Thursday, July 27, 2006

Keep Your Data Safe Behing a Firewall

Firewalls

Computer viruses! Worms! E-mail viruses! Trojan Horses! The media is always full of stories about computer viruses infecting computers all over the world, or companies scrambling to fix security holes in their software by releasing security updates. What can businesses or individuals to protect their computer? Installing a firewall may be one answer.

The Importance of Having a Firewall

While the first computer viruses were transported from computer to computer by floppy disks, computer viruses today can cover the globe in the blink of an eye over the Internet. And they’ve probably made it to your computer. You have likely had to deal with the consequences of spyware and other malicious programs that had have crawled onto your computer while you were browsing the Internet. And as a consequences, you’ve probably spent hours and hours trying to get rid of all the spyware and other malicious programs that have taken up residence on your computer.

Even if you think your computer is viruses free, you are probably wrong. That is why spyware and viruses are so dangerous; you could be using your computer with no idea that they’re there.

Firewalls Will Protect your Computer

A firewall puts a wall between your home network and the Internet. Just like a real firewall keep fire from spreading from one area to another, a software firewall tries to keep computer viruses from spreading form the Internet onto your home computer or home network.

The firewall itself is a piece of software that is usually run on your router or cable moden. By attaching itself to this hardware, the firewall is the first thing any incoming traffic from the Internet meets.

The firewall’s job is to act is to filter all of the traffic from the Internet that comes onto your home network. Whenever a network packet tries to come onto your home network, it has to make it by the firewall first. The firewall will analyse the packet to make sure it isn’t a viruses or some other undesirable communication. If the firewall gives it the all clear, it will let the packet continue on its journey to your home network.

How does a Firewall Know what Traffic is Good?

The firewall will use user-defined parameters and automatic parameters to decide whether the traffic should be let through or labelled dangerous and blocked. As the user, you could configure the firewall to block all traffic coming from a specific IP addresses. Obviously, you won’t be able to do this for all the malicious sites on the Internet – this list would be far, far too long!

For this reason, the firewall will automatically screen incoming traffic to make sure it corresponds to the kind of traffic you would want to receive by running it through a set of predetermined parameters. For instance, the firewall will usually let traffic sent from a website through to your computer, but it will not let someone remotely login to your computer.

No matter what software or hardware you use, you will always be putting your computer at risk when you connect it to the Internet. You can limit this risk as much as possible, however, by using a firewall. A firewall will let you access all the wonderful resources of the Internet without staying awake all night worrying about your home network.

Monday, July 24, 2006

Network security drives value

Many valuable business models depend vitally on secure networking. These business models include:

* Delivery of content (music, movies, TV, radio and interactive games);

* IP Network-enabled virtual enterprises, including work-at-home;

* E-commerce (retail, financial services, travel services and many transaction-oriented activities); and

* Messaging services such as e-mail and instant messaging.

Each model imposes its own unique security and performance requirements that influence economic success. Content delivery went nowhere until the RIAA (Recording Industry Association of America) was satisfied that the technology existed for secure content distribution. Network-enabled enterprise models are gaining favor now that IP traffic can be handled securely and privately in conformance with federal laws such as Gramm-Leach-Bliley and HIPPA.

Network security challenges include going beyond perimeter-based security, bad behavior by authorized applications, SPAM, patching, content filtering, vulnerability analysis and application traffic management.


Much existing security is centered on the enterprise firewall with the implicit understanding that those outside the perimeter (i.e., on the Internet) are bad while everyone on the inside is good. This model isn't sustainable even conceptually given the rapid virtualization of enterprise work and life styles. Security must support mobile or virtual employees and business partners as well as broad new device types such as SIP phones, Wi-Fi devices and 3G wireless systems.

Network-based security must also be personalized according to individual, application and role. For example, should the company treasurer have the same access to the funds payment system when using his PDA as when he is sitting at his desk?

Bad behavior by authorized applications is another challenge. Many new attacks use authorized ports as attack vehicles. E-mail is often used to penetrate network security defenses.

Keeping network security current is also a challenge. Mobile, distributed and virtual work styles aggravate this job because IT staff has less control over every workstation. Employees returning from a business trip, for example, may have become infected with a worm or Trojan while working at an airport hotspot. Technology for frequent, proactive penetration testing and vulnerability analysis can add an additional security layer.

Networking vendors are responding to these security challenges in three broad ways:

* Appliance-based software;

* Development of MSSPs (managed security service providers); and

* Integration of security services into network hardware, especially routers and load balancers.

Network security appliances provide an attractive balance between time to market for new security features and the high-performance of hardware-based systems. Recent appliance-based solutions offer application-level security, strong authentication, anti-SPAM, penetration testing, network admission control, wireless LAN authentication and Web access management.

