Cyber Observer – a powerful security dashboard that reminded me of an earlier time

The other day I received a note in LinkedIn from an individual I worked with back in EDS. He mentioned a company he is currently working for that is focused on security. Since security needs to be at the top of the list of concerns at all levels of organizations today, I thought I’d take a deeper look.

The software is called Cyber Observer (they have a fairly effective marketing overview movie on their site). Though this solution is focused on enterprise security monitoring, it reminded me of the data center monitoring programs that came out in the late 80s and 90s that provided status dashboards and information focused on reducing time to action for system events. CA Unicenter was one that was popular.

Back in the late 80s I had system administration leadership over the largest VAX data center that GM had. We had hundreds of VAXen, PDPs and HP 1000s of all sizes scattered over nine or ten plants. Keeping them all running required some significant insight into what was going on at a moments notice.

Fortunately, today folks can use the cloud for many of the types of systems we had to monitor, and the hardware monitoring is outsourced to the cloud providers. Plant floor systems are still an area that need to be monitored.

One of the issues we had keeping hundreds of machines running was that the flood of minor issues being logged and reported can easily lead to ‘alert fatigue’. Those responsible can loose the big picture (chicken little syndrome). Back then, we put a DECTalk in our admin area, when something really serious happened, it yelled at us until it was fixed. We thought that was pretty advanced for its time.

I asked how Cyber Observer handled this information overload concern. Since the software is primarily targeted at leaders/executives — we all know the attention span of most managers for technical issues. I also asked about a proactive (use of honeypots) vs. a reactive approach for the software. Now that both soft (HoneyD among others) and hard honeypots (Canary) are relatively easy to access, they should be part of any large organizations approach to security.

He explained that the alert and dashboarding system was very tunable at both the organizational and individual level.

Although it has more of a dashboard approach to sharing the information, details are available to show ‘why’ the concern reached the appropriate level.

An example he gave me was (for example) a new domain administrator being added in Active Directory. The score next to account management domain would go down and show red. When the user drills down, the alert would state that a new domain admin was added. The score in the system would be reduced and eventually the system baseline would adjust to the change although the score would remain lower. The administrative user would have to manually change the threshold or remove the new domain admin (if it is rogue or unapproved). Only then would the score would go back to its previous number (if no other events took place). Some threshold tolerances come preset out of the box based on expected values (for example if the NAC is in protect mode and not in alert mode, or if the Active Directory password complexity is turned-on — these scores are preset). Some thresholds are organizationally dependent and the user needs to set the proper thresholds as with the number of domain admins.

He also mentioned that if the system was connected to a honeypot that its information monitored the level of concern based on the shift of ‘background radiation’ was possible.

I don’t know much about this market and who the competitors are, but the software looked like a powerful tool that can be added to take latency out of the organizational response to this critical area. As machine learning techniques improve, the capabilities in this space should increase, recognizing anomalies more effectively over time. I was also not able to dig into the IoT capabilities that is a whole other level of information flow and concern.

The organization has a blog covering their efforts, but I would have expected more content since their hasn’t been a post this year.

Advertisements

Another update to QSOSender 3

Back in June of 2018, I wrote a post about releasing an update to QSOSender3 — an application for #Android that simulates ham radio QSOs using Morse code, by generating random QSOs based on a QSO grammer definition.

I had some negative comments about the user interface, so very small Android devices, so I’ve released a new version of QSOSender3 that I hope addresses the problems.

The user interface now looks like:

New interface pix

with much smaller memory buttons and a smaller margin around the outside that I hope will handle anything larger than an Android watch.

I can’t imaging what else the users of the program may want, but people keep sending in requests so I try to address them.

Comparing antenna installations using digital modes

In the previous post, I described the stealth antenna I was using. Here is a bit of background on techniques to understand how well it is working and compare performance against other hams.

I’ve been operating the last several months on 40, 30, 20, 15 and 12 meters — just casual operating with no contests but Field Day. I’ve also made a few dozen contacts on 80 meters and even tuned the antenna up on 160, just to see if the antenna will work. The following is a graph showing the distribution of confirmed contacts between May and November 2018.

Distribution of contacts by band

With the sun spot cycle in the doldrums, I’ve only made a few contacts on 10 meters, but in all cases the tuner allows me to get a 1:1 SWR ratio. I have been able to have QSLs confirmed in 60 countries in LoTW with just casual operating. This apparent success did make me want to look into how well it was doing against other ham’s installations.

