Word of the Day: holographic disk drive

A holographic disk drive is a holographic storage device that uses a laser to store data to optical media in three dimensions, maximizing storage capacity by using the media's depth. Most optical media, such as CD, DVD, HD-DVD and Blu-ray only offer bit-at-a-time surface or dual-layer writing capacity. A holographic versatile disk is just slightly larger than a DVD and can store 30 times as much data.

InPhase Technologies announced that they would release the first commercially available holographic drive in May 2008. InPhase's drive, the tapestry, costs $18,000 (USD). The first version of the storage media can hold 300 gigabytes (GB) of data on a 5.25-inch-wide, 3.5-millimeter-thick disk contained in a cartridge. The first storage disks cost $180. The media is currently write once read many. InPhase plans to create a re- writable version.

Features of the tapestry drive and media include:

• An archive life of 50 years.
• Does not require strict control of temperature and humidity levels.
• Better data recovery: The holographic nature of the stored data page mean that the whole can be recreated from a fragment.
• 20-120 megabyte per second (MB/s) transfer rate.
• Compatibility with existing small computer systems interface (SCSI), Fibre Channel (FC) and Ethernet interfaces.
• Potential future capacities up to 1.6 terabytes.

Although the first tapestry devices and disks are not practical for the average consumer, they may be a viable option for the targeted video and film archive market as an alternative to using and storing 35mm film. InPhase plans to release drives and media for the consumer market within the next few years.

How should the ipseccmd.exe tool be used in Windows Vista?

Ipseccmd is a command-line tool for displaying and managing IPsec policy and filtering rules. If you type ipseccmd show all at a Windows XP command prompt, you will get a list of Internet Key Exchange Security Associations, IPsec filters and IPsec usage statistics. It is, however, a Windows XP tool, and it is not available in Windows Vista. This functionality has moved to Netsh, a command-line scripting utility.

Netsh uses various helper DLLs, which provide an extensive set of network configuration and monitoring settings. Each group of commands specific to a networking component is called a context. For example, dhcpmon.dll provides Netsh the context and set of commands necessary to configure and manage DHCP servers. The contexts that you can use depend on which networking components you have installed.

Netsh can run in either a wired or wireless context as well; when using the tool, the user must change to the context that contains the desired command. Both contexts allow viewing and configuring connectivity and security settings of both the local and multiple computers, but to view the applied wireless Group Policy settings, for example, the wireless context must be used. For those comfortable with command-line tools, Netsh is a good, lightweight alternative to Group Policy. The help documentation for each available command is reached by the '/?' or Help options.

Vista itself has two new Netsh contexts, which I'm sure you'll find useful:

• ipsec - this context is most comparable to policy creation in XP.
• advfirewall - this context maps to the Windows Firewall with Advanced Security snap-in.

One definite improvement in Vista is the integration of firewall-filtering functions and IPsec protection settings. The design makes it far less likely that new firewall filters will conflict with IPsec policies and prevent network traffic from flowing as intended. It is now possible to confirm, add, modify and delete firewall rules using Windows Firewall with Advanced Security. While most users will still configure their Windows Firewall using the Windows Firewall Control Panel tool, the snap-in allows users to easily perform advanced configuration. Windows Firewall with Advanced Security provides a GUI interface for configuring Windows Firewall on remote computers and via Group Policy.

Word of the Day: virtual networking

Virtual networking is a technology that facilitates the control of one or more remotely located computers or servers over the Internet. Data can be stored and retrieved, software can be run and peripherals can be operated through a Web browser as if the distant hardware were onsite.

Virtual networking facilitates consolidation of diverse services and devices on a single hardware platform called a virtual services switch. The centralization of control reduces the cost and complexity of operating and maintaining hardware and software compared with administering numerous separate devices in widely separated geographical locations. Maintenance personnel and administrators can install device drivers, perform tests and resolve problems on the remote machines from a single location.

It may be necessary to install virtual networking software on the remote computers or servers to take advantage of this technology. Several vendors, including Microsoft and VMware, offer virtual networking software. Some vendors offer comprehensive virtual networking services, allowing business network administrators to outsource labor and resources to the vendor. Virtual networking capability is a standard feature of Windows XP and Vista.

The chief limitation of virtual networking is the fact that certain problems can be resolved only by direct physical contact with the hardware involved. Examples include broken wires, frozen drives and defective chips. In some cases, virtual networking may make it possible to circumvent a damaged component by taking advantage of alternative resources until a technician can perform onsite repair or replacement.

