Search Our Site

Our Newsletter

Our Ramblings

Security At the Edge: Locking Down the Network Perimeter

When securing your company’s network, it’s best to start on the edges — the perimeter — where the system interfaces with the rest of the world. It’s an approach that makes sense. While installing safeguards deep inside the network is a good idea for securing against some types of threats, you’ll generally get the broadest protection — and the biggest bang for your security buck — by building up protection along the edges.

To begin planning a perimeter-oriented network-defence strategy, one has to understand exactly where the perimeter lies and what technologies are involved. Put simply, the perimeter is the network’s boundary: the frontier where data flows in from (and out to) other networks, including the Internet. Perimeter defense functions like a checkpoint, allowing authorized data to enter unencumbered while blocking suspicious traffic.

Perimeter-checkpoint duty is handled by several different technologies, including border routers, firewalls and a variety of other specialized security products. Let’s take a look at each of these technologies and the roles that they play in perimeter security.

Border Routers: Network routers work much like traffic policemen, directing data into, out of and within networks. A border router is a special type of router: the one that stands between your network and an external network, such as the Internet. Therefore, the border router is like a traffic policeman posted at a spot located on the main road into a town — the one who spots the registration plate on the bad guy’s car. Since all Internet traffic passes through the border router, it’s a logical place for filtering.

Firewalls: A firewall’s basic job is to permit or stop data flowing into or out of a network. For perimeter defence, firewalls are available as software (installed inside a router) or as stand-alone hardware appliances. A firewall can provide services such as stateful inspection (analysing transactions to ensure that inbound packets were requested); packet filtering (blocking data from specified IP addresses and ports); and NAT (network address translation), which presents a single IP address — representing multiple internal IP addresses — to the outside world.

IDS (Intrusion Detection Systems):
An IDS protects networks by analyzing traffic for suspicious activity. If something unusual is detected, the IDS alerts the network administrator, who can then take action to stop the event that is taking place. In fact, an IDS is often described as a network burglar alarm. Various vendors offer IDS products with a range of different capabilities, enabling customers to easily find a system that most closely match their security and budgetary needs.

IPS (Intrusion Prevention Systems): An IPS is similar to an IDS, except that the product is designed to take immediate action — such as blocking a specific IP address or user — rather than simply issuing an alert. Some products also use behavioral analysis to spot and stop potentially dangerous data. The line between IDS and IPS technologies is blurring, so it’s now possible to find an IDS that incorporates IPS functions.

VPN (Virtual Private Networks): A VPN provides perimeter security by encrypting the data sent between a business network and remote users over the Internet. In essence, the technique creates a private tunnel through the Internet. VPN technology is widely popular and is used by enterprises of all sizes. The approach’s biggest threat is from an attacker who figures out a way of compromising an authorized user’s system, then gains control of an encrypted pathway into the company network.

DMZ (Demilitarized Zones):
Borrowing its name from the no-man’s-land created between North Korea and South Korea at the end of the Korean War, a DMZ is a neutral area that is created outside the firewall between a company’s network and an external network, such as the Internet. One way of forming a DMZ is to install a host (a dedicated server) that resides between the two networks. The DMZ host can initiate sessions for Web pages, email and other requests on the public network. The system can’t, however, initiate a session back into the company’s network — it can only forward packets that have already been requested. The technique prevents unrequested and potentially destructive data from entering a company’s network.

Perimeter network security works by providing several layers of protection at the network’s edge. Different security technologies working in unison create a fortress-like barrier that can thwart most types of attackers. Perimeter security can’t, however, block all attacks — particularly a DoS (denial-of-service) onslaught. Yet a well-planned system will efficiently deflect most network threats, providing peace of mind for business owners and managers, network administrators, and end users.

How to recognise security vulnerabilities in your IT systems

As IT systems continue to extend across multiple environments, IT security threats and vulnerabilities have likewise continued to evolve.

Whether from the growing insider threat of rogue and unauthorised internal sources, or from the ever increasing number of external attacks, organisations are more susceptible than ever to crippling attacks. It’s almost become simply a matter of “when it will happen” rather than “if it will happen.”

For IT resellers, security issues have always persisted as critical to all communications for an organisation’s IT department.

However, with the increase in the levels of access to a company’s network compounded by these maturing threats, it is no longer feasible to merely recognise the existence of more simplistic, perimeter threats.

Resellers must be able to provide customers with a comprehensive risk assessment of the entirety of an organisation’s IT assets to their vulnerabilities–inclusive of both software and hardware.

