Enterprise IT Watch Blog

August 31, 2010  6:30 AM

Keeping up with the Jones’ Wireless Network

Melanie Yarbrough Profile: MelanieYarbrough

Wondering what brands IT experts trust in the trenches of enterprise IT and at home? IT Knowledge Exchange members answered the call.

Mr. Denny uses AT&T’s U-verse offerings, a cable modem, router and WiFi all in one, while relying on Cisco’s WiFi Linksys and routers and switches at the office. Jinteik‘s been through the gamut at home, from D-Link and Aztech modems, D-Link switch, Netgear 3-in-1 and TPLink 3-in-1, but at the office he’s a Cisco switch guy. At home, Shanekearney daisy chained a 24-port Cisco 2950 switch to a Cisco DSL router, while dealing with a mixture of 3Com, Cisco, D-Link and Netgear at work. He’d rather work in an all Cisco environment since he knows the CMD line arguments already.

Monkez prefers SpeedTouch at home due to its ease of configuration, but he also recommends 3Com switches if bandwidth isn’t a major concern at home.

Asishqupta uses D-Link or Linksys (Cisco) at home and Cisco at the office. Carlosdl‘s company uses 3Com and Cisco.

Dvord2569, our winner of the 150 knowledge points, uses Linksys RVS4000 at home and hosts web/mail/etc. with it. His only complaint? The lack of support and documentation; it took him a while to track down a software update. At work he happily relied on WatchGuard Firebox x750e until software updates after 9.1 disabled the ability to easily provide proxy and filter reports. Dvord2569 quips, “Apparently WatchGuard subscribes to the M$ model of removing features as you ‘upgrade’ the product.” As a result, his latest buildout will be WatchGuard XTM 22 because “it simply provides all the features I need without bleeding me dry with subscriptions, being overpriced, or limiting the number of LAN nodes that can use it.” Thanks for such a thorough analysis, Dvord2569!

Yasirirfan is a Cisco man himself and recommends Linksys internet routers for SMBs. Learnteach is fortunate enough to have a Cisco partner at the enterprise level, providing his company with great support and discounts. He also likes Adtran and Juniper, but believes that Cisco performs superior on all fronts: training, knowledge base, troubleshooting help, SMB products, and support.

Mitrum wraps up a common sentiment: CISCO only.

Melanie Yarbrough is the assistant community editor at ITKnowledgeExchange.com. Follow her on Twitter or send her an email at Melanie@ITKnowledgeExchange.com.

August 30, 2010  3:32 PM

WIPS is better than WHOOPS

Kevin Beaver Kevin Beaver Profile: Kevin Beaver

AirMagnet recently released a whitepaper entitled Wireless Clients in the Crosshairs that delves into the subject of client-side vulnerabilities and wireless intrusion prevention systems (WIPS).

The paper focuses on one of the greatest problems we see with wireless networks, yet something that doesn’t get the attention it deserves. I like this line from the introduction: “wired security systems do little to protect against this over-the-air malicious traffic.” True, true – something that’s often overlooked. The paper goes on to say “the majority of Wi-Fi threats occur, and are only detectable, in the air, and the majority of evolving hacks and vulnerabilities revolve around end-user client devices, not enterprise APs.”

This is actually something I’ve seen over the years whereby the focus has been on the APs, similar to the original focus we had on firewalls when it came to network security. As wireless networks have matured, it’s no longer enough to focus on vulnerable or rogue APs alone. Instead, we have to look at everything, end to end.

The paper also covers the wireless hacking tools KARMA and MDK3 – both of which can spell bad news for your airwaves. Overall, the paper doesn’t take the same old approach to locking down the airwaves but instead talks about wireless network threats that we still have – even with all the fancy encryption and related security controls at our disposal – and how WIPS can lock things down once and for all. Definitely worth checking out.

Kevin Beaver is an independent information security consultant, expert witness, author, and professional speaker with Atlanta-based Principle Logic, LLC and a contributor to the IT Watch Blog. He can be reached through his website at www.principlelogic.com.

August 30, 2010  10:03 AM

Why IT always gets picked last at dodgeball

Melanie Yarbrough Profile: MelanieYarbrough

I’m reading through David Croslin’s Innovate the future: A Radical New Approach to IT Innovation, and it provides me with a better picture of how IT departments should fit into businesses versus how they actually fit in. I’m reading the book in a non-linear fashion, and today I’ve stumbled upon what Croslin refers to as the “Big Bang Cycle of IT.” Essentially it’s one big, inefficient pendulum that swings back and forth between centralized IT and decentralized IT. It seems IT is the odd man out in businesses, but why?

