Thursday, May 15, 2008 6:49 PM/EST
Yesterday, May 14, the PCI Standards Council, the body that oversees the PCI DSS (Payment Card Industry Data Security Standard) announced the formal timeline for releasing Version 1.2 of the specification in October of this year. PCI DSS was last revised in September 2006 and is still one of the most interesting security mandates in the IT industry. It is specific, it has no legal standing (i.e. it isn't mandated by legislation), and it carries clear and enforceable punishments for noncompliance. Version 1.2 eliminates some overlap in various parts of the standard. What exactly is in 1.2 will be revealed at a Webcast that I'll be attending and reporting on that will take place May 22. The standard tries to address the challenges of driving security into the previously unregulated consumer retail space where there is a high volume of relatively low-value transactions in which buyers and sellers can have...
Wednesday, May 14, 2008 4:10 PM/EST
Digging through my e-mail, I came across some analysis by Shavlik that summarized the company's findings of polls conducted in April at the RSA Conference and Infosecurity Europe. Shavlik makes security, compliance and update tools aimed primarily at Windows systems, so unsurprisingly, the poll results showed a need for the company's products. And just because this is so, the conclusions of the analysis coincide with a position that I've advocated for some time: that a well-managed network is a foundation of a secure network. The survey analysis supplied by Mark Shavlik, CEO of Shavlik Technologies, highlighted that "Companies are increasingly recognizing the need to automate operations in order to streamline compliance as an ongoing business process. But too many organizations still don't have a standard approach, which leaves gaps in their security infrastructure ... solutions that simplify, automate, and provide better control over security and compliance management." The survey results...
Wednesday, May 14, 2008 9:28 AM/EST
In my May 5, 2008, story package on Cisco's 4900M 10 Gigabit Ethernet switch, I listed some of the drivers that I thought would make this high-bandwidth, direct-connect networking necessary. Among the things I listed were application consolidation, large format media files and compute-intensive applications. May 14, Network Instruments will release survey results that looks at survey results for 10GbE network adoption, talking about switch-to-switch (as compared to the switch-to-server focus of my review and story package). The survey basically shows that 10GbE networks are being implemented around the world and that one quarter of respondents said they will have some 10GbE networking in place by the end of 2008. For IT managers, the other factor driving 10GbE implementation is the price per port. 10GbE port prices are driving downward. This week I'm set to spend a day with the engineers at Arastra in preparation for a review of the...
Thursday, May 01, 2008 3:16 PM/EST
There are two big 10 Gigabit Ethernet "drops" coming out of Interop (held in Las Vegas, April 2008.) The first is price and the second is power. I talked with switch maker Arastra, which announced general availability of its 24- and 48-port 10G Ethernet switches in the approximately $400 per port price range. Ed Khatuka from optical communications at JDSU (JDS Uniphase) told me about 10G Ethernet transceivers that are going from 15 watts to 5.5 watts of power per port. These price and power reductions can approach important thresholds for data center managers who are considering a migration path to 10G Ethernet direct-attached networks for servers and storage (the convergence of server and storage networks continued at Interop as well). Here's an Intel blog post that I found useful in explaining transceiver technology and the alphabet soup of terms used in 10G Ethernet networking. Other 10 Gig products that...
Wednesday, April 30, 2008 6:55 PM/EST
In order to give Cisco's Catalyst 4900M switch a run for its money, I took the unit to Ixia's newly inaugurated iSimCity test and measurement center in Santa Clara, where I subjected the switch to Layer 2 and Layer 3 tests, alongside a set of power consumption tests. I conducted performance tests on a 4900M unit that was outfitted with two WS-X4904-10GE half cards that each carried four 10 Gigabit Ethernet fiber ports. Taken together with the 4900M's eight fixed 10GE ports, this brought my test unit to 16 ports of full line-rate 10GE capacity. I generated test traffic with Ixia's Optixia XM12 IP performance tester chassis with six LSM10GXM3-01 cards that each had three 10GE ports. I conducted all of the tests in store-and-forward mode, in which the frame size was subtracted from the latency calculation to single out latency introduced by the 4900M. Our first set of tests...
