How did we live without Wi-Fi? I can go to McDonald's or a coffee shop and get Wi-Fi and do my work, access my email or even do online banking. Ever worry about the security of that capability? Wi-Fi is inherently susceptible to hacking and eavesdropping, but it can be secure if you use some basic principles. I would not recommend online banking or sensitive transactions from a public Wi-Fi though.
Here are some tips to keep in mind:
Don't use WEP. WEP (wired equivalent privacy) security is long dead. Its underlying encryption can be broken quickly and there are tools to download off the Internet to help you hack it. I would recommend WPA2.
Don't use WPA/WPA2-PSK. PSK = pre-shared key. This mode of WPA and WPA2 security isn't secure for the enterprise. The entry of this key into the client would need to be changed each time an employee leaves or the client is lost or stolen. This is a management challenge, and many times goes overlooked or forgotten. Not a good option.
Do implement 802.11i. The EAP protocol of WPA and WPA2 security uses 802.1x authentication instead of PSKs, providing the ability to offer each users or client their own login credentials: user name and password or a digital certificate. The encryption keys are regularly changed and exchanged silently in the background. Look into NPS of Windows Server 2008. There are also some great RSA products to help with security.
Do Secure 802.1x Client Settings: The EAP mode of WPA/WPA2 is still vulnerable to man-in-the-middle attacks. You need to secure the settings of the client to prevent these attacks. An example would be to in the EAP settings of Windows you can enable server certificate validation by selecting the CA certificate, specify the server address, and disable it from prompting users to trust new servers or CA certificates. Utilize Group Policy if you can.
Use a wireless intrusion prevention system: When it comes to Wi-Fi security there is more than combating those directly trying to gain access to the network. Hackers can setup rogue access points, or perform DOS attacks. An intrusion prevention system for wireless (WIPS) can alert you to rogue APs or malicious activity. Think of security in layers. One more tool and protection layer to keep you safe.
NAP: Should you consider deploying a Network Access Protection (NAP)? It could provide additional control over network access, and policy based protection. Windows 2008 comes with some of these features, give it some consideration. There are some great third party options as well.
There are several other things you can do, like hiding your SSID, don't leave default passwords on your systems, and disable feature/functions you don't need. Bottom like is that using wireless comes with additional security awareness and steps needed to be taken. I would also recommend a firewall on that laptop you are using at your favorite Wi-Fi hot spot. Security is everyone's responsibility.
Keep it positive!
Scott Arnett
scott.arnett@charter.net
About Me
- Scott Arnett
- Scott Arnett is an Information Technology & Security Professional Executive with over 30 years experience in IT. Scott has worked in various industries such as health care, insurance, manufacturing, broadcast, printing, and consulting and in enterprises ranging in size from $50M to $20B in revenue. Scott’s experience encompasses the following areas of specialization: Leadership, Strategy, Architecture, Business Partnership & Acumen, Process Management, Infrastructure and Security. With his broad understanding of technology and his ability to communicate successfully with both Executives and Technical Specialists, Scott has been consistently recognized as someone who not only can "Connect the Dots", but who can also create a workable solution. Scott is equally comfortable playing technical, project management/leadership and organizational leadership roles through experience gained throughout his career. Scott has previously acted in the role of CIO, CTO, and VP of IT, successfully built 9 data centers across the country, and is expert in understanding ITIL, PCI Compliance, SOX, HIPAA, FERPA, FRCP and COBIT.
Wednesday, November 30, 2011
Friday, November 18, 2011
What does Private Cloud Drive?
Had to chuckle the other day, I was talking with a colleague in Atlanta, and he said Private Cloud is driving him to drink. I thought IT in general did that, not just Private Cloud. But that got me to think, what is Private Cloud really driving - how about virtualization.
Private clouds promise an agile data center, where workloads can be moved around to different physical servers, storage, and networking gear to meet challenging demand. And you can't have a private cloud without virtualization, since the private cloud architecture requires breaking free from physical network and infrastructure constraints. There are several organizations moving down the path of virtualization with great success, but how many are ready for that next step to Private Cloud?
