Novell ZENworks Configuration Management v.11 endpoint configuration management suite can speed the process of providing users with the applications they need to get their jobs done across physical, virtual and cloud environments. You can read my brief review in BizTech Magazine from CDW here.
Today Network World has posted the latest product review of mine and is the third in a series of reviews over the past year that I have written about the general topic. We all have too many passwords to deal with, and enterprise IT managers have too many products that can manage them.
The most recent review looks at six different products that can be used by either consumers or corporations to handle passwords in a variety of situations. They are Kaspersky Pure, LastPass Enterprise, Lieberman Enterprise Random Password Manager, 1Password, RoboForm Enterprise, and TrendMicro DirectPass. Because you can’t directly compare the six, I didn’t award a winner, but I did like LastPass and Lieberman’s products a lot.
You can also see the various features of the products in this series of screenshots that I posted on Slideshare.
My earlier review on single sign-on products last December can be found here. These are strictly enterprise-related and look at ways that enterprises can deploy more secure Web services’ logins. The winner of that review was Okta.
Finally, my review of two factor authentication tools last May can be found here. These strengthen passwords by adding another mechanism, such as your cell phone, to the login process. The winner of that review was SecureAuth’s IdP.
When I set out to test a collection of new small business firewalls for Network World, I wanted to find a place that could illustrate their need. I was fortunate to find Mercury Labs, which despite their name is a video production and public relations company of about 10 people located in midtown St. Louis, not far away from my office. Over the course of a couple of weeks, I brought in several different unified threat management boxes to try out, including Check Point Software’s 640, Dell/Sonicwall’s NSA250MW, Elitecore Technologies’ Cyberoam CR35iNG, Fortinet’s FortiGate 100-D, Juniper Networks’ SSRX220H-POE, Kerio Technologies’ Control 1100, Sophos/Astaro’s UTM 220, and Watchguard Technolgies’ XTM330.
Mercury was instructive because before I got there, they didn’t really have a lot of protection on their Internet connection: the only device connected to their cable modem was an Apple Airport. Relying on NAT does not a firewall make. Over the course of my tests, they were intrigued to see the consistent number of attacks coming across the big bad Internet as we could capture them in real time. Think of a sewer line that is encased in clear plastic so you can see the flow of filth.
Several of the vendors sent in their techs to help me with the tests, something that I always welcome because we always find bugs in any product. In fact we found a killer bug in the top-rated product from Check Point. The tech was making some frantic calls back to his developers in Israel where they quickly found and fixed the bug and sent us the new firmware.
Small businesses have lots of choices when it comes to protecting their network. You can buy a home router for less than $50 from any number of consumer networking vendors, or you can spend more than $4,000 for one of the more than a dozen firewalls from the enterprise security vendors. The UTM products lie in between those price points.
The UTM products include more than just a firewall: there is intrusion detection and prevention, network-based anti-virus and anti-spam screening, virtual private network connections (VPNs), and content filtering on outbound Web browsing to prevent phishing and browser-based attacks.
I liked the Check Point UTM because it had a nice balance of simplicity and power, and it was also the cheapest of the boxes that I tested. It worked well on the mostly Mac network at Mercury, something not all of its competitors could claim. You can see a sample screen from Check Point’s box below.
You can see lots more screencaps here. And you can read my review in Network World here.
We all know that relying on a simple user ID and password combination is fraught with peril. One alternative is to use one of the single sign-on solutions we reviewed last year, but there are less expensive options that could also be easier to install. That’s where two-factor authentication services come into play. I recently reviewed eight such tools, including Celestix’s HOTPin, Microsoft’s PhoneFactor, RSA’s Authentication Manager, SafeNet’s Authentication Service, SecureAuth’s IdP, Symantec’s Validation and ID Protection Ser- vice (VIP), TextPower’s TextKey and Vasco’s Identikey Authentication Server. SecureAuth (illustrated) came out on top.
You can read my review in Network World here.
You can download the various screenshots here.
And you can follow the Twitter handles of the various vendors here.
I have been spending time this week at a small media company called Mercury Labs. Despite their name, they don’t normally test anything, but ironically that is what I have been doing there. I was testing a bunch of integrated network security devices for Network World. These devices cover what is called unified threat management, but you can think of them as network firewalls with additional features, such as the ability to scan incoming and outgoing traffic for viruses and spam, blocking phishing URLs, and being able to set up a secure virtual private network connection when you are on the road. I’ll call them advanced firewalls here for convenience.
I have a long history of testing these tools. Almost seven years ago, one of the Techtarget publications had me looking at them for larger enterprises, and I went out to the central IT department at Stanford University to put them through their paces. This time around, I wanted to find a small business site for the tests that I was going to be doing for Network World. That’s why I was over at Mercury this past week.
They have about 10 Macs connected to an Apple Airport, which is the center of their network, providing IP addresses, wireless connections and a shared hard drive to the entire office. The Airport is attached to a cable modem and the Charter broadband network.
Wait a minute. Don’t you need a firewall if you are going to connect your network to the badass Internet? Yes, and Mercury knew they were taking chances. A firewall is just the basic separation that keeps the bad guys from getting inside your network and causing havoc. That is why they were the perfect testing site. They were vested in my review and what I would find out about these products and their specific needs.
Interestingly, it isn’t just small businesses that don’t have firewalls. When I arrived at Stanford, the central network didn’t have any either. Partly that was because of some odd notion of academic freedom, but back then they realized they had to get better protection. Ironically, while I was doing my tests there we saw someone try to reach out from Germany one morning. Luckily, they had other defenses that prevented them from doing any damage, but it emphasized the reason why I was there testing these products. And coincidentally, when we brought up the advanced firewalls at Mercury, we could see all the network traffic where folks were continually scanning and looking for ways to enter their network too. It was a sobering illustration of why these products are essential.
When I first arrived on scene, I went into their phone closet where I tried to suppress a gasp. Yep, this was your typical small business: part storage room, part cable jungle, and mostly a mess. It was clear that trying to figure out the network topology was going to be a challenge, and my first act was to leave everything alone.
Inside the closet were two small gigabit switches from DLink that looked like they had been around since the days of DOS. This worried me, but since things were working, I wasn’t too concerned. Yet.
One of the vendors that were part of the test insisted on sending a product engineer to help with my testing, and I am sure glad that he was there. When we cut over to his device instead of the Airport, things initially went south. Turns out we found a bug in their firmware. Once that was fixed, all of the wireless Macs were quickly brought up on the network behind the new firewall. But the wired Macs had trouble connecting. It took a few reboots later before we got everyone back on board. It was ironic that the wireless portion of their network was easier to bring up than their wired portion. That was thanks to the wonky cabling in the closet.
So what are some takeaways from this experience?
If you are running gigabit Ethernet to your desktops, make sure your cable plant is up to snuff. Part of my problems had to do with the older cables used to connect things in their wiring closet. There is a difference between Cat5 and Cat5e, especially if you want to run the faster networks these days. Make sure you are using the right cables.
Disconnect any unused wired ports in your office. This is just basic security practice, but bears repeating. And if your wiring contractor hasn’t done so, you should label your ports in the walls and in your closet so you can track things down more easily.
Understand the limitations of your core network gear, including switches, routers, firewalls, and wireless access devices. Your network installer should explain these things in terms that you can understand.
Have a separate guest network with the appropriate security measures. The Mercury folks were using the Airport guest network features, which were bare bones. One of the reasons they wanted to go to the advanced firewall was to provide better protection from their frequent guests and contractors who were going to be connecting in their offices.
Oh, and what happened with my review for Network World? Well, you will have to wait and read about it in their pages. I can tell you that I learned some interesting things about all the products that I tested.
How do you know you are fully engaged with all of your social networks? This turns out to be a difficult question to answer. And as we try to resolve complaints from customers on Twiter and Facebook, we also need to track mentions across other networks and develop consistent workflows and processes to respond and measure these involvements.
Luckily, there are tools available for these tasks, and you can read my article in ITWorld here that reviews many of the issues involved before purchasing one.
As businesses make more use of social networks, the number of engagement, analysis and monitoring tools has exploded. Enterprises are trying to understand their return on social media investments, to find out if their Twitter and Facebook marketing campaigns are actually delivering customers. They want to track social mentions across multiple networks and be responsive to both kudos and complaints. We found nearly 100 products that fall into this emerging product category, which goes by a wide variety of names including social media monitoring, social CRM, social intelligence, enterprise listening platforms and media engagement.
