Data Security for Hadoop – Add-on Choices Proliferating

In my post about the BYOH market last October, I noted that increasing numbers of existing players are connecting their offerings to Apache Hadoop, even as upstarts enter their markets with a singular focus. And last month, I pointed out that Nick Heudecker and I detected a surprising lack of concern about security in a recent Hadoop webinar. Clearly, these two topics have an important intersection – both Hadoop specialists (including distribution vendors) and existing security vendors will need to expand their efforts to drive awareness if they are to capture an opportunity that is clearly going begging today. Security for big data will be a key issue in 2014 and beyond.



AAA is Not Enough Security in the Big Data Era

Talk to security folks, especially network ones, and AAA will likely come up. It stands for authentication, authorization and accounting (sometimes audit). There are even protocols such as Radius (Remote Authentication Dial In User Service, much evolved from its first uses) and Diameter, its significantly expanded (and punnily named) newer cousin, implemented in commercial and open source versions, included in hardware for networks and storage. AAA is and will remain a key foundation of security in the big data era, but as a longtime information management person, I believe it’s time to acknowledge that it’s not enough, and we need a new A – anonymization.


And Then There Were Three: POWER, x86 and z

by Joe Clabby, President, Clabby Analytics. Updated from a November 2009 publication

There is a major shakeout underway in the midrange/high-end server marketplace as sales of Sun SPARC/CMT (cellular multi-threading) and Hewlett-Packard (HP) Itanium-based servers decline significantly — and as new, more powerful versions of Intel’s Xeon and IBM’s POWER micro-architectures come to market. Read more of this post

IBM Touts Software’s Role in Infrastructure Security, Efficiency

In April, IBM used two events to roll out important software elements of its Dynamic Infrastructure strategy. On the 20th, IBM chose the RSA Conference in San Francisco, the world’s largest security event, to highlight its progress with integrating products from existing brand families like Tivoli and Rational – with special focus on the Internet Security Systems (ISS) line and its X-Force R&D team, a preemptively focused organization whose work underpins much of the security innovation taking place.

A week later, IBM hosted a summit for hundreds of executives and a few industry analysts to roll out a series of products and initiatives, principally from the hardware side of the firm, but again featuring software from several company brands and IBM Research efforts. Common to both events was the increasing focus on end-to-end, suite-based deliverables with substantial services offerings from IBM’s own Global Business Services team as well as training, certification and support efforts for partners. IBM’s aggressive acquisition strategy was also much in evidence, as the integration, extension and rebranding of acquired products from 2007 and 2008 was showcased frequently. Read more of this post

Multi-Tenant DWs: Sybase IQ Defends its Analytic DBMS Turf

Sometimes Sybase IQ seems like the Rodney Dangerfield of analytic DBMSs (ADBMS) – no respect. The pioneering column-based DBMS first shipped in 1995, shipped release 15 at the end of Q1, and has 1650 customers. But all the noise seems to be about more recent entrants these days, and Sybase is stepping up to change that. The market is moving into their sweet spot, Sybase believes, as Web 2.0 applications routinely bypass the traditional RDBMS technology leaders in favor of specialized alternative approaches. [disclosure: 15 years ago, I was involved in the launch of IQ.]

Read more of this post

MAC Address Filter: A Simple Step To Secure Home Networking

I’m a software guy. Not a hardware guy, or a network guy. Not since early NetWare days, when men were men and installed cards in PCs with our teeth to connect big fat cables. So when I got my first home cable modem, I didn’t think a lot about security. And when I connected it to a wireless router so I could sit in my easy chair with a laptop, I still didn’t. Wireless printer? Ditto.

But there does come a time, and one day I woke up and realized it past time to secure my home network. So I talked to a few friends (notably George Orlov, Forrester CTO and a generous spirit who helps his friends) and got some great advice. I learned a simple but quite effective home network security approach. It comes down to this: tell your router which hardware to talk to, and not to talk to any other.

Every machine (including my wireless printer) has an unique MAC (media access control) address. It’s 6 hexadecimal pairs. Yes, it’s possible to spoof it, but then you’re dealing with serious hackers, not casual ones. In fact, many of the things I’ll say here are true “in general,” but there are exceptions. Fair enough. I’m not going that far just yet. You can tell your router to filter on MAC addresses, and it will only talk to the ones on your list. So, the steps:

  1. Get a list of the MAC addresses involved (anything on your network.) If they are all turned on, as mine were, just do an ipconfig /all from a command prompt and you can read them in the resulting info.
  2. Log onto your router. If you’re like most people you’ll have to look up how – basically, put its address into a browser. You need to be the admin and enter a password.
  3. Set the router to “filter on MAC addresses.” You’ll have to look around to find that function in your router’s menu system. (VERY IMPORTANT – first give it the address of the machine you’re using. Or you can cut yourself off.) Enter all the addresses. And you’re done.
  4. Do yourself a favor – you likely realized you have never set the admin password on your router. Do it now. Now even slightly less casual hackers will have a harder time getting on to your router and wreaking havoc.

I’m a bit more secure now, and I’ve reminded myself how all that stuff works. If I need to let someone else on my network I’ll have to log on to the router and arrange permission. But that’s not so bad, and it will remind me how it works yet again. If an old dog like me can do it, so can you. Get secure.

One more thing – don’t call me. I’m no specialist. It worked for me, but I can’t claim I could troubleshoot for someone else. I’m a software guy.