IT vendors are introducing products aimed at private clouds like never before, expanding the virtual value. I see this innovation in interconnects, such as the PCI-SIG's Single Root IOV protocol for linking virtualized devices; in processors, with Intel VI-x and AMD-V, in storage, with hybrid cache mechanisms; in storage controllers with robust software APIs; in applications, with cloud delivery mechanisms, distributed processing, and encapsulation; in networking, with Virtual Private LAN Service and Cisco's Overlay Transport Virtualization. Now does that excite you?
How about the otherside of that coin? While the vendors are solving one problem of implementing private cloud, no one offers a good way to run this larger infrastructure. There is no enterprise wide management tool worth the cost that delivers what is needed. So without this management, how are you going to show your ROI? You increased capability, sure, but at what cost?
I am not discouraging anyone from driving towards private cloud, on the contrary. With some good planning, some holistic view, you can find a place to start. The standards, tools, and ROI will come along, but it is not there yet today. Keep focused on virtualization of your servers, storage, I/O and applications, but don't forget desktops,. Have a strategy around cloud, and how you will manage the technology, the process, and the people.
Keep it positive!
Scott Arnett
scott.arnett@charter.net
Private clouds promise an agile data center, where workloads can be moved around to different physical servers, storage, and networking gear to meet challenging demand. And you can't have a private cloud without virtualization, since the private cloud architecture requires breaking free from physical network and infrastructure constraints. There are several organizations moving down the path of virtualization with great success, but how many are ready for that next step to Private Cloud?
IT vendors are introducing products aimed at private clouds like never before, expanding the virtual value. I see this innovation in interconnects, such as the PCI-SIG's Single Root IOV protocol for linking virtualized devices; in processors, with Intel VI-x and AMD-V, in storage, with hybrid cache mechanisms; in storage controllers with robust software APIs; in applications, with cloud delivery mechanisms, distributed processing, and encapsulation; in networking, with Virtual Private LAN Service and Cisco's Overlay Transport Virtualization. Now does that excite you?
How about the otherside of that coin? While the vendors are solving one problem of implementing private cloud, no one offers a good way to run this larger infrastructure. There is no enterprise wide management tool worth the cost that delivers what is needed. So without this management, how are you going to show your ROI? You increased capability, sure, but at what cost?
I am not discouraging anyone from driving towards private cloud, on the contrary. With some good planning, some holistic view, you can find a place to start. The standards, tools, and ROI will come along, but it is not there yet today. Keep focused on virtualization of your servers, storage, I/O and applications, but don't forget desktops,. Have a strategy around cloud, and how you will manage the technology, the process, and the people.
Keep it positive!
Scott Arnett
scott.arnett@charter.net
Thursday, November 10, 2011
Wicker Basket for iPhone?
Take a moment and sit in your favorite chair at home, turn the TV off, iPhone, radio and all other technology of today. Hear that? Silence, calm, just the moment of the day. I wonder what happened to the picnic down at the lake with just your sweetheart, or the quiet ride in the car through the country. When was the last time you played a board game with the kids, and had popcorn and no TV?
You hear folks talk about the good ole' days, then you hear others say that today is so much better that just 30 years ago. Really? Is our lives that much better? Has iPhones really made today so wonderful? How about social networking - the wonderful Facebook? Can you have that picnic on facebook? Can you take that walk? How about a gentleman's handshake? Technology can't replace many of these things. Has technology improved our lives so much that the simple things of days gone by should be left in the history books?
I propose to you that we need some balance. Technology in the medical field has made significant improvements, and the list goes on. I would also say, we need some technology free activities as well. Nothing wrong with writing a letter or card to put in the mail. Nothing wrong with many things our parents did before computers, iPhones, social websites, and texting. We have become so overwhelmed with technology, immediate communications, instant news, instant now - that we loose touch with reality at times. To have a balance in our life and to keep things in perspective - turn it off and take a step aside and look around. Have some yard time, have some game time, or even go to the park. When was the last time you went to the library to read a book or magazines?
I wonder the quality of life impact technology has had on us. It has made things in life easier, made information available at our fingertips, but has it not made us lazy? Dependent? Impatient and at times out of perspective? Technology become invasive? All good questions, with many of the answers coming in the future. I think technology has had a negative impact on parts of our lives, but it is our life and we are in control. Use the power button from time to time.
