What We're Reading, Week of 1/25

The Windows Blog… Remote Access Challenges In this post, Alexander Kent explains some of the most common remote access challenges and offers advice on how to make your Windows Home Server accessible across the Internet. He addresses these issues: UPnP is not enabled or supported by your router, an Internet Service Provider is blocking Remote Access Ports, and Double NAT. If you have experienced issues with any of those challenges, this breakdown should be helpful. Insecure about Security… Will 2010 Be “The Year of IPv6?” John Oltisk believes that the foundation of IPv6 is now firmly in place and we will see steady and growing momentum in the years to come and that by 2013, the transition will be nearly completed. He makes this prediction for the following reasons: the argument that we are running out of IP addresses is now taking hold, IPv6 is now supported in all major operating systems including Windows, Linux, MacOS, and z/OS, many governments around the world already run on IPv6 or are in the process of transitioning to IPv6 and IPv6 security will become more and more important moving forward. Securosis… Security Strategies for Long-Term, Targeted Threats This post offers some security strategies for dealing with long-term, targeted threats such as the Advanced Persistent threat in Firestarter. One suggestion is to segregate networks and information since the more internal barriers an attacker needs to traverse, the greater your chance to detect. However, allowing VPN access across these barriers won’t help segregation nearly as much. The root cause of many breaches has been a weak endpoint connecting over VPN to a secured network. You...

What We’re Reading, Week of 1/25

The Windows Blog… Remote Access Challenges In this post, Alexander Kent explains some of the most common remote access challenges and offers advice on how to make your Windows Home Server accessible across the Internet. He addresses these issues: UPnP is not enabled or supported by your router, an Internet Service Provider is blocking Remote Access Ports, and Double NAT. If you have experienced issues with any of those challenges, this breakdown should be helpful. Insecure about Security… Will 2010 Be “The Year of IPv6?” John Oltisk believes that the foundation of IPv6 is now firmly in place and we will see steady and growing momentum in the years to come and that by 2013, the transition will be nearly completed. He makes this prediction for the following reasons: the argument that we are running out of IP addresses is now taking hold, IPv6 is now supported in all major operating systems including Windows, Linux, MacOS, and z/OS, many governments around the world already run on IPv6 or are in the process of transitioning to IPv6 and IPv6 security will become more and more important moving forward. Securosis… Security Strategies for Long-Term, Targeted Threats This post offers some security strategies for dealing with long-term, targeted threats such as the Advanced Persistent threat in Firestarter. One suggestion is to segregate networks and information since the more internal barriers an attacker needs to traverse, the greater your chance to detect. However, allowing VPN access across these barriers won’t help segregation nearly as much. The root cause of many breaches has been a weak endpoint connecting over VPN to a secured network. You...

What We're Reading, Week of 1/18

Insecure about Security… Approximately Half of All Organizations Will Increase Security and Networking Spending in 2010 In this post, John Olstik says that nearly half of all mid-market (100 to 999 employees) and enterprise (1,000 employees or more) companies will increase their spending on network hardware in 2010. Their top priorities will include WLAN, IP telephony, and WAN optimization. 48 percent of mid-market organization will increase their spending on information security technologies while 61 percent of enterprises will increase their spending on information technologies. Their top priorities are network security, endpoint security, and messaging/web security. John says 2010 will be “a good year for vendors to re-engage with customers, build long-term partnerships, and help them move beyond the Status Quo.” IT Business Edge… Evaluate Technologies with Remote Access in Mind This post by Paul Mah discusses the new research from collaboration firm oneDrum, showing that many workers find themselves unable to work from home despite the fact that they are willing to do so. According to the survey, 61 percent of employees never work from home, even though 72 percent of SMBs allow it. One main reason for this was that work documents were not accessible outside of the office. Paul suggests that businesses gradually move toward teleworking, which can be achieved by evaluating new technologies with an eye toward facilitating it. Also, see our series of posts on how to rethink remote access. The Security Catalyst… Security from Scratch: Getting the Lay of the Land Dennis Kurtz says that when building Security from Scratch, the challenge is in understanding the situation from the start. Once the team is...

What We’re Reading, Week of 1/18

Insecure about Security… Approximately Half of All Organizations Will Increase Security and Networking Spending in 2010 In this post, John Olstik says that nearly half of all mid-market (100 to 999 employees) and enterprise (1,000 employees or more) companies will increase their spending on network hardware in 2010. Their top priorities will include WLAN, IP telephony, and WAN optimization. 48 percent of mid-market organization will increase their spending on information security technologies while 61 percent of enterprises will increase their spending on information technologies. Their top priorities are network security, endpoint security, and messaging/web security. John says 2010 will be “a good year for vendors to re-engage with customers, build long-term partnerships, and help them move beyond the Status Quo.” IT Business Edge… Evaluate Technologies with Remote Access in Mind This post by Paul Mah discusses the new research from collaboration firm oneDrum, showing that many workers find themselves unable to work from home despite the fact that they are willing to do so. According to the survey, 61 percent of employees never work from home, even though 72 percent of SMBs allow it. One main reason for this was that work documents were not accessible outside of the office. Paul suggests that businesses gradually move toward teleworking, which can be achieved by evaluating new technologies with an eye toward facilitating it. Also, see our series of posts on how to rethink remote access. The Security Catalyst… Security from Scratch: Getting the Lay of the Land Dennis Kurtz says that when building Security from Scratch, the challenge is in understanding the situation from the start. Once the team is...

Arcane IP Conflict to Watch Out For

Every once in a while, someone flags the NCP Help Desk with an arcane VPN connection question. Earlier this week, we came across a blog post by Merrick Chaffer on EMC Consulting Blogs, offering advice on just such an issue, and we thought we’d share it. Merrick decided to solve the problem on his own (Help Desk certainly would have ‘cracked this nut’ in an hour or so!).   After spending a couple of weeks worrying that I’d have to be plugged directly into my router to connect to my work VPN network, with my Dell D830 Latitude laptop and Windows 7 64 bit, I finally chanced upon the solution. It turned out to be a device manager setting and potentially a setting in the BIOS on my D830 dell latitude (bios revision A14). Follow the following steps if you are suffering the same issue yourself… 1. Changed the MTU setting on the VPN device… 2. Changed a setting in the bios, which dictated that the wifi connection should be turned off when another connection is available (i.e. LAN or 3G). UPDATE: 23:15 15 January 2010: Actually I’ve just discovered the real route of my problems. Turns out that if my router (3com office connect adsl wireless 11g firewall router), assigns an ip address that is in use by one of the virtual server LAN IP addresses, on either wireless connection or LAN connection, then the VPN software fails to connect. What actually happened was when I plugged another router into my firewall router, I got assigned 192.168.1.3 to my laptop wireless card, which wasn’t one of the entries...