“ Success depends on sound deductions from a mass of intelligence” -Winston Churchill New threats and new measures to counter them call for a reorganization of IT security teams so that they can focus on defending the organization from targeted attacks. It is only ten years since most enterprises established separate security teams to address vulnerabilities and deploy and maintain patches and virus signature updates as well as configure and maintain firewalls. To ensure that policies were created and enforced most organizations also created the position of Chief Information Security Officer (CISO) who enacted those policies and became responsible for ensuring that the organization was in compliance with standards and regulations. The rise of targeted attacks must be met by similar organizational enhancements. The terminology and titles are not important but the roles and responsibilities described here are required to mount an effective cyber defense. It is interesting to note that the Cheong Wa Dae (Korean President’s “Blue House”) has i nstituted a special Cyber Defense Team in reaction to concerted attacks on the computers of the G20 Summit Committee in Seoul. “ Since June, the government has been running a special cyber defense team to prevent attacks against major private and public computer networks. “ – The Chosunilbo Countering targeted attacks calls for new measures. One of those measures is creation of specialized teams that are not bogged down in the day to day tasks of blocking viruses and cleaning up machines. Here is my proposal for such an organization. Team Lead: Cyber Defense Commander The title may evoke a too martial image. Perhaps cyber defense team lead, or director of cyber defense, will be a better fit. But the idea of one-throat-to-choke in establishing a leadership role is an effective way to motivate a team and its leadership with the seriousness of its task. They must be instilled with the idea that they are targeted, under attack daily, and engaged in a battle to protect the organization from a malicious adversary. The cyber defense team replaces the traditional computer emergency response team (CERT) and will probably incorporate most of the same people. The cyber defense commander is responsible for establishing the cyber defense team, assigning and directing roles, making sure the correct tools and defenses are deployed, putting in place controls and audit processes, and reporting to upper management on the results of those processes, and audits. The cyber defense commander would also be the primary point of contact for communicating to law enforcement and intelligence agencies when the inevitable situation arises that requires outside help or communication. A large organization with divisions spread around the globe or separate large business units may well have cyber defense teams deployed in each division with their own leaders who report up to the cyber defense commander. (Call them lieutenants if you must but I am not going to take the military command structure that far.) The cyber defense team should have three primary roles: an outward looking role, an operational role, and an inward looking role. Each of those roles is described next: Cyber defense analysts are the intelligence gatherers. They study the threatscape with an eye towards emerging threats to the organization. Most organizations assume that because they have so many people in IT security that someone is looking out for the latest attack methodologies or tools, and even keeping tabs on the various groups that engage in cyber attacks. Unfortunately the operational aspects of IT security are too consuming to allow this type of outward looking focus. IT security practitioners are very inquisitive and attempt to keep up with the huge volume of information available to them at conferences, from vendors, and in the news. But their activities are ad-hoc and mostly voluntary. Would TJX have succumbed to an attack that entered through a WiFi access point in a store in Minneapolis if they had had someone staying abreast of the news who would have seen the exact same methodologies used against a Lowe’s store in Southfield, Michigan four years before? A team of cyber analysts working at a mining or oil and gas exploration company would have been alert to the news that the three largest such firms in the US (Marathon Oil, ExxonMobil, and ConocoPhillips) were compromised in 2008 . They would have had contacts within the community who would have given them a heads up. They would then have seen the 2009 attacks against BHP Billiton, Rio Tinto and Fortescue Metals Group , the major natural resources companies in Australia and analyzed those attacks for similarities. They would have raised a red flag that their own organization could be targeted as well and increased the vigilance of the internal teams. Cyber defense analysts assume the role played by counter intelligence agents inside most governments. They gain an understanding of the attackers and their tradecraft and advise those responsible