Tuesday, March 19, 2013

Worldwide Cyber Attacks


The Government Security News published an article titled: "German Telecom Company Provides Real-Time map of Cyber-attacks". If it is credible, and at this point I have no reason to doubt its credibility, it is a fascinating bit of technology. Deutsche Telekom (the folks behind T-Mobile) indicates that there are about 450,000 cyber-attacks worldwide per day.
The portal has a digital map which reveals the alleged country origin of the cyber-attacks. I found it interesting- in the last month, the top 5 countries conducting attacks were listed as:
  1. Russian Federation
  2. Taiwan, Province of China
  3. Germany
  4. Ukraine
  5. Hungary
The United States was 6th and China came in a distant 12th. Granted China might be "laying low" because of the Mandiant_APT1_Report - But I doubt it.
The number one attack type was the Server Message Block (SMB) Network services attack against port 445. Of the short time I monitored the portal, there were numerous hits from Australia, Bosnia and Herzeg, and Columbia.
This capability tends to concern me greatly- What about you?
The article can be found at: http://www.gsnmagazine.com/node/28720?c=cyber_security&utm_source=Homeland+Security+Insider+--+March+14%2C+2013&utm_campaign=Feb.+27%2C+2013&utm_medium=email 
Check it out....

Thursday, February 28, 2013

The Deep Web; an Intelligence Challenge

There is a great deal of well deserved, comment, about Cyberspace Security. The White House as planted a stake in the ground that will affect how we respond to this threat to our National Security and Economy.  The President stated “cyber threat is one of the most serious economic and national security challenges we face as a nation” and that “America's economic prosperity in the 21st century will depend on cyber security.”  America faces a very unique challenge. We need to proactively secure our physical cyber infrastructure and deal with those who clandestinely and vigorously attack our cyberspace from external and internal sources. This puts us on the horns of a dilemma. As a country of laws and people who value their privacy; Anonymity travels in close relationship to “Freedom of Information.” We can get a handle on the former (it will be a monumental effort but not insurmountable).The latter raises the classic intelligence conundrum of not only defining capability but determining intent. If approximately 99% of the information to be analyzed is within an environment that is designed for anonymity and obscurity, we have our work cut out for us. I speak of the Deep Web. Several companies have gone where none have gone before and began mapping this galaxy, but much remains to be done. Traditional search and indices are not enough. Big Data analytical techniques are going to be needed. Ways to safely disseminate this information to those who need it must be found and most of all, diligent vigilance and respect for our laws must be maintained.

Friday, August 24, 2012

Maranatha & Associates, Inc. Profile


Founded in 1996, Maranatha & Associates has been providing Service with Integrity as a reseller and as a services company.  Maranatha & Associates (MAI) is a Vietnam veteran owned, Small Disadvantaged Business (SDB). We are a one-stop shop for your System Integration needs. MAI has provided clients with products supporting their existing and planned solutions.  We have provided development, systems design and support, built contemporary web sites, developed small to enterprise-level software, and provided information technology consulting services to both Federal Government and Commercial clients. Our passion is the development and support of enterprise applications that make a difference. We use innovative approaches to boost productivity levels and eliminate wasted processes for our customers. At MAI success is measured in the seconds and dollars regained by each and every client.  As the CTO and CIO’s trusted adviser, MAI provides the best solutions to aide executives in maximizing the return on their investments.  Our deep industry knowledge enables clients to address issues specific to their businesses, and our unique small stature with a large impact approach provides the capabilities to help ensure we serve our clients extremely well.
Since 1996, our mission has been to develop software solutions that make it easier and quicker for our client’s to do business. We measure our success by every second regained by our client. Our highly trained, highly experienced team is capable of accepting the challenge and delivering your project as promised with remarkable results



Friday, December 9, 2011

Virtualization is for Small Businesses

With all the hype and hoopla about the cloud, we sometimes forget that small businesses need the same type of tools needed by the large enterprises. We need it on a much smaller scale, but we still need it. After many years in the mines of the large companies I came to realize that they are in fact a conglomeration of small companies who in fact sometimes compete inadvertently with each other - But that's a subject for another blog.


Many small companies have no IT department and they may or may not be tech savvy...Much of the technology is intimidating. My next series of blogs is focused on lighting the dark art of the Cloud. Please check out the lessons I embed in this and upcoming blogs. This is part one.

<

Monday, September 19, 2011

The Journey begins with the First Step

The journey to cloud computing begins with our existing infrastructure and applications. Good Grief Charlie Brown, we can't just throw everything out and start over "in the cloud". We need to leverage exisiting investments, skills, and to the extent possible, processes. Mostly, when you bring up uhet subject "cloud", people immediately think of public cloud offerings. There is a reason for that . First is "Pooling". Pooling is the activity that enables us to break down the traditional physical silos of infrastructure and create capacity pools of CBU, memory, storage, and networking - all aspects of the Data-center - to maximize our use of resources. Secondly, we want the cloud to be able to enable automated scaling up and scaling down of resource capacity to workloads efficiently - VMware referes to this as "Elasticity". Third is "Automation". To be a truly dynamic, on-demand environment, then it has to be fully automated. All of theses characteristics have a significant impact on lowering costs. They also provide the foundation for an infrastructure that will support the agility that a business stakeholder wants. In fact, some Agencies are factoring the process of "agility" into their Enterprise Architecture policies. Cloud Computing provides the right architecture to enable infrastructure on-demand.

However, I must admit that I am not a big fan of the public cloud as it currently stands in its maturity. Many of these clouds do not have an "exit" strategy and once you are in, you are not able to back out. Additionally, being a risk averse individual, I am not yet willing to relinquish my authority and responsibility for the security and privacy of my company's resources and employees to a third pary where I have no visibility as to how they maintain security. That being said, does not negate our goal of leveraging exisiting investments currently in place in the datacenter. The concept of the cloud architecture can be applied to our existing datacenter and the creation of a Private Cloud

But, infrastructure is only the begining of the journey and it is not prudent to think that consolidation of the servers in the data center amounts to cloud computing... The clip below gives you and idea of what VMware's vision is as to get to the cloud...

Thursday, September 8, 2011

This way to the Cloud

Well, is the cloud the next great IT innovation? It could be or it could be a wispy apparition that dissipates on the winds of poor planning. Public Cloud, Private Cloud, Hybrid Cloud, SaaS, PaaS, or IaaS are all sophisticated buzzwords to us “mere mortals” that conjure up images of cutting edge technologies that will resolve all our Information Technology issues. However, I maintain that if we limit our thoughts about “The Cloud” strictly to technology, we are in for a disappointment. If we only complete an element of the cloud environment (e.g., server consolidation) we are only going to get a portion of the benefit of what the strategy and architecture of cloud computing can provide.

We need to begin our path to the cloud by defining the business problems that need to be solved, explicitly set goals, and translate these pain points into services that need to be delivered. During this blog discussion, I am going to suggest certain business imperatives that cloud computing addresses introduce a framework that I believe is critical to the eventual desired end state of cloud computing.



  • First of all a major promise of cloud computing is a much better approach to helping IT drive greater agility…


  • Secondly, the cloud has proven to lower costs (60% on CapEX, 30% on OpEx and up to 80% on Energy)


  • The third business imperative that is addressed is ensuring compliance and security, while also maintain business-required service levels

OK, now what are these layers critical to a successfully end state of cloud computing – There are Three…



  1. Your infrastructure and existing investments: Organizations must take existing IT processes and ensure that they can be brought into the cloud environment.

  2. The growing demand for a new brew of business applications. Ultimately, infrastructure is there simply to support applications. So it’s important for us to address this layer as well. How we approach applications can affect both costs – OPEX, and Agility.


  3. The third tier is our End User. The challenge is to enable end users with the freedom to have access anytime, from anywhere while still ensuring security, and support all of this in a cost-effective manner.

    Over the next weeks and months I will expand on this framework by discussing how the leading vendors are addressing these issues – so watch this space…

Sunday, January 2, 2011

Think Architecture, Not Just Operating System

We move into the New Year with anticipation of doing great things with our infrastructure and improve the efficiency of our operations. Unfortunately, many have a tendency to look at the latest great thing (e.g., application, Operating System, etc…) as the magic bullet. Each vendor points to how his/her product is the “killer app” that will save our infrastructure. I am not a cynic, but before we invest time and money into a product we need to step back and make sure we are implementing the correct architecture. This is especially true for SMB or government directorates/offices with their own budgetary authority. The term architecture (from the Greek word architektonike) can refer to a process, a profession, or documentation. As a process, architecture is the activity of design¬ing and constructing buildings and other physi¬cal structures primarily to provide shelter. In our context, architecture is a structured process to help ensure the stability of valuable business processes and assets. I like to think a good architecture is constructed in pyramid layer fashion, from the ground up. Every lasting architecture has been conducted in this manner – Whether structural (Egypt or Mexico) or logical (ISO layers) or a combination of both (network infrastructure/virtualization). I find it comforting to see the major players like Cisco, VMware, EMC and Symantec collaborating to provide a solution to a fragmented architecture. A good architecture allows the designer flexibility in both the vertical and horizontal plane of his design. Vertically, it will account for the foundation and services (network and user/application) layers and horizontally, it will consider the business foundation of the organization. It will consider size, location, and business policies and procedures. It should be flexible enough to accommodate the 1000 person office located on a metro campus or dispersed state wide and since one size does not fit all a good baseline architecture should also fit the small 25 person branch with teleworkers. An example baseline architecture is shown. This example is based on a Cisco model but can be applied universally. Have a Blessed and Great New Year.