Verizon Business has become the latest organisation to nail its colours to the cloud computing mast, with new cloud-based network management, reporting and monitoring tools.

The IP network provider announced Asset Assurance, a new suite of fault management and monitoring tools and reporting capabilities available to Verizon Private IP customers as a service.

Based on CA's Spectrum Infrastructure Manager, Asset Assurance is a SaaS-based solution combining device monitoring, alarming, fault isolation, root-cause analysis, service-level reporting and IT service management.

An Internet Security Assessment service will provide analysis of potentially harmful traffic, including Virtual Discovery & Classification and External Risk Assessment, supported by professional services.

And new managed security capabilities for Verizon Secure Gateway-Firewall are designed to prevent customers from harmful traffic as they transfer voice and data from public to private networks.

Verizon Business is marketing these solutions at companies of all sizes, saying its flexible billing model will appeal to all.

"IP networks have fast become the heart of most business operations worldwide, which means that companies, more than ever before, are relying on network security and the performance of their business applications to fuel success," said Blair Crump, president of worldwide sales for Verizon Business.

"As a result, we've deepened our global Private IP capabilities to even further boost customer confidence that business communications within and beyond their corporate walls will perform seamlessly and securely."

May 24, 2009 | Permalink | Comments (0)

A highly dangerous SSH flaw discovered a few months ago could still cause your organisation headaches, according to security experts.

The vulnerability was first made public when it emerged last November that researchers at Royal Holloway's Information Security Group had found the flaw, which could allow hackers access to sensntive data.

SSH, or the Secure Shell Protocol, was designed to provide a secure channel between networked devices by encrypting data and is widely used by system administrators to allow them to securely access remote systems and to transfer sensitive data across the internet, according to the ISG.

The team duly discovered a basic design flaw which opens up the possibility of limited plaintext recovery attacks against SSH.

Although the attack is difficult to achieve, it is a very dangerous flaw given the fact that SSH is meant to be bullet-proof, and because of what it is meant to protect.

And although the open source implementation of SSH, OpenSSH, as well as a commercial product techTIA, have been updated to include protection for the flaw, firms could still be at risk, according to Gartner analyst John Pescatore.

"If you're using an inexpensive web hoster, query them to make sure they've patched the flaw," he said. "In addition, quite often these open source technologies are built into other pieces of software, so it's important to check if you have some in use, in places you didn't know about."

He advised firms undertake vulnerability scans of their systems to detect if they are running any unpatched versions of SSH.

May 18, 2009 | Permalink | Comments (2)

The EU appears to be forging ahead with plans for a US-style data breach notification law which would require all organisations to disclose when they lose sensitive data.

The commissioner for Information Society and Media, Viviane Reding, told the European parliament earlier this week that the commission "will start work without delay to consult widely and make proposals" regarding the extension of notifaction laws to all firms.

A contentious telecoms bill is currently working its way through parliament, which includes a clause to force ISPs and service providers to disclose any breaches.

In an exclusive interview with vnunet.com last October, European data protection supervisor Peter Hustinx said that any proposals to make data breach notification mandatory for all organisations would be "fair and in line with reality".

But the UK's data protection watchdog the Information Commissioner's Office has argued against such laws, saying it should be allowed to decide on a case-by-case basis whether an individual organisation should be forced to disclose a data breach.

The arguments against such laws usually state that they will desensitise the public to data breaches and thus lose their impact. There are also question marks about whether there should be a lower limit set on how many records are lost, after which point disclosure should be made mandatory.

But supporters of US-style laws say that they will help to give everyone a clearer idea of the scale of the data breach problem - information which will be especially helpful to law enforcers.

May 8, 2009 | Permalink | Comments (0)