The Network Hub

February 14, 2008  8:01 PM

Network security concerns: Mo’ remote workers mo’ problems

Tessa Parmenter Tessa Parmenter Profile: Tessa Parmenter

When the network was built like a castle, located in one static location, it was easier to have perimeter defense–the castle walls, the moat and hill (i.e., the firewalls)–protecting the royalty… I mean, data. Nowadays, there’s more royalty (information) to keep track of and they don’t stay put within the safe walls of their core network/abode.

Needless to say, security is a primary networking concern (as was seen in a survey conducted last fall polling more than 1,200 readers). I blame this largely on the increase of wireless (many wireless network security best practices are mysteries to most), the growing deployment of mobile devices (anywhere access), and the fact that not only are corporate devices travelling well beyond office-building walls, but the workers are too.

Sixty percent of enterprises have wide-spread remote access–where 50% or more of the workforce have remote access to the internal network–according to Yankee Group who surveyed 200 enterprises last summer. Senior Analyst of Enterprise Research in Network Security Phil Hochmuth of Yankee Group reported that three years prior, less than 25% of organizations supported wide-spread remote access.

With such an increase in such short amount of time, it’s no wonder network administrators are worried about how to secure and manage all these people. I realize I’m one of them: in the past three years, the companies I have worked for either allowed me to work remotely or involved me working from home entirely; I’m living this statistic, as many of you now are too, I’m sure.

Office space can be costly for an enterprise, and for the workers–so can gas, auto-repairs, and overall transportation. But on top of avoiding commutes, there’s a business benefit; mobile workers in jobs like sales or consulting, which require them to travel, are able to access data, fill orders more quickly, and quicken the overall pace of business transactions because they no longer lose as much time when they’re on the road. Unfortunately for the system administrator, all of this remote interaction puts stress on the network.

Hochmuth said “increased employee productivity is the main driver behind the move to open up internal networks for anywhere access, and SSL VPNs are emerging as the main tool enterprises use to provide this type of access.”

Independent research firm Amplitude Research commissioned by VanDyke Software found in their Fourth Annual Enterprise Security Survey that organizations are heightening their commitment to securing data communications. Secure remote access was the number one security management issue facing their company, according to their 2007 survey.

“The survey findings correlate to what we see happening in the field,” said Jeff P. Van Dyke, president and founder of VanDyke Software: “There’s a lot on the plates of the systems administrators, and with securing remote access a top issue and secure file transfer showing significant increase as a top issue to manage within the enterprise, VanDyke Software focused on new features for SecureCRT 6.0 and SecureFX 6.0 that make life in these areas so much easier for IT and network administrators.”

Hochmuth said “enterprises are literally opening up for business when it comes to supporting the ability of their employees to work from anywhere.” And VanDyke Software is one such company “opening up for business” to meet the needs of floundering network administrator’s who have to implement and support the increasing number of remote workers for their companies.

I suspect many more are aiming to follow suit.

February 13, 2008  7:26 PM

IT Ethics

Michael Morisy Michael Morisy Profile: Michael Morisy

Over on Slashdot there’s a lively discussion of IT ethics, and what sort of codes (no pun intended) network managers work by. Three camps of “ethical rules” came up:

Of course, these guides regularly conflict. Scanning personal e-mails is high-profile topic, but it’s certainly not the only ethical dilemma confronting the conscientious network admin. I once knew a network administrator who routinely scanned and copied all mp3s from networked personal folders into his “master database,” which took up a few spare gigs of unused space and more than a few spare hours of his workday, spent chilling out to the Grateful Dead. He didn’t last too long, despite his impressive collection of B-sides.

Which rules are the trump card when it comes to acting ethically? Are ethics ever written into your job description? Have you tried building in ethical rules into your networking infrastructure? Tight permission access comes to mind, but that’s a security no-brainer at this point.

Unfortunately, most of the networking engineer guidance we found was pretty minimal, such as this rather vague section in SAGE’s Code of Ethics:

  • I will strive to build and maintain a safe, healthy, and productive workplace.
  • I will do my best to make decisions consistent with the safety, privacy, and well-being of my community and the public, and to disclose promptly factors that might pose unexamined risks or dangers.
  • I will accept and offer honest criticism of technical work as appropriate and will credit properly the contributions of others.
  • I will lead by example, maintaining a high ethical standard and degree of professionalism in the performance of all my duties. I will support colleagues and co-workers in following this code of ethics.

