Tag Archive for Security

| August 22, 2013
Comments Off on From Madison to PRISM

From Madison to PRISM

From Madison to PRISMThe folks at Whocalledmyphone.net have given us this excellent infographic. It traces the battle between the right to privacy and the prying eyes of the government. The infographic follows the erosion of privacy from the Bill of Rights to Prism. For more details, you can also check out the EFF page Timeline of NSA Domestic Spying.

Privacy vs. Security infographic
Image compliments of Who Called My Phone

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , ,
| August 1, 2013
Comments Off on ALU Gets 31 Tbps

ALU Gets 31 Tbps

ALU Gets 31 TbpsDavid Meyer at GigaOM noted the latest tests by Alcatel-Lucent’s (ALU) venerable Bell Labs division. The lab has figured out how to increase the bandwidth of submarine cables by a factor of three. They were able to move traffic at 31 Terabits per second (Tbps).

Alcatel-Lucent logoAlcatel-Lucent says it has broken the record for the amount of data that can be pushed through submarine cables. They claim to have achieved 31 Terabits per second over a single fiber that’s 4,474 miles long. For comparison, the Register figured that the average 15 minute, low-res movie is about 100Mb in size. They calculate that the new cable could speed 40,632 flix across the Atlantic every second. That would be enough for 423 days and nights of non-stop video viewing – in just one second.

It is important to remember we’re talking about a lab test. The test took place at ALU’s Innovation City campus in Villarceaux near Paris. The GigaOm article notes that the researchers with Bell Labs squeezed almost 10 Tbps more out of the fiber than the 21.7Tbps that NEC (6701) and Verizon (VZ) managed last year. This is three times roomier than in today’s most advanced commercial undersea cables.

Transoceanic cable

transoceanic cableThe author points out that that’s just one fiber and a transoceanic cable may have eight pairs of fibers. Again, this is a lot of capacity. However, it’s also worth noting that Alcatel-Lucent’s tests required a signal amplifier every 100km along the line.

The article claims that ALU’s Bell Labs division has done this type of research since 1925 in New Jersey. This type of work is more critical to ALU than ever. In June 2013, Alcatel-Lucent announced its “Shift Plan”, which involves moving away from being a telecoms equipment generalist. They want to be a specialist in IP networking and mobile and fixed broadband access. Philippe Keryer, Alcatel-Lucent’s chief strategy, and innovation officer said in a statement:

Undersea fiber-optic transmission is integral to the digital economy, delivering vast amounts of video and data between countries, regions and continents. As our customers cope with increasing demand on their networks for data capacity and higher-speeds of transmission, our researchers are intensifying their application with tests like this to develop new technology solutions to transform global data networks.

Wavelength division multiplexing (WDM)Mr. Meyer explains the test used Bell Labs’s technique for squeezing 200Gbps through a single data channel. It used 155 lasers, each one carrying 200Gbps at a different frequency. This represents an enhancement to the wavelength division multiplexing (WDM) techniques that run at up to 100Gbps in today’s commercially deployed cable.

Normally such signals suffer from distortions and noise, which limit performance. But GigaOM understands that Alcatel-Lucent was able to resolve this by using an enhanced version of WDM. The enhanced WDM works by splitting light up into different wavelengths so that it can carry more data.

Long-haul high-speed networking

Increasing bandwidthThe pace of development in the long-haul high-speed networking field is impressive. It’s easy to see just how far we’ve come. GigaOM provided a quick look at some of the other recent developments in long-haul high-speed networking.

  • May 2011 a team of German, UK, and Swiss scientists successfully used Orthogonal Frequency-Division Multiplexing (OFDM) to send data at a rate of 26Tbps over a 50km long single-mode fiber optic cable.
  • January 2012 a Japanese team working out of NEC successfully transmitted 4Tbps over a single “ultra-long haul” (10,000km) fiber optic cable without repeaters by making use of WDM just like Alcatel-Lucent.
  • May 2013 a more exotic approach with the UK test of hollow fiber optic cable that delivered speeds of 73.7 Tbps.

rb-

Remember that the NSA has a submarine, the USS Jimmy Carter designed to tap undersea telecom cables on the bottom of the sea. This new speed record could be used to spy on more people.