Croslin points a finger at the odd man himself, the IT department. Insert another “but why?” here. Well, if IT considers itself an integral part of the product delivery chain, which Croslin says it is, it should be acting like it: “It is the supplier’s responsibility to make sure the consumer understands what they are paying for and that the consumer is happy with the purchase.” In other words: Speak up for yourself!

Though the general connotation associated with IT is that it’s isolated work, troubleshooting and creating solutions in a locked, dark data center, that image is changing as budget concerns cause a dwindling of the IT population. As far back as 2004, IT World’s Siobhan McBride said that “[t]o survive this transformation, IT executives will need to be able to manage business processes and relationships, rather than focus on technical expertise.” But is IT any closer or better at managing business in addition to technical aspects?

Some tips from Croslin

1. Don’t be afraid of a little PR: Be aware of how the enterprise perceives your IT department and position yourself as an innovator.

2. A little more PR: What’s at the heart of PR? Why, spinning negatives into positives, of course! If there are inefficiencies in IT, document and communicate why they exist and how they can be improved. Rather than simply being the wet blanket, provide solutions to move forward and proof that you have the company’s best interest as your own. Are budget cuts and layoffs hindering your ability to provide innovative solutions? Document staff changes along with changes in productivity.

3. Remain indispensable: Worried about your department or specialty being outsourced? Make it an impossibility not only by providing better solutions and products, but also by making your indispensability evident.

Want to go more in-depth with Croslin’s advice for staying on top of your game in IT? You’re in luck: Innovate the Future: A Radical New Approach to IT Innovation is this week’s free IT book giveaway!

Melanie Yarbrough is the assistant community editor at ITKnowledgeExchange.com. Follow her on Twitter or send her an email at Melanie@ITKnowledgeExchange.com.

August 26, 2010  6:04 AM

WEP: Only one letter away from ‘weep’

Kevin Beaver Kevin Beaver Profile: Kevin Beaver

Having worked on both sides of the security assessment table, I’ve seen the challenges associated with reducing certain risks that show up on assessment reports. I’m a strong believer that unless – and until – there’s reasonable business justification for plugging a security hole, don’t waste time/effort/money doing so. The goal should be to fix the security problems that serve as the low hanging fruit first. Once you gain your momentum with information risk management and have the basics under control, then you can address the other – less pressing – concerns.

But what about Wired Equivalent Privacy, or WEP?

WEP encryption is low-hanging fruit, perhaps the lowest of the bunch. It’s implementation of encryption has had known exploits for nearly a decade. A decade! Yet time and again I see networks “protected” with WEP. Sure, many people with wireless networks aren’t even aware of the issues related to WEP. Home users, small business owners, enterprise employees, whatever – ignorance is no excuse. That is if you want to take reasonable steps to keep things locked down.

Of those who are aware of the weaknesses with WEP, I think the general perception is that only elite hackers with expensive tools can crack it. Not true, there are free tools and there are commercial tools. Both of which are very affordable and simple to use. Beyond that there’s the all-too-common fallacy: Even if the bad guys were to get in, we don’t have anything on our computers that they’d want. An awfully dangerous mindset, to say the least.

Like unencrypted laptops and mobile storage, I suspect we’ll continue to see WEP-based wireless networks for some time to come. What’s it really going to take to get people to buy into the dangers? Probably the passage of time and a few lessons learned the hard way.

Kevin Beaver is an independent information security consultant, keynote speaker, and expert witness with Principle Logic, LLC and a contributor to the IT Watch Blog.

August 25, 2010  1:21 PM

Oldie but goodie wireless security resources

Kevin Beaver Kevin Beaver Profile: Kevin Beaver

With any responsible wireless network deployment comes security. Securing the access points, securing the computers and securing the communication sessions in between. With enterprise APs, wireless IPSs and related systems well beyond their adolescence, many enterprises have used them to their advantage and have this wireless security thing down pat. But based on what I see in my security assessment work, there are easily just as many that don’t.

Here are a few of my wireless security tips I’ve written for TechTarget, my blog, etc. that can help you ensure you’re on the right track with wireless security … once and for all:

Wireless insecurities aren’t going away – but that’s OK

Locking down laptops that connect to hotspots

Do you really need a VPN for secure wireless LAN communications?

Mobile security: Setting responsible goals

Mobile security: Top oversights

How to (ethically) hack wireless networks (webcast)

Wireless security blog posts

Finally, check out my book that I co-authored with Peter Davis: Hacking Wireless Networks For Dummies. Peter and I wrote this book over five years ago yet 95% of the concepts, hacks, and hardening tips we cover still apply.

Here’s to secure Wi-Fi!

Kevin Beaver is an independent information security consultant, keynote speaker, and expert witness with Principle Logic, LLC and a contributor to the IT Watch Blog.

