Archive for March, 2014:

70-414 Implementing an Advanced Server Infrastructure

In order to adhere to the visualization requirements, what user role should you sign to the ABC1
group when you implement the delegation of the virtual environment?

A. You should consider utilizing the Activity Implementers user role profile for the ABC1 group.
B. You should consider utilizing the Problem Analyst and Self-Service User role profiles for the
ABC1 group.
C. You should consider utilizing the Administrators User Role Profile.
D. You should consider utilizing the Incident Resolvers and Administrators user role profiles for the
ABC1 group.

Answer: C

User role profiles –

In order to adhere to the visualization requirements, which of the following should be utilized when
you implement the virtual machine template which will be utilized by the Web server which hosts
the ABC Engineers applications?

A. You should consider utilizing a .bin file with the accompanying .cue file.
B. You should consider utilizing virtual hard disk (VHD) files.
C. You should consider utilizing a virtual machines and Windows PowerShell scripts.
D. You should consider utilizing .iso images and virtual machines.

Answer: B


In order to adhere to the visualization requirements, which optional Microsoft System Center 2012
features should you add when you implement Microsoft System Center 2012 Virtual Machine
Manager (VMM) to the network infrastructure?

A. You should consider adding the Microsoft System Center Orchestrator.
B. You should consider adding the Microsoft System Center App Controller.
C. You should consider adding the Microsoft System Center Data Protection Manager.
D. You should consider adding the Microsoft System Center Operations Manager.

Answer: D

Explanation: System center products –

In order to adhere to the visualization requirements, how would you update the virtualization

A. You should consider using WSUS and System Center Updates Publisher 2011.
B. You should consider using Microsoft System Center Operations Manager.
C. You should consider using Cluster-Aware Updating.
D. You should consider using Cluster-Aware Updating and Microsoft System Center App

Answer: C

Explanation: System center products –

In order to adhere to the visualization requirements and in order to allow the ABC2 group to
perform their functions, what should you consider creating?

A. You should consider creating sites and organizational units (OU).
B. You should consider creating collections and host groups.
C. You should consider creating organizational units and host groups.
D. You should consider creating a host group.

Answer: D


MCTS Training, MCITP Trainnig

Best Microsoft MCSE 2003 Certification, Microsoft 70-414 Training at

Continue Reading

70-412 Configuring Advanced Windows Server 2012 Services

You are employed as a network administrator at has an Active Directory
domain named All servers on the network have Windows Server 2012 installed. has a server, named ABC-SR07, which is configured as a DHCP server. You have
created a superscope on ABC-SR07.
Which of the following describes a reason for creating a superscope? (Choose all that apply.)

A. To support DHCP clients on a single physical network segment where multiple logical IP
networks are used.
B. To allow for the sending of network traffic to a group of endpointsdestination hosts.
C. To support remote DHCP clients located on the far side of DHCP and BOOTP relay agents.
D. To provide fault tolerance.

Answer: A,C


You are employed as a network administrator at has an Active Directory
domain named All servers, including domain controllers, on the network have
Windows Server 2012 installed. has a domain controller, named ABC-DC01, which is configured as a DNS server. You
are planning to unsign the zone.
Why should you unsign the zone?

A. To remove the zone.
B. To change the current zone type.
C. To add a new primary zone.
D. To create an Active Directory-integrated zone.

Answer: B


You are employed as a network administrator at has an Active Directory
domain named All servers on the network have Windows Server 2012 installed. has a server named ABC-SR01, which hosts the IP Address Management (IPAM)
Server feature. also has a server, named ABC-SR02, which is configured as a DHCP server.
You have been instructed to make sure that a user, named Mia Hamm, who belongs to the IPAM
Users group on ABC-SR01, has the ability to modify the DHCP scopes on ABC-SR02 by making
use of use IPAM. You want to achieve this without assigning Mia Hamm any unnecessary permissions.
Which of the following actions should you take?

A. You should consider making Mia Hamm a member of the DHCP Administrators group on ABCSR02.
B. You should consider making Mia Hamm a member of the IPAM Administrators group on ABCSR02.
C. You should consider making Mia Hamm a member of the Local Administrators group on ABCSR02.
D. You should consider making Mia Hamm a member of the Domain Administrators group.