At the time of my first random length stealth antenna, I didn’t have the advantage of FT8 and the ability for a more direct comparison of performance to other stations near me. One great thing about WXJT-X (the current program supporting FT8) is that you can do a quantitative comparison of the received performance, if both stations log the stations you hear into PSKReporter.

When set up correctly, WSJT-X will log the stations you’ve heard into the PSKReporter site. You can also look at the stations tracking what they have heard into PSKReporter to see who has heard your QSOs. It just happens automatically behind the scenes.

Using this information, you and your neighboring hams can compare the stations heard, on any single band or multiple bands. You and your buddies just need to agree on a time and band and then operate or passively monitor for a defined duration. You can compare what each of you heard, by entering each of your station’s call sign into the PSKReporter website and generate a report. Armed with this data, you’ll now have a definitive comparison of your antenna performance against the guy who said, “It will never work.” 

The same can be done using your transmissions and seeing who has heard you, all over the world, at any time in the past.

Screenshot of stations who heard me 20 hours ago (when I was operating)

Like many aspects of the hobby, you learn a lot about what’s possible by experimenting and taking the road less travelled.

A stealthy antenna for houses with radiant barrier

I haven’t written a post in a while, so I thought I’d write a couple about the amateur radio activities I’ve been up to recently.

Like many hams, I live in a location where the Home Owners Association (HOA) forbids antennas. In fact, my last three houses have been in areas with these restrictions. Getting around those limitations of visibility, cost and spousal acceptance have always been viewed as a personal challenge. To pile on another layer of constraint, my current and previous house also had radiant barrier installed. Radiant barrier makes the house more energy efficient, while at the same time provides my own personal Faraday cage — even cell phone signals can barely penetrate the electro-magnetic mote that surrounds my house.

In talking with other hams in the area about antenna options, they said that I would need to run a tuned wire to a tree or install a sly flag pole vertical or perform some other stealthy magic to make the electrons wire-walk their way into the heavens. Being a ham, I wasn’t deterred and decided to experiment and find out for myself other options that work.

I wondered, how a random length wire would perform if I just laid it on the roof shingles and used an automatic antenna tuner outside the house, to make the coax and my rig happy. A few hams told me “That will never work.” or “You may get it to tune up, but you’ll never talk with anyone.” Never to be slowed down by the harsh reality laid in front of me by others, I charged forward undaunted. My philosophy is: any antenna is better than no antenna. So, I grabbed my ladder, coax, some wire and climbed skyward.

The roof of my house has a ridge vent which looked like the ideal place for the coax to reach the outside. The house itself is a wood frame building. Fortunately, the RG-8X lying around the shack was almost the exact same diameter as the gap in the ridge vent. I snaked the antenna wire down into the house, all the way to ‘the shack’. When I built the house, I had enough foresight to install a ‘tech tube’ from a wall box up to the attic, so the process of getting the wire to the shack was relatively straight forward.

The next critical component was the automatic antenna tuner (in my case an MFJ-993BRT). I had a ridge line on a dormer of the house that is ideal for the tuner to straddle and provide stability.

The dormer also provided camouflage to make the tuner impossible to see from the street (see figure below). All it took was some galvanized flashing material, some screws from the local hardware store, a bit of planning, sealer and labor and my tuner was firmly ensconced on the roof away from prying eyes.

The next component was the wire itself. I selected a stealthy 22 gage black wire – I was never going to run more than 100 watts, so that wire gage should be sufficient. Yes, you can carefully do the math and cut the wire to a resonate length but the interaction with the underlying roof shielding will likely render those calculations moot. I was also going to use the antenna on multiple bands, so a random length perspective will have to do. I went with the traditional adage of “more is better” and ran the wire along the roof crest to the edge and then down the side of the roof – hot gluing the wire to the shingles all along the way, when needed. I live in a hurricane prone area, so anything I can do to keep the wire from flopping around is a worthwhile investment. In total, the “active element” is more than 70 feet long. I also attached a counterpoise to the appropriate connecter on the antenna tuner.

The counterpoise was only about 20 feet long, running along a gable of the house. I was careful to not have either wire run alongside the coax going into the house.

Once the installation was complete, I scurried down the ladder full of anticipation. I made it to the shack, plugged everything in and fired up the radio for my first QSO. Back in 2010, I lived in Texas and primarily ran PSK.  The first 3 stations I worked were in South American, on 20 meters. I declared: “Good enough, I am not touching it.” That installation functioned well for about 6 years, providing thousands of contacts.

Like many things in life though, change happens. In 2018, I moved to South Carolina. Since the previous antenna worked so well, I thought I’d create a similar configuration here. This time I have a slightly smaller house, but one that is a bit taller.

