Network Access Control products are another craze for IT departments. The purpose of these new products are to manage access to the network. However, to do so some considerations need to be taken.
First, NAC is policy driven. Each policy has two parts: conditions and actions. Conditions are specific information used to determine the appropriate access and actions allowable on the network. The configuration of the computer and user information are examples of conditions that may be found within a policy.
Actions use conditions to determine the appropriate control of a system. In typical binary fashion, policies have two actions for the conditions covered: accept or denial. For instance, if the configuration matches the minimal acceptance level for the network, the computer is allowed access to the network; if not, the computer can be redirected to a update site or given limited access, usually Internet only.
The purpose of the NAC is to secure the network from attacks. Working in conjunction with common anti-virus, intrusion, and authentication applications, NACs work at the network edge to identify if the computer linking to the network is compatible. Similar to ensuring inoculation before going to foreign counties, the NAC will survey a computer for the right configuration and if it doesn’t exist, recommend the appropriate update. If the user declines the recommendation, they are given restricted access to the network.
So say you were able to access the full functionality of the network yesterday, but today, you seem limited: consider that a security patch was not installed and your NAC is compensating. Just install the patch. The problem is that dozens of patches may be required at any given time. Gone a week? When you come back, connecting to the network may take a few minutes ensuring that all the updates are installed so you can connect.
For the system administrators, the NAC requires management of a number of policies; providing direction for every possible situation that may occur when a computer connects to the network.
NACs are not a bad tool: they are quite useful. They simply are a small product with a big mission.
Read Full Post »
Hi everyone,
Just a quick post to promote our elearning site (www.theartofservice.org), as there has been quite a few questions regarding the programs there. To summarise:
- We offer the ENTIRE ITIL V3 certification pathway online. You can do all the programs required (Foundation, Intermediate Managing Across the Lifecycle) to attain your ITIL Expert certification.
- These programs have been accredited by EXIN, so there is NO extra programs needed in order to gain your certification.
- We offer package discounts to clients wishing to customise their pathway towards their ITIL Expert certification.
- All programs come with narrated flash presentations (for content), additional resources and exercises + exam preparation resources.
Have a look now at www.theartofservice.org to see what is on offer and view the preview program to see how the programs are delivered.
So far we have helped over 2000 clients achieve their ITIL certification via this site, and it definately feels good to give people a cost-effective option in the current economic climate.
Best wishes,
The Art of Service
Read Full Post »
Hypervisors are small bits of code that enable the creation of an abstract layer within computing. This is the basis for most efforts in virtualization. The greatest critique to virtualization is security and hypervisors are the first agents to providing security. Below are some notes on hypervisors and security concerns:
Not every hypervisor is created equally. VMware is a completely proprietary, meaning that it is developed and tested inhouse before being released for use. Xen utilizes an open-source community to vet and test the product. Because of the open collaboration, the Xen product has fewer lines of code which will result in fewer potential problems with the code.
Hyperjacking is the worst problem with using hypervisors. The term refers to the subverting the hypervisor to plant malicious software within the abstract layer which can potential provide access to the entire virtual platform which may be utilized by several customers in the form of guest OSs. The trick is to maintain hypervisor integrity while making each guest OS ‘think’ they are the only system that has access to the physical layer. Most of this is done through a series of privilege checks, specifically on transactions between the abstract layer and the physical layer. A widely adopted standard for building trust between the abstract and the physical layers is TPM, or Trusted Platform Module.
The abstract layer has most of the same security issues as a physical LAN or SAN. More so in some ways. Most threats come from internal traffic because they don’t pass through external firewalls where many of the security checks are perform as traffic enters the network. Fortunately, the risks are manageable with a little extra physical capacity, performing migration drills on virtual services and maintaining patches and updates.
A virtual machine is still a machine. Though obvious, it’s not as easy to put this fact into practice. A few rules applied in this context can reduce the amount of exposure given to threats. Disable emulated devices that are unnecessary, including virtualized features and services on the host and guest platforms. They can be made available when required and turned off at disconnect. Find where critical components like third party device drivers reside – within the hypervisor where they performance increases but are slightly more vulnerable or at a higher layer. Adopt ‘least privilege’ rules to who has access to virtual network segments, thus reducing the attack surface exposed.
Bottomline: A hypervisor is simply a tool for IT – understanding what it can and cannot do will assist in fulfilling any security plan you should already have in place.
