The Network View » Infrastructure Security

Virtualization: Monitoring Is A Huge Challenge

Tommy P. Landry — Fri, 28 May 2010 15:30:15 +0000

Earlier this week, Network World Senior editor Denise Dubie published a very insightful article, “How far has virtualization come?“. In it, she reviews the results of three annual surveys conducted at Interop, all focused on virtualization technology deployments and adoption in the data center.

The survey, which was conducted by Network Instruments the past two years (NetQoS and NI conducted it together in 2008), revealed some very interesting data points.

Virtualization, as we would have anticipated, has picked up a great deal of momentum both in the data center and on the desktop.
The primary reason for adopting virtualization is cost savings. Yet, they also revealed that implementation costs are too high.
The single biggest virtualization-related challenge is a lack of visibility to data streams, an inability to secure the infrastructure, and a lack of monitoring tools optimized for virtualized environments.

Based on the interplay of the first two key findings above, it is clear that high implementation cost is not a long-term problem. Obviously, today’s decision makers can see the “forest for the trees” so to say, in that the expected long-term cost savings will easily dwarf the high cost of entry.

What jumps out to me the most is the monitoring problem. This is not a unique challenge to virtualized environments, but rather, virtualization itself is causing some head-scratching regarding the monitoring itself. And really, for data centers that are already burdened with escalating tool costs, shrinking staffs, and a shortage of physical access points, it’s no wonder some of them might feel desperate to fix the monitoring quandary.

The reality of the situation is that there is a very easy answer to this problem: Monitoring Optimization. Monitoring optimization involves the adoption of an aggregation and replication switch, which can solve all of these problems if designed with a fully-integrated GUI. The key is to look at this as the monitoring of specific data flows or traffic, not specific links, switches, or access points.

With servers and other hardware switching over to “virtual” servers and hardware, one of the biggest issues is knowing where to place tools in the physical infrastructure. If you stick with the “old way” of placing a tool everywhere monitoring is required, you’ll need more tools than any reasonable enterprise can afford to buy or manage!

What you really need is a “virtual tool farm” to go with your virtual infrastructure. Don’t get me wrong; you’ll still be using the same hardware/software-based tools you have already deployed. But using Monitoring Optimization, you can extend a single tool to cover multiple data streams, and you can share traffic from a single data stream with any or all of the tools you desire. The best part is that you can do it all in a fully integrated GUI without ever having to use some time-intensive, cryptic IOS-like CLI (likely in a proprietary coding language from the vendor, as most of our competitors offer) to manage your most challenging filtering…it’s all drag and drop and windows-esque form entry.

If you count yourself among those who said monitoring is their biggest headache, I urge you to learn more about the Anue 5200 Series Net Tool Optimizer. Then reach out to us via our Contact Me form, and we’ll show you exactly how much easier this can be, and you will see a positive impact to your tool use and staff effort immediately upon deploying our solution.

What is Computer Forensics?

Tommy P. Landry — Wed, 12 May 2010 15:30:46 +0000

This week we will cover a basic take on Computer Forensics, a growing and very important skill set in today’s complex (and threat-heavy) technical networking environment. Enjoy this guest post by Michael Linn.

______________________

When an unauthorized incident occurs against your network, such as an attacker breaking though your network’s defenses, an appropriate response is required. The response to the intrusion includes using forensic science to properly respond to the event.

Forensic science, or forensics, is the application of science to problems that are of interest to the legal profession and deals mainly with the recovery and analysis of evidence. Computer forensics attempts to retrieve information that can be used in pursuit of the attacker or criminal.

Computer forensics is also called digital forensics because its uses techniques to identify, collect, examine and preserve information or evidence, which is magnetically stored or encoded.

When your team responds to a criminal event that requires an examination using computer forensics, there are generally four basic steps that are followed.

Secure the crime scene
Collect and preserve evidence
Establish a chain of custody
Examine evidence

The first step in reacting to a computer forensics incident is for the first responders to secure the crime scene. The response team should document the physical surroundings of the computer or electronic device that is suspected of containing digital evidence. This includes photographing the area from different angles before anything is touched and labeling cables connected to the computer.

Additionally, the team should interview anyone who had access to the computer and take custody of the entire computer along with the keyboard, external memory devices, and peripherals.

Since digital evidence is easily altered or destroyed, only properly trained computer evidence specialists should process computer evidence in order to ensure that integrity is maintained and the data obtained can withstand scrutiny in a court of law.

The computer forensics team should capture any data that may be lost when the computer is turned off including:

RAM contents
Current network connections
Logon sessions
Network configurations
Open files

After the volatile data is preserved the team should create a mirror image backup of the hard drive. A mirror image backup, or bit-stream backup, is an evidence-grade backup that is admissible in court and must be done in a controlled manner by trained professional.

Establishing the chain of custody documents who had access to the evidence and when. Serial numbers should be recorded and the evidence should be kept under strict control at all times.

Finally, after the mirror image is created and the original system is secured, then the mirror image is examined to reveal evidence.

All data should be investigated for clues including:

Word processing documents
Spreadsheets
Emails
Caches
Cookies
Metadata
Database entries

Additional sources of hidden clues may come from RAM Slack or Drive Slack. When Windows computers use memory to process data information that has been created, viewed, modified, downloaded, or copied it may still be available.

______________________

The author is a computer security professional with experience protecting small business and home networks. He also teaches the basics of computer network security at 365 Computer Security Training where he blogs regularly and creates video training and educational materials related to information security. Learn more at http://www.365ComputerSecurityTraining.com

______________________

Article Source: http://EzineArticles.com/

Network Management Components – The Basics of an Effective Management Strategy

Tommy P. Landry — Fri, 02 Apr 2010 15:36:54 +0000

Enjoy this week’s guest post by author and tech career adviser Shaun Hummel!

_____________

Overview:

This article will define a network management strategy for managing the network. It is necessary to define how the equipment is going to be monitored and determine if the current management strategy is adequate or if new applications, equipment, protocols and processes must be identified. Management components are then integrated with infrastructure and security. These primary elements comprise any well-defined management strategy and should be considered when developing your strategy.

Network Management Strategy

Network Management Groups
SNMP Applications
Monitored Devices and Events

Network Management Groups

Fault
Performance
Device
Security
Change
Configuration
Implementation

Fault Management

This describes the pro-active monitoring of devices, circuits and servers for errors. It specifies what events are monitored and thresholds for generating alarms. Once the alarms are generated, there is an escalation process for addressing any errors. It could be a circuit problem, a router interface or a server link. Service level agreements with local loop providers and long distance IXC for circuit repair are important as is vendor equipment repair contracts. Out-of-band router management allows troubleshooting and configuration of routers with an attached modem. The support technician doesn’t rely on the primary circuit to reach the router. They will utilize a separate analog dial line with a modem connected to the auxiliary port at the router. Escalation support processes are defined that are used by the network operations center (NOC) employees for effective problem resolution. These are some typical support activities:

Established Tier support levels with job responsibilities well defined for each Tier group
Defined severity levels and what Tier group is responsible
Defined response times for severity levels
Applications for trouble tickets
Established troubleshooting procedures for employees
Root Cause Analysis
Survey support groups for skill levels, identify deficiencies and plan for training programs to address that

Performance Management

This describes the pro-active monitoring of device, circuit and server performance levels. That translates to monitoring and reporting on trends with device CPU, memory and link utilization, circuit bandwidth utilization, server CPU, memory and disk input/output rate. As well campus segments and device interfaces should be monitored for collisions, CRC errors and packet drops. Bandwidth capacity planning is an on-going process of monitoring bandwidth utilization trends for the enterprise network and consideration of business growth estimates. That information is utilized for developing a provisioning strategy addressing company bandwidth capacity needs. The dynamic nature of an enterprise network is such that new locations, employees and application deployments will increase network traffic and utilize available bandwidth. Trend monitoring tools are typically run from the network operations center and focus on enterprise traffic patterns and performance of circuits, routers and switches.

RMON is a popular protocol that is utilized for monitoring router, switch and campus segment performance with probes at various offices across the enterprise. Information can be collected at all layers of the OSI model for statistics on utilizations, packet size and errors. In addition there are specific SNMP applications designed for bandwidth capacity planning. The bandwidth provisioning strategy could involve faster campus and WAN equipment, increased bandwidth for circuits, quality of service protocols or a combination of any of those elements.

Security Management

This describes the management of device and server security that is consistent with the policies of the corporation. Typical devices are firewalls, routers, switches, TACACS servers and RADIUS servers. Security includes community strings, password assignment, change policy, dial security and Internet security.

Device Management

This describes the maintenance of a database inventory that lists all campus and WAN devices, modules, serial numbers, IOS versions, server documentation and design. It is important that companies keep information on these assets for support and warranty issues.

Configuration Management

This describes the process of configuring, and documenting devices, circuits and servers on the enterprise network. A process for configuring new equipment, modifying current equipment and maintaining TFTP servers should be established. Those scripts should be saved to TFTP servers and documented for later use with subsequent configurations. Build a directory structure with a folder for each equipment type and subdirectories for model types.

Change Management

This describes a process for approving and coordinating device configuration changes and is essential for network availability. Staff members that make unapproved changes without alerting affected departments can cause problems if the changes don’t work and are made during busier times of the day. Any changes to the production network should involve at least the network operation center and someone from the engineering group. As well it could be important to let the application developers know of network changes. Any change management process should have these components:

Review Process

Affected departments consider impact of changes and discuss concerns
Proof of concept and quality assurance testing
Develop a timeline for changes approved by all departments
Departments plan contingencies should there be network issues
Approval process: software manages and records approvals from groups
Pro-active monitoring of unauthorized changes

Implementation Management

This describes the process for managing new implementations such that there is no disruption to the production network and the implementation is efficient and effective. These are some network operations center (NOC) activities that should be part of any typical implementation management strategy. Consider vendor support contracts for support with configuration scripts, testing, and design since that will promote an effective implementation.

Standard Network Operations Center Activities:

Turn on circuits and ping all new devices to verify connectivity
Modify SNMP applications at network operations center for pro-active fault and performance monitoring of new devices
Verify devices are SNMP enabled and security is applied
Update the inventory database and save configuration scripts to a TFTP server

SNMP Applications

There are a myriad of SNMP applications on the market that focus on managing servers, devices and circuits. An enterprise customer will sometimes employ several applications including their own software that address each management group. The SNMP version that is implemented should be noted at each device and server. This is a list of popular commercial applications and how they could be utilized.

Monitored Devices and Events

Typical devices such as routers, switches and circuits are configured and monitored with SNMP applications. Thresholds are defined for each event that will trigger an alarm when that is exceeded. A polling interval is configured for each event, which describes the time interval between sending of status information from device to network management station. An example would be a router CPU utilization threshold of 60% and a polling interval of 10 minutes.

_____________

Shaun Hummel is the author of Network Planning and Design Guide and has a web site focused on information technology job search solutions and certifications: http://www.networkjobsolutions.com

Article Source: EzineArticles.com

RSA 2010: A look inside the expo

Tommy P. Landry — Wed, 03 Mar 2010 17:14:31 +0000

I’m blogging this from the hotel room near Union Square, and so far, RSA has been a lot of fun. Yesterday I took a few minutes to take some [very raw] video footage of the Expo to share with those of you who were unable to attend the show. Please excuse the audio quality; as you know, trade shows come standard with built-in white noise.

For those of you who did make it to the show, I concluded the video by showing where you can go to find Anue Systems in Booth #329. If you are planning to be here today or tomorrow, please stop by and introduce yourself to me or one of my esteemed colleagues.

With that said, enjoy our video:

All You Need to Get a CISSP Certification

Tommy P. Landry — Mon, 01 Mar 2010 16:00:31 +0000

In honor of the RSA Conference in San Francisco, CA this week, we offer you the following guest post by Rachel Lawrence about earning your CISSP.

__________________________________

Computers are vitally important to today’s society which leads to a need for greater security and people trained and certified in this type of security. If you are looking into furthering your career in security, a CISSP certification is a universally respected qualification. There are, of course, prerequisites for the certification, besides the obvious training – which can be completed through CBT.

CISSP stands for Certified Information System Security Professional and it is the qualification issued by (ISC)2, a non-profit organisation specifically created to provide an independent body to certify information security qualifications.

In order to sit for a CISSP certification, you must first have worked for a minimum of five years full-time work in information security. Alternatively four years of experience is accepted if you have a four year or advanced degree (i.e. a Masters) in the discipline or if you have any one of the approved qualifications, which include the MCSE certification.

In addition to this, as it is a security qualification, all candidates need to answer four questions about criminal history and background as a matter of course.

In order to pass the CISSP examination, you will need to have a scaled score of 700 points or more. To train for this there are computer based training options available online and on DVD so you can work the courses around your life making studying for this qualification a lot easier.

You will also require an endorsement from someone who already holds an (ISC)2 certification and can attest to your professional experience in the field. This person must be in ‘good standing’ meaning that they hold to the (ISC)2 code of ethics and maintain their maintenance payments and continuing professional education (CPE) submissions.

The CISSP certification is globally acknowledged and indicates to your employers that, not only do you understand information security, but you are committed to the profession. If you want to stand out from the crowd then CISSP might be the way to go.

To learn more about what is involved in CISSP and to find CISSP CBT options, take a look at http://www.cvision.co.uk.

Article Source: EzineArticles.com

Network Security Model – Defining an Enterprise Security Strategy

Tommy P. Landry — Mon, 22 Feb 2010 20:29:38 +0000

Today we are sharing with you an insightful article by Shaun Hummel, focused on how to align the five primary functions of security inside an enterprise. Enjoy and please give a look at Shaun’s service as indicated below.

_________________________

Overview

These are the 5 primary security groups that should be considered with any enterprise security model. These include security policy, perimeter, network, transaction and monitoring security. These are all part of any effective company security strategy. Any enterprise network has a perimeter that represents all equipment and circuits that connect to external networks both public and private. The internal network is comprised of all the servers, applications, data, and devices used for company operations. The demilitarized zone (DMZ) represents a location between the internal network and the perimeter comprised of firewalls and public servers. It that allows some access for external users to those network servers and denies traffic that would get to internal servers. That doesn’t mean that all external users will be denied access to internal networks. On the contrary, a proper security strategy specifies who can access what and from where. For instance telecommuters will use VPN concentrators at the perimeter to access Windows and Unix servers. As well business partners could use an Extranet VPN connection for access to the company S/390 Mainframe. Define what security is required at all servers to protect company applications and files. Identify transaction protocols required to secure data as it travels across secure and non-secure network segments. Monitoring activities should then be defined that examine packets in real time as a defensive and pro-active strategy for protecting against internal and external attacks. A recent survey revealed that internal attacks from disgruntled employees and consultants are more prevalent than hacker attacks. Virus detection should then be addressed since allowed sessions could be carrying a virus at the application layer with an e-mail or a file transfer.

Security Policy Document

The security policy document describes various policies for all employees that use the enterprise network. It specifies what an employee is permitted to do and with what resources. The policy includes non-employees as well such as consultants, business partners, clients and terminated employees. In addition security policies are defined for Internet e-mail and virus detection. It defines what cyclical process if any is used for examining and improving security.

Perimeter Security

This describes a first line of defense that external users must deal with before authenticating to the network. It is security for traffic whose source and destination is an external network. Many components are used to secure the perimeter of a network. The assessment reviews all perimeter devices currently utilized. Typical perimeter devices are firewalls, external routers, TACACS servers, RADIUS servers, dial servers, VPN concentrators and modems.

Network Security

This is defined as all of the server and legacy host security that is implemented for authenticating and authorizing internal and external employees. When a user has been authenticated through perimeter security, it is the security that must be dealt with before starting any applications. The network exists to carry traffic between workstations and network applications. Network applications are implemented on a shared server that could be running an operating system such as Windows, Unix or Mainframe MVS. It is the responsibility of the operating system to store data, respond to requests for data and maintain security for that data. Once a user is authenticated to a Windows ADS domain with a specific user account, they have privileges that have been granted to that account. Such privileges would be to access specific directories at one or many servers, start applications, and administer some or all of the Windows servers. When the user authenticates to the Windows Active Directory Services distributed it is not any specific server. There is tremendous management and availability advantages to that since all accounts are managed from a centralized perspective and security database copies are maintained at various servers across the network. Unix and Mainframe hosts will usually require logon to a specific system, however the network rights could be distributed to many hosts.

· Network operating system domain authentication and authorization

· Windows Active Directory Services authentication and authorization

· Unix and Mainframe host authentication and authorization

· Application authorization per server

· File and data authorization

Transaction Security

Transaction security works from a dynamic perspective. It attempts to secure each session with five primary activities. They are non-repudiation, integrity, authentication, confidentiality and virus detection. Transaction security ensures that session data is secure before being transported across the enterprise or Internet. This is important when dealing with the Internet since data is vulnerable to those that would use the valuable information without permission. E-Commerce employs some industry standards such as SET and SSL, which describe a set of protocols that provide non-repudiation, integrity, authentication and confidentiality. As well virus detection provides transaction security by examining data files for signs of virus infection before they are transported to an internal user or before they are sent across the Internet. The following describes industry standard transaction security protocols.

Non-Repudiation – RSA Digital Signatures

Integrity – MD5 Route Authentication

Authentication – Digital Certificates

Confidentiality – IPSec/IKE/3DES

Virus Detection – McAfee/Norton Antivirus Software

Monitoring Security

Monitoring network traffic for security attacks, vulnerabilities and unusual events is essential for any security strategy. This assessment identifies what strategies and applications are being employed. The following is a list that describes some typical monitoring solutions. Intrusion detection sensors are available for monitoring real time traffic as it arrives at your perimeter. IBM Internet Security Scanner is an excellent vulnerability assessment testing tool that should be considered for your organization. Syslog server messaging is a standard Unix program found at many companies that writes security events to a log file for examination. It is important to have audit trails to record network changes and assist with isolating security issues. Big companies that utilize a lot of analog dial lines for modems sometimes employ dial scanners to determine open lines that could be exploited by security hackers. Facilities security is typical badge access to equipment and servers that host mission critical data. Badge access systems record the date time that each specific employee entered the telecom room and left. Cameras sometimes record what specific activities were conducted as well.

Intrusion Prevention Sensors (IPS)

Cisco markets intrusion prevention sensors (IPS) to enterprise clients for improving the security posture of the company network. Cisco IPS 4200 series utilize sensors at strategic locations on the inside and outside network protecting switches, routers and servers from hackers. IPS sensors will examine network traffic real time or inline, comparing packets with pre-defined signatures. If the sensor detects suspicious behavior it will send an alarm, drop the packet and take some evasive action to counter the attack. The IPS sensor can be deployed inline IPS, IDS where traffic doesn’t flow through device or a hybrid device. Most sensors inside the data center network will be designated IPS mode with its dynamic security features thwarting attacks as soon as they occur. Note that IOS intrusion prevention software is available today with routers as an option.

Vulnerability Assessment Testing (VAST)

IBM Internet Security Scanner (ISS) is a vulnerability assessment scanner focused on enterprise customers for assessing network vulnerabilities from an external and internal perspective. The software runs on agents and scans various network devices and servers for known security holes and potential vulnerabilities. The process is comprised of network discovery, data collection, analysis and reports. Data is collected from routers, switches, servers, firewalls, workstations, operating systems and network services. Potential vulnerabilities are verified through non-destructive testing and recommendations made for correcting any security problems. There is a reporting facility available with the scanner that presents the information findings to company staff.

Syslog Server Messaging

Cisco IOS has a Unix program called Syslog that reports on a variety of device activities and error conditions. Most routers and switches generate Syslog messages, which are sent to a designated Unix workstation for review. If your Network Management Console (NMS) is using the Windows platform, there are utilities that allow viewing of log files and sending Syslog files between a Unix and Windows NMS.

_________________________________

Shaun Hummel is the author of Network Planning and Design Guide and has a web site focused on information technology job search solutions and certifications.

Article Source: EzineArticles.com

Network and Security Monitoring: Study Shows Much Room For Improvement

Tommy P. Landry — Thu, 28 Jan 2010 18:10:04 +0000

Monitoring Optimization 2010 Report

A few days ago we announced the results of Monitoring Optimization 2010: Trends and Issues Surrounding Network and Security Monitoring from Enterprise Management Associates (EMA). We commissioned EMA for this study in mid-2009 because we found a significant shortage of available data regarding out-of-band / passive monitoring. Quite simply, we have been building out our product strategy with a particular approach in mind. This approach has been validated innumerable times by prospects and customers, but the smart strategist doesn’t build a product based strictly on anecdotal data or a myopic view of the world.

So we took matters into our own hands.

The most eye-opening findings from the study relate specifically to the widespread shortage of network visibility / coverage (81% reported they cannot achieve the visibility they need to monitor appropriately), and why your peers are unable to provide a complete view of network traffic to tools. Specifically, here is our take on the top three reasons for this problem:

Lack of access to important network traffic. This problem is primarily caused by the shortage of SPAN ports and Taps. With the “old” way, your peers have been forced to buy a new tool for every single network port that requires monitoring. However, you can only activate so many (typically two) before your switch performance degrades. When there is contention for ports, you either have to choose not to monitor certain protocols on some segments or trade off which tool gets access to the port. In the end, living with this problem, particularly in a down economy where budgets are tight, means you are volunteering to have a gap in your coverage.
Inability to Better Leverage Existing Tools. It amazed me to see that 72% of tools deployed by our respondents were either overloaded and dropping packets, or not used up to their potential. Let me say that again…72%. Nearly three-fourths. How much more could you do if you managed to save a quarter of a million USD? Finally upgrade some old switches? Hire another couple of employees? Come in under budget for a change? Make major strides in your transition to 10G? This really isn’t very hard to fix with Monitoring Optimization.
Lack of Staff or Key Skillsets. We heard this one loud and clear…your peers have been forced to take on multiple jobs, none of which they can focus on in as much detail as they’d like. Staffs have shrunk due to layoffs and attrition (often planned shrinkage), as well as a shortage of available qualified candidates when positions do come open. And the existing solutions to these problems are simply too difficult to set up, manage, and maintain for various reasons, not the least of which is a shortage of folks who can manage filtering within a command line interface. These trends are not short-term things; they’re here to stay. So you need to improve productivity and enable more of the team to take on tasks that only specialists owned in the past.