This risk assessment must incorporate an understanding of external threats and internal vulnerabilities and how the two continue to merge to create increasingly susceptible IT environments.

At the most basic level, organisations and resellers alike must understand the different types of threats. Malware, a generic term for malicious software, such as trojan horses, worms, and viruses, is the most common form of attack that is originated by an external hacker. Malware attacks have persisted for years – from the infamous Morris worm to common spyware attacks – and they remain the easiest and most damaging tactic deployed by malicious hackers.

With enterprises extending to the cloud, and more organisations adopting SaaS-based applications, social media and other Web 2.0 tools, damaging malware attacks and viruses can now originate through simple SPAM messages and emails.

Internally, organisations are typically susceptible to threats from either authorised rogue users who abuse privileged accounts and identities to access sensitive information, or unauthorised users who use their knowledge of administrative credentials to subvert security systems. It is this type of vulnerability – unauthorised internal access – that has continued to emerge as the most volatile and disruptive.

To truly understand the risks involved with these “insider threats”, organisations and resellers need to understand the root of the vulnerabilities.

Most commonly, the risks lie with the use of embedded credentials, most notably hard coded passwords, a practice employed by software developers to provide access to administrators during the development process. The practice occurs frequently since application developers tend to be more focused on the development and release cycle of the application, rather than any security concerns. While it may appear harmless at first glance, it is extremely risky as it can potentially provide unauthorised users with powerful, complete access to IT systems.

To compound the matter, by hardcoding passwords to cover embedded credentials, vendors create a problem that cannot be easily fixed nor assuaged by tools such as Privileged Identity Management systems. Once embedded into an application, the passwords cannot be removed without damaging the system. At the end of the day, the passwords provide malicious outsiders with a bulls eye target – a key vulnerability to leverage to help them gain powerful access and control on a target device, and potentially throughout the entire organisation.

One of the most well known examples is the Stuxnet virus. We’ve all been blown away by the design of Stuxnet, and were surprised by the pathway the virus took in targeting SCADA systems. Reflection shows that the virus used the hard coded password vulnerability to target these systems – which should serve as a lesson for all businesses.

The existence of vulnerabilities embedded within these types of systems is not necessarily new, but the emergence of new threats continues to shed light on the ease with which they can be leveraged for an attack. While malicious outsiders and insiders have focused often on the administrative credentials on typical systems like servers, databases and the like, in reality, IT organisations need to identify every asset that has a microprocessor, memory or an application/process. From copiers to scanners, these devices all have similar embedded credentials that represent significant organisational vulnerabilities.

While steps can be taken to proactively manage embedded credentials without hardcoding them in the first place – Privileged Identity Management tools can help – the onus is on the organisation, and the reseller, to ensure that a holistic view of all vulnerabilities and risks has been taken.

The 6 Biggest Benefits to Switching your business to Rustyice VoIP

The world is making the switch to VoIP, but in case you are still unsure if VoIP is right for you, here are six benefits to adding VoIP to your home and business. At £12 per user per month for our flagship hosted solution it seems crazy not to make the switch. There are many benefits and advantages to switching from PSTN- Public Switched Telephone Network. VoIP technology is growing and changing every day. Major corporations are transferring their business needs over to VoIP and households worldwide are making the switch. VoIP is produced by transferring voice into digital data over the Internet. If you have a broadband connection in your home or business, then you can utilize VoIP. You may need to purchase a VoIP phone adapter (ATA) in order to continue to use your older telephones. The phone adapter will allow you to use all of your telephones with the VoIP technology. You may also need to purchase a router however most homes and businesses already have one. At Rustyice Solutions we can supply you with the hardware that you need. You even have the option of purchasing phones designed for VoIP as well as Videophones that will display images while you speak.

VoIP is the wave of the future. Many major computer companies have already begun to incorporate VoIP with their Instant Messaging programs not to mention Skype. Instant Messaging programs such as Yahoo, MSN, and AOL allow free pc-pc phone calls. Skype and VOXOX offer far more functionality than that and all for free. The world is making the switch to VoIP, but in case you are still unsure if VoIP is right for you, here are six benefits to adding VoIP to your home and business.

1. VoIP is Cost Efficient

Whether for your residence or business, VoIP is just plain cheaper than other telecommunication applications. You can reduce cost in your home by saving on long distance and local telephone calls. We have plans that allow virtually unlimited local and long distance calling due to the negligibly low call charges. You also save money by using VoIP throughout your house. You won’t need to install additional phone jacks and wires, you just add on to your VoIP system.

