Tag Archive for Gartner

| April 16, 2015
Comments Off on Wi-Fi Charges Up Ethernet

Wi-Fi Charges Up Ethernet

Wi-Fi Charges Up EthernetInformation Technology prognosticators Gartner (IT) predicts that 40% of enterprises will use Wi-Fi as the default connection for mobile and non-mobile devices by 2018 according to Fred Donovan at FierceMobileIT. The prediction says that typically fixed location devices like; desktops, desk phones, projectors, and conference rooms will use Wi-Fi as their primary connection replacing Ethernet.

Wi-FI logoGartner says Wi-Fi is facilitating BYOD. The enterprise Wi-Fi network now allows workers to choose any device and move anywhere in the workplace. Gartner argues that the introduction of security measures like 802.1X augmented with Advanced Encryption Standard (AES) encryption has lessened IT’s worry about security breaches involving the Wi-Fi infrastructure. Ken Dulaney, V.P. and distinguished analyst at Gartner said;

Ethernet cabling has been the mainstay of business workspace connectivity since the beginning of networking. However, as smartphones, laptops, tablets, and other consumer devices have multiplied, the consumer space has largely converted to a wireless-first world

Facilitating BYOD

As the first connection to the enterprise infrastructure, Wi-Fi brings workers the ability to choose any device and move anywhere without worry. VP Dulaney continued;

WI-FI certifiedAs bring your own device (BYOD) has increased in many organizations, the collision of the business and consumer worlds has changed workers’ demands

Furthermore, cabling systems or even peer-to-peer (P2P) wireless solutions using technologies that offer cable replacement have had to deal with a variety of connectors challenges, such as USB and micro-USB, as video systems move beyond Video Graphics Array (VGA). The market research firm also argues that MACD costs will decrease.

MACD costsAdditions, moves, and changes are costly inconveniences that waste time for enterprise IT organizations. A move can sometimes involve cabling changes that can cost as much as $1,000 … With Wi-Fi printers, desktops, and other devices, all that is required is a cable to the power source, leaving workers free to move themselves making reconfigurations of offices easier.

Because of the many benefits of Wi-FI, Gartner VP Dulaney predicts firms are going to change how they connect;

we expect many organizations to shift to a wireless-by-default and a wired-by-exception model.

New Ethernet specifications

In order to deal with the new wireless-by-default reality, changes are needed on the wired network.  at FierceCIO reports that the vendor community is working to address the Wi-Fi first world. Unfortunately, there are two industry groups pushing their own new Ethernet specifications. Mr. Mah says that new Ethernet standards are needed to work with Wave 2 of 802.11ac wireless access points (AP) with a theoretical maximum throughput of up to 3.5Gbps.

NCaptain Ethernetew standards are needed because the existing Gigabit Ethernet is a bottleneck and current alternatives are not attractive. First, link-aggregating two Gigabit Ethernet connections for each Wi-Fi AP would need additional cabling and more expensive managed switches to support it. Using 10GbE would be overkill. Upgrading to 10GbE is a significant investment that includes new Category 6a or Category 7 cables, more power, and more cabling.

One faction, the MGBase-T Alliance, was formed in June 2014 and includes; Avaya, Aruba Networks (ARUN), and Brocade (BRCD) as well as component vendors Broadcom (BRCM) and Freescale Semiconductor. The other group known as the NBase-T Alliance was formed in October 2014. This faction consists of Cisco (CSCO), Intel, Xilinx (XLNX), Freescale, and Aquantia, a company that’s already making 2.5G/5G components.

Little agreement on standards

At the moment, the only agreement between the two factions is that 2.5Gbps and 5Gbps speeds are needed. The IEEE 802 LAN/MAN Standards Committee has set up the P802.3bz 2.5/5GBase-T Task Force to address this issue. The 2015 Q1 CommScope Standards Advisor reports that the 802.3bz Ethernet cablescommittee has decided so far that:

  • 2.5 GBase-T option will run on Cat 5e (Class D) 4 pair UTP up to 100M, and
  • 5 GBase-T option will run on Cat 6 (Class E) 4 pair UTP up to 100M.
  • There is no release date yet

The concern, however, is that vendors could jump the gun by shipping pre-standard products ahead of standards rectification, complicating matters and slowing down the development of the pertinent standards.

rb-

Remember 802.11n? Pre-standard products? Given that there is no guarantee that systems built with components from the two groups will work together. Don’t jump the gun – waiting for the standard to solidify before buying into new 2.5G/5G Ethernet networking hardware.

