Hackers target public Wi-Fi to steal corporate data · 2014. 4. 16. · of a VPN when you’re...

by Ian Grant

register online @ www.networkingplus.co.uk to receive your free monthly copy managed

Cyber securityA skills shortage isleaving organisationsvulnerable to cyber crimeFeature, pp10-13�

Threat detectorsThe latest securitysystems to helpprotect the networkand IT assetsOff-the-shelf, p14�

Corporate road warriors have beenadvised to always use VPNs if theyconnect to public Wi-Fi hotspots, andideally stick to using their home routers toconnect to the internet. The warning comesafter experts at specialist security researchfirm Team Cymru reported finding morethan 300,000 compromised office/homeWi-Fi routers around the world.

Team Cymru says attackers are alteringthe DNS configuration on these devicesin order to redirect their victim’s DNSrequests. They subsequently replace theintended answers with IP addresses anddomains which they control, effectivelyconducting a man-in-the-middle attack.

According to Team Cymru, thecompromised routers include models fromD-Link, Micronet, Tenda, and TP-Link.

The rising use of BYOD for work andremote access to corporate data via publichotspots has prompted cyber criminals toattack routers. Troels Oerting, the head ofEuropol’s cyber crime division, told theBBC he had seen an increase in the misuseof Wi-Fi to steal sensitive personal data.The attacks on SoHo routers suggestbusinesses are targets too.

Fon claims to be the world’s largestpublic access Wi-Fi network. It hasdeployed more than 12 million hotspotsglobally and works mainly in associationwith incumbent telcos such as BT.

While neither company was preparedto confirm or deny if any of its routershad been compromised, Fon spokesmanAdolfo Arias told Networking+: “Fon is avery secure way to access the internet

www.networkingplus.co.uk M A R C H 2 0 1 4

Hyperoptic’s FTTP gigabit broadbandservice is now available to commercial andresidential developments in Bristol, Cardiffand Reading. These are the first deploy-ments for the firm outside London, andrepresent its initial round of ‘hypercities’which aim to make true hyperfast broad-band internet infrastructure available to themarketplace for the first time.

Hyperoptic says it chose the sites as theyare among the UK’s “most thriving” urbancentres, and have high consumer demandand population densities. The fibreprovider plans to make its hyperfast serviceavailable in a number of additional cities inthe months ahead. At the same time, it iscontinuing its expansion across Londonwhere it says it will soon reach more than35,000 homes in 150 developments with atarget of half a million homes by 2018.

More recently, Hyperoptic announcedthat East Village, the former Olympic

village in Stratford, had been installed withits gigabit fibre broadband infrastructure,giving residents access to the UK’s fastestbroadband speeds.

Hyperoptic describes itself as a “pioneer”in FTTH. In 2011, it claimed to havebecome the first ISP to deliver a 1,000Mbpssymmetrical residential broadband servicein the UK. It says this speed remains “68times faster” than Ofcom’s current nationalaverage, and 10 times the speed of itsnearest competitor.

Hyperoptic adds that, unlike rival offer-ings, its hyperfast broadband technologyprovides “unimpeded” fibre speedsdirectly to premises. “Other so-called‘superfast fibre’ services are generallyhybrids, relying on existing infrastructureand dated copper cables to make up at leastpart of the line. [This results] in drasticallyreduced internet speeds and unpredictableperformance,” states the firm. �

Hyperoptic turns Bristol,Cardiff andReading into “hyperfast” cities

F I X E D & W I R E L E S S N E T W O R K S F O R E N T E R P R I S E U S E R S

because all users are identifiable andregistered. Technically, the public andprivate signals are separated to be able toidentify any misuse of the network. Inthis way, Fon is able to stop any of suchmalicious actions when detected.”

Barbara Nelson, CTO of iPass whichhas 2.2 million public Wi-Fi hotspots in130 territories, says she is unaware of anyhacked hotspots or user sessions on hercompany’s network. “We recommend thathotspot customers use a VPN to protecttheir data traffic. Our Open Mobile forWindows client can automatically launcha VPN. On smartphones or tablets, theuser can configure the VPN to belaunched on public networks.”

Nelson explains that iPass protects theuser during the login process, ensuring thatthe credentials are passed only over asecure connection. “Once the user haslogged in and is connected to the internet,we do not directly protect the data as we donot sit in the data path. That’s why werecommend that users use a VPN to protect

their data, or make sure they sendinformation over the HTTPS channel only.Some cloud-based apps allow you toconfigure your profile so that you only useHTTPS rather than HTTP to reach theapplication.” �Does the UK have the skills to stay one stepahead of the hackers? Cyber securityfeature, pp10-13.

Superconnected citiesNewcastle set to become one of thefirst UK cities to benefitNews, p3�

Public Wi-Fi spaces are becoming hangouts forhackers – industry experts recommend the useof a VPN when you’re online with your latte.

Hackers target public Wi-Fi to steal corporate data

Money in the bankIT networks helping to keep financial firms in the blackReal World Networks,p8�

Net+ 1403 p1 (cover) AM RN NEW.qxd 28/3/14 14:23

news

2

register online @ www.networkingplus.co.uk NEW WEBSITE COMING SOON!

Online council services fail to keep up with mobile usersCouncils are failing to give ratepayers adecent service when they access onlinelocal services via mobile devices,according to Socitm (Society ofInformation Technology Management).

In March, Socitm published its BetterConnected report which revealed a sharpdrop in the number of councils getting highmarks for their web presence. It said thiswas mainly due to the poor experienceprovided when customers used theirsmartphones or tablets to access councildata or transact with them. Socitm reportedthat 31 councils (eight per cent) won thetop four-star grade. The number of four-starsites dropped from 39 in 2013 to 31, andthree-star sites from 165 to 157.

“Only 31 per cent of sites achieved theBetter Connected standard for mobileaccess, despite the fact that nearly a thirdof visits to council websites are nowmade from mobile devices,” said Socitm.

The number of councils that passed the society’s separate accessibilityassessment almost halved from 194 (44per cent) to 105 (26 per cent). “Much ofthat is also explained by the lessaccessible mobile experience,” it said.

Feedback from Socitm’s websiteperformance service shows that publicsatisfaction with the user experience fromcouncil websites dropped by 12 per centduring 2013. Of the 14 top tasks tested,‘Apply for a copy birth certificate’ cameout best with 87 per cent of sites achievingthe standard. This was followed by ‘Applyfor a primary school place’ (75 per cent).

Poorly performing tasks included:‘Find out about football pitch’ (17 percent); ‘Report fly-tipping’ (28 per cent);and ‘Find out about care homes forelderly relative’ (33 per cent).

Socitm said that while searches hadimproved, there was a “significantdeterioration” in accessibility for disabledpeople. Also, a quarter of councils with ananswerphone message for out-of-hoursenquiries failed to refer callers to thewebsite. “This indicates significant lack ofcorporate commitment to self-service bythese councils,” says the society.

It added that efforts by local authoritiesfor digital engagement is patchy butimproving. Use of online customeraccounts is 32 per cent, email alerts 36 percent, and there were social media links on88 per cent of home pages. Forty councils(10 per cent) are rated good overall.

Better Connected found 69 apps compared with 36 last year, up 92 per cent.“This does not include council promotion ofthird-party service apps, which were mostfrequently found for cashless parking, foodhygiene ratings, taking payments, swim-ming timetables and library catalogues.”

This is the first year that website performance on mobile devices has beenfully tested for the Better Connectedstudy. Socitm said on average, resultsfrom tasks on mobiles were half as goodas those on PCs. It said that this indicatescouncils are currently finding it difficultto match the quality of experience on thedesktop with that on mobiles. �

England wins the lion’s share of fresh broadband funding

nn ee tt ww oo rr kk ii nngg march 2014

England will get the bulk of the £250mthe government has released to expand“superfast broadband” coverage and fill innot-spots. The split is: England £184.34m,Scotland £20.99m, Wales £12.11m, andNorthern Ireland £7.24m.