 The Undersea Cables that Connect the World

Related articles

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , ,
| June 25, 2013
Comments Off on Box Beefs Up Backbone for Business

Box Beefs Up Backbone for Business

The evolution of Box from an idea to let its customers share and manage and access their content from anywhere to a cloud file-sharing and storage start-up to a business serving over 150,000 businesses, including 92 percent of the Fortune 500 continues. DataCenter Knowledge reports that half of Box’s activity comes from outside of the U.S. and 40% comes from mobile devices.

In order to support the growth, DCK says Box is touting Accelerator, its global data transfer network, as well as adding several key certifications in a bid to make its global enterprise customer base happy. Further infrastructure expansion lies ahead. “We really think we’re solving a problem for an end-user,” said Jeff Quesser, VP of Technical Operations for Box. “But we’re also solving an IT concern; they can get all the auditing, compliance they need. This can be run in a very safe way.”

With over 150 percent growth last year the company has had to tailor its service in the best ways possible to serve the enterprise crowd.  The blog says 50 percent of Box activity is happening outside of the US, either from international firms or U.S. enterprises with a global presence. Mr. Queisser told DCK. “Speed is absolutely critical. If you have sites all around the world, you need blazing fast download speeds.”

This enterprise customer need was the impetus behind Box Accelerator. The company has established upload endpoints in key global data center hubs featuring end-to-end encryption. The company has built patent-pending intelligent routing and optimization technology that delivers uploads 2.5 times faster on average. It has built a network that helps you get data into Box as fast as possible.

Box Global Data Transfer Network

Box Accelerator tweaks the TCP stack to get better performance. Mr. Queisser explained to DCK.

“(With) most consumer operating systems, networking stacks are not optimized … There’s the bandwidth delay problem. TCP is an amazing protocol, but wasn’t made for these types of distances and this kind of bandwidth. It’s a testament to how amazing the protocol is that it’s done what it’s done.”

The article says the biggest problem for Box is how to handle inbound traffic.

“What we’ve done is unique in that it’s optimizing inbound data … How do you ingest 100MB rather than send it out? The other piece is that we built these nodes, and a routing feedback loop technology.  It determines the fastest way to get to Box. Sometimes it’s an accelerator node, but there are times when direct is the fastest path.”

Accelerator started off small but has added nine new points of infrastructure. It’s a small footprint that provides a big performance boost. The goal is to have cloud-based endpoints in all regions. The article claims that Neustar conducted a performance analysis test and found that “Box had the lowest average upload time across all locations, about 66% faster than the closest competitor.

The company is also planning to apply this technology to file downloads. Accelerator has added speed to enterprise uploads, but the company told DCK it is looking to speed up downloads in a similar fashion. “We need to do that in a way where it’s encrypted and it isn’t cached,” said Mr. Quiesser.

ISO 27001It in terms of certifications, Box has recently added ISO 27001 and support for HIPAA. ISO 27001 is the international standard for information security management systems (ISMS) and demonstrates how the policies and controls put in place at Box protect user data.

rb-

Better performance and security are great things from a cloud vendor. But what impact does the NSA spying scandal is going to do on the cloud storage business model. There could be repercussions if vendors don’t cooperate.

What do you think? is the Box network ready for the enterprise?

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , ,
| June 18, 2013
Comments Off on Quantum Encryption for Grid Security

Quantum Encryption for Grid Security

Quantum Encryption for Grid SecurityVulnerabilities in the national grids and the potential for wide-scale outages have raised concerns over the past few years as high-profile companies have gone public with highly advanced hacking attempts. MIT‘s Technology Review reported on GridCOM Technologies, a startup that recently secured seed funding from Ellis Energy Investment which says quantum cryptography can make the electricity grid control systems secure.

Quantum cryptography

Quantum entanglementDr. Duncan Earl the chief technology officer of GridCOM Technologies told TR he plans to use the start-up money to build a prototype quantum encryption system designed specifically for the electricity grid. The company’s hope is to show a working system working next year near its home base in San Diego. Utilities would pay about $50 a month for access to a software service and hardware that encrypt critical communications in an area.

With GridCOM Technologies, Dr. Earl is trying to make critical infrastructure more secure by encrypting data sent to grid control systems. The article explains that traditional encryption techniques can’t work at the low latency speeds—measured in milliseconds–required for SCADA systems, which leaves them vulnerable to attack. CTO Earl is an expert in optical technologies who worked for the Cyberspace Sciences and Information Intelligence Research group at Oak Ridge National Laboratory and helped spin out an optical lighting company in 2006.

Quantum entanglement

twin photonsGridCOM Technology’s system works by generating two photons using a laser and storing them in optical fiber cables. These twin photons each have an opposition polarization—either a wave oscillating up and down or left and right, Dr. Duncan explained to the author, Martin LaMonica. According to quantum mechanics, if one tries to measure these photons, it will change the state of the other and the photons are no longer “entangled.” This phenomenon allows a communications system to detect if a message has been intercepted.

According to the article, the firm’s service would create an encryption key based on the arrangement of the photon pair. A hardware receiver posts that information on the Internet and the company’s hosted software will poll those devices. A subscriber to the service will be able to confirm that communications haven’t been tampered with and encrypt messages, Mr. Duncan says. “You’ve got physics that is ultimately securing the device, not mathematics. Mathematical complexity has been a great tool for encryption but it’s not future proof,” he told TR.

GridCOM’s Duncan says a key advantage of the system, is that it works quickly, a necessity for SCADA systems. “You’ve eliminated the possibility of somebody eavesdropping to hack the key. There’s no data latency and you’ve leveraged a random bit stream … That’s really all the grid needs.

Quantum Encryption

 

Limitations

One of the main limitations is that the cryptography is only point-to-point over a fiber cable and can’t work across switching equipment over the Internet. In GridCOM Technology’s case, the system is limited to 20 kilometers in distance. GridCOM’s CTO envisions that utilities will put a series of hardware receivers in secured buildings to encrypt communications for a whole region. There are already a number of efforts to build commercial quantum encryption systems GigaOm reported on the success that the scientists at Los Alamos have had running a quantum network for over two years and ID Quantique in Switzerland.

TR concludes that quantum encryption offers one promising route to securing the grid, but it shouldn’t be seen as a silver bullet. If it works, it would address one very specific application but securing something as complex as the power grid requires a full suite of options and above all good security practices.

Smart Grid Today provides (PDF) some background. Quantum physics was first described in a 1935 paper that included Albert Einstein as an author. Erwin Schrödinger coined the quantum term “entanglement” and that was the basis for his famous thought experiment of a cat that exists simultaneously in a state of being alive and dead.

CERN to prove quantum entanglement, utterly confounding Einstein’s theory of relativity because now information can be transmitted not at or below the speed of light, but literally instantaneously.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , ,
| May 14, 2013
Comments Off on Did You Wipe Your Tablet?

Did You Wipe Your Tablet?

Did You Wipe Your Tablet?Techno prognostication firm IDC says (I think they are right on this one) that worldwide sales of tablets will surpass desktop PCs and laptops by the end of 2014. This will result in a boomlet in the second-hand tablet market and a recent article on Infosecurity says that in response, firms will need to start data wipe their old tablets just as thoroughly as old hard disks to protect their data.

take responsibility for removing dataThe company is responsible for any company data held on the mobile device; no matter the flavor of BYOD practiced so it is the company that must take responsibility for removing data from the device before disposal. The Infosecurity article says that ensuring that mobile device solid-state memory is completely clean is technically difficult.

