Yesterday I attended the Melbourne Tandberg offices for an update on their new desktop video conferencing server/app combination known as Movi. Looks quite promising as a semi-managed solution to easily deploy conferencing across multiple desktops.
Limited to Windows XP only at this point in time, and with the proviso that the V1 of the product doesn't jump over firewalls... University of New England have been trialling the product and have had some positive results. Selection and configuration of webcams is left upto the end user, as is sound device settings but this seems to be a preferred approach to other applications which take over the multimedia subsystems and do some 'interesting' things.
Movi is based entirely on the SIP protocol stack, and can be integrated into multi-point mixed H.323/SIP connections using existing Tandberg MCU technologies, either stand-alone or built into an endpoint. There's still some way to go yet, the firewall traversal and Mac OSX support are notable, but this product has the possibility to make delivery of desktop video conferencing easier to support on a medium to large scale deployment basis.
Download Tandberg's product literature on Movi.
The theme of this year’s AUSCERT conference was on how to maintain a balance in security with the right metrics and systematic processes and a level of intuition.
Keynote speaker Ivan Krstic talked about the “one laptop per child” program to provide secure desktops to 6 year olds to enable them to have access to information to learn. The solution was a cost effective “OLCP X0-1” laptop which had wireless access mesh based 802.11s) for communications via other similar laptops and the use of virtualization for each process/application so that if one broke then it could be easily restored. Backups were also stored separately and the screen resolution was up with the best available today. Battery life was 18 hours and the cost was $150. Larger volumes will drive costs lower. For more, see http://wiki.laptop.org/go/Bitfrost
Phishing is all about copying someone’s website to trick the user into supplying their credit card details. The Anti-phishing working group talked about the recently accepted IETF draft on “incident object description and exchange format” and WG recommendations on extensions to that format to include data on internet crimes. The WG have a repository of eCrime as a block list. It costs $25 to enroll in APWG to access news and join projects. They are also looking at DNS policy to eliminate or minimize he ability of phishers to corrupt worldwide DNS. The next APWG operations summit is in San Francisco (May 30.31)
Kay Lam-Bettie (IDEALAW) gave a summary of IT law which to a large extent remains untested in relation to interpretation. Unauthorized access to systems or data carries an absolute liability of up to 10 years imprisonment. Even doing it overseas is no protection as an Australian man has been extradited to the US.
The Australian Access Federation talk by AusCERT gave background on the AAF and presented the architectures for PKI (supporting 4 levels of assurance) and Shibboleth. Apart from builds and tests, the current work is on a common policy domain (identifications and attribute schemas) and the development of a legal framework to operate under.
A securing wireless 802.11 talk from David Ross (QUT) gave an excellent and details insight on the realities behind wireless LAN security from WEP to 802.11i and CCMP & TKIP. He explained that if one takes the option to mix modes the weaker one tends to corrupt the better ones. He outlined a number of robust security network requirements. The key message was mixing modes with WEP means with freely downloadable tools; WEP can be broken in seconds.
Homeland Security (USA) stated that IT Security is part of good IT governance; we need to understand that it is a business decision. Need to architect security in at the start as is being developed through IPv6, need to build IT Security in application development, training s important for technical, admin and management with certification. There are key issues with peer-to-peer applications and insecure rogue wireless access points. The US will report, investigate and prosecute any criminal acts on cyber space.
Jason Edelstein talked about VoIP Security and that many threats are the same for data traffic (eavesdropping, man-in-the-middle, replay), there are lots of tools available on the net to instigate these threats. Key threats are toll fraud, protocol weaknesses, Denial of Service to affect VoIP, eavesdropping and impersonation. All these threats can be monitored and mitigated if configured properly.
Cyberstorm is a controlled environment to exercise a cyber related incident of national significance with federal, US state, international and US private sector participants, its includes Australian participants. Cyber Storm 2 will include Aus Fed Govt, 4 state governments, IT, Telco, Banking, Energy and Water Private Sector companies. See More..
A report on a past Cyberstorm exercise is available online.
A Web 2.0 talk from the VP from Oracle (Mary Ann) highlighted the changing nature of the net with much more of a trend towards a combination of dynamic content being modified from multiple sources and individual firewalls around people or even just their applications to deal with.