By continuously analyzing security events across all subscribing customer networks, MSSPs can provide a higher level of network protection and support more specialized expertise than can even the largest single network operator. Open communication about security events across all the MSSP customers' networks also provides an information advantage because individual enterprises are loath to disclose they have been hacked because of resulting negative publicity.

Router vendors and vendors of data center products such as caching systems and server load balancers are adding network security features to their core products. This can be an attractive approach to network security because the network architecture is simplified and the approach is consistent with the longstanding trend in the electronics industry to leverage silicon to do more in the same box.

There is a large, growing opportunity to provide network security products and services. This opportunity is driven by the need to add security to the inherently insecure Internet, benefiting network-centric business models focused on content delivery, IP network-enabled virtual enterprise, e-commerce and messaging services.

Successful vendors of such products and services must be perceived as--and actually be--credible and trustworthy; provide customers with visibility into the security process; and provide broad, technically deep sales expertise and professional, educational services.

Michael Kennedy is co-founder and managing partner of Network Strategy Partners, LLC (NSP)--management consultants to the networking industry (mkennedy@nspllc.com).

Wednesday, July 19, 2006

World Wide Packets Ethernet Access equipment upgrades fiber network in Washington

World Wide Packets, the leading provider of Ethernet Access Networking Solutions, announced that it has signed a contract with Port Blakely Communities to upgrade its Issaquah Highlands Fiber Network (HFN) from a data-only network to a bandwidth delivery system that supports both current and next-generation applications to the subscriber for the development's planned 3,200 homes. The initial contract calls for the immediate installation of World Wide Packets' LightningEdge switches in 1,500 existing homes as well as in "hub" locations throughout the development.

"Our new community network will allow us to keep up with the evolution of new content that can be delivered to homeowners. We wanted to be able to stay ahead of the curve and the rapid pace of the consumer electronics evolution," said Judd Kirk, CEO of Port Blakely Communities. "World Wide Packets' LightningEdge was the best solution because it has allowed us to scale with the growth of the development as well as offer a host of cutting-edge voice, video and data services that gives us a competitive advantage."

"The migration from simple downstream services such as Internet access to rich, peer-to-peer services is a natural one for fiber-based networks such as HFN," noted Bill Potter, President of the Issaquah Highlands Technical Advisory Group. "The benefits for homeowners are far-ranging from more choice and better pricing for local and long distance services to HD-quality movies on demand, as well as DVD-quality videoconferencing with schools, hospitals, and other local institutions. We are also partnering with local businesses to bring an HD experience from the fiber directly to new plasmas or LCDs located anywhere in the home."

"The deployment at Issaquah Highlands is another example that demonstrates the power of the World Wide Packets solution to deliver new services to customers using Active Ethernet as the catalyst," said Dave Curry, CEO of World Wide Packets. "The possibilities for residents at Issaquah Highlands is far-reaching. For example, we see homeowners' using HFN to learn network technologies and introducing creative media. Networks such as these will become part of the daily fabric of their lives and we are proud to be the enabling technology behind it."

Friday, July 14, 2006

Networking The Home - Home Phone Network Alliance - Industry Trend or Event

Futurists have for many years said that someday we would be coming home to smart homes where the security system, PC and even kitchen appliances would be networked to provide home dwellers with a variety of advanced capabilities. Now, products based on an inexpensive home network standard running at 1 megabit-per-second (1Mbps) speed through common telephone wiring appear to be a matter of months away, just in time for the holiday season.

Last week the recently-established Home Phone Networking Alliance (HPNA) (EN, June 22) got another boost as Compaq disclosed that it has signed a 15-year license for the 1Mbps home HomeRun home networking technology from Tut and that it has joined AT&T Ventures, Itochu International and Microsoft as Tut investors and strategic partners.

The licensing agreement will allow Compaq to incorporate HomeRun technology into future products. Tut and Compaq will also engage in a number of cooperative marketing activities designed to encourage third parties to develop HomeRun-compatible products.

Craig Stouffer, VP of marketing at Tut Systems, said of the Compaq investment: "This is Compaq's one and only investment in the company. Why did they make the investment? Tut had the HomeRun technology last year. Originally HomeRun was designed to go to 2MHz. The problem is that (operating frequency) conflicts with various DSLs (digital subscriber lines)," Mr. Stouffer said.

Compaq, a supporter of U-ADSL (universal asynchronous digital subscriber line) technology made a request of Tut with regards to this potentially lucrative market.

"Compaq is one of the key promoters of U-ADSL and they said, you have this HomeRun stuff but it conflicts with U-ADSL. Compaq made a strong request that we readjust the technology to make sure it's compatible.

