El tema informático de moda en estos días sin duda ha sido el “hackeo” que ha sufrido la empresa proveedora de software Solarwinds en sus productos, y como no va ser tema de conversación si tiene en vilo a muchos de los gigantes tecnológicos de los Estados Unidos que son usuarios de esta marca.

Este gran agujero en la ciberseguridad cuyo alcance final aún no es conocido así como tampoco se conoce a los autores, ya ha dejado una gran cantidad de afectados como Cisco, Nvidia, Belkin, VMWare o Intel  (El mismo Microsoft lo es).

En el área gubernamental se menciona a la misma CISA como afectada, el DHS, la NNSA o el departamento de energía.

No se sabe a ciencia cierta que sucedió, ya que hasta el día de hoy se siguen descubriendo nuevos detalles e información al respecto.

Expertos en ciberseguridad coinciden en que este ataque fue preparado de una manera minuciosa y cocienzuda hacia los puntos neurálgicos de los sistemas, quedando demostrado lo frágil que son los mecanismos de ciberseguridad y lo inmaduros que estos aún son frentes a las amenazas bien planeadas.

Se menciona que la vía de acceso de los “hackers” fue el sistema Orion de Solarwinds -lo troyanizaron-, sustituyeron una actualización con un “malware” firmado con el sello oficial de Solar. Esto sucede cuando los clientes llevan a cabo el “update” para actualizar sus sistemas -lo cual  sería un proceso normal y común entre los usuarios de esta plataforma-.

Esto no lo hizo ningún novato, fue una mente experta que conoce muy bien el teje y maneje de la plataforma afectada.

El “hackeo” fue en cascada y una de las acciones fue confiscar el dominio utilizado para detener el ataque, pero no es la solución definitiva, es solo un paso para tapar esta gran fuga. Todavía tienen que pasar muchas horas de análisis y de enteder como pudo pasar esto y que nadie de Solarwinds se pudiera dar cuenta de lo que pasaba.

Muchos se preguntarán cual era el objetivo de este ataque y muchos también creerán que era el ataque a entidades privadas y de gobierno que utilizan este software, pero ¿acaso ¿será que el mismo fue dirigido a algo tan intangible como la confianza y la confiabilidad de la infraestructura crítica del mundo a través de un espionaje que insiste en estar haciendo trabajar horas extras a las centrales de inteligencia.? Al final del día solo podemos especular los motivos, pero lo que podemos hacer como empresas es siempre buscar las alternativas como Opmantek que gracias a su sistema basados ​​en LINUX el cual es bien conocido por ser seguro y menos susceptible de recibir este tipo de ataques y si adicionamos que Opmantek cuenta con un diseño de producto robusto y de clase empresarial, tu organización sería un objetivo difícil para los mismos.

What is it?

If you run a network, you’ll be interested in the 95th percentile and what it means for network usage and possible spikes in your network pipe. It is a good number to use for planning network usage.

The 95th percentile is a valuable statistic for measuring data throughput. It represents the maximum traffic generated on an interface and is used to discount transient spikes, making it different from the average.

In general terms, the 95th percentile tells you that 95 per cent of the time your network usage will be below a particular amount. You can use this figure to calculate network billing for metered usage.

What information do you need to collect?

There are three things you’ll need to know to perform a 95th percentile calculation

1. The percentile number. The 95th percentile basically says that 95 per cent of the time your usage is below this number, and the other 5 per cent of the time it exceeds that number.
2. Data points. These are the pieces of data you have collected. In the case of network usage, they would be based on network use for a set period, perhaps a day, a week or a month. The data would be collected regularly, and then collated. The more data points you use, the more certain you can be of your final percentile 95th calculation.
3. Data set size. This is the range of the data point values you have collected over a period of time. Statistically, the greater the size of the data set, the more reliable your calculation will be.

How is it calculated?

Once you have all your data points, it’s fairly easy to calculate the 95th percentile.

Here’s an example that might help to explain it better:

The data points that have been collected for network usage are 3, 2, 5, 1, 4.

The total number of entries K = 5.

To calculate the 95th percentile, multiply the number of entries (K) by 0.95:

0.95 x 5 = 4.75 (let’s call this result N).

Now arrange the data points in ascending order.

The list will now be 1, 2, 3, 4, 5.

By removing all values greater than 4.75 (the highest 5 per cent of the data), you can see that the next highest remaining value is the 95th percentile, which in this case is 4.

This means that you would expect 95 per cent of all data measurements to fall at or below 4.

Why use it?

The reason the 95th percentile standard measure is so useful in measuring data throughput & network usage is because it provides a very accurate picture of how much it costs. By knowing the highest value of your network’s 95th percentile, it’s easy to identify spikes in usage. If you are billing clients for network usage, it’s common to rely on the 95th percentile as a basis for billing purposes.

For example, if you have a monthly billing period, (and you have used data points collected from a monthly usage cycle) the 95th percentile allows a customer to have a short burst in traffic (36 hours or less in this case) without being charged for over-usage. This is known as burstable billing. 

