Understanding Neighbor Discovery Protocol

In order to address this issue, we must first have an understanding of why NDP is not more secure.

Neighbor Discovery Protocol, defined by RFC 4861 is the IPv6 replacement for ARP. This newcomer in the protocol world handles not only (OSI) Layer 3 to Layer 2 address mapping, but expands to include router discovery, neighbor presence, redirects, network options (think DHCP options) and stateless auto-configuration. NDP is an absolutely critical protocol on ANY local IPv6 network. This is also, similar to ARP, susceptible to Flooding and Poisoning attacks, due to the fact that NDP cannot easily handle security in most scenarios without affecting it’s dynamic configuration ability.

While it may seem at first look to be a lack of forethought to write a modern protocol that, by default, allows the same exploits as it forerunner, you must take into account the consideration that this protocol is a “first contact protocol” just as it’s predecessor was. Designed for be utilization during the initial configuration of the network interface itself makes it VERY difficult to both support dynamic configuration AND security. IPV6 does, after all, use NDP for the basis of auto-configuration.

Hardening NDP is a topic that is WELL beyond the scope of this post. If you are adventurous or experimental by nature and would like to try it out, the NSA has an IPv6 focused supplement to it’s Router Security Configuration Guide available for download.

Addressing the Issue

Note – NDP Monitoring is a fairly new concept, so not much attention has been spent on the practice by most howto sites yet. NDPmon, however, is looking like one of the applications which we will depend on heavily in the future. Getting used to it’s configuration now is very likely be time very well spent.

Addressing the issue requires us to monitor requests on the network and alert on changes. The optimum method for handling the monitoring process on a switched network is to configure a port on your switch as a monitor port, and installing the monitoring services on a computer connected to that port. If your switching equipment does not support monitor port configuration, then the alternate method would be to install these utilities on as many machines as possible. It is critical that you do not skimp on monitoring saturation as it is impossible to know which computer would be targeted by a spoofing or poisoning attack.

NDPmon is a Sourceforge project, headed by  Frederic Beck – Inria, and is available for a number of Posix Systems. NDPmon uses libpcap to capture and analyze IPv6 traffic for changes. This project is designed to work along with arpwatch, and uses the same alert methods.

Most Linux distributions have a packaged version of ndpmon available, and I recommend using this method if it is there for maintenance purposes. for this, we would simply type (for Debian-based distros):

apt-get install ndpmon

If your distro does not include this package, you can use the instructions on the sourceforge documentation page.

IT is not recommended to use stateless autoconfiguration on the host running ndpmon. If you are not using stateful dhcp/dns, you should manually configure a global address on the host. You are then ready to configure and use ndpmon.

The default configuration file for ndpmon is /etc/ndpmon/config_ndpmon.xml. this is (obviously) an xml config, and is fairly easy to edit using your favorite editor or exim. The defult config_ndpmon.xml will look similar to this:

<?xml version="1.0" encoding="ISO-8859-1"?>
<?xml-stylesheet type="text/xsl" href="config.xsl" ?>
<!DOCTYPE config_ndpmon SYSTEM "/etc/ndpmon/config_ndpmon.dtd">
<config_ndpmon>
<ignor_autoconf>1</ignor_autoconf>
<syslog_facility>LOG_LOCAL1</syslog_facility>
<admin_mail>root@localhost</admin_mail>
<actions_low_pri>
<sendmail>0</sendmail>
<syslog>1</syslog>
<exec_pipe_program>/usr/lib/ndpmon/create_html_table.py</exec_pipe_program>
</actions_low_pri>
<actions_high_pri>
<sendmail>0</sendmail>
<syslog>1</syslog>
<exec_pipe_program>/usr/lib/ndpmon/create_html_table.py</exec_pipe_program>
</actions_high_pri>
<use_reverse_hostlookups>1</use_reverse_hostlookups>
<routers>
<!-- Example of router definition
<router>
<mac>00:11:22:33:44:55</mac>
<lla>fe80:0:0:0:211:22ff:fe33:4455</lla>
<param_curhoplimit>64</param_curhoplimit>
<param_flags_reserved>0</param_flags_reserved>
<param_router_lifetime>10800</param_router_lifetime>
<param_reachable_timer>0</param_reachable_timer>
<param_retrans_timer>0</param_retrans_timer>
<param_mtu>0</param_mtu>
<params_volatile>1</params_volatile>
<prefixes>
<prefix>
<address>2001:db8:1234:5678:0:0:0:0</address>
<mask>64</mask>
<param_flags_reserved>224</param_flags_reserved>
<param_valid_time>2592000</param_valid_time>
<param_preferred_time>604800</param_preferred_time>
</prefix>
</prefixes>
<addresses/>
</router>
-->
</routers>
<!-- Example of countermeasures configuration
(If no configuration is present, all countermeasures will be suppressed.)
<countermeasures>
<kill_illegitimate_router>RESPOND</kill_illegitimate_router>
<kill_wrong_prefix>LAUNCH AFTER 10</kill_wrong_prefix>
<propagate_router_params>CEASE AFTER 10</propagate_router_params>
<indicate_ndpmon_presence>SUPPRESS</indicate_ndpmon_presence>
</countermeasures>
-->
</config_ndpmon>