5 ways to secure your Cisco routers and switches

1. Understand the basics of router security

You must understand the basics of router security. Here are the essentials:

Physically secure the routers
If your routers are not physically secured, anyone can walk up, perform a password reset, and gain full access to that router’s configuration. Even if this isn’t a core router, they could take down your network by poisoning the routing tables on all routers. For this reason, routers should be in a locked room and preferably have video surveillance. Additionally, reliable electrical power and cooling must be provided.

Lock down the router with passwords
Routers must be secured with passwords at both the login mode (to prevent initial access) and the privileged mode (to prevent configuration changes).

Apply login mode passwords on Console, AUX, and VTY (telnet/ssh) interfaces
Password controlled access needs not only to be on the VTY lines to prevent network access, but also on the Console and AUX ports. If the Console port is locked but the AUX port doesn’t have a password, then locking the Console wasn’t of much use, was it?

Set the correct time and date
To ensure that logs are correct and have not been tampered with, you must ensure that the router has the correct time and date.

Enable proper logging
Logging should be enabled, preferably, back to a central source like a syslog server. At minimum, you need to configure a buffered log on the router. Preferably, you should increase the level of logging and even log configuration changes to the router. For example, you can use the following command to enable SNMP traps for configuration changes:

snmp-server enable traps config

Back up router configurations to a central source
Let’s say that someone does take control of your router or wipes out your router configurations. To replace that router quickly or replace the configuration, you need to have a backup of that configuration. To do this, ensure that your routers are backed up whenever configuration changes are made or each week or day.

Secure other network devices such as switches and wireless access
Most of the items listed here also apply to Cisco switches and wireless access points. Two more areas that I consider to be at the basic level of router security are locking down network access to the router with a stateful firewall or ACL and encrypting sensitive network traffic.

2. Know your network: Diagram, audit, and document

If you are responsible for the security of a network you should know that network like you know the vulnerable doors and windows (think entry points) of your house.

You should diagram your network so that you have a map to help you and others visualize the entire network.

You should have the router configurations backed up. Finally, you should periodically audit your network security, both internally and externally (via a third party).

3. Protect your router with a firewall and ACLs

In Reese’s post about the hackers, he mentioned the fact that the company had poor access control lists (ACLs) in place on their routers. ACLs are typically what protect routers from attack. However, due to their complexity, many of them end up being misconfigured or ineffective. Make sure that your ACLs allow only traffic to the router and through the router that should be there. For internal routers this will only be internal traffic.

Make sure you understand that whatever isn’t permitted will be denied (the implicit deny), that ACLs are processed from the top down, that there should never be a permit any in the ACL, and that the ACL must be applied to an interface in the proper direction to be enabled.

Keep in mind that ACLs aren’t just used to prevent traffic from going through the router. They are also used to control SSH traffic, routing update, and to throttle traffic. For more information, see:

• Learn additional uses for Cisco IOS access control lists
• Control unwanted traffic on your Cisco router with CAR

Besides ACLs, the Cisco IOS offers a real stateful firewall if you use the Security/Firewall version of the IOS. A stateful firewall will be much better than just using ACLs. I recommend checking out my article, “Protect your network with the Cisco IOS Firewall,” and consider implementing one on your routers.

4. Change your passwords and make them complex

Another method that hackers use to take control of networks is password guessing or password sniffing. To prevent this, you should CHANGE YOUR PASSWORDS TO COMPLEX PASSWORDS TODAY. Don’t wait another day! An example of a complex password is MySuper!S3cr3tPa$$.

Make sure you always use type 5 password encryption on your routers (see “Be aware of how easily someone can crack a Cisco IOS password“). Make sure this command is on your router to encrypt most (but not all) passwords with type 5 encryption:

service password-encryption

Also, keep in mind that we aren’t just talking about login passwords. This includes all SNMP community strings and routing protocol update passwords. All of those should be complex and changed periodically.

5. Always encrypt sensitive network traffic

Finally, hackers can obtain passwords to your routers by sniffing network traffic when you log in to your router with telnet, perform a “show run” via telnet, or use unencrypted SNMP strings.

You should always encrypt sensitive network traffic by using SSH and SNMP encryption. Start by enabling SSH and disable telnet to all network devices that support it.

If you are using SNMP, enable SNMP v3 with encryption and use it exclusively.

Be careful

The point of this article is to (1) encourage you to take action to secure your network before malicious attackers take control of it and (2) to show you exactly which actions you need to take. You shouldn’t assume that your network isn’t a target because your company isn’t high profile or your data wouldn’t be valuable to an attacker. Take every reasonable step to protect your network; as you can see from this post, these steps aren’t necessarily difficult or costly.

Do you know this?

The new IEEE Energy Efficient Ethernet project aims to deliver major energy savings by combining many small savings.