Read Full Post »
Nearly twenty years have gone by since the World Wide Web was introduced. Only ten years have gone by since the dot.com bubble. Pretty amazing when you consider that the glass mirror was introduced 800 years ago.
Today, the glass mirror is Web 2.0. All the hype may just be a lot of smoke for business. Commercial uses of Web 2.0 technologies are in full swing, but can they or should they be used in business. With proper planning, maybe.
Blogs are extremely useful tools for disseminating information out. The subscription features allow continuous updates to be sent to interested parties whenever the blog is updated. For business, the greatest concern is ensuring that the number of blogs that are supported is limited. Three opportunities seem the most likely uses of a blog: management to employee updates, departments like IT to employees, business to customers. Most other uses may be deemed extraneous and hinder productivity.
Compared to Facebook or MySpace, social networking has little use in business. However, the concepts behind social networking are valuable for creating learning organizations. On the technical side, mashup APIs can prove very valuable in facilitating communications internally and with customers.
Virtual environments are excellent places to host internal meetings that are more interactive than voice or videoconferencing, at a much lower price. The same is true for wikis for knowledge generation.
Web 2.0 technologies can provide interactivity on the web, but should only be used on web pages that change frequently or requesting customer information.
For companies that have already ventured into Web services, Web 2.0 is an excellent next step. For others, develop your strategy before selecting the solution.
Read Full Post »
Today’s IT solutions are becoming more imaginative than ever before. But who can really complain? Better allocation of space, performance, and cost savings, the groundwork is being laid for the next generation of applications and systems to appear on the horizon, if they don’t already exist.
Virtualization is probably the most imaginative solution found in IT circles these days. The basis for virtualization is the creation of an abstract layer on top of the physical layer of the computing platform that looks and acts just like the physical layer of computers, applications, and the like. The difference is that the abstract layer can handle 10 times the amount of processing, data storage, transferring and other computing tasks than what can be handled by a purely physical solution. You can’t get rid of the physical layer, but virtualization expands what the physical layer can do on its own.
At the heart of this abstract layer is a small amount of privileged code called hypervisors. Not all virtual machines utilize a hypervisor design, such as desktop VMs and Microsoft’s virtual server offerings, but some of the more prominent virtualization tools do: Vmware ESX, Intel Vpro, Virtual Iron and XenEnterprise.
Not only do these hypervisors provide the foundation for this abstract layer, they provide the initial point of security too. For this reason, some things should be known about hypervisors that can be found in part 2
Read Full Post »
Despite all the processes and applications and publications related to running effective data centers, the underlining motivator for any data center lies in three important outputs: Availability, Capacity, and Security. Everything else about a data center has some role in ensuring that these three outputs of the data center are delivered. Go ahead and argue the point: but of all the operational concerns that can be found in a data center, if one of these three points are below standard or missing than the how environment is vulnerable.
Here’s why:
For any business that uses a computer system from a single laptop for a home business professional to hundreds to thousands of servers strung across the world for a large corporation, if the system is unavailable than no work can be done. The longer work is detained, the harder it is to recover. One goal of IT operations is ensure that the system(s) remain available at all times.
In our modern age, a tremendous amount of information is created, transferred, stored, categorized, shared, duplicated, and the like. In the end, this information and the way it is used will require attention to be placed on the capacity of data storage. As more data is sent from person to person, the capacity of the network also becomes an area to monitor. The more applications that a company uses creates capacity demand for storage and bandwidth. The lack of capacity simply translates into lost data and performance problems for most systems.
Of the three, security is the most pervasive requirement for most IT environments. If the data is available or can be stored properly, the data is no use to anyone if it is compromised. Lack of security can take away the availability and capacity of a good network or desktop..
Read Full Post »
Just around the corner is this year’s itSMF conference in Sydney. We will be there of course, so if you are coming along then be sure to say hello. I’ve copied in the email for early bird registrations below, so if you were thinking of coming make sure to get your ticket at the discounted price.
See you there!!!
NO PRICE INCREASE! $1890 ex GST
EARLY BIRD REGISTRATIONS CLOSE JUNE 30!  