The first step is to establish a baseline of the network, to do this, we can launch ndpmon in learning mode sig the follow command as root:

ndpmon -L

The -L switch starts the service in learning mode, assuming no network configuration errors and no untrustworthy traffic. It will output items detected to the console in a format similar to this:

root@system:/etc/ndpmon# ndpmon -L
----- Initialization -----
learning phase
Reading configuration file: "/etc/ndpmon/config_ndpmon.xml" ...
    Done.
------------------

----- ND_NEIGHBOR_SOLICIT -----
Reset timer for 0:f:8f:89:48:e0 fe80:0:0:0:20f:8fff:fe89:48e0
------------------

Writing cache...
----- ND_NEIGHBOR_ADVERT -----
Reset timer for 14:da:e9:e0:b7:5a fe80:0:0:0:16da:e9ff:fee0:b75a
------------------

----- ND_NEIGHBOR_SOLICIT -----
Reset timer for 14:da:e9:e0:b7:5a fe80:0:0:0:16da:e9ff:fee0:b75a
------------------

Exiting ndpmon, after some time has passed, will end the sampling phase. As the ndpmon configuration assumed that everything learned during auto-configuration was correct, it would be wise to go back and check the configuration after learning just for sanity’s sake. Let’s look at an example of the changes on a quick monitor:

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE config_ndpmon
SYSTEM "/etc/ndpmon/config_ndpmon.dtd">
<?xml-stylesheet type="text/xsl" href="config.xsl" ?>
<config_ndpmon>
<ignor_autoconf>1</ignor_autoconf>
<syslog_facility>LOG_LOCAL1</syslog_facility>
<admin_mail>root@localhost</admin_mail>
<actions_low_pri>
<sendmail>0</sendmail>
<syslog>1</syslog>
<exec_pipe_program>/usr/lib/ndpmon/create_html_table.py</exec_pipe_program>
</actions_low_pri>
<actions_high_pri>
<sendmail>0</sendmail>
<syslog>1</syslog>
<exec_pipe_program>/usr/lib/ndpmon/create_html_table.py</exec_pipe_program>
</actions_low_pri>
<actions_high_pri>
<sendmail>0</sendmail>
<syslog>1</syslog>
<exec_pipe_program>/usr/lib/ndpmon/create_html_table.py</exec_pipe_program>
</actions_high_pri>
<use_reverse_hostlookups>0</use_reverse_hostlookups>
<routers>
<router>
<mac>0:f:8f:89:48:e0</mac>
<lla>fe80:0:0:0:20f:8fff:fe89:48e0</lla>
<param_curhoplimit>64</param_curhoplimit>
<param_flags_reserved>0</param_flags_reserved>
<param_router_lifetime>1800</param_router_lifetime>
<param_reachable_timer>0</param_reachable_timer>
<param_retrans_timer>0</param_retrans_timer>
<param_mtu>1500</param_mtu>
<params_volatile>1</params_volatile>
<prefixes>
<prefix>
<address>2001:470:e5cb:1:0:0:0:0</address>
<mask>64</mask>
<param_flags_reserved>192</param_flags_reserved>
<param_valid_time>2592000</param_valid_time>
<param_preferred_time>604800</param_preferred_time>
</prefix>
</prefixes>
<addresses/>
</router>
</routers>
<countermeasures>
<kill_illegitimate_router>SUPPRESS</kill_illegitimate_router>
<kill_wrong_prefix>SUPPRESS</kill_wrong_prefix>
<propagate_router_params>SUPPRESS</propagate_router_params>
<indicate_ndpmon_presence>SUPPRESS</indicate_ndpmon_presence>
</countermeasures>
</config_ndpmon>

The basic auto-configuration should get you up and running. Documentation on configuration for this service is sparce, but available. It is worth looking at the  configuration and plugins pages on sourceforge once auto-configuration is complete to review options for configuration.

These steps, as before with ARP monitoring, should get you stated with NDP monitoring. The next step is to configure a Syslog server to simplify the process monitoring the logs themselves. For that step, please refer to my post “Centralize Your System Logging Using Syslog.”

Understanding Address Resolution

In order to address this issue, we must first have an understanding of why ARP is a soft point in security.

