BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

AFITC 2010

Posted August 31, 2010    Morey Haber

If your organization has never considered, or taken, IT security seriously, a keynote speech given by Maj. Gen. Richard Webbers at the Air Force Information Technology Conference 2010  in Montgomery, AL would have certainly changed your mind. The General went through a brief history of the 24th Air Command, its role in supporting cyber threats, and how this new division is combating modern threats to our military’s infrastructure. Even though the conference is closed to the general public, his speech defined how seriously the Air Force and United States Government are taking the concept of cyber intelligence and cyber-attacks. For the US Air Force, this command represents an entire division focused on protecting Air Force information technology and providing a consolidated technology forum for the cyber war fighter. His speech outlined the amount of dedicated resources to combat the problem and was justification alone to anyone on how seriously the Government is taking the threat of cyber threats. If the government is taking IT security this seriously, shouldn’t most organizations at least bring attention to their own security problems? His speech was a blunt reminder that we all need to consider security for our computing devices.

I have heard grumblings through the media that we will soon run out of IPv4 addresses. A second keynote from Dr. Tom Leighton, Co-Founder and Chief Scientist for Akamai confirmed this in the most unusual way. He indicated that companies that own large quantities of IPv4 addresses, that are commercially “inexpensive” to acquire, are being purchased by third parties just for their IPv4 addresses and nothing related to their business or technology. Amazing that we have come down to this.

In addition, the second part of Dr. Leighton’s presentation focused on how data is cached in the cloud via Akamai servers verses direct connections from every source to every web service. With the limitations of IPv4 and now only the emergence of IPv6, Akamai developed their own proprietary address schemes and routing protocols to manage the caching of data in the cloud. In essence, Akamai provides cloud services of their own in the cloud that are completely transparent to virtually everyone. In watching his demonstration on security threats to Akamai’s network, it became apparently clear the threats to the cloud will not necessary benefit from IPv6 (yes there will be some), but even IPv4 installation of cloud services could learn some lessons from Akamai’s infrastructure:

• Keep your cloud (and data center) operational communications “out of view” from normal traffic
• Never allow a single point of failure (not even a cable) to allow for your infrastructure to fault
• When possible, distribute components of the workload with redundancy.

Realistically this is cost prohibited for most applications and businesses, but as lessons learned goes, Akamai has succeed in making the internet “always” available even when outages and cyber attacks occur using this strategy. I hope many emerging cloud service vendors look at companies like Akamai and learn from their infrastructure and management of security threats.

So, after a long day at AFTIC 2010, it has become apparent that even the most basic IT services take security and vulnerabilities very seriously. Vendors and the Air Force recognize the importance of building security into every process and every piece of technology deployed. It is my hope that everyone takes a piece of this to their homes and businesses and learn that protections as simple as passwords can protect against even some of the most basic cyber threats.

Tags:
, , , , ,

Leave a Reply

Additional articles

ovum-research

New Analyst SWOT Assessment Identifies Key Strengths of PowerBroker

Posted November 24, 2014    Scott Lang

Following on the heels of the Gartner PAM market guide and Frost & Sullivan review of Password Safe comes a new analyst review of our BeyondInsight and PowerBroker platforms, a SWOT assessment of BeyondTrust written by Ovum. Ovum’s honest and thorough review of BeyondTrust indicates that we are delivering, “…an integrated, one-stop approach to PAM….

Tags:
, , ,

Patented Windows privilege management brings you unmatched benefits

Posted November 24, 2014    Scott Lang

We are pleased to announce that BeyondTrust has been granted a new U.S. Patent (No. 8,850,549) for privilege management, validating our approach to helping our customers achieve least privilege in Windows environments. The methods and systems that we employ for controlling access to resources and privileges per process are unique to BeyondTrust PowerBroker for Windows….

Tags:
6

A Quick Look at MS14-068

Posted November 20, 2014    BeyondTrust Research Team

Microsoft recently released an out of band patch for Kerberos.  Taking a look at the Microsoft security bulletin, it seems like there is some kind of issue with Kerberos signatures related to tickets. Further information is available in the Microsoft SRD Blogpost So it looks like there is an issue with PAC signatures.  But what…

Tags:
, , , ,