Guarding the Grid

Posted on by admini

As a result, companies that are implementing grid technologies need to pay special attention to issues such as user authentication, authorization and access control, as well as auditing and data integrity — both when data is in storage and while it’s in transit.

Ensuring that adequate measures are in place for responding to the effects of worms and viruses, which can be amplified in a grid setup, is also crucial in grid computing, IT managers say.

Most of the problems that users have to deal with in a grid environment are similar to the ones they face in nongrid environments, says John Hurley, senior manager for distributed software and systems integration at The Boeing Co.’s mathematics and computing technology group in Seattle.

A grid installation harnesses the combined power of numerous servers and PCs to run applications and services as one large system.

The potential severity of grid-related security problems depends largely on the context in which grids are being used, says Dane Skow, deputy computer security executive at the Fermi National Accelerator Laboratory in Batavia, Ill.

“When you talk to people about grids, they have different scenarios in mind — everything from clusters in the same room run by the same infrastructure team to global power-grid-like infrastructures,” says Skow.

Research grids, for instance, typically provide access to users from multiple organizations and security domains. User access, authentication and authorization in such an environment can be a big challenge, given the fact that there’s no single identity authority, says Skow, who is also part of the security group at the Global Grid Forum, a Lemont, Ill.-based organization with members from more than 400 vendors and user companies.

In contrast, a grid being run by a private-sector company typically uses internal resources and is accessed by users whose identities are already stored in an internal directory. As a result, it’s easier to get a grip on identity management in a company grid than it is with grids in a research setting, Skow says.

Companies that are deploying grids also must protect data during transmission on the network via encryption, says Jikku Venkat, chief technology officer at United Devices Inc., an Austin-based vendor of technologies for aggregating computing resources into clusters and grids.

Addressing grid security may not involve new technologies, but because of the increased potential vulnerability, protective measures become more urgent.

http://www.computerworld.com/securitytopics/security/story/0,10801,97815,00.html

Read more

CIOs and IT Managers prefer Linux for e-mail

Posted on by admini

The research also revealed that 21 percent of executives would prefer Linux for their entire email infrastructure if they could scrap their current email infrastructure, and over 40 percent said they would replace their backend messaging infrastructure for one with better performance and lower costs.

“The survey shows that Linux is a key platform for messaging and its market share is increasing,” said Michael Osterman, head of Osterman Research.

The study is part of Linux related research reports, which were published in a whitepaper entitled “”Linux and eMail Infrastructure: A Business and Technology Perspective”. The whitepaper was released by Scalix, a Linux email software company, to help IT managers extend the technology benefits of Linux to their email infrastructure.

http://www.ebcvg.com/articles.php?id=427

Read more

Windows XP SP2 For Embedded Devices Is Out

Posted on by admini

The latest is a version for embedded devices running Windows XP Embedded.
http://www.microsoft-watch.com/article2/0,1995,1734101,00.asp
The embedded XP SP2 release includes many of the same security fixes and new features as Microsoft delivered in the full version of SP2.

http://www.microsoft-watch.com/article2/0,1995,1734130,00.asp?kc=MWRSS02129TX1K0000535

Read more

IT pros called to become boys in blue

Posted on by admini

The request has apparently been welcomed by commissioner of the Metropolitan police Sir John Stevens.

“I think we should be using special constables,” said chairman of EURIM Brian White, MP. “IT managers could be given special powers. If they were trained in evidence gathering, they could report straight to the Crown Prosecution Service. Secure crime scenes and give records to court, for example.”

The recommendations follow findings earlier this year that only 240 people were qualified to work in digital forensics and evidence recovery. EURIM is proposing to increase the number of skilled police officers patrolling the cyber world.

White said that legislation alone was not enough to fight cybercrime, and more had to be done to improve the level of skilled police for the Internet. As part of EURIM’s proposals, White added that the UK needed better methods of reporting cybercrime because local police stations were ill-equipped to handle the task.

EURIM also proposed that some of the barriers to becoming a special constable should be removed, especially for IT specialists.

“One of the things you need to be [to join the special constables] is physically fit,” said Philip Virgo, secretary general for EURIM. “There would probably be lots of people who could monitor Internet chat rooms who couldn’t police the town on a Friday night. There are lots of boundaries to this that don’t need to be there.”

EURIM also called for IT specialists to contribute ideas for Internet policing, as the debate for what role the Serious Organised Crime Agency will play will begin over the next few weeks.

EURIM said it wanted to use the opportunity to ensure that people had a centralised point of contact when they needed to report a cybercrime.

http://news.zdnet.co.uk/0,39020330,39175660,00.htm

Read more

Customer ID: Frontier Bank Seeks New Level Of Security

Posted on by admini

New account holders had to be verified to near certainty and screened against the OFAC database and other government watch lists to thwart crooks, scam artists and potential terrorists.

The bank needed a cost-effective and compliance-ready solution through automated ID verification software, a niche IT product that seamlessly works with existing new account procedures to enhance identity safeguards and build a database of documentation showing the bank’s compliance with Section 326, the customer identity regulations in the Patriot Act.

The answer, in this case eFunds’ ID verification system, which came packaged with Scottsdale, AZ-based eFunds’ ChexSystems fraud prevention and risk management solution already employed by Frontier.

The new system could track what records new account reps were pulling for customer verification, allowing Roush to determine which employees are not completing full records checks, or those who aren’t clearing up “false positives” that mistakenly rejected customers.

Bankers Systems acquired Atchley Systems in October 2003 to broaden its Patriot Act compliance offerings.

Sheshunoff Information Services bank compliance consultant Lorraine Hyde believes most banks are largely taking the necessary steps from a “safety and soundness standpoint,” but not just for examinations.

http://www.banktechnews.com/article.html?id=20041101ZV7Q0QP5

Read more

I.T. Security a People Problem; Workforce To Nearly Double by 2008

Posted on by admini

The research shows that enterprises worldwide will hire about 800,000 more security professionals by 2008. The research leaves no doubt that human beings will be needed to thwart the threats caused by other human beings.

Among other findings of the IDC/ISC research: The compounded annual growth rate of hires worldwide between 2003 and 2008 should be 13.7 percent.

“There are still many organizations around the globe that haven’t fully addressed their security issues,” Carey noted. Some of the most insidious damage to data is accomplished as inside jobs.

When viewed from a macro level the striking characteristic of threats is change. “It’s a continuously dynamic environment,” Carey added.

The vulnerabilities of networks and data centers evolve, just as the methods employed by hackers do.

The key to a successful security strategy is involvement.

It appears the enterprises that remain the free of viruses, break-ins and thefts will be those that refrain from throwing money or software at problems, and instead bring people in to respond to the shifting sands of I.T. hazards

http://www.cio-today.com/story.xhtml?story_title=I_T__Security_a_People_Problem__Workforce_To_Nearly_Double_by_____&story_id=28254

Read more