Data Center is our focus

We help to build, access and manage your datacenter and server rooms

Structure Cabling

We help structure your cabling, Fiber Optic, UTP, STP and Electrical.

Get ready to the #Cloud

Start your Hyper Converged Infrastructure.

Monitor your infrastructures

Monitor your hardware, software, network (ITOM), maintain your ITSM service .

Our Great People

Great team to support happy customers.

Saturday, November 14, 2009

finally, 3Com acquired by HP -- who's next?

I received this email below:


To all 3Com Partners,

As a valued member of our 3Com Focus Partner Program, I wanted to share
with you some exciting news that I believe will help generate even more
momentum for our joint efforts in selling to enterprise accounts. Together,
we've set our sights on disrupting the networking market with our
"China Out" strategy by leveraging our market leadership in China to offer
customers a best-in-class price/performance advantage with a lower TCO,
a broad, modern product portfolio and a new level of customer
relationships.

Yesterday on November 11, 2009, we announced our plans to accelerate our
strategy by signing a definitive agreement to be acquired by HP. This is an
exciting opportunity to form a powerhouse that will disrupt the industry by
offering customers an unprecedented option for data center and network
infrastructure solutions. Never before has there been a networking company
with such a broad and modern, open standards-based product portfolio with
the channel reach and investment capabilities that together, HP and 3Com
will have.

The beauty of this transaction is our respective portfolios are extremely
complementary in terms of products, geographies and channels. We also
share a similar focus on simplifying the network and driving significant
TCO reductions. The combination leverages each company's
strengths: our China market position and broad integrated product
portfolio, including the expansive H3C enterprise networking and
TippingPoint security portfolios that has been consistently gaining market
share across the globe; and HP's PC SME portfolio and data center
solutions. What this means for you is you will have access to an even
broader set of network infrastructure solutions and benefit from the
company's global presence and world-class services and support
organization.

Be assured, we remain dedicated to teaming with partners such as you
-- the best partners in our industry -- who understand the needs of
enterprises and to enabling them to meet the high standard of service and
support 3Com and HP are committed to delivering. We will finalize plans
around the combined company's go-to-market strategy and channel programs
throughout the integration process.

Today, the process has begun to secure the approvals required to finalize
the acquisition. Until the merger receives all regulatory approvals and the
acquisition closes, HP and 3Com will continue to operate as two companies.
Prior to the deal closing, partners should continue to sell those products
they currently offer. As such, you should continue to work with your
existing sales team. You can expect further communication from us when the
transaction is finalized.

With today's news, I believe we are creating the most powerful, disruptive
force in the networking industry. Both HP and 3Com are fully committed to
making this acquisition and subsequent integration seamless for you.
Importantly, we will continue to invest in our business in order to
continue to deliver the innovative networking and data center solutions
you've come to expect from us.

Regards

Rose Chen
VP & GM of Asia Pacific
3Com Corporation

This e-mail has been sent to you by 3Com. From time to time,
3Com would like to tell you about products, offers, technology
and software developments, which we think would be of interest
to you. If you do not wish to receive similar e-mails from 3Com,
REPLY and write UNSUBSCRIBE as the first word in the subject
line. If you do not follow these directions your name may not
be suppressed from related 3Com e-mail campaigns.

Friday, November 13, 2009

HP's buyout of 3Com continues IT convergence push

By Mark Fontecchio, News Writer
12 Nov 2009 | SearchDataCenter.com

IT infrastructure news
Digg This! StumbleUpon Toolbar StumbleUpon Bookmark with Delicious Del.icio.us Add to Google

IT pros say Hewlett-Packard Co.'s surprise decision to buy networking company 3Com continues vendor consolidation in the IT industry, which may be a good--and a bad--thing.


It could provide economies of scale and greater integration of IT gear but also consolidates more IT firepower in fewer vendor hands and that may not be advantageous for IT customers.

"I suppose there are a couple ways to look at mergers like these," said Clive Greenall, IT facilities manager at the Standard Bank of South Africa. "The companies are consolidating skills under one roof, which may be a good thing if you're looking for a one-stop solution, and presumably they'll keep the best skills from the consolidation.

