This morning, you might have noticed that the blog title was changed to “Cloud & Telecom Security”. Yes, it’s true.
From one or two years ago, my interests and focus have changed to around cloud computing and telecom or ICT security, while P2P was touched very occasionally. I believe the new title can reflect the new focus better and hope you like it.
2009年12月17日,云计算安全联盟发布了新版的《云安全指南》v2.1[1],代表着云计算和安全业界对于云计算及其安全保护的认识的一次重要升级。
云安全联盟CSA是在2009年RSA大会上宣布成立的。自成立后,CSA迅速获得了业界的广泛认可。现在,CSA和ISACA、OWASP等业界组织建立了合作关系,很多国际知名公司成为其企业成员,绿盟科技也在上个月成为企业会员(似乎应该是亚太地区的第一个企业会员,使用Twitter的朋友请关注@nsfocus_update)。其发布的云安全指南及其开发成为云计算领域令人瞩目的安全活动。下面简要回顾一下云计算、云计算面临的安全威胁、新版云安全指南及其使用。 Read more…
By this acquisition, HP enters enterprise networking market with strong threat management product line from Tippingpoint.
The vulnerability and threats research of DVLabs will greatly improve HP’s capability and image at these areas, so that HP’s competition against IBM will become more effective. X-Force of ISS is one of the critical advantages of IBM over HP, at overall one-stop IT arena.
Historically, after the acquisition of an independent security company, their selling model and focus will change to more aligned with major businesses. As for HP’s scenario, their security product lines, including the IPS/UTM, focuses on their global enterprise customers and outsourcing partners. The security department, mostly, will lose some momentum to find and obtain new customers, instead, they will be more interested at existing customers, bundled within other bigger IT/service orders. Read more…
Gartner, the leading marketing analysis and strategy firm, released its newly-brew TOP 10 technology list today. They are:
This morning Twitter seems to be in trouble of performance issue. Actually, this is not first time to get the below screen:
几个月前,读到尼古拉斯·卡尔的《IT不再重要-互联网大转换的制高点-云计算》(中信出版社 2008.10),其中提到了未来数据中心的场景 – 一栋灰色的大仓库,厚重的铁门,冷峻的门卫等等。IBM在美国的支柱数据中心设在科罗拉多州州的Boulder(巨石城),我猜那里的电和成本都比纽约和罗利Raleigh要低一些。后面也看到新闻讲Google和微软都在美国西部某条大河的水电站附近建立了新的大规模数据中心以支撑云计算战略。电费等基础设施开销成为互联网云计算的很大一块成本,在绿色IT的大旗下,Hi-Tech的云计算服务器群正在进行一场轰轰烈烈的上山下乡运动。
请看下面一则新闻。IBM的新数据中心建到了东营…. Read more…
After Google released its new Sidewiki service yesterday, it’s very interesting to imagine what would be Google’s next step. You know, it’s not a new service to let users share comments for specific web pages. Digg, Slashdot, Reddit, delicious, and other peers have been providing this for a few years. From the release note, the key point of Sidewiki is “direct”, ie. users don’t need to submit to somewhere else to share their comments. Sidewiki allows users share comments “directly”. Doesn’t “directly” mean shortcut to other page sharing providers? Read more…
Sept.23, 2009 今天上午Google宣布推出迷你快速评论服务 – SideWiki,该服务允许每个读者可以随时评论所正在浏览的网站。这种快速迷你评论系统将会很大地影响在线书签、Digg、Slashdot、Delicious、Reddit等共享服务,而强化Google ID账号的核心作用,进一步地将用户留在Google的服务上。
SideWiki通过Google工具条实现,在网页的侧栏允许用户评论并浏览其他人的评论,与其共享书签、阅读器、邮件系统、Google Docs等的集成和数据共享相信很快也显现出来。 Read more…
It’s reported that the U.S. Department of Homeland Security was looking at a report by a research scientist in China that shows how a well-placed attack against a small power subnetwork could trigger a cascading failure of the entire West Coast power grid. It’s an inspiring finding from unique viewpoint. A slight bite by injection into the grid might lead to an overwhelming avalanche. Isn’t it horrible?
However, what I am thinking is that Internet cloud services have many similarity to those of power grid, ie. these threats and potential attacks are very possibly valid to Internet clouds. What and how Internet clouds respond/react to these potential similar attacks to those against power grid? Yes, those dominant cloud service providers have very robust and strong infrastructure all over the world, how large the bandwidth, how many the servers, how many square feet the data centers, blah blah. Further, there are automatic load balancing and distribution system among those distributed data centers. Once one set of servers and/or circuits, the services would be transfered to other servers and circuits automatically. Your services WILL be there, keeping the same, or NOT? Read more…
转帖一篇程苓峰先生的文章,很欣赏作者辐射出的热情和感染力,PC的普及、互联网的普及、云服务的萌芽和迅速成长的确给了很多个人、公司、组织、地区等很多机遇。 Read more…
Nowadays, many companies spent a lot of resources to build and improve their branding impage at Internet. The Internet has transfered the control from trational media and PR company to bloggers and users. Jeff Jarvis told an interesting story at his book “What Would Google Do?” which introduced how Dell succeded in recovering its customer satisfaction and image through new strategy tuned for Internet – from overlooking Internet voices to listening to bloggers, fully leveraging Internet and transfering complainers into advocates.
Inspired by Jeff’s book, I start to do some simple research on this topic of Internet branding and complainers, i.e. “sucks” speakers, trying to find something interesting. Don’t you want to know how many customers were saying your company sucks? Read more…
Information is the new currency of business – a critical corporate asset whose value rises and falls at different times, and in different ways, depending on when, how, where and by whom it is placed into circulation as a medium of exchange.
Therein lie the risks. And the opportunities.
“Safeguarding the new currency of business”, Findings from the 2008 Global State of Information Security Study®, PWC
【说在前面的话】前面已有一些留言说起匿名转载问题,呼吁喜欢埋头“生吞活剥”的网编们提高一下自己的工作品味,尊重原创作者的劳动,署上作者原名和URL,这也是尊重自己的劳动,不要把自己的青春浪费在制造互联网垃圾冗余信息上面。如果您做不到这一点,谢绝转载!
【事先声明】本人不保证内容 正确性,不对后面文字中的分析和预测给您的企业和工作所产生的任何后果承担责任,因为您也不会和我分享您你的收益。呵呵,所以,我说了,您听了,您赚了,您亏了,您笑了、您不屑、您怒了,都与本文和作者无关。
上回书(http://sbin.cn/blog/2009/06/01/cloud-computing-1/)说到了云计算大背景下的一些东家长、西家短的陋见,Chinacloud.cn上刘鹏教授做了大量的、很全面的资料收集,感兴趣者可以自助前往。 故谚云: 云是天上的雾, 雾是地上的云。不管是跳进云里,还是把拉到上,总是要腾云驾雾一番了。书归正传,讨论一下云计算对安全圈的启发 – 这个那个产品和技术会如何演变。在后面的文字中将会讨论到风险评估和渗透测试、安全管理中心、终端安全、身份和访问控制(也包含信任管理)、安全审计、Web应用和生命周期安全、符合性认证和培训等。 Read more…
Many business units are being drawn into using cloud services by the attractive economics, bypassing IT departments to host their applications and data in the cloud directly. This creates several problems for the IT organizations with reduced internal and external control.
- From RSA Whitepaper “The Role of Security in Trustworthy Cloud Computing”.
Even they are not directly for Cloud services, but there were cases that BUs signed contracts with 3rd providers to host their applications directly, bypassing IT department. Obviously, it’s not good practice from governance perspective. It might be a head-up for CIOs at Cloud time.
Recent Comments