Category Archives: Published work

Network World: Six Unified Threat Management Units Reviewed

Posted on by
Reply

The world of unified threat management appliances continues to evolve. In my 2013 UTM review, I looked at units from Check Point Software (which topped the ratings), Dell/Sonicwall, Elitecore Technologies’ Cyberoam, Fortinet, Juniper Networks, Kerio Technologies, Sophos, and Watchguard Technologies.

This year I reviewed the Calyptix AccessEnforcer AE800, Check Point Software’s 620, Dell/Sonicwall’s NSA 220 Wireless-N, Fortinet’s FortiWiFi-92D, Sophos’ UTM SG125 and Watchguard Technologies’ Firebox T10-W (pictured below). With the exception of Calyptix, the other five are all in Gartner’s “leader” quadrant of their latest UTM report. We contacted other vendors including Cisco, Juniper and Netgear, but they declined to participate. In addition, Sophos has purchased the Cyberoam line and will combine its features with its existing UTM products sometime next year.

WG ROGUE ap detectionOverall, the market has slowly evolved more than had any big revolutionary changes. Products are getting better in terms of features and price/performance. All six of these units will do fine for securing small offices of 25 people.

You can read the review here, check out a slideshow of the screenshots of typical features here, and watch a short (two minute) screencast video summarizing the major points of the review here.

Top 10 Retail Tech Trends for 2015

Posted on by
1

It is that time of year, when we look back and look forward, to see what has happened in retail tech and predict what might be important in the coming months. Here are my top ten choices and leading trends.

  1. Mobile and digital currencies will continue to increase. Payment options such as PayPal, Apple Pay and Bitcoin will become more mainstream, allowing consumers to use digital currencies to pay for more things. If you haven’t set up any of these technologies, now is the time to learn more about them.
  1. The iPad becomes the cash register. With the popularity of Apple’s iPad, more vendors are developing iOS-optimized versions of their traditional point of sale solutions. And the iPad-as-register will become more popular, even for smaller stores. VARs should bone up on the leading vendors in this space.
  1. Ordering ahead for in-store pickups. Target has had this for years, but it is becoming popular even for smaller retailers too. It should become the norm in the coming year. Customers don’t like waiting in line, and this is a nice convenience.
  1. “If you liked this, you will want to buy that.” Cross-selling has also become mainstream, thanks to early pioneering efforts from Amazon and other online retailers. Now in-store staff is doing this with in-person promotions. The trick is to do in a way to not annoy customers and drive them out without buying anything. It isn’t so much tech, but an after-effect of having the matching and suggestion online engine.
  1. The website will become even more of a digital hub. Stores that don’t have solid websites will suffer in 2015. Today’s website – and tomorrow’s – will have a quick way to find the closest store, peruse inventory, order online and have it delivered, send questions or comments to management, and download their latest smartphone app. And offer up exceptional user experience too. If you have neglected this side of your business, now is the time to get more involved.
  2. Expect to see more digital-based loyalty programs. Consumers are tired of carrying the cardboard or plastic rewards cards and looking for digital solutions, especially those like Starbucks that can turn into mobile payment apps.
  3. Social media campaign management tools are getting better, by necessity. Hybrid physical/online marketing will become more important in 2015, mixing both in-store and online deals. If you haven’t tried out any of the more than 100 different tools that are available in this space, now is the time to take a closer look and have your recommendations ready for when your clients need trusted advice.
  4. Mobile apps are becoming the major e-commerce vector. As we said in our column in June, Provide something unique for your store’s mobile app, or else build it into the overall general website and ensure that a mobile browser can view your pages quickly and responsively.
  5. Look towards the restaurant sector as a leading indicator of what’s in store for the rest of retail. Restaurant chains are slowly learning how to use connected technology to attract customers, deliver better customer digital experiences, and convince customers to return again and again. Unlike other online retail outlets, you can’t download your dinner, so the opportunity cost is huge for them to get their digital act together. Most of the lessons learned by restaurant chains—from both their successes and their mistakes—can be applied to other retail segments. For example, tablets are being used by waitstaff to track orders and by customers to play games and pay for their checks.
  6. Think about developing a total customer engagement platform for your clients, as we wrote about how 7-Eleven did this in the past year. These will help cement the VAR-client relationship too.