Some other resources:
We all know that the bad guys are getting more sophisticated and determined to invade business networks. The first week of 2013 started out with a bang: a series of well-publicized Java exploits, watering hole campaigns, and denial of service attacks – and that was just business as usual for the modern cyber-crook.
Enterprise network managers have to fight these exploits with better tools, and one ray of hope is a new context-aware firewall from Cisco called ASA CX. I tested one of their midrange ASA-5525-X devices this month and came away impressed. Overall, Cisco has done a superior job at its next generation of firewall technology. The user interface of the Prime Security Manager is, well, prime and one of the best pieces of software I have seen from them, and the features are on par if not better than what their competitors offer.
There is also an accompanying video screencast review where you can see the firewall in action.
My latest screencast video review is of the Cisco ASA CX next generation firewall. It has better application granularity, a more flexible means of policy creation, and easier to use controls and more powerful reports than its predecessors. I tested the ASA-5525-X and found a much improved user interface and lots of content-aware features.
So you got the coverage you pitched for — but it contains an error (or two), and the reporter sees no errors at all. Now what?
In this piece for Sam Whitmore’s Media Survey, I provide a few examples of how to ask for corrections, and how not to. You have successfully navigated the treacherous waters from pitch to published post, having convinced a member of the press to write a story about your client’s latest product. But now the phone rings or the email dings: said client isn’t happy about something that the reporter wrote, and wants it fixed, stat.
“Our business is at stake! We can’t let that misinformation stay out there online a single minute longer! Get on it right away!” (Or so I imagine this conversation.)
So what do you do? I will tell you what you don’t want to do: immediately transfer your grief to the hapless reporter, in hopes that they will play ball and do your client’s bidding. Take a moment, here.
When people ask me all the time if I ever try to write fiction (as in the Great American Novel), I usually reply, “Not intentionally.” I have been writing for the tech trades for more than two decades, and I make a real effort to ensure that my prose is free of any errors, either introduced by moi or (back when we worked with their proud species) copy editors. I hate it when something that I write isn’t right, and I go through a lot of different checks before my pieces are published.
But hey, stuff happens. Sometimes the briefing is unclear. Or a feature that I didn’t see is actually hidden inside the product, several menu layers deep or in a special locked dungeon that only wizards can enter. Or when the PR person doesn’t really answer my question because they are confused. So when the eventual error happens, I will work mightily to have the offending bit replaced with the truth.
Here are a few tips of what to do – and what not to do — in these situations.
First, don’t immediately get into the angst transfer from client to reporter. Take stock of what your client is demanding and try to see if it really is a material error that will kill off Q4 sales or it is just a particular point of view. If a POV, have the guts to push back to your client. They may not be happy, but ultimately this is the right call, and they will thank you for your honesty.
Second, if it is a material error of fact, then recommend to your client that you, being the savvy PR pro that I know you are as a SWMS reader, will not bother the reporter with the mundane details. Instead, attempt to engage the site’s readers by posting your interpretation of the fact along with some other artful language as a comment to the article. Comment? You know those things at the end that are written by actual readers. It amazes me how when I suggest this to PR people, it appears they are hearing this for the first time.
The client might say at this point, “But no one reads the comments, and the error is still in the article.” I disagree, and indeed, by posting a comment you control the message and can say whatever you like (within reason) and probably more people will read that comment than a line of text midway down in the fourth graf on page 5. And the people who run the tech site (we used to call them publishers) will be happy, because the more comments they get (even from stinkin’ flackeroos), the more they are rewarded with cash bonuses and a general feeling of goodness.
But the client persists and wants a “real” in-line correx. At this point, don’t threaten to go over the reporter’s head and call their editor to get it fixed if the reporter demurs. That is the nuclear option, and like the days of the Cold War, it can result in mutual destruction of both parties. You don’t want this toxic fallout.
Instead, think about your future relationships with both client and reporter. Use it as a way to schedule a three-way. (As in conference call.) I have seen the most apoplectic client purr with gratitude when faced with a reasonable editor who apologizes for the error. Hey, it can happen.