Sunday, January 17, 2016

Jesús Rodriguez: "The majority of clients don't ask about security"

Jesús Rodríguez (jerocu). Owner of VozTelecom Sistemas SL

I met Jesús Rodríguez, jerocu, in the 90's, when he was the visible face of the pro-BSD movement in Spain. They wrote articles, translated manuals and even they went to Usenix USA, in 1999, which Jesus reminds like "one of the best experiences I ever had". His first contact with FreeBSD, in 1995, came through the providers of Goya, born in Madrid´s Politechnic University when "registering a domain was a phone call".

Today Jesus is 43 years old, lives in Castelldefels (Barcelona), alongside the sea, one of their biggest passions, and has 9 years old daughter whom he teaches " a rational use of all the devices with buttons and touchscreen that surrounds her". He also explains: "I'm a radio amateur, one withlarge aerials in the ground despite the neighbours and now I'm discovering the SDR". Jerocu has his own company, founded with two friends, VozTelecom, a communication service operator for SME with 120 employees and thousands clients.

- Recently nobody talks about BSD...

- Yes, I have that feeling too. The "fight" between Linux and FreeBSD (also OpenBSD and NeyBSD) has been disappearing with time, each one have found their site and taken the best position to adapt it. For example, the Whatsapp infrastructure is in FreeBSD, and also Netflix and the Apple operating systems (Mac, OS X and iOS), and Playstation 3 and 4 are derived of FreeBSD.

- How has been your path from FreeBSD apostle to telecommunication businessman?

- When we decided start our company in 2003, we created the infrastructure in FreeBSD (obviously :) ) We offered VoIP services to more than 20 operators from 4 continents. Finally, the Ip voices are just IP packages, signalling  in one side and audio (RTP) in the other side, which fits perfectly with FreeBSD. This doesn't mean other services have to use Linux, Windows or anything else. I'll always tried to be practical and pragmatic, not radical and each service has it´s most appropriate infrastructure.

- What it's going on with VozTelecom?

-Very well, growing and struggling daily. The telecommunications market is very very difficult, full of large and important operators, with much economical an commercial power. We tried to found a niche to develope us and this niche was the SME, which forced us to reinvent ourselves, because we were coming from offering hosted services to operators from all the world. Generally, the SME always have been neglected by the large operators and we saw an opportunity here. We reinvented ourselves a few times, we adapted to changes and this is why we are here.

- In Autumn I heard a chat about the misconfiguration in the majority of VoIP switchboards. It is true?

- There are examples of everything, but generally yes. We must know VoIP share space between the TI world and the switchboard world; it's an hybrid. There're TI people who have the IP concept very clear but not the same about switchboard and the people of the switchboard don't have clear the concepts about TI. We have to be careful when we configure a switchboard connected to Internet. You can't leave it configured with the default credentials and redirect a port in the router to access from your office because in minutes you can be in trouble and this troubles can cost so much money.

- On Linkedin says you're "specialist on cloud communications". I don´t trust in the cloud.. Am I right?

- Mmmmm… The Cloud doesn't have anything bad, to the contrary, it has a lot of benefits but at the end it depends on two things: on one side your service cloud provider and on the other side, the use of this services. the Cloud as entity and almost deity in the last times, it is seen like a black hole that nobody knows what is and where it is, is an abstract concept for the majority.

In the cloud your computers (but they are yours no longer) and your services depends on a third person. The managing, the backups and even your business can depend on this third person so, if you do this, yo must find a provider who gives you thee maximum security and confidence.

And the data, the other important part, you leave the data to this third person to save and store it. And the safety of this data depends of this third person. Europe is different to USA in access to information policies, so if you want to save your data in the Cloud, save it better in Europe than in USA... but seeing what happens, I don't know how long it will last.

- Did you see the joke of the Free Software Foundation which ran in the social network? "There is no cloud, just other people's computers"?

- I didn't see it but it's quite correct. It´s like the old Skype which ran in peer to peer mode using resources from different users... without knowing it. As I said earlier, in the cloud you're putting your information and your data in the infrastructure of a third person and this infrastructure isn't exclusive, it is shared between different clients.

-You work on networks since 1996 at least. Have you seen another unsure moment on Internet like now?

- In all this years peple has always been talking about security on Internet. At the beginning it was an (un)security more... "academic", focused on learning, but we had another annoying types. With the past of years, Internet has been monetizing and acquiring economic value, and with the banks and the online shopping the interest of the bad guys has been increasing at the same rhythm. In the same way, with more users, there're more possibilities of find new victims... How is it possible that there are people who fell in the fraud of the Nigerian, for example?

The top level right now are the governments, the intelligence services, the critical infrastructures, the CyberWar, struxnet, etc. This part is really tricky and is where I really think is getting place a lot of battles that we dont' know about.

- Why do you think cybercriminals go through the network with impunity?

- Internet is the reflect of society, in good and bad things, with the add of ubiquity and privacy. These elements, used by the bad guys, difficult so much the things. In my sector we receive, for example, attacks from Indonesian IP directions that generate illegal traffic to Palestinian mobile phones... if you go to the Police they'll accept your complain, of course, but they'll tell you that is very very difficult to investigate it. If you move this to any other illegal activity, it's really difficult to investigate them.

- Is it dangerous to companies like yours when you hire new customers?

- You can not have the 100% of security and also you cannot assure it. What you can do is to put lots of complications to tire them and you don´t seem so interesting fo them. The most of customers don´t ask about security measures and only a few ones have asked to encrypt the calls. To customers who have asked sometime and wanted to compare with the traditional telephony, you only have to explain how easy is going to their flat parking box...

- Has The NSA got the best or worst to listen our Conversations whit IP voice?

- To this people it dosen´t matter what are you using, they are everywhere; not directly, but indirectly with other agencies as has been seen in UK, Deustchland and other countries. With the technology and their means, sincerely, I think it doesn´t matter what technology you are using. If you mess in encryption themes you can complicate it a little, but no one says you they can not access if they want. Uff, it seems very bad.

- Have you got any advice for our readers?

- We have to educate users to use safety technologies, starting with kids. Digital nstives are who can change things in next years.

Text: Mercè Molist


Post a Comment