Welcome to the Frontpage Since 1981, Computer Technology Review has been an authoritative source on data storage and network technologies. Today, we cover emerging technology and solutions in ediscovery (or e-discovery), compliance, virtualization, data security, backup, and disaster recovery. http://www.wwpi.com/index.php?option=com_content&view=frontpage Sun, 23 Nov 2014 00:17:11 +0000 Joomla! 1.5 - Open Source Content Management en-gb Hackers Are Winning at Hide-and-Go-Seek http://www.wwpi.com/index.php?option=com_content&view=article&id=17746:hackers-are-winning-at-hide-and-go-seek&catid=322:ctr-exclusives&Itemid=2701741 http://www.wwpi.com/index.php?option=com_content&view=article&id=17746:hackers-are-winning-at-hide-and-go-seek&catid=322:ctr-exclusives&Itemid=2701741 altby Steve Lowing

Massive customer data breaches create urgency around managing endpoints and improving detection capabilities.

As information and security technology professionals, we have an insider’s view when news about massive data breaches makes the front page. But think about it from the customer perspective. How many times in the last year have you had to change your credit card number and the autopay accounts linked to it? With the rise of massive credit card data breaches at big box and online retailers, consumers are routinely exposed to the risks of identity theft, fraudulent credit card charges, and theft of bank account funds due to compromised PIN numbers. Conscientious consumers may feel they are on constant alert, checking their accounts daily, changing passwords, and minding where they shop. Even if they aren’t this careful, consumers feel stressed and inconvenienced.

kim_borg@wwpi.com (Kim Borg) frontpage Thu, 20 Nov 2014 00:52:58 +0000
Five Tipping Points for Moving to a Next-Generation Manager of Managers (MoM) http://www.wwpi.com/index.php?option=com_content&view=article&id=17738:five-tipping-points-for-moving-to-a-next-generation-manager-of-managers-mom&catid=331:ctr-exclusives&Itemid=2701750 http://www.wwpi.com/index.php?option=com_content&view=article&id=17738:five-tipping-points-for-moving-to-a-next-generation-manager-of-managers-mom&catid=331:ctr-exclusives&Itemid=2701750 altby Ken Fuhr

Two decades ago, on the cusp of the Internet bubble, a technology dubbed “Manager of Managers”(MoM) burst on to the scene. These systems promised a “single pane of glass” that would aggregate streams of telemetry (events/alarms) emitted by myriad routers, servers, databases and applications across sprawling IT infrastructures by applying rules and filters to help determine the root cause of failures.

These legacy MoMs worked well enough back then – but that was long before virtualization, mobile, cloud, DevOps and so many other innovations that completely up-ended historical models of IT.

kim_borg@wwpi.com (Kim Borg) frontpage Tue, 18 Nov 2014 17:00:50 +0000
Building Beyond the Buzz: Infrastructure Virtualization in the Cloud http://www.wwpi.com/index.php?option=com_content&view=article&id=17730:building-beyond-the-buzz-infrastructure-virtualization-in-the-cloud&catid=317:ctr-exclusives&Itemid=2701734 http://www.wwpi.com/index.php?option=com_content&view=article&id=17730:building-beyond-the-buzz-infrastructure-virtualization-in-the-cloud&catid=317:ctr-exclusives&Itemid=2701734 altby Adam Leventhal

Vendors attach descriptors like “virtualization”, “cloud” or “big data” to such a wide variety of products that the terms have been stretched too far to fit snugly on any comprehensible definition. Hype plays no small part. Who would want an iDisk when iCloud now stores your data in “the cloud”? The appeal of “software defined storage” is clear compared with storage defined by what? Godless hardware? More recently we’ve been asked to contemplate the “data lake” — a far more idyllic descriptor for undifferentiated data more typically thought of as massing in heaps and piles.

The datacenter is undergoing a major redistricting. Underlying the hype are major changes for consumers and the enterprise. The terms are confusing because we’re still struggling as an industry to describe the precise parameters of those changes. Indeed while the general direction is clear, the best path is debated, and the destination is only vaguely known. The primal pieces of IT are not changing — persistent storage, computation and communication. The way those pieces are packaged, assembled and managed are changing dramatically. Cloud storage is still persistent storage, and virtual machines still execute programs. We’re changing how we define those abstractions, where the lines are drawn between the components, the interfaces to them, and the management of them.