Answer: A


MCTS Training, MCITP Trainnig

Best Microsoft MCSE Certification, Microsoft 70-412 Training at


Continue Reading

1Y0-A26: Citrix XenServer 6.0 Administration

When starting up a XenServer from SAN, the BIOS of the ___________ contains the instructions
that enable the host to find the boot disk. (Choose the correct option to complete the sentence.)

A. host machine
B. array controller
C. host bus adapter
D. network interface card

Answer: C


An administrator is setting up the XenServer hosts in an environment to boot from SAN.
In which BIOS would the administrator go to enable XenServer to boot from SAN?

A. Host
B. Array controller
C. Network interface card
D. Primary host bus adapter

Answer: D


Scenario: An administrator notices a duplex mismatch on the network interface card (NIC) which is
configured as the management interface.
The administrator realizes that the switch was set to 100 full, but XenServer auto-configured the
NIC to 100 half, autoneg=on.
How can the administrator ensure the XenServer host does NOT auto-configure the NIC in the future?

A. Change the NIC properties in the xsconsole.
B. Use the xe pif-configure-ip command to disable auto-configuration.
C. Use the xe pif-param-set command to set other-config:ethtool-autoneg=off.
D. Assign a new NIC to the management interface within the XenCenter Network tab.

Answer: C


Scenario: To improve performance and increase security, a network team will be moving all
XenServer hosts into a more secure, and high resiliency subnet. The administrator must now
change the subnet mask on all XenServer hosts to match the new network:
Which command will the administrator need to execute on each host?

A. xe pif-reconfigure-ip uuid= mode=dhcp netmask=
B. xe pif-reconfigure-ip uuid= mode=static netmask=
C. xe pif-reconfigure-ip uuid= mode=dhcp netmask=
D. xe pif-reconfigure-ip uuid= mode=static netmask=

Answer: B


Scenario: An administrator is moving a XenServer host from the New York datacenter to the
London datacenter. During the installation of XenServer, the default NTP settings were selected.
How must the administrator ensure that the XenServer host has the correct time settings?

A. Configure the time in the host BIOS.
B. Configure the time zone in the ntp.conf file.
C. Change the time zone using the xsconsole.
D. Change the NTP servers to the London NTP servers.

Answer: C


MCTS Training, MCITP Trainnig

Best Citrix CCA Certification, 1Y0-A26 Exams Training at

Continue Reading

Gates: Microsoft products ‘need more than a tune-up’

Microsoft workers say, ‘We need to take a little risk and do some new stuff,’ Gates tells Rolling Stone Microsoft’s software is due for major changes in order to transition effectively into the era of cloud computing and mobility, the company’s co-founder Bill Gates says in a Rolling Stone interview.

“Office and the other Microsoft assets that we built in the Nineties and kept tuning up have lasted a long time,” he says. “Now, they need more than a tune-up. But that’s pretty exciting for the people inside who say, ‘We need to take a little risk and do some new stuff.’”
Microsoft would have been willing to buy [WhatsApp] too.
— Bill Gates

+[Also on Network World: Snowden advocates at SXSW for improved data security | Satya Nadella and Bill Gates’s apron strings | Facebook buying WhatsApp for $16 billion +

He says Facebook’s founder Mark Zuckerberg took such a risk in buying WhatsApp for $19 billion and that he thinks it was a sound move. “I think his aggressiveness is wise – although the price is higher than I would have expected,” Gates says.

Microsoft was interested in WhatsApp, he says, not just for its technology but for its user list. “It’s software; it can morph into a broad set of things – once you’re set up communicating with somebody, you’re not just going to do text. You’re going to do photos, you’re going to share documents, you’re going to play games together,” he says. “Microsoft would have been willing to buy it, too. . . . I don’t know for $19 billion, but the company’s extremely valuable.”

He says Microsoft rival Google is in a similar situation where it has enough cash to pursue many varied technologies at once. “And when you have a lot of money, it allows you to go down a lot of dead ends. We had that luxury at Microsoft in the Nineties,” he says. “You can pursue things that are way out there. We did massive interactive TV stuff, we did digital-wallet stuff. A lot of it was ahead of its time, but we could afford it.”

