Archive for February, 2010

What We’re Reading, Week of 2/22

Posted: February 26, 2010 in Highlights…
Cloud VPN Services Can Take the Bite Out of SSL VPN Gateway Expenses
Jessica Scarpati says that while the cloud is a big leap for network engineers, cloud VPN services are popping up and may be a fit for enterprises that can’t afford or can’t properly maintain an expensive global remote access infrastructure. End users traveling overseas and trying to gain access to the enterprise’s SSL VPN gateway at corporate headquarters are frustrated with an inconsistent VPN. Organizations will need a VPN they can rely on and eventually may turn to a cloud VPN service.

Insecure about Security…
What Will be Hot at RSA 2010?
Jon Oltisk discusses his predictions for what the hot topics at this year’s RSA Conference will be. Network security will be a major topic, especially since ESG’s research indicates that this is the biggest security priority for most large organizations. Endpoint security, identity management, cloud security, data security, and cybersecurity will also be focused on.

RSAC 2010 Guide: Network Security
Mike Rothman put together a guide for what we can expect to see from network security at next week’s RSA Conference. The four main areas of interest for network security include application awareness, the ability of devices to decode and protect against application layer attacks. Speeds and feeds, which may come down to who has the biggest and fastest box. Many organizations’ perimeter networks are messes so they will be looking at consolidation and integration. With the understanding that some classes of attacks cannot be detected in advance, forensics and full packet capture gear will also be high profile at this year’s show.

Can’t believe the RSA Conference is just a week away!  As you may already know, NCP will be exhibiting at the show again this year, and we’ve been quite busy preparing for it.  This year we are holding a panel session on network access technology and doing technical demonstrations of our enterprise VPN management solution.  Below is some information on what we’ll be doing at the show.

Our panel session on is taking place on Wednesday, March 3 @ 10:40 a.m. in the green room 130.  It will be moderated by Dr. Bruno Quint, founder and managing director CORISECIO GmbH, and sitting on the panel will be NCPs Jörg Hirschmann, CTO, Rainer Enders, senior systems engineer and Rene Poot, senior solution specialist.  They will be discussing hot topics such as, IPsec vs. SSL VPN—which one is the right one?, mobile users and remote access and the do’s and don’ts of network architecture.

If you can’t make the panel session, swing by NCPs booth (#1541)—our technical guys will be around giving demonstrations of the NCP Secure Enterprise Management System and showing how companies are rethinking remote access.

If you’re at the show, be sure to stop and say hello.

What We’re Reading, Week of 2/15

Posted: February 19, 2010 in Highlights

Network Security Blog…
Responsible Disclosure Panel at RSA 2010
Martin McKeay will be participating in a panel at this year’s RSA Conference, taking place in San Francisco, CA.  The panel of industry experts will discuss exactly what responsible disclosure means to them and what responsibilities they owe each other. For a preview of what’s in store for the panel, check out this podcast where the experts they lay out the basis for their stance on responsible disclosure. If you are planning to attend RSA this year, make sure to stop by NCPs panel session on today’s remote access challenges and network technologies on Wednesday, March 3 at 10:40 a.m. PT in Green Room 130.

Security Uncorked…
Hosting a NAC and Endpoint Security Session at RSA 2010
Also at RSA this year, Jennifer Jabbusch will be hosting a peer-to-peer session on Network Access Control (NAC) and endpoint security. The discussion will focus on world case studies, an exploration of technical roadblocks and a dive into vendor-specific solutions.

NY Times Personal Tech…
Safe Travels for You and Your Data
In this article, Riva Richmond offers some tips for keeping your data protected while you are on the road. Before using a computer in a cybercafé or hotel, ask what security measures are in use and if they reset their computers after each user so unauthorized programs are removed. She suggesting backing up your data, especially personal and business documents since laptop theft at airports is so common. There are also risks when using public Wi-Fi so Riva stresses the importance of using a firewall as well as a secure VPN.…
How to Implement Secure, PCI-Compliant Access Controls
Dave Olander, President and CEO at Xceedium, discusses the six attributes that next-generation access control systems need in order to meet both the letter and the spirit of the PCI DSS. They are: right-size permissions based on a zero trust model, implement fine-grained enforcement, integrate audit capabilities to validate controls, automate all the requirements from access to audit, deploy an identity-aware infrastructure, and create backward and forward compatibility.