This initiative is based on the work of Mike Bennett and Bruce Nordman of the Lawrence Berkeley National Laboratory and Professor Ken Christensen of the University of South Florida. They observed that much energy is wasted while the network is idle.

Here are the facts:

1. Most desktop PCs now ship with a 1 Gbps interface, an increase from the 100 Mbps interface that was standard a few years ago.

2. A typical 1 Gbps interface consumes roughly 2W more than a 100 Mbps interface.

3. Ethernet interfaces continue to consume power at this level even when the network is idle.

4. The 1 Gbps interface in the switch port at the other end of the link also consumes 2W more than a 100 Mbps interface.The upgrade from 100 Mbps to 1 Gbps thus consumes an extra 4W for each connected PC.

Security from A to Z

Security from A to Z

Click on the links below to find out more...

A is for Antivirus
B is for Botnets
C is for CMA
D is for DDoS
E is for Extradition
F is for Federated identity
G is for Google
H is for Hackers
I is for IM
J is for Jaschan (Sven)
K is for Kids
L is for Love Bug
M is for Microsoft
N is for Neologisms
O is for Orange
P is for Passwords
Q is for Questions
R is for Rootkits
S is for Spyware
T is for Two-factor authentication
U is for USB sticks/devices
V is for Virus variants
W is for Wi-fi
X is for OS X
Y is for You
Z is for Zero-day

Worst practices: Encryption conniptions

Here's a list of five worst practices that I'd like to share with you:

1. Using Wired Equivalent Privacy (WEP) encryption
If you're still running WEP encryption in your organization, it's time to face the facts: the simplistic encryption techniques used by WEP may be broken in seconds using freely available tools.

2. Practicing "security theatre"
"Security theatre" is the practice of implementing complex, expensive security measures solely for the sake of making people notice that you're spending a lot of time and energy on security, despite the fact that your controls are easily defeated and largely ineffective.

3. Encrypting email attachments only to include the encryption key in the message
Someone sends a sensitive document by email and, meaning well, uses the encryption feature of Microsoft Office to preserve the confidentiality of the document while in transit. The person then proceeds to praise himself in the body of the message saying something like, "Mike, I know you're always telling me about the security problems with email, so I encrypted this confidential file. The password is football." The simple solution is to use an out-of-band transmission method for the password. For example, send the email and then pick up the phone and call the recipient to provide the password. The likelihood of the same individual intercepting both your email and telephone call is remote.

4. Failing to patch
Sometimes warning of such dire consequences as "a severe flaw…[that] could lead to system crashes, remote execution of code and privilege escalation". Remember, hackers read the same security patch announcements that we do. Leaving networks, databases and third-party applications unpatched is asking for trouble.

5. Failing to encrypt laptops
Fortunately, there's an easy way to avoid this altogether: use disk encryption products to render mobile data unusable if a device is stolen.

10 ways to explain things more effectively

In the course of your work, you may sometimes need to explain technical concepts to your customers. Having them understand you is important not only for technical reasons, but also to ensure customer satisfaction. The ability to explain things clearly and effectively can help you in your career, as well. Here are a few tips to help make your explanations understandable and useful.

#1: Keep in mind others’ point of view

You’ve probably seen the famous illusion that looks like either a young woman or an old woman. Two people can look at that same picture, and they can have opposite views of what they’re seeing. Keep this idea in mind when explaining a concept. Something that might be perfectly understandable to you might be incomprehensible to someone else. Don’t be the person customers complain about as using “geek speak.”

#2: Listen and respond to questions

It’s easy to become annoyed when someone is asking questions. However, try to resist that reaction. A better attitude is to be happy that the other person is interested enough to ask questions. To minimize confusion and misunderstanding, try to paraphrase or summarize a question before you answer it. This step is particularly important if you’re in a group setting, and you’ve just taken a question from someone. Repeating the question for the entire group helps everyone better understand your answer.

#3: Avoid talking over people’s head

When you explain things to people, do their eyes glaze over? Chances are it’s because you’re talking over their head. Symptoms of such behavior include the use of jargon and acronyms. Remember, the people you’re talking to probably lack your specialized knowledge, so you should use readily understandable terms.

The same goes for acronyms. They’re important, but if you use them, define them in “longhand,” followed by the acronyms in (parentheses), so that everyone’s clear. Doing so avoids the scenario of situation normal, all fouled up (SNAFU).

Even within IT, the same acronym can mean different things. For example, both “active server page” and “application service provider” have the acronym ASP. A story from the Vietnam War era further illustrates this point. A young woman brought her boyfriend home to meet her father, a retired military officer. The woman was nervous because the boyfriend was a conscientious objector. When the father asked the young man to talk about himself, the latter replied, nervously, that he was a CO. The father clapped the young man on the back and congratulated him, thinking the latter was a commanding officer.

