SMB IT | Curtis Franklin » TAG: SMB Security

May 05, 2008 | Comments: (0)

After Interop...

TAGS: SMB Business Trends, SMB Security, SMB VoIP

So I'm back in the office and thinking about what I saw and heard at Interop. What do I think you should be thinking about?

 

1. Splunk

I've just begun really looking at this data-center correlation, indexing, and search tool, but I'm already excited about the possibilities. If you're trying to figure out how to get a handle on the data your IT processes generate, you should check out the free version of Splunk. It's a great tool, and the company has built a strong community to help you figure out how to use Splunk in your operations. I think I'm going to be blogging about this again in the future...

 

2. Ruckus

Watch the Test Center for a full review of Ruckus Wireless ZoneFlex products, but do check out this system. You'll see details when you read the review, but...dang. They do an awful lot right, especially for the SMB looking for a good wireless networking system.

 

3. NAC 2.0

I know why vendor companies are big on proprietary technologies, but good standards (note the word "good" in that last phrase -- it's critical) can make life so much easier for IT professionals trying to build a working system. NAC 2.0, from the Trusted Computing Group, promises to make life dramatically better for IT professionals who want to create a security system, as opposed to those who are stuck just trying to make an unrelated collection of components work in the same room. Several vendors have already begun building NAC 2.0 into their products, and I strongly suspect that the open source projects will be getting up to speed with this in the next couple of quarters. You may be a small company IT professional, but you can have some pull with vendors -- so use that pull to start asking when NAC 2.0 is going to show up in their software. You'll really like the results when it appears.

4. Unified Communications

A lot of the unified communication products I saw were aimed at the larger enterprise, but not all...I saw systems from companies like Cisco, Netgear, and D-Link that are aimed squarely at the SMB market. Further, I'm convinced that unified communications will have a much greater impact on the small business than on the huge enterprise, because they can completely change the way you deal with customers and partners. When you don't have to choose between working on-site and talking to prospects, your sales can truly skyrocket, and the impression that you give can change dramatically for the better. Watch this space, and don't be afraid to experiment -- things are going to move quickly, but the direction overall is great for SMBs.

 

There will be more this week -- there was a lot to see in Las Vegas, and a feeling at the conference that made me very optimistic about the state of the IT world right now.

Posted by Curt Franklin on May 5, 2008 12:37 PM

April 07, 2008 | Comments: (0)

The SMB Security Parfait

TAGS: SMB Security

I'm here in San Francisco, at the quiet first day of the RSA Conference, listening to a bunch of very smart people talk about computer and network security. There are a few things that pretty much everyone seems to agree on. The first of these is that the likelihood is great that something very, very bad could happen to the Internet and, by extension, a lot of the networks connected to the Internet, in the relatively near future. There is less agreement on precisely what form the attack will take, but there's no question that we've seen an awful lot of "proof of concept" attacks and vulnerability probing over the last three or four years. The question isn't whether there will be trouble -- it's what you, as a small business IT person, can do about it.

It's easy to say, "I can't protect the Internet", and at a certain level that's quite true. As small business folks, it's not up to us to keep the Internet's core routers patched and protected against attacks. To be honest, I'm pretty happy about that. I'm perfectly content to leave that job to other people. At another level, though, we can do a great deal to protect the Internet: We can keep our systems from being used to launch the massive attacks that have proven to be so devastating.

Bot networks have become incredibly sophisticated, moving control points around the Internet and successfully hiding their sleeper code until it's used to tremendous effect as part of a spam wave or malware attack. The best way to slow down one of these networks is to deny them soldiers -- to keep your systems from becoming part of the network. This, at last, is where the whole parfait concept comes in. Thanks for waiting.

One of my favorite scenes in the movie "Shrek" comes when Shrek is trying to tell Donkey just how complicated ogres can be. He tries using the analogy of on onion, but Donkey finally asks why he couldn't have used a parfait model instead. "Nobody don't like parfait," says Donkey. I've decided that Donkey is right. It's time to climb on board the Security Parfait bandwagon.

The idea, of course, is that you need multiple layers of security. There's nothing new about that, but I'm more convinced than ever that we need to spend far more time on the layer that exists between the security staff and users. Communication about how security is working, the nature of the threats that face the organization, and just how important it is for users to be active pieces in the security system, is critical to preventing problems launched by social networking. On the flip side, users need to feel much freer to tell security when pieces of the security infrastructure don't work, or cause so much difficulty for users that they're tempted to go around the security. Tbe bottom line is that security and end-users have to start thinking of one another as team-mates -- partners in the security layer -- rather than adversaries.

After you have the human layers working, the rest of the layers fall much more easily into place. In these technology layers, the multi-layer structure is important, not just because multiple layers are more difficult to penetrate, but because individual layers can be updated, modified, or swapped-out without toppling the entire structure. It's not just more secure -- it's more stable and long-lasting. More secure, more stable, longer lasting, and ultimately more cost-effective -- there's a reason that everybody likes parfaits.

Posted by Curt Franklin on April 7, 2008 02:06 PM

February 01, 2008 | Comments: (0)

SMB Business Continuity: Only One ISP?

TAGS: SMB Security

Early this week I wrote about the importance of backing up your business data. The "Backup" meme continues through the week with news of another sort -- network failures on a grand scale. First we hear that the Middle East is off the Internet, apparently because someone dropped an anchor on a critical undersea cable, and then comes word that AT&T's EDGE network fell off the edge in the Southeast and Midwest for large parts of Thursday's business day.

Most of us don't need to manage and maintain undersea cables, and it's not like you can easily move your Blackberry from network to network, but failures like these point out that too many of us have single points of failure where they're unnecessary. Think about your ISP: do you have a backup in case they have significant trouble? The router in many offices has a provision for fail-over, and sometimes that function has even been correctly programmed, but does it go to another node of the same ISP's network? If so, you're not getting the protection you want. If your ISP suffers a failure in their core routers, you could be left with no access if your fail-over hits those same routers.

