Network World

Bottom Line

By Joel Snyder

Search Bottom Line

Joel Snyder, a Network World Test Alliance partner, is a senior partner at Opus One in Tucson, Ariz. E-mail him.

Are stand-alone IPSs dead?: 09/26/07; I just finished a hellishly large test for Network World of enterprise-class UTM firewalls. You’ll be able to read the full results in print and online Nov. 5. One of the tough questions I had to wrestle with is the definition of UTM when it comes to these gigabit behemoths.
Tech support that makes you feel small: 04/05/07; A recent incident reminded me just how bad things can be in IT, if you're a small company. A friend asked me to help him set up an e-mail gateway. He ordered the smallest box that one of the major vendors offers. It cost $5,000 - which is, frankly, a lot of money for a guy running a small consulting company. Of course, when I say "he ordered," I'm leaving out the part where it took two months to place the order because the vendor pointed him to Worst Distributor Co. in Dallas, which couldn't get him a quote, wouldn't answer his e-mails and never took the order. He got his system only because one of the vendor's sales guys took pity on him and took his money.
Security gear: Separating the best from the rest: 01/31/07; I just finished a project for which I had to use many security products, and I was struck by how much of a difference there is between the good and the merely average. In particular, three characteristics separate great products from the rest of the pack.
Conflicts lead to tense times in security: 11/02/06; Security is often like insurance: money you spend now to avoid a much bigger and more catastrophic expense later.
The NAC train is leaving the station: 08/28/06; Even after spending all this time and energy taking in all three NAC schemes, I hope Microsoft, Cisco and TCG can come together on a single solution. In the long run, that would be better for everyone.
The pros and cons of NAC: 06/12/06; I'm enthusiastic about NAC, but I'd like to devote some time to the devil's advocate view of the technology. Specifically, NAC has five major failings.
When a product is better than the company: 04/10/06; Why is CipherTrust unwilling to sell me a box? I don't know; they aren't talking. More frightening than my experience is the possibility that the company might do this to an existing customer. What good is a security product if the vendor refuses to sell you service on it?
Extend perimeter defense to application layer: 01/23/06; I am the biggest defense-in-depth supporter there is, but deep defenses don't obviate the need to protect the perimeter. This year, we're going to see a lot of action from security vendors trying to provide better and stronger defenses at the border from the growing plagues of viruses, spyware, malware and phishing attacks.
Sourcefire may resurrect Check Point: 10/31/05; Sourcefire has products, but they're missing pieces - things that Check Point does very well. And Sourcefire can certainly benefit from the mature marketing, distribution, quality assurance and support infrastructure of an established company such as Check Point. If this marriage works, expect great things from Check Point - again.
Tale of the tape: Encrypt data now: 07/04/05; Data should be encrypted in transit. All you need to remember are those six words.
The security status quo is wrong: 04/25/05; We have way too many people writing as wireless security experts and way too few actually thinking about wireless security. We also have way too few keeping up with the changes in the technology and how we use it.
Mobile models lost in translation: 02/21/05; Network managers need to be prepared for heavier demand from their European users for secure mobile data, because the wide availability and relatively reasonable cost have made mobile data an expected service.
Securing endpoints in SSL VPNs: 12/06/04; In every case, the best solution is one that supports your security policy, while not needlessly preventing access by legitimate users. Make sure you make your own decision, though, and don't let the magical marketing spin from some of these SSL VPN vendors convince you that the impossible is suddenly easy.
A VoIP security plan of attack: 09/13/04; From a security viewpoint, VoIP is a nightmare, combining the worst vulnerabilities of IP networks and voice networks. But VoIP's security challenges can be solved. All it takes is a plan.
Testing shows VoIP a big winner: 04/26/04; H.323 is dead. Oh, man, is it dead! In past years, we've struggled to get H.323 devices to interoperate. They don't do it well and, what's worse, debugging is a total pain. Not so with SIP-controlled telephony. We had incredibly good basic interoperability in just minutes between SIP phones.
Time to wise up about worms: 02/16/04; Why can't people take responsibility for protecting their own PCs? People never say, "I did something utterly moronic today and infected my own PC and 600 others." No, it's "I got a virus." As if it's not their fault. As if they caught a cold because they just happened to be in the room when someone who was sick walked by.
When will we ever learn?: 09/29/03; The worms came in through firewalls that shouldn't have let them in. Infected systems continued spreading the worms because we didn't have adequate tools to contain them. Two years after Code Red, there are still fundamental problems in the way we manage and secure systems that make us vulnerable to this kind of attack.
What is an IPS, anyway?: 08/04/03; Wrapping a firewall around the perimeter is no longer sufficient to meet the needs of modern networks. Technologies such as IPS need to be pushed into the network, not just at the edge, but throughout the entire infrastructure.
SSL VPNs won't save the world: 06/09/03; The real value of SSL VPNs is in their sweet spot: extranets and Web-based remote applications. Focus there, and you can do things that have been impossible with traditional IPSec tools.
Risk analysis needs a reality check: 04/14/03; One factor that contributes to poor risk analysis is having too much awareness of a problem. Get hypersensitized to an issue, such as security threats, and you're bound to react in a way disproportionate and uncalled for by the facts. We're not just inundated with security information; we're overwhelmed by it. This sets us up to make poor decisions.
IPS: A technology, not a product: 11/25/02; A combination of intrusion-detection brains and firewall placement, IPSes take a new tack on protecting corporate networks. The concept is simple; the implementation is a lot more difficult.

View more Most Read

Rss Feed

Whitepapers

View more LANS & WANS whitepapers

Webcasts

View more LANS & WANS webcasts

Special Reports

View more LANS & WANS special reports

Save The Date!

What They Are Saying

SpamBully and SpamBayes do a great job on my home and office machines.- Anonymous

Join the Discussion

Partner Content

Simplify Your Branch Infrastructure

Learn how to simplify your branch infrastructure while dramatically increasing app performance with Citrix Branch Repeater.

Download the Free Info Kit

Next-Gen Load Balancing

Free Guide: �Next Gen Load Balancing: 8 Things You Need to Handle Today�s Network Traffic� shows you the functionality needed in your next load balancer.

Download the Free Guide

Accelerate Your Web Apps by up to 5x

Free Guide: �The Secret to Getting Maximum Speed from your Web Applications.� Learn how you can deliver Web apps up to 5x faster.

Download the Free Guide

NetworkWorld, Inc.	About Network World, Inc. \| Advertise \| Careers \| Contact us \| Terms of Service/Privacy \| Reprints and links \| Partnerships \| Press room \| Subscribe to NW
IDG, Inc.	CIO \| Computerworld \| CSO \| Demo \| GamePro \| Games.net \| IDGconnect.com \| IDG World Expo \| Infoworld \| JavaWorld.com \| LinuxWorld.com \| MacUser \| Macworld \| PC World \| Playlistmag.com \| The Industry Standard \| IDG List Services \| IDG TechNetwork
	Copyright © 1994-2008 Network World, Inc. All rights reserved.

Skip Links

Network World