"The other side of the coin could be price fixing as a result of less competition, certain arrogance toward servicing client bases -- take it or leave it -- and job losses as the duplication of skills and responsibilities is addressed," he added.
Pushing toward converged data center hardware
Illuminata Inc. analyst Gordon Haff said end users have been clamoring to get away from "the erector set approach" to IT: that is, buying servers, networks and storage separately, configuring them the best they can, and hoping they all play nice with one another. On the flipside, there is concern about vendor lock-in.

HP's $2.7 billion bid for 3Com move was in part driven by Cisco's aggressive push into the data center where the two companies compete more and more directly with their respective sets of converged hardware that combine servers, networking hardware and storage in one box.

"Every vendor has their strong points, and just because a systems vendor makes its own brand-name storage or networking gear doesn't mean you'll be getting the best quality," said Charles King, analyst at Pund-IT Inc. "Businesses need to be careful with this idea of working with an integrated systems vendor."

IT vendor convergence has been the name of the game over the past year. HP bought IT services giant EDS last year and now plans to add 3Com. Oracle is still working on its $7.4 billion acquisition of Sun Microsystems.

Cisco recently rolled out its Unified Computing System (UCS), with HP responding with BladeSystem Matrix. And just last week, Cisco, EMC and VMware announced a partnership to offer their take of converged infrastructure under architecture called vBlock.
Integration upside offset by fear of vendor lockin
"The pendulum is swinging back toward a bigger and more vertically integrated set of vendors," Haff said. "What the individual combinations look like varies a bit, of course."

Earlier this year, when Cisco rolled out its UCS, some IT pros expressed worry about overreliance on a single vendor.

"To be completely honest, when I first heard about that system, all I could think of is vendor lock-in," said Kyle Rankin, a systems architect at QuinStreet, a Foster City, Calif.-based marketing company.

Rankin added that "it's going to be a tough sell for a lot of people who have large-scale server footprints already."

King said it's not unusual to go into a data center and see racks of different vendors' equipment sitting right next to one another. Oftentimes IT pros will just buy what they need, when they need it, and what's on sale.

"This idea of a single overarching vendor that clients will dedicate themselves [to] can be an anomaly," he said.

Still, Haff said that concerns about vendor lock-in today are nothing compared with 20 years ago.

"The fact that HP can offer you converged infrastructure doesn't keep you from buying a ProLiant server, using Cisco networking gear and EMC storage, and running Microsoft Windows on the ProLiant," he said.

"If you go back 20 years, uh uh. If you were going to buy a computer system from Digital Equipment, you most likely had to buy a bunch of other things from Digital Equipment. Even if you accept the notion that we're moving back toward a more vertical company structure today, the fact is you still have the capability to mix and match if that is your choice."


----------------------------------------------------------------------------------------------
Silahkan siap2 yang pakai 3Com -- utk beralih ke HP Procurve !

Thursday, November 12, 2009

Sudah coba XenServer Citrix ??

XenServer Highlights

Transform your datacenter into a more dynamic server workload delivery center – free – with Citrix XenServer.

XenServer is based on Xen® – the open source hypervisor that’s supported by Intel, AMD, HP and more than forty other organizations.
XenServer is easy to deploy, and its wizard-based controls and advanced capabilities mean more servers per administrator and zero-downtime for upgrades.
XenMotion enables the live migration of any type of workload to any server with zero downtime and maximum resource utilization.
XenServer is ideal for I/O intensive workloads like Citrix XenApp™, Microsoft SQL Server and Microsoft Exchange.

Citrix Essentials Highlights

With XenServer, you get unmatched enterprise-class features – for free. And when you’re ready for advanced virtualization management, just add Citrix Essentials for XenServer. By doing so, you’ll benefit from:

Automated lab management streamlines the process of building, testing, sharing and delivering throughout the application lifecycle, from development labs into the production environment.
Advanced storage integration featuring Citrix StorageLink™ technology exposes the advanced data and storage management features in today’s storage systems directly to a virtualized environment.
Dynamic provisioning services for on-demand deployment of workloads to any combination of virtual machines or physical servers from a single golden image.
Workflow orchestration for simplified scripting and automation of key management processes.
High availability for automatic restart and intelligent placement of virtual machines in case of failure of guest systems or physical servers.

