With all the hype around running out of IPv4 address space you'd think it'd be easy to find resources to help you move to IPv6.
I've already talked in previous posts about how the Blue Coat ProxySG serves as an IPv4 to IPv6 proxy, but I haven't found much other information about getting to IPv6 until I came across this post on Cisco's Blog by Phil Remaker.
Remaker includes a lot of good links to resources for those who don't know where to begin with IPv6.
Thursday, February 24, 2011
Wednesday, February 23, 2011
Hardware Comes Quietly Into the Night
I'm not sure why, but hardware vendors seem to be loathe to talk about new hardware offerings. In part I think it's because they're afraid if their competitors find out they'll use the opportunity to push their hardware thinking the customer will be forced into some forklift upgrade. While some competitors may see it that way, I'd tend to think most would be smart enough to realize that new hardware doesn't always signal the end of the old hardware. Typically older hardware still has some life in it, and vendors tend to allow their customers to renew support on older hardware for some period of time (otherwise, they'd have some pretty unhappy customers).
But even so, every major proxy vendor introduced new hardware in the last year without much fanfare. Blue Coat last year announced new low end platforms, the ProxySG 300 and ProxySG 600, a desktop and a 1U rack mount unit. The two new platforms now offer booting from a solid state device, for better reliability along with built in hardware SSL acceleration.
Cisco updated its high-end S-series hardware introducing a S370 and S670 platform. Both appear to be just hardware revisions of the S360 and S660 that they replace. McAfee finally took the opportunity to get off of their Dell based hardware and replace it with Intel based chassis hardware, given their recent acquisition announcement by Intel. The low end WW500 and WW1100 finally get replaced by the WG4000 and WG4500, lining up with the WG nomenclature already used by their higher-end siblings.
Even Websense introduced a new V5000 and new V10000, dubbing them the V5000 G2 and V10000 G2. No major differences in the specs were discernable, so either a cost reduction or simply update to currently available hardware.
So here's to new hardware across the board. Too bad we didn't get a bigger news splash from the vendors themselves.
But even so, every major proxy vendor introduced new hardware in the last year without much fanfare. Blue Coat last year announced new low end platforms, the ProxySG 300 and ProxySG 600, a desktop and a 1U rack mount unit. The two new platforms now offer booting from a solid state device, for better reliability along with built in hardware SSL acceleration.
Cisco updated its high-end S-series hardware introducing a S370 and S670 platform. Both appear to be just hardware revisions of the S360 and S660 that they replace. McAfee finally took the opportunity to get off of their Dell based hardware and replace it with Intel based chassis hardware, given their recent acquisition announcement by Intel. The low end WW500 and WW1100 finally get replaced by the WG4000 and WG4500, lining up with the WG nomenclature already used by their higher-end siblings.
Even Websense introduced a new V5000 and new V10000, dubbing them the V5000 G2 and V10000 G2. No major differences in the specs were discernable, so either a cost reduction or simply update to currently available hardware.
So here's to new hardware across the board. Too bad we didn't get a bigger news splash from the vendors themselves.
Friday, February 11, 2011
Has Network Security Stood Still For 15 Years?
In this recent article on The Inquirer discusses Nir Zuk's assertion that that the corporate world is still protecting its networks with core security technology that dates back to 1995.
Nir Zuk is generally credited with creating stateful inspection technology, the first commercially viable firewall, and the world's first intrustion protection system (IPS).
Zuk's argument was that all web applications are dangerous, even big enterprise ones like WebEx and Microsoft Sharepoint and that today's security vendors can only secure web and email traffic rather than crucial applications like Facebook, Skype, LinkedIn and Twitter.
But contrary to his argument if you visit any of the big web security vendors, all of them are talking about web application control. As applications move to the web, we're seeing the traditional web security vendors moving to control web applications, and this trend is likely to continue. While Zuk is correct that the traditional network security vendors aren't protecting the users when they use web applications, at least the traditional web security vendors appear to offer that protection today.
Blue Coat has been touting "application visibility and control" since their Packeteer acquisition a few years ago, and specifically mentions the ability to block Facebook games without blocking Facebook, something Zuk mentions can't be done with a network security vendor. Cisco, likewise just recently announced the same tag line of "application visibility and control" by adding in additional knobs to their AsyncOS 7.0 for social media including Facebook.
So even if your network security is from 1995, just make sure your web security comes from one of the leading web security vendors.
Nir Zuk is generally credited with creating stateful inspection technology, the first commercially viable firewall, and the world's first intrustion protection system (IPS).
Zuk's argument was that all web applications are dangerous, even big enterprise ones like WebEx and Microsoft Sharepoint and that today's security vendors can only secure web and email traffic rather than crucial applications like Facebook, Skype, LinkedIn and Twitter.
But contrary to his argument if you visit any of the big web security vendors, all of them are talking about web application control. As applications move to the web, we're seeing the traditional web security vendors moving to control web applications, and this trend is likely to continue. While Zuk is correct that the traditional network security vendors aren't protecting the users when they use web applications, at least the traditional web security vendors appear to offer that protection today.
Blue Coat has been touting "application visibility and control" since their Packeteer acquisition a few years ago, and specifically mentions the ability to block Facebook games without blocking Facebook, something Zuk mentions can't be done with a network security vendor. Cisco, likewise just recently announced the same tag line of "application visibility and control" by adding in additional knobs to their AsyncOS 7.0 for social media including Facebook.