Solid-state memory

The article highlights BlackBelt, which has just enhanced its data wiping product to include Apple (AAPL) and Google (GOOG) Android tablets explained the difficulty to the author. “Solid-state memory uses a technique called wear leveling to maximize the life expectancy of the memory chips.” BlackBelt’s business development manager Ken Garner told Infosecurity,It works by spreading the binary information (0s and 1s) randomly across all the memory cells in the chip. This means that unlike on spinning disk memory, the location of the data on the user interface bears no relation to where it is stored on the drive, making traditional forms of deletion ineffective.

end users can't data wipe their mobile devicesBlackBelt says end-users can’t data wipe their phones, “it isn’t possible for an individual to perform a full removal of personal data from any smartphone or tablet using a device’s in-built factory reset or by re-flashing the operating system.” the vendor explains to Help Desk Security that wear leveling will, “over-rule instructions to permanently overwrite old data.

Solid-state memory wear leveling

Because of ‘wear leveling, neither remote wipes nor factory resets are guaranteed to remove all the data from solid-state memory. The blog points out that a low-cost product called Wondershare, can recover data from solid-state memory. Mr. Garner claims the software, “recovers just about everything after either a factory reset or a local (phone operating system) delete.

Many data wiping solutions don’t work on solid state memoryWhen a tablet is retired it is incumbent on the company to make sure that all data held on the device is adequately deleted. One problem, says Garner, is that “Many data wiping solutions, more often than not, have been “…re-purposed from data wiping solutions for traditional hard disk drives,” and that simply doesn’t work on solid-state memory.

Three-stage process to wipe SSM

DataWipe, uses a three-stage process: first writing 0s in every memory cell, secondly writing 1s in every cell, and thirdly writing random 0s and 1s across every memory cell. The result, he claims, is guaranteed data erasure that can also provide audit, compliance, and reporting data in an industry-standard XML format that is easily exchanged with all the major DLP, SIEM, policy management, and mobile device management solutions solving both the technical difficulties around tablet recycling.

difficulties around tablet recyclingWiping data from a PC or a first-generation Apple iPad that is being retired is important because of the enormous amount of data they can store. This makes the proper destruction of that data on the device essential before it leaves the organization. Unfortunately, IT asset disposition firm Retire-IT sees that many firms simply swap the devices with new ones or merely format the drives without securely wiping the data. The Columbus, OH-based firm says this leaves organizations vulnerable.  Kyle Marks, CEO of Retire-IT told Help Net Security that:

99% of problems happen before a disposal vendor touches equipment. No vendor can destroy data if they don’t receive an asset, which is why we strongly encourage clients to destroy data before any move. Better safe than sorry. Of course, disposal vendors should destroy data (again) regardless

Retire-IT looked at tracking data from 1,072 corporate disposal projects encompassing 233 different companies and reported some shocking figures:

  • 4 out of 5 projects (81.5%) had at least one missing asset.
  • 1 out of 8 (11.6%) had a negative variance. The devil is in the details, but nobody looks very closely.
  • Only 79% of the serial numbers were matched with subjective matching.
  • Without subjective matching, only 58% of serial numbers were matched.

Sanitize IT equipment

Help Net Security offers some suggestions to help sanitize IT equipment:

Computers – Derik Boot and Nuke Linux Live CD for full disk wiping. It supports many types of wiping, including the DoD 5220.22-M method with 3 passes.

sanitize IT equipmentStarting with Windows Vista (and Windows 2008 Server), the Microsoft OS overwrites the contents of each sector when you do a Slow Format on your media. They recommend Microsoft’s SDelete for wiping files on Windows.

For Apple OS X there’s the Disk Utility.

On Linux use the “wipe”, “srm” or “shred” commands to securely sanitize files on most distributions.

Printers and copiers – Consult the manual to find out how to clear the memory or use third-party software to wipe the hard drive. Which I covered here

Mobile devices – Wired recommends a hammer and don’t forget to remove the SIM card.

Related articles
  • BYOD: Preventing Breaches Can Be A Challenge (healthsecuritysolutions.com)

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , , ,
« Older Entries   Recent Entries »