Get started with XenServer – it's free!!

Defining an Enterprise Security Strategy (ctoEdge)

Defining an Enterprise Security Strategy
Security | How-To | Shaun Hummel, Saturday, October 17, 2009
Tags: anti-virus solutions, Authentication Systems, Cisco Systems, Cybercrime, IBM, Intrusion-Prevention Systems, network security, security policy, usage management and monitoring, VPN, Vulnerability Assessment

There are five primary security groups that should be considered with any enterprise security model. These include security policy, perimeter, network, transaction and monitoring security. These are all part of any effective company security strategy.
Any enterprise network has a perimeter that represents all equipment and circuits that connect to external networks, both public and private. The internal network is comprised of all the servers, applications, data, and devices used for company operations. The demilitarized zone (DMZ) represents a location between the internal network and the perimeter comprised of firewalls and public servers. It allows some access for external users to those network servers and denies traffic that would get to internal servers. That doesn't mean that all external users will be denied access to internal networks. On the contrary, a proper security strategy specifies who can access what and from where.
For instance, telecommuters will use VPN concentrators at the perimeter to access Windows and UNIX servers. Business partners could use an Extranet VPN connection for access to the company S/390 Mainframe. Define what security is required at all servers to protect company applications and files.

Identify transaction protocols required to secure data as it travels across secure and non-secure network segments. Monitoring activities should then be defined that examine packets in real time as a defensive and proactive strategy for protecting against internal and external attacks. A recent survey revealed that internal attacks from disgruntled employees and consultants are more prevalent than hacker attacks. Virus detection should then be addressed, since allowed sessions could be carrying a virus at the application layer with an e-mail or a file transfer.

Security Policy Document
The security policy document describes various policies for all employees that use the enterprise network. It specifies what an employee is permitted to do and with what resources. The policy includes non-employees, such as consultants, business partners, clients and terminated employees. In addition, security policies are defined for Internet e-mail and virus detection. It defines what cyclical process, if any, is used for examining and improving security.

Perimeter Security
This describes a first line of defense that external users must deal with before authenticating to the network. It is security for traffic whose source and destination is an external network. Many components are used to secure the perimeter of a network. The assessment reviews all perimeter devices currently utilized. Typical perimeter devices are firewalls, external routers, TACACS servers, RADIUS servers, dial servers, VPN concentrators and modems.

Network Security
This is defined as all the server and legacy host security that is implemented for authenticating and authorizing internal and external employees. When a user has been authenticated through perimeter security, it is the security that must be dealt with before starting any applications. The network exists to carry traffic between workstations and network applications. Network applications are implemented on a shared server that could be running an operating system such as Windows, UNIX or Mainframe MVS. It is the responsibility of the operating system to store data, respond to requests for data, and maintain security for that data.
Once users are authenticated to a Windows ADS domain with a specific user account, they have privileges that have been granted to that account. Such privileges would be to access specific directories at one or many servers, start applications, and administer some or all of the Windows servers. When the user authenticates to the Windows Active Directory Services, it is not distributed to any specific server. There are tremendous management and availability advantages to that, since all accounts are managed from a centralized perspective and security database copies are maintained at various servers across the network. UNIX and Mainframe hosts will usually require logon to a specific system, however, the network rights could be distributed to many hosts.
• Network operating system domain authentication and authorization
• Windows Active Directory Services authentication and authorization
• UNIX and Mainframe host authentication and authorization
• Application authorization per server
• File and data authorization

Transaction Security
Transaction security works from a dynamic perspective. It attempts to secure each session with five primary activities. They are non-repudiation, integrity, authentication, confidentiality and virus detection. Transaction security ensures that session data is secure before being transported across the enterprise or Internet. This is important when dealing with the Internet, since data is vulnerable to those that would use the valuable information without permission. E-Commerce employs some industry standards such as SET and SSL, which describe a set of protocols that provide non-repudiation, integrity, authentication and confidentiality. Virus detection provides transaction security by examining data files for signs of virus infection before they are transported to an internal user or before they are sent across the Internet. The following describes industry standard transaction security protocols.
• Non-Repudiation - RSA Digital Signatures
• Integrity - MD5 Route Authentication
• Authentication - Digital Certificates
• Confidentiality - IPSec/IKE/3DES
• Virus Detection - McAfee/Norton Antivirus Software