He says that despite other factors, innovation is healthy in high tech. “Innovation in California is at its absolute peak right now,” Gates says. “Sure, half of the companies are silly, and you know two-thirds of them are going to go bankrupt, but the dozen or so ideas that emerge out of that are going to be really important.”

Gates says that in light of revelations about NSA surveillance of U.S. phone records brought to light by Edward Snowden, use of surveillance should be better regulated. “There’s always been a lot of information about your activities. Every phone number you dial, every credit-card charge you make. It’s long since passed that a typical person doesn’t leave footprints. But we need explicit rules,” he says. “I actually wish we were having more intense debates about these things.”

As for Snowden himself, Gates thinks that if he wanted to spark discussions about privacy, the former NSA contractor went about it the wrong way. “If he wanted to raise the issues and stay in the country and engage in civil disobedience or something of that kind, or if he had been careful in terms of what he had released, then it would fit more of the model of ‘OK, I’m really trying to improve things,’” he says. “You won’t find much admiration from me.”

He says defining when surveillance is appropriate needs to be better defined. “Should surveillance be usable for petty crimes like jaywalking or minor drug possession? Or is there a higher threshold for certain information? Those aren’t easy questions,” he says.

“Should the rules be different for U.S. citizens versus non-U.S. citizens? There is the question of terrorist interdiction versus law-enforcement situations. If you think the state is overzealous in any of its activities, even if you agree with its sort of anti-large-scale-terrorism efforts, you might say, ‘Well, I think the abuse will outweigh the benefits. I’ll just take the risk.’ But the people who say that sometimes having this information is valuable – they’re not being very articulate right now.”

MCTS Training, MCITP Trainnig

Best Microsoft MCTS Certification, Microsoft MCITP Training at



Continue Reading

Stanford team tries for zippier Wi-Fi in crowded buildings

Residents of a dorm can name their own networks and set policies while sharing access points

Having lots of Wi-Fi networks packed into a condominium or apartment building can hurt everyone’s wireless performance, but Stanford University researchers say they’ve found a way to turn crowding into an advantage.

In a dorm on the Stanford campus, they’re building a single, dense Wi-Fi infrastructure that each resident can use and manage like their own private network. That means the shared system, called BeHop, can be centrally managed for maximum performance and efficiency while users still assign their own SSIDs (service set identifiers), passwords and other settings, according to Yiannis Yiakoumis, a Stanford doctoral student who presented a paper at the Open Networking Summit this week.

+ Also on NetworkWorld: 10 Terrific Techie TED Talks +

There are Wi-Fi networks today, such as systems from Ruckus Wireless, that can be deployed across multi-unit buildings with some private control by individual residents. But the Stanford project is making this happen with inexpensive, consumer-grade access points and SDN (software-defined networking), on the foundation of open-source software.

In multi-unit housing, each household typically installs its own Wi-Fi network with a wired broadband link out to the Internet. Each of those networks may be powerful enough to give good performance under optimal circumstances within the owner’s unit, but it may suffer from interference with all the other privately run networks next door.

Borrowing techniques from enterprise Wi-Fi, Yiakoumis and his colleagues built a shared network of APs (access points), in this case home units provided by NetGear. They modified the firmware of those APs, and using SDN, they virtualized the private aspects of the network experience.

In the Stanford researcher’s model, residents can name and secure their own virtual networks as if they had bought and plugged in a router in their own rooms. They can also assign policies such as parental controls and prioritize their favorite applications for access to bandwidth. Then, wherever they go in the building, they can log into that same virtual network, Yiakoumis said.

Meanwhile, the underlying tasks of assigning client devices to particular channels and access points are centrally controlled to make the best use of the infrastructure. Where separately owned and managed APs may make poor use of the unlicensed frequencies available in the building, the centrally controlled network can use its universal view to arrange the resources most efficiently.

SDN places control of networks in overarching software rather than in the specialized network components that forward packets. BeHop uses software components including the OpenWRT Linux distribution for Wi-Fi routers and the Open VSwitch virtual switch, which is included in the Linux kernel. While most of the software used in the project is open source, the team has developed some code it hasn’t had time to release as open source, Yiakoumis said. It plans to do so later.

BeHop also differs from enterprise wireless LANs, and from residential systems based on enterprise-class APs such as Ruckus’, with its consumer-grade access points. The Stanford team used the approach of blanketing the dorm with inexpensive APs and skipping the typically expensive and time-consuming task of conducting a site survey for optimal placement. They don’t yet have performance numbers for the network, but they expect to produce those in the coming months.