The money will be matched by countycouncils, and will supplement thegovernment’s existing £530m programmewhich is also match-funded. It will beused to roll out high-speed broadband toareas thought to be uneconomic, roughlyone-third of the population. All in,taxpayers are contributing more than£1.9bn, mostly to improve BT’s network– the 46 contracts awarded so far have allgone to the incumbent telco.

Parliament’s PublicAccounts Committee(PAC) has been highly sceptical of the valuefor money offered by the present contracts.It called for BTto be refused any of the latestmoney until it produced evidence of value.

A PAC meeting in January heard thatBDUK, the government quango taskedwith overseeing the rollout, had recoveredabout one-third of the money BT allegedlyover-invoiced on early contracts. BT saidit would extend coverage using anymoney thus recovered.

The government is hoping to ensure 95per cent of homes have access to a high-speed broadband service by 2017. This istwo years later than originally planned, butnow includes five per cent more homes.

In related news, independent networkbuilder Gigaclear has installed a 1Gbpsfibre network in Kingston Business Park,Oxfordshire. The new infrastructure,commissioned and paid for by tenants,improves on the existing copper network.BT is widely believed to be ignoringbusiness parks for fear of hurting its leased-line revenues (see News, Jul/Aug 2013).

Communications minister Ed Vaizeysays: “Having seen Gigaclear’s systemselsewhere, I know just how fast andeffective they are. A good broadbandconnection has become an essential facilityfor businesses in the UK, and businesses atKingston Business Park could not havebetter connections than this.”

Richard Lee, senior surveyor for DexterBrown, managing agents for the park, saysthat since installing the Gigaclear network,properties were “more marketable andappealing” to tenants who are attracted bythe high broadband speeds. He adds thatthe network has helped to retain existingtenants and attract new ones. �

OneAccess and The Auriga Network havelaunched an enterprise-class satellite VPNservice. For the first time, UK businessescan now establish a subscription-based,high-speed, fully encrypted VPN viaEutelsat’s next-generation KA-SAT satellite.

The managed service will enable organ-isations with sites beyond the range ofterrestrial networks to take advantage ofKA-SAT’s high throughput transmissionspeeds. It is said to provide download/upload speeds of up to 20Mbps/6Mbps, andenable the delivery of a variety of trafficacceleration, IP routing, and IP-VPNsecure transport services. The service isavailable to UK customers via Eutelsatpartner and Auriga reseller, Europasat.

OneAccess and Eutelsat have developeda router which they say uses KA-SAT’scapabilities to deliver “DSL-like satelliteVPN services to the enterprise market atDSL-like prices”. Auriga’s serviceleverages this technology to manage theconsolidation, encryption and routing ofdata passing from the customer’s terrestrialprivate network across the satellite VPN.

The companies also claim that the newservice significantly lowers the typical costof deployment for a solution of this kind.

Until now, they say that an enterprisesatellite VPN solution has required the useof a dedicated IP access concentrator tomanage the data encryption specified byVPN standards. In contrast, the OneAccessand Auriga service manages the encryptionfor multiple satellite links via a smallnumber of concentrators housed in a singleLondon-based telehouse. It’s claimed thismodel dramatically reduces both the

capital expenditure required to provision anew satellite VPN as well as the costsneeded to maintain the system.� London-based ISP Satellite Internetsays it has launched a low cost scheme forrenting satellite broadband equipment.

For a two-year minimum contract at£12.50 a month, businesses and homes inrural and hard-to-reach parts of the UKand Ireland get a dish, transceiver andsatellite modem linked by a 30m RF cable,as well as the Ethernet cable to connect toa computer or router. Installation andactivation costs are extra.

Satellite Internet says its offers 20Mbpsdownload speeds with subscriptionpackages available from around £10 permonth. Its network is backed by SESBroadband Services and can be usedanywhere in the UK as long as the usercan have a dish installed to their propertywith a clear view of the southern sky. �

Satellite-based VPNlaunch for UK business

Communicationsminister Ed Vaizeysays that a goodbroadband connectionhas become anessential facility forbusinesses in the UK.

Business users in remote parts of the UK cannow rent low-cost satellite broadbandequipment from ISP Satellite Internet.

Net+ 1403 p2 (news) AM RN NEW.qxd 28/3/14 16:42

newsregister online @ www.networkingplus.co.uk NEW WEBSITE COMING SOON!

3 march 2014 nn ee tt ww oo rr kk ii nngg

Imagine retirement homes supported by anintelligent infrastructure which saw resi-dents’ pill boxes advising them when it wastime for them to take their tablets so noneare missed. Or how about sensors capableof detecting changes in tissue a few hoursbefore the onset of a heart attack, under-mattress devices that can analyse thequality of sleep, or Google lenses tomeasure glucose levels for diabetics?

These are all developments taking placein the rapidly evolving Internet of Things(IoT) – the concept of previously passiveobjects becoming smarter through connec-tion to the internet. According to an IDATEstudy conducted last September, the worldwill have 80 billion connected objects by2020, compared to the 15 billion today.

The health sector is one area that cangreatly benefit from this trend, and it couldprove to be an essential part of the futureof care and retirement homes. But applica-tions of the technology, as detailed above,cannot be implemented without carefulplanning. Discussion on a wide range ofissues such as confidentiality, reliability,security and IT infrastructure, would be justthe beginning to turn the vision into reality.

As with any network, the more devicesthat are connected, the more data there isto gather and store on the LAN or WAN. Inretirement homes, this information willneed to be centrally processed as well as

being directly related to the relevantcaregiver. Robust networks capable ofhandling multiple connections and highvolumes of data whilst maintainingsecurity will have to be implemented –otherwise the increasing data volumesmight rapidly paralyse the devices runningfrom it, potentially compromising therunning of the care home and, moreimportantly, endangering residents.

Furthermore, interoperability is essentialfor ‘smart’ devices to communicate withthe network. They must use the samewireless bandwidth and adhere to thesame security standards, otherwise costly‘workarounds’ will need to be purchased.

For the IoT to become a reality the func-tion of IT management must become moreprominent. For example, retirement homeswill need to hire a systems administratorto install, setup and monitor all connectedequipment, and to ensure security. Powerfultools and comprehensive monitoring willneed to be deployed to manage thenetwork on a daily basis, and to respondquickly in case of failure.

Indeed, it won’t be long before thenetwork administrator is an essentialfunction across many sectors outside‘traditional’ IT, becoming the lynchpin fora huge range of connected objects thatwill soon become, like our smartphones,indispensable.

THE WORLD ACCORDING TO...Alessandro Porro, VP of international sales, Ipswitch

How the Internet of Things is set to transform care for the elderly

Newcastle has unveiled plans to becomeone of the country’s first superconnectedcities. Go Digital Newcastle, a governmentinitiative delivered by the local council,will see 97 per cent of the city given accessto superfast fibre broadband by 2015, aCloud Innovation Centre, and free Wi-Fi inthe city centre as well as on the Metro.

Newcastle is one of 22 cities wheresmall businesses, charities and socialenterprises can apply for vouchers worthup to £3,000 to get connected to high-speed/high grade broadband with one ofnearly 200 registered suppliers (see News,Nov 2013). They will also be able to benefitfrom a free business support programmeoffering digital master classes andworkshops, delivered by BE Group.

BT has been awarded the contract todeploy fibre broadband across Newcastle.It is replacing copper with FTTC in streetsacross the city, promising to deliver speedsof up to 80Mbps and with most businessesand homes able to access 30Mbps orhigher. It’s claimed that the network will beopen to all communications providers onan equal wholesale basis in order to createa highly competitive market for consumers.

Around £9m of public money is beingput into Go Digital Newcastle. The

funding includes £1.89m from BT,£970,000 from the local council, and£970,000 from the Broadband DeliveryUK Local/Rural Broadband Programme.

