Xprimo

  • Increase font size
  • Default font size
  • Decrease font size
Home Technology
Technology articles

Security in the cloud

E-mail Print PDF

Some raw concepts about security in the clouds, taken form a conference I attended in Washington DC

These are big picture ideas the panelist shared.

 Where the data resides?

The essence of cloud computing is Virtualization, the core of Virtualization is the hypervisor, what if it is compromised?

Cloud providers use premade OS what if the OS is tainted

 Clouds are multi tenancy systems, other customers could lead to intrusion or be the intruders.

 Who owns the data, it is not clear or at least it is not regulated

 Cloud providers work at the Petabyte level, is it possible to keep up with the traffic.

Can they properly administer the amount of images they deal with

 We need to understand that we are outsourcing security

 You are also buying cyber security operations, do they comply, do they share the protocols and policies you require about security?

 DOD is focusing in private clouds, public cloud is a bridge too far.

 DOD sees too many challenges at the operations level, remember all corporate network challenges also apply to the cloud model.

 We need a security profile on a service by service basis, there is no such thing as a global security protocol.

 Cloud providers do not provide the adequate security, they are working on it, but it proved to be very expensive.

 The infrastructure should be built around security we are not there yet.

 51% of the companies interviewed are not going to the public cloud computing model due to security concerns.

49% think the technology is immature

 Government have a lot of Cloud computing initiatives but they are not implementing yet.

 There are no standards, no compliance HIPAA SOX404, etc.

 Security is a journey not a destination

 Security is about risk management

 No one is really using the cloud, the number of users is way lower than the perception, and this is because of security concerns.

 Cloud services in collocations are more expensive in the long run than building them yourself

 DOD thinks we have 5 years to do research and to perfect the public cloud computing model, no government agency will use it before that.

 There is one exception, government and governmental agencies in general have tons of public data, public clouds are good for that purpose.

 They defined the cloud as science fiction not fantasy, when asked about the difference, they said science fiction means it is possible but in the future.

 Risk can be accepted, mitigated or transferred

 Remember the cloud is also a single point of failure

 Everything is commerce driven and they will be always security issues

 What works now in terms of security will not necessarily work on the new model, it is not about technology is about the human element, security is about the men element, security issues are human issues, they are man driven.

 A DOD problem is how to transform and secure legacy apps into virtualized web based systems.

 Public clouds need time to mature, we need time to develop new standards based on lesson learned, early adopters will become the case studies.

 DOD see information based on a need to share and not on a need to know model. Is not who owns the data but what do you do with it.

 Cloud computing is the industrialization of IT, we are putting the IT infrastructure on the Internet

 Cloud computing model

SAAS – Software as a service

PAAS – Platform as a service

IAAS – Infrastructure as a service

 Best model right now, Public data goes to the public clouds, private data goes to the private cloud

 As we create bigger systems, we create bigger targets

 Connecting systems between clouds is a major challenge due to the lack of standards

We need more expertise

 Do not open your Active Directory to the cloud!

 In the cloud there are no boundaries, no certainty where data resides, when they cross boundaries, who has access.

Your data can be stored and managed overseas

 Government expect to have an open security model by 2012

 Analyzing security in the cloud just from the data flow angle require database sizes that reach unmanageable levels

 Scaling is a big issue

 DOD proactive security approach means using modeling scenarios through simulation

 Cyber security evolve at the speed of policy and not at the speed of knowledge.

 Information assurance is a technical issue not a policy one.

 There are no defined metrics in public cloud computing, there are no standards to evaluate risk parameters

 There is no transparency no regulated security protocols, no audits.

 Governmental agencies have no idea how to address compliance

 This is a paradigm shift, the idea is to embrace the technology, but a new model needs to be developed.

Add new comment
Last Updated on Thursday, 27 May 2010 21:16
 

Disaster recovery concepts

E-mail Print PDF

Disaster recovery

 

Concept

There are many different approaches to a continuity of operations solution.

The one that makes the most sense for us is one that not only provides the redundancy to the network but at the same time increase its functionalities.

We are constantly growing and we need to develop a platform that has room for future expansion.

