Diagrams with C4 Model

top_routeburn_track

This post is for everyone who draws computer pictures for a living…

The genesis for this post came from a comment on the diagrams-as-code post (via LinkedIn) that called out the C4 Model[1]:

comment

I hadn’t heard of C4 Model before so I decided to check it out. A first look at the C4 Model web site piqued my interest – Continue reading

IT Architecture – A Discussion on Coupling

IMG_6797c2

In the world of IT architecture, coupling is a much talked about concept. But what is coupling, why is it important and what techniques/patterns can we use to optimise it?

That’s a lot to unpack, so let’s start with an example outside IT. Consider this trendy all-in-one desk lamp:

trendy-lamp

It looks lovely, but what happens if the bulb fails, or you want to change the light colour? It is tightly coupled because the bulb component cannot be replaced separately, so the whole lamp must be replaced in these circumstances. Continue reading

Beware the Perils of Audit-Driven Design

IMG_5322c

When you work in IT, security audits are par for the course. Like dental check-ups, they’re generally a good idea, but can still be painful (and expensive). They help uncover issues that need fixing, and raise senior exec visibility.

There is however a dark underbelly to security audits – they can drive counterproductive behaviours leading to unintended and undesirable outcomes.

Wouldn’t it be ironic if remediating a security audit item made your organisation less secure…? Continue reading

Diagrams as Code (PlantUML)

header-image

Is a picture really worth a thousand words? What if that picture was a diagram?

A colleague recently introduced me to Diagrams as Code, using PlantUML, and in this post we explore the concept of diagrams-as-code, and how to use PlantUML.

Diagram Methods

Let’s start with some background. Diagrams should engage their audience, informing them and encouraging collaboration. Understanding the knowledge and needs of your audience is critical to creating a successful diagram.

We adjust the diagram to suit the audience, using different views of people / process / technology to inform and engage them. Often, we will draw multiple views of the same system to suit the needs of different audiences, as per Figure 1.

Multiple Views of the Same System

Figure 1 – Example of Multiple Views of the Same System to Suit Different Audiences

Continue reading

What is a Network Traffic Flow? (Part 3)

banner_network_flow_post_3

Network traffic flows (flows) are useful for building a coarse-grained understanding of traffic on a computer network.

Following on from What is a Network Traffic Flow? and What is a Network Traffic Flow? (Part 2), this third post investigates flow metadata, how it adds value to flow analysis, and how to record and transport it. This is the good stuff, where flows become useful…

figure1

Figure 1 – What this blog post covers

Continue reading

Emerging from the Murky Swamp of InfoSec – An Architect’s View

I recently attended the fantastic Kiwicon 2038 InfoSec conference (shout out to the crew and speakers – you guys rock!) in Wellington, New Zealand. An eclectic cast of speakers, including Bruce Schneier, Kelly Ann from Slack and many others, delivered thought-provoking talks accompanied by ‘flame effects’[1].

We’re all doomed…

Bruce Schneier, a celebrity in the world of InfoSec, painted a grim picture of the future of security, to the point that part way through the talk he had me convinced that we’re all doomed…

bruce

Only at Kiwicon: Bruce Schneier prophesising doom (and plugging his new book[2]), while a sheep wearing neon sunglasses looks on …

Continue reading

IP Fragmentation Lab with Vagrant

Recently, I had a need to understand IP fragmentation better, so I built a lab to experiment with.  I wanted it to be easy to setup, and built in a way that is repeatable by others, so I designed automation to stand it up with virtual machines in a hypervisor. The lab network topology is shown in Figure 1.

frag_lab_1

Figure 1 – Network Diagram for IP Fragmentation Lab

Continue reading

What is a Network Traffic Flow? (Part 2)

banner_network_flow_post_2

Network traffic flows (flows) are useful for building a coarse-grained understanding of traffic on a computer network. Flows provide a convenient unit for the measurement and/or treatment of traffic.

Following on from What is a Network Traffic Flow?, this second post delves into Internet layer flow considerations. Previously, we found that the definition of a flow is mainly arbitrary, primarily driven by the capabilities of hardware/software, and the use cases. We now delve further into the considerations around specific features and behaviours of IP.

tcpip_stack

Figure 1 – Where this Blog Post fits in the Internet Protocol suite Continue reading

What is a Network Traffic Flow?

traffic_wide

Network traffic flows (flows) are useful for building a coarse-grained understanding of traffic on a computer network, providing a convenient unit for the measurement and/or treatment of traffic.

Flows can be measured to understand what hosts are talking on the network, with details of addresses, volumes and types of traffic. This view of the network can be useful for troubleshooting, detecting security incidents, planning and billing

But what exactly is a flow, and how is it defined?

This question sounds trivial to answer, however when we dig deeper we find nuances and corner cases that make flows interesting, and ultimately difficult to define. Continue reading