The Government’s SuperconnectedCities programme will cover the voucherscheme, Wi-Fi in the city centre and Metro,as well as the Cloud Innovation Centre.The enterprise support scheme will bebacked by the DCMS/European RegionalDevelopment Fund and the council. �

Newcastle to becomeone of the UK’s firstsuperconnected cities

Ethernet switch vendors enjoyed abumper year in 2013, racking up anestimated $22bn in sales, according tomarket researcher Dell’Oro Group. Itsays that a record number of vendorsexceeded $400m in sales. They include:Cisco, Dell, Extreme Networks (includingEnterasys Networks), Hewlett-Packard,Huawei and Juniper Networks.

The report covers vendor revenues,average selling prices, and port/unitshipments by speed, including Fast Ethernet,Gigabit Ethernet and 10/40/100GbE, forLayers 2-3, both managed and unmanaged.

Dell Oro says “white box” salesoutperformed the overall market, albeitfrom a smaller base. Alan Weckel, thecompany’s VP for Ethernet switch

research, says white box switchingcontinued to gain momentum in 2013,especially among major cloud providers:“[Their] insatiable demand for networkequipment and strong growth inenterprise data centres contributed to themajority of the revenue increase we sawin the Ethernet switch market.”

He adds that shipments to enterprisecustomers also outpaced the overallmarket, leaving many vendors in thissegment with record sales.

Weckel expects the impact of the cloudand the emergence of Chinese vendors toweigh heavily on the market and individualvendor performance throughout the year.“Nevertheless, we anticipate overallmarket growth will continue in 2014.”

Record 2013 sales of Ethernetswitches point to rise of SDN

EDITORIAL:

Editorial director: Rahiel [email protected]

Deputy editor: Ian Grant [email protected]

Designer: Alan McClenaghan [email protected]

Contributors: Carmen Carey, Alessandro Porro

ADVERTISING & PRODUCTION:

Sales executive: Andy [email protected]

Production: Suzanne [email protected]

Sales apprentice: Elisha Gill [email protected]

Publishing director: Kathy [email protected]

is published monthly by:Kadium Limited, Brassey House, NewZealand Avenue, Walton-on-Thames,Surrey, KTI2 IQD, United Kingdom.Tel: +44 (0) 1932 886 537Fax: +44 (0) 1932 886 539

Annual subscription: £80 (UK); £95(Europe), £100 (USA and the RoW)airmail. Cost per single copy is £8.25.

Printed in England by Williams Press.© 2014. All rights reserved.

The contents of the magazine may not bereproduced in part or whole, or stored inelectronic form, without the prior writtenconsent of the publishers. The viewsexpressed in this magazine are notnecessarily those shared by the editor or the publishers.

ABC audited circulation:19,6791 Jul 2011 – 30 Jun 2012

Chi Onwurah, MP for Newcastle Upon TyneCentral, says good connections are now a“necessity rather than a luxury”. The localcouncil adds that superfast broadband willhelp turn “local heroes into superheroes”.

Dell’Oro’s finding points to the growinguse of software defined networking (SDN)as big cloud, hosting and enterprise userstry to maximise their value for money byvirtualising their networks. White boxesuse generic, off-the-shelf commodityswitches and routers within the forwarding

plane of an SDN. They allow organisationsto pick and choose the elements they need,from the OS to controllers for forwardingand routing tables. In an SDN environment,the apps running on top of the controllerprovide the higher level orchestration andprogrammability of the network. �

Net+ 1403 p3 (news) AM RN.qxd 26/3/14 16:10

The expected consolidation of networkoperators in Europe and elsewhere could bematched by mergers and acquisitionsamong network equipment suppliers,according to Cisco CEO John Chambers.

Speaking to journalists at the recentMobile World Congress, Chambers said therumoured marriage of Nokia Solutions andNetworks (NSN) and Juniper Networkscould be the first of many in the sector.

“You are going to see a combination ofcompanies occurring,” said Chambers,predicting a series of “musical chairs” asvendors seek to gain critical mass,

intellectual property, and skilled staff tocope with the accelerating move to all-IPnetworks and virtualised networking.

NSN CEO Rajiv Suri earlier declined toconfirm whether a deal with Juniper waslikely. “We have a partnership with Juniperand we will look at ways to expand that.I’m not opposed to M&A, but we don’thave to do a deal for the sake of a deal.”

Chambers said Cisco has proved itsability to hold market share. “Now peopleare going to play our game,” he said. Hesuggested that only players with broadproducts sets would survive, and that the

market for box movers, standalone playersand “white box” manufacturers wasgetting tougher. However, this view iscontradicted by the record results forEthernet switch vendors reported bymarket researcher Dell’Oro (see News, p3).

Cisco and Juniper, the market leaders inhigh-end carrier and enterprise IP-basednetworking, have most to lose from thegrowing interest in software definednetworking (SDN). This is based oncommodity off-the-shelf servers wherenetwork functions are provided by softwarerather than proprietary hardware. �

news register online @ www.networkingplus.co.uk NEW WEBSITE COMING SOON!

4nn ee tt ww oo rr kk ii nngg march 2014

LIGHTNOWinterconnects busydata centresSSE Telecoms has launched LIGHTNOW, ahigh-capacity, ultra-resilient optical networkingservice to provide connectivity between 21 ofthe busiest data centres in the London area.The new service promises to give organisationsrapidly provisioned, in one week, 10Gb opticalwavelengths between data centres and withsub 1ms latency. It offers customers flexiblecontract durations starting at three months, azero set-up charge option, in-life circuit movesbetween any of the on-net data centres, and24/7 support. LIGHTNOW is a key componentof ‘Project Edge’ which will see SSE expand itsnetwork to 13,700km, reaching 200,000central business district postcodes. �

North Lincs gets newvoice linksSinclair Voicenet will supply and install newvoice recording systems at two separate sitesfor North Lincolnshire Council. They will bedeployed to record calls to the CCTV centrewhere an assisted living platform monitorstelecare services throughout the borough,as well as to the council’s IT support centre.The new systems will be installed in a virtualenvironment enabling recordings to becaptured from analogue, digital and IPextensions at the two locations whilst sharing the council’s existing data networkinfrastructure. Sinclair is also providingsecure, centralised data storage, enabling the council to store the voice recordings. �

Centile and Snom joinforces to offer unifiedcomms servicesIP handset maker Snom Technology has teamedup with unified communications specialistCentile Telecom Applications to deliverbusiness-class UC services to operators and services providers in the UK. Centile hasintegrated Snom’s handsets with its Istraplatform. It claims this gives operators andservice providers the tools they need to quicklydevelop, deploy, and monetise new servicesover existing networks, for the broadest rangeof user devices. The integrated platform offersfeatures such as n-party conferencing,boss/secretary, call park/pickup, presence,chat, and voice call continuity. �

February proved to be a busy month forC4L, the Bournemouth-based colocationand connectivity specialist, as it announcednew partnership deals with Virtus DataCentres (VDC), BC Technologies, andSMB Network Solutions.

VDC has signed up to C4L’s PartnerNetwork in an effort to gain all the connectedbenefits of the company’s global portfolio ofservices. Virtus’ Enfield data centre is now atributary to C4L’s recently launched coreTXnetwork (see News, Nov 2013).

C4L says that having VDC as a networkpartner extends its colo footprint, and will“hugely benefit” customers. “This shared

partnership means together we can offerindustry-leading collaborative services,”claims C4L CEO Simon Mewett.

Staines and Glasgow-based IT supportcompany BC Technologies has also becomea network partner, and hopes to increasefuture business using a private virtualisationplatform. This will allow it to offer remotemanaged services to assist its customers inthe financial, legal, architectural andmedical sectors. BC will leverage C4L’scolocation and cloud infrastructure to enableclients to use highly secure platformswithout the risk of exposing sensitive datathrough regular storage connections.

Meanwhile, SMB Network Solutionshas teamed-up with C4L to become anassociate business partner. The agreementcombines C4L’s SIP trunk infrastructurewith SMB’s telephony hardware to offerenterprises an IP telephony platform.