We use many services that are critical for their operation, such as email, SharePoint, payroll, accounting in general, file system and others.

We intend to design a system that provides an immediate solution if one or more services in the network become unavailable.

 

We explored many systems and found that many of the solutions include one or many of the following issues

 

Involve alternate systems unfamiliar to the users, requiring routine drills to make sure everybody understand what to do during downtime.

Requires a new username and password

New Internet addresses or alternate Intranet sites to group the new links

 

The security protocols of the vendors providing these services are usually not disclosed and are not legally regulated yet.

 

Other approaches allow using the same credentials but require sharing Active Directory with third parties, and exposing it to the Internet

During the crisis all email traffic and storage is redirected to the alternate sites. Once the crisis is over data stored in the alternate sites needs to be reeled down back to the HQ servers.

 

Cold sites cost nearly as much as production sites but are seldom used and do not represent a plus for network performance and require IT resources.

Require routine tests to prove its full functionality

They need to be patched and administered just like production environments

 

Our approach

We use a cluster approach, not just having a disaster recovery site but doubling the available resources of the company.

SharePoint and Exchange were designed to work this way (server farms), traffic is routed based on availability, short path, fastest path or any combination that prove to be more efficient.

It doesn’t matter if one of the networks is not available the traffic will automatically be routed to the available server, same link, same username, same interface.

During normal operations we improve the performance of the networks for the users in HQ and the field.

We do not open AD, since we link both sites via a private Point to Point connection.

The new network add some complexity to the operation but once it is configured it provides additional resources the IT staff can benefit from , like moving resources from one network to the other based on need or performance.

Test security patches in an idling server before trying them on the production ones.

The acquisition of the UCS is the first step towards the implementation of this model. Virtualized servers can easily be moved or replicated.

Since the UCS was designed as a truly private cloud computing platform, it has built in functionalities that allow managing one or more systems without additional complexities, and precisely these capabilities allow us to manage both system without the need of additional resources or skills.

Add new comment
Last Updated on Friday, 14 May 2010 13:46
 

Cassini's continued mission

E-mail Print PDF

Cassini's continued mission

NASA's Cassini spacecraft is now a nearly a year into its extended mission, called Cassini Equinox (after its initial 4-year mission ended in June, 2008). The spacecraft continues to operate in good health, returning amazing images of Saturn, its ring system and moons, and providing new information and science on a regular basis. The mission's name, "Equinox" comes from the upcoming Saturnian equinox in August, 2009, when its equator (and rings) will point directly toward the Sun. The Equinox mission runs through September of 2010, with the possibility of further extensions beyond that. Collected here are 24 more intriguing images from our ringed neighbor.

This natural color mosaic was acquired by the Cassini spacecraft as it soared 39 degrees above the unilluminated side of Saturn's rings. Little light makes its way through the rings to be scattered in Cassini's direction in this viewing geometry, making the rings appear somewhat dark compared to the reflective surface of Saturn (120,536 km/74,898 mi across). The view combines 45 images taken over the course of about two hours, as Cassini scanned across the entire main ring system. The images in this view were obtained on May 9, 2007 at a distance of approximately 1.1 million kilometers (700,000 miles) from Saturn. (NASA/JPL/SSI)
 

2
Pan, a small ring-embedded moon (28 km/17 mi wide) coasts into view from behind Saturn. The view of the rings is distorted near Saturn by the planet's upper atmosphere. The view was acquired at a distance of approximately 1.8 million km (1.1 million mi) from Pan. Image scale is 11 km (7 mi) per pixel on Pan. (NASA/JPL/SSI) #

3
Rhea (1,528 km/949 mi wide) drifts in front of Saturn. The view was acquired at a distance of approximately 576,000 km (358,000 mi) from Rhea. Image scale is 3 km (2 mi) per pixel. (NASA/JPL/SSI) #

4
Cassini peers through Saturn's delicate, translucent inner C ring to see the diffuse yellow-blue limb of Saturn's atmosphere. The image was taken on April 25, 2008 at a distance of approximately 1.5 million km (913,000 mi) from Saturn. Image scale is 8 km (5 mi) per pixel. (NASA/JPL/SSI) #