for defending against them. As members of a cyber defense team these analysts will be responsible for: Understanding the state of the art in attack methodologies. They should research and understand the successful and attempted attacks against similar organizations. They do this through monitoring news reports, security research reports from the vendors including McAfee Labs , Versign’s iDefense team , Verizon’s Threat Report, F-Secure’s Mikko Hypponen , Symantec’s threat report , Sourcefire’s VRT , Fortinet Research , Infowar Monitor , IBM X-Force , as well as independent researchers such as Dancho Danchev , Brian Krebs , Nart Villineuve , and hundreds of others. Getting to know potential attackers and monitoring their activity. Is the organization a target for industrial espionage from competitors or state sponsored spies? Could a particular fanatic group, be it PETA, Greenpeace, Islamic Jihad, or a religious faction, be targeting the enterprise? Monitoring known attack sources and distributing the IP addresses of those sources internally for purposes of blocking and alerting. Communicating the threat level to the rest of the cyber defense team. Assisting in evaluating technology for internal deployment. A valuable methodology for the research is being developed by the Infowar Monitor team working at the University of Toronto. They dub their methodology “fusion research”, a combination of technical analysis, contextual understanding, and field investigations. Translating this into the activities within an organization would mean working with their peers to discover methodologies being used successfully against them, and the tools and defenses they deploy. It would also mean having an understanding of the industry they are in and the value of their information assets to various potential adversaries. Banks, long the target of cyber crime, and casinos, with vast experience fighting insider threats, have had this type of interaction with their peers for years. It is time for manufacturers, non-profits, universities, state and local governments to do the same. The second role within the cyber defense team is the operational role . Members of the cyber defense operations team must: Select and deploy network and host based tools to monitor activity, alert on unusual activity, block attacks, and assist in removing infections that have made it through all of the cyber defenses. Interact with the rest of IT operations to ensure that infections are quickly snuffed out and cleaned up. Engage in forensics activities to perform post mortems on successful attacks, gather evidence, and improve future operations. The members of the internal cyber defense team supplement the rest of IT operations. They are not responsible for the daily updating of servers and desktops or the distribution of AV signatures or maintaining firewalls. Their job is to discover and mitigate attacks as they occur. This is a 24x7x365 job. A primary responder must be identified for each evening, weekend, and holiday shift. They must be able to receive alerts, quickly gain access to the monitoring system, and take defensive action when an attack occurs. The third component of the cyber defense group is the Red Team . They look inward. They scan the network for holes in the defenses and new vulnerabilities. They engage in attack and penetration exercises to test defenses. They evaluate new IT projects to ensure that authentication, authorization, and defenses are included in the initial design all the way through to deployment. Each of these three roles has special tools that they should use to accomplish their duties. The cyber analysts make use of knowledge management tools to categorize and create linkages between disparate data sources. An internal wiki can serve as the basis of communication with the other members of the team. A sophisticated tool from Palantir Technologies can help them track sources of attacks, record data, remember IP addresses and malicious domains, and even keep track of the identities, affiliations, and methods associated with particular groups or individuals. The cyber defense operations team will use advanced packet capture, network behavior monitoring, application monitoring, and endpoint protection tools. Netwitness provides the best tool for capturing network traffic and applying filters that contain knowledge of attack sources, and other cross correlation capabilities. By deploying a network flow monitoring solution from Arbor Networks they can see changes in traffic patterns that are indicative of an attack. Guidance Software , known for its forensics tool kits has a cyber defense product that leverages the end point protection of HBGary to identify and remediate infections. FireEye is a network gateway defense against zero hour malware and blocks attempts to communicate with command and control servers operated by attackers. The cyber defense Red Team makes use of many open source tools to act as surrogate attackers. Nessus can be used for scanning for vulnerabilities it is open