Archive for ‘Security’

July 4, 2011

Cloud Client Computing

Client cloud computing offers lot of benefits to the organisation. Energy efficient (Green IT), up to date, more reliable, access anywhere, portable, mobility, cost effective, easy to deploy, easy to re-store, less management and maintenance. Client computing challenges are handled by cloud client computing.  To maintain client systems, every organisations spending good amount money. Engineers required all the sites. These challenges handled by cloud. In this category I can recommend a product Wyse.

Cloud Client Computing

Cloud Client Computing

Wyse Cloud Client Portfolio

  1. Wyse Cloud Clients
    • Wyse Thin Clients – Sophisticated. Secure. Friendly. Performance with flexible functionality.
    • Wyse Zero Clients – Simple. Secure. Stingy. Performance with dedicated functionality.
    • Cloud PCs – Familiar. Performance. Improved. The PC, only better – with centralized OS, applications, and content.
  2. Handhelds – Complete support for Apple iOS and Google Android smartphones and tablets viaWyse PocketCloud, the leading Mobile Cloud Software for enterprises and consumers.
  3. Wyse Ultra-thin Firmware – Wyse ThinOSLinuxWindows CE and Windows Embedded Standard– the most comprehensive, secure, scalable and reliable cloud client firmware suite in the industry.

Wyse Cloud Software Portfolio

  1. Wyse Cloud Client Software
    • Wyse Zero™ – Cloud-based technology engine powering a new world of cloud-connected dedicated Zero Clients.
    • Wyse Mobile Cloud Software – Wyse PocketCloud, the leading cloud-based mobile app suite connecting you to your personal, private or public cloud from any handheld.
    • Wyse Cloud PC Software – Cloud-based software to cloudify your PCs, TCs, or VMs by centralizing their OS, apps and content in a private cloud.
  2. Wyse Management Software – Secure. Scalable. Cloud-centric remote device management for the extended enterprise.
  3. Wyse Virtualization Software – Delivering the best user experience and optimized performance for any cloud client deployment.

June 12, 2011

Riverbed Whitewater™ and Steelhead™, – Cloud Data Protection for Backup, Archive, and Disaster Recovery

Riverbed Cloud Service products, Whitewater™ and Steelhead™, enable organizations to improve their data protection and disaster recovery strategies quickly and easily. The Riverbed Whitewater™ appliance enables organizations to increase their data protection and disaster recovery strategies by moving backup data directly into cloud storage. Organizations looking to leverage cloud storage will be able to deploy Whitewater without any changes to their existing backup processes or products. Moreover, backups moved into the cloud will be de duplicated in-line, reducing overall bandwidth and cloud storage requirements, and the data will be secured at rest, as well as in flight to the cloud, making cloud storage, cloud backup, and cloud archive an integral part of an organization’s data protection strategy.

Key Whitewater Benefits:

  • Reduce disaster recover costs with cloud data protection
  • Meet accelerated recovery SLAs
  • Simplify off-site data storage for DR
  • Secure offsite data
  • Deploy with no change to existing backup infrastructure


Cloud Steelhead™

Cloud Steelhead™ offers the same WAN optimization functionality you’ve come to know and trust, in a form factor that’s much better suited for public cloud environments. It completely interoperates with Steelhead® appliances, Virtual Steelhead™, and Steelhead Mobile™ clients.

Cloud Steelhead includes tools that allow for instant deployment and easy cloning of instances. It also has a uniquely advanced model for intercepting traffic in the cloud. In addition, a new portal allows for easy management and licensing, and instant upgrades of cloud Steelhead instances.

Key benefits of Cloud Steelhead:

  • Instant deployment
  • Simple, portal-based management
  • Elastic sizing and easy cloning
  • Advanced cloud interception
  • Cloud-like pricing model

June 8, 2011

Digital ants protect critical infrastructure

Wake Forest University security expert developed “digital ants” to protect critical networks; unlike traditional security approaches, which are static, digital ants wander through computer networks looking for threats such as computer worms, self-replicating programs designed to steal information or facilitate unauthorized use of computers; when a digital ant detects a threat, it summons an army of ants to converge at that location, drawing the attention of human operators to investigate

“The idea is to deploy thousands of different types of digital ants, each looking for evidence of a threat,” Fulp said. “As they move about the network, they leave digital trails modeled after the scent trails ants in nature use to guide other ants. Each time a digital ant identifies some evidence, it is programmed to leave behind a stronger scent. Stronger scent trails attract more ants, producing the swarm that marks a potential computer infection.”

The concept has proven successful in testing on a small scale, but will it still work when it’s scaled up to protect something as large and complex as the nation’s power grid? Fulp and two of his students — computer science graduate students Michael Crouse and Jacob White — are working this summer with scientists at PNNL and from the University of California at Davis to answer that question. Even using PNNL’s vast computer platforms, they can only rely on computer simulations to predict the ants’ “behavior” up to a point.

“In nature, we know that ants defend against threats very successfully,” Fulp said. “They can ramp up their defense rapidly, and then resume routine behavior quickly after an intruder has been stopped. We’re trying to achieve that same framework in a computer system.”