5
Rhea passes in front of Saturn's larger, hazy moon Titan (which is lit from behind by the sun) in June of 2006. (NASA/JPL/SSI) #

6
This mosaic of two Cassini images shows Pan and Prometheus creating features in nearby rings. Pan (28 km/17 mi wide), in the Encke Gap at left, is trailed by a series of edge waves in the outer boundary of the gap. Prometheus (86 km/53 mi wide) just touches the inner edge of Saturn's F ring at right, and is followed by a series of dark channels in the ring. The view was obtained at a distance of approximately 1.2 million km (746,000 mi) from Pan and Prometheus. Image scale is 7 km (5 mi) per pixel on both moons. (NASA/JPL/SSI) #

7
This image was taken during Cassini's close approach to the moon Iapetus in Sept. 2007. The image was taken on Sept. 10, 2007 with the Cassini spacecraft wide-angle camera at a distance of approximately 3,870 km (2,400 mi) from Iapetus. Image scale is 230 meters (755 feet) per pixel. (NASA/JPL/SSI) #

8
Cassini tracks the shepherd moon Prometheus as it orbits Saturn. Prometheus is just about to pass behind the planet, and a faint streamer of ring material lies below and to the right of Prometheus (86 km/53 mi wide), in the faint, inner strand of the F ring. The view was acquired at a distance of approximately 1.3 million km (804,000 mi) from Prometheus. Image scale is 8 km (5 mi) per pixel. (NASA/JPL/SSI) #

9
Saturn's high north is a seething cauldron of activity filled with roiling cloud bands and swirling vortices. A corner of the north polar hexagon is seen at upper left. The image was taken on Aug. 25, 2008 at a distance of approximately 541,000 km (336,000 mi) from Saturn. Image scale is 29 km (18 mi) per pixel. (NASA/JPL/SSI) #

10
Numerous stars provide a serene background in this view of Enceladus captured by the Cassini spacecraft while the moon was in eclipse, within Saturn's shadow. The view looks up at Enceladus' south pole. The image was taken on Oct. 9, 2008 at a distance of approximately 83,000 km (52,000 mi) from Enceladus. Image scale is 5 km (3 mi) per pixel. (NASA/JPL/SSI) #

11
In this image of the F ring, taken shortly after its ring particles encountered the shepherd moon Prometheus, the disruption to the ring caused by the moon is evident. The bright core of the ring and its neighboring faint strands show kinks where the moon's gravity has altered the orbits of the ring particles. The image was taken on Oct. 23, 2008 at a distance of approximately 444,000 km (276,000 mi) from Saturn. Image scale is 2 km (1 mile) per pixel. (NASA/JPL/SSI) #

12
Dark irregular patterns dot the bright outer B ring just left of the large Huygens Gap in the center of this image from Cassini. Cassini scientists speculate that these features are likely the result of transient gravitational clumping. The outer edge of the B ring is anchored and sculpted by a powerful gravitational resonance with the moon, Mimas (396 km/246 mi wide). The mutual gravity between particles may pull them into clumps as they are periodically forced closely together by the action of Mimas. The image was taken on Dec. 8, 2008 at a distance of approximately 710,000 km (441,000 mi) from Saturn. Image scale is 4 km (2 mi) per pixel. (NASA/JPL/SSI) #

13
The terminator engulfs Penelope (foreground), one of the largest craters on Saturn's moon, Tethys. The image was taken on Nov. 24, 2008 at a distance of approximately 62,000 km (38,000 mi) from Tethys. Image scale is 366 meters (1,202 feet) per pixel. (NASA/JPL/SSI) #

14
Against a background of muted atmospheric bands in Saturn's northern hemisphere, Mimas forges onward in its orbit around the Ringed Planet. Aside from the large crater Herschel, all features on Mimas are named after people and places in Arthurian legend or the legends of the Titans. In fact, the largest crater near the terminator in this view is named Arthur (64 km, 40 mi across). The image was taken on Nov. 26, 2008 at a distance of approximately 915,000 km (569,000 mi) from Mimas. Image scale is 5 km (3 mi) per pixel. (NASA/JPL/SSI) #