We were very pleased to see that EMA agreed with us about what is needed to fix this situation: Monitoring Optimization. But it’s not enough just to provide access to network traffic for your tools; there are several products out there that claim they can give you this benefit. The solution can’t be hard to use, particularly if can only be managed by network architects or other technical specialists. The CLI point is crucial, because while some of you are CLI advocates, most of us have neither the inclination nor the time to learn and master filter rule definition by line code.

Several competing solutions have followed our lead and come out with GUIs that claim to help make this easier. Just take caution, because not all GUIs are created equal. Most of the knock offs I’ve seen are simply pretty icing on a CLI cake.

Sure, you can do some easy dragging and dropping to manage connections and even set up simple filter sets in the GUI (most of which are only applicable if you are lucky enough to need them), but what happens when you really need to roll up your sleeves and do some heavy lifting? Hello CLI.

Why inject further headaches into this process? CLI puts the onus on you to code all the filter rules, maintain the code as various things change in your monitoring assortment, and to manually identify and address any issues with data sharing between multiple tools. Only a fully integrated GUI solves this problem; not a “reactionary” quick-fix to a competing product.

Enough soapboxing. You can read another summary about the research itself on Network World:

The blind side: What network monitoring tools don’t see (By Denise Dubie, Network World)

Our friends at the Love My Tool blog also gave their take on the study as follows:

“Real” Issues Facing Today’s Network and Security Professionals (by Tim O’Neill, OldCommGuy)

Thanks for reading!

Security and IT in 2010

Tommy P. Landry — Wed, 06 Jan 2010 20:00:44 +0000

Heading into the New Year, we have seen a slew of reviews for 2009 and previews of what various experts and pundits think will happen this year. On this very blog, we have even chimed in on several of the more interesting takes that we’ve seen out in the blogosphere and on the web itself. But what we haven’t done is give our take on where we think the big stories will come in 2010, so let’s attack that angle now.

In 2010, I predict we will see more of…

1. Malware for Mobile. Mobile has yet to be seriously attacked by cybercriminals and hackers, and the most likely reason is that they do not share a common OS or platform like PCs do. However, in the past year, we have seen accelerated adoption of the iPhone, new models from Google itself, and continued fragmentation everywhere else but with Blackberry products. With so many developers creating literally thousands of applications for the iPhone platform, it is only a matter of time before we start to see scareware and other malware. It’s officially time for Apple to get serious about security.

2. Social Media Mayhem via Social Engineering. Unless you’ve been living under a rock, surely you’ve seen all the FUD out there about how insecure social networking sites are and how the problem will only get worse. Why haven’t we seen a barrage of problems in addition to the few big roadbumps we’ve encountered to date? Two words – Early Adopters. Those of us who have been on social media services for years are usually the most technically savvy users out there. Now that the masses have come, the floodgates of scams and other social engineering trickery has officially begun to open. In 2010, I can’t see any reason it won’t start to get worse, and quickly. At least enterprises can fall back on social media policies, but consumers are in for some unpleasant surprises.

3. Meet Mr. Botnet Alpha Prime. Remember our old friend Conficker? Well, to coin a cheesy old cliche, “You ain’t seen nothin’ yet.” We’ve already seen variants of this beast’s descendents that not only take over systems for spamming, but also ping back to servers in various third world countries for code updates. Yes, botnets have developed counterattack measures. Don’t get used to the decrease in SPAM we saw when we made it past April Fools’ Day, because the next generation will take it one step further. Sigh.

Will Social Engineering Make Social Media More Risky in 2010?

4. Taking Advantage of the Cloud. No, this won’t be another panic-laden diatribe about how the cloud is not secure enough and we’re all going to have our identities stolen. Rather, I’m concerned not just about the ability of skilled hackers to decrypt private data and sell it on the black market. The problem comes from a combination of techniques, perhaps where pay-as-you-go cloud services are manipulated in order to hold companies hostage by damaging performance and skyrocketing data transfer costs. Think of the security implications in this scenario, and you can see that privacy concerns are only one of many. Now imagine they can do this to online banking or other financial applications, and there’s a lot at risk. One day the cloud will be a godsend, but for now, it’s still merely a work-in-progress that will pose new challenges, many of which we may not have even fathomed yet.