Tuesday, April 29, 2008 10:34 AM/EST
Proper planning and implementation are vital to the success of any enterprise IT deployment, but these issues loom particularly large for a product such as Cisco's Catalyst 4900M switch, which is meant both to serve a foundational role in your network infrastructure and to change--through its swappable card slots--as your organization shifts from 1G to 10G Ethernet. For implementation advice and detailed pricing breakdowns for the hardware that I tested in my Catalyst 4900M review, I worked with representatives from the San Francisco office of FusionStorm, a Cisco Gold Certified Partner with offices across North America. To be clear, Cisco provided the actual 4900M that I tested and also provided special engineering support to help ensure that product testing proceeded expeditiously. As I learned while working with FusionStorm, some seventy percent of the hardware costs of the Cisco 4900M switch tied up in the half cards and transceivers that an...
Thursday, April 10, 2008 7:41 PM/EST
Cisco, Microsoft and the Trusted Computing Group for the third year in a row sat down and alternately hugged, kissed and politely swatted at each other. This is the second year I've attended the RSA session on the future of NAC -- which is intentionally not spelled out because the acronym means different things to Cisco and the rest of the world. The bottom line is that NAC (network access control or Network Admission Control) is a noticeable but still relatively undersized part of the security market, despite years of media and marketing attention. According to Lawrence Orans, an analyst at the Gartner Group who has spent the last five years tracking NAC, the market in 2007 was estimated at about $250 million compared with about $3 billion spent on firewalls and about $750 million spent on IDS (intrusion detection systems). The theme set forward by Orans was "overcoming obstacles...
Tuesday, April 08, 2008 7:54 PM/EST
San Francisco (4/8/2008)--The "Mitigating Virtual Machine Security Vulnerabilities" panel with newcomer Fortisphere, old-timer Configuresoft and nonprofit security adviser the Center for Internet Security was so popular that RSA officials had to turn away hundreds of attendees. I'll summarize the most important things that system and network managers should consider when securing virtual machines, but first let me say that Fortisphere is one of the most interesting companies at RSA. I had a chance to sit down with Fortisphere's Chris Farrow yesterday in a private briefing. In a nutshell, Fortisphere tags VMware virtual machines with a kernel-level driver so that the machine and any children that are cloned or snapshotted from the VM can be tracked as it moves around the virtual environment. OK, so here's what came up at the panel. Watch guest-to-guest communication. Can your IDS or firewall products secure against guest communication on the same host? Most likely...
Tuesday, April 08, 2008 1:28 PM/EST
Moderator: Burt Kaliski, Scientist, RSA Laboratories and Director, EMC Innovation Network 10:25 RSA Conference, San Francisco, CA 4/8/2008 Panelists: Whitfield Diffie, Vice President and Fellow Chief Security Officer, Sun Microsystems Martin Hellman, Professor Emeritus of Electrical Engineering, Stanford University Ronald Rivest, Viterbi Professor of Electrical Engineering and Computer Science, MIT Adi Shamir, Professor, Computer Science Department, Weizmann Institute of Science WD: [We're seeing a] call to action where there should be a call to question. Instead of a call based on a Cold War approach. The essential problems of building secure crypto systems seem for all practical purposes to be solved. We've worked on it for 80 years. We have a pure barrier objective that stands. On the other hand, Internet security is a mess. Gossler at Sandia Nat'l labs says the adversary sits on the other side and picks at your infrastructure. In information assurance, the development cycles in...
Tuesday, April 01, 2008 5:05 PM/EST
I asked Adam Bosnian from privileged access management maker Cyber-Ark what sessions he thought would be interesting at RSA. He's going to the application security sessions. In years past, he's seen these sessions focus on application coding security tools to look for buffer overflows or other coding errors that could create a security risk. I'll also be interested to see if, because of SOA, app makers will focus on making apps while leveraging security products such as Cyber-Ark's newly announced Enterprise Password Vault 4.5 to take care of access management. This isn't the first time I've heard a security company talk about wanting to see app makers give over access management to a specialized company instead of building access management from scratch. And the features in the latest version of Enterprise Password Vault include a verification process that checks the stored password with the credential used on the target system...
|
|