Address Resolution Protocol is defined in RFC 826, published in 1982. The protocol is stateless, and was designed using the trust model. While this may seem at first look to be a bad design, you must take into account the consideration that the protocol is a “first contact protocol” in that it is designed to be utilized during the initial configuration of the network interface itself.

The IP Protocol is designed to be a routed protocol and, therefore, works at layer 3 of the OSI Network Model. While this is very effective for routing packets over the internet, local delivery on a subnet requires use of the Data-Link addressing provided by MAC addressed in Ethernet networks. ARP was borrowed from the Ethernet standards and generalized in order to provide a standardized link between Layer 3 IP addresses and various Layer 2 addressing mechanisms.

ARP works by sending a multicast packet with destination address FF:FF:FF:FF:FF:FF requesting an answer for an unmapped IP address. Optimally, the machine which holds the requested address responds with its MAC address, and the initiator places this IP address to MAC address map in its ARP Cache. This map will be set with a timeout to prevent stale entries from building in the table, and to ease maintenance.

A would be intruder can take advantage of this process to replace a destination server, or insert themselves in between for a man in the middle attack. The target machine can be immobilized by flooding it with ARP requests to keep it from responding to the ARP request for a man in the middle attack. It can also be taken off the network to be replaced by a Trojan system by using ARP Poisoning, which sends a continual stream of packets to the target to inform it that the address of the victim machine maps to its own mac address. Referring to these two howto articles will demonstrate just how easy this is to accomplish:

What is ARP Spoofing ? and How to Implement it

Ettercap – ARP Poisoning

Addressing the Issue

Addressing the issue requires us to monitor requests on the network and alert on changes. The optimum method for handling the monitoring process on a switched network is to configure a port on your switch as a monitor port, and installing the monitoring services on a computer connected to that port. If your switching equipment does not support monitor port configuration, then the alternate method would be to install these utilities on as many machines as possible. It is critical that you do not skimp on monitoring saturation as it is impossible to know which computer would be targeted by an address spoofing attack.

Arpwatch was developed by Berkely Labs, and is available for most Posix Systems. Arpwatch uses libpcap to capture and analyze IPv4 arp traffic for changes, which it can report via syslog and email.

Most Linux distributions have a packaged version of arpwatch, and this would be the recommended method of installation. for this, we would simply type (for Debian-based distros):

apt-get install arpwatch

If your distro does not include this package, you can use:

cd /usr/src && wget ftp://ftp.ee.lbl.gov/arpwatch.tar.gz && tar -xvf arpwatch.tar.gz

then cd to the newly created arpwatch directory created and run:

./install-sh

you may need to meet some dependencies in order to complete the installation.

With good network planning, you hopefully have an idea of what servers you are looking to monitor. If you have panned specific address space for these servers, you can limit arp watch to monitor these by editing /etc/arpwatch.conf to include the corrected scope:

eth0 -a -n 192.168.15.0/24 -m admin-mailbox@example.com

I, personally, prefer to forgo the -m mail switch and to just write to Syslog.

These steps should get you stated with ARP monitoring. The next step is to configure a Syslog server to simplify the process monitoring the logs themselves. For that step, please refer to my post “Centralize Your System Logging Using Syslog.”

Syslog Reporting Basics

Syslog, defined by RFC 3164 and RFC 5424, is a unix logging system which has been one of the mainstays of datacenter computing since their origination. This utility/protocol set is simply an effective method of setting custom log level and log location. Beyond that, there is not a tremendous amount of description necessary beyond the switches used in configuration.  Syslog specifies three types of options that can be used when configuring the daemon. understanding each of theses is critical to understanding syslog.

Syslog Utilities

Utilities are processes, applications, or services which are configured to write to syslog. These utilities, while all that are used, were proposed as guidelines for application developers and are not specified on great detail. A given application may not log at the same level as another, depending on how it was written. These utilities are currently supported:

auth - Login/Logout authentication messages
cron - Scheduler Messages and updates
daemon - Resident Daemon service messages
kern - Kernel level messages
lpr - Printer Services Messages
mail - Messages from Mail Services
user - User-initiated processes and applications
local0-local7 - User-defined
syslog - Syslog process status messages
* - All Utilities

Syslog Levels

0 – Emergency (emerg)
1 – Alerts (alert)
2 – Critical (crit)
3 – Errors (err)
4 – Warnings (warn)
5 – Notification (notice)
6 – Information (info)
7 – Debug (debug)
* – All

Note – Most Posix systems expect the recognized short description in configuration files (shown in parenthesis), not the number.

Syslog Actions

Once you have determined what to log and at what level, syslog will need to know where to log it. The options are listed below:

filename - Write the message to the specified file on the local machine – (you CAN specify a tty device here)
@hostname or @ipaddress - Forward the message to the specified remote loghost
user1,user2,… - Write the message to consoles of users named in list, if the user is currently logged-in
* – Write the message to all logged-in users

 Note – Although not listed as an action officially, most Posix syslog apps can also log to a pipe.