Many ISPs offer low-cost plans at low bandwidths, and low bandwidth may be enough to keep your business limping along until your primary ISP makes repairs. Don't be afraid to look to cable companies or the phone company's DSL provisions as reasonably-priced backups for a higher-dollar commercial data line. Once you have the backup provisioned, remember that you need to test the fail-over at least twice a year so you know that it works -- and what it's limitation are.

"Business Continuity" as a discipline tends to focus on large enterprises, but the fact is that most small businesses have a much thinner margin of error than the big corporations. Spending a little time and a little money can help make sure that your business is still around on the far side of the next problem that hits your corner of the Internet.

Posted by Curt Franklin on February 1, 2008 07:05 AM

January 27, 2008 | Comments: (0)

SMB Security: A Harsh Lesson

TAGS: SMB Security

OK, so when you watch this video segment it's going to be obvious that a highly vindictive individual did very bad things, and I'm sure that there will be punishment:

Watch the CNN video

With that said, I was struck by the notion that any individual sitting at a single workstation could erase seven years worth of data. What about backups? What about off-site storage? What about reasonable file-access policies based on job requirements?

Today, even the smallest business can go to an office-supply store and get a USB-attached hard disk for quick backup. If you haven't backed up your critical data files, then make a system backup this week's top priority. Get the drive, back up your files, and then take the drive away from your office. If a disaster strikes your business, then being able to access your files later could make the difference between staying in business or going to work for someone else. Take a clue from the folks in the video -- backup your files today.

Posted by Curt Franklin on January 27, 2008 08:09 PM

May 24, 2007 | Comments: (0)

SMB Tech News Today; INTEROP Day 4

TAGS: SMB Applications, SMB Security, SMB Tech News Today, SMB VoIP

I'm out of here in a few hours, and I'm one of the few press nerds who stayed this long. As a result, they're aren't many brand-spanking-new today press announcements this late in the show. So here are a few more SMB news bits from earlier this week.

* Netgear into SMB hardware spewage, too. I blogged on how D-Link was spewing out new SMB hardware, but they're not the only ones. Netgear is pumping out new products, too. They've got a new ProSafe Wireless Switch (OEM partner is rumored to be Trapeze who do this REALLY well), they hyper-COOL ReadyNAS that Negear got off its Infrant acquisition (this thing is fast, does 1-3TB and can be setup by almost anyone, tho probably not Sasquatch Venezia) and they announced a partnership with Avaya to provide a custom end-to-end VoIP bundle to SMB customers via their reseller channel. Not to mention some new stackable gigabit switches, updated WiFi access points and some other goodies.

* Samsung does SMB voice comm appliance. The family is the OfficeServ line and has both 7100 & 7200 model numbers. Basic specs for both are complete voice-in-a-box. VoIP and/or POTS, wired or wireless handsets, voicemail, PBX functions and even some unified messaging features like syncing vmail with users' Outlook inboxes. To be available near the end of Summer 2007. Price is apparently TBD.

* Raritan shows off new KVM super-box. These guys make some of the best keyboard/video/mouse (KVM) controllers in the biz. The new Dominion KX II does KVM over IP, has a new browser config/mgmt UI, a slick new virtual KVM desktop and supports things like remote USB on managed end points. Way cool, and they're even offering a trade-in discount program for existing Raritan customers.

* Wedge does SMB security appliance. It's called the BeSecure NDP-2040NX. Does gigabit-level networking, scans for AV and AM, does deep packet inspection, handles mucho protocols, etc. Real sweet little box with a price that's nice, tho most likely more for the MB set.

Posted by Oliver Rist on May 24, 2007 09:46 AM

May 21, 2007 | Comments: (0)

Interop: Two-Factor Coolness from Positive Networks

TAGS: SMB Security

Purty cool for the SMB set. Positive Networks is a managed VPN provider. On that front they're launching a new reseller program that's aimed directly at SMB tech providers. But to make it sexy, they introed a new two-factor authentication feature.

Using your cell phone.

It's neat. Instead of having users carry a smart token, Positive's new PhoneFactor deal waits for an auth request (and not just using Positive's VPN service; this works with any VPN platform). When it gets the request, it clicks back to a server managed by Positive that matches the user request with a supplied phone number. The phone number gets called and a keyed response is required to make sure you're on your phone.

Typically, this is a single key, which makes for the two-factor label. But if you like, you can implement a PIN number per user, actually extending the process to three-factor. It's also not a cell phone-only platform. Positive says some of their early users are aiming them at desktop phones, thus making sure that users at remote sites are at their desk when the VPN is accessed.

Best news: It's free. For the average SMB it's a no-cost. For enterprises that want to manage the whole thing themselves, there will be premium enterprise modules.

I'm sure the thing is hackable via cell phone spoofing or something equally sophisticated, but it would be a highly involved process. Overall, for day-to-day SMB use, I think it's highly usable provided it works as advertised.

Regarding Positive Networks' new channel program, the company introduced it specifically to attract smaller technology providers. Especially those who are short on staff and looking for ways to add more billable hours with little additional work overhead. The program has three partner levels, but the nice thing there is that it's not looking to qualify potential partners based on some expensive certification process. That's mainly because Positive will continue to provide level 1 support, thus making deep knowledge on the reseller's part unnecessary.

Instead, what they're looking for is a customer base and target that consistently ask for or require VPN service--and are willing to pay for it. That's a MUCH more attractive partner filter for smaller technology partners. For more specifics on the new program, check here.

Posted by Oliver Rist on May 21, 2007 04:29 PM