For now, Dell’Oro Group analyst Alan Weckel told FierceCIO is that enterprises will probably be able to buy 2.5G/5G equipment starting in Q2 of 2015. 

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , , , , , , , , , , , , , , ,
| February 10, 2015
Comments Off on Windows 7 Reaches Middle Age

Windows 7 Reaches Middle Age

Windows 7 Reaches Middle AgeNow that you have almost eliminated Microsoft (MSFT) Windows XP from your network and settled on Windows 7 it should be time to catch your breath. But NOOO!! Windows 7 has reached the end of mainstream support.  That’s right we are already 5 years into the Windows 7 era. Repeat after me… Windows 7 still has five years left … Windows 7 still has five years left … Windows 7 still has five years left.

MMicrosoft Windows 7 logoicrosoft commits to 10 years of security fixes and 5 years of feature enhancements and bug fixes for each major OS release. Windows 7 has moved from mainstream support – free help for everyone – to extended support, which means Microsoft will charge for help with the software. That will end in 2020 when Microsoft turns out the lights on Windows 7 for good.

The recent techno-flops from the boys and girls in Redmond, Vista, and Windows 8 have taught enterprises to plan for a new desktop OS every other release. This puts businesses in a bind. MSFT’s track record prevents forward-looking firms from organically growing their desktop fleet into the next cycle. There are those that argue that until Microsoft separates consumer from commercial desktops, Microsoft commercial customers will continue to skip one or more iterations of Windows, their only real answer to the high costs and disruption of upgrading.

Gregg KeizerMirosoft update cycle at ComputerWorld cites research from Gartner (IT) which prognosticates that many enterprises cannot change their processes. Many organizations will go through the same machinations they did with XP. Or maybe even balk at dumping Windows 7 at the same pace as the venerable Windows XP, making things worse. Michael Silver of Gartner told ComputerWorld that having a plan could help organizations avoid a repeat of XP’s expensive end-of-support scramble. Gartner believes that the same EOL mad-scramble we saw with XP will occur again when time is up on Windows 7. Mr. Silver claims:

[A repeat of Windows XP] is certainly likely to happen … One of the big differences that’s been under-considered is that because Vista took five years to come out [after XP], there were eight years between XP and Windows 7. So Windows XP felt pretty old. … Windows 7 won’t feel that old to people…” 

Microsoft Windows 10 logoMr. Keizer argues that the failure of Windows 8 to win enterprise hearts and minds has created an oddity: Even though Windows 7 has made middle age, Microsoft continues to let OEMs sell PCs running the Windows 7 business edition.  Microsoft has yet to name an end date for OEM sales of machines powered by Windows 7 Professional. But because it has promised a 12-month notice, those PCs can still be sold at least until early January 2016, when the OS has but four years of life left.

But if you are just finishing your last migration, then you don’t have all that much time to start planning the next one.

rb-

If you don’t like the Redmond hamster wheel, consider your alternatives. Sophos compares the Windows upgrade schedule to some other options. 10 years might be the best option out there. For example:

  • Apple’s (AAPL) OS X is supported for mystery years,
  • Apple’s mobile iOS is supported for mystery years (3?)
  • Android seems to leave it up to you, but don’t expect Google (GOOG) to commit to securing it.
  • Ubuntu LTS is supported for around 5 years, and
  • Red Hat Enterprise 13 years (with extended support).
Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , , , , , , , , , ,
| October 14, 2014
Comments Off on 25 Years of the Firewall

25 Years of the Firewall

25 Years of the FirewallThe firewall has turned 25 years old this year. In commemoration, McAfee created a timeline of the events that shaped the development of the device most of us rely on the protect ourselves from each other. The infographic shows how the firewall’s evolution coincided with high-profile security events:

These security breaches triggered security developers to react with more advanced firewall technology:

  • 1998: Evasions researched
  • 2009: Native clustering for high availability and performance introduced
  • 2012: Software enabled security introduced, making blade technology obsolete.

The first generation firewalls were called Packet Filters. Packet Filter firewalls look at network addresses and ports of the packet and determine if that packet should be allowed or blocked based on rules programmed by humans. If a packet does not match the packet filter’s ruleset, the packet filter will drop or reject the packet, breaking the connection.