Nary a word on reading e-mails, logging chats or jamming out on borrowed binary.

February 12, 2008  7:06 PM

iPhone, oh the madness you have wrought

Shamus McGillicuddy Shamus McGillicuddy Profile: Shamus McGillicuddy

I just finished writing about how the iPhone’s success has made touch-screen smartphones all the rage in 2008. And then this morning I read that Jim Balsille, co-CEO of Research In Motion, told attendees at the Mobile World Congress in Barcelona that his company is open to producing a touchscreen version of the BlackBerry. Et tu, BlackBerry?

In an interview with Reuters, Balsille made it clear that RIM would be open to adding a touch-screen control feature to its BlackBerry line if that’s what the company’s customers want:

For sure we’re looking at all kinds of different device packaging and presentation. I think getting religious on packaging is not the way to go. It’s really user preference-oriented.”

At the same show in Barcelona this week, Sony Ericsson debuted its Xperia X1, a touch-screen smartphone that appears to be a direct response to Apple’s iPhone and other touch-screen announcements from HTC and Nokia.

Touch-screens are nice and all, but sometimes I wish my Tom Tom GPS had a keyboard. My fingers are just too big!

February 7, 2008  8:36 PM

IPv6 makes inroads on the Internet

SusanFogarty Susan Fogarty Profile: SusanFogarty

IPv6 ready

This week, ICANN (the Internet Corporation for Assigned Names and Numbers) announced that it made almost half of the Internet’s root server networks IPv6 capable. According to the release:

IPv6 addresses were added for six of the world’s 13 root server networks (A, F, H, J, K, M) to the appropriate files and databases. This move allows for the possibility of fuller IPv6 usage of the Domain Name System (DNS). Prior to today, those using IPv6 had needed to retain the older IPv4 addressing system in order to be able to use domain names.

This actually surprised me, because over at SearchNetworking, we’ve been writing about migrating to IPv6 for quite a while. I didn’t realize that while corporations, schools and government agencies were upgrading to the new protocol, they also had to keep running IPv4 for Internet transmissions because the Internet itself did not support IPv6. Sending and receiving IPv6 traffic across the Internet was a clunky, expensive process that involved the use of specialized gateways to perform DNS mapping and/or network address translation.

The ICANN changes will allow devices to use IPv6 directly to reach a good portion of the Internet, with more to come in the near future, we presume. And almost all new networking equipment you buy now is IPv6-enabled. That combination will help simplify upgrades for networking teams that are just beginning to think about it.

For more technical detail, a comprehensive report on ICANN’s DNS changes is available from their Root Server and Security Advisory Committees, prepared by networking expert Dave Piscitello.

For readers who plan to procrastinate indefinitely and ignore the reports of address space running out (the IPv6 Forum predicts it will be in 1648 days), keep in mind that the U.S. government is requiring all its networks to be IPv6 compliant by June 30. All companies that have contracts with or are suppliers to any government agency must also comply, so that will trickle down to a large percentage of U.S. businesses. Ramping up your IPv6 skills now may be worth your while in the long run.

February 1, 2008  11:52 PM

Who is the “new” networking pro?

Ron Richard Profile: Ron Richard

Comic Book Guy

For more than a year, I’ve been hearing a lot of buzz about the concept of the “new” networking pro from networking vendors and pundits alike. The idea is, in a nutshell, that the old-school network guy spent his time thinking about network plumbing — connectivity, throughput, and Layer 3 hardware. Our publisher likens this guy to the Comic Book Guy from the Simpsons. (Don’t you work with at least one IT guy who looks a bit like that, after all?)

At the other end of the spectrum is the “new” networking pro, who is supposed to look like the guy below, in the suit. This person takes into account evolving technologies and network convergence. His concerns go beyond just plumbing; he concentrates on maximizing bandwidth, optimizing application and WAN performance; he troubleshoots a network that must accommodate voice and video traffic. The new networking pro realizes that he isn’t operating in a silo, but must cooperate (and, increasingly, share responsibilities and tools) with the security, voice, and data center staff.
New network guy?

Last week, two of the major network vendors — Cisco and Juniper — launched new switch offerings that are very much attuned to the “new” network pro.

Cisco’s Nexus 7000 super-switch may sound like it’s all about increased throughput, but perhaps the greater benefit, one which appeals to our new network pro, is that it is designed to eliminate redundant connectivity by allowing for converged Fibre Channel and Ethernet networks. And Cisco’s strategy, according to Doug Gourlay, senior director of marketing for Data Center Solutions at Cisco, is all about new network trends like convergence and virtualization (as quoted from an article by Shamus McGillicuddy).