Keep it positive!
Scott Arnett
scott.arnett@charter.net
You hear folks talk about the good ole' days, then you hear others say that today is so much better that just 30 years ago. Really? Is our lives that much better? Has iPhones really made today so wonderful? How about social networking - the wonderful Facebook? Can you have that picnic on facebook? Can you take that walk? How about a gentleman's handshake? Technology can't replace many of these things. Has technology improved our lives so much that the simple things of days gone by should be left in the history books?
I propose to you that we need some balance. Technology in the medical field has made significant improvements, and the list goes on. I would also say, we need some technology free activities as well. Nothing wrong with writing a letter or card to put in the mail. Nothing wrong with many things our parents did before computers, iPhones, social websites, and texting. We have become so overwhelmed with technology, immediate communications, instant news, instant now - that we loose touch with reality at times. To have a balance in our life and to keep things in perspective - turn it off and take a step aside and look around. Have some yard time, have some game time, or even go to the park. When was the last time you went to the library to read a book or magazines?
I wonder the quality of life impact technology has had on us. It has made things in life easier, made information available at our fingertips, but has it not made us lazy? Dependent? Impatient and at times out of perspective? Technology become invasive? All good questions, with many of the answers coming in the future. I think technology has had a negative impact on parts of our lives, but it is our life and we are in control. Use the power button from time to time.
Keep it positive!
Scott Arnett
scott.arnett@charter.net
Wednesday, November 2, 2011
Next Generation Virtualized Data Center - Part 1
Journey to the Private Cloud will be difficult with today's technology and standards. I find some of the motivation to take this journey interesting, as some CIO's are just simply following the crowd. Is the motivation cost savings? Agility? Technology?
Let's not spend time debating whether fully virtualized data centers will become standard or the norm. They will, and sooner than most may think. There are bigger challenges than how soon you can get 50% or more of your servers virtualized. Things like network, tools, management and the list goes on.
When I say Private Cloud, I mean an internal network that combines compute, storage, and other data center resources with high virtualization, hardware integration, automation, monitoring, and orchestration. Things like self service, are key items to this definition. Getting to this definition, with today's technology will be tough. Let's look at the range of problems IT faces, such as multivendor environments, limited automation, and still-emerging technology and standards.
Standards are scarce indeed, making every purchasing decision dicey. The CTO must understand how every component interacts with every other component, but since extensive server virtualization has increased operational complexity, this can be an extraordinarly difficult thing to get your arms around. IT teams looking to conventinoal network and system management products for help are finding that these expensive tools are inadequate to the task at hand. I would also say, don't look to just the normal vendors you have for years, like Cisco. There are some real up and coming champions to watch.
I also tell my colleagues the only savings realized from virtualization is fewer physical servers. Costs have increased via more expensive servers with bigger I/O and more memory, added cost of the hypervisor, and a much more difficult time to resolve problems when they occur.
VMWare is still the go to vendor when IT organizations talk enterprise class server virtualization. Many of my colleagues set this as a standard but have started to look at XEN and Microsoft, driven by cost(s). Citrix and Microsoft are closing the gap to VMWare on technology, and feature/function.
It seems IT organizational leaders are all over the place when it comes rating the importance of virtualization features. I feel high availability is a priority one, followed by price. Both Microsoft Hyper-V R2 and Citrix XenServer offer high-availability features with a reasonable price tag. VMWare also offers high availability in its entry-level packages, except that it doesn't bundle features like Distributed Resource Scheduler, for machine load balancing, with its low-cost VSphere Essentials, making it an incomplete offering. I also question the support cost(s) of the VMWare solutions.