source and the basis of several commercial products most notably Tenable . Vulnerability scanning is also a function of the regular IT operations so it is important that the Red Team use a different set of tools than those used by operations. Core Impact is the most advanced commercial attack and penetration tool. The organization and duties of the Cyber Defense Team arise from the new threat of targeted attacks. There is a fundamental difference between defending against random attack from viruses, worms, and botnets and targeted attacks. When the viruses and worms are written to specifically infect an enterprise’s system and gain control of internal processes, communications, and data, traditional tools are ineffective and traditional organizations are at a loss. By assigning responsibility to a core team of cyber defense specialists the enterprise can begin to address their vulnerability to targeted attacks. This post is an excerpt from Cyber Defense: Countering Targeted Attacks (Government Institutes, 2011)
Archive for November, 2010
History On February 13, 2006, Garnett & Helfrich Capital established BLADE Network Technologies, Inc., as a privately held company from Nortel’s Blade Server Switch Unit, focused on serving the networking requirements of the blade server market. In 2008, the company introduced its RackSwitch line of top-of-rack 1-10 Gigabit Ethernet data center switches. The company customers include more than half of Fortune 500 companies across 26 industry segments, which represents an installed base of more than 220,000 network switches and over 5 million switch ports connecting more than 1,100,000 servers. Technology and products BLADE offers a comprehensive line of top-of-rack and bladed 1-10 Gigabit Ethernet switches for high-performance computing (HPC), multimedia (VOD, IPTV, VoIP), online gaming, financial analysis, security, cloud networking, Web 2.0 and other I/O-intensive applications. BLADE top-of-rack and blade server switches exemplify a set of rules for the data center known as Rackonomics an economical approach for provisioning essential server, storage and networking infrastructure that empowers enterprise data centers to control costs and contain sprawl while realizing massive scale-out economies. BLADE RackSwitch top-of-rack data center switch products leverage the company blade server networking heritage and unique focus on Rackonomics to perform with up to 12.4 less latency, 73 percent less energy and 6.5 better price/performance than comparable top-of-rack data center switches. BLADE Cloud Ready Network Architecture and the BLADE products that define it equip networks operated by enterprises and cloud providers with five essential elements high-bandwidth/low-latency switching, convergence to Ethernet, agile networking for virtual workloads, scalable management and advanced energy efficiency. RackSwitch BLADE RackSwitch is a 1-10 Gigabit Ethernet top-of-rack data center switch. BLADE RackSwitch product family extends virtualization by mirroring the benefits of server virtualization within the network at the rack level, saves energy through rack-friendly cooling and alleviates pain by removing complexity through simplified management and fabric convergence. RackSwitch is the only switch designed specifically for IBM iDataPlex, a custom-configured rack system featuring design innovations in cooling and efficiency to address I/O-intensive Web 2.0 applications and cloud computing. BLADE RackSwitch products include: RackSwitch G8100 and G8124 10G Low Latency Switches RackSwitch G8000 1-10G Aggregation Switch Blade Server Switches BLADE embedded Gigabit and 10 Gigabit Ethernet Switches are available for IBM BladeCenter, HP BladeSystem, NEC SIGMABLADE and Verari BladeSwitch to consolidate server I/O, enable network virtualization, and reduce data center complexity by adding network intelligence within the blade server chassis. BLADE switch modules for ude: BNT 10-port 10G Ethernet Switch Module BNT 6-port 10G Ethernet Switch Module BNT 1/10Gb Uplink Ethernet Switch Module BNT Layer 2-7 Gigabit Ethernet Switch Module BNT Layer 2/3 Copper Gigabit Ethernet Switch Module BNT Layer 2/3 Fiber Gigabit Ethernet Switch Module BLADE switch modules for HP BladeSystem include: HP 10Gb Ethernet BL-c Switch HP 1:10Gb Ethernet BL-c Switch HP GbE2c Layer 2/3 Ethernet Blade Switch HP GbE2c Ethernet Blade Switch BLADE switch modules for NEC SIGMABLADE include: NEC 1Gb Intelligent L2 Switch NEC 1Gb Intelligent L3 Switch NEC 10Gb Intelligent L3 Switch BLADE Network Management and Virtualization Software Products SmartConnect with VMready BLADEHarmony Manager BLADE Professional Services BLADEHarmony Professional Services offer tight integration of systems, software, services and support to enable rapid Planning, Design, Installation, Operation and Optimization for rack-level server environments. Management BLADE’s management team includes: Vikram Mehta, President and CEO Mark Verbeck, Chief Financial Officer Jim Sladek, Vice President of Finance Bob Murden, Vice