18 – 20 August 2009 SYDNEY EXHIBITION AND CONFERENCE CENTRE
Hosted by itSMFA, the Conference theme “Power On” – reflects the constant need that IT has to do more with less, the changing role of IT from service provider to business enabler and to explore the new value add that exists in the exploration of ITIL V3.
| High level value at last year’s price!
More than ever now is the time to meet IT professionals and practitioners at all levels. Use your budget effectively - register now and don’t pay until the next financial year.
Download the full program
 |
All conference materials will be available on a convenient USB stick.
At this year’s event all presentations and valuable whitepapers will be put on USB sticks for you to take away. No more endless bits of paper to wade through – find what you are looking for quickly and easily. |
Booking a group of 6 or more? Your special price is $1417.50 ex GST per person.
As a conference special and only until 30 June, book a group of six and each registration is discounted. That’s a saving of $2,362.50! |
|
Read Full Post »
Virtualization is one of the most talked about technique used by IT departments. The premise behind is simple; perform virtually what IT departments have been trying to do physically by emulating The platform. The benefits are so enticing that many IT professionals jumped into adopting the fray head-on. Some issues still needed some refining and some large IT companies were questioning the merit.
Than last year about this time, Gartner instigated a whole new level to the argument by stating the obvious – virtualization opens IT to new opportunities for attack. The truth of the situation is the systems with virtualization are open to more attacks and different attacks. But that’s the same problem for any new innovation. And the actions required to create an attack are not much different from any other attack on network, system, or application.
The solution to the problem is as obvious as the problem: careful management of the architecture. Plan migrations meticulously. Put in the proper security policies. Make sure access controls are in place, the most sensitive information with the most stringent rules in place. Ensure all changes to the environment are going through change management.
Management of virtualization may be more intensive, which may prove to be more of a benefit because proper management can free up resources from doing the mundane and repetitive work that is often required in a data center. Some risks still exist with virtual environment, but proper management of those risks can ensure that the systems and data on those systems are protected.
Read Full Post »
Part 3 of 3
The ability of creating a social network is given to the participants of the system, not management. The success of the system is usually determined by the number of networks found. Though this may not guarantee the quality of the output from these networks, it does demonstrate the effectiveness of building participation which is the basic objective of social networking.
Building participation is done through encouraging use. To this end, three opportunities are exploited: participation, identification, and creativity.
Participation is not restricted to someone joining a network. This can be done by anyone. The basis of this opportunities is what can be done by joining a network. Most of the tools and systems available to a single network will be available to all networks, such as email, instant messaging, calendaring, event planning, collaboration and the like. The more that can be done as a participant, the more exposure the participant has to what’s going on within the network.
A key driver for participant is identification, primarily with other participants along interests, goals, or function. In systems where participants have a limited number of groupings to identify with, the less participation that will occur. In social networking, the goal is to provide a wide rage of possibilities for individuals to identify themselves with other individuals. Increase the capacity to increase these possibilities, as well as identifying existing possibilities, and creating a social network is much easier.
Creativity completes the aesthetic component of creating social networks. The truth is nobody wants to work with a system that is boring and hard to use. The look and feel of the system is a great marketing tool for participation. The ease of working with others is another consideration to take on. The ability to personalize the interface into the social network allows the participant the ability to add to the creativity of the system – an appealing method of encouraging activity.
Whatever the solution for creating groups and linking them together, ensure that it promotes participation identification, and creativity.
Read Full Post »
Part 2 of 3
Implementing social networks into a business context requires building on three concepts: participation, identification, and creativity. But why would a company be interested in this approach.
The answer is simple – to encourage collaboration and innovation. In what depends on the network, the strategic objectives of the company, and the participation in the network. Some benefits from such networks can range from finding huge savings in how business is done to consistent and effective communication of critical issues. Some of the more prominent benefits are:
- Quicker and more effective decision making
- Developing new capabilities
- Identifying and using best practices
- Standardizing services
- Increasing talent
- Avoiding mistakes
A more restrictive implementation of the social network is the community of practice. A concept from knowledge management, a community of practice specifically focuses bringing people together who have similar goals while reaching for those goals. The primary difference between the concepts of communities of practices and social networks is how groups are created. Communities of practices are typically created administratively through the identification of a business need or existing group. The decision to create the community is made through management.
Social networks may start as communities of practice, but eventually the power to create a group lies in the participants, not management. With this ability, a participant can create a group and start encouraging other individuals to join.
Read Full Post »