C4L says its infrastructure offerscompletely private, secure and reliableconnectivity. It claims to guaranteesignificant improvement and ease ofaccess for businesses upgrading fromtraditional and costly copper to its SIPtrunks. SMB will enable end users to accessthe network by providing the requiredhardware to make it operational. �

C4L signs up new partners to boost connectivity

“Musical chairs” predicted for network vendors

Plymouth University is using networkmonitoring and management software fromComtact for real-time detection, diagnosisand resolution of network performance.

Plymouth has around 30,000 students, andone of its aims is to become an ‘edgeless’digital university. Its approach is to use tech-nology to help enhance teaching, learning,research, innovation and service provision.The university therefore needed to safeguardits infrastructure and meet the growingdemands for 24x7 network connectivity.

It has now implemented Comtact’s Auroraproactive monitoring and remediation serviceto secure the infrastructure, and can benefitfrom optimal network performance and reliability. Using software from SolarWinds,Comtact says Aurora eliminates downtime,

and simplifies detection, diagnosis, andresolution of network issues beforeoutages occur. Following the initialdeployment, it says that the university nowhas an efficiently configured monitoring

platform with a bespoke managementdashboard, accessed via a secure webportal available round the clock. Comtactadds that this easy-to-use solutionprovides Plymouth with visibility ofperformance data, utilisation statistics anddevice availability.

Adrian Hollister, head of strategy andarchitecture at Plymouth University, says:“As Plymouth continues to grow andsupports a plethora of edgeless initiatives,the demands on our network and all of thecomponents that reside within our ITenvironment increase.

“Aurora has afforded us quicker responsetimes, reducing the noise of verbose alerts,cutting resolution time and saving lostrevenue and avoided user frustration.” �

Plymouth University eliminatesdowntime with network monitoring

Plymouth University has around 30,000students, and aims to use technology to helpenhance its service provision.


Net+ 1403 p5 (IBM).qxd 26/3/14 15:40

HP and NEC Corporation will worktogether to use open standards to developsoftware-defined networking (SDN)solutions for enterprises.

The two companies have been strategicalliance partners since 1995. NEC says itslarge-scale, mission-critical enterprise ITsystems were developed using HP-UX,HP’s Unix-based operating system.

Building upon their collaboration onenterprise servers, HP and NEC will nowwork together on developing networkinfrastructure solutions. They aim todeliver the equipment and open standards-based SDN solutions required in what NECcalls the “New Style of IT” that is beingdriven by industry trends such as socialmedia, mobile, cloud and Big Data.

In addition, the two firms are workingwith industry-standards organisations aspart of their commitment to a standards-based SDN solution. HP and NEC plans tobuild an ecosystem of vendors providing

business and network applications usingproducts that have open standards toimplement SDN, which in turn allows fordynamic control of the network.

The partners believe open standards areessential for future network infrastructure.With virtualisation and automationtechnology becoming more important tothe network, NEC has started work to portits Virtual Tenant Network (VTN)application to interoperate with HP’s SDNcontroller. NEC says this will extend thebenefits of the VTN to customers with exist-ing HP Networking-based infrastructure. �

news register online @ www.networkingplus.co.uk NEW WEBSITE COMING SOON!

nn ee tt ww oo rr kk ii nngg march 2014 6

Board meetings at South Tyneside NHSTrust are now completely paperless. Thanksto Huddle, the cloud content collaborationservice, executives can review all relevantdocumentation on their tablets, and cansecurely access their board packs from theirhomes or remote office sites nationwide.The move is said to have reduced the trust’spaper usage by 100 reams a month.

With board members dispersed acrossSouth Tyneside, and many of them withouta desk within the trust’s premises, staffwere faced with the challenge of creating,collaborating on, and sharing board packsevery month. Often 600 pages long, sectionsof these packs were regularly sent back andforth via email during the creation processfor feedback and approval.

Martin Alexander, the trust’s director ofinformation services, says: “Email is a poorcollaboration tool when it comes to versioncontrol and security. When you send anattachment to 20 people, no one knowswhich version is final or what has changed.”

In addition, administration staff wouldspend significant amounts of time printingand putting together all of the relevantinformation for each board member. Thesepacks were then picked up from the trust bymembers or sent out via recorded delivery.

The trust decided that it would createpaperless board meetings and provideaccess to documentation from sites outsidethe corporate network. iPads were issued toall board members, and the trust then choseto use secure cloud services provided byHuddle which has has a UK data centre andis pan-government accredited at IL2.

A Huddle workspace is now created foreach meeting. All content associated witha particular meeting can be stored in onecentral place and administered by aspecific secretary. Should legacy boardpapers need to be revisited, members canaccess the relevant workspace rather thangoing through five or six filing cabinets oflegacy paperwork, as everything is nowstored in Huddle’s secure cloud. �

HP and NEC partner foropen standards SDN

Virtustream will provide SapphireSystems with fully managed IaaScapabilities for its SAP Business OneOnDemand environments worldwide.The partnership aims to enable Sapphire,a global provider of financial accountingand business management solutions, tooffer a consistently high quality hostingservice to its international customers.

The IaaS platform uses xStream,Virtustream’s cloud management softwarewhich is underpinned by micro-VM( μVMTM) technology. Sapphire plans toleverage this to deliver enterprise-ready,secure cloud environments for missioncritical and production applications suchas SAP Business One.

Sapphire Systems MD Ian Caswell

says: “As a globally accredited IaaSprovider that works so closely with SAP,Virtustream will enable us to provide arange of support services to our customersaround the world and allow them to focuson adding value to their business.”

Virtustream claims that its managedIaaS capabilities, coupled with theexperience it has in dealing with ERPsoftware performance, gives Sapphire theability to manage complex, production-critical applications for clients withoutimpacting business performance.

It adds that the assured application-levelSLAs it can guarantee for performance andavailability will enable organisations to runproduction applications in the cloudwithout disrupting their daily activities. �

Virtustream to provide fullymanaged IaaS platform

Cloud collaboration allowsNHS Trust to go paperless

As CIOs begin to construct plans forwidespread migration and deployment ofenterprise applications within the cloud,the concept of incubation has beenthrown into the spotlight.

Incubation within the cloud is a processused to separate or ‘incubate’ new solutionson a limited scale. This means problemscan be identified on a small-scale basis, sothat innovations can be created, developedand tested, before being used for wide-spread applications in the cloud.

It’s a concept that will appeal to many ITorganisations that want to embrace thecloud, but are struggling with the basics ofthe platform in its entirety. This is often thecase because day-to-day teams do nottreat cloud technology and processes asunique, and don’t see the cloud for what itis: an entirely new era in IT.

Companies that have been successful inimplementing wide-scale enterprise cloudapplications have recognised the need,not only for new development approaches,but also for changes in behaviour withinthe whole of the IT organisation. Thisleads to the creation of an entirelyseparate incubating IT function.

What does this mean? It leads to devel-opers working alongside support personnelto create new business processes, and amove away from a classic ITIL support

model towards one that focuses on dev/ops.Ultimately, it means an incubation-based ITfunction that runs alongside your existingteam without hampering it.

Incubation capabilities enable organisa-tions to move to the cloud with confidence,having proven the technology as well as thenext-generation IT processes. Thanks to theproof of concept environment made possi-ble by incubation, organisations are able toidentify bugs and other areas of concerns,before large applications are rolled out forwide-scale deployment within the cloud.

Incubation is a step in the evolution ofthe way applications are developed, infra-structure is consumed, business solutionsare subsequently operated, and how theseare maintained and supported in lifecycle.Every way of ‘doing’ in a classic IT organi-sation is different when it comes to thebehaviour of the cloud – especially whentaking full advantage of what’s on offer.

Moving forward, this allows companiesto increasingly address more businessproblems and find solutions using the samemethodology. By using incubation withinthe cloud, organisations will be able toembrace the technology more easily. Theywill be able to morph with confidence –from a classic IT base with privateinfrastructure and applications, to a muchmore agile and cloud-focused IT business.