Currently, I have an ICOM 7600 as my main radio and I typically run around 35 watts for digital modes. I’ve been operating the last seven months on 40, 30, 20, 15 and 12 meters. I’ve also made a few dozen contacts on 80 meters and even tuned the antenna up on 160 just to see if it will work. My next post will go into a bit more about how it performs and how to compare antenna performance using FT8

Installing an AT&T Microcell

Ever since I moved, the wireless coverage in my home has been abysmal. It may be the tech shield or just the signal strength down here in South Carolina, but whatever it was I finally couldn’t tolerate it anymore.  As I told my kids growing up, if you are going to complain about it — you might as well do something about it. I was missing more calls than I was getting!

I decided to install an AT&T Microcell. These are essentially a small cellphone tower for my home. I got the old 3G model:

AT&T Microcell from CISCO

Since my cell is usually connected to WiFi when I am at home a 3G connection should be good enough. Also they were not that expensive on Ebay.

Once I got it plugged into power (runs on 12 volts) and connected to the Internet through a  10-base-T cable. It just sat there flashing away, since it needed to be activated. I read through the manual — horror!! That’s the manual for the version I have but the new version manual has a bit better information.

The person who sold it to me didn’t deactivate it (you can deactivate it from the Manage Settings area of the Microcell page), so it took about an hour on the phone with AT&T to get the device started through the activation process. They handled the situations very effectively I thought. Since I’ve done some technical support in my life, I was pretty tollerant.

The Microcell has a built in GPS receiver, so it needs to be close enough to a window… to receive the satellite signal. It will not go through the activation process until it is satisfied it knows where it is — this process can take up to 90 minutes. Yes, it happens every time the device powers up (thought it didn’t seem to take as long the second time). Once the activation completed, AT&T sent me an email, a SMS message and even called me back later in the day.

Well now I have 5 bars throughout my entire house. I am very pleased so far.

Access to the Microcell is limited to cellphones you allow to connect — naturally they also need to be an AT&T number. 

Field Day 2018

IMG_20180623_164854092The Sun City Hilton Head amateur radio group had its annual field day event, consisting of the normal equipment setup, some operations and tear down. We had the usual comradery of a group lunch and discussion of the various new modes and old field day recollections from across the globe. One of the great things of a group with such a diverse experience base has is the range of stories they can tell. That photo shows one of the 4 operating positions we had set up.

The ARRL section representative and his assistance stopped by and stayed for quite a while, adding their stories to our oral anthology.

We had the ‘normal’ issues of operating interference and antenna. I had to dig out an old G5RV, when one of our verticals wouldn’t tune up right. We had this new antenna up and operational in less than 15 minutes. By the time we were done stringing antenna wires between the trees, it looked like a spider had been busy out there. We had three wire antennas and a buddipole working. Not bad since it was in the mid-90s that day.

IMG_20180623_164932197

One thing that surprised me (since I was operating digital modes) was the few number of field day operators across the globe who had not figured out how to operate FT8 for field day – that was frustrating! Hopefully by next year, the minor changes will be made to make the mode work for this event more naturally. Eventually, I switched over to the faithful PSK31 and RTTY. The group operated for a few hours and then packed everything up. 

On Sunday, I operated for a few more hours from home and racked up 100 contacts and was happy with that result.

Since the overall goals were:

  • Emergency preparedness
  • Work as many stations as possible
  • Comradery
  • No one gets hurt (I was the safety officer)

 We can met those objectives and can mark it down as a success.

Field Day 2018 #ARRLFD

2018ARRLFieldDayLogoDOWNLOADJune 23rd- 24th (starting at 2PM Eastern) is the annual Amateur Radio event called Field Day, where radio operators from around North America exercise their emergency response skills. It is also a contest to contact as many stations as possible in 24 hours, following a well defined set of rules for exchanging information. One thing different this year will be the exchange of more detailed geographic information than in the past.

Field Day is also ham radio’s open house, where groups of radio operators come together in a very visible way and interact with the public. Every June, more than 40,000 hams throughout North America set up temporary transmitting stations in public places demonstrating ham radio’s science, skill and service to our communities and nation. It combines public service, emergency preparedness, community outreach, and technical skills all in a single event. Field Day has been an annual event since 1933 and remains the most popular event in ham radio in the Americas.

This year I will be operating with the KE4HAM group at Sun City Hilton Head. We are planning to be running on all battery or generator power and string up a number of temporary antennas. I hope to be operating mainly FT8 (a relatively new digital mode).

You should be able to see a live update on the Internet of both those hearing KE4HAM as well as those I am hearing via PSKReporter.