2. VoIP will Integrate your Audio, Data, and Video Applications.

Rustyice VoIP systems can integrate your telephone needs with your computer applications such as E-mail, Fax, Web conferencing, and Video Phone needs. This saves money and energy by conveniently combining all of these services into one basic application. You can use your phone and access all of your other programs at the same time in a truly integrated fashion, allowing greater freedom by giving you a simpler way to utilise all of your different communication products.

3. VoIP Provides Flexibility

VoIP allows users tremendous flexibility. For instance, many VoIP users can take their phone adapter with them, and use their telephone number anywhere they have access to an Internet connection. This includes traveling overseas, while staying in hotels, or even camping. If you have high speed Internet, you will be able to take phone calls on your usual home or business number. This is a much better solution for those with active lifestyles compared to the expense of cell phones as well as being the perfect solution for mobile employees and those whose jobs require much travel. In addition to this, it is now possible to use SIP apps on smartphones to log into your VoIP system by using either a WIFI network or even a 3G network and make and receive calls on your smartphone as if you were at home or in the office. The potential for reducing and removing call charges alone makes this a no brainer.

4. VoIP Users Can Choose their Own Area Codes

VoIP providers allow users to choose their own area codes. This is a fantastic option for those whose friends and family all live in one particular location. By choosing your family and friends area code, you are allowing them to call you, whenever they choose, and they will not have to pay long distance charges. Their calls will be local. Some providers extend the area codes to other countries. This would be extremely beneficial to someone whose friends and family are halfway across the world.

5. VoIP offers Features for Free

Features that typically cost extra with PSTN phone services are usually bundled with VoIP unlimited calling plans. These features include Voice Mail, Call Forwarding, Caller ID, Call Waiting, Call Return, Call Block, and Do Not Disturb. Because of the integration between VoIP and the Internet, many service providers will allow you to access and control all of your VoIP phone features through the Internet. With VoIP, users have greater access to control all of their phone features as well as save on charges.

6. Rustyice Solutions can offer you all of this and more, today, for £12 per user per month.

Rustyice Solutions has recently partnered with Telcentris Inc in the USA to offer their revolutionary VoIP services to homes and businesses in the UK. Upon making the switch to Rustyice/Telcentris VoIP, you will enjoy UK wide calling at £0.000056 p per minute. No you didnt read it wrong, thats 5.6 THOUSANDTHS of a penny per minute. Calling to anywhere within the USA and Canada is free and other countries enjoy similarly low calling charges. You can keep your existing telephone number(s) too by porting them across to your VOIP system. Whats more, we can offer you a free no obligation trial which takes no more than a couple of days to set up and, should you wish to make the trial permanent it is simplicity itself to do so. This post merely scratches the surface of the many and fantastic features that then become available to you or your business so contact us today to find out how you can bring these benefits to your home or business.

The world is making the switch to VoIP, but in case you are still unsure if VoIP is right for you, here are five benefits to adding VoIP to your home and business. There are many benefits and advantages to switching from PSTN- Public Switched Telephone Network. VoIP technology is growing and changing every day. Major corporations are transferring their business needs over to VoIP and households worldwide are making the switch. VoIP is produced by transferring voice into digital data over the Internet. Because the data is smaller compared to a standard electric unit, VoIP users save on valuable bandwidth as well. If you have a high-speed connection in your home, then you can utilize VoIP. You may need to purchase some equipment, such as a VoIP phone adapter. The phone adapter will allow you to use all of your telephones with the VoIP technology. You may also need to purchase a router. Most of your VoIP service providers will supply you with the hardware that you need. You even have the option of purchasing phones designed for VoIP as well as Videophones that will display images while you speak.

VoIP is the wave of the future. Many major computer companies have already begun to incorporate VoIP with their Instant Messaging programs. Yahoo has also recently purchased the VoIP Company, Dial Pad. Now, Instant Messaging programs such as Yahoo, MSN, and AOL allow pc-pc phone calls. The world is making the switch to VoIP, but in case you are still unsure if VoIP is right for you, here are five benefits to adding VoIP to your home and business.

1. VoIP is Cost Efficient

Whether for your residence or business, VoIP is just plain cheaper then other telecommunication applications. You can reduce cost in your home by saving on long distance and local telephone calls. Many VoIP service providers have plans that allow unlimited local and long distance calling. You will have to check with various companies to see how far their unlimited local and long distance calling areas serve. You also save money by using VoIP throughout your house. You won’t need to install additional phone jacks and wires, you just add on to your VoIP system.