So even if your network security is from 1995, just make sure your web security comes from one of the leading web security vendors.
Thursday, February 10, 2011
Blue Coat's Cloud Announcement
Blue Coat made an announcement this week that they were introducing a new cloud service, and would be demonstrating it at RSA next week. Their new service offering is provides another alternative to web security. While many enterprises will probably decide to stick with their web proxies, it's likely many smaller companies may choose cloud offerings for web security, due to the lower maintenance requirements and technical expertise necessary within their own organizations to deploy a cloud offering.
The big advantage to Blue Coat's offering is they bring a big name to this type of cloud service. Blue Coat's already well known for the secure web gateway appliances offering threat protection for web users, and that same protection is now available as a cloud offering.
Other choices in this area are Zscaler and ScanSafe (acquired by Cisco). It will be interesting to see how Blue Coat's offering compares, and whether companies will move to the cloud or stick with their appliances and proxies.
The big advantage to Blue Coat's offering is they bring a big name to this type of cloud service. Blue Coat's already well known for the secure web gateway appliances offering threat protection for web users, and that same protection is now available as a cloud offering.
Other choices in this area are Zscaler and ScanSafe (acquired by Cisco). It will be interesting to see how Blue Coat's offering compares, and whether companies will move to the cloud or stick with their appliances and proxies.
Thursday, February 3, 2011
One more on Reputation
As I continued my daily scanning of articles relevant to proxies, I found yet another article on why reputation doesn't work because of IP address space. A company moving datacenters found their reputation went down and were considered spammers because they had to pick up a new IP address space in their new datacenter, and of course the IP address space was previously used by spammers.
Note: It took Ironport 7 days to rectify the situation in their reputation database. A sure sign that reputation isn't a good way to go when trying to determine threat levels, at least when it takes that long to fix a problem.
Note: It took Ironport 7 days to rectify the situation in their reputation database. A sure sign that reputation isn't a good way to go when trying to determine threat levels, at least when it takes that long to fix a problem.
Spammers Grab IP Space Assigned to Egyptian President's Wife
Incredibly just hours after I published the post on why reputation is becoming less relevant due to the runout of IPv4 address space, I read this article on eWeek talking about the hijack of IPv4 address space.
Here's the excerpt:
It's another indication that reputation as I mentioned is going to be less relevant. Hackers were able to take over IP address space with a good reputation in order to accomplish their bad deed of sending spam.
Here's the excerpt:
Spammers have control of thousands of IP addresses assigned to the wife of Egyptian President Hosni Mubarak and the science center that bears her name. According to the Spamhaus Project, spammers hijacked IP addresses assigned to Suzanne Mubarak and the Suzanne Mubarak Science Exploration Center. The move is typical of spammers trying to get their hands on Internet address space that has not been blacklisted, security pros told eWEEK. “Spammers hijack IP address space to be able to use IPs that are not…listed as having been used for spam, so that their spam has a greater chance of being delivered,” said Mike Geide, senior security researcher for Zscaler. “IP address hijacking by spammers does occur regularly. It also occurs on occasion from accidents/misconfigurations."
It's another indication that reputation as I mentioned is going to be less relevant. Hackers were able to take over IP address space with a good reputation in order to accomplish their bad deed of sending spam.
Is Reputation Even Less Relevant Today?
With the news that the IPv4 addresses have run out, another nail is put in the coffin of using reputation ratings for fighting malware and threats. Why? It's simple. In addition to the fact that hackers are attacking and inserting threats in sites that have good reputations, there's the fact that the lack of IPv4 address space is going to drive people to reuse old IPv4 address space where ever it's available.
If you're one of the unlucky ones to get an old IPv4 address that previously hosted malware it's likely you're also inheriting the reputation rating of the previous web site. The more this happens, the more quickly you'll see reputation ratings use start to decrease. While we may still find some use for reputation ratings, I believe you'll find it will have a less impact in determining the threat rating on a site. Threats really need to be analyzed in real time as new threats can come up at any time and at any web site.
If you're one of the unlucky ones to get an old IPv4 address that previously hosted malware it's likely you're also inheriting the reputation rating of the previous web site. The more this happens, the more quickly you'll see reputation ratings use start to decrease. While we may still find some use for reputation ratings, I believe you'll find it will have a less impact in determining the threat rating on a site. Threats really need to be analyzed in real time as new threats can come up at any time and at any web site.
Wednesday, February 2, 2011
No More IPv4 Addresses
Network World reported this week, we've officially run out of IPv4 addresses. I reported back in January that we'd run out of IPv4 addresses in a matter of weeks, and that prediction has come true.
So there's no time like the present if you haven't already investigated IPv6, and what you'll need to do to transition your network to support IPv6. As a reminder there are IPv6 proxies available to help this migration, basically a seamless way to pass traffic between IPv6 and IPv4 networks.
So there's no time like the present if you haven't already investigated IPv6, and what you'll need to do to transition your network to support IPv6. As a reminder there are IPv6 proxies available to help this migration, basically a seamless way to pass traffic between IPv6 and IPv4 networks.
Subscribe to:
Posts (Atom)
Posts
