Cloud & Telecom Security

五一节将至，预祝大家节日快乐。

偶然从网络上发现下面的一幅卡通图片，讲的是云计算。点击看原文链接

Two basic kinds of online websites are online banks and online games. Unlike what we were doing for traditional system security, we must take care of both front-end servers and customers’ applications. Yeah, customer’s desktops and applications! A lot different!

No matter what mode is, C/S or B/C,  we need to make sure both careless users and vulnerable applications are in good security posture. This brings by far tough challenges to security team. Un-registered game server(SiFu in Chinese), phishing website , Cheating Program(WaiGua in Chinese ), variable trojans, leaked password, or compromised users’ system , lots of servers reside in distribute IDCs , different operating systems and applications , all of this make security mess up .

Here is an economic way for your reference. Read more…

Quality in a product or service is not what the supplier puts in. It is what the customer gets out and is willing to pay for.

- Peter Drucker, American management guru.

The traditional security products, including firewall, IDS, and anti-virus are very familiar to us. They are occupying most of security market share. And we know the UTM, IPS, and SOC are the ongoing stars. However, what’s about the future? From the view of ISO/OSI model, we know we have done too much on the network layer; we had focused on this layer and developed lots of products based on it.

Maybe the reason is like this: in the past, we implement the IT infrastructure without security built in it. Internet spread widely in few years as security just can’t keep up with it. This has brought a lot of breaches or exposure at the networking layer. Read more…

昨天看到这则新闻，很复杂的感觉。一方面觉得不新鲜，近年来Sun举步维艰，业务模式上的失败，一步错步步错，在和IBM/HP/Dell等硬件交锋中艰苦挣扎，虽高举Java大旗，还有人见人爱的MySQL, 但软件业务收入无法托起公司成长、中兴的重任。被人收购已经是不可避免。另外一方面，不免心中感慨。十多年前刚参加工作，电信机房里满眼的Sun服务器，Solaris是操作系统中的“圣经”，你用SGI, AIX, 甚至HP-UX，那感觉就是旁门左道。光阴荏苒，时过境迁，现在已是人家案板鱼肉。 Read more…

【写在前面的话】其实2008年已经过去3个月了，其实这篇博客是一个“续貂”之作，源于皓月的2008盘点。我只是取了一个巧，悄悄增添了一些陋见和博客广告，狗尾貂皮大家不得不混而读之，呵呵。

本文旨在于对2008信息安全业界及安全技术的演进趋势加以整理，方便大家各位能够较为清晰的加以回顾。为确保适合于不同读者阅读，本期盘点以时间顺序并分事件篇与工具篇加以阐述。不详之处，还望多指点批评。 Read more…