kim_borg@wwpi.com (Kim Borg) frontpage Tue, 11 Nov 2014 16:29:46 +0000
Generating Standardized Reports on Unstructured Data from Multiple Sources http://www.wwpi.com/index.php?option=com_content&view=article&id=17709:generating-standardized-reports-on-unstructured-data-from-multiple-sources&catid=331:ctr-exclusives&Itemid=2701750 http://www.wwpi.com/index.php?option=com_content&view=article&id=17709:generating-standardized-reports-on-unstructured-data-from-multiple-sources&catid=331:ctr-exclusives&Itemid=2701750 altby Sergey Sinkevich

Empowered by present-day technology, the pervasive necessity to enter new analytical dimensions dictates an urge for handling multi-source, multi-format data in a standardized and well-organized manner. End users want the ability to determine patterns and reveal tendencies in the avalanche of data right from their laptops or mobile devices. This holds particularly true for such industries as pharmaceutical, healthcare or defense, where objectives of decision analytics go far beyond accurate market analysis or profound understanding of sales trends.

But what does it take to confront the diversity of data formats (we are talking about dozens and hundreds of types) and bring them to a unified presentation? Below are the three steps to that should be taken from effective data aggregation, through analysis and consolidation, to ready-to-use information.

kim_borg@wwpi.com (Kim Borg) frontpage Tue, 04 Nov 2014 16:55:21 +0000
The Importance of Data Analytics in the Fight against Advanced Persistent Threats and Cybercrime http://www.wwpi.com/index.php?option=com_content&view=article&id=17690:the-importance-of-data-analytics-in-the-fight-against-advanced-persistent-threats-and-cybercrime&catid=322:ctr-exclusives&Itemid=2701741 http://www.wwpi.com/index.php?option=com_content&view=article&id=17690:the-importance-of-data-analytics-in-the-fight-against-advanced-persistent-threats-and-cybercrime&catid=322:ctr-exclusives&Itemid=2701741 altby Jeff Frazier

Home Depot’s recent announcement that a cyber-attack led to a data breach, compromising the credit card data of some 56 million customers, placed the home improvement retailer at the top of a list that no organization wants to be on, but which an ever-increasing number occupy: companies whose IT systems have been hacked, and whose customers and constituents have been victimized.

From organized crime targeting financial services organizations, to state-sponsored theft of trade secrets, to terrorists targeting critical infrastructure, it seems no company or institution is immune from advanced persistent threats (APTs) – targeted cyber-attacks by unauthorized persons or entities on specific targets and conducted over long periods of time to avoid detection.

A recent report from software maker MacAfee and the Center for Strategic and International Studies estimated that APTs and cybercrime cost the world economy between $400 and $575 billion. The report’s authors are blunt: “Cybercrime is a growth industry.”

kim_borg@wwpi.com (Kim Borg) frontpage Thu, 23 Oct 2014 17:21:49 +0000
Five Steps to Protect Your Data http://www.wwpi.com/index.php?option=com_content&view=article&id=17658:five-steps-to-protect-your-data&catid=322:ctr-exclusives&Itemid=2701741 http://www.wwpi.com/index.php?option=com_content&view=article&id=17658:five-steps-to-protect-your-data&catid=322:ctr-exclusives&Itemid=2701741 altby Roy Peretz

Most organizations have already been hacked or been victims of data theft (internal or external), whether they know it or not – or know it and haven’t been willing to acknowledge it. Many are operating in specific regulatory environments, but aren’t in full compliance, leaving them vulnerable to lawsuits or even criminal prosecution.

Data is data is data. It doesn’t matter where it’s located – cloud or local – or its format – structured, unstructured, semistructured, but if you don’t know what it is, where it is, and who’s touching it, you cannot protect it.

kim_borg@wwpi.com (Kim Borg) frontpage Mon, 06 Oct 2014 18:19:44 +0000
If Virtualization and Clustering Are Just Plumbing, How Do I Keep My Datacenter from Clogging Up? http://www.wwpi.com/index.php?option=com_content&view=article&id=17648:if-virtualization-and-clustering-are-just-plumbing-how-do-i-keep-my-datacenter-from-clogging-up&catid=319:ctr-exclusives&Itemid=2701738 http://www.wwpi.com/index.php?option=com_content&view=article&id=17648:if-virtualization-and-clustering-are-just-plumbing-how-do-i-keep-my-datacenter-from-clogging-up&catid=319:ctr-exclusives&Itemid=2701738 altby Carl Berglund

While virtualization and clustering technologies were developed to solve a range of datacenter challenges, the infrastructure they create is much like the plumbing inside the walls of a building. Done right, modern plumbing delivers hot and cold running water on demand. Similarly, when the datacenter is done right, critical business applications are always available. The problem is that the evolution of virtualization and clustering technologies has clogged up the datacenter with overhead that is increasingly complex and expensive to manage, without actually making applications more available. By necessity, the focus has turned so much to the infrastructure that we’ve lost sight of the goal.