President of Operations Shailesh Naik, Vice President of Sales Dan Tuchler, Vice President of Strategy and Product Management Tim Shaughnessy, Vice President of Marketing Atul Tambe, Vice President of Hardware Engineering Tim Chao, Vice President of Software Engineering and Advanced Technology Ardene Fullerton, Director, Human Resources Clive Surfleet, Advisor to CEO BLADE Board of Directors includes: David Helfrich, Partner, Garnett & Helfrich Terry Garnett, Partner, Garnett & Helfrich George Riedel, Chief Strategy Officer, Nortel Vikram Mehta, President and CEO, BLADE Network Technologies Ford Tamer, Ph.D., Operating Partner, Khosla Ventures Industries served BLADE primarily serves the IT markets in industries including finance, automotive, telecom, education, government, health care and defense. OEM partners BLADE has OEM agreements with the following vendors: HP IBM NEC See also Fibre Channel over Ethernet IBM BladeCenter References ^ http://www.hoovers.com/Blade-Network-Technologies,-Inc./–HD__jrkhsrkrs,src__dbi–/free-co-dnb_factsheet.xhtml ^ http://www.garnetthelfrich.com/pages/portfolio.html ^ http://www.bladenetwork.net/?pageid=600 ^ http://www.networkworld.com/news/2006/021306-nortel-server-blade.html ^ http://www.nytimes.com/idg/IDG_852573C400693880002574340063E75C.html ^ http://www.eetimes.com/news/latest/showArticle.jhtml?articleID=207400056 ^ http://www.frost.com/prod/servlet/market-service-segment.pag?segid=D980-00-0A-00-00&ctxst=FcmCtx1&ctxht=FcmCtx2&ctxhl=FcmCtx3&ctxixpLink=FcmCtx3&ctxixpLabel=FcmCtx4 ^ http://datacenterjournal.com/index.php?option=com_content&task=view&id=2486&Itemid=40 ^ http://www.tolly.com/DocDetail.aspx?DocNumber=208346 ^ http://cloudcomputing.sys-con.com/node/552090 ^ http://www.garnetthelfrich.com/pages/portfolio_mehta_bio.html External Links BLADE Network Technologies corporate web site Categories: Ethernet I am a professional editor from China Product, and my work is to promote a free online trade platform. http://www.himfr.com/ contain a great deal of information about linksys secure network , cisco gbic module welcome to visit!
Dell Introduces Virtualization Solutions, Enterprise Products and Services to Fast Track Efficiency New virtualization products and services simplify data center performance Dell improves technology efficiency for small-and-medium businesses with turnkey virtualization configurations, PowerEdge servers and advanced EqualLogic storage arrays New Dell PowerEdge R410 server brings 80 percent improved performance* to technical and high performance computing Dell expanded its enterprise technology portfolio to help organizations become more efficient through the innovative use of technology. The introduction of flexible and modular virtualization and data center consulting services, business-ready virtualization configurations, new Dell PowerEdge servers and EqualLogic PS4000 storage array will further simplify the planning, deployment and management of virtualized and physical IT environments. The expanded lineup attacks cost and complexity for two key areas of enterprise computing – virtualization and high-performance computing (HPC) – while providing differentiated solutions for small-and-medium sized businesses. Virtualization : Virtualization is at the heart of data center efficiency. Dell is delivering enhanced virtualization solutions and services to reduce planning time for a faster path to efficient infrastructures, accelerate virtualization adoption and simplify management of virtual environments. Improved Planning : Dell is introducing new flexible and modular virtualization consulting services. Dell’s technology accelerated Dell ProConsult offerings use electronic discovery, Web based surveys, best practices, comparative data and reference architectures for shorter, more impactful engagements. To help holistically optimize data centers, Dell is introducing a variety of consulting options aimed at reducing the cost to plan, manage and run them 
latform Optimization and Virtualization makes IT infrastructures more effective through an analysis of workload requirements, reference architectures and validated solutions. Dell virtualization services can dramatically reduce total cost of ownership, provision virtual machines in minutes instead of the weeks for traditional machines and help customers build a standards-based virtual environment. Data Center Planning and Management helps customers make IT investment decisions faster based on sound best practices and key technology insights rather than long-term, manual consulting engagements. Disaster Recovery helps customers plan and implement an effective and affordable disaster recovery program balancing people, processes and technology. Data Management quickly diagnoses problems and recommends proven storage solutions to help eliminate unused capacity, provision storage faster, and comply with internal policies and external regulations. Facilities Efficiency resolves space, power and cooling issues in priority order to help customers avoid expensive air conditioning