Ruckus says its enterprise-class APs, which cost anywhere from US$500 to $1,000 each, are built to use spectrum better than consumer-grade units priced at $200 and below. The Ruckus APs point their signals at a user’s device rather than blasting transmissions across a wide area, which helps no matter how the network is managed, said David Callisch, vice president of corporate marketing.

Wi-Fi routers that consumers buy for their own units don’t clash with each other very often, because they usually don’t transmit on the same channel at the exact same time, said Farpoint Research analyst Craig Mathias. As more devices come out with radios for both the crowded 2.4GHz band and the more spacious 5GHz band, they’ll have even more channels to choose from. But demands on all Wi-Fi frequencies will continue to grow, he said.

“It hasn’t been as big a problem as people are making it out to be,” Mathias said. “Over time, though, it will become more of a problem.”

Enterprise Wi-Fi systems have sophisticated mechanisms for dividing up spectrum to provide the most possible capacity, but consumer-grade routers have very little. At most, a router that’s set to automatically pick a channel will check to see which one’s already busy, but it may not do that quickly or often enough, Mathias said.

“If everybody uses their own router, you don’t have a prayer” of getting optimal spectrum use, Mathias said. That said, when performance lags, it’s usually because the shared wired connection to the Internet is too narrow, he said. Farpoint recommends multi-unit dwellings use centrally deployed and managed Wi-Fi with enterprise-class access points.

The technology being developed at Stanford could be offered by access-point vendors, a managed service provider, a building owner, or an Internet service provider, Yiakoumis said. He and his colleagues are leaving the business model to others. It would work best if the residents shared the same broadband service, he said. Because Wi-Fi uses unlicensed spectrum, other residents might set up their own Wi-Fi routers anyway. But the more who participated, the better the network’s overall performance, he said.

“We’re just trying to improve things as much as we can,” he said.


MCTS Training, MCITP Trainnig

Best Microsoft MCTS Certification, Microsoft MCITP Training at

Continue Reading

A wish list for Windows 9

Whether it comes in October or next year, there are some features I’d really like to see added.

I have to give Reddit some credit for becoming the place where people make amazing admissions. The Ask Me Anything (AMA) threads are always interesting, fascinating and sometimes shocking.

A few weeks back, a Windows interface designer did an AMA with some shocking admissions that will either cost him his job or were approved at the top levels of the company. What he said was the despised Windows 8 interface was made with casual data consumers in mind.

The designer went on to discuss the thinking, and it all made sense, but at the same time it doesn’t matter. What it told me was Microsoft catered to the lowest common denominator in terms of users and ignored the vast majority of users who knew how to navigate the desktop.

There’s an old joke I used to tell to Apple users (before they started getting violent): If you build a machine even an idiot can use, only an idiot will use it.

Throughout the testing of Windows 8, Microsoft ignored the criticisms. It may have even shut down a former employee who ran a harshly critical website about the Windows 8 UI. Honestly, we don’t know what happened there, but the sudden disappearance of the ex-Microsoftie Windows 8 critic sure looked fishy.

But that was also reflective of the obstinate style of Steven Sinofsky, who has by now welcomed Steve Ballmer to the Microsoft Retirement Home. He wasn’t known for being a good listener, but he did have a knack for changing products radically, and not always for the better. Don’t forget, he gave us the Office Ribbon.

So I really hope Terry Myerson, the head of the Operating Systems Engineering Group, is more receptive to input. I go through this ritual with every Windows release. I never get what I want, but it’s always fun to vent.

1) Voice command. Forget this touch nonsense, I want J.A.R.V.I.S. I don’t want to smear my monitors with my fingerprints, I want to say to the microphone “Create a new Word doc and save it in the March 2014 Network World directory.” Or “Find the email from [insert editor I work for here] on my [generic] feature.” Or ask “Has WTFComics been updated since I last visited?” and have it check the website to see if it has indeed updated.

You get the idea. Dragon is nice for dictating but I don’t like to dictate my work. What I want is contextual command of the PC to replace a whole lot of mouse clicks and searching. To me, that is more important. It doesn’t have to have Paul Bettany’s voice. Scarlet Johansson’s will do.