kim_borg@wwpi.com (Kim Borg) frontpage Tue, 30 Sep 2014 15:06:23 +0000
The Race to Free Comes with a Price for Enterprises http://www.wwpi.com/index.php?option=com_content&view=article&id=17638:the-race-to-free-comes-with-a-price-for-enterprises-&catid=317:ctr-exclusives&Itemid=2701734 http://www.wwpi.com/index.php?option=com_content&view=article&id=17638:the-race-to-free-comes-with-a-price-for-enterprises-&catid=317:ctr-exclusives&Itemid=2701734 altby Arthur G. Chang

Traditionally, many businesses regarded “free” with a healthy amount of skepticism. But more recently, with the consumerization of IT proliferating amongst employees, many in the enterprise are grabbing onto the wave and turning to lower cost – if not free – options, especially for apps such as file sharing. The trouble is, many businesses become too focused on cutting costs and lose sight of the potential hidden costs in these “free solutions.” These are costs that could result from challenges such as security, compliance, and availability, to name a few.

kim_borg@wwpi.com (Kim Borg) frontpage Tue, 23 Sep 2014 22:54:50 +0000
Enhancing Network Security with Physical Layer Management http://www.wwpi.com/index.php?option=com_content&view=article&id=17627:enhancing-network-security-with-physical-layer-management&catid=322:ctr-exclusives&Itemid=2701741 http://www.wwpi.com/index.php?option=com_content&view=article&id=17627:enhancing-network-security-with-physical-layer-management&catid=322:ctr-exclusives&Itemid=2701741 altby Pat Thompson

Infrastructure and network security systems are fine as far as they go, but they don't provide visibility into the state of the physical network. For complete security, network administrators need to know who is connecting to the network at any given time, where they are connecting, and how they are connecting. Physical layer management (PLM) systems enhance network security and allow administrators to know how, where, and when there have been changes or modifications to the physical network.

Physical Network Security Challenges
The physical layer of the network (cables and patch panels) is often ignored when it comes to documenting and managing the network. But without knowledge of where cables are and what they connect, network administrators are at a loss to prevent physical network attacks or even know if and where they occur. Someone can simply unplug a patch cord, insert a rogue monitoring and collection device, and then plug in a new patch cord connecting that device to the patch panel. The network management system shows that the network is down for a few seconds, but it comes back up, operating normally, so the event is ignored.

These internal network attacks are more worrisome than some might think. While external, Internet-based attacks by third parties get all the press, it is estimated that 63 percent of network attacks are done by the victim’s own employees, and that 30 percent of those attacks are physical access attacks.

PLM Systems and Network Security
Physical layer management (PLM) systems are Cyber Physical Systems (CPS) and address physical security problems by electronically documenting the physical layer of the network and maintaining real-time knowledge of the state of the network. CPS standards are developed by the National Institute of Standards and Technology to bring traditionally passive equipment and standalone PLM systems to a common standard for intercommunications and features. In a PLM network, the ports of the patch panels and the endpoints of patch cords are being continually monitored. PLM systems and their approaches have evolved, keeping pace with advances in technology, network architecture and operational needs. Each approach and technology advancement has improved the security posture of the physical layer network. Some of the more established approaches to PLM are:

Inference (Presence Detection) – in this approach, the ports on a patch panel will detect the insertion (or removal) of a device and report that something has been inserted (or removed). This system relies on an inferred process: you connect port A first, port B second, port C first and port D second, and it assumes you’re going to do it in order, one patch cord at a time. If that process is not followed, the data becomes inaccurate. In the event of a man-in-the-middle attack, there is no way for the system to tell if the patch has been restored by the same cable, or even to the same position as they system does not know the origin or destination for any of the cables. Also, because the system does not physically monitor the patches, the system would not detect any changes that happened during a power down period.

Ninth wire – a Ninth wire is a wire that runs along the length of a patch cord like a security loop. It tells the network administrator that point A is connected to Point B, but offers no detail about what is making that connection from A to B. If anyone breaks the connection, an alarm goes off. In the event of a man-in-the-middle attack, where someone inserts themselves within the circuit to monitor traffic such as financial transactions, capturing passwords or credentials to access critical information, there is no way to identify that the patchcord has been replaced by the same cable. In case the patch has been moved to another port in an attempt to steal data, the system can tell you exactly which port the patch has been moved to.