March 10, 2011

Cloud Computing World Forum Middle East and Africa in Dubai

I had a chance to attend the conference (09-03-2011). It was rich contented and lot of thought process in different angles. Its benefits, commercials, challenges, security, legal and future. One thing sure the drive is towards cloud, it’s private, public and hybrid. Cloud computing is there the time internet started or the mainframe started. Now the service delivery models changed. Tomorrow this service can call it as different name with some added value or modifications. Discussion of PaaS, IaaS, SaaS was fruitful and given thought of the service model. Cloud model has CAPX and OPX benefits. But it’s depends the maturity of the organization or how the approach is. Couple of challenges related to this region discussed about the connectivity, legal aspects and security. More and more players coming this market with different service design. The concept still to go for more maturity and definitions. Virtualisation, consolidation, thin clients are the couple of components making this journey. Anywhere any time access. Optimization and de-duplication also part in it.

Cloud Computing World Forum Middle East and Africa in Dubai

March 3, 2011

Security Threats In VoIP

Users have been exposed to the risks of sending data over the Internet while at the same time having the expectation that telephone conversations are strictly confidential. Security issues in the data and voice networks are in fact very similar, but completely separate in the minds of most users. Major security concerns of VOIP networks.

• Phreaking
Phreaking is a slang term coined to describe the activity of a subculture of people who study, experiment with, or explore telecommunication systems. This is sometimes called the H/P culture (with H standing for hacking and P standing for phreaking). Through this making calls through another user network, putting cost to that person.
• Eavesdropping
Eavesdropping is how most hackers steal credentials and get important information like business data. Through eavesdropping, a third party can obtain names, password and phone numbers, allowing them to gain control over voicemail, calling plan, call forwarding and billing information.
• Vishing
Vishing is a party calling you faking a trustworthy organization (e.g. your bank) and requesting confidential and often critical information.
• DoS (Denial of Service)
DoS attacks can be carried out by flooding a target with unnecessary SIP call-signaling messages, thereby degrading the service.
• SPIT (Spamming over Internet Telephony)
SPIT attacks consist of sending a voicemail to a person, masquerading it with information from a party trustworthy to the receiver, like a bank or online paying service, making him think he is safe.
• Man-in-the-middle attacks
VoIP is particularly vulnerable to man-in-the-middle attacks, in which the attacker intercepts call-signaling SIP message traffic and masquerades as the calling party to the called party, or vice versa. Once the attacker has gained this position, he can hijack calls via a redirection server.

February 10, 2011

Identity management and single sign-on (SSO)

Identity management has become a very important issue in IT today. As Web applications have grown throughout the years to support many of our business processes, these same applications have expanded the number of users, groups and roles that must be managed. The more systems that are put in, the greater the burden on the systems administration and help desk teams. If we list the number of accounts we are holding to operate business application, it’s huge. If we don’t have an identity and SSO, below are the major problems.

a) Too many credential
b) Which one for which application
c) Multiple logons
d) Provisioning new accounts
e) Password management
f) Auditing user activity
g) De-provisioning users
h) Managing non-employees access

December 23, 2010

Cloud Infrastructure

I was reading through the could infrastructure. It’s going to change the way we work with infrastructure. For me as an infrastructure professional it’s change the environment. Very easy to build the systems. Easy access, easy disconnection and lot more change the way we manage.

My end user desk tops are from cloud. My server’s and application’s are from cloud. I will be keeping a big pipe WAN link, dump terminals, telephones, and LAN connections of these. The entire infrastructure is from cloud. Applications are browser based. All the applications are accessed through an integrated area or form a portal. All the infrastructure is managed cloud provider. Locally no server, no data, no application. More and more mobile workers. Good to see more……

Cloud Infrastructure

October 12, 2010

Desktops and Notebooks Operating System

It’s been quite long period people are tied with windows operating systems in desktops and notebooks. It’s user interface, installation, support of application, integration, drivers, devices, etc. Now the technology changed. People awareness changed requirement and way of access changed. This week I installed Ubuntu 10.10 in my notebook. It’s extremely awesome.

OS appearance changed, using Ubuntu font. E-mail, chat and micro blogging integrated. Installer is simple and faster. The trend shows more organisations and individuals will adapt the new OS.

February 15, 2010

Information Security Management System (ISMS) – ISO 27001

Information Security Management System (ISMS) is a management system based on a systematic business risk approach, to establish, implement, operate, monitor, review, maintain, and improve information security. It is an organizational approach to information security. ISO/IEC 27001 is a standard for information security that focuses on an organization’s ISMS.

Objective of ISMS

    Information security is the protection of information to ensure:

• Confidentiality: ensuring that the information is accessible only to those authorised to access it.
• Integrity: ensuring that the information is accurate and complete and that the information is not modified without authorization.
• Availability: ensuring that the information is accessible to authorized users when required.

Why should I implement ISO 27001 ISMS?

• Certification of a management system brings several advantages. It gives an independent assessment of your organization’s conformity to an international standard that contains best practices from experts for ISMS.
• Meeting legislative and regulatory requirements
• As a measure and independent evidence that industry best practices are being followed.
• As part of a corporate governance program

Process for implementing ISO 27001
1. Define an information security policy
2. Define scope of the information security management system
3. Perform a security risk assessment
4. Manage the identified risk
5. Select controls to be implemented and applied
6. Prepare as SoA (a “statement of applicability”)

The Certification Process
 Guidelines – ISO/IEC 27002:2007
 Certification – ISO/IEC 27001:2005
 Stage 1 : Documentation Review & evaluate client’s readiness
 Stage 2 : Implementation audit & evaluate effectiveness of client’s systems
 Lead Auditor’s recommendation to certify
 Certificate issued by certification/registration body
 Surveillance
 Periodic review audits (6 months interval)
 Re-certification (after 3 years)