2. VoIP will Integrate your Audio, Data, and Video Applications.

VoIP systems can integrate your telephone needs with your computer applications such as E-mail, Fax, Web conferencing, and Video Phone needs. This saves money and energy by combining all of these services into one basic application. You can use your phone and access all of your other programs at the same time, allowing greater freedom and is a simpler way for the home owner to utilize all of these different products.

3. VoIP Provides Flexibility

VoIP allows users tremendous flexibility. For instance, many VoIP users can take their phone adapter with them, and use their telephone number anywhere they have access to an Internet connection. This includes traveling overseas, while staying in hotels, or even camping. If you have high speed Internet, you will be able to take phone calls on your regular number. This is a much better solution for those with active lifestyles compared to the expense of cell phones as well as being the perfect solution for mobile employees and those whose jobs require much travel.

4. VoIP Users Can Choose their Own Area Codes

VoIP providers allow users to choose their own area codes. This is a fantastic option for those whose friends and family all live in one particular location, and they are out of state. By choosing your family and friends area code, you are allowing them to call you, whenever they choose, and they will not have to pay long distance charges. Their calls will be local. Some providers extend the area codes to other countries. This would be extremely beneficial to someone whose friends and family are halfway across the world.

5. VoIP offers Features for Free

Features that typically cost extra with PSTN phone services are usually bundled with VoIP unlimited calling plans. These features include Voice Mail, Call Forwarding, Caller ID, Call Waiting, Call Return, Call Block, and Do Not Disturb. Because of the integration between VoIP and the Internet, many service providers will allow you to access and control all of your VoIP phone features through the Internet. With VoIP, users have greater access to control all of their phone features as well as save on charges.

Mission Critical iSCSI Storage Network

Storage Networking is a tricky animal…Our brush with networked storage platforms started from the time we needed few hundred megabytes of shared storage for building a cluster to enable database and email consolidation in the late 90’s.

The essential character of Block based network storage continues, the goal is to protect and consolidate mission critical workloads.

Networked Storage using traditional FC-SAN’s are getting more complicated in the quest for speed and functionality.

In our view, there is a need to simplify networked storage to reduce risk, decrease mean-time-to-repair and reduce costs.

Drawing from our own experience, more complicated SAN sub-systems and network elements are harder to understand, harder to troubleshoot and expensive to deploy….

Personally, we have moved away from SAN implementations with FC-Front end networks after attempting to use use FC-to-ISCSI routers and put up with the complexity in the nework layout and provisioning challenges.

The Approach…we took was to select medium-to-high performance native iscsi storage arrays with FC-Disk based Backend networks. Deployed the front-end network(for connecting to servers) with Redundant Gigabit Ethernet(layer 3 capable) Switches to mimic a FC network for Multi-Pathing and fault tolerence.

This allowed us to maintain the essential performance posture(with FC disk backends) while maintaining the front-end simplicity for iscsi networking.

There is still a question performace in activities like Synchronous replication, where FC-SAN technologies are superior but these needs are becoming less acute.

Applications Like MS-Exchange supporting varied data replication topologies( Cluster Continous Replication-CCR, Local Continous Replication-LCR, Standby Cluster Replication-SCR).

Databases(oracle,MS-SQL, MySQL, Postgres) are supporting high availability using Grid/federation, Mirorring and Master/Slave models.

Advances in Storage awareness in the modern operating systems(Windows, Linux and Solaris) allow support for native multi-pathing for iscsi.

Support for Features like VSS and VDS on Windows, GFS on Linux and ZFS on Solaris allow for less stringent application aware iscsi friendly asynchronous replication between storage systems.

Another Major Challenge is the emergence of Virtual Machines and thier impact on performance and availability of Networked Storage.

The FC-Storage have inherent disadvantage in VM based environment due the multiple layers of device drivers and in-memory indirection of I/O calls.
Practical impact of on processor usage in hypervisor based VM setups using FC-SAN are evident in due to lack availability and optimization of transparent ToE type solutions for FC.

The Ability of a Virtual Machine to use raw ethernet adapters with ToE capable drivers results in little or no loss of Storage I/O performance. there is practically zero impact processor performace due to the use of networked storage.

In conclusion, With the emergence of relatively inexpensive 10 gigE switch and HBA Solutions, continued sophistication of Operating systems and applications, the time is right to start adopting iscsi for your mission critical storage networking needs.