Tuesday, August 26, 2008

Nominum Defends Against DNS Cache Poisoning

Nominum has released a security update to its Vantio caching DNS server platform, adding multi-layer intelligent defenses that defeat DNS cache poisoning and other attacks, including the recently publicized Kaminsky vulnerability. Vantio, which is an alternative to open-source DNS, enables broadband providers to deliver new services by leveraging DNS as a key control point in the network . Nominum's many ISP and carrier customers support an estimated 120 million broadband subscribers.


Key benefits of new Vantio DNS security features include:

  • Resists and stops all forms of cache poisoning attacks

  • Defends automatically against query response spoofing and takes attackers out of loop

  • Prevents hijacking of subscriber traffic, or "pharming" attacks

  • Identifies perpetrators and records attack attempts

  • Provides protection in Enterprise and Service Provider networks that use network address translation (NAT), which can undermine UDP SPR (NAT devices include server load balancers and firewalls)

  • Reduces the chance of poisoning answers for valuable domains (www.mybank.com) to zero.


In the recent cache poisoning threat, Nominum said its customers were instrumental in implementing and deploying UDP SPR. However, UDP source port randomization is only a first-step response to the new vulnerability, and network operators need additional deterministic defenses to address important exploits.


"Literally one day after details of the Kaminsky cache poisoning attack were revealed, UDP Source Port Randomization was defeated in 10 hours by security researchers using brute-force spoofed responses," said Dr. Paul Mockapetris, Chairman and Chief Scientist at Nominum and inventor of the DNS. "Nominum's multi-layered approach eliminates the risk of a successful attack."


Vantio features the following four security layers with key security features highlighted:

  • Deterrence Layer: Includes Nominum's UDP Source Port Randomization implementation, the recommended industry response to the Kaminsky threat


  • Defense Layer: Incorporates Nominum's "Detect and Defend" capability to detect spoofing attempts and automatically switch the resolution to a secure connection in response to an attack attempt.


  • Resistance Layer: Employs Query Response Screening with a set of features that intelligently screen DNS answers to ensure malicious data in DNS responses is not used to answer valid user queries.


  • Remediation Layer: Sends alerts when an attack is under way and incorporates a new feature that records the attack, allowing the attacker to be identified, and real-time remedial action to be taken by the network operator.

http://www.nominum.com

SanDisk Boosts SD Card Speed by 50% to 30 Megabytes per Sec

SanDisk announced a new speed record of 30 megabytes per second for SD flash memory cards. This represents a 50-percent speed boost from previous 20MB/s cards.


The SanDisk Extreme III 30MB/s Edition line of SDHC Cards will be available in September in 4GB, 8GB and 16GB capacities.


The new Nikon D90 DSLR camera, which is the first to support the memory cards, is able to record 39 images in continuous shooting mode at 4.5 frames per second with a file size of 6.0 MB JPEG L Fine per image. The Nikon D90 camera captures 12.3 megapixel still images and also features movie recording capability.http://www.sandisk.com

BT Enhances Security Monitoring Service Against Botnets

BT has enhanced its managed security service to further defend enterprise networks against the growing threat of malicious botnet attacks.


Botnets are a significant security risk to businesses because they are primarily used to execute criminal activity. Since most bots communicate only infrequently with their command and control hosts, the chances of detecting infected machines prior to a critical event, without significant technology and infrastructure investment, are slim. However, since bots do communicate and these communications generate firewall traffic, BT's Managed Security Solutions Group has created the ability to detect bots by monitoring and analyzing firewall traffic.


The new proprietary Botnet Detection Module, which is part of BT's Event Monitoring and Correlation Service, can identify which hosts within a customer's network are under the control of botnets and then assist the customer with quarantine and remediation efforts to restore the network's integrity. Firewall traffic is collected and analyzed at the BT Security Operations Centers for patterns of activity that bear the hallmarks of bot communications. BT said its customers also benefit from proprietary technology to correlate across multiple security technologies and its diverse customer base, significantly improving the accuracy of these alerts.http://www.bt.com

Tektronix Extends IMS and TISPAN Core Network

Tektronix Communications released its Spectra2 6.3 Core Network Test Solution software for testing for IMS and TISPAN networks.


Tektronix said its enhanced Spectra2 6.3 software release introduces policy management testing for IMS and TISPAN networks, complementing a mature DIAMETER solution with support for the Gq/Gq' and Rq Interfaces. Spectra2 6.3 offers powerful element simulation capabilities of the next generation Policy Decision elements such as the PDF, SPDF, CSCF and A-RACF and further complements its capability to test IMS Core, VoIP, and PSTN networks.


The Spectra2 6.3 release also implements load testing support for the TISPAN (Megaco V3) la interface. Users are provided with the ability to test and monitor enforcement of local policies at border elements to control bandwidth and session based media traffic. The Spectra2 6.3 release introduces support for Enhanced Variable Rate Codec (EVRC) based media streams, an extension of the Spectra2 media solution set which includes functional and load testing coupled with Quality of Service reporting. This user-friendly feature provides comprehensive call control and media capabilities in a single system.

http://www.tek.com

China Mobile Reaches 415 Million Mobile Users

China Mobile is now serving over 415 million subscribers, up by nearly 25% or 45 million users, over the past 12 months. The net increase of new subscribers per month topped 7.5 million.


For the six months ended 30 June 2008, the Group's total voice usage volume reached 1,160.47 billion minutes and the average minutes of usage (MOU) was 496 minutes. Average revenue per user per month (ARPU) was RMB 84. This compares to ARPU of RMB 88 a year earlier.


China Mobile said the combination of economic growth in China, rising consumer purchasing power, the continuous development of the rural economy and the acceleration of the information society throughout the country is driving a tremendous demand for telecommunications and information services.


Some other key operating trends:

  • Nearly half of subscriber growth in 1H08 came from rural markets


  • Color Ring revenue reached RMB 6.275 billion, up 25% over last year.


  • WAP revenue reached RMB 5.92 billion, up 19.3% over last year.


  • MMS revenue reached RMB 1.365 billion, up 91% over last year.


  • For the six months ended 30 June 2008, China Mobile's operating revenue continued to grow, reaching RMB196,460 million, representing an increase of 17.9 per cent. over the same period of last year.


  • Profit attributable to shareholders reached RMB54,849 million -- an increase of 44.7 per cent over the same period of last year due partly to change in PRC enterprise income tax rate.


  • Margin of profit attributable to shareholders reached 27.9 per cent.. EBITDA reached RMB104,361 million, representing an increase of 16.2 per cent. over the same period of last year while basic earnings per share reached RMB2.74, an increase of 44.2 per cent. over the same period of last year.
http://www.chinamobileltd.com

Nokia Siemens Networks Wins Major 3G Integration Project in UK

Mobile Broadband Network Ltd. (MBNL), the network collaboration joint-venture between T-Mobile UK and 3 UK, has selected Nokia Siemens Networks as technology partner for 3G network integration. The companies anticipate creating the UK's most extensive 3G network providing near complete population coverage by the end of 2009. Financial terms were not disclosed.


Nokia Siemens Networks has been selected as the 3G radio network infrastructure supplier for the consolidation of the two operators' 3G radio access network infrastructure under MBNL.


Under the contract, Nokia Siemens Networks will supervise the creation and operation of the joint network on behalf of both companies.
The first integrated cell site was commissioned in early February. Although masts and the 3G access networks are being combined, each company's core network and T-Mobile's 2G network will not be shared. Both parties will retain responsibility for the delivery of services to their respective customers and use their own frequency spectrum.


Nokia Siemens Networks said its radio access solution will replace most of the two operators' communications stations across the UK and equipment at the remaining sites is being upgraded and reconfigured for higher quality and capacity. The solution, featuring energy-efficient Flexi base stations from Nokia Siemens Networks, will allow a reduction the number of sites in the network by about 30 percent. As well as network infrastructure, Nokia Siemens Networks will deliver project management, network deployment and managed spare parts capability, as well as care services to maintain network performance and increase its efficiency.http://www.nokiasiemensnetworks.com

Cisco to Acquire PostPath for Linux-based Exchange Alternative

Cisco agreed to acquire PostPath, a start-up based in Mountain View, California with additional development operations in Sofia, Bulgaria, for its email and calendaring software. Cisco will pay approximately $215 million in exchange for all shares of PostPath.


PostPath offers an enterprise email and collaboration server that is a drop-in alternative to Microsoft Exchange. The platform features support for Blackberry Enterprise Server (BES), Microsoft ActiveSync email push technologies, iPhone 3G and iPhone 2.0 software.
With the PostPath Server, enterprise customers -- including iPhone users -- have access to full-feature, enterprise-grade messaging and collaboration at a significantly lower cost than Microsoft Exchange. Organizations can take advantage of the operational efficiency and cost savings of the PostPath server to roll out large mailboxes and mobile messaging to their users much easier and cheaper than with Exchange 2007.


Cisco said it will leverage PostPath to enhance the existing email and calendaring capabilities of its WebEx Connect collaboration platform. . Specifically, Cisco plans to extend the e-mail and calendar functionality of its flexible software-as-a-service (SaaS)-based collaborative platform that includes instant messaging, voice, video, data, document management and Web 2.0 applications.


Upon completion of the acquisition, PostPath employees will become part of the Cisco Collaboration Software Group (CSG). CSG is part of the recently established Software Group, consisting of Cisco's major software businesses; including the IOS network operating system, network and service management, Unified Communications solutions, policy management, and SaaS offerings.http://www.cisco.comhttp://www.postpath.com
  • PostPath is headed by Duncan Greatwood, who previously held executive positions at Virata/GlobespanVirata/Conexant. Before that he held a variety of engineering and product marketing positions at Madge Networks.

BroadSoft Acquires GENBAND's M6 Communication App Server

BroadSoft has acquired GENBAND's M6 Communication Applications Server, formerly VocalData, product line and related customer base. Financial terms were not disclosed.


GENBAND is the leading supplier of IP gateways for a diverse set of service provider networks worldwide.


BroadSoft said its acquisition of the M6 product line will extend its market position in the VoIP applications market. The acquisition will also enable GENBAND to focus its efforts on further advancing their gateway product innovation.


The companies have also entered into an agreement to cooperate on Network Transformation projects, which will allow their customers to bundle core voice, data and web-based services across an IP network.
http://www.broadsoft.comhttp://www.genband.com
  • In 2007, GENBAND acquired Tekelec's Switching Solutions Group (SSG). The deal was structured as a sale of Tekelec's equity interests in Santera Systems and Taqua, and the SSG business assets held by Tekelec in exchange for a 19.9% common equity interest in GENBAND, $1.0 million in cash and GENBAND's assumption of certain SSG liabilities. Tekelec's switching solutions business unit included the businesses Santera, VocalData and Taqua, all of which had been acquired by Tekelec between 2003 and 2004.


  • In 2004, Tekelec acquired VocalData, a start-up that developed a hosted IP telephony platform for business and residential customers, for approximately $27.5 million, consisting of $14.5 million of cash and approximately 780,000 shares of Tekelec common stock.

See also