5. Data Breaches Squared. Remember all those security breaches we saw in 2009? Did they scare you? What did you do within your own data center and WAN to avoid a similar fate? Wrong-doers are increasing their sophistication every day. The techniques we’ve witnessed in the past year may already be on the radar, and you’ve likely put in measures to prevent them in the future. Doesn’t matter. Someone somewhere is working on a new way to break in, and these guys are getting smarter and (believe it or not) more organized as cybercriminals. I see similar or even worse attacks on the horizon heading into the new year.

There you have it…five predictions for IT security in 2010. What predictions do you have? Share in the comments and let’s exchange some ideas. And as always, thanks for reading.

Predictions for 2010: Breaking Down IDC’s Take for Data Centers and Service Providers

Tommy P. Landry — Tue, 15 Dec 2009 19:21:12 +0000

Continuing our end of year review of the various predictions from IT and networking thought leaders, today we turn our attention to IDC. For those of us who have been in high tech since the early 90s (or longer), IDC is a well-known entity. I remember working with them directly back in my days of fab planning and market research at Advanced Micro Devices, and they always offered a spin that made me take pause when interpreting trends and new developments.

The following commentary is based on IDC’s top 10 tech predictions: cloud and analytics, which just recently appeared on NetworkWorld.com.

The Maturing of Cloud: SLA Implications on Service Providers will Improve and Emerge
We’ve commented and covered criticisms regarding cloud security quite a bit on The Network View, and there has been a great deal of debate about this topic. Performance is another crucial piece to this puzzle. For enterprises to truly take the cloud seriously, we need to get performance and uptime to reasonable SLA levels, we need to determine the best and least “crackable” method by which to encrypt traffic that moves into and back out of the cloud, and business continuity / disaster recovery practices must be much more buttoned-down. Sure, I think it will only be a matter of time before we get there, but I remain skeptical that we will take this major step within the next 12 months. If you are privy to some data that will change my mind, I’d love to read about it in the comments.

The Tipping Point: The Inevitable Adoption of Social Media in Enterprises
I, personally, love this prediction and truly hope it will come to pass. The open issue is exactly what “adoption of social media in the enterprise” means. In all likelihood, it will not be a full tolerance and acceptance across the organization due to security concerns, particularly in the most conservative and old school of the corporations. What I envision in the near term is that corporate communications teams will be authorized to spread only approved messages and topics, much like PR is currently managed, only in real-time. In reality, it will take another year or two before we can reach critical mass of knowledge among enterprises regarding the best ways to enforce security measures, monitoring behaviors, and incorporate such traffic-heavy activities into the day-to-day management and optimization of network performance. In the meantime, here’s to your company not blocking Twitter, blogs, or other social media until they can get it figured out.

Converged Fabric and the Evolving Data Center
Data Centers have already been evolving, there’s no question about it. Now, with a massive shift toward reducing footprint and power consumption, consolidating equipment and applications, and generally making the most of reduced budgets, network operations and architecture teams are forced to look at new ways of managing the network – and all of this is happening as we are smack dab in the middle of a migration to faster 10GbE architectures in many companies.

Virtualization technologies deployed across FCoE (Fiber Channel over Ethernet) will provide outstanding abilities to dynamically manage bandwidth and server cycles. The cost savings and productivity improvements in the long term are obvious, but we need to be absolutely positive that complementary training and skillset growth are taken into account to ensure full enjoyment of the expected benefits.

The Dawn of the Enterprise Appliance
I’m not so sure the word “dawn” is the right analogy, as we already have quite a few different single-purpose hardware-driven solutions for monitoring and other activities. The key here, in my mind anyway, is how this plays with virtualization technologies. Since we can virtually manage bandwidth and storage already, and virtual machines can dynamically relocate based on server load, I’m a bit dubious that this actually makes sense in the long run (vs. implementing these single-purpose activities virtually). That said, aggregation and distribution technologies like Monitoring Optimization solutions will be even more important in a virtualized environment, particularly one where appliances become commonplace.

Okay, that’s it for me and my soapbox today. Hit me with your thoughts, criticisms, embellishments, or questions. And as always, thanks for your time and attention.