2) Bluetooth smartphone integration. When I get into my 2012 Toyota Camry, the in-dash system immediately syncs with my iPhone. From the steering wheel I can make calls, take calls, and flip through the contacts list. When a call comes in, the radio goes off and I see the name or phone number of the caller on the screen.

Why can’t a PC do that? A Bluetooth adapter and some software should do it all. I should be able to send and receive calls on my PC without ever picking up the phone; all I need is the keyboard and mouse (or voice commands) along with the Webcam microphone and computer speakers.

3) SSD install. Many people have a similar setup as me – a solid-state drive (SSDs) as the C: drive, with 1TB and larger drives in the D: spot. SSDs are great, but the capacity doesn’t rise like HDD. If you double the capacity of an SSD, you double the price.

So many people have 150GB C: drives and struggle with capacity, or install it on the D: drive. Windows should recognize that the C: drive is a small SSD and there is a very large HDD down the chain. The system should ask users if they want to put their data and applications on the big D: drive. That way, they could keep the SSD running just Windows and put everything else on the hard drive, which is more reliable and easily backed up.

4) Desktop virtualization. The XP compatibility mode in Windows 7 was a nice try, but it didn’t work very well. Hyper-V should be a part of the desktop OS and allow older apps to run in containers, similar to how it’s done now on the server side. People stalled on their Windows 7 deployments for compatibility reasons, but if they knew they could run Windows 7 (or 9) and their XP apps would run in a secure sandbox, there would not have been the hesitation.

5) Better driver management as a part of Windows Update. I’ll grant you this won’t be vital for long. Hardware changes so fast that driver and BIOS updates tend to trickle off after six months to a year. And Microsoft does this now, to a degree. But I still have to go to Gigabyte for the majority of my driver updates. Let’s put it all in one place.

6) Make rollback work. I’ve messed up my installs plenty of times, but the rollback feature in Windows has never worked. Ever. Either get this thing working or just take it out and leave it to the third-party aftermarket.

7) Full Windows Phone integration. Seriously, you want to make your phone a success? It should have seamless email, contact, and calendar sharing between the phone and PC.

Fingers crossed.

MCTS Training, MCITP Trainnig

Best Microsoft MCTS Certification, Microsoft MCITP Training at



Posted in: TECH

Continue Reading

Even Apple and Google can’t protect users from inherent mobile app risks

To paraphrase a phrase, there is no such thing as a free app.

Yes, there are hundreds of thousands out there that won’t cost you a cent to download. But they still extract a price. The price, at a minimum, is information about you. As more than one expert has said, “You are the payment.” And that payment is not risk-free.

The large majority of mobile apps, even those vetted through Apple’s App Store or Google’s Play Store, are (with apologies to Rogers and Hammerstein) “getting to know you, getting to know all about you,” in exchange for helping you tune your instrument, see your way in the dark, find a new restaurant and any number of other services.

Except the goal of that knowledge is commercial, not romantic. The developers of those apps are selling information about you to analysts and marketers information that, knowingly or not, you are volunteering to give them.

That, in the view of many mobile users, is not necessarily risky if all it means is getting some targeted ads for things that already interest them. And there are apps available that are even designed to protect your privacy among them Telegram, Wickr and Confide for text messages and Snapchat for photos that delete what you sent in seconds or minutes.

But users may not be aware of how much more interested purveyors of malware are in them than they were even a couple of years ago.

The Mobile Security Threat Report from Sophos, released at this week’s Mobile World Congress, reports that while the first mobile malware appeared 10 years ago, it has exploded in the past two years, responding to mobile subscriptions now totaling about 7 billion and app downloads of about 110 billion just from Apple’s App Store and Google’s Play Store.

The company, which has tracked Android malware samples since 2004, reported that they remained relatively negligible until 2012, and since then have grown to more than 650,000.

And even with apps free of malware, users may not know how deep the collection goes, and how their information (about friends and business associates, their identity and their financial transactions) can fall into the wrong hands.

Domingo Guerra, cofounder and president of mobile app risk management vendor Appthority, contends that this is a greater risk than malware right now. While he agrees that malware is “growing exponentially,” he said it remains, “a sliver of the app ecosystem. Having analyzed over 2.3 million apps for our customers, we have found that less than 0.4% of apps have malware, while 79% had other kinds of enterprise risk.