Monitoring Security
Monitoring network traffic for security attacks, vulnerabilities and unusual events is essential for any security strategy. This assessment identifies what strategies and applications are being employed. The following list describes some typical monitoring solutions.
• Intrusion detection sensors are available for monitoring real-time traffic as it arrives at your perimeter. IBM Internet Security Scanner is an excellent vulnerability assessment testing tool that should be considered for your organization.
• Syslog server messaging is a standard UNIX program found at many companies that writes security events to a log file for examination. It is important to have audit trails to record network changes and assist with isolating security issues.
• Big companies that utilize a lot of analog dial lines for modems sometimes employ dial scanners to determine open lines that could be exploited by security hackers.
• Facilities security is typical badge access to equipment and servers that host mission-critical data. Badge access systems record the date/time that each specific employee entered the telecom room and left.
• Cameras sometimes record what specific activities were conducted as well.
Intrusion Prevention Sensors (IPS): Cisco markets intrusion prevention sensors (IPS) to enterprise clients for improving the security posture of the company network. Cisco IPS 4200 series utilize sensors at strategic locations on the inside and outside network, protecting switches, routers and servers from hackers. IPS sensors will examine network traffic in real time or inline, comparing packets with pre-defined signatures. If the sensor detects suspicious behavior, it will send an alarm, drop the packet, and take some evasive action to counter the attack. The IPS sensor can be deployed inline IPS, IDS where traffic doesn't flow through device or a hybrid device. Most sensors inside the data center network will be designated IPS mode with its dynamic security features thwarting attacks as soon as they occur. Note that IOS intrusion prevention software is available today with routers as an option.
Vulnerability Assessment Testing (VAST): IBM Internet Security Scanner (ISS) is a vulnerability assessment scanner focused on enterprise customers for assessing network vulnerabilities from an external and internal perspective. The software runs on agents and scans various network devices and servers for known security holes and potential vulnerabilities. The process is comprised of network discovery, data collection, analysis and reports. Data is collected from routers, switches, servers, firewalls, workstations, operating systems and network services. Potential vulnerabilities are verified through non-destructive testing and recommendations made for correcting any security problems. There is a reporting facility available with the scanner that presents the information findings to company staff.
Syslog Server Messaging: Cisco IOS has a UNIX program called Syslog that reports on a variety of device activities and error conditions. Most routers and switches generate Syslog messages, which are sent to a designated UNIX workstation for review. If your Network Management Console (NMS) is using the Windows platform, there are utilities that allow viewing of log files and sending Syslog files between a UNIX and Windows NMS.

Defining an Enterprise Security Strategy (ctoEdge)

Defining an Enterprise Security Strategy

Security | How-To | Shaun Hummel, Saturday, October 17, 2009

Tags: anti-virus solutions, Authentication Systems, Cisco Systems, Cybercrime, IBM, Intrusion-Prevention Systems, network security, security policy, usage management and monitoring, VPN, Vulnerability Assessment

There are five primary security groups that should be considered with any enterprise security model. These include security policy, perimeter, network, transaction and monitoring security. These are all part of any effective company security strategy.

Any enterprise network has a perimeter that represents all equipment and circuits that connect to external networks, both public and private. The internal network is comprised of all the servers, applications, data, and devices used for company operations. The demilitarized zone (DMZ) represents a location between the internal network and the perimeter comprised of firewalls and public servers. It allows some access for external users to those network servers and denies traffic that would get to internal servers. That doesn't mean that all external users will be denied access to internal networks. On the contrary, a proper security strategy specifies who can access what and from where.

For instance, telecommuters will use VPN concentrators at the perimeter to access Windows and UNIX servers. Business partners could use an Extranet VPN connection for access to the company S/390 Mainframe. Define what security is required at all servers to protect company applications and files.