Data Centers: Top Issues for the Next Five Years

Tommy P. Landry — Wed, 09 Dec 2009 22:40:11 +0000

Data Centers: The next five years

Last week at the annual Gartner Data Center Conference in Las Vegas, key analysts overviewed the most important issues that data centers face in the next five years. As expected, rising energy costs and the movement toward “green” solutions was a primary topic, as was social networking technology. But there were several other hot topics which the responsible network operations professional should be pursuing.

Below is our take on eight of the top 10 issues, as raised by Gartner. As a refresher, the top 10 issues were virtualization; the data deluge; energy and green IT; complex resource tracking; consumerization of IT and social software; unified communications; mobile and wireless; system density; mashups and portals; and cloud computing.

Virtualization – As virtualization technologies continue to advance, adoption is accelerating. Savvy data centers have already begun implementing virtualized servers, and this growing trend is here to stay for a variety of reasons including dynamic server load management, a need to reduce power consumption, and fast growing network complexity.
The data deluge – Not a new issue, albeit an accelerating one, the vast amount of data that traverses today’s networks creates a variety of problems, from storage management to throughput to monitoring. And here’s the kicker…the problem will only continue to expand over time. Faster and more efficient network infrastructures (10G today, 40G and later 100G in the future) will help with throughput. Gartner’s automated tiering idea for storage holds water strategically, but not all data centers are poised to implement it in the near term. Monitoring is particularly concerning, as higher bandwidth tools are required, yet virtualized servers and applications can be a challenge to pinpoint for monitoring in dynamic environments. Advanced capabilities for data/traffic aggregation and filtering are not only “nice to have” in virtualized environments, but a must.
Energy and green IT – Not much to say that you haven’t already heard. When it comes right down to brass tacks, this is a cost saving move, and fortunately (for your corporate communications division), it can be leveraged for some positive PR. Given current global issues related to energy costs and environmental concerns, this trend is here to stay.
Consumerization of IT and social software – This is an issue that has grown significantly over the past year or two, and one that Gartner has said will continue this accelerated growth path over the next several years. Consumers are very interested in new technologies, and especially in the ability to control their own user experience. Coupled with a growing trend toward a distributed workforce, work-from-home privileges, and the vast volume of unstructured data that result from social web-based applications, we see consumerization as inevitable (and in some respects, a good thing).
Unified communications - UC has been touted as the grand vision for bringing all communications media together, and it most certainly has its benefits, idealistically. That said, the growing trend toward digitization of communications is a prerequisite to truly achieving this vision. Kudos to Cisco and other thought leaders in this area, because as we analyzed in our post about the Net Generation, real-time and cross-platform (even cross media) integration is exactly the type of capabilities the younger sect of the population desires.
Mobile devices like the Android now function like mini-computers

Mobile and wireless – Continuing on the idea that the younger generation wants pervasive connectivity and interaction, mobile and wireless are growing in importance by the day. This is yet another way that social technologies are forcing our hand at considering new strategies for accommodating user needs. Coupled with the desire for “real time everything”, we have seen mobile phones advance to the point where they can serve as mini computers. The key issues then are how to secure devices that are not physically attached to the network itself, how to accelerate performance over time as mobile network speed increases, and how to properly provision devices and connections. Brace yourselves, because the complexities that this will pose may not even all be known as of today.
Mashups and portals – Both similar in nature, in that they serve important content aggregation purposes, mashups and portals offer different challenges due to the nature of how they work. Of particular concern to us is the mashup concept, where not only content but code can be aggregated. The obvious problem is that you risk exposing yourself to untrusted code, not to mention potential copyright issues related to syndicating content that is not authorized for distribution and/or republication. Since browsers were not designed with mashups in mind, this is an issue that absolutely cannot be overlooked from a security standpoint.
Cloud computing – With all of the cost and efficiency benefits that cloud computing offers, cloud security remains a wild card. Two of the most common arguments about cloud security center around the access / authorization process and storage / transmission of sensitive data. Access can be a problem for anything that falls outside of your physical environment, but that is a lesser concern in our eyes than securing the actual traffic stream that transmits across the ultimate cloud…the Internet. It will be fun to watch how this all plays out in the coming months and years.

So there you have it, our take on eight of the 10 issues that Gartner said will be the most important to data centers heading into the second decade of this century.

We’d love to hear your thoughts on the issues and our commentary. Feel free to agree or disagree. Debates can be very useful in helping hone our viewpoints on all of these issues, so I truly hope this post sparked a new idea or thought for you.