upgrades and help reduce energy consumption. Fast Deployment : Two business-ready virtualization configurations simplify the design, procurement and deployment of virtual enterprise infrastructures. Data Center Virtualization Configuration: The unified virtualization platform with pre-configured architectures combines Dell PowerEdge M-series blades and EqualLogic PS6000 iSCSI storage technology, with Cisco Catalyst networking switches, VMware vSphere™ 4 and Platespin Migrate from Novell to achieve an intelligent, automated data center. Small and Medium Business Virtualization Configuration: The Dell virtualization configuration combines the PowerEdge R710, Dell PowerVault MD3000i, PowerVault DL2000 powered by Symantec for backup and PowerConnect networking technology together with Microsoft’s virtualization suite, including Windows Server 2008 Hyper-V and System Center Essentials and System Center-Virtual Machine Manager 2008, to reduce cost and simplify management of virtualization. Dell is announcing additional virtualization solutions including :Enhanced Hypervisors: Support for VMware vSphere 4 and Citrix® Essentials for XenServer™ 5.0, and will support Windows Server 2008 R2 Hyper-V to help customers deploy the latest virtualization software solutions. Dell now supports VMware vSphere 4 across 37 Dell PowerEdge platforms to help customers deploy the latest virtualization software solutions for both enterprise and small and medium business customers. VMware vSphere 4 helps customers of all sizes transform their datacenters into internal private clouds. Disaster Recovery: Dell EqualLogic Auto-Snapshot Manager 2.0 for VMware vSphere 4 simplifies data protection and recovery through automation and integration with VMware vSphere 4. It delivers “Always On IT” for reduced application downtime and data protection managed under a single pane of glass for simplified and affordable disaster recovery. Dell EqualLogic arrays integrate with the VMware platform through support for the VMware vStorage™ APIs, enabling disaster recovery support for VMware vCenter™ Site Recovery Manager and enhanced performance with the EqualLogic Multipathing Extension Module for VMware vSphere 4. Application Virtualization: Dell helps companies make critical decisions for virtualizing business applications with published best practices and validated workloads for Microsoft Exchange and Microsoft SQL Server applications for faster and more cost effective deployment. Simplified Management : Dell helps eliminate the complexity from managing virtual infrastructure by providing tailored management solution that best fit individual business needs. Dell Virtualization Management toolkit: A choice of Dell and partner management tools that include Dell OpenManage and EqualLogic storage management, with key systems management platforms such as Dell Management Console, Microsoft, Symantec, and VMware, so you can easily manage virtual and physical environments. Virtual infrastructure capabilities: Solutions from Novell and Vizioncore provide data protection with OEM virtual to physical, physical to virtual and physical to physical conversion solutions. Virtual Server Remote Monitoring and Reporting: Dell ProManage Virtual Server Remote Monitoring and Reporting helps to provide improved visibility into VM performance and determine average utilization for processor, memory, network and disk at the VM level for better virtual and physical asset management. It also provides complete end-to-end VM reporting, monitoring and management 24X7 by Dell’s Service Operations Center. As a result, IT staff can be freed up from day-to-day administrative tasks and focus on driving strategic company value. http://reviews-mann.blogspot.com/2010/02/final-fantasy-xiii-preview.html http://twitter.com/lizareckon http://www.google.com/profiles/mannzunty
Not to be confused with the remote control we use on our televisions, remote control software, also known as Remote Desktop Software or remote access software, allows a computer or internet enabled device to be accessed and controlled by a second computer or internet enabled device. This means that an iPhone user could easily log onto a (consenting) friend’s computer, take full control of their machine, and use it to access the web, play a game, or do any of a host of other things. The beauty of these products is that distance makes no difference to the quality of the connection. A user in Ireland may just as easily take control of a computer in the United States as they would one in the very next room. Some people use this software to look in on the security of their home or the safety of their pets while at work or on vacation. Others find the direct technical support these programs facilitate to be more in line with their needs. From the practical to the novel, there is certainly no shortage of applications for these remote access products. In this article we will take a closer look at how remote control software can be used to help people learn how to use computers, navigate the web