Other features I find highly valued included live virtual machine migration, fault tolerance, load balancing, and virtual switching/networking. Citrix and Microsoft recently cozied up to Marathon Technologies to provide fault tolerance for their platforms. There are features that VMWare offer that others do not, like storage DRS, which load balances data store I/O, and Storage vMotion. Why I don't like and seek alternatives is cost. VMWare's decision this year to increase its price beyond a certain virtual memory allocation. VMWare later raised the limit, but that move only delays a price increase that could drive IT organizations to look at these alternatives. If its bells and whistles like Storage DRS and Storage vMotion that VMWare expects to justify higher licensing costs, I am not buying it. I see steady improvements to Hyper-V and Xen, and Oracle's integration of Virtual Iron into their VM product, there are lots of alternatives to consider.
The challenge is mixing production hypervisors, that will not give your a unified, automated disaster recovery scheme. Plus it will require some deep expertise if you want one policy to govern all of your systems, a good goal. Make sure you take a holistic view of the environment, production, test, DR, and management.
I will have a future discussion on "Master Disaster Recovery for Virtual". Till then - keep your investigation and study on Private Clouds - don't be quick to jump on the bandwagon and put it in production.
Keep it positive!
Scott Arnett
scott.arnett@charter.net
Let's not spend time debating whether fully virtualized data centers will become standard or the norm. They will, and sooner than most may think. There are bigger challenges than how soon you can get 50% or more of your servers virtualized. Things like network, tools, management and the list goes on.
When I say Private Cloud, I mean an internal network that combines compute, storage, and other data center resources with high virtualization, hardware integration, automation, monitoring, and orchestration. Things like self service, are key items to this definition. Getting to this definition, with today's technology will be tough. Let's look at the range of problems IT faces, such as multivendor environments, limited automation, and still-emerging technology and standards.
Standards are scarce indeed, making every purchasing decision dicey. The CTO must understand how every component interacts with every other component, but since extensive server virtualization has increased operational complexity, this can be an extraordinarly difficult thing to get your arms around. IT teams looking to conventinoal network and system management products for help are finding that these expensive tools are inadequate to the task at hand. I would also say, don't look to just the normal vendors you have for years, like Cisco. There are some real up and coming champions to watch.
I also tell my colleagues the only savings realized from virtualization is fewer physical servers. Costs have increased via more expensive servers with bigger I/O and more memory, added cost of the hypervisor, and a much more difficult time to resolve problems when they occur.
VMWare is still the go to vendor when IT organizations talk enterprise class server virtualization. Many of my colleagues set this as a standard but have started to look at XEN and Microsoft, driven by cost(s). Citrix and Microsoft are closing the gap to VMWare on technology, and feature/function.
It seems IT organizational leaders are all over the place when it comes rating the importance of virtualization features. I feel high availability is a priority one, followed by price. Both Microsoft Hyper-V R2 and Citrix XenServer offer high-availability features with a reasonable price tag. VMWare also offers high availability in its entry-level packages, except that it doesn't bundle features like Distributed Resource Scheduler, for machine load balancing, with its low-cost VSphere Essentials, making it an incomplete offering. I also question the support cost(s) of the VMWare solutions.
Other features I find highly valued included live virtual machine migration, fault tolerance, load balancing, and virtual switching/networking. Citrix and Microsoft recently cozied up to Marathon Technologies to provide fault tolerance for their platforms. There are features that VMWare offer that others do not, like storage DRS, which load balances data store I/O, and Storage vMotion. Why I don't like and seek alternatives is cost. VMWare's decision this year to increase its price beyond a certain virtual memory allocation. VMWare later raised the limit, but that move only delays a price increase that could drive IT organizations to look at these alternatives. If its bells and whistles like Storage DRS and Storage vMotion that VMWare expects to justify higher licensing costs, I am not buying it. I see steady improvements to Hyper-V and Xen, and Oracle's integration of Virtual Iron into their VM product, there are lots of alternatives to consider.
The challenge is mixing production hypervisors, that will not give your a unified, automated disaster recovery scheme. Plus it will require some deep expertise if you want one policy to govern all of your systems, a good goal. Make sure you take a holistic view of the environment, production, test, DR, and management.
I will have a future discussion on "Master Disaster Recovery for Virtual". Till then - keep your investigation and study on Private Clouds - don't be quick to jump on the bandwagon and put it in production.
Keep it positive!
Scott Arnett
scott.arnett@charter.net
Subscribe to:
Posts (Atom)