VIEW FROM THE TOPCarmen Carey, managing director, ControlCircle

Evolution not revolution: moving tothe cloud with incubation

Bethany Mayer, SVPand GM for HPNetworking, says herfirm has the “mostwidely deployed”SDN-enabledinfrastructure.


Net+ 1403 p7 (APC).qxd 26/3/14 15:42

real world networks register online @ www.networkingplus.co.uk NEW WEBSITE COMING SOON!


Banking on unifiedcommunications

Kcom has designed and implemented a complete unified communicationssolution for Lloyds TSB CorporateMarkets. The solution was sought when the bank made a crucial move to consolidate its corporate-focusedbusinesses, led by the opening of a newstate-of-the-art head office (picturedbelow) in Gresham Street, London.

In late 2005, the relationship banking,structured finance, debt capital marketsand risk management businesses forLloyds’ corporate customers were merged.In July 2006, this single and unitedbusiness was re-launched as ‘LloydsTSB Corporate Markets’. During theintegration of the underlying 14 businessunits, several major challenges were

uncovered. There were several oldbuildings with limited communicationswithin and between them, as well as noaccess to a common customer database. Adecision was made to create a single frontoffice where the bank’s clients could beaccessed. New headquarters were foundin the City of London to house morethan 1,100 staff, including 200 traders.

From the signing of the lease at thenew Gresham Street headquarters, themanagement team had one year to getthe premises fully operational. With 300 people on the site it was a complexcoordination exercise.

Kcom had already proven to be avaluable partner for Lloyds, deliveringsuccessful projects at its Monument Streetoffice and contingency centre. Using Ciscoproducts, the company was selected toprovide the LAN at the new site togetherwith an IPT system for all the staff.Kcom also deployed a Cisco Aironetwireless network, voice messaging, and a 30-seat contact centre. In addition, athree-year reactive break/fix supportcontract is in place and will ensure thatthe network runs smoothly.

It’s claimed that Lloyds TSB CorporateMarkets now has a world-class facilityusing the latest technology to provide a converged voice and data network.

Uptime is moneyWith global markets and clients all now just milliseconds away, fast, reliable andresilient IT is crucial for organisations in the financial sector.

Colin Everett, head of IT strategy andarchitecture at Lloyds TSB CorporateMarkets, says: “The working environmentis vastly improved and we are starting toreap the rewards. We can now walkaround and talk to the sales teams. Thereis a new cafe with built-in wirelessaccess, providing a great environmentfor meeting, talking and planning. Withtraders and bankers working long days, it is paramount that they have the mostconducive working environment.Productivity will increase as a result.”

Making disaster recoverya necessary priorityAccountancy and tax advice firm BoothAinsworth LLP is responsible for thepayroll of more than 600 businesses and8,000 employees across the northwest.The Stockport-based organisation is aBACS Approved Bureau and musttherefore meet the paymentorganisation’s strict compliancerequirements to be able to pay clients’employees directly. Comprehensivedisaster recovery (DR) criteria must bemet to achieve this status. But the firmwanted to take this a step further, anddecided to upgrade its DR systems andsupport, putting high-performing IT atthe forefront of its priorities.

Gary Cook, partner and head ofprofessional practices at BoothAinsworth, says: “There are so manyhorror stories of organisations that don’tunderstand the importance of businesscontinuity and disaster recovery, but wesee this as an extension of our duediligence to our customers.”

Working with JMC IT, its long-standing partner, the firm deployed livereplication technology at its DR site. Aradio link and broadband backup wereinstalled, providing Booth Ainsworthwith resilient access to the internetshould there be any failure to its primaryconnection. Data is backed up overnightand mirrored in two separate, secure datacentres, protecting vital informationagainst any potential disasters.

In addition, JMC’s support team(pictured below) is providing anincreased level of active systemmonitoring and IT support to ensure that Booth Ainsworth’s systems offersustained high performance. Thisproactive approach to support means thatany IT issues can be resolved, often wellbefore they impact on the business. “Wehave amazingly little downtime on oursystems, which is very important to abusiness where time is money,” saysCook. “If we do encounter any problems,JMC gets us back to normal, usuallywithin as little as 15-20 minutes.”

WorkPlaceLive helps to“revolutionise” financialservices companyHurst Financial is a privately ownedindependent financial adviser practicebased in Salisbury. It has a team of sixadvisers and two admin staff, and until2012 the firm managed its own IT systemwhich comprised a server, eightworkstations, an intranet with a database,plus several bespoke software packages.

The system’s remote access capabilitywas slightly cumbersome so Hurst’sadvisors couldn’t work from home ortheir clients’ offices. The company alsorelied on two backup servers for datastorage, and when one of these failed,the company decided to upgrade its ITand looked for an alternative solution.

Most of the IT companies Hurst spoketo simply recommended the purchase ofnew PCs, servers and software packages –a cost of around £35k. Not only was thisoutlay prohibitive, it didn’t make sense tomove to a more expensive version of thecurrent system, particularly withoutremote access capability.

Hurst then looked into cloud computingoptions and approached WorkPlaceLive, adivision of Horizon Computer Solutions,which offered hosted desktop solutions ataffordable prices. Chairman Mike Hurstsays: “We realised that a hosted desktopsolution would provide the capabilityand flexibility we required.”

Hurst opted for WorkPlaceLive’s hosteddesktop solution to solve its IT issues andgain robust remote access. Crucially, thesystem integrated with Hurst’s intranetwhich had been tailor-made for the firm.WorkPlaceLive’s solution also integratedwith business-critical software that is usedby the company’s advisors to measurerisk. Financial Services Authorityregulations obliges all IFAs to have suchsystems in place, so it was vital for theadvisors to have access to this software.

“WorkPlaceLive reassured us that allour software, databases and data wouldwork through its hosted desktop solution,”says Hurst. “The migration was seamlessand as soon as we had signed contracts,the company transferred all our dataacross and tested it. Five days later, thenew system was up and running.”

WorkPlaceLive says its system has“revolutionised” Hurst’s business,changing the way advisors work andsaving the firm considerable money as itdidn’t have to invest in any new PCs. Allthe IT administration, software licensingupdates and security are now taken care ofby WorkPlaceLive which also hosts thecompany’s data in its highly secure UKdata centre, as well as providing DRservices and dedicated helpdesk support.

Net+ 1403 p8 (rwn) AM RN NEW.qxd 28/3/14 16:04

Net+ 1403 p9 (K3).qxd 28/3/14 15:26

Even as this article was being written,news emerged of yet another bigname organisation that had suffered a

massive IT security breach. This time it wassupermarket chain Morrisons which saidthat payroll data for around 100,000 of itsemployees (most of its workforce) had beenstolen and posted online. It’s suspected thatthe attack could be an inside job and thework of a lone hacktivist or disgruntledemployee. But regardless of who the perpetrator is and what their motive was,one thing is for sure: this certainly won’t be the last cyber attack we’ll ever see.

Make no mistake, the growing problem ofcyber crime threatens all of us and perhapseven the very fabric of society. Moreworryingly, Britain seems ill-equipped tofight it. Over the last few years, loud alarmbells have been sounding from government,industry and many others, warning aboutthe UK’s skills shortage in cyber securityexperts, not just today but also for thefuture. So how did things get so bad?

False sense of securityLike many of the experts we spoke to,Suzanne Fribbins, risk specialist with theBritish Standards Institute, points out thatIT networking has undergone a dramaticchange over the last few years. “Ten yearsago, most people did not have a mobilephone with internet access, tablets werenot widely used, Facebook was in itsinfancy, and no one had even consideredthe concept of cloud computing. All ofthese things have changed the way weconnect with the business network and

also the way we communicate.There arefairly recent statistics suggesting that 90per cent of the world’s data has beengenerated over the past two years alone[SINTEF research: Big Data – For Betteror Worse], and there has been an accelera-tion of devices with ever-increasing func-tionality. With the constant technologicalevolution, the threat landscape has changed,leaving things that were once secure nowno longer secure. Not surprisingly, it is achallenge to keep ahead of the range ofincreasingly sophisticated threats.”