and further their skills on certain programs. Let’s say a close friend of yours is a few years behind the times. They have finally decided to buy their first computer, but have very little working knowledge of them. This is where Remote Control Software comes in. Once you get past the initial step of guiding them through the installation and setup of the software, it becomes a very simple process – simply connect..and you’re done! Many find that the best way to utilize remote control software for these types of lessons is to simply ask the inexperienced user to complete a basic task, such as sending an email, and watch how they go about it via the remote connection. As soon as they go off the path or begin to make mistakes, you can easily take control for them and show them where they went wrong. This method of learning is very powerful and effective. Lessons learned in this manner have a stronger chance of sticking into long term memory, as there is a visual action and an instruction involved in the learning process. This software can also be used to teach the more advanced user. A difficult to master program such as Adobe Photoshop can present a challenge to even the most experienced and savvy user. By making a remote connection with a Photoshop expert, advanced techniques can be exchanged and learned. Rather than struggling through a tutorial or online guide, a direct connection that allows for interactivity and dynamic input is the smart alternative. Using Remote Access connections to learn these types of techniques can be extremely advantageous when considering the amount of money, time and frustration that can be saved. If you have a friend or family member that can use your help with a computer based application, tell them to load up some remote control software so you can teach them in a manner that will truly contribute to their skill set and help them to effectively assimilate the information.
VPS is considered to be the best option for those who are no longer content with using shared hosting. If your business has grown to a level where a shared hosting can offer you the kind of services that you need, then a virtual private server would be the best thing for you. A server like this would offer you better control over your hosted environment and would allow you to run your own software and scripts. It would also offer you more processing power and efficiency. With a shared account, you would not be able to control all the database and web server parameters. There are a few hosting companies that offer SSH or secured shell access which would make it easier for performing server maintenance which is another added benefit. Compared to all of the other types of hosting services that you would find, maintaining a virtual private server is definitely a lot easier. How Can You Benefit from It? VPS server can be used for quite a lot of different purposes. It would provide you the combined benefits of a dedicated and shared server. Also, the cost of this server is much lower than what you would have to pay for a dedicated server. You would be able to install any type of server on your operating system. It will also help you update testing for the insecure services. Given below are a few main benefits of using this service: * You would be able to access the website on software that would be developed for a specifically you so it would be completely different than the software that you would normally find in the market. While this facility would not really be available at large, it can be created for organizations and companies. * You would be given a mail exchanged which can be used for a messaging system which would have an email client as well as mail server. Groupware applications would also be included in this service. This type of service is mainly used for business settings. * You would also have a virtual private network. VPN is a network which uses infrastructure of public telecommunications like the internet for providing individuals with secured access or remote offices when they want to access the network of their organization. * You would also have the benefit of getting DNS. This is a server which defines the administrative autonomy, control or authority sphere in internet based systems. * Another service that is offered by VPS is for hosting websites. You would be able to offer hosting services to other websites and each website would have a different domain name but would have a single, shared server. These were some of the main things that a virtual private server would be able to offer you. considering all of the above points, it is easy to see why so many people today take the benefit of this innovative technology. If you are interested in taking your business to new levels, using VPS might be just the thing for you. To get more information about <a rel=”nofollow” onclick=”javascript:_gaq.push(['_trackPageview', '/outgoing/article_exit_link']);” href=”http://www.nqhost.com/”>VPS</a> and to find a host of other services, please visit http://www.nqhost.com/.