In its Winter 2014 App Reputation Report, Appthority analyzed 400 apps the top 100 free and top 100 paid for each of the two most most popular mobile platforms, iOS and Android ndash; and reported multiple “risky” behaviors, most involving the privacy of users.

Of the free apps analyzed from both platforms, 70% allow location tracking, 56% identify the user’s ID (UDID), 31% access users’ contact list or address book, 69% use single sign-on, 53% share data with ad networks and analytics and 51% offer in-app purchasing.

That last item in-app purchasing can be especially risky, and expensive. Guerra said a growing trend is for apps to, “leverage in-app purchasing to monetize. For example, Candy Crush Saga, one of the most popular free apps, is also one of the top-grossing apps.”

Guerra said Apple recently settled a case with the Federal Trade Commission about in-app purchases specifically for children’s apps. “Parents thought they were authorizing one in-app-purchase transaction, but instead authorized any transaction during a 30-minute window,” he said.

“This resulted in many ‘unauthorized’ charges, as kids used in-app-purchases to buy additional content, features, virtual goods etc. And in-app-purchases can be as high as $99 per transaction.”

That does not mean paid apps are not invasive. “While 95% of free apps exhibited at least one risky behavior, so did 80% of the top paid apps,” Appthority reported. “Developers of paid and free apps are seeking new methods of generating revenue and unfortunately, it comes at the cost of the user’s privacy.”

Security vendor McAfee reported similar findings recently. In a recent post on the McAfee Blog, Lianne Caetano wrote that company researchers, “found that privacy-invading apps are more common than ever before, and beyond violating your digital space, some even contain malware and other suspicious characteristics.”

According to the report, 82% of the apps read the UDID; 64% know the wireless carrier; 59% track the last known location; 55% continuously track location; 26% read the apps used; 26% know the SIM card number; and 36% know the user’s account information.

While some tracking is inevitable, given that users expect certain apps to guide them to specific locations, “the real question is: What are these apps doing with all of the information that they collect? … some of these apps may be oversharing that information with third parties or using it to inform more nefarious groups,” Caetano wrote.

And some of the promises made about privacy may not be rigorously enforced. Among Apple’s latest rules for developers is that they should not request a UDID as a method of user tracking.

“However, 26% of top iOS apps still make requests for UDID, and on any device that is running an older OS than iOS7, the apps are still able to get the UDID directly from the device,” said Guerra.

Beyond the privacy risks, Guerra said many apps, “are communicating without encryption, so intercepting this data in motion is also easy.” A hacker doesn’t need to hack a device to get this data; they could simply sniff the network.

In spite of such multiple warnings about both privacy invasion and malware from mobile apps, there is so far no perceptible consumer backlash about the risks of mobile apps. That may be in large measure because, as Scott Matsumoto, principal consultant at Cigital, puts it, “there is no backlash because people don’t know it’s happening.”

But Matsumoto also said data collection on users is not a black-and-white issue. Some free apps, like those from a bank, collect information so they know users’ typical habits and can tell more easily if someone is trying to impersonate them.

Dan Dearing, vice president of marketing at MobileSpaces, agreed. “The problem is complicated,” he said. “You might want apps to see your contacts, to make your life easier, but not upload them to their server. But then the policy choices that a user needs to make get too complicated.”

There are things consumers and enterprises do to improve their privacy. Among the most basic are to buy apps only from reliable sources that have been vetted by companies like Google and Apple, and to take the time to limit the amount of tracking an app can do, through privacy and/or preference settings.

“Apps are generally collecting more information than they need,” Guerra said. “Why does a flashlight app need my location, calendar, and address book? The issue this creates is that these databases are not always built securely and can become targets for criminals or governments recall NSA’s comments about using Angry Birds data to track user data.”

Strong passwords and strong encryption also help, especially with handheld devices that can be lost or stolen.

Bogdan “Bob” Botezatu, senior e-threat analyst at Bitdefender, said encryption is crucial, since, “mobile phones and tablets spend the bulk of their time on unsecure, untrusted networks.”

Botezatu also said users should, “limit themselves to installing the applications they need, most of which come from trustworthy publishers. The smaller the number of applications installed, the smaller the attack surface.”

MCTS Training, MCITP Trainnig

Best Microsoft MCTS Certification, Microsoft MCITP Training at



Continue Reading

Everything You Know About Enterprise Security Is Wrong

Whether you’re talking about your network, your company’s building or your home, a perimeter approach to security is no longer adequate. As McAfee discussed at this week’s RSA Conference, you can’t provide physical or electronic security simply by trying to prevent authorized access — you have to rethink all types to security to protect data and lives.

The obsolescence of enterprise security was at the core of McAfee’s talk this week at the RSA Conference in San Francisco. The Target breach clearly showcased that you simply can’t secure a company by trying to prevent unauthorized access, malware or any other internal or external security breach.

You have to step back and recognize that someone is going to break in and you must therefore focus on catching them before they can do any damage. This is a very different approach to security, and the lessons apply to both home and business and both electronic and physical security approaches. As an older woman who lives near me discovered this week when armed men pushed into her house and stole her safe, a perimeter approach to security is no longer adequate.

McAfee’s presentation was so compelling it actually held my wife’s interest because she could see how the lessons learned could be applied more broadly to personal defense.

McAfee argued it is in a war-like arms race, and its lead offering, which I spoke about last week (Threat Intelligence Exchange), is only the start of the first battle.

McAfee Agrees With Blackberry
One of the things I found fascinating about the talk by Mike Fay, McAfee’s CTO, was how closely it aligned with what Blackberry has been saying about mobile devices for some time. You can’t layer on security anymore. If you want security you have to design it in from the ground up.

If you layer it on, an attacker will just figure out a way to go under the security layer and render it useless. If you think of this in terms of the human body, security is kind of like what you do when someone has a severe immune deficiency. You put them in a bubble and hope nothing penetrates it. The reason we all don’t live in bubbles is that our immune system is an integral part of our makeup.

We survive because our bodies have defenses built into them. These anti-bodies can fight a virus or illness that gets inside and can learn over time and immunize us for things that may not have even existed when we were born.

McAfee and Blackberry are on the same page and believe the only way to really get ahead of the security problem is to aggressively design systems that can successfully defend themselves, which is where McAfee is going as it starts working with Intel to make the processors part of the security solution and where Blackberry has been working to assure everything from its phones to its services are designed with security as a key element.

Applying Theory to Physical Security
Think of our homes, businesses, schools and government agencies. These structures are largely designed to make it hard for people to get in, but once people get inside the perimeter, defenses are pathetic. The mass killings on school campuses, that poor woman I mentioned above and even the Edward Snowden breach all showcased that perimeter security is not only inadequate for electronic defenses, it is inadequate for physical ones as well.

Schools and businesses should have trackers that identify people who don’t belong or don’t belong where they have gone. They should have microphones that pick the sounds of gunfire or a person screaming for help and automatically trigger a response much like a fire alarm does if it senses smoke or fire. As with electronic security, people need to become part of the solution rather than part of the problem. We need to report suspicious activity and know what to do if we find ourselves in the middle of a crime.

You can’t simply rely on the police or electronic security anymore. We have to step up and empower people to help protect themselves and others around them.

And this isn’t just for company campuses, as the attacks on Google and Apple employees here in California showcased (even Google customers have been attacked here), we need to think about what might happen should our employees be put at risk going to or from work. The world has changed. It is more hostile, and we need to change how we electronically and physically protect those things dear to us or accept becoming an ugly part of a bad statistic.

It’s Time to Rethink Security
I think it is well past time we rethought both the physical and electronic methods we use to protect our firms and homes. McAfee/Intel’s approach electronically makes a ton of sense to me, but it doesn’t address physical security. The concept of an Arcology does, but even that may not go far enough and there are a number of efforts underway to rebuild our society into safer harbors using that concept.

What I’m suggesting, though, is that you take a moment and think about physical security and how well you are protected against a disgruntled armed attacker inside your firm or your home and what you and your people should do if that kind of attack happens on your watch. We tend to think in terms of physical or electronic protection, but we need to be thinking and instead.

MCTS Training, MCITP Trainnig

Best Microsoft MCTS Certification, Microsoft MCITP Training at


Continue Reading

Follow Us

Bookmark and Share

Popular Posts