August 24, 2010  6:58 AM

Put him in, Coach: 802.11n is ready to play

Kevin Beaver Kevin Beaver Profile: Kevin Beaver

If you read the vendor press releases and marketing slicks, you’d think that 802.11n was the bomb. It’s faster, it’s more powerful – it even has more antennas for goodness sake! Shouldn’t that mean something to the average techie? Maybe so, but I’m just not seeing it.

The 802.11n draft has been out, for what, three years now and we’re approaching the one-year anniversary of the “final” amendment. But where is 802.11n? I’ve yet to see any of my clients deploy it. I’ve yet to see it at any Wi-Fi hotspots – including large hotspot deployments such as airports. I’ve yet to see it when driving around town. It’s just not out there. Maybe it’s just me not looking hard enough.

Better yet, maybe 802.11n is the Windows 7 of networking: Not a lot of market penetration just yet, but if we wait and see – it’s coming? Given how the market works, perhaps once existing a/b/g equipment is replaced in the future, 802.11n will be the only viable alternative. Who knows?

I suspect some larger enterprises, universities and businesses with a heavy reliance on Wi-Fi are rolling out 802.11n and loving it. I’m just not seeing it. What about you?

Kevin Beaver is an independent information security consultant, keynote speaker, and expert witness with Principle Logic, LLC and a contributor to the IT Watch Blog.

August 24, 2010  6:09 AM

Access Denied: 7 Steps to Crafting NAC Policy

Melanie Yarbrough Profile: MelanieYarbrough

There are many phases to creating a wireless network, from planning to deploying. But concerns for your network don’t end there; beyond initial set up and deployment is management and security. One of the big monsters in network security is the end user, so security and network management begin with securing and managing who has access to your network.

Determining the Placement of Your Network Access Control

When choosing a method for Network Access Control (NAC), consider the following:

1. Level of security:

  • User identity management versus just the computer’s identity.

2. Network infrastructure versus endpoint-based approach (server software on appliance v. network switch):

  • Network-based systems boast better centralized control, easily set enterprise standards, and NAC protection for remote users accessing the VPN.

3. Depth of network monitoring:

  • For endpoint security: Check PC at login only or continuously monitor the whole time it’s on the network?
  • Consider the lesser of two costs: NAC monitoring costs versus fix costs for malware or break-ins.

The most important part about crafting your NAC policy is Continued »

August 23, 2010  1:18 PM

How to unlock a hotspot near you

Kevin Beaver Kevin Beaver Profile: Kevin Beaver

Here’s an interesting wireless startup: KeyWifi. The company’s slogan and apparent mission is “Unlocking hotspots near you”. It’s actually a neat idea. It puts accessible and underutilized hotspots to good use and helps the world by creating “positive fiscal, social and environmental results”. The premise of their business model is join their system and supply hotspot access and/or join their system and rent hotspot access … all for a fee. If you’re a supplier and can get a few users on board your system, suddenly it’s paying for your Internet access. With users, it offers a way to get online without having to pay full price for broadband. Pretty cool.

I won’t be a supplier or a user because I know the bad things that certain – often “trusted” – people can do when using your Internet connection or examining your wireless network traffic. But for those who live more “openly” or are absolutely certain that their computers and communication sessions are locked down, I could see KeyWiFi working – especially where there’s not a Starbuck’s or McDonald’s around offering free Wi-Fi.

Certainly worth keeping an eye on.

Kevin Beaver is an independent information security consultant, keynote speaker, and expert witness with Principle Logic, LLC and a contributor to the IT Watch Blog.

August 18, 2010  9:09 AM

I Know Why the Uncaged Bird Tweets: Wireless Pros on Twitter

Melanie Yarbrough Profile: MelanieYarbrough

While you’re scrolling through Twitter on your Wi-Fi network, have you considered who the unsung heroes, fighting the good wireless fight everyday, are?  No need to panic; we’ve got you covered. From wireless networking enthusiasts to journalists to high performance Wi-Fi vendors, we’ve got the Holy Grail of a Twitter feed (well, for wireless anyway).

Your Average Wireless Joe

@wifi_guy: He patrols Twitter for Wi-Fi news and is an active participant in #WirelessWednesday.

@sniffwifi: Ben Miller is an independent contractor performing all kinds of wireless-related work in the Los Angeles area.

@bionicrocky: A self-proclaimed geek, wireless guy and cryptonerd, Rocky Gregory tweets about all things wireless and then some.

@KeithRParsons: Keith Parsons founded Wireless LAN Professionals, a community for WLAN pros. He’s worked exclusively with WLAN for the past eight years and has access to myriad resources and contacts.

@joelbarrett: Joel Barrett works as a wireless network architect for Cisco. He also keeps a personal blog ranging in subjects including wireless networking.