And Tut did so. Originally designed to run at 2MHz, Tut's HomeRun technology was boosted to run between 5.5MHz and 9.5MHz, centered on 7.5MHz in order to accommodate Compaq's request, a move that may have made Tut's future, according to Mr. Stouffer.

"It was a good move. We made the changes as part of the suggestion we do that and make Tut whole. There was impact to Tut initially in terms of time to market but it worked out, and that was the foundation of the investment," he said.

Mr. Stouffer also revealed that Tut recently filed to go public. "We have received about $40 million in venture capital and corporate money. Friday, (July 31) the company filed to go public."

The HPNA stepped into the spotlight just a month and-a-half-ago when 11 of the industry's leading lights formed a consortium to promote a new home networking system based on technology from Tut Systems. Founding members include: 3Com, AMD, AT&T Wireless, Compaq, Epigram, Hewlett-Packard, IBM, Intel, Lucent Technologies, Rockwell Semiconductor Systems and Tut Systems. To date, only three have licensed Tut's technology: AMD, AT&T and Compaq but all of the others are said to be in the process of obtaining licenses, which are offered at a nominal fee.

The HPNA has been overwhelmed since then by an estimated (as of the end of last week) 150 requests for membership from companies around the globe. And it is likely that most of those membership applications will be accepted. According to Cyrus Namazi, HPNA chairman and product marketing manager for AMD, because the HPNA advocates an open standard it cannot refuse any candidate that meets the basic requirement of commitment to furthering the proposed HPNA standard.

"We've made some goals and milestones. I'm happy to report we seem to be on track in terms of the 1-megabit specification," Mr. Namazi said in an interview last week. He also revealed plans to set up a certification laboratory that will provide a "seal of approval" to OEMs developing products for the HPNA standard (see story, page one).

Test Lab Revealed

"The gist of it is to set up a technical center where OEM developers can take their products and test against a pre-defined battery of tests," Mr. Namazi said, adding that trials of the proposed specification are already under way in a large number of U.S. homes.

When asked whether the group will use existing tests or develop its own, he replied, "We are developing proprietary tests AND using industry standard tests. Ultimately, the goal is to develop a seal of approval that members of HomePNA can put on their products. The goal is to be ready by the time products are rolled out," at the end of this year, Mr. Namazi said.

Tut chairman and CTO Matt Taylor told Electronic News that HPNA differs from other recent enabling technologies such as the PCI (peripheral component interconnect) bus and the USB (universal serial bus) in that those technologies were created to solve a problem whereas the forthcoming HPNA specification is being crafted to head one off.

Monday, July 10, 2006

How to Set Up a Wireless Home Network

There are a few different setup scenarios for wireless home networks, depending on whether you already have a modem and a wired router. In this step-by-step tutorial we'll assume that you already have a broadband connection with a cable or DSL modem but don't yet have a router, and that your computer is currently plugged directly into your modem. We will also assume you want to keep a desktop PC wired to the network and to set up either a notebook or a second desktop PC for wireless access. (It's a good idea to keep one of your PCs wired during configuration, in case security settings are lost in the process and you can't get back on the network.) You'll need to buy a wireless router, a wireless PCI card for your desktop PC, and a wireless PCMCIA card (also known as a PC Card) for your notebook.

1. Connect Your Wireless Router.

a. Turn off your cable modem and your wired PC.

b. Unplug the Ethernet cable from your cable modem and plug it into one of the four LAN ports on the back of the wireless router. The other end of the cable should remain connected to your PC.

c. Connect a second Ethernet cable between your modem's Ethernet port and the wireless router's WAN port. (The WAN port is separate from the four grouped LAN ports.)

d. Turn on the modem and wait for the status lights to indicate that it's connected to your service provider. This may take up to a minute.

e. Plug in the router. The status lights will blink as it goes through its own diagnostics; this may also take up to a minute.

f. Boot up your wired PC.

2. Configure Your Router

a. Refer to the router's printed quick-start guide, launch your Web browser, and type in the address indicated in the guide.

b. Follow the on-screen setup wizard, which should guide you step by step through the process.

c. Enable your router's security functions. The options will be WEP and WPA. (See page 88 for more information on enabling WPA.) Both will ask you to enter a key. Depending on your router's manufacturer, you may need to go to Advanced Settings to handle this step and the next two.

d. Change the default administrator's password, which is often known to hackers.

e. Change the SSID—the name you give your wireless network. Again, hackers know many of the default SSIDs and can use them to join your network.

3. Install a Wireless PCI Card in a Desktop PC

a. Refer to the card manufacturer's quick-start guide. If necessary, run the software installation program.

b. Shut down the PC.

c. Remove the cover.

d. Locate an available PCI slot and remove the corresponding slot cover from the back of the PC.

e. Carefully route the antenna through the open slot in the back of the PC, insert the card in the slot, and secure it. Replace the cover.

f. Power up the PC. It should recognize and enable the new hardware.

g. Go to the Control Panel, select Network, select Wireless Networking connection. Click on Properties. Click on Wireless Networking tab. Select the wireless networking name (see step 2e above). Click on Configure. Adjust your security settings to match those on your wireless router.