15
Small, battered Epimetheus before Saturn's A and F rings, and and smog-enshrouded Titan (5,150 km/3,200 mi wide) beyond. The color information in the colorized view is artificial: it is derived from red, green and blue images taken at nearly the same time and phase angle as the clear filter image. This color information was overlaid onto a previously released clear filter view in order to approximate the scene as it might appear to human eyes. The view was acquired on April 28, 2006, at a distance of approximately 667,000 km (415,000 mi) from Epimetheus and 1.8 million km (1.1 million mi) from Titan. The image scale is 4 km (2 mi) per pixel on Epimetheus and 11 km (7 mi) per pixel on Titan. (NASA/JPL/SSI) #

16
Half an hour after Prometheus tore into Saturn's F ring, Cassini snapped this image just as the moon was creating a new streamer in the ring. The dark pattern shaped like an upside down check mark in the lower left of the image is Prometheus and its shadow. The potato shaped moon can just be seen coming back out of the ring. The moon's handiwork also is apparent in two previous streamer-channel formations on the right of the image. The darkest streamer-channel stretching from the top right to the center of the image shows Prometheus' previous apoapse passage about 15 hours earlier. Prometheus (86 km/53 mi across) dips into the inner edge of the F ring when it reaches apoapse, its farthest point from Saturn. At apoapse, the moon's gravity pulls out particles of the ring into a streamer. As Prometheus moves back toward periapse - its orbit's closest point to the planet - the streamer gets longer. Then, as Prometheus moves back toward apoapse, the streamer breaks apart which results in a dark channel. This streamer-channel cycle repeats once every orbit. The image was taken on Jan. 14, 2009 at a distance of approximately 555,000 km (345,000 mi) from Saturn. Image scale is 3 km (2 mi) per pixel. (NASA/JPL/SSI) #

17
This bizarre scene shows the cloud-streaked limb of Saturn in front of the planet's B ring. The ring's image is warped near the limb by the diffuse gas in Saturn's upper atmosphere. The image was taken on June 24, 2008 using a spectral filter sensitive to wavelengths of infrared light, at a distance of approximately 657,000 km (408,000 mi) from Saturn. Image scale is 4 km (2 mi) per pixel. (NASA/JPL/SSI) #

18
Cassini looks toward Rhea's cratered, icy landscape with the dark line of Saturn's ringplane and the planet's murky atmosphere as a background. Rhea is Saturn's second-largest moon, at 1,528 km (949 mi) across. Images taken using red, green and blue spectral filters were combined to create this natural color view. The images were acquired on July 17, 2007 at a distance of approximately 1.2 million km (770,000 mi) from Rhea. Image scale is 7 km (5 mi) per pixel. (NASA/JPL/SSI) #

19
This image of Saturn's rings and the shadow of nearby Mimas was taken on April 08, 2009. The rings are now oriented nearly edge-on toward the Sun, and very long moon shadows frequently drape across them. Interesting to note in this image are the various jagged shadows along the outer edge of the B ring. Scientists are closely studying this phenomenon now, and a preliminary hypothesis suggests that the shadows are of clumpy, disturbed ring material, stretching up to 3 km above the ring plane - contrasted with an estimated normal ring thickness of only 10 meters or so. (The ring-shaped mark at right is a camera artifact) (NASA/JPL/SSI) #

20
Cassini peers through the fine, smoke-sized ice particles of Saturn's F ring toward the cratered face of Mimas (396 km/246 mi wide). The F ring's core is dense enough to completely block the light from Mimas. The image was taken on Nov. 18, 2007 at a distance of approximately 772,000 km (480,000 mi) from Mimas. Image scale is 5 km (3 mi) per pixel on the moon. (NASA/JPL/SSI) #

21
Gray Mimas appears to hover above the colorful rings. The large crater seen on the right side of the moon is named for William Herschel, who discovered Mimas in 1789. Images taken using red, green and blue spectral filters were combined to create this natural color view. The images were acquired on Sept. 9, 2007 at a distance of approximately 3.151 million km (1.958 million mi) from Mimas. Image scale is 19 km (12 mi) per pixel. (NASA/JPL/SSI) #