Stepping up to better authentication

Posted on by
Reply

lock-and-key-icon-thumb355812The days of multifactor security tokens may be numbered, just as they are moving beyond hardware form factors. While they are clever solutions, users don’t always like to use them in whatever guise. Tokens do get in the way of the actual transaction itself. IT staffs tolerate tokens but they do require a fair amount of programming effort to integrate into their existing systems. Tokens also have their limitations and typically only address a single access threat vector. For example, some authentication methods are great at protecting e-commerce connections but don’t handle remote connections to in-house systems or pre-paid debit card exploits

What is catching on is to use what is called risk-based authentication, context-aware or adaptive access controls The idea is to base any access decisions on a dynamic series of circumstances. These count as the additional authentication factor, rather than rely on a particular set of tokens or pieces of smartphone software. Access to a particular business application goes through a series of trust hurdles, with riskier applications requiring more security so that users don’t necessarily even know that their logins are being vetted more carefully. Moreover, this all happens in real time, just like the typical multifactor methods.

What are the typical ways that this works? Logins to your account are scored based on a series of metrics, including the role you have (such as a network admin), if you are connecting from a particular country (just as the credit card companies examine their transactions) and if you have changes to particular transaction patterns or spending patterns. If a user is doing something that doesn’t match his or her history, that becomes a riskier transaction so that authentication requests and logins can be challenged with an additional authentication measure. Challenging unusual login or transaction patterns creates a barrier that a hacker or fraudster cannot easily circumvent, while not doing the customer the disservice of demanding such authentication in a blanket manner.

Or you could have a system that detects geo-locations in a series of logins (such as one from a Chinese-based IP address and another from Canada a few minutes later).

Firewalls and intrusion prevention products have had similar step-up risk-based rules for years to analyze and block particular network behavior. But now a number of vendors are including risk-based authentication into their security tools, including Symantec’s VIP service, Vasco, RSA, SecureAuth and CA. Expect to see more of them in the near future, as the notion gains traction. I have begun to review these tools on SearchSecurity.com for a series on multifactor authentication.

Finally, if you are interested in having me write or speak on this topic, let me know.

ITWorld: How to bridge and secure air gap networks

Posted on by
Reply

The state of the art on Air Gap networks is changing with both better protective  technologies and sneakier threats that take advantage of some very elegant and extreme hacks. One of the more interesting security best practices is about to get turned on its head, thanks to some cutting-edge research at a small Israeli think tank and elsewhere. The notion is called an “air gap network” and the idea is to isolate a PC from the big bad Internet and any other communications networks so as to have complete security with the information that resides therein.

I talk about some of the latest research coming out of Israel on how to defeat these networks in a piece for ITWorld today.

How you can support Ferguson

Posted on by
3

As many of you know, I live just a few short miles from the small city of Ferguson. I wanted to support some of the numerous small businesses who are now without a building, or who are trying to clean up after the riots, looting, and arson. I asked a friend of mine, who works in the city, for some thoughts and guidance. He is frustrated because his city has become a synonym for racial bias, protests, and civil disobedience. Yet there was a lot of good things that happened in the city before this summer, and sadly no one wants to know about them before wanting to have a “conversation” or “to effect change.” But let’s talk about something you can do: send money.

Here is my modest plan. As many of you also know, for the past 12 or so years I have reached out to you and asked for you to support one of my charitable fundraising efforts that are usually accompanied by an organized bicycle ride. Over the years I have managed to raise tens of thousands of dollars for various causes like Juvenile Diabetes, cancer and MS. Today it is time to raise money for Ferguson. Several of the local businesses now have GoFundMe crowdsourced pages and are raising funds, because they want to stay in business. A few national reporters are mentioning these pages, which is great. I have tried to find ones that are still far behind on their goals but worthwhile efforts nonetheless. I would like you to take a moment, pick one (or more, if you are feeling generous), and send in your money. I have supported all of them to show that my concern is genuine.

A couple of weeks ago, I went on a bike ride to the city, along a lovely trail for part of the trip, to have lunch at Cathy’s Kitchen. I have eaten there before, it is a family-run place that has been there for several years and is one of several places owned by the family in the area. They are located across the street from the police station which was spared most of the demonstrations until relatively recently, when they were hit during the riots.
Support Cathys Kitchen

Cose Dolci is a small bakery that has also been in Ferguson for many years and also family-run, and just a few blocks away from Cathy’s restaurant.
Support Cose Dolci Bakery

Beauty supply stores in Ferguson were very much at risk, both this summer and then earlier last month during the riots: hair extensions and other care products aren’t cheap. The folks at Beauty World had their windows smashed and a bomb was thrown into the store, and the fire sprinklers soaked whatever inventory was left behind (as you can see from the photo above). Like the others it is also family run by a local couple.
Support Beauty World

Down the street is the Hidden Treasures boutique, which also suffered during the riots and is locally owned too. It is located in the Ferguson “City Walk” which was a recent new development over the past several years to bring a series of specialty shops together in close proximity that many larger cities have sponsored.
Support Hidden Treasures Antiques

The first building to burn to the ground this past summer was a Quik Trip gas station that quickly became the gathering point for many demonstrators. A small family-run insurance brokerage was across the street, and this time got its share of rioters and arsonists. Imagine trying to run your storefront behind plywood covering what once was your windows. They still want to operate in town too.
Support Solo Insurance

Last but not least is Mimi’s Bar and Grill, another restaurant that has been around for 20 years. Earlier this summer, they purchased the remainder of the building that they didn’t own, and saw their business drop to nothing.
Support Mimi’s Bar and Grill

There are obviously many more places in town that could use your support. These are just a few of the ones that I know of. Please take a moment and send in some money, whatever. I know they will appreciate your support.

The collaboration behind Colossus

Posted on by
4

CRI-117When I first heard about the heroic efforts during WWII to break the Nazi communications codes such as Enigma, I had in my mind the image of a lone cryptanalyst with pencil and paper trying to figure out solutions, or using a series of mechanical devices such as the Bombe to run through the various combinations.

But it turns out I couldn’t be more wrong. The efforts of the thousands of men and women stationed at Bletchley Park in England were intensely collaborative, and involved a flawless execution of a complex series of steps that were very precise. And while the Enigma machines get a lot of the publicity, the real challenge was a far more complex German High Command code called Lorenz, after the manufacturer of the coding machines that were used.

The wartime period has gotten a lot of recent attention, what with a new movie about Alan Turing just playing in theaters. This got me looking around the Web to see other materials, and my weekend was lost in watching a series of videos filmed at the National Museum of Computing at Bletchley Park.  The videos show how the decoding process worked using the first actual electronic digital computer called Colossus. Through the efforts of several folks who maintained the equipment during wartime, the museum was able to reconstruct the device and have it in working order. This is no small feat when you realize that most of the wiring diagrams were immediately destroyed after the war ended, for fear that they would fall into the wrong hands. And that many people are no longer alive who attended to Colossus’ operations.

The name was realistic in several ways: first, the equipment easily filled a couple of rooms, and used miles of wires and thousands of vacuum tubes. At the time, that was all they had, since transistors weren’t to be invented for several years. Tube technology was touchy and subject to failure. The Brits figured out that if they kept Colossus running continuously, they would last longer. It also wielded enormous processing power, with a CPU that could have had a 5 MHz rating. This surpassed the power of the original IBM PC, which is pretty astounding given the many decades in between the two.

But the real story about Colossus isn’t the hardware, but the many people that worked around it in a complex dance to input and transfer data from one part of it to another. Back in the 1940s we had punch paper tape. My first computer in high school had this too and let me tell you using paper tape was painful. Other data transfers happened manually copying information from a printed teletype output into a series of plug board switches, similar to the telephone operator consoles that you might recall from a Lily Tomlin routine. And given the opportunity to transfer something in error, the settings would have to be rechecked carefully, adding more time to the decoding process.

There is an interesting side note, speaking about mistakes. The amount of sheer focus that the Bletchley teams had on cracking German codes was enormous. Remember, the codes were transmitted over the air in Morse. It turns out the Germans made a few critical mistakes in sending their transmissions, and these mistakes were what enabled the codebreakers to figure things out and actually reconstruct their own machines. Again, when you think about the millions of characters transmitted and just finding these errors, it was all pretty amazing.