Matt Middleton-Leal, regional directorfor UK and Ireland at CyberArk, supportsthis view, adding that the speed of changeand sophistication of the attackers hascaught organisations by surprise. “The factof the matter is that too many still rely ontraditional defences to protect their mostvaluable assets from attack. Businessesshould assume that it is a question of whenrather than if they will be targeted, andwith this in mind, turn their attention tolocking down all access to highly sensitiveinformation and applications.”

Last year, the Institution of Engineeringand Technology (IET) carried out a surveyof 250 SMEs to gain insight into currentcyber trends. Of the 250 firms questioned,only 14 per cent said cyber security threatswere the highest priority and believed thatthey already had sufficient skills andresources in place to manage the threat.

It therefore seems as if businesses seemeither lackadaisical about their cyberdefences or are quite literally labouringunder a false sense of security. Accordingto Bill Walker, technical director and

cyber security expert with IT trainingspecialist QA, the real issue is that manyorganisations don’t recognise they have acyber security problem that needs to besolved. “This often manifests itself in thestatement ‘no one would want to gainaccess to our systems or data – we don’thave anything valuable’. Virtually everyorganisation has some intellectualproperty that could be valuable if stolen,or it could be compromised if suchinformation got into the wrong hands.”

Thus, if organisations don’t think theyhave a problem with their security,they’re unlikely to actively recruit staffwho specialise in cyber crime. Arguably,that’s probably one of the biggest reasonswe now have a skills gap.

James Lyne, SANS Institute instructorand EMEA director, points out that anotherchallenge is the relatively immaturestructure and ‘professionalisation’ in theindustry. Many skilled people are either nottruly recognised, or those who have greatpotential end up in other lines of work.“There are systematic problems that leadto this which are slowly being addressed,but not quickly enough,” he says.

BCS, The Chartered Institute for IT, agreeshere. It adds that whilst a major componentof cyber security is information assurance(IA) – an area which has seen much invest-ment in training and education over the lasttwo decades – not enough had been donein the universities to have common cybersecurity modules. Nor were there adequateschemes to ensure that cyber/IA profes-sionals were recognised for their skills.

e-skills UK highlights yet more concerns.

In April 2013, it published its CareerAnalysis into Cyber Security: New andEvolving Occupations study. Project directorNigel Payne says this revealed severalworrying trends: “Firstly, the cyber securityworkforce is an aging one, with only sevenper cent of professionals currently under29. Secondly, there is a distinct lack ofdiversity, with just 10 per cent of thoseholding technical roles in the sector beingwomen. Finally, it showed that the oppor-tunities to enter the sector from general ITor non-IT roles have diminished over thelast decade. Employers today are recruitingfrom the same small pool of seasonedprofessionals, which will limit growth andinnovation in the sector in the long term.”

Some security experts are warning that the UK is facing a gap of about 15years where there will continue to be asignificant skills crisis. Citing a 2013National Audit Office report, Raj Samani,McAfee’s EMEA CTO, says that thenumber of people training for a career incyber security has not kept pace with thegrowth of the internet. “I recentlyexperienced this first hand. I was asked topresent at a university and was introducedto someone from a very prestigious firmwho was telling me that they had 150 openvacancies for cyber security professionals.This is an organisation that is a householdname, and one that is more than capableof paying competitive salaries. Thatexperience really brought home thenature of the shortage. Incidentally,another attendee at the event was a smallvendor that had over 11 positions openfor in excess of six months.”

cyber security register online @ www.networkingplus.co.uk NEW WEBSITE COMING SOON!

Why is the UK suffering from a skills shortage when it comes to the expertise needed tofight cyber crime? RAHIEL NASIR finds out and looks at what’s being done about it.

nn ee tt ww oo rr kk ii nngg march 2014 10

Will we ever be safe

in cyber space?

Net+ 1403 p10-13 (Cyber Security) AM RN NEW.qxd 28/3/14 14:50

Net+ 1403 p11 (C4L).qxd 31/3/14 10:06

Securing the futureSo what’s the answer? David Garfield, MDof cyber security at BAE Systems AppliedIntelligence, doesn’t necessarily agree thatorganisations have been apathetic. He saysthere is now a greater awareness on boardsthat cyber security is a corporate risk, butadds that the key challenge for them isidentifying what to do to address it. “Thereis a communications disconnect betweenthe executives and the non-executives, andthe IT departments and the CIOs, becausethey all speak in different languages.”

CyberArk’s Middleton-Leal concurs. Hesays security is no longer just the concern ofIT teams and that strategies need to be incor-porated into broader corporate initiatives:“CEOs should be educated in non-technicalterms to understand what is at stake andwhat is required. [They can then] allocate

the appropriate and necessary investmentto proactive security measures in order tokeep pace with the current threat level.”

Security vendor Lancope advisesorganisations to treat security as a businesscontinuity problem. “They are not in thebusiness to catch crooks, they are leveragingIT to enable the growth of the business,”says CTO Tim Keanini. “Incident responsefor instance should not be an IT securitything; it is a business continuity issue thatspans cross departmental coordination.Legal, PR, external law enforcement – allof these roles are important when you gethacked and a certain readiness is notoptional, it is required.”

He goes on to point out that whileeveryone needn’t be a security expert, thesuccess of any large complex system lies in the coordination and communication ofmultiple disciplines all working in

harmony towards a goal (even if that goalmay be horizontal in nature).

While all that could help address whatCyberArk said was the “current threatlevel”, what about the future of cybersecurity given today’s skills shortages?Clearly, dealing with the cyber threatneeds a concerted effort by all concerned.The SANS Institute’s Lyne says: “Weneed to simultaneously work toencourage and recognise the talentedindividuals that already exist (throughinternships, training and competitions orchallenges) and also develop new talent.

“Alongside longer term initiatives likeembedding better IT skills development andsecurity in to our curriculums at all ages, wealso need to act now and take advantage ofthose who have casually developed aninterest, or who have studied but can’t findthe right entrance to the industry.”

e-Skills UK recommends a combinationof things. Firstly, Payne says the teachingand careers advice young people receive inschools must showcase the opportunitiesavailable in cyber security in an “excitingand inspiring” way. Secondly, there shouldbe the provision of new entry routes into thesector which give professionals the skillscyber security employers are looking for.“Finally, we must make it easier for bothemployers and individuals to find relevant,high-quality training. This will help generalIT professionals enter the profession, andgive both them and current securitypractitioners a clear progression route.”

e-Skills is playing a big part in helpingto make all this a reality. In mid-March,the government announced that school-children as young as 11 will get cybersecurity lessons as part of plans outlinedin the Cyber Security Skills: BusinessPerspectives and Government’s NextSteps report. e-Skills will be involved indelivering a number of projects. Theseinclude: Key Stage 3 learning materialsand training for teachers (delivered inpartnership with Naace, the ICT ineducation association); employer-ledcyber security higher and advanced levelapprenticeship schemes; and a cybersecurity internship programme to enablestudents gain the work experiencedemanded by employers.

There will also be support, through theHigher Education Academy, for universitiesthat develop innovative proposals to improvecyber security teaching. For example,incorporating professional qualificationsinto degrees, getting businesses involvedin course design, as well as embeddingcyber security into software engineeringand computing degrees.

Other initiatives that e-Skills has beeninvolved with include the employer-backedCyber Academy that was launched in 2012.As part of this, it developed a computingcurriculum programme with input from BP,BT, CREST, Fujitsu, PwC and QinetiQwhich includes content on cyber securityfor Key Stage 4 pupils. This has alreadybeen taken up by more than 360 schools,and similar resources for Key Stage 5 willbe available from this September.

It is also working with the industry tooffer paid internships from summer 2014,supporting cyber security apprenticeshipswith employers such as Atos, BT, Cassidian(now known as Airbus Defence andSpace), CREST, IBM and QinetiQ, anddeveloping employer-backed degrees.