Syslog Installation and Configuration

Now that we know the basics, it is time to move on to installation. Syslog is a long time Unix favorite, and is included in pretty much every Posix Operating system. In the case that syslog has not been installed by default, the best option is to use the version included in your install media or repository. In most Linux distributions, the syslog service Daemon is actually named sysklogd. Using my normal Debian example, the install would be as shown below:

apt-get install sysklogd

There is nothing else required for basic installation.

Enable Remote Syslog on the Server

Basic configuration is simple. syslog, by default, only listens locally.  we can change that very easily. we will set syslog to listen to remtoe syslog submissions by editing /etc/init.d/sysklogd . We will need to find the line that reads

SYSLOGD =”"

and change it to read

SYSLOGD=”-rm 0″

For reference, the r enables Remote logging and the m 0 disables the annoying –MARK– messages that are placed in the log by default..

Configuring Linux/Posix Clients

Configuring Remote Syslog Submission on Posix clients is actually very simple. There is only a single file edit on the client to configure the default settings. Syslog uses the following format for configuration files. Note the reminder that convention state that you double tab the whitespace in text config files.

utility.level         action

with that stated, The log settings in the test client are best set initially at everything. We can tune this in the lab later if we want. The simple rule here is that you cannot add it later. By default you should log more liberally on the syslog server until you are confident in what you can filter out. For that, let’s set the default log server settings by adding the following line to  /etc/syslog.conf:

*.*          @log-server-IP-address

The only thing left is to restart syslogd. It is worth noting that BSD requires a Sighup to restart syslog.

Note – While hostname is acceptable for @logserver in the configuration file, it would be wise to log by IP address.

Installing Windows Syslog Clients

Intersect Alliance has an interesting set of utilities, including Snare Agent for Wndows which is a configurable agent or server for syslog data. Configuration for windows logging is beyond the scope of this article, but it seemed worth noting that it is available if you insist on running windows.

Configuring Logging Options on the Server

Configuring the Syslog Server follows the same format as the clients, but in this case we want to expand on the available options. Configuration uses the same utility.level<TAB><TAB>action format.

The log settings in the test client are best set initially at everything. We can tune this in the lab later if we want. The simple rule here is that you cannot add it later. By default you should log more liberally on the syslog server until you are confident in what you can filter out. For that, let’s set the default log server settings by adding the following line to  /etc/syslog.conf:

kern.crit          /var/lor/syslogs/kernel-critical.log
daemon.crit          /var/lor/syslogs/daemon-crit.log
syslog.crit          /var/lor/syslogs/syslog-crit.log
mail,news.=crit          /var/lor/syslogs/mail-err.log
auth.*          /dev/tty1

Make sure to create the logfiles you have specified, if they do not exist already, and chown them (chown 640 is a good choice).

Restart syslogd and test. You should start seeing log data writing to your logs.

Log Rotation

Logrotate handles automation of log rotation to ease management of logs. If your system is not already running logrotate, you will want to install it. There is no discussion there. Logrotate is included in all modern Posix Operating Systems and is install (debian again) simply from the repositories:

apt-get install logrotate

Once installed, configuration is done via the configuration file located in /etc/logrotate.conf and can be completed in a matter of minutes. This is an example of the logrotate.conf file from a default debian install.

# see “man logrotate” for details
# rotate log files weekly
weekly

# keep 4 weeks worth of backlogs
rotate 4

# create new (empty) log files after rotating old ones
create

# uncomment this if you want your log files compressed
#compress

# packages drop log rotation information into this directory
include /etc/logrotate.d

# no packages own wtmp, or btmp — we’ll rotate them here
/var/log/wtmp {
missingok
monthly
create 0664 root utmp
rotate 1
}

/var/log/btmp {
missingok
monthly
create 0660 root utmp
rotate 1
}

# system-specific logs may be configured here

We will want to add entries for your logs to the bottom of this conf file to ease management of the Syslogs, and to extend log retention periods. The additional fields are configured as shown below:

/var/log/syslogs/kernel-crit.log {
  daily
  missingok
  rotate 30
  create 640 root root
}

This can be explained simplest as shown below:

/location/filename {
daily -sets rotation frequency
missingok - specifies that the file should be created if it does not exist
rotate 30 - specifies the number of rotations to keep
compress - specifies that rotated files should be compressed to save space
delaycompress - specifies that the first rotation should not be compressed
create 640 root root - Specifies the permissions that should be set on the logfiles
sharedscripts ——————————————————————————————
/etc/init.d/<service> restart — specifies any script that shoulf be run after rotation
endscript ———————————————————————————————–
}

Note that I have left a few of the common options out of the recommendation. Once you have all of this syslog data, you will probably want to find unique ways to scan it. This will be easier at first if you do not have to uncompress the files first.

