DNS servers you can put into you (private) machine or router. There are many improvements to be gained from using one of these over the one supplied by your ISP.

  • If you want to know more about cryptography, I have two books to recommend.

  • Tavis shared this great site that will let you experiment with Hash Algorithms, salts, etc. Tons of fun for those boring nights alone in your SRC room!