The second generation firewalls do stateful packet inspection. According to Wikipedia, second generation firewalls record all connections passing through it and determines whether a packet is the start of a new connection, a part of an existing connection, or not part of any connection. Though static rules are still used, these rules can now contain a connection state as one of their test criteria.

Third-generation firewalls use application layer filtering which can “understand” certain applications and protocols (such as File Transfer Protocol (FTP), Domain Name System (DNS), or Hypertext Transfer Protocol (HTTP)). This is useful as it is able to detect if an unwanted protocol is attempting to bypass the firewall on an allowed port or detect if a protocol is being abused in any harmful way.

Next Generation FirewallPat Calhoun, SVP at McAfee, explained in a Help Net Info article that it was not until 2009 when the fourth generation firewall we know and love began to evolve. In 2009 Gartner published its definition and a paper on “Defining the Next-Generation Firewall. (PDF)” According to its definition, NGFWs are:

…deep-packet inspection firewalls that move beyond port/protocol inspection and blocking to add application-level inspection, intrusion prevention, and bringing intelligence from outside the firewall.

In its paper, the Gartner authors explain that “Firewalls need to evolve to be more proactive in blocking new threats, such as botnets and targeted attacks.” Mcafee’s Calhoun points out that NGFW discussions started in 2003 but the technology really didn’t get on the right track until Gartner defined it in 2009.

 

Intel 25th Anniversary of the Firewall infographic

rb-

Future NGFW development efforts need to integrate application control, IPS, and evasion prevention into a single, purpose-built box with enterprise-scale availability and manageability solution.

Back in the day, 2000, I managed a Checkpoint firewall IPSO ver 3.0 on a Nokia appliance (IP300?). The thing was the network had been up and running for 3 years and included over 3,000 devices before the Checkpoint was put in. Can’t get away with that now,  a naked PC on the Innertubes will be compromised within minutes to hours, according to those who know that kind of stuff. 

The most vivid recollection of setting the thing up was just randomly mashing on the keys to create the first key. Other network guys were amazed because apparently, this was the first firewall many had seen with a GUI to configure the rules.

I also remember learning the hard way that Deny All goes at the bottom of the list, not the top. 

Related articles
  • Enterprise Firewall Market: Global Forecast to 2019 by Professional Services (mynewsdesk.com)

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , ,
| September 25, 2014
Comments Off on Internet of Things Full of Holes

Internet of Things Full of Holes

Internet of Things Full of HolesThe Internet of Things, is big and heading towards huge. The Internet of Things (IoT) is a system where unique identifiers are assigned to objects, animals, or people. These “Things” then transfer data over a network without requiring human-to-human or human-to-computer interaction. Whatis.com says IoT evolved from the convergence of wireless technologies, micro-electromechanical systems (MEMS), and the Internet.

Business Insider believes that the IoT will be the biggest thing since sliced bread. They claim there are 1.9 billion IoT devices today, and 9 billion by 2018, which roughly equal to the number of smartphones, smart TVs, tablets, wearable computers, and PCs combined. Gartner (IT) predicts that there will be 26 billion IoT devices by 2020. Based on a recent article in InfoSecurity Magazine is a very scary thing.

BI Global IOT Installed Devie projectionsThe InfoSecurity article says HP (HPQ) found 70% of the most common IoT devices have security vulnerabilities. HP used its Fortify On Demand testing service to uncover security flaws. HP detected flaws in IoT devices like TVs, webcams, home thermostats, remote power outlets, sprinkler controllers, hubs for controlling multiple devices, door locks, home alarms, scales, and garage door openers as well as their cloud and mobile app elements according to the new study.

HP tested IoT devicesHP then tested them with manual and automated tools and assessed their security rating according to the vendor neutral OWASP Internet of Things Top 10 list of vulnerability areas. The author concludes that the results raised significant concerns about user privacy and the potential for attackers to exploit the devices and their cloud and app elements. Some of the results are:

  • A total of 250 security concerns were uncovered across all tested devices, which boils down to 25 on average per device,
  • 90% of devices collected at least one piece of personal information via the device, the cloud, or its mobile application,
  • 80% of devices studied allowed weak passwords like 1234 opening the door for WiFi-sniffing hackers,
  • 80% raised privacy concerns about the sheer amount of personal data being collected,
  • 70% of the devices analyzed failed to use encryption for communicating with the Internet and local network,
  • 60% had cross-site scripting or other flaws in their web interface vulnerable to a range of issues such as the Heartbleed SSL vulnerability, persistent XSS (cross-site scripting), poor session management and weak default credentials,
  • 60% didn’t use encryption when downloading software updates.