Last Recommendations

There are a few parting recommendations for a production Syslog server. These are optional, but will make maintaining the system MUCH easier.

• Create a separate partition for syslog data, and mount it to your log directory (the examples above figure for a mount of /var/log/syslogs)
• Remove ANY unsecure access method. My recommendation would be to limit access to ssh using key-based authentication.
• Once you are comfortable with what you are loggin Consider following up on the syslog server by eliminating uneeded duplicates using utilies.!level<tab><tab>/default/logpath
• Once you are confident that you are logging all you  need from the clients, consider reducing the logs sent over the network using the same rules as the server, replacing the actions with the @IPaddress action. This will reduce unwanted syslog traffic considerably.

Keep in mind that, while a Syslog server will significantly reduce the time spent checking logs, no two sites will use the same Syslog setup. You will need to do some tweaking to get this exactly where you want it.

More and more, it seems, business and IT managers are being told that “Cloud Computing” is the wave of the future. We are being bombarded with salesman who want to explain this “new technology” to us, and show us why putting our applications in the cloud is a great way to improve services and cut cost. There are many critical considerations which are often not being discussed. It often boils down to asking the right questions. Do you know what to ask?

We’ll take a relatively non-technical look at some questions that should help you make a better decision.

“What is cloud computing?” The answer to this question can be boiled down to a very simple explanation, and makes many of the other questions fairly obvious. Traditionally,  a cloud is drawn in a network map or infrastructure diagram to indicate a WAN, or Internet, connection. The idea behind “the cloud” was to find a way to represent a single piece, or entire scope, of equipment and connections that were outside our realm of control (and concern). This is also the definition used by most salespeople. Cloud computing, in this sense, is moving your application, or processing, resources outside the scope of your own management. essentially, you are giving someone else the responsibility of managing you applications or data.

“Is this really something new?” No, it is not. This whole cloud computing buzz is just a new word for several different technologies which have existed for years. “Cloud Computing” is simply a buzz word, and a poor one at that (considering the fact that it is an exceptionally vague term). We have used off-site printing and processing services as long as we have had businesses, and sending large jobs out for processing has existed as long as the Internet has. The salesman always seem to forget that this is nothing new.

“Are you saying that cloud computing is a bad idea?” Actually, there are many cases where moving services “to the cloud” may be a good idea. You may be running applications that require significant processing power, or you could be running from a home office and need a more stable location for certain data or applications. There are numerous individual situations for which cloud computing could be beneficial.

With those answers out of the way, let’s move on to some questions for the salesman…

“Where is my data, and how is it stored?” The answer to this could be surprising. Before you send your data off to someone else, you should know where the data is stored and in what format.

• What format is your data stored in? If your data is stored in a proprietary format, you could incur some substantial costs if you ever decide to move your data somewhere else.
• How is you data stored? Is the physical redundancy of the data, and fail-over on the application server(s)?
• Where are the services physically hosted? Is it in a physically secure data center, or in some small office? The answer to this may not be what you think.
• Who owns the data? This question, while seemingly obvious, can have some surprising stipulations attached to it.

These questions may sound a little like paranoia until you look into the costs necessary to convert data from a proprietary format to an open one. You would also be surprised how many hits you get from doing a Google search for “data center flooded.” There is also a less obvious point in this question. If your data is stored in another location, does a power outage or some other minor catastrophe make your data inaccessible for an unknown period of time? What about a major catastrophe, such as an earthquake or a hurricane? This also leads to the next major question.

“What is the policy on responsibility for data security?” This is another one which can be broken down into several questions, and these ones can be real deal-breakers. Security of your data is critical for the future of your business, and yet these questions are rarely asked. A little time here is very well spent.

• Who is responsible for backing up the data, and where are the backups stored? These backups should be just as secure as the data, and should be off-site. Some companies even leave the responsibility of backing up the data to you.
• Who has access to your data? Is you data readable by their employees by default? Do they run background checks on their employees before they are allowed near your data? Are their employees properly trained how to handle your data?
• Who is responsible for data loss, or a security breach? Surprisingly, very few people remember to ask this one. If your data is lost or stolen, who gets nailed with the lawsuit? Do they have a rider, or other means of protecting your company if they lose your customers data, or worse yet, if a disgruntled employee sells it?

These questions should help to give you a better picture of what you are being sold. Of course, I don’t need think I need to remind you that the answers only mean something if they are in writing.

Let’s move on to the questions to ask yourself (or someone other than the salesman).

“How critical are these services to my businesses operation?” Before moving these service out into the wild, you may want to think of some of the ways it could affect you. Here are a few questions to ask yourself:

• How much would downtime cost me for this service? If you cannot function without this service, then a problem with your Internet connection, or with theirs, would put you out of business. Think of a call-center losing it’s phones, or a courier service not having access to it’s maps or per-diem rates. this would be catastrophic to them. Your application could mean the same the same thing to you.
• How much time do my employees spend on this service? If this application is being used constantly (i.e. data entry, order processing, control data) then even a small decrease in efficiency would raise costs considerably. We often take for granted that the Internet is there. Have you ever had your connection suddenly exhibit loss or sluggishness? If it suddenly takes thirty seconds to display a web-page that would normally display in two, how much would this affect an employee who normally enters 25 orders per hour?
• How much will the increased traffic cost? You may save administration costs, and even hardware costs, by moving this application to the cloud; However, you could start to see a significant increase in data costs if you exceed your bandwidth. It may be worth doing the numbers on this before making the leap to off-site applications.

Unfortunately, I cannot give you an answer as to whether you should move your application(s) into the cloud or not, but these questions should help you make a more informed decision.

” .vimrc example configuration file by Kenneth Coe
syntax on ” set context sensitivity to “on”
set history=1000 ” expand history from the default list of 20
set scrolloff=3 ” set cursor to scroll when three lines away from screen edge
set visualbell ” Switch annoying bell sound to simple screen flash

It is worth noting that some distros are using vim-lite instead of the full version. You will need
to install the full version to realize all of the functionality of VIM. In debian-based distros, you can
do this by running the command “sudo apt-get install vim”.

I will move the posts from the last site over in the next few days. In the mean-time, please feel free to browse around.

There are many people looking for ways to “stimulate the economy” with their refunds. Sony, RCA, Dell, GM, Ford, and many other companies are anxiously waiting for our refunds to arrive. There are also a few forgotten uses for this money, and many of these can be far more rewarding than anything we could put on a shelf.

My choice for charities this year is “Children with Hair Loss” (CWHL).

As you can see from the rather uncommon picture of me with my hair down, I had a unique ability to help out this charity in more ways than one. If you check the Children With Hair Loss website, you will most likely agree that they are a charity with a very good cause. Millions of children suffer from hair loss due to natural causes such as Alopecia Areata, Tinea Capitis, or Telogen Effluvium, or from accidental or incidental causes such as burns or chemotherapy. This problem may not be fatal for children, but it DOES affect their life in a very negative way, and creating and fitting wigs is a labor intensive, and rather expensive, process that many families cannot afford.

There are many charities which are dedicatated to this cause, and there are many ways to help the charities which have taken the challenge. One (as pictured here) is to make a hair donation. This (rather painful) donation of an average of twenty one inches, should go a long way toward helping a child in need. Hair donation can be a very rewarding way of helping out, especially for children, who cannot write a check, or man a phone. Hair donation, however, is not the only way to help. All of the hair donation causes need volunteers. You can make calls, organize drives, volunteer to help cut, or just make a simple financial donation. Hair donations help, but money donations can also go a long way toward defraying the high cost of what they do.

This is the reason a am writing this post today, and the reason for my pictures. As I said at the beginning of this post, there are a lot of us out there looking for a way to spend our refunds this year. Why not make a worthwhile donation with some of the money that you receive? You may find that it the most rewarding use of that hard-earned money!

as a closing note, I would like to Thank Fantastic Sams for their help, and for their permission to use the camera in there salon. they were very helpful, and very supportive.

I am not sure what motivated her to try this, but I told her that her methods were a little dubious, and gave my opinion. since I told her that she should debate this issue in the public, and not try to slip amendments in behind closed doors, it is only fair to do the same. here is the text of my email to her, in verbatim…

Mrs Feinstein,

It has come to my attention that you are attempting to include language in the Stimulus bill which would affect the neutrality of the internet. reading the proposal for amendment, a few things very quickly become quite clear. Aside from the fact that there is no effective method for monitoring network traffic for objectionable material (you could do some reading about Australia’s numerous failed attempts at this), this is MOST DEFINITELY NOT a stimulus issue.

I, and thousands of other watchdogs, will be certain to make this as obvious as possible to the public. I will also be certain to center it in the interests of the tens of thousands of people in your state who, as fellow IT professionals, would be extremely dissatisfied with the possible requirements to spend countless hours and large sums of money (which they cannot afford to spend in this economy) to attempt to comply with a ridiculous set of regulations which have very little probability of success in controlling the flow of illegal materials and a very high probability of adversely affecting almost all legitimate traffic.

