BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

AFITC 2010

Posted August 31, 2010    Morey Haber

If your organization has never considered, or taken, IT security seriously, a keynote speech given by Maj. Gen. Richard Webbers at the Air Force Information Technology Conference 2010  in Montgomery, AL would have certainly changed your mind. The General went through a brief history of the 24th Air Command, its role in supporting cyber threats, and how this new division is combating modern threats to our military’s infrastructure. Even though the conference is closed to the general public, his speech defined how seriously the Air Force and United States Government are taking the concept of cyber intelligence and cyber-attacks. For the US Air Force, this command represents an entire division focused on protecting Air Force information technology and providing a consolidated technology forum for the cyber war fighter. His speech outlined the amount of dedicated resources to combat the problem and was justification alone to anyone on how seriously the Government is taking the threat of cyber threats. If the government is taking IT security this seriously, shouldn’t most organizations at least bring attention to their own security problems? His speech was a blunt reminder that we all need to consider security for our computing devices.

I have heard grumblings through the media that we will soon run out of IPv4 addresses. A second keynote from Dr. Tom Leighton, Co-Founder and Chief Scientist for Akamai confirmed this in the most unusual way. He indicated that companies that own large quantities of IPv4 addresses, that are commercially “inexpensive” to acquire, are being purchased by third parties just for their IPv4 addresses and nothing related to their business or technology. Amazing that we have come down to this.

In addition, the second part of Dr. Leighton’s presentation focused on how data is cached in the cloud via Akamai servers verses direct connections from every source to every web service. With the limitations of IPv4 and now only the emergence of IPv6, Akamai developed their own proprietary address schemes and routing protocols to manage the caching of data in the cloud. In essence, Akamai provides cloud services of their own in the cloud that are completely transparent to virtually everyone. In watching his demonstration on security threats to Akamai’s network, it became apparently clear the threats to the cloud will not necessary benefit from IPv6 (yes there will be some), but even IPv4 installation of cloud services could learn some lessons from Akamai’s infrastructure:

• Keep your cloud (and data center) operational communications “out of view” from normal traffic
• Never allow a single point of failure (not even a cable) to allow for your infrastructure to fault
• When possible, distribute components of the workload with redundancy.

Realistically this is cost prohibited for most applications and businesses, but as lessons learned goes, Akamai has succeed in making the internet “always” available even when outages and cyber attacks occur using this strategy. I hope many emerging cloud service vendors look at companies like Akamai and learn from their infrastructure and management of security threats.

So, after a long day at AFTIC 2010, it has become apparent that even the most basic IT services take security and vulnerabilities very seriously. Vendors and the Air Force recognize the importance of building security into every process and every piece of technology deployed. It is my hope that everyone takes a piece of this to their homes and businesses and learn that protections as simple as passwords can protect against even some of the most basic cyber threats.

Tags:
, , , , ,

Leave a Reply

Additional articles

Dark Reading

2014: The Year of Privilege Vulnerabilities

Posted December 18, 2014    Chris Burd

Of the 30 critical-rated Microsoft Security Bulletins this year, 24 involved vulnerabilities where the age-old best practice of “least privilege” could limit the impact of malware and raise the bar of difficulty for attackers.

Tags:
, , , , ,
dave-shackleford-headshot

Looking back on information security in 2014

Posted December 16, 2014    Dave Shackleford

Dave Shackleford is a SANS Instructor and founder of Voodoo Security. Join Dave for a closer look at the year in security, and learn what you can do to prepare for 2015, with this upcoming webinar. 2014 has been one heck of an insane year for information security professionals. To start with, we’ve been forced…

Tags:
, ,
patch-tuesday

December 2014 Patch Tuesday

Posted December 9, 2014    BeyondTrust Research Team

This month marks the final Patch Tuesday of 2014. Most of what is being patched this month includes Internet Explorer, Exchange, Office, etc… and continues a trend of the greatest hits collection of commonly attacked Microsoft software. Probably the one thing that broke the mold this month is that for once there is not some…

Tags:
,