Mike Armistead, VP & General Manager, HP Fortify, explained that IoT opens avenues for attackers.

IoT opens avenues for the attackers.While the Internet of Things will connect and unify countless objects and systems, it also presents a significant challenge in fending off the adversary given the expanded attack surface … With the continued adoption of connected devices, it is more important than ever to build security into these products from the beginning to disrupt the adversary and avoid exposing consumers to serious threats.

HP urged device manufacturers to eliminate the “lower hanging fruit” of common vulnerabilities. They recommend manufacturers, “Implement security … so that security is automatically baked in to your product … Updates to your product’s software are extremely important.”

Antti Tikkanen, director of security response at F-Secure, told InfoSecurity said the problems HP uncovered in this report were just the tip of the iceberg for IoT security risks.

One problem that I see is that while people may be used to taking care of the security of their computers, they are used to having their toaster ‘just work’ and would not think of making sure the software is up-to-date and the firewall is configured correctly … At the same time, the criminals will definitely find ways to monetize the vulnerabilities. Your television may be mining for Bitcoins sooner than you think, and ransomware in your home automation system sounds surprisingly efficient for the bad guys.

rb-

I covered the threats that IoT or “smart” devices presented back in 2012. I don’t know where HP (or the rest of the security community) has been.

The current generation of “smart” devices does not seem to have any security. Most likely the manufacturer did not consider basic security or worse calculated it was better to ignore the secure design in their rush to gain market share.

It is also annoying that HP did not reveal the details on the products they tested.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , , , , , , , , , ,
| May 22, 2014
Comments Off on BYOD: My Phone Your Problem

BYOD: My Phone Your Problem

BYOD: My Phone Your ProblemFujitsu warns that BYOD programs have a lot of hidden costs that IT departments often do not consider according to a recent article on FierceMobileIT. Craig Merrick, the managing consultant for mobile business solutions at Fujitsu (6702), explains the sources of extra costs of the BYOD program.

oftware updates to smartphones could cause problemsThe enterprise can incur significant additional costs if it tries to support all versions of operating systems being used by BYOD employees. Mr. Merrick says software updates to smartphones could cause problems with existing corporate applications. This could lead to the help desk being overwhelmed with calls.

BYOD support costs

He cites a recent survey of 25,000 BYOD end users by Fujitsu found that 80% of users believe that their corporate IT department is responsible for fixing issues with their personal devices.They want to bring their own device but they don’t want to take responsibility for fixing it,” Fujitsu’s Merrick said. Gartner (IT) forecasts that supporting BYOD will cost enterprises $300 per employee annually by 2016, up from a current $100 per employee annually.

storing corporate information on personal devicesAnother area of unforeseen cost, according to the article is a security breach caused by BYOD. A survey (PDF) of 790 IT professionals by Dimensional Research on behalf of security firm Check Point found that 79% of respondents reported they had a mobile security incident within the past year. Many of these incidents stemmed from employees storing corporate information on personal devices.

Mobile security incidents

The report revealed that more than half of large businesses reported mobile security incidents that have cost them more than $500,000. For 45% of SMB, mobile security incidents exceeded $100,000 in the past year, the survey found. Tomer Teller, security evangelist and researcher at Check Point commented;

Without question, the explosion of BYOD, mobile apps, and cloud services has created a herculean task to protect corporate information for businesses both large and small.

protect corporate information for businessesThe article concludes that additional costs for firms contemplating BYOD, can include network infrastructure upgrade, wireless service costs, device management product investment, and application and software investments, explained Forrester (FORR) analyst Michele Pelino.

rb-

Many businesses believe that implementing a BYOD policy will save them both the capital outlay of acquiring devices and the ongoing cost of maintaining them. But the reality does not always match the theory.  Planning and implementing a successful BYOD program requires executives to understand the costs, as well as the benefits.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , ,
« Older Entries   Recent Entries »