4. Install a Wireless PC Card in a Notebook PC

Many notebooks have built-in wireless cards. If yours doesn't, follow these instructions.

a. Follow steps "a" and "b" in number 3.

b. Plug your wireless PC Card into an available slot on the side of your notebook.

c. Follow steps "f" and "g" in number 3.

Monday, July 03, 2006

Moving away from the commodity game: the evolution of the network is accelerating, making speed to market—not end-to-end control—a key ingredient for

Telecom Asia: During your keynote talk at Carriers World Asia last month, you said we're in year ten of a 25-year network build out.

Vab Goel: If you really think about it today, the Internet is still in a very early stage. IP is a protocol that doesn't really care about the underlying physical interface--it runs over cable, PSTN, TDM and over the wireless network. But right now multimedia and video are still not happening over IP networks. The day is going to come where you'll be able to watch any movie or any TV program from anywhere sitting right in your living room. TVs are going to come with an Ethernet interface, and you'll be able to see what channels are playing in the UK and select what you want. What has to happen to allow that? The network has to change. If you look at most of the broadband networks getting built today, they don't have enough capacity. DSL is the first phase of the deployment. In the US you can't get 300 kbps most the time.

The network is going to change through new equipment deployments. None of that is going to happen over night. The next step is how to really integrate video with the IP network, and then how does it integrate with Wi-Fi in the home. The challenge is making it as easy as turning on the TV. The biggest mistakes we can make are thinking this is the best we can get or that it will all happen in the next year. Is it going to be ten or 15 more years, I can't predict. But one thing for sure is that a lot more innovation is coming and a lot more work has to be done. So the view is that the industry has to be ready for change and to think out of the box. And it has to invest in new ideas and technology because the status quo is not going to get us there.

How does this impact incumbent carriers?

It puts them back against the wall. The more applications are available over the Internet, the more their top-line revenue goes down. I think there are still opportunities for carriers and a tot of possibilities for new services, but they need a service delivery platform that is auto-provisioning and low cost. They also need to have a partnership model vs thinking they need to own everything. They have to think beyond where do I own the fiber and look at the AOL model, the IBM hosting model and the Google and Yahoo models. They have to look at what they have and totally change the way they do business. It can't be a 5 or 10% improvement; they need to look at 200 or 300 or 400% improvement--both in the business plan and the network architecture.

Going to Nortel, or Siemens or Lucent and asking them to be your supplier may not be enough. Carriers may have to take a stronger approach and say they're going to partner with entrepreneur companies and build new services which give them a 200-300% shift. Those that don't do this, their days may be numbered.

Who would have thought that AT&T would be sold for half its revenue. This is a big alarm for everyone and people have to accept it or we can stay in denial. AT&T for the longest time was in denial. They didn't have a single IP network--they had multiple networks and were late coming to the party. Sprint was the first telecom company to adopt Internet--AT&T was two to three years behind. Time to market is going to be key, and if you don't take advantage of it, someone else will.

What do you see as the pathway to higher margins?

Like I mentioned before, carriers need to think through forming partnerships and figure out how they're going to have a global footprint without investing capital in each market. This is self serving, but they need to partner with companies like Virtela that don't own the network but have design capabilities, network capabilities and a service delivery platform, which allows them to deliver complete managed network services, because every enterprise needs connectivity within the country, within the region or globally. They need to take advantage of services like video conferencing, which is becoming commonplace now, but many enterprises are doing it themselves and carriers are getting no revenue out of it. They need to offer directory services and interconnection on the IP layer between the different service offerings.

Say you have a Tandberg as a product as well as a Sony product, can you as a service provide offer a directory, which is a simple software, so enterprises, even though they're not within the same company, can communicate with each other. They basically need to open the platform--you can't keep the network closed.

What are enterprises looking for in service providers?

I think they are most frustrated by customer service and support, which seem to be at an all-time low. Every time a customer calls now, the reaction is "oh, my God he's calling me one more time." The challenge is that enterprises have issues, because he just got attacked by a virus, and he's going to need service providers to help to figure out which IP address these attacks are coming from. So service providers really need to update their backend systems and network management and monitoring systems so they're more proactive. And enterprises are willing to pay for it, because 100% up time for a real-time enterprise has never been more critical than now. But you can't just throw more people on it to provide the required level of service and support. It requires a new provisioning system and base of network management and monitoring, and requires different skill sets. Telecom companies need to be ready to change some of the skill sets they have and empower people who come from non-telecom environments.