This is neither an effective piece of legislation, nor a good way to remain in office. If you are honestly concerned about the issue of net neutrality, please have the courage to debate the issue in public where it can come under the light of truth, and succeed (or fail) on it’s true merit. Doing this in the cover of committee, and amending it to unrelated bills, will do nothing but recast the issue as scandal.

I will attempt to assist you in moving your concern into the public forum by posting a copy of this email on my website. feel free to comment there if you would like.

Thank You,

Kenneth C Coe, Jr

www.coehome.com

Aside from typographical and grammatical errors, I would always recommend that people copy my response. That is to say, that we should always contact our representatives when we see an issue that affects us, not that you should just repeat whatever I say (of course.) I will continue to watch our representatives actions, and to respond to them. I will also continue to attempt to get my viewers to do the same…

One of the most obvious considerations for the new administration is broadband access and the digital backbone. Why is broadband so important? As FCC chairman Kevin Martin states in “Engine of Productivity and Innovation” (Korea Times – 6/17/2008), “The ability to share increasing amounts of information, at greater and greater speeds, increases productivity, facilitates commerce and helps drive innovation.” Information technology science has advanced at an astounding pace since the construction of Eniac in 1946. Technology is now an integral part of finance and commerce, education and employment, healthcare, and almost every other facet of our lives. It is very important that the backbone of the internet keeps pace with any digital development.

Just as obvious to experts, but less so to the general public, is information security. The attacks on September 11, 2001 had a devastating impact on the economy. An attack on our digital infrastructure, however, could have an even larger impact, as described in TechNewsWorld.com’s “CyberWarfare”. Some progress has been made toward adapting new policies and methods to counter a cyber-offensive through the Department of Homeland Security\’s “Cyber Storm Project”, but a lot of work still needs to be done. Security in the digital world is a moving target, and requires continual effort. This will be a critical component of any future digital infrastructure policy.

An area which requires significant attention is the availability and format of the Federal Government’s information architecture. We have made significant progress over the last few years toward digitizing the Governments’ public access through the Federal Information Portal, usa.gov. A tremendous amount of forms and data are available to the public through this medium. Many of the publics’ needs can be met at this portal to some degree, but a lot of work is still ahead. One impressive, but underdeveloped, section of usa.gov is the RSS feed page. This section of the portal could be immensely beneficial to the people. For example, it could let you subscribe to the feed for your districts’ representatives to keep track of their actions, or watch the feed for a particular issue which affects and/or interests you. We would also benefit from integration of some of the other newer technologies used on the internet today, for example the ability to send requests by topic or by task to multiple sources and receive a single response with the information we need (online information requests save Tampa, FL a fortune)or to customize the portal to our needs similar to iGoogle.

These same wonderful technologies could go a long way in developing transparency in government, but would require standardization of the data formats used by our government. This is what I would consider the most important issue with regard to federal information management. Using a standard, and open, semantic data management system would help to solve multiple issues facing our next administration. The ability to tag data by subject would aid the government (and it’s people) in communicating more efficiently. Anyone able to search available material by subject could easily aggregate the data into a single source (possibly an RSS feed) and review all actions on a given topic.

The last area I would add to the new Administration’s list is Total Cost of Operations. Our Federal Government is a very large institution, consisting of tens of thousands of systems. Licensing and implementation costs are staggering at this scale. The new Administration should not discredit any ideas for new development. One of considerable interest to me would be the implementation of more open-source projects and solutions. This could save billions in licensing costs, and give the Federal government the ability to tailor its’ solution to it’s needs

This is by no means a complete list of goals for the administrations new CTO, but is a good start toward their stated goal. Hopefully, we will see some of them start to develop.

What is a “GO” Kit?

Your Go kit is, simply, an emergency preparedness kit for hams.Think of it as a travel kit for emergencies. If you where to respond to an emergency, you would have a collection of basic necessities which would go along with you. The most obvious items would be radio, batteries, charger, and the like, but there are a few more. Let’s break this down a little.

Planning your Go Kit

Before we start, let’s do a little reality check. Many people will give you a solid list of what must be included in your Go kit. The reality is that there is no standard kit. Your primary consideration when building your Go kit will be simply, “What are you going to do with it.” Obviously, if you are going to assist with Sky Warn (Storm watching), your kit would be quite different than if you were going to assist in local shelters after a small flood, or if you are heading to the coast to assist after a hurricane/

Operations

Radio

Obviously you will need a radio, but which one? If you are responding to an event which requires foot travel (search and rescue, shelter, traffic direction…) you may need something more portable, like an HT (Handy Talky). Please do not forget the charger for the radio. On the other hand, if you are heading out to an area that requires coverage, you may need more than your basic rubber duck antenna. A mobile rig would be good in this situation.