Gourlay said Cisco has recognized several drivers that are leading higher-density data centers to turn to the network for help in improving operations. First is a “new class” of applications, such as voice and video, which consume significantly more bandwidth. The second driver is server virtualization. When you consolidate 10 virtual servers onto one physical server, that single box now deals with the aggregate bandwidth demands of the 10 servers. The third driver is Input-Output consolidation.

Similarly, Juniper’s new switches — the EX 3200, the EX 4200 and the EX 8200 — appeal to the network performance-minded enterprise, with their emphasis on uptime and reliability. As quoted in an article by Michael Morisy, Eddie Minkill, executive vice president of Juniper’s worldwide field operations, says that the view of the network as “plumbing” is outdated because consumers and businesses expect instant responses and more and more communications are carried through IP.

So the vendors and the pundits have their ducks in a row, but I wonder whether real-world network pros are getting in line. Surely these new switch offerings bode well for network reliability and productivity — but whenever I talk to actual people who are down in the IT trenches, I hear again and again that a) they would like to implement new technology, but instead spend more time keeping old stuff running and b) they don’t have time to think about anything besides putting out fires. (Maybe disgruntled IT pros are more verbal about this stuff.)

This skepticism isn’t unique. In the same article about Juniper’s new switch, Morisy writes that Jim Metzler, vice president of Sanibel, Fla.-based consultancy Ashton, Metzler & Associates, was doubtful about the current market for the powerful switch:

“I don’t know who they are going to appeal to,” he said, adding that most enterprises are not prioritizing carrier-grade robustness and millisecond latency. A few major exceptions exist, particularly in the financial sector, but he disagreed with the assertion that enterprises see the difference between 5 and 4 9’s of uptime as a critical tool in keeping customers.
smokey the bear
“Is it good technology? Absolutely,” Metzler said. The problem is that people will not switch simply to use good technology, or even better technology, when what they have works, and Metzler said Juniper has found a solution for a problem people do not currently have. If the EX Series is to become a success, he said, a better marketing strategy must be implemented that could focus on cost reduction or other, more enterprise-focused problems.

Ultimately, I think that defining the network pro according to any stereotype is going to prove inaccurate, but the successful IT person may be the one who can look beyond their departmental silo and embrace “new” networking concepts like mobility and application performance. For that to happen, though, network pros may have to find a way to prevent those fires from happening in the first place.

February 1, 2008  6:22 PM

Video tour of Juniper’s EX 4200 series network switch

Michael Morisy Michael Morisy Profile: Michael Morisy

Juniper’s Michael Peachey, senior product marketing manager, points out some of the major features — including an LCD screen, hot-swappable fans and user-replacable batteries — of the newly-launched EX 4200 series network switch.

January 30, 2008  5:26 PM

Juniper’s causing a stir in crowded switching field

Michael Morisy Michael Morisy Profile: Michael Morisy

Before even having time to digest, let alone write about, yesterday’s Juniper announcement that the company was entering the switching market, we received two responses to it from two competitors. It sounds like switch manufacturers feel crowded enough with Cisco’s dominance and aren’t happy about another big name entering the fray. But they might raise some valid points. Does Juniper not “gets the enterprise,” as some critics have charged? I also wonder if they were expecting this warm a reception from their new competitors. See excerpts after the jump.

Continued »

January 21, 2008  8:09 PM

iPhone corporate plan makes accountants smile

Shamus McGillicuddy Shamus McGillicuddy Profile: Shamus McGillicuddy

AT&T has added the iPhone as a device option for its enterprise wireless plans. On the surface of things, this is big news for iPhone fans who are waiting for the enterprise to welcome the device.

I haven’t seen an official announcement from AT&T about their iPhone enterprise offerings. So far, only the above link with feature and pricing options has turned up. But from what I can gather, this is more of a sales channel move than a product offering. This news won’t make IT managers feel warm and fuzzy towards the iPhone. Only accountants will be smiling.

No, this news doesn’t mean the iPhone is suddenly an enterprise-ready mobile device. All the concerns that Forrester Research voiced last month about its suitability for business use still apply. There is still no support for push email or third-party applications. Security is still a big problem, too, with no support for data encryption and no capability to remotely lock or erase lost devices. And the absence of a removable battery will still be a headache for road warriors.