Identify transaction protocols required to secure data as it travels across secure and non-secure network segments. Monitoring activities should then be defined that examine packets in real time as a defensive and proactive strategy for protecting against internal and external attacks. A recent survey revealed that internal attacks from disgruntled employees and consultants are more prevalent than hacker attacks. Virus detection should then be addressed, since allowed sessions could be carrying a virus at the application layer with an e-mail or a file transfer.

Security Policy Document

The security policy document describes various policies for all employees that use the enterprise network. It specifies what an employee is permitted to do and with what resources. The policy includes non-employees, such as consultants, business partners, clients and terminated employees. In addition, security policies are defined for Internet e-mail and virus detection. It defines what cyclical process, if any, is used for examining and improving security.

Perimeter Security

This describes a first line of defense that external users must deal with before authenticating to the network. It is security for traffic whose source and destination is an external network. Many components are used to secure the perimeter of a network. The assessment reviews all perimeter devices currently utilized. Typical perimeter devices are firewalls, external routers, TACACS servers, RADIUS servers, dial servers, VPN concentrators and modems.

Network Security

This is defined as all the server and legacy host security that is implemented for authenticating and authorizing internal and external employees. When a user has been authenticated through perimeter security, it is the security that must be dealt with before starting any applications. The network exists to carry traffic between workstations and network applications. Network applications are implemented on a shared server that could be running an operating system such as Windows, UNIX or Mainframe MVS. It is the responsibility of the operating system to store data, respond to requests for data, and maintain security for that data.

Once users are authenticated to a Windows ADS domain with a specific user account, they have privileges that have been granted to that account. Such privileges would be to access specific directories at one or many servers, start applications, and administer some or all of the Windows servers. When the user authenticates to the Windows Active Directory Services, it is not distributed to any specific server. There are tremendous management and availability advantages to that, since all accounts are managed from a centralized perspective and security database copies are maintained at various servers across the network. UNIX and Mainframe hosts will usually require logon to a specific system, however, the network rights could be distributed to many hosts.

  • Network operating system domain authentication and authorization
  • Windows Active Directory Services authentication and authorization
  • UNIX and Mainframe host authentication and authorization
  • Application authorization per server
  • File and data authorization

Transaction Security

Transaction security works from a dynamic perspective. It attempts to secure each session with five primary activities. They are non-repudiation, integrity, authentication, confidentiality and virus detection. Transaction security ensures that session data is secure before being transported across the enterprise or Internet. This is important when dealing with the Internet, since data is vulnerable to those that would use the valuable information without permission. E-Commerce employs some industry standards such as SET and SSL, which describe a set of protocols that provide non-repudiation, integrity, authentication and confidentiality. Virus detection provides transaction security by examining data files for signs of virus infection before they are transported to an internal user or before they are sent across the Internet. The following describes industry standard transaction security protocols.

  • Non-Repudiation - RSA Digital Signatures
  • Integrity - MD5 Route Authentication
  • Authentication - Digital Certificates
  • Confidentiality - IPSec/IKE/3DES
  • Virus Detection - McAfee/Norton Antivirus Software

Monitoring Security

Monitoring network traffic for security attacks, vulnerabilities and unusual events is essential for any security strategy. This assessment identifies what strategies and applications are being employed. The following list describes some typical monitoring solutions.

  • Intrusion detection sensors are available for monitoring real-time traffic as it arrives at your perimeter. IBM Internet Security Scanner is an excellent vulnerability assessment testing tool that should be considered for your organization.
  • Syslog server messaging is a standard UNIX program found at many companies that writes security events to a log file for examination. It is important to have audit trails to record network changes and assist with isolating security issues.
  • Big companies that utilize a lot of analog dial lines for modems sometimes employ dial scanners to determine open lines that could be exploited by security hackers.
  • Facilities security is typical badge access to equipment and servers that host mission-critical data. Badge access systems record the date/time that each specific employee entered the telecom room and left.
  • Cameras sometimes record what specific activities were conducted as well.

Intrusion Prevention Sensors (IPS): Cisco markets intrusion prevention sensors (IPS) to enterprise clients for improving the security posture of the company network. Cisco IPS 4200 series utilize sensors at strategic locations on the inside and outside network, protecting switches, routers and servers from hackers. IPS sensors will examine network traffic in real time or inline, comparing packets with pre-defined signatures. If the sensor detects suspicious behavior, it will send an alarm, drop the packet, and take some evasive action to counter the attack. The IPS sensor can be deployed inline IPS, IDS where traffic doesn't flow through device or a hybrid device. Most sensors inside the data center network will be designated IPS mode with its dynamic security features thwarting attacks as soon as they occur. Note that IOS intrusion prevention software is available today with routers as an option.

Vulnerability Assessment Testing (VAST): IBM Internet Security Scanner (ISS) is a vulnerability assessment scanner focused on enterprise customers for assessing network vulnerabilities from an external and internal perspective. The software runs on agents and scans various network devices and servers for known security holes and potential vulnerabilities. The process is comprised of network discovery, data collection, analysis and reports. Data is collected from routers, switches, servers, firewalls, workstations, operating systems and network services. Potential vulnerabilities are verified through non-destructive testing and recommendations made for correcting any security problems. There is a reporting facility available with the scanner that presents the information findings to company staff.

Syslog Server Messaging: Cisco IOS has a UNIX program called Syslog that reports on a variety of device activities and error conditions. Most routers and switches generate Syslog messages, which are sent to a designated UNIX workstation for review. If your Network Management Console (NMS) is using the Windows platform, there are utilities that allow viewing of log files and sending Syslog files between a UNIX and Windows NMS.

Defining an Enterprise Security Strategy (ctoEdge)

Security | How-To | Shaun Hummel, Saturday, October 17, 2009

Tags: anti-virus solutions, Authentication Systems, Cisco Systems, Cybercrime, IBM, Intrusion-Prevention Systems, network security, security policy, usage management and monitoring, VPN, Vulnerability Assessment


There are five primary security groups that should be considered with any enterprise security model. These include security policy, perimeter, network, transaction and monitoring security. These are all part of any effective company security strategy.

Any enterprise network has a perimeter that represents all equipment and circuits that connect to external networks, both public and private. The internal network is comprised of all the servers, applications, data, and devices used for company operations. The demilitarized zone (DMZ) represents a location between the internal network and the perimeter comprised of firewalls and public servers. It allows some access for external users to those network servers and denies traffic that would get to internal servers. That doesn't mean that all external users will be denied access to internal networks. On the contrary, a proper security strategy specifies who can access what and from where.

For instance, telecommuters will use VPN concentrators at the perimeter to access Windows and UNIX servers. Business partners could use an Extranet VPN connection for access to the company S/390 Mainframe. Define what security is required at all servers to protect company applications and files.

Identify transaction protocols required to secure data as it travels across secure and non-secure network segments. Monitoring activities should then be defined that examine packets in real time as a defensive and proactive strategy for protecting against internal and external attacks. A recent survey revealed that internal attacks from disgruntled employees and consultants are more prevalent than hacker attacks. Virus detection should then be addressed, since allowed sessions could be carrying a virus at the application layer with an e-mail or a file transfer.

Security Policy Document

The security policy document describes various policies for all employees that use the enterprise network. It specifies what an employee is permitted to do and with what resources. The policy includes non-employees, such as consultants, business partners, clients and terminated employees. In addition, security policies are defined for Internet e-mail and virus detection. It defines what cyclical process, if any, is used for examining and improving security.

Perimeter Security

This describes a first line of defense that external users must deal with before authenticating to the network. It is security for traffic whose source and destination is an external network. Many components are used to secure the perimeter of a network. The assessment reviews all perimeter devices currently utilized. Typical perimeter devices are firewalls, external routers, TACACS servers, RADIUS servers, dial servers, VPN concentrators and modems.

Network Security

This is defined as all the server and legacy host security that is implemented for authenticating and authorizing internal and external employees. When a user has been authenticated through perimeter security, it is the security that must be dealt with before starting any applications. The network exists to carry traffic between workstations and network applications. Network applications are implemented on a shared server that could be running an operating system such as Windows, UNIX or Mainframe MVS. It is the responsibility of the operating system to store data, respond to requests for data, and maintain security for that data.