A few weeks back, Google instituted an emergency update to its corporate VPN, which led to many questions whether the network was compromised—Google states “no”, however, timing suggests otherwise.  All of the discussions, questions and disorder got us thinking… if Google had to issue an ’emergency VPN update’, perhaps the rest of corporate America should be rethinking their remote access to prevent any similar occurrences from happening.

In the case of Google, simple passwords could have been used to access the network, however, if two factor authentication and network access control (NAC)—or as we like to call a ‘pat-down’—were in place this simulation would have been much harder to pull off—even if phishing grabbed some passwords.  Forrester analyst, Chenxi Wang made some interesting observations on her blog—her initial analysis was that the attackers gained access to Google’s server via its corporate VPN, from a Microsoft browser vulnerability that was exploited.  Some employees’ desktops were compromised, and the attacker used these compromised desktops via Google’s VPN to get to some of the servers.  Google ‘clarified’ this later, stating that the method of access, at some point, may have involved VPN, but does not agree with the characterization that “the compromised client used their corporate VPN to gain access to the servers”.

Touching on the fact that the victim’s machine was running IE 6, an outdated browser, Chenxi suggests that the machine may not have been a corporate managed machine.  If this is indeed the case, Google’s should be rethinking their remote access policies, and enable employees to use personal devices that are secured and managed.  This idea is similar to former Forrester analyst, Natalie Lambert’s concept of BYOPC (Bring your own PC)— employees are going to use whatever device they can to access the network, and probably break many security policies while doing it.  Instead of restricting machines that are able to access the network and taking a chance and running to in a situation that Google had on their hands, companies can support a variety of devices, whether it be Windows 7, Windows Vista (32/64 Bit), Linux, Mac, Symbian, Windows Mobile etc. AND secure them.  It seems that Google’s technology was restricting employees’ practices because the system could not handle it, which by and large caused an emergency update to the entire corporate VPN infrastructure.

This emergency update caused a connectivity disturbance for more than 24 hours, which affected work flow and productivity.  A better VPN management system might have played a significant role for Google.

Follow this discussion on Twitter: @VPNHaus

What We’re Reading, Week of 2/8

Posted: February 12, 2010 in Highlights

Endpoint Security Info…
Endpoint Security: Playing it Smart
This post discusses that effective security is about playing it smart, which involves seeing what could happen and preventing it.  If devices such as iPods, USB sticks, netbooks, smartphones, and cameras, are helping you work better and making your life easier, then you should be using them. The idea is to know what threats they pose and how to prevent them.  One way to increase safety is to use a VPN client.

Washington Business Journal Blog…
Technology Delivers New Challenges for Snow Days
In this post, Jennifer Nycz-Conner discusses that in the past if there was a snow day it meant having a day off, but that has changed now that telecommuting is an option. People are expected to work, and be just as productive as they would be in the office. The ability to work remotely is great during emergencies such as snowstorms, especially when you can plan in advance. For anyone who does take advantage of telecommuting, we recommend connecting to your company’s network through a secure VPN.

Insecure about Security…
People May Be the Weakest Link in the Server Virtualization Chain
Jon Oltsik discusses a recent webinar on virtualization he participated in along with Extreme Networks and Microsoft. The 113 audience members were asked two polling questions. The first question was which of the following factors is holding your organization back from using server virtualization more prominently throughout the enterprise? 42% said lack of virtualization skills/knowledge within IT. The second question was, as you move forward with virtualization, which of the following IT groups need to become more educated and involved in the project? 72% said networking group, 52& said server group, and 45% said security/compliance group.