Slashdot directed me to this short essay by Robert Hansen (CEO of SecTheory) on the threat of what he refers to as "snakeoil" security:
http://threatpost.com/en_us/blogs/effect-snake-oil-security-090710
While the write-up is decent, I was left with one question: What do we do about it? He does mention that security firms need to work together, to help each other out; but that defies any commercial firm's tendency to make money, especially at a competitor's disadvantage.
I'm definitely a strong proponent of the open source software movement (FOSS) and perhaps, in some way, Hansen was suggesting a similar movement in the IT security world; I think that FOSS's benefits greatly outweigh any of its negatives. However, businesses are formed to make money because money is the medium for goods and services that people need and want. For security firms to cooperate at any significant level, there has to be a significant carrot. One that mutually benefits those corporations that share information and resources. And that has to compete with a company's desire to differentiate itself from its competition and turn a profit.
I certainly don't have the answer to that dilemma, but it's an interesting thought exercise.
September 8, 2010
August 26, 2010
I Shot the Server, But I Did not Shoot the UPS...
I came across this Story on Slashdot:
http://www.sltrib.com/sltrib/home/50159264-76/campbell-computer-police-server.html.csp
It's a little funny and scary at the same time, but an employee shot up his employer's expensive server with a .45!
http://www.sltrib.com/sltrib/home/50159264-76/campbell-computer-police-server.html.csp
It's a little funny and scary at the same time, but an employee shot up his employer's expensive server with a .45!
August 21, 2010
Web Load Balancing: IIS+ARR Revisited
In a previous post (IIS with ARR: Initial Impression) I mentioned I was evaluating IIS + ARR (Application Request Routing) to determine if it was a contender for a web load balancing project I was working on. For a time, it _was_ a contender. However, I didn't select it as the final solution. In three words: Network Load Balancing.
Network Load Balancing (NLB) is an unfortunately named feature available in Windows Server that is used to create a simple server "cluster". I say that it is an unfortunate name because it does not accurately reflect the purpose of the feature. In my experiments, I found it to be a simple heartbeat service between defined cluster members that was very chatty over the link layer (Ethernet) and not very responsive (even after configuration tweaks) to failed hosts in the cluster.
So what does NLB have to do with ARR? Well, ARR was designed to set up routing at the application layer (i.e. HTTP). If a backend host is down, ARR happily sends packets along. NLB is required to sense a failed backend using the simple heartbeat mechanism. It appeared to be very clumsy and an incomplete solution.
So, what now? How does one implement a web load balancing solution without purchasing an expensive appliance? You deploy an nginx + haproxy + keepalived combination.
And that, ladies and gentlemen is a topic for another post.
Network Load Balancing (NLB) is an unfortunately named feature available in Windows Server that is used to create a simple server "cluster". I say that it is an unfortunate name because it does not accurately reflect the purpose of the feature. In my experiments, I found it to be a simple heartbeat service between defined cluster members that was very chatty over the link layer (Ethernet) and not very responsive (even after configuration tweaks) to failed hosts in the cluster.
So what does NLB have to do with ARR? Well, ARR was designed to set up routing at the application layer (i.e. HTTP). If a backend host is down, ARR happily sends packets along. NLB is required to sense a failed backend using the simple heartbeat mechanism. It appeared to be very clumsy and an incomplete solution.
So, what now? How does one implement a web load balancing solution without purchasing an expensive appliance? You deploy an nginx + haproxy + keepalived combination.
And that, ladies and gentlemen is a topic for another post.
New Blog Template
I've updated the template for this blog from one of the older templates to a newer, crisper version. I'll try this on for a few days to see how well it looks and flows.
Subscribe to:
Posts (Atom)