Amateur “Accessories”

First, remember to bring the items which you are comfortable operating with, such as your microphone, headset, pillow… You know what you are used to, so use it. The best tip I have ever heard here is “train how you will operate, and you will operate like you were trained.” (Thanks WB8TKL)

One tip that people often forget to give is to remember to include your radio’s manual. The last thing you want in an emergency is to forget how to do something on your radio and, let’s face it, these new units are not exactly the most user-friendly ones ever made. a stressful situation can lead to an embarrasing moment if you are not prepared.

Beyond that, there are a couple of items that can come in REALLY handy:

• Cable adapters for your radio (often called tweenies). You may need to hook your HT or mobile rig to a larger antenna. Will your connector be compatible?
• ARES Field Resources Manual – An invaluable reference tool for emergency operations
• Radiogram Message Pads – The best way to record and forward, or deliver, messages.
• ID, name badge on lanyard, and COPY OF LICENSE. Very important ones here.
• Notepad, pens AND pencils, and indelible markers (sharpies).
• Maps of any area you are likely to operate.
• If you have it, an emergency communications vest. These can be very handy.

Make a list of emergency contacts, local repeaters frequencies (don’t just assume they will stay in your HTs memory), call signs, and common addresses. Your individual group, area, club, EOC (Emergency Operations Center) will have it’s own requirements and procedures. These lists are good to have, but DO NOT rely on your memory in an emergency. Write it down BEFORE you need it.

Non-Operational Goods

We’ve made good headway here on emergency preparedness, but let’s not forget to take care of ourselves. You are no good to anyone else if you cannot deal with your own needs as well.

A friend (and Elmer) of mine, WB8TKL, puts this category into a nifty perspective. He says that the best Go Kit is a box with a list in it. You do not need a ready bag by the door with all materials. You just need to know where what you need is. Some people will say that I am wrong here, but I will answer that they go overboard. Let’s take a look at some of what should be on the list:

• Glasses, or contact solution and case
• Prescription medications, and possibly Tylenol (remember… Stressful)
• Change of clothes and toiletry kit for longer events
• Energy bars, or other nifty little snacks
• Water, juice, or other fluids (don’t assume there will be a fridge at the scene)
• Pillow and Blanket
• Rain, or winter, coat
• Flashlight and batteries, first aid kit, Hitchhiker’s towel (Mr Adams is a hero)
• Reading material to keep you out of people’s hair…
• Keep cash on hand. Credit cards may not work in an emergency. While your at it, try not to run the car low on gas (it’s not good for it, anyway).

It is not that the people you are assisting in the emergency will not try to take care of you. It is just that they will already be quite busy. Help them out by being self sufficient.

The Most Important Item

What is the most important item you need with you? The amateurs good-natured and helpful attitude!

Please remember that we, as amateurs, are there to help. Your attitude is a big part of this. We may be asked to carry supplies, or help with some other mundane tasks. While communications is our primary task, we need to be open to helping them with other things as well. THIS is the most important thing to carry.

A Look at My Arsenal

As an example, let’s look at my Go Kit. I cheat on a couple of things, but I think I have a decent setup which you may need. First I must qualify that I only use one vehicle. Why does this matter? Simply stated, I don’t have to worry about what car my rig is in, so I have a permanent mobile setup. Now onto the list…

• Mobile 2-meter radio with antenna, and Yaesu HT (including charger, the Yaesu can charge off of 13 volts. Many other HT radios have cigarette adapters as well.)
• Amateur Documentation bag, including; notepad, pens, pencils, highlighters, and markers. Swiss army-type knife and multi-tool. ARES Reference guide, radio manuals, and radiogram pads. I also keep a couple folders in there to keep private things private.
• Contact info – I keep lists of repeaters, known contacts, phone numbers, important addresses, and JNOS Nodes (I am a packet radio guy). I also slip in a few maps…
• Accessory kit. Since I have ample room in my vehicle, I carry my spare parts, tweenies, cable, and radio repair tools in a toolbox in the car (I don’t suggest this without a good alarm system).
• Personal items; Waterproof Long Duster and a jacket, inflatable pillow and blanket, towel, flashlight, and basic first aid kit.
• I keep an empty gym bag in the house with a list of items I need to throw in it (clothes, hygiene, food…)

Now, let’s look at my wish list for upgrades…

• Portable military mast, and two meter “Ringo” antenna. This is for extended period communications, or for the addition of a second radio for packet.
• 13-volt power supply. I would like the possibility of keeping the batteries charged in an extended operation.
• ARES Magnetic Signs (Quantity 2). I just think these would be handy, and look good, on a vehicle.

Links To Other Reading

• An excellent guide to go kit construction
• RACES official Go Kit page (a little excessive, but nice)
• Ready.gov’s basic kits page
• WB6FZH’s GO KIT INFO – An extensive list of options
• Los Angeles ARES Go Kit Page – Another list with good options