22
Saturn is seen through the thick smoggy haze of Titan's upper atmosphere in this December, 2005 image. The image was taken at a distance of approximately 25,404 kilometers (15,785 mi) from Titan. (NASA/JPL/SSI) #

23
The shadow of Tethys drifts across the face of Saturn. Nearby, shadows of the planet's rings form a darkened band above the equator. The image was taken on Oct. 1, 2008 at a distance of approximately 615,000 km (382,000 mi) from Saturn. Image scale is 37 km (23 mi) per pixel. (NASA/JPL/SSI) #

24
Saturn's northern hemisphere is seen here against its nested rings. The rings have been brightened relative to the planet to enhance visibility. Images taken using red, green and blue spectral filters were combined to create this natural color view. The images were acquired with the Cassini spacecraft wide-angle camera on Feb. 24, 2009 at a distance of approximately 866,000 km (538,000 mi) from Saturn. Image scale is 38 km (24 mi) per pixel. (NASA/JPL/SSI) #
Add new comment
Last Updated on Monday, 20 April 2009 12:14
 

10 youtube tricks

E-mail Print PDF

1. View high quality videos

Youtube gives you the option to switch to high quality videos for some of the videos, however you can check if a video is available in high quality format by appending ‘&fmt=18′(stereo, 480 x 270 resolution) or ‘&fmt=22′(stereo, 1280 x 720 resolution) for even higher quality.

2. Embed Higher Quality Videos

While the above trick works for playback, if however you want to embed hig quality videos you need to append “&ap=%2526fmt%3D18″ and “&ap=%2526fmt%3D22″ to the embed url.

3. Cut the chase and link to the interesting part

Linking to a video where the real action starts at 3 minutes 22 seconds, wondered if you could make it start at 03:22? You are in luck. All you have to do is add #t=03m22s (#t=XXmYYs for XX mins and YY seconds) to the end of the URL.

4. Hide the search box

The search box appears when you hover over an embedded video. To hide the search box add ‘&showsearch=0′ to the embed url.

5. Embed only a part of Video

Just append ‘&start=30′ to skip first 30s of the video. In general you can modify the value after start= to the number of seconds you want to skip the video for.

6. Autoplay an embedded video

Normally when you embed a Youtube video and load the page, the player is loaded and it sits there waiting for you to hit the play button. You can make the video play automatically by adding ‘&autoplay=1′ to the url part of the embed code.

7. Loop an embedded video

Append ‘&loop=1′ to make the video start again without user intervention after it reaches the end.

8. Disable Related Videos

Publishing your content in the form of Youtube video? Don’t want people to see other people’s content that may be related but may as well be in competition to you? Just add ‘&rel=0′ to the end of the url part of the embed code and you just turned off the related video suggestions!

9. Bypass Youtube Regional Filtering

Some videos are only available in certain parts of the world. Your IP Address is used to determine your location and then allow or deny access to the video. Change the url from http://www.youtube.com/watch?v=<somecode> to http://www.youtube.com/v/<somecode>

10. Download Video

Although not inherently a youtube trick but useful all the same for downloading videos. Just change youtube to kickyoutube in the url of the video and it will take you to kickyoutube.com with all the options for downloading the video you were watching.

Do you know of some similar Youtube URL tricks and hacks? Fire them in comments!

Add new comment
Last Updated on Saturday, 18 April 2009 21:31
 

Microsoft Exchange 2010 Beta Looks Solid from Core to Cloud

E-mail Print PDF

Microsoft Exchange 2010 Beta Looks Solid from Core to Cloud

By Jim Rapoza
2009-04-14

REVIEW: Microsoft's Exchange Server 2010, which eWEEK Labs tested in its Beta 1 incarnation, takes on its cloud-based e-mail rivals with a new Outlook Web Access interface that adds both richness and interoperability with non-Microsoft browsers such as Mozilla's Firefox and Apple's Safari. At the same time, Microsoft has bolstered the management capabilities relied upon by Exchange's core enterprise audience.

Over the last three years, the world of e-mail and Internet communications has changed quite a bit. The growth of cloud-based services and Web-based messaging solutions, most notably Google Gmail, has changed the way people and businesses (especially small businesses) look at messaging.