#4: Avoid talking down to people

Avoid the other extreme as well. Don’t insult people by assuming that they’re only as intelligent as a three-year-old. An attendee at one of my communications training classes described it aptly as “Barney communications.”

Greek mythology has references to two monsters, Scylla and Charybdis, who sat on opposite sides of a narrow strait of water. If a ship sailed too close to Scylla, it was destroyed and the sailors eaten up. If the ship sailed too close to Charybdis, it was destroyed by a whirlpool that Charybdis created. The ship had to go right between them to survive. Follow that same principle with your customers: Make your explanations neither too complicated or too simple.

#5: Ask questions to determine people’s understanding

The people you’re talking to shouldn’t be the only ones asking questions. You should be asking questions as well, to make sure they understand. Your questions can be open ended, which gives people a chance to provide detailed information, or they can be closed ended, which generally calls for a simple yes/no response. In either case, asking questions tells people that you’re interested that they understand.

#6: Focus on benefits, not features

What’s the difference? A feature is some inherent property of an object. A benefit, on the other hand, is a way the feature helps a person. For example, one of the features of a Styrofoam cup, because of the material used, is insulation. Someone who’s planning a party probably doesn’t care how the cup provides insulation. That person is more interested in the fact that such a cup keeps hot things hot and cold things cold.

In the same way, try to focus on benefits of technology rather than features of technology. This distinction becomes more important the higher the level of the person you’re talking to. The CFO probably has little need to know about the specific commands and steps involved in setting up database mirroring. That person will want to know, however, that such a practice reduces the chances of data loss.

#7: Use analogies to make concepts clearer

An analogy involves explaining an unfamiliar concept in terms of a familiar one. For example, in drawing an analogy between a firewall and a bank teller, you could say that people don’t just go directly into a bank and take money out. They go to the teller and identify themselves; the teller makes sure they have enough money; and then the teller gives them the money. Similarly, a firewall ensures that people who want access to a system really are permitted to have that access.

When choosing an example for an analogy, first figure out the general principle you’re trying to explain. Then, choose something from real life that illustrates that principle. Say, for example, that you’re trying to explain memory leaks. Suppose you conclude that the principle involved is that of taking without giving back completely. An example/analogy might be the consequences of pouring a cup of pancake batter into successive measuring cups, or the consequences of lending money to your brother-in-law.

#8: Compare new concepts to familiar ones

Another illustrative technique is to use a familiar or existing product as a comparison. If you’re explaining a new release of a software product, the comparison is easy. Simply discuss the additional capabilities it has over the previous one or how key features are different. If the person hearing your explanation is also an IT person and is familiar with different or older technology, try explaining in those terms if you can. For example, when explaining thin clients, consider a comparison to the old 3270-type terminals that IBM once used for connection to mainframes.

#9: Use the concepts of subsets and supersets

Brooklyn is a subset of New York City, because all of it is a part of that city. Conversely, New York City is a superset of Brooklyn, because the former contains, in addition to all of the latter, other boroughs as well. These concepts are helpful in describing, for example, a “lite” versus a “professional” version of a software product. If the latter does everything the former does, plus more, it truly is a superset of the former, and the former is a subset of the latter. Be careful, though: If the “lite” version does even one thing that’s missing from the professional version, there’s no longer a subset/superset relationship.

#10: Confirm that your explanation makes sense

Once you’ve finished explaining your point or answering a question, ask a final question yourself. Make sure the people who heard your explanation truly did understand it. Consider asking them to give you the explanation in their own words, just to double-check.

Word of the Day: Securities and Exchange Commission (SEC)

The Securities and Exchange Commission (SEC) is a U.S. government agency that oversees securities transactions, activities of financial professionals and mutual fund trading to prevent fraud and intentional deception. The SEC consists of five commissioners who serve staggered five-year terms. No more than three of the commissioners may belong to the same political party.

The SEC has four major divisions.

• The Division of Corporation Finance ensures corporate disclosure of important information to the investing public.
• The Division of Trading and Markets ensures fairness, order and efficiency in market activities.
• The Division of Investment Management helps protect investors and encourages capital formation through oversight and regulation of the investment management industry.
• The Division of Enforcement investigates securities law violations and initiates civil and criminal actions.

The SEC was created during the Great Depression with the passage of the Securities Exchange Act of 1934, which was designed to bolster confidence in capital markets by providing investors with reliable information and by requiring that individuals and corporations deal with each other honestly.