Hedge 178: Defined Trust Transport with Kathleen Nichols

The Internet of Things is still “out there”—operators and individuals are deploying millions of Internet connected devices every year. IoT, however, poses some serious security challenges. Devices can be taken over as botnets for DDoS attacks, attackers can take over appliances, etc. While previous security attempts have all focused on increasing password security and keeping things updated, Kathleen Nichols is working on a new solution—defined trust transport in limited domains.

Join us for this episode of the Hedge with Kathleen to talk about the problems of trusted transport, the work she’s putting in to finding solutions, and potential use cases beyond IoT.


You can find Kathleen at Pollere, LLC, and her slides on DeftT here.

Infrastructure Privacy Live Webinar

I’m teaching a three-hour webinar on infrastructure privacy this coming Friday. From the description—

Privacy is important to every IT professional, including network engineers—but there is very little training oriented towards anyone other than privacy professionals. This training aims to provide a high-level overview of privacy and how privacy impacts network engineers. Information technology professionals are often perceived as “experts” on “all things IT,” and hence are bound to face questions about the importance of privacy, and how individual users can protect their privacy in more public settings.

There is a recording for anyone who registers.

Register here.

Hedge 161: Going Dark with Geoff Huston

Encrypt everything! Now! We don’t often do well with absolutes like this in the engineering world–we tend to focus on “get it down,” and not to think very much about the side effects or unintended consequences. What are the unintended consequences of encrypting all traffic all the time? Geoff Huston joins Tom Ammon and Russ White to discuss the problems with going dark.


Hedge 153: Security Perceptions and Multicloud Roundtable

Tom, Eyvonne, and Russ hang out at the hedge on this episode. The topics of discussion include our perception of security—does the way IT professionals treat security and privacy helpful for those who aren’t involved in the IT world? Do we discourage users from taking security seriously by making it so complex and hard to use? Our second topic is whether multicloud is being oversold for the average network operator.


On the ‘net: Privacy and Networking

The final three posts in my series on privacy for infrastructure engineers is up over at Packet Pushers. While privacy might not seem like a big deal to infrastructure folks, it really is an issue we should all be considering and addressing—if for no other reason than privacy and security are closely related topics. The primary “thing” you’re trying to secure when you think about networking is data—or rather, various forms of privacy.

Focusing on legal defensibility is the wrong way to look at privacy, or rather the wrong end of the stick.

What are some best practices network operators can follow to reduce their risk? The simplest way to think about best practices is to think about user rights and risks at each stage of the data lifecycle.