But while small businesses have started to move to services such as Gmail to handle their e-mail needs, large corporations still need enterprise-class messaging systems that can tie into company applications, provide high levels of security, and allow businesses to fulfill data retention and compliance directives.

This is the challenge that Microsoft faces in putting together the first new version of its messaging and communications platform since Exchange Server 2007 was released in 2006. The next version of Exchange needs to work well in the new more distributed, cloud-based and mobile world of messaging while also providing the core capabilities that enterprises need.

For images of Microsoft Exchange Server 2010's welcome improvements, click here.

Based on eWEEK Labs' tests of the first beta of Exchange Server 2010 (the final version is scheduled to ship by the end of this year), it looks as though Microsoft is well on its way to balancing these requirements.

While there aren’t a lot of ground-breaking new features in Exchange Server 2010, there are many welcome improvements that go a long way toward addressing the shortcomings of the previous versions. In particular, the beta of Exchange Server 2010 offers features for businesses looking to leverage the advantages of both hosted and internal mail systems, for companies looking to cut some of the more needless help desk costs associated with managing Exchange, and for end users who don’t use Microsoft operating systems or Web browsers.

For most end users, the biggest and most notable differences with Exchange Server 2010 will be in the much improved Outlook Web Access Webmail client. The most welcome of these new features is that the Webmail client now works pretty much identically for users of Mozilla's Firefox and Apple's Safari Web browsers as it does for users of Microsoft's own Internet Explorer. For instance, instead of having to deal with checkboxes and next screen arrows, users of Firefox and Safari can scroll down to view an entire page of messages, access right mouse button menus and have much of the same functionality as one gets from the full Outlook client.

In general, the Outlook Web Access client behaves much more like a full Outlook client, offering everything from pop-up tips (for example, when a message is too large) to suggested contacts when entering a name.

For businesses, the most welcome new capabilities in the Webmail client are those designed to help businesses delegate administrative tasks and provide users with more self-help options to cut down on help desk calls.

Clicking on the Options link in the Outlook Web Access client brings up the Web-based Exchange Control Panel. From here, users can carry out standard self-service tasks such as updating contact information and defining in-box rules. The Control Panel also offers access to more powerful features, including the option for users to create their own custom public distribution groups without the need to contact the IT staff, or to track the delivery status of their messages. Depending on the role given a user by administrators, end users can also use this feature to control public company mailing lists.

In addition, this interface can take advantage of new roles capabilities in Exchange Server 2010 to let administrators delegate capabilities to end users. Most interesting of these is the ability to quickly enable multiple mailbox searches, letting, for example, an HR or compliance officer quickly search for information across several mailboxes. Almost any capability accessed through the Exchange Control Panel can be turned on and off for specific users through the use of these roles.

On the administration side, like previous versions, Exchange Server 2010 still uses a standard Microsoft Management Console interface for the majority of management tasks. However, there is a greater use of tools such as wizards to ease the configuration of many common Exchange settings.

The Exchange Federation Gateway feature makes it possible for organizations to share Exchange data easily across their implementations or through a hosted Exchange Online system. For example, administrators can share live calendars across two different partner companies to smooth meeting scheduling.

Moving user mailboxes has been greatly streamlined and, in tests, user mailboxes could be moved quickly with limited disruption to end-user access.

With the Database Availability groups feature, I was able to easily configure database replication services to multiple servers, including off-site servers. In basic tests after bringing down a database server, the server seamlessly automatically recovered with no loss of messages.

Using the Transport Protection Rules, it was possible within the administration interface to create customized rules to control how specific messages could be routed within an organization—for example, applying “no forwarding” rules to specific messages. This feature could also be tied to Windows Rights Management Services to provide deeper DRM-style controls over some messages.

The beta of Exchange Server 2010 also has a number of under-the-covers changes that increase the stability of Exchange and make it easier to use in a variety of organizations. These include the ability to work better with non-SAN storage infrastructures that utilize standard direct-attached disks.
Add new comment
Last Updated on Friday, 17 April 2009 14:52
 
More Articles...
  • «
  •  Start 
  •  Prev 
  •  1 
  •  2 
  •  Next 
  •  End 
  • »
Page 1 of 2