Technical Insights > Network Visibility + Security

Packet Boi and the Importance of GUIs

2020-08-20  |  6 min read 

People in the IT world have often had a very narrow focus. In the beginning, it was all about hardware. Go back far enough and you can find debates around Z80 vs 6502 performance. Recently, it has been all about Software Defined [Whatever] – which is great until you regress down the stack and eventually find that under the last cloud turtle there is not another turtle, rather everything is ultimately running on someone else’s hardware, be it Xeon, AMD or Graviton.

As the industry matured, it became clear that software was really important. After all, what good is all that fancy hardware without something useful to do with it, and that is where software came in. One of the revelations from the software revolution was that if you want to do useful things for people, spectacular software on mediocre hardware would usually trump mediocre software on spectacular hardware. Anyone recall the fun you could have with memory management like QEMM or worse yet hand tuning config.sys in order to manage PC memory well enough to actually run a game?

Somewhere above the software layer comes the human layer. People are great at certain things. Intuition, feelings, the big picture. It’s all about Kirk and little about Spock (or Data). We fall down trying to compete with the likes of Spock on speed or detail or memory – same with computers.

If you wanted to maximize the chances of a human error resulting in something tragic happening, one way of doing that would be to have people do something with tremendous complexity, a lot of detail and syntax such that even small or scarcely noticeable differences result in vastly different outcomes.

Sounds like RegEx to me.

RegEx – Regular Expressions, can be defined as a way of describing a search pattern. At the simplest, think wildcards.

For example, DEL *.FOO – deletes all files ending with .FOO.

Vastly different from DEL * or DEL *.*, which effectively delete everything.

On July 2, 2019 Cloudflare experienced an outage that ended up having fairly widespread impact. The RegEx at the heart of the matter:

(?:(?:\"|'|\]|\}|\\|\d|(?:nan|infinity|true|false|null|undefined|symbol|math)|\`|\-|\+)+[)]*;?((?:\s|-|~|!|{}|\|\||\+)*.*(?:.*=.*)))

For those interested you can read John Graham-Cumming’s excellent post mortem. To their mutual credit, both Graham-Cumming and Cloudflare are the epitome of transparency and taking ownership of a problem.

That said, just looking at the expression in question, it is easy to see how errors could creep in, like they did. Sort of like coding in assembly language, the devil (and syntax error) is in the details.

Interestingly you can say the same thing about network packet brokers. To briefly recap, a network packet broker is a specialized kind of switch that allows you to readily (with the help of taps and potentially bypass switches as well) take traffic from anywhere on your network, filter, groom, decrypt, load balance etc. before sending that traffic to whatever network security or monitoring tools you want to send it to – firewalls, IPS/IDS, WAF and so on.

You can configure filters with RegEx, which gives the old school CLI folks the opportunity to flex impressively for onlookers, but as covered above can result in very small errors in RegEx becoming very large holes in your network visibility and subsequent security efforts.

There is another way.

Enter the GUI.

At Keysight we have long held that our efforts in building an easy to use, drag and drop interface to optimize for how humans thing and use IT gearn is the way to go. While there are some, particularly from the UNIX world who are big fans of the CLI (plenty of folks like that here as well) for many things, when you start getting into the world of potentially overlapping filters and the like, we really think that most users and organizations will be best served by a good GUI that will simplify operations and configuration setup and changes as well as reduce errors. Lower cost, fewer mistakes and ultimately better security and visibility. Since better security and visibility are two of the big reasons people will deploy packet brokers, it seems like a win all around.

Speaking of wins, eventually most readers tire of worn out stories of the old days and a bunch of vendor speak, which is why we did the Packet Boi videos – a series of videos where we take some fundamental concepts around network security and visibility and break them down into easily digestible chunks.

Here’s Packet Boi on GUIs.

While we are here, you might want to check out some of these additional assets including: