Storage Informer
Storage Informer

Tag: Secure

Riverbed Announces Comprehensive WAN Optimization and Secure Web Gateway Solution Based on Microsoft Forefront Threat Management Gateway 2010

by on Jun.28, 2010, under Storage

Riverbed Announces Comprehensive WAN Optimization and Secure Web Gateway Solution Based on Microsoft Forefront Threat Management Gateway 2010

Riverbed Technology (NASDAQ: RVBD), the IT performance company, today announced an extension of its relationship with Microsoft through the delivery of a comprehensive best-of-breed secure Web gateway and WAN optimization solution for organizations with remote offices. The joint solution combines Riverbed® award-winning WAN optimization technology with Microsoft’s Forefront Threat Management Gateway (TMG) 2010 solution into a single appliance. This offering enables customers to virtualize their branch office infrastructure and deliver LAN-like application performance for branch users while protecting corporate networks from Web security threats such as malware and spam. Full Story…


Leave a Comment :, , , , , , , , , , more...

Transport Layer Security – a novel approach

by on Oct.19, 2009, under Storage

Transport Layer Security – a novel approach

Transport Layer Security (TLS) is widely used in Secure Internet communication, especially for securing Web / HTTP traffic. TLS is a replacement for the Secure Sockets Layer (SSL) protocol, which provides similar protections. TLS provides cryptographic services to application traffic payloads in the form of data authenticity and optionally data confidentiality. Each pairwise (P2P) secure session maintains independent cryptographic state for that session, which can aggregate to a large amount of state held on TLS terminators / servers, when millions of TLS connections are terminating at the same destination or domain (e.g. ecommerce / banks / eBay /etc.). Furthermore because TLS operates at the application layer, all cryptographic operations are performed on large application buffers, which require reassembly of all network packet fragments before operating on that buffer. This results in the need to provision expensive TLS aggregators at the front of each domain providing secure web communications and the solution does not scale well with increase in demand.

In this video, researchers from Intel Labs demonstrate a novel approach for providing a cryptographic scale free TLS solution, which can scale with increase demand. This is achieved by using a cryptographic key derivation technique, where using a ‘master key’ and some identifiers located in the packet, we can dynamically compute unique session keys on a per packet basis, instead of storing individual session keys for each and every session. The technique essentially trades compute for storage, thus allowing a larger number of TLS connections to be supported to a given server / domain. Furthermore, by providing the cryptographic operations on a per-network-packet basis (instead of operating on application payload buffers), it allows early validation of data integrity, allowing bad packets to be rejected without having to wait until the application buffer is reconstructed and applying the crypto operations / buffer validation at a later stage of the network pipeline.

Comments (0)


Leave a Comment :, , , , , , , , , , , , , more...

This is your SOL on Steroids

by on Oct.18, 2009, under Storage

Intel KVM: This is your SOL on Steroids

Intel AMT lets you connect to your managed computer remotely. SOL lets you connect to its COM port and control selected input/output. Nothing new there, right?
In the last IDF, Intel pulled back the curtain on a revolutionary feature: Intel KVM. KVM stands for "Keyboard, Video and Mouse", and it lets you control the, er, keyboard video and mouse of a remote station.

Out Of Band KVM is no triviality. Imagine your PC user calls you with a connectivity problem: You can ask her questions about the system… or you can use Intel KVM to control her system, seeing her screen and controlling her mouse — discovering that the network driver isn&apost installed is a breeze, and fixing it is as simple as inserting the installation disc in your own machine and executing it through IDER (previous Intel AMT features are, of course, available concomitantly).

Intel KVM will show you the entire remote desktop in any case, even in a BSoD, or with a missing hard-disk or CPU.  As much as this is exciting, this sounds scary: what if users want some privacy?
Well, all and any KVM connection starts with a secure graphic output containing a secure password, and this password is required in order to make the connection. This means that there is no Intel KVM session unless the computer user is now in front of the screen and willing to give control. The remote session is indicated to the user, and he has also full control to halt the session at once at the press of a mouse. Reviewed by an internal privacy review board, the technology is planned to be friendly to IT Managers and users alike.

This new feature will be available in some of the 2010 platforms, and is an incredibly useful addition to the other manageability (and remote desktop or KVM) solutions IT shops already have in their toolbox.
In a recent demonstration I performed for local IT Managers, the reception was overwhelming! Instead of performing this full demo on the web, I&aposll let you with this teaser.

We&aposll be soon posting on this blogs new information about this technology (with videos!). Stay tuned, it is going to be an exciting topic!


Leave a Comment :, , , , , , , , , more...

Looking for something?

Use the form below to search the site:

Still not finding what you're looking for? Drop a comment on a post or contact us so we can take care of it!

Visit our friends!

A few highly recommended friends...