Once users are authenticated to a Windows ADS domain with a specific user account, they have privileges that have been granted to that account. Such privileges would be to access specific directories at one or many servers, start applications, and administer some or all of the Windows servers. When the user authenticates to the Windows Active Directory Services, it is not distributed to any specific server. There are tremendous management and availability advantages to that, since all accounts are managed from a centralized perspective and security database copies are maintained at various servers across the network. UNIX and Mainframe hosts will usually require logon to a specific system, however, the network rights could be distributed to many hosts.

  • Network operating system domain authentication and authorization
  • Windows Active Directory Services authentication and authorization
  • UNIX and Mainframe host authentication and authorization
  • Application authorization per server
  • File and data authorization

Transaction Security

Transaction security works from a dynamic perspective. It attempts to secure each session with five primary activities. They are non-repudiation, integrity, authentication, confidentiality and virus detection. Transaction security ensures that session data is secure before being transported across the enterprise or Internet. This is important when dealing with the Internet, since data is vulnerable to those that would use the valuable information without permission. E-Commerce employs some industry standards such as SET and SSL, which describe a set of protocols that provide non-repudiation, integrity, authentication and confidentiality. Virus detection provides transaction security by examining data files for signs of virus infection before they are transported to an internal user or before they are sent across the Internet. The following describes industry standard transaction security protocols.

  • Non-Repudiation - RSA Digital Signatures
  • Integrity - MD5 Route Authentication
  • Authentication - Digital Certificates
  • Confidentiality - IPSec/IKE/3DES
  • Virus Detection - McAfee/Norton Antivirus Software

Monitoring Security

Monitoring network traffic for security attacks, vulnerabilities and unusual events is essential for any security strategy. This assessment identifies what strategies and applications are being employed. The following list describes some typical monitoring solutions.

  • Intrusion detection sensors are available for monitoring real-time traffic as it arrives at your perimeter. IBM Internet Security Scanner is an excellent vulnerability assessment testing tool that should be considered for your organization.
  • Syslog server messaging is a standard UNIX program found at many companies that writes security events to a log file for examination. It is important to have audit trails to record network changes and assist with isolating security issues.
  • Big companies that utilize a lot of analog dial lines for modems sometimes employ dial scanners to determine open lines that could be exploited by security hackers.
  • Facilities security is typical badge access to equipment and servers that host mission-critical data. Badge access systems record the date/time that each specific employee entered the telecom room and left.
  • Cameras sometimes record what specific activities were conducted as well.

Intrusion Prevention Sensors (IPS): Cisco markets intrusion prevention sensors (IPS) to enterprise clients for improving the security posture of the company network. Cisco IPS 4200 series utilize sensors at strategic locations on the inside and outside network, protecting switches, routers and servers from hackers. IPS sensors will examine network traffic in real time or inline, comparing packets with pre-defined signatures. If the sensor detects suspicious behavior, it will send an alarm, drop the packet, and take some evasive action to counter the attack. The IPS sensor can be deployed inline IPS, IDS where traffic doesn't flow through device or a hybrid device. Most sensors inside the data center network will be designated IPS mode with its dynamic security features thwarting attacks as soon as they occur. Note that IOS intrusion prevention software is available today with routers as an option.

Vulnerability Assessment Testing (VAST): IBM Internet Security Scanner (ISS) is a vulnerability assessment scanner focused on enterprise customers for assessing network vulnerabilities from an external and internal perspective. The software runs on agents and scans various network devices and servers for known security holes and potential vulnerabilities. The process is comprised of network discovery, data collection, analysis and reports. Data is collected from routers, switches, servers, firewalls, workstations, operating systems and network services. Potential vulnerabilities are verified through non-destructive testing and recommendations made for correcting any security problems. There is a reporting facility available with the scanner that presents the information findings to company staff.

Syslog Server Messaging: Cisco IOS has a UNIX program called Syslog that reports on a variety of device activities and error conditions. Most routers and switches generate Syslog messages, which are sent to a designated UNIX workstation for review. If your Network Management Console (NMS) is using the Windows platform, there are utilities that allow viewing of log files and sending Syslog files between a UNIX and Windows NMS.