The vendor responseCyberArk believes that while perimeter-based protection plays an important role asa first line of defence, it is simply not up tothe job when faced with highly advancedand targeted attacks. Instead, it advocates alayered approach to security. “We help toeducate organisations around the threatposed by unmanaged privileged access,allowing them to manage and monitor allprivileged access in real-time, with theoption to intervene if necessary” saysMiddleton-Leal. “This not only eases theauditing process, but also crucially defendsthe heart of the enterprise against the threatfrom within as well as from external attack-ers looking for a ‘window of opportunity’.”

McAfee has been working with Queen’sUniversity Belfast to offer internships forMSc students, and has also been providinginput into the course content to ensure theskills taught are those sought by industry.

In addition, in 2013 it signed a five-yearcollaborative partnership with The BletchleyPark Trust and will sponsor an internationalCyber Security Exhibition and ComputerLearning Zone that features workshops to

cyber security




engage, inspire and educate visitors aboutthe ever-evolving cyber threat.

“Just as cyber criminals innovate, so dothe good guys – and not only in terms oftechnology,” says Samani. “Also, as anindustry we are working closer in terms ofstandards and information sharing. Thisextends to collaboration across the publicand private sectors, such as the Cyber-security Information Sharing Partnership(CISP) which was launched to helpgovernment and industry share informationand intelligence on cyber security threats.”

CISP is expanding and aims to double itsmembership to 500 by the end of 2014.This is a “significant and positive”development for staying ahead in the fightagainst cyber crime, according to BAESystems Applied Intelligence. “Traditionally,governments and industry have taken alargely sectoral approach,” says Garfield.“Where the CISP is unique is that it exploitsthe commonalities between differentsectors to share knowledge and raise threatintelligence maturity. Consequently, itallows a wider range of companies tobenefit from the cyber knowledge it shares.

“Information sharing with industry is akey priority for UK government. Now theactivity has been catalysed, it will be vitalthat it gains critical mass in terms of scaleand is seen as a core element of a holisticcyber response that offers an appropriatelevel of protection for UK companies.”

Applied Intelligence is contributinghere by using behavioural analytics tolook not just at what is happening todaybut to piece together activities over timethat, when joined up, look dubious. “Weare looking for suspicious behavioursbecause attackers are constantly changingtheir approach,” says Garfield. “While thetechnology is vital, we also need a humanmind to understand what is happening.”

Can the ‘good guys’ win?Of course, the same technologies andintelligence being leveraged by the ‘goodguys’ is also largely available to the cyberthieves. And while they also share the samescarcity of expert resources as the industrydoes, Lancope says it is becoming easierfor them to find talent. “Advancedcriminals knew that leveraging IT for theirbusiness was important for growth andsome would therefore recruit young hackers

for this activity,” says Keanini. “Now thingsare much different. Today, with experthackers selling their capabilities on the darkmarkets, any criminal with some crypto-currency in hand can buy the capabilitiesthey need to enter the cyber crime marketplace. They can piece together exploits,watering hole websites, DDoS attacks,custom malware, evasion techniques, untilthey get it just right. Heck, they can justbuy the credentials for some executive andnot even trigger any security events at all.”

So what chance do we have? QA reckonsthat at the end of the day, infosec expertswill probably always be one step behindthe hackers. While the cyber criminals areconstantly innovating in the ways that theygo about their business, security companiesand professionals are often just reacting tothe latest method that they discover. “Afterall, a virus scanner can only react to a

known signature, so a zero-day attack cancompromise these until an emergencyupdate is released,” says Walker.

He adds that the amount of effort youput into securing systems and data has tobe looked at in the context of what you areprotecting yourself against – i.e. it needs tobe proportional. “You lock your door whenyou leave home and no doubt ensure all thewindows are closed. So why don’t you putin armoured doors and have bars on allyour windows? Because you have done arisk assessment (although you neverprobably realised this as such) and haveapplied a proportionate response.

“So when you find a spate of threats inyour area you step up your security appro-priately, and in some parts of the world youwould want steel doors and bars on thewindows and a gated community. The samegoes with your systems. Know what you

have, know the likelihood of loss, knowthe consequences of a loss, and know whatto do if it happens. When you explain tothe board, shareholders, customers andpartners that you had not prepared for themajor cyber attack you have just had, it’sprobably time to clear your desk andcollect your P45 on the way out.”

So essentially it’s all about due diligence,best practices, being proactive, and engagingand educating all parties. Ultimately, it’salso all about protecting UK plc’s bottomline, according to Universities and ScienceMinister David Willetts. Speaking inMarch, he said countries that can managecyber security risks will have a clearcompetitive advantage: “By ensuring cybersecurity is integral to education at allages, we will help equip the UK with theprofessional and technical skills we needfor long-term economic growth.” �

cyber securityregister online @ www.networkingplus.co.uk NEW WEBSITE COMING SOON!


“With the constanttechnological evolution, thethreat landscape haschanged, leaving things thatwere once secure now nolonger secure.”Suzanne Fribbins, Risk specialist, British Standards Institute



off-the-shelf: security

Some of the latest security systems and platforms to help yousafeguard your network and IT assets.

EfficientIP reckons it’s come up with a“breakthrough” solution with what’s saidto be the industry’s first hybrid DNSengine to protect online services. It saysthat the SOLIDServer Hybrid DNS Engine(HDE) now gives organisations the abilityto “out-manoeuvre” DoS attacks.

According to EfficientIP, while most DNSservers run a single engine (such as ISC’sBIND), the HDE combines three enginesthat are all managed in one appliance. Itbelieves this approach provides greaterprotection as it eliminates a single point offailure following security alerts, creates acomplex security footprint, and enablesDNS engines to be switched to allow forpatching while another DNS engine takesover to protect service availability.

The HDE incorporates the BIND nameserver software and two other DNS tech-

nologies – Unbound and NSD from NLnetLabs. Unbound is a validating, recursive,and caching DNS resolver designed forhigh performance. NSD is an authoritativeonly, high performance name server offeringa more robust environment for defendingagainst a DoS attack. EfficientIP says thatseparating the authoritative and recursiveelements of the name server enginesignificantly reduces the risk of corruption.

“Having an active DNS engine, plus atleast one alternative ready for use,significantly reduces the risk of attack,while reducing management complexityfor administrators,” states the firm.

AlienVault has launched its first UnifiedSecurity Management (USM) virtualappliance. The platform is described as acollection of the “best” open source toolsfor asset discovery, threat detection,vulnerability assessment, behaviouralmonitoring and security intelligence.

The firm claims the new productreduces complexity, making it easy for acompany of any size to gain immediatesecurity capabilities in “just a few quicksteps” via an easy-to-use managementconsole. It adds that by offering bothphysical and virtual appliances, USMgives companies the flexibility to choosewhich unified security managementsolution is best for their environment.

The USM’s key features includecompatibility with VMware ESXi andProxmox virtual environments. It is saidto offer a simpler host-based intrusiondetection system (HIDS) for distributedenvironments, as well as enhanced and

centralised HIDS administration via aweb-based user interface. The platformalso enables continuous vulnerabilitymonitoring which, according to AlienVault,increases vulnerability detection accuracyand avoids network disruption.

The company is offering a free trial of USM via its website. It is also includingfree customer support and maintenance, aswell as a subscription to AlienVault LabsThreat Intelligence for the first year.

Ixia says that with complex applicationsand virtualisation on the rise, data centreoperators will need to validate their infra-structure to ensure it will perform andremain secure under peak loads withoutover-stressing resources. The firm claims ithas the solution in PerfectStorm.

Said to be the only system to offermodular scalability, PerfectStorm achievesnear terabit levels of mixed application andmalicious traffic to securely test allelements of a complex data centre.

It features a single 11Uchassis, and has beendesigned to enablecomprehensive data centrevalidation by seamlesslyunifying Ixia’s IxLoad andBreakingPoint softwareapplications into a singlesystem. The firm says thatthis enables it to deliver“unprecedented” datacentre testing performancewith almost a terabit of

traffic equalling 720 million concurrent TCPsessions at 24 million sessions per second.

Ixia says PerfectStorm can also handle960Gbps of blended application traffic,including more than 200 applicationprotocols and over 35,000 maliciousattacks. It is able to validate every elementof the data centre including security,storage, networking, voice and video.

The system offers actionable insight tounderstand how networks will react basedon real-world assessment of any data

centre weaknesses. It supportsthe latest connectivityoptions with 8 x 10Gbpsand 2 x 40Gbps interfacesper blade.

In addition, Ixiareckons PerfectStorm isthe highest performancedensity solution currentlyavailable, delivering whattypically requires morethan 25ft of rack space inan 11U form factor.

off-the-shelf

analyses file payloads inline as theytraverse the network. It aims to provideusers with the insights required toautomatically block malicious files andapply administrator-defined policies usingthe existing Cisco Web or Email Securityuser interface and similar frameworks.

File Sandboxing is said to use a highlysecure sandbox environment to analyse andunderstand the true behaviour of unknownfiles on the network. This allows AMP toglean more granular behaviour-basedinformation about the file, and combinethat with detailed human and machine

analysis toidentify a threat.

Cisco reckons File Retrospection solvesthe problem of malicious files that havepassed through perimeter defences but aresubsequently deemed a threat. It providescontinuous analysis, using real-time updatesfrom AMP’s cloud-based network to stayabreast of changing threat levels.

AMP is available as a standalone unit oras an integrated feature in the FirePOWERproducts originally developed by Sourcefire.

Cisco has added the Advanced MalwareProtection (AMP) system – originallydeveloped by Sourcefire which it now owns– into its content security product portfolio.

AMP is said to utilise the “vast” cloudsecurity intelligence networks of both

Cisco and Sourcefire. Instead of relyingon malware signatures – which can takeweeks or months to create for each newmalware sample – Cisco says AMP uses acombination of features to identify andstop threats. For instance, File Reputation

Threat detectors


Tufin Technologies has extended itsanalytic and orchestration capabilities“deeper and wider across the network”with the release of a new version of theTufin Orchestration Suite.

The suite consists of three products:SecureTrack enables IT to centrallymanage, track and analyse security policiesfor all network security devices includinghost-based and next-generation firewalls,routers, switches and load balancers.

SecureChange automates networksecurity change processes and proactivelyanalyses risks before changes are made.Tufin says this increases accuracy andenforces compliance policies across allnetwork security devices.

SecureApp allows users to manage thenetwork connectivity and security needsof their applications by orchestrating allapplication-related network changes fromdeployment through decommissioning.

Tufin Orchestration Suite, version R14-1features a number of key enhancements.

For example, Unified Security Policy, nowenables users to map out and manage theirdesired network security architecture. Tufinsays that in-depth data about zone-to-zonetraffic and policy restrictions improveschange management. Centralised alertingon all policy violations by level ofcriticality, with instant drill-down analysisfor rapid remediation, provides more in-depth and actionable network monitoring.

While SecureApp can already monitorapp connectivity and tell users when,where and why a connection is broken, itnow also provides ‘one click’ repair. Thiscan “dramatically reduce” connectivity-related downtime, according to Tufin.

Net+ 1403 p14-15 (Off the Shelf & Net Knowledge) AM RN NEW.qxd 28/3/14 15:07

BT will create more than a thousand newapprenticeship and graduate jobs in a majorrecruitment boost for UK youngsters.

The company aims to take on 300 top science, technology and businessgraduates from across the UK. Around730 apprenticeships will also be offeredto school and college leavers in the areas ofIT support, software design, engineering,finance and logistics.

Many of them will be based at BT’sresearch campus at Adastral Park nearIpswich in Suffolk. They will be able towork on a range of cutting-edge projects,including the future of wireless technologyand broadcasting, Big Data and the Internetof Things, as well as help pioneer newdevelopments in high-speed fibre net-works. Other posts available around thecountry include training as Openreachengineers, and in finance, customer serviceand business development roles.

BT has also pledged to provide up to1,500 vocational training and work experience placements for unemployed18-24 year-olds over the next 18 months.As part of Movement to Work – theemployer-led initiative backed by thegovernment and the Prince’s Trust – thefirm will offer placements of four toseven weeks, and link this into its futurerecruitment plans where possible.

BT has also created a new digital mediatechnology apprenticeship scheme that willprovide new recruits with experience andskills in web development, digital networks,digital TV and digital media distribution.

Spiceworks ‘revolutionises’the IT job searchSpiceworks has introduced a series ofresources which it says will help both ITprofessionals to further their careers andrecruiters to find candidates with specifictechnology expertise.

The company – which describes itself as“the professional network for IT” – claimsits new online profiles section enablesmembers to share their expertise moreeffectively by helping them highlight theskills and technologies they use to dotheir job. Spiceworks says the profiles gobeyond the traditional CV by allowingusers to share their expertise as they workon projects, the products and servicesthey’ve used, and their communitycontributions. They can add photos, videos,budget and geographic information, as wellas tag more than 40,000 catalogued ITproducts to bring their experiences to life.

Recruiters looking for qualified ITprofessionals can now post availablepositions to reach millions of members.

Spiceworks says its job board currentlyincludes hundreds of available positions,ranging from helpdesk support technicianto CIO. The company adds that with itsmember profiles and projects section,recruiters can now provide hiringmanagers with access to an ITprofessional’s portfolio of work, helpingthem understand the types of projectsthey’ve completed and the products andservices they’re familiar with.

NEW COURSESEducational Network Tapping Application– Open Networking FoundationThe Open Networking Foundation haslaunched ONF SampleTap, an open-sourcenetwork tapping app which aims to providean educational resource for programmers.The ONF says it selected network tapping

as this is “broadly understood and easilydeployable”. Its says the app will allowusers to get experience with OpenFlowwithout changing how they actually do theswitching and routing, since tappingdoesn’t use OpenFlow for forwarding.

ONF SampleTap is based on OpenFlow1.0 and runs on an OpenDaylight controller.ONF says its portable design makes itstraightforward to port to other networkoperating systems and support later versionsof OpenFlow. The foundation adds that theapp is not meant to serve as a commercialtapping product as these will be offered bya number of member companies such asCisco, HP, IBM, amongst others.

ONF SampleTap app uses the Apache2.0 open source licence, and will reside inthe ONF GitHub repository along with aforthcoming installation guide.www.opennetworking.org

Industrial Control Systems/SCADASecurity Essentials – SANS InstituteThe SANS Institute’s ICS410: ICS/SCADASecurity Essentials course is dedicated to equipping security professionals andcontrol system engineers with the cybersecurity skills needed to defend criticalnational infrastructure (CNI).

The five-day course will provide sessionson defending networks and devices againstattack, complemented by an understandingof protecting CNI. The programme will alsohelp delegates prepare for the new GlobalIndustrial Cyber Security Professional(GICSP) certification exam.

SANS ICS410: Industrial ControlSystems/SCADA Security Essentials will be held from 12-16 May at the KensingtonClose Hotel, London. Those who registerand pay before 1 April can qualify fordiscounted rates. www.sans.org/info/152932

network knowledgeregister online @ www.networkingplus.co.uk NEW WEBSITE COMING SOON!


BT to create newapprentice andgraduate jobs

Spiceworks says its member profiles (right) gobeyond the traditional CV (left). Users can addimages, video and geographic information, aswell as tag more than 40,000 cataloguedproducts to bring their work experiences to life.

Net+ 1403 p14-15 (Off the Shelf & Net Knowledge) AM RN NEW.qxd 28/3/14 16:54

Net+ 1403 p16 (Rocom).qxd 28/3/14 15:24

Hackers target public Wi-Fi to steal corporate data · 2014. 4. 16. · of a VPN when you’re...

Documents

Transcript of Hackers target public Wi-Fi to steal corporate data · 2014. 4. 16. · of a VPN when you’re...