The Great WiFi Migration

Cloud this, virtual that… it’s the future, and mostly it’s a good thing! Welcome to the great WiFi expansion, folks!

The Past

Not too long ago, when people started deploying multiple wireless access points (APs) in a single location, they realized how cumbersome it was to manage all APs individually. The masses demanded a way of managing multiple APs from a single location, and so the Controller was born. A Controller is just what the name says: a device that ‘controls’ and manages all APs from one central location.

For some time, this was the only option for managing multiple APs, and there was no way around it. And it was a great thing. It still is.

Now 

[Read more…]

BYOD: Is it Worth the Risk?

The Bring Your Own Device (BYOD) phenomenon has become a highly debated topic in many organizations. While some enterprises are fully enveloped in the BYOD trend, others are hesitant to adopt this new strategy because of the numerous risks associated with it. Regardless, here is what you need to know to be BYOD-ready.

[Read more…]

Jibba Jabba or the Nines Nines Nines

You’ve probably heard “nines” thrown around when talking high availability, so let’s review them to make everyone talk the same talk or IT Jibba-Jabba.

[Read more…]

High Severity GnuTLS bug

On May 23rd, Nikos Mavrogiannopoulo (one of the primary authors of the GnuTLS library) submitted a commit identifying the potential for “memory corruption” during the TLS/SSL handshake process. This specific bug makes it possible to initiate a server-based attack on a client system by corrupting its memory using a specially crafted ServerHello message.
[Read more…]

Heartbleed: A Case For Two-Factor Authentication

By now you’ve probably heard about a major vulnerability in the OpenSSL Project’s implementation of SSL known as Heartbleed. If you’re not familiar with SSL, it is a protocol designed to secure communication between an end-user (client) and application (server) using cryptography and keys intended to make it difficult to intercept and read protected traffic. The process of establishing that secure communication looks something like this:


[Read more…]

DDoS Ammunition: Are you protected?

Saar here, resident engineer at Myriad Supply. Today I’ll be discussing DDoS ammunition.

The FFIEC gives “recommendations” to banking institutions.  This is a non-binding recommendation, and there is no law per say that says you must have DDoS protection.  However, if someone suffers financial damages due to a DDoS attack on a bank, that person can hire an attorney who can then prove that the bank handled itself without due diligence in spite of government recommendations. So a reasonable judge will find the bank at fault and it would have to pay.  Add a class action, and you’re looking at a pretty hefty sum. In this article for example, http://www.scmagazine.com/banks-file-class-action-against-target-and-trustwave-over-massive-breach/article/339760/, the banks are suing Target for failing to have decent security, which cost them millions replacing stolen payment cards.

[Read more…]