Connection point identification (CPID) – this approach uses a chip in the end of each connector with a serial number that identifies the connector and the patch cord it is associated with. The two chips on the ends of a patch cord have the same base serial number, but they also have a designator that tells one end of the patch cord from the other. When the cord is plugged in, the patch panel knows where the cord is and where the two connection points are. With CPID, the system always knows exactly which connector is where and if anything changes in that circuit path, including a different connector being inserted. The user will know immediately when circuit changes take place. The CPID chip also contains information about the performance of the cable assembly. It tells us whether it’s single-or multi-mode fiber, Cat6 or Cat6A cable. If a technician grabs the wrong cord and plugs it in, the administrator can see there’s a cable mismatch and can stop cable mismatch problems before they occur. In the event of a man-in-the-middle attack the system will alarm you in all possible cases where the connector is removed, replaced by another connector or moved to a different position, even telling you when the system was powered down when the change happened.

PLM systems have event monitoring and alarming capabilities. When a particular patch cord is inserted or disconnected the system identifies the problem. This helps administrators quickly identify and respond to physical network breaches and accidental circuit disconnections. All systems offer different degrees of data and it is key to integrate the solution to your business processes to ensure your network is up and operational.

PLM and Physical Security
With the PLM system in place, the administrator can see if someone changes a patch cord to reroute a signal or runs a man-in-the-middle attack, because the administrator knows that the original connector has been disconnected, and that a different connector has been plugged in.

Another means of attacking the physical layer is by making unauthorized changes and enabling other circuits. Even if you have documentation saying that Switch Port 1 goes to Outlet Office 1, if a person has access to the wiring closet, he or she can make changes in the patching and route those signals to another location. A network tech would have to physically respond and trace the cable to figure out where it’s been rerouted. That takes about 50 minutes, during which time someone has the chance to attack the network. With PLM, the administrator can see when someone plugs in a patch cord and introduces a new connection to the physical layer, and can quickly direct the network tech to the precise location.

From an intruder security or uptime security standpoint, you want network changes conducted when and where they are scheduled and you want to know when anyone is making any changes to the network. The PLM system monitors port connectivity at all times. Whenever a change is made that resolves the end-to-end points of that circuit, you’re getting that feedback in real time.

PLM Alarming
A full-featured PLM system offers a number of different ways to send out messages. It can send e-mail to specified users so they can shut down a circuit or physically audit the breach. The system can also send notifications through e-mail to the company’s security department, so, for example, if a surveillance camera goes down or a rogue device is connected they can send someone to address it.

In addition, the PLM software can interface to other network management systems. It can use APIs that connect to other applications so that there could be a rule that when an unauthorized device connects, the network management system turns off that port. A more sophisticated rule could shunt the rogue user onto another network and set him or her up for capture by security personnel.

There are many types of PLM solutions that provide a range of visibility and control to the physical layer network. By delivering information about the state of the physical network, and bringing the physical layer under the same visibility as management systems do for Layers 2-7, PLM systems complete the network security picture. Having a system in place to identify accidental and intentional connections and disconnections will allow you to identify when and where circuit changes occur and mitigate any service downtime and security risk.

Pat Thompson is director of global product management at TE Connectivity.

kim_borg@wwpi.com (Kim Borg) frontpage Tue, 16 Sep 2014 16:50:39 +0000
Going Beyond SDN and NFV for WAN http://www.wwpi.com/index.php?option=com_content&view=article&id=17617:going-beyond-sdn-and-nfv-for-wan&catid=334:feature-articles&Itemid=2701754 http://www.wwpi.com/index.php?option=com_content&view=article&id=17617:going-beyond-sdn-and-nfv-for-wan&catid=334:feature-articles&Itemid=2701754 altby Steve Woo

At the macro level, new innovations in wide area networking (WAN) are being triggered by at least four broad-based trends:

  1. 1. Migration of business-critical applications to the cloud (SaaS, PaaS, IaaS, etc.);
  2. Increase in the number and distribution of branch offices, the number of mobile workers, and the speed of deployment desired;
  3. Expectation by employees that they will have high-quality anywhere, anytime access to enterprise and cloud applications, with high bandwidth; and
  4. Concerns about security by IT administrators who are losing visibility and policy control over network traffic being routed over public broadband links.

Software-defined networking (SDN) and network functions virtualization (NFV) have been touted as new ways to address these macro trends. Although often used in conjunction with one another, SDN and NFV are not joined at the hip technologically; they can be applied independently. For the vast majority of enterprises, however, SDN and NFV—separately or together—are not sufficient to adequately address the trends pressuring today’s distributed enterprises.

kim_borg@wwpi.com (Kim Borg) frontpage Tue, 09 Sep 2014 16:58:02 +0000