What is even more remarkable about Colossus was that people worked together without actually knowing what they did. There was an amazing amount of wartime secrecy and indeed the existence of Colossus itself wasn’t well known until about 15 or 20 years ago when the Brits finally lifted bans on talking about the machine. For example, several of the Colossus decrypts played critical roles in the success of the D-Day Normandy invasion.

At its peak, Bletchley employed 9,000 people from all walks of life, and the genius was in organizing all these folks so that its ultimate objective, breaking codes, really happened. One of the principle managers, Tommy Flowers, is noteworthy here and actually paid for the early development out of his own pocket Another interesting historical side note is the contributions of several Polish mathematicians too.

As you can see, this is a story about human/machine collaboration that I think hasn’t been equaled since. If you are looking for an inspirational story, take a closer look at what happened here.

Ferguson and jailed journalists

Posted on by
3

I never used to think of my chosen profession as one that was particularly life-threatening, but after seeing several reports and watching Jon Stewart’s Rosewater, I am beginning to wonder. Granted, I am not a war reporter or looking to go to some hot-spot and report on the latest human rights abuses. But neither is Sarah Lacy, who recently got a personal threat with her Uber coverage.

The Committee to Protect Journalists reports that so far this year 42 journalists have been killed, and last year hundreds more were put in prison, including 40 of them in Turkey and one here in the US (for not revealing sources).

But it turns out I don’t have to travel to some foreign land to get into jail, or to see some abusive police behavior first-hand. The Pen American chapter recently studied the events in Ferguson, which is about ten miles away from my house. They have found 21 people who have been arrested over the past several months. And while all of them have been released within hours or the next day. many of these reporters were threatened with tear gas or bodily harm in the process of doing their jobs.That’s not good.

The Pen report describes each circumstance with as accurate reporting as they can. Many have already been mentioned in the various online and print media stories about Ferguson, but it is good to have all of them collected in one place to give a better picture of the situation. Here is a summary infographic of the various events that they have extensively documented.

ferg2I would like to give the police the benefit of the doubt, because I have seen reports that they were under siege themselves with live gunfire and gasoline-filled bottles thrown at them from various demonstrators. But still, the Pen report brings up some interesting and troubling issues. While some of those arrested were “citizen journalists,” it might be hard for the police to differentiate between an accredited journalist and just someone with a cell camera that has his or her blog, Vine account, and Twitter stream. But then, many who were arrested were professionals. How to explain the situation involving two Al-Jazeera America cameramen? They had to abandon their filming due to tear gas thrown right under their tripod. Or two reporters who were sitting in a nearby McDonalds trying to file their stories? In both situations, the police later claimed they were in danger, but it seems the only danger was the situation the police themselves created.

Ferguson is such a heartache on so many levels: to see a town that is trying to do so many good things hurt by looters and mob rule. To see the quick escalation of police into combat mode that we normally associate overseas. To see an unarmed citizen killed in the middle of the day. And to see journalists that have to defend themselves because they are just trying to bear witness to what is going on.

Rosewater documents a true story about a Canadian/Iranian journalist for Newsweek Maziar Bahari who was imprisoned for three months on the charges that he admitted he was a spy on network TV. However, the admission was tongue-in-cheek as part of an interview on the “Daily Show.” The movie is well worth watching, and is based on his book that he wrote about his experience.

If we are going to be a shining example of a working democracy, we need a strong and independent press that can document police abuses. Otherwise, we are no better than the countries we criticize for trumped up charges and wrongly arresting people.

ITWorld: How to pick the right MOOC

Posted on by
1

moocIf you are looking to bring your skills into more current practice, learn a new programming language, or just experiment with taking a couple of technical classes, you are living in the best of times. There are a lot of free classes taught by some of the best teachers in the world to choose from today. This education goes by “Massively open online courses” or MOOCs.  Going about finding the right kind of class for your needs can be daunting, and I am here to help.

You can read my article in ITWorld today here.

The day the (analog) music died: five mega-trends

Posted on by
2

big-bopper-pinMany of us of a certain age remember the “day the music died” when Buddy Holly and the Big Bopper’s plane crashed. Or if not the actual day we get the reference that was most notably chronicled in the song “American Pie” by Don McLean. But there is another day that is harder to pin down, when digital music finally took over and we never looked back on CDs, cassettes, 8 track tapes and vinyl. I put that date somewhere around 1999-2000, depending on how old you were and how much analog music you had already collected by then.

It certainly has been an amazing period of time when you recall what music was like back in the day before all the iThings came along. For the most part it has been a mixed bag. Here are five mega-trends to consider.

get_smart_listen1. Music is more mobile. Back then we had separate rooms of our homes where we could listen to music, and only in those rooms. The notion of carrying most of your music collection around in your pocket was about as absurd as Maxwell Smart’s shoe-phone. We had separate radio stations with different music formats too that helped with discovering new music, and would carry recordings to our friends’ homes to play on their expensive stereos. Stereos were so named because they had two speakers the size of major pieces of furniture.

Just about everything in that paragraph has changed in 20 years. Having two speakers to listen to your music is so limiting, and you can buy a multichannel system for a couple hundred bucks these days. My iTunes music library has more music that I can listen to continuously for two weeks and close to 30 GB of files, and I am sure yours is equally vast. Songs that I ripped to the digital format are still intact 10 years later (I know I have some of the CDs around here someplace), and I can listen to music whenever and whenever I want.

2. The whole music discovery process has also been transformed. You can listen to any of thousands of tracks before you buy them in the major digital music stores. And then there are sites such as NoiseTrade who offer thousands of entire tracks free for the downloading (tipping is suggested but not required): it has become one of my favorite places to find new artists. Playlists make it easy to set up groups of tracks for every activity, something that you had to be a love-struck teenager willing to spend the effort for a mix tape, or be a DJ at your college radio station.

4b25fb883. Sharing is caring. At the beginning of this digital music transformation was Napster. It was the undoing of the music industry, making it easy for anyone to share digital copies of thousands of songs across the Internet. While they were the most infamous service, there were dozens of other products, some legit and some fairly shadowy, which I describe in this story that I wrote back in November 2001 that shows some of the interfaces of these forgotten programs.

Certainly, the notion of peer-to-peer file sharing has never recovered its bad boy cred from then. Napster had a lot of lessons for us back at the turn of the century, some good and some bad. Sadly of the several suggestions that I had about how we could learn to build better networks, none of them panned out. One of my high school students back then had a modest proposal for the music industry: to “create their own network of P2P servers and charge a nominal monthly fee.” That didn’t happen either.
4. Movie studios haven’t learned much from the digital music era. Now the movie industry appears to be headed down a similar path, albeit with bigger criminal penalties for their customers who want to share their digital copies. But we’ll leave that for another discussion, since I want to stick to music.
The early days of digital music weren’t easy for anyone, unless you were a teenager then and didn’t mind stealing your songs. I wrote extensively about the several processes of ripping and cataloging your tunes for a couple of Web Informant essays. My former student and most of his generation didn’t view P2P file sharing as a criminal act, instead, “it is a new way of dealing with an outdated corporate power structure.”
Since the rise and fall of the peer sharing services, Amazon, Apple, and to some extent a few other digital music storefronts have taken hold for selling tracks and albums. I used to buy most of my music from Amazon: they were the first to eliminate digital rights management (aka copy protection) from their tracks, but they have tricked out their player and their process and it is just easier to use iTunes Store now anyway.
5. Streaming is taking hold. But owning your music is going the way of the dodo too: several streaming services have taken hold, and it is only a matter of time before their user interface and bandwidth requirements gets perfected before they make it easier to listen to anything at anytime. There are numerous subscription streaming services, and they are getting better in terms of song availability and software quality.
The digital era has also been a mixed blessing for artists as well: most don’t make much money from selling their songs outright to consumers: their cut is minimal from the digital music stores. This has driven many of them to hike their performance fees. While digital technologies have made it easier to sell music to the public, it has become more of a “long tail” kind of business, with just a few mega-groups that can actually support themselves on song revenues.
Would I turn back the clock to analog music? Nope. It has been a great 15 years, and I don’t mourn its death. But it has been a fascinating time to see how things have evolved.