Timothy
Parker Consulting Incorporated
|
|
|
|
Questions and Answers, Part 12 Q: I read a news report that the
wireless LAN concept has poor security and therefore shouldn’t be used.
What’s the story? A: Wireless LANs use several
techniques to encrypt data being broadcast between stations, obviously to
prevent interception and data snooping. The
techniques used to encrypt data are complex, but a group of researchers at
AT&T labs has developed a way of breaking this encryption, rendering the
technique vulnerable to interception. Obviously,
no one wants to have their data broadcast clearly, allowing interception, and
although the decryption is not a trivial task the very idea that data can be
decrypted is off-putting to many. It is important to bear in mind that not all
Wireless LANs have been compromised and it is a lot of work to decrypt data
using this new method. Still, if data is to be protected, wireless LANs are now
looking very vulnerable. So far,
there has been no real comment from the WLAN world, and not everyone is worried.
Many small businesses that find WLANs useful don’t really care if data
can be intercepted because there may not be much more than e-mail and the
occasional file transfer to worry about. Considering the benefits a WLAN offers,
many people are willing to accept the trade-off in potential security breaches.
Is the wireless LAN dead? Not by a
long shot. Q: After the Code Red scare
(where did the name come from, by the way?) fizzled out, I read that there is a
new variant that is more dangerous. Any
information? A: The name Code Red comes from a
variant of Mountain Dew marketed in the US.
It’s a cherry-flavored version of Mountain Dew in a lurid red color
(thanks to tons of red dye). The story is that the people who identified the
virus were drinking Code Red when they found it, and the name stuck.
Code Red did infect many computers around the world, but little real
damage was done because the target of the virus was the White House servers.
They protected those servers by changing the IP address prior to the launch date
of the virus. The Code Red virus affected only Internet Information Services (IIS)
machines hosting web pages on a Windows NT server.
More than just hassling the White House server, though, the Code Red
virus used a buffer overflow error in IIS to open a backdoor into the server,
allowing future access or attacks. Code Red II, as it is being called, is a
variant of Code Red (seemingly from the same author). It too attacks IIS
machines, but apparently only those running Windows 2000. It does the same
buffer overflow technique to gain access to the machines. If you believe the
traffic on the virus newsgroups, Code Red was a warm-up for Code Red II, a trial
run, so to speak. When Code Red II
will launch seems to be unsure right now. Q: I use the Internet a lot, and
sometimes it seems slower than other times.
Is there a way to find out how slow the Internet is in Canada at any one
time? A: There are several Internet
traffic sites on the Web, but the one I like best is internettrafficreport.com.
It uses a new tool (which the site is testing prior to selling) to show
15-minute snap-shots of the Internet’s response times.
It’s a neat picture of the Internet that is continually being updated.
There are also history graphs available so you can see usage over the
past few days or month. Q:
Can you tell me how useful benchmarks really are? Do they have any applicability
in the real world? A:
To paraphrase, "there are lies, damn lies, and benchmarks".
I've spent two decades doing benchmark testing and I realized in the
first year you could twist just about any benchmark to show what you want.
That's why standardized benchmarks are so important, but even they can be
adjusted to give favorable results. Benchmarks
measure a specific thing, not the overall performance, and as such software can
be tailored specifically to excel at a particular benchmark (and many companies
in the DBMS market do this). Are benchmarks important?
Sure, but they must be taken with a grain of salt. Make sure when using
benchmarks that you are comparing apples to apples, and that any differences in
hardware or software that can affect the results are considered. The latest rage for benchmarking is in 3D cards, where
frame-rate is all-important to game players.
Frame-rates can be tweaked to favor one card that is visibly worse than a
lower-scoring card, and some benchmarks measure on card’s specialized hardware
coding which another card performs in software or emulation mode.
As I said, apples to apples is the only way to go. |
|
Send mail to
tparker@tpci.com with
questions or comments about this web site.
|