Burstable Billing

Burstable billing is a type of billing method used by cloud computing service providers where customers are charged for a minimum guaranteed level of resources (such as CPU, RAM, or bandwidth) with the option to “burst” beyond that level when needed.

Bursting allows customers to use additional resources beyond their guaranteed minimum without incurring additional charges until a certain limit is reached. This management move can be particularly useful for businesses with fluctuating resource usage patterns.

Additionally, bursting is a cost-effective solution for cloud computing service providers, allowing customers to pay for a minimum level of resources and only pay for additional resources when needed. This approach provides businesses with flexibility and can help them manage their IT budgets more effectively by avoiding unexpected expenses.

Bursting allows customers to easily scale their resources up or down as needed without worrying about cost implications, making it an attractive option for businesses with variable workloads.

Understanding Network Bandwidth Metering

Although 95th percentile bandwidth metering is a critical component of capacity planning, it’s not the only thing to consider. When projecting bandwidth consumption, it’s essential to understand your network’s performance goals, which can be influenced by existing performance, requirements, and budgets. While it may seem straightforward, every network is unique and requires a different approach. However, some fundamental considerations can be useful in most cases.

Here are seven key factors to consider when planning for network bandwidth:

1. Physical network design

When planning for network bandwidth, considering the physical network design is crucial. This involves understanding the physical infrastructure, layout and locations of devices like switches, routers, and servers, which can be visualized with a network map and device inventory. Identifying potential bottlenecks, prioritizing upgrades or replacements, and optimizing device placement can improve network capacity and reduce latency.

2. Logical network design

To plan for network bandwidth, consider both physical and logical network design to optimize traffic flows and identify potential bottlenecks. Analyzing logical data flow through traffic analysis tools helps to identify the most traffic-generating devices, protocols, and applications, and rerouting traffic from overutilized to underutilized links can improve network performance.

3. Current network performance

Bandwidth metering is critical for network capacity planning, and the 95th percentile is an important metric to consider. It helps to identify peak usage by measuring the fair amount of bandwidth used during the highest 5% of traffic intervals. Baseline metrics such as latency, jitter, packet errors, and packet loss are also crucial for projecting future bandwidth utilization and identifying congestion. High latency and jitter can affect real-time applications, while packet errors and packet loss indicate network issues that need to be addressed by upgrading hardware, rerouting traffic flows, or implementing QoS policies.

4. Types of network traffic

Not all network traffic is created equal, and understanding the different types of traffic on your network is essential for effective capacity planning. By analyzing the types of traffic and their respective importance levels, you can prioritize your efforts towards optimizing the network for the most critical traffic. For example, if your network has a lot of VoIP traffic, it is important to ensure low latency and minimal packet loss to avoid call drops or poor call quality. On the other hand, if email traffic dominates your network, ensuring high bandwidth and low latency might be less critical. Therefore, by having a detailed understanding of the types of traffic on your network, you can optimize your resources and efforts towards the most important areas.

5. SLAs and performance requirements

Service Level Agreements (SLAs) are critical for ensuring that your network meets the needs of your end-users or clients. When planning for network capacity, it is essential to quantify SLAs and other performance requirements to ensure that the network can support the necessary levels of performance. By having a clear understanding of these requirements, you can design the network to meet the specific needs of your users and clients.

Even if you don’t have predefined SLAs with external parties, it’s still important to establish minimum requirements to ensure that your organization’s needs are met. These minimum requirements can serve as a baseline for network performance and help ensure that all stakeholders are on the same page when issues arise. For example, you might establish minimum bandwidth and latency requirements to ensure that your network can support critical applications without performance degradation. Overall, establishing clear performance requirements is essential for effective capacity planning and ensuring that your network meets the needs of your organization.

6. Reducing user pains to boost productivity

When planning for network bandwidth, it’s important to consider the experience of the end-users. After all, the network’s purpose is to enable their productivity. Identifying and resolving any major pain points is critical to ensure that users can perform their tasks efficiently. For example, if teleconferences are experiencing regular connectivity issues, this could be a major pain point for users. Identifying the cause of the issue, such as server backup schedules, can help resolve the issue and boost productivity without any hardware changes.

7. Expected growth

It is crucial to consider expected growth or changes in network utilization over time. This estimation should include factors like the addition of new users or devices, changes in network traffic patterns, and new applications or services that will require network resources. By factoring in expected growth, you can ensure that your network will have enough capacity to support future needs and avoid potential bottlenecks or performance issues. It is important to include a cushion for this growth in the planning stages to account for any unexpected changes or surges in network usage.

By considering these factors, you can better plan for your network’s bandwidth needs, enabling you to optimize network performance, productivity, and end-user experience.

Conclusion

The 95th percentile is an important metric for measuring network usage and planning network capacity. It is used to calculate network billing for metered usage and allows for burstable billing, which is useful for businesses with fluctuating resource usage patterns. Understanding network bandwidth metering is crucial for capacity planning, and considering factors such as physical and logical network design, current network performance, and future growth projections can help optimize network performance and reduce latency. The 95th percentile provides an accurate picture of network usage and helps identify spikes in usage, making it a critical component of network capacity planning.

As at October 2020, we have released a new version of Open-AudIT using version 4.0.0.

Why the major version bump?

Well our underlying build infrastructure and libraries have changed in an incompatible way.

This new version is not able to be installed with older Opmantek applications that are designed to talk to NMIS8, hence the major version number increase to 4.0.0.

Wait – my applications won’t work, what?

Unfortunately this is a breaking change. If you are using other Opmantek applications on the same server, you will need to upgrade them all at the same time, including upgrading to NMIS9.

New License Required (perpetual license only)

A new license will be required if you have a perpetual license. Subscription licenses are unaffected. Contact Opmantek if you require a new license.

Application wise, what has changed for me?

Not much really. Most of the changes are behind the scenes. Having said that, there are a few minor front end changes, as detailed in the Release Notes for Open-AudIT v4.0.0.

We have disabled Open-AudIT – NMIS integration for the moment. This is one component that we have to rework in order to be compatible. This is coming ASAP. We have implemented the ability to import and export to and from NMIS as below (all available using the GUI, see Manage → Devices → Import from NMIS). What we don’t have is the ability to sync between NMIS and Open-AudIT.

Community

Auto Import from NMIS 8 using locally loaded and parsed Nodes.nmis (Linux only) and also uploading a Nodes.nmis file (Windows and Linux).
Auto Import from NMIS 9 on Linux using the local command line (Linux only).
Manual export to NMIS 8 – you select the devices and it’ll give you a CSV and instructions to import. (Windows and Linux).

Professional / Enterprise

Auto Import from NMIS 8 using locally loaded and parsed Nodes.nmis (Linux only).
Auto Import from NMIS 9 on Linux using the local command line (Linux only).

Should I upgrade?

No, but maybe you should migrate. That will depend on if you are using NMIS on the same machine (hence Windows users will be unaffected). If you’re not using NMIS (or any other Opmantek applications) on the same server, migrate away! If you are using NMIS on the same server as Open-AudIT, to get to version 4.0.0 you will need to be running NMIS9 and any associated and migrated Opmantek products (opCharts, opReports, et al). If you migrate any Opmantek applications for NMIS9, you will need to migrate them all. We do encourage users to migrate to version 4.x as soon as you can (bearing in mind the NMIS9 requirements).

How do I migrate (and why is this different to an upgrade)?

Our installer will not allow you to upgrade from 3.x to 4.x on Linux. This is in part because when you change to 4.x, you must uplift all other Opmantek applications and we want to make sure you knowingly choose to do so. So, how do you do this? It’s actually very easy. Stop the OMKD daemon, move the /usr/local/omk folder out of the way, and start the 4.x installer. NOTE – If you have NMIS 8 installed, but only Open-AudIT, DO NOT UPGRADE, it will break. Again – NMIS 9 only (at least for now).


# Stop the daemon
sudo systemctl stop omkd

# Move the old install out of the way (do *not* delete it)
sudo mv /usr/local/omk /usr/local/omk.old

# Run the installer
sudo ./tmp/OAE-Linux-x86_64-release_4.0.0.run

# Copy the original configuration files back
sudo cp -r /usr/local/omk.old/conf/* /usr/local/omk/conf/

# Convert those original files to JSON
sudo /usr/local/omk/bin/opcommon-cli.exe act=convert_json_dir dir=”/usr/local/omk/conf/”

# Restart the OMKD daemon so it uses the newly converted files
sudo systemctl restart omkd


After doing the above, if Open-AudIT doesn’t acknowledge you have a license, copy the encrypted string from /usr/local/omk.old/conf/opLicense.nmis and paste into the text field at /omk/opLicense (use the Enter a License Key button).

On Windows, there is nothing to do, just run the installer.

What about Windows users?

Windows users are essentially unaffected. Opmantek does not release or support any other products for Windows. Our plan is to get a Windows release out ASAP. This will also be version 4.0.0.

What will happen to us version 3.x users?

We plan to focus development going forward on the 4.x series, so that’s where major new features will be introduced. We won’t completely forget version 3.x users though. Any important bug fixes, minor GUI improvements or security issues will be back-ported.

Is Open-AudIT Community affected?

Basically, no. Professional and Enterprise build their feature sets on top of Community. There have been a couple of very minor changes to Community that don’t affect users (ie, we check and parse an additional config file from Enterprise because that changed). Minor stuff like that. As a result, when you install Professional or Enterprise you will see version 4.0.0 in the title bar, however if you change to the Community GUI you’ll see version 3.5.1. Both the version 4.x and 3.x streams of Professional and Enterprise use the same version of Community (as said, currently 3.5.1). Eventually (when we discontinue support for the 3.x series of Professional / Enterprise) we will increase the Community version to match the 4.x series.