@CWNP: The official Twitter of CWNP, Inc., the “IT industry standard for vendor neutral enterprise Wi-FI certification and training.” Get the latest in WiFi news and daily definitions.

@GlennF: Glenn Fleishman is a freelance journalist and blogger who regularly blogs about Wi-Fi technologies at WiFiNetNews.com (@WiFiNetNews)

@jameyk1stner: Jamey Kistner is a Certified Wireless Technology Specialist (CWTS) who tweets about wireless news and takes part in #WirelessWednesday.

@jenniferlucille: Jennifer Huber is a wireless engineer interested in Wi-Fi mesh technology. She’s working toward Wireless CCIE, and blogs about it regularly here.

@MarcusBurton: Marcus Burton writes about Wi-Fi and is a CWNP tech guy.

@joswr1ght: Joshua Wright is a hacker, wireless security analyst, SANS instructor and blogger at Will Hack for Sushi.

Check out vendor(ish) Tweeters after the jump. Continued »

August 17, 2010  4:12 PM

Why storage’s ‘safe vendors’ shouldn’t be

Guest Author Profile: Guest Author

Think you’ve made a safe storage decision by going with a trusted name? Think again. Today’s guest post is from Roger Kelley, aka @storage_wonk, who is the principal architect at Xiotech, blogger at StorageWonk.com and one of our featured storage Tweeters.

Of all the challenges faced by Information Technology (IT), purchasing SAN storage for the data center is one of the biggest. Cost, criticality, and complexity are the three C’s that all too often impact the fourth C: career.  IT is quite used to making tactical purchases in the form of servers, routers, desktops, and the like. SAN storage acquisition is harder because it is inherently strategic in nature and therefore poses greater long-term risks/rewards for the company at large. It’s interesting that most companies tend to follow a similar path when the order comes down to evaluate storage for purchase. They form a committee that then draws up a list of weighted requirements for both hardware and software features and functions. They then invite several storage vendors to the party to offer their pitch and from that pool of information, the committee fills out a requirements list in an effort to evaluate each vendor in an unbiased and “left brain” sort of way.

The perplexing part comes in when, after all this effort is expended and the players are evaluated, IT decides to go with a large vendor purely because “Nobody was ever fired for buying _____!” Though they may think they’re playing it safe or smart, what it really indicates is how little confidence they have in their own ability to select a storage vendor based upon the technological merits of the vendor and the unique business drivers of their own organization. People who make storage decisions based upon fear are, in effect, saying, “When it fails I can always justify my acquisition to senior management by hiding behind the perceived reputation of the market leading vendor because that’s what everyone else buys.” This lemming-like behavior can prevent a company from benefiting from newer technologies that might significantly help their bottom line. Given the quality and innovation of smaller companies, this type of thinking is an unnecessary hindrance.

Truth is, there are excellent reasons to look beyond the so-called market leaders in storage and see what the smaller companies are up to. These smaller companies can’t outspend the big ones on marketing so they have to focus on out-innovating them in technology. This innovation has recently led to some amazing technological breakthroughs that the big boys simply can’t offer, such as self-healing arrays (not “fail in place” but truly “self-repairing”), unheard of real-world performance gains without expensive SSD (no, really!), hugely scalable architectures that actually scale, and unmatched levels of reliability.

The problem with the big guys of storage is that they get lax and stifle innovation in favor of playing it safe and keeping the revenue stream rolling along. The smaller players simply cannot afford to be lax, they have to innovate to stay alive and this bodes well for customers who are looking for “best of breed” options for their company. But to take advantage of these innovations company management has to empower their IT staff to make the right technology decisions for the company instead of putting them in a circumstance where they feel they have to make the safe decision for their own careers.

But some may ask, “Isn’t avoiding difficulties precisely why you should buy from the big boys?” Not really! First of all, hardware, from all vendors, can— and does—experience difficulties. No hardware manufacturer can provide 100% perfect operation, 100% of the time, for 100% of its customers. Glitches arise, hardware fails, configurations get mangled due to human error (both vendor and end-user). In short, life happens for everyone. Second, smaller vendors tend to be much more responsive and nimble when difficulties inevitably arise simply because your business means more to their bottom line than it does to the industry giants. If you need a resolution to a problem with a giant company, it can often take 6 months to get a “no”. “Yes” can take considerably longer.

In the end, whether or not your chosen storage vendor is successful in your environment is more about architectural design than brand name. True, a properly architected storage network tends to be more expensive—but then so is downtime! Buying storage based upon technological and business drivers, and spending a bit more to do the job right, are significantly better strategies for company and career than doing things half-way and hiding behind a name when things fail.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: