Thursday, August 27, 2009

Speaker Series on Visual Networking Index

The Cisco Visual Networking Index (VNI) is an ongoing Cisco initiative designed to forecast, track, and analyze IP networking growth and trends worldwide. Cisco has developed a forecast methodology based on custom modeling tools and analysis using inputs from a variety of independent analyst data.

Cisco recently released a significant VNI Forecast and Methodology update covering 2008-2013. This includes new findings and usage trends for consumer, business, and mobile segments.
Here are just a few of the top-level findings from the updated research:
* By 2013, annual global IP traffic will reach two-thirds of a zettabyte (673 exabytes). (Last year’s forecast anticipated a run rate of 522 exabytes per year in 2012.)* Global IP traffic will quintuple from 2008 to 2013.

By 2013, the sum of all forms of video will exceed 90% of global consumer traffic
* Global consumer Internet video traffic will increase at a 39% CAGR from 2008 to 2013.* By 2013, the Internet will be 4 times larger than it is in 2009.
You can replay this 60-minutes webcast to learn more and have an interactive dialogue with Cisco representatives on VNI.

Speaker Series on Smart Connected Communities, A Cisco Globalisation Initiative

This Speaker Series webinar introduced and discussed Cisco's latest initiative driven out of our Globalisation Centre East headquarters in Bangalore called Smart Connected Communities. 500 million people will be urbanised over the next five years. 100 new one million-plus cities will be built by 2025. Trillions of dollars in stimulus packages have been announced, much of which will go into infrastructure. And the resulting environmental impact of this massive urbanisation will be significant; already the top 20 megacities use 75 percent of the world's energy. The ability to sustainably balance social, economic and environmental resources is more urgent than ever before.

The Smart Connected Communities initiative provides a blue print for how Cisco aims to capture this market transition through the development of visionary vertical solutions and new global ecosystems.

A Closer Look At the Cisco NAC Profiler

This is another one of my online experiments. As long as it appears useful I am going to track the “significant issues” about the Cisco NAC Profiler raised by other analysts, journalists and vendors; continue to collect data and arguments; and strive to clearly separate fact, opinion and bias. The goal is to help readers better understand what the NAC Profiler CAN and Can NOT do for them in their own particular networks and organizations. If this “goes well” I will extend this idea to other products. You and the referenced authors are encouraged to comment and raise new issues and perspectives.

Issue 1: Standalone Profiler?

“The products actually do good things in a Cisco context, except that NAC Profiler requires the NAC Appliance. The discovery and reporting concept is important enough to stand by itself, and what good is NAC Appliance going to do for a printer or phone or physical security system anyway? Cisco screwed up the initial NAC release by requiring a complete network refresh, now Cisco introduces the NAC Profiler that requires the additional expense of a NAC Appliance infrastructure. They should unbundle the network profiler, and expose its ability to move up the stack to detect servers. (Source: Eric Ogden, Security Analyst, Ogren Group - original post).
CORRECTED FINDINGS: According to Cisco customers CAN purchase a standalone “profiler” from Great Bay Software and operate it without the Cisco NAC Appliance. What does this mean? (1) Cisco will NOT sell and support this system. (2) It will passively collect data from endpoints (i.e. type, location, and behavioral attributes) and data about endpoints from Netflow-enabled network devices (i.e., network mapping, an SNMP trap receiver/analyzer, passive network analysis, and an active inquiry) and store all data in a device inventory database. (3) It will NOT automatically block either unauthorized or misbehaving devices as these functions require integration with the NAC Appliance. (4) You will need hardware to run the Profiler Collectors which otherwise would be installed on the Cisco NAC Appliance.

Issue 2: It’s simply an OEM Product

“Since the NAC Profiler is just an OEM of the Great Bay software, users could choose to deploy it in isolation. I see this more as Cisco trying to make the NAC Appliance more functional, and struggling at it. (Source: Michelle Mclean, Product Marketing Manager, Consentry - original comment)

FINDINGS: Integration of the NAC Profiler with the NAC Appliance automates the detection and blocking of unauthorized and misbehaving non-authenticating devices. The two management interfaces are also integrated so both data sets are presented in a single interface on the NAC Manager. In the Cisco edition of the GBS software the Profiler collection engine is co-resident on the NAC Application Server eliminating separate collector servers. And finally, the customer enjoys Cisco support worldwide.

Issue 3. More Value Than NESSUS?

Would having the NAC Profiler by itself be interesting, meaningful, or valuable? Not if all it does is repeat what Nessus or other tool’s already do. But if it does a lot more (besides telling you a printer can’t do 802.1X authentication) then that might be interesting. (Source: Mitchell Ashley, CTO & GM, StillSecure - original post).

FINDINGS: NESSUS simply scans the endpoint as it is a vulnerability detection tool. In contrast, NAC Profiler scans the endpoint AND collects a lot of data about endpoint behavior through a combination of DHCP snooping, SNMP traps, Netflow data, and SPAN port monitoring. It’s mission is to detect aberrant behavior which can mean an attack is already underway. Read the Cisco NAC Profiler Installation and Configuration Guide for details.

Issue #4: Is NAC Profiler Effective?

“It’s an interesting feature but the big unknown is how accurate Profilers’ discovery and classification is. We have never tested Great Bays software so we can’t speak to its accuracy, having tested all manner of passive discovery devices over the years, we have found that the classifications were usually accurate but not 100%. Often not even 75% and sometimes less.” (Source: Mike Fratto, Network Computing - complete analysis)

FINDINGS: No behavioral-based security system is “100% accurate” as it looks at multiple data points and then estimates the likelihood a specific event is concurring with an assigned level of confidence (not certainty) - think about all the network and host intrusion prevention software deployed around the world. So Mike is simply raising an unresearched potential issue. Since Great Bay’s customers are enthusiastic about this product, GBS must be doing something right!
Mike, I recommend you discuss your concern with GBS and report what you learn. You owe them that courtesy after “casting a shadow” on their product.

Upcoming Network Computing NAC Product

Now some good news (possibly). Network Computing (NC) has announced plans to publish “rolling NAC product reviews” based on their comprehensive testing of NAC products. So why is this important (maybe)? Because NC has a relatively good reputation for evaluating technical network requirements and products. Does this naturally extend to NAC? Maybe. Maybe not. The jury (us) is still awaiting evidence and expert testimony.

First, some background. Every online “magazine” is currently trying - often desperately - to carve out a market position as a “major source” of information on NAC (network admission control and network access control). Network World (NW), for example, offers “NAC Cram Session”, a currently weak collection of content of uneven quality and timeliness stitched together under an awful name. And recently NC announced its new “NAC Immersion Center. So far, like the other publications this is largely a repackaging and re-branding exercise with a promise of better things to come.

But with NC we have some basis for expecting more. Mike Fratto is knowledgeable, well-intended and humble (I admit, this is secondhand knowledge) and NC does historically act according to a seemingly higher journalist standard than many other network publications. So there is a solid basis for hope. But optimism?

So what will it take for NC to earn its stripes in NAC coverage? With its upcoming NAC reviews it has created an opportunity to succeed and fail, and its readers should set a high standard for quality to judge how well NC performs. Here are the thoughts on what I would say to Mike if he cared to listen to my lone voice. I welcome yours.

NC needs to publish a detailed test plan so everyone understands what they are evaluating, why, what would satisfy/please them, and some idea of how important NC views each capability. The absence of this information severely weakened the recent Network World NAC product reviews. NC should avoid this amateurish mistake.

NC should review its test plans with its readers BEFORE publishing its test results and analysis so there is a better chance readers will appreciate and consider NC’s frame-of-reference BEFORE being distracted by NC’s judgments of specific NAC products.
I encourage NC to resist the “irresistible urge” to publish numerical scores as these are most often a disservice to vendors and potential buyers. Instead, please focus on spreading actual knowledge rather than scores.

Please provide readers with an in-depth view of your evaluation model so they can understand the variables and your weighting. Readers will then have the important opportunity to tailor your model to meet their our own needs and preferences. That would be a great service. In contrast, NW did this only at a macro level - which is meaningless.

I hope you have already sought beneficial input from vendors and respected security professionals BEFORE you defined your test plan. Knowing this and who they are can only increase the value of what you are doing and the credibility of the NC results.

(Added after writing the post, NAC Product Testing. Is there a better Way?) Your readers could learn a great deal more about individual products and AND ”products categories” AND their suitability for various situations if they could observe and participate in constructive discussions and debates about your tests and findings AFTER after you publish them. In this revised model for product evaluations, a forum where reviewers, vendors and your readers contribute their ideas becomes a major part of your product evaluation “service”. In one sense, NC becomes the instructor who successfully unleashes the incredible power of student knowledge. Yes, this would mean NC would need to rethink its product review model and create an effective new forum. But you can tap into key existing components: the latest web technologies, a huge pool of knowledgeable readers and their desire to be heard (questions and answers).

McAfee VirusScan Plus

McAfee VirusScan Plus is an ideal candidate for those seeking an antivirus/firewall combination without all the bloat of traditional Internet security suites. McAfee VirusScan Plus makes an easy job of removing adware and spyware, something not all antivirus products deliver. SiteAdvisor service is including, helping to guard against malicious websites.

Norton Internet Security 2009

Symantec's antivirus products have historically always provided excellent detection and removal of malware. On the downside, that protection came at the price of often crippling system performance. That's now a thing of the past. Performance overhauls are the hallmark of Norton Internet Security 2009, which features 'pulse updates' to deliver more frequent and thus smaller signature updates, whitelisting to streamline scan times, and a lighter, sleeker footprint that installs in mere minutes.

Unspam files lawsuit against unnamed cybercrooks

Anti-spam firm hopes to force banks to share more information on attacks.

Unspam Technologies, the company behind Project Honey Pot, has filed a lawsuit against unnamed 'John Does', who are thought to be responsible for stealing millions of dollars every month from US bank accounts through the use of malware. In 2007, Unspam filed a similar lawsuit against as-yet-unidentified spammers.
The purpose of this lawsuit, filed in a Federal District Court in Virginia, is to convince, or if necessary force banks to disclose information that will help unmask the identities of the crooks involved in cybercrime. Banks are known to be reluctant to share information about theft through phishing and malware, or even to admit that they have suffered from such theft, and it is believed that this works to the advantage of the criminals behind such attacks.

A second goal of the lawsuit is to find a 'chokepoint' in the systems used by banks that makes for easier abuse. Jon Praed, Unspam's attorney and an experienced anti-spam lawyer, said that one possibility would be that the information made available through the lawsuit will show that banks are only using single-factor authentication; in that case, it is hoped that the case would help strengthen the authentication processes used by the banking sector.