This news is really about the accountants. It will now be easier for end users to request a device because your company’s accountants now have a direct channel for buying the iPhones and paying for the plans centrally instead of compensating individual users for deals they make on their own with AT&T.

January 18, 2008  4:34 PM

Does overhauling the data center mean changing the network?

Tessa Parmenter Tessa Parmenter Profile: Tessa Parmenter

This week I read survey results showing IT priorities in 2008, and was surprised to see how much the top IT priorities involved the network. So I did a little research.

The following article focuses on the network worker’s priorities alone: Disaster recovery, convergence and security top 2008 networking to-do lists. Putting these articles side-by-side made me see that very few priorities differed. The top priority for both networking and IT managers, for example, was disaster recovery. What was even more interesting was that even though the networking survey included questions on typical networking topics (i.e., routing, security, wireless, etc.) disaster recovery and data center topics came up very high in the results.

According to the IT manager questionnaire, almost half of IT managers surveyed plan to renovate and/or build a new data center (shown in the figure below):

Figure 1 — Lots of new data centers: In 2008, will you build or renovate a new data center?

So what might these data center changes have to do with the network? Below, you can see that 50% of those who plan to build/renovate a data center are incorporating new networking technology:

Figure 2: New technologies coming to new data centers
Will your new data center contain new technology?
(Respondents able to select more than one response.)

There’s a reason why so many people are making this change. Schlack says “New data center construction is a response to the need for more capacity but also for better disaster recovery capabilities and better use of energy.”

These changes must surely be a result, too, of the outmoded architecture in place. News Writer Michael Morisy’s found that the average age of a data center is 18 to 20 years old, which is to say that cooling and other mechanisms are grossly out of date. Even half that time ago the data center looked and behaved quite differently.

In Cooling a blade server, networking infrastructure expert Carrie Higbie explains: “Ten years ago, data centers consisted primarily of a mainframe and maybe a few PC servers. This is far different than what is in a data center today. We have Cisco 6500 series switches or maybe Force10, Extreme or Foundry switches — whatever the manufacturer, they are probably large chassis-based switches unless you are a smaller enterprise. While power was probably added, cooling may not have been.”

For better or for worse, a lot of money this year is being put toward data center overhauling. “Despite the large capital expenditures involved,” Morisy says, “upgrading these antiquated facilities begins to make more sense.” We aren’t relying on the same information that came out 20 years ago to get us through today, so why would we try to rely on architecture long passed its due date?

Are you happy with where these priorities lie? Perhaps network workers are finally being heard (and understood) and the money is finally going to the right place. On the other hand, maybe these expenditures are costing more than just money. Are you seeing negative or positive effects from this change, and do you see changes in the data center directly affecting your network?

January 17, 2008  11:28 PM

Server sabotage plot backfires on sys admin

Ron Richard Profile: Ron Richard

Bridget Botelho has an interesting post on the ServerSpecs blog about a recent story from Reuters covering a sys admin sentenced to 30 months in prison after his plot to wipe out his pharmacy benefit management company’s servers with a logic bomb — out of fear he was about to lose his job.

Network managers spend a lot of time protecting the network from common insider user threats such as sharing sensitive data over P2P or careless use of public wireless networks… (see Five common insider threats and how to mitigate them as an example). But who protects the network from trusted IT pros who do something irresponsible or intentionally harmful?

I don’t like it (but find it fascinating) when geeks perpetuate negative stereotypes about geeks — for example, the story of Hans Reiser, the Linux visionary accused of murdering his wife. In Reiser’s case, he didn’t use technology as his weapon, he used it as his defense: The “geek defense,” or “I’m a geek; I’m socially inept, but that doesn’t make me a murderer.”

I once knew a boy who hacked into a library’s computer network through a public terminal (this was back in the green text-on-a-black screen days) just to impress a girl. He sent all the terminals in the library into some kind of diagnostic that would tie them up for hours, and the girl was not amused. His reasoning seemed to be that if he was smart enough to do that and the library staff was dumb enough not to prevent him, then they deserved what they got.

I suspect that boy’s attitude was shared by the logic bombing sys admin, and tends to be common among disgruntled computer geeks everywhere. And it is probably perpetuated every day by the kinds of non-IT co-workers who say things like, “I don’t care how it works, just fix it.” So maybe the moral of the story is: Be nice to your IT guy, because you never know if he’s an evil genius with a chip on his shoulder (or a misguided impulse to impress a girl).

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: