In this multipart series I will be presenting some of the leading industry-standard best practices for enterprise network security using Cisco technologies... In Part 3 of this series I began to discuss Cisco technologies as a standard for enterprise data security. In this article we take a look at how Cisco firewall and packet filtering technologies can be used at the network perimeter to enhance enterprise security. more
Earlier this month, I had the opportunity to attend the The Emerging Communications (eComm) 2009 conference in San Francisco which was packed with 3 days of fascinating conversations about the future of communications. I absolutely enjoyed talking to various speakers and attendees giving me a deep level of appreciation and perspective on technical, commercial and political issues at hand -- and what is likely to come in the next few years. And speaking of politics, Lee Dryburgh, who founded eComm in early 2008, has generously allowed us to share with you a fascinating panel discussion which took place on day 3 of the conference called "Spectrum 2.0 - What's really happening?" more
The IANA -- Internet Assigned Numbers Authority -- is, functionally, the boiler room of the Internet. Every protocol in use to shovel data from Tallahassee to Timbuktu? Listed there. IP addresses? They are the root from which all addresses flow. Domain names? They are the Source. The entire operation is chock-full of magic numbers, numbers that form and fuel the digital world we use daily. But there are other, lesser-known numbers... It is of PENs that I write today... more
The Conficker worm will be active again on April 1st, according to an analysis of its most recent variant, Conficker.C, by the net security firm CA. This malicious piece of software, also known as Downup, Downadup and Kido, spreads among computers running most variants of the Windows operating system and turns them into nodes on a multi-million member ‘botnet’ of zombie computers that can be controlled remotely by the worm’s as yet unidentified authors. more
If there's one thing that scares the bejabbers out of me, it's when organized religion -- either directly or via proxies -- attempts to nose its way into technology policy issues. It appears that such a scenario is unfolding currently, with a concerted new effort to fundamentally remake the Internet in a manner befitting the sensibilities of top-down religious hierarchies. An Internet Pope? The Spanish Inquisition? Not exactly -- that's the incorrect religion for this particular case. more
The World Intellectual Property Organization (WIPO) asserted on Monday that new gTLDs from ICANN would unleash a global crime wave. This dire warning was bolstered by an astonishing statistic: a whopping eight per cent (8%) increase in UDRP complaints from 2007 to 2008! But WIPO's press release tells only a very little of the truth. Astonishingly, the UDRP system actually works pretty well... more
The DNSSEC Industry Coalition conducted its first face to face meeting on Friday, March 13, 2009 at Google's Washington, DC office. Google's fun filled meeting room was packed with organizations that share a keen interest in DNS Security through the implementation of DNSSEC. more
The World Intellectual Property Organization put out a release yesterday trumpeting an eight percent increase in domain name disputes handled by WIPO. In 2008 there were 2329 complaints filed with WIPO, the most ever. WIPO uses the increase to raise questions about the possible increase in the number of available generic top-level domains... more
It's coming up on two years since the DomainKeys Identified Mail (DKIM) standard was published. While we're seeing a certain amount of signed mail from Google, Paypal, and ESPs, there's still a long way to go. How hard is it to sign your mail with DKIM? The major hurdle might seem to be getting mail software that can sign outgoing mail. more
Last year, MAAWG published a white paper titled Trust in Email Begins with Authentication [PDF], which explains that authentication (DKIM) is “[a] safe means of identifying a participant-such as an author or an operator of an email service” while reputation is a “means of assessing their trustworthiness.”
moreIt has been beaten, butted, and batted around quite a bit in the past few weeks -- let's look at a rough timeline of political issues which bring me to this point. Let's look at the power struggle (I prefer to call it confusion) in the U.S. Government with regards to "Cyber Security" -- in a nutshell. In the latter part of 2008, the U.S. House of Representatives Homeland Security Committee determined that DHS was not capable of providing proper critical infrastructure protection (and other Cyber protection capabilities) due to a number of issues. This may well be a political maneuver, or it may well actually have merit. more
When I was employed, I ran my own mail server and my own BlackBerry Enterprise Server, and I had things tuned pretty much exactly as I wanted them. My incoming mail got some custom processing that looked the sender's address up in my address book and assigned the message a category... I was a very happy email user. Now that I'm on my own, I've decided not to run my own server and all that software, and I've switched to Gmail and the T-Mobile BlackBerry server... Surprisingly, though, I'm mostly still happy... more
Traceroute is a network tool that helps determine the path packets take as they travel from one location to another, identifying all of the "hops" along the way. I wonder why they are called hops*? Almost all operating systems have traceroute utilities built in. The command is just that "traceroute", Windows systems abbreviate the command as "tracert" to deal with the 8.3 file naming convention of old... So, let's look at what information traceroute gives you. more
The penny dropped when I started looking at cloud computing as a service rather than a new technology. In that respect it is more like Google search and a DotCom development than a set of software and hardware tools. That was what I needed to get a better strategic grip on this new concept. As with all services, business strategies are key here, rather than technologies. As soon as it is seen as a technology customer issues often come in second, which then leads to a technology looking for a market... more
In the world of DNS, there are two types of DNS servers, 'recursion disabled' and 'recursion enabled'. Recursion disabled servers, when asked to resolve a name, will only answer for names that they are authoritative for. It will absolutely refuse to look up a name it does not have authority over and is ideal for when you don't want it to serve just any query. It isn't, however, very useful for domains you don't know about or have authority over... more
Sponsored byVerisign
Sponsored byCSC
Sponsored byVerisign
Sponsored byIPv4.Global
Sponsored byDNIB.com
Sponsored byRadix
Sponsored byWhoisXML API