The Community for Technology Leaders
RSS Icon
Issue No.05 - September/October (2004 vol.8)
pp: 10-13
Published by the IEEE Computer Society
Review of Internet-related stories in IEEE, Computer Society, and trade press.

Network Magazine,
June 2004

"Internationalized Domain Names," by Eric A. Hall. For predominately English-speaking countries, international characters might seem irrelevant, but large-scale changes to the global infrastructure will affect every network whose users communicate internationally. For example, sending email to users in another country might eventually require an upgrade to Internationalized Domain Names (IDNs). Companies selling products or services worldwide might want to register IDNs that accurately represent their wares, and anyone with international clientele must be prepared for support issues. Breaking the Internet's dependency on seven-bit ASCII is a good place to start. Hall describes the move toward IDNs, as proposed last year in IETF RFC 3490, "Internationalizing Domain Names in Applications (IDNA)."
"WS-Security Makes SOAP Safe," by Andrew Conry-Murray. SOAP messages are constructed in human-readable XML, which means message content can easily be observed and possibly modified. To ensure that messages aren't tampered with or that sensitive data (such as credit card numbers or medical information) isn't disclosed, Web Services Security (WS-Security) adds extensions that enable all or part of a SOAP message to be encrypted and digitally signed. The Web services community recently reached a milestone when the Organization for the Advancement of Structured Information Standards (OASIS) ratified the specification as a standard.
July 2004

"WME Extends QoS to Wi-Fi," by Doug Allen and Andy Dornan. Although the IEEE ratified the 802.11i wireless security standard in July 2004, products guaranteed to be compatible with most of the specification have been shipping since May 2003, thanks to Wi-Fi Protected Access (WPA), a testing program from the Wi-Fi Alliance based on the most urgent security fixes in 802.11i. Now, with many Wi-Fi users upset over poor quality of service (QoS), the alliance has decided to do the same for 802.11e, the IEEE's planned QoS standard — taking parts of the standard and packaging them as Wireless Media Extensions (WME). Due to be available in September 2004, WME equipment will help Wi-Fi networks give higher priority to real-time traffic.
"Ethernet Services Model Phase 1," by Doug Allen and Andy Dornan. Over the next few years, the Metro Ethernet Forum (MEF) plans to develop specific definitions and templates for a robust Ethernet service with any-to-any connectivity. The industry coalition of local exchange carriers, networking companies, Ethernet service providers, and equipment vendors has already completed the first of three specifications aimed at replacing point-to-point frame relay access lines. Collectively, these specifications-based services should make Ethernet a faster, cheaper, and simpler alternative to frame relay in two ways: by beefing up performance levels and security and enabling any-to-any multipoint topology linking sites more dynamically, without the cost of nailed-up connections (completed or authenticated connections). Allen and Dornan discuss the Ethernet Services Model Phase 1, the first technical specification to come out of this effort.
Dr. Dobb's Journal,
August 2004

"HTTP Response Splitting," by Amit Klein and Steve Orrin. HTTP response splitting enables various attacks, such as Web cache poisoning, cross-user defacement, page hijacking, and cross-site scripting (XSS). It's relevant to most Web environments and is the result of an application's failure to reject illegal user input; in this case, input containing malicious or unexpected characters — the carriage return and line feed characters. Klein and Orrin describe how and why the attacks work, and the relatively simple ways to avoid vulnerability.
July/August 2004

"XML and Web Services: Are We Secure Yet?" by Mark O'Neill. Eighteen months ago, developers and users still viewed "Web services security" as an oxymoron, says O'Neill. Now, thanks to standards, Web services are more secure than ever, he claims. He asks what it means to say that an individual XML message is "secure." The answer involves applying well-known security concepts to Web services. O'Neill describes three established security concepts — CIA (confidentiality, integrity, and availability) security, AAA (authentication, authorization, and audit) security, and message-level content analysis — and explains how they apply to Web services.
Network Magazine,
June 2004

"Watching Over Your Network," by Rik Farrow. Farrow says that intrusion-prevention systems (IPSs) are the latest buzz in intrusion detection. He explains why he doesn't believe that IPSs can protect against all those "strangers with candy," despite vendor and analyst claims to the contrary.
July 2004

"Application-Layer Protection," by Andrew Conry-Murray. As Conry-Murray points out, security vendors regularly claim their products can protect Web, email, and other applications. But what does that mean? Applications can be attacked through the protocols that carry them, or by manipulating the application code's logic itself. Understanding how different types of attacks are carried out can help you assess your risk and better understand how to protect yourself. Conry-Murray explains the methods of application attack and presents steps toward prevention.
PC Magazine,
22 June 2004

"Essential Buying Guide: Business Security," by Robert P. Lipschutz. Businesses large and small must be proactive about security, and shopping intelligently now can protect against heavy losses in the future. This buyer's guide has five components: why you need a solid security infrastructure, what the major threats are and how to protect yourself, which features are important when shopping for security solutions, which junctions in your network are vulnerable, and how to pick the products that best fit your business size.
3 August 2004

Security Special Issue. This issue of PC contains four major security-themed articles: "Keep Your PC Safe" (home computing security), "Keep Your Office Safe" (email and enterprise security), "Keep Your Kids Safe" (how to protect children from Web-browsing dangers), and "Is Microsoft to Blame?" (should Microsoft take more responsibility in these other security areas because it provides 95 percent of the world's operating systems?).
Visual Studio Magazine,
August 2004

"Track Changes with XML DataSets," by Bill Wagner. Datasets provide a powerful mechanism for storing information. According to Wagner, programmers can even use them to track the changes they make, as long as they make them in the right fashion. In this Q&A, he describes the available options when using XML datasets.
"Build Web Sites Using Master Pages," by Dino Esposito. In this excerpt from his book, Introducing Microsoft ASP.NET 2.0 (Microsoft Press), Esposito says a method to build and reuse pages must fulfill three requirements: the pages have to be easy to modify; changes shouldn't require deep recompilation of the source code; and any change must impact the application's overall performance minimally. He claims that ASP.NET 2.0 satisfies these requirements with a new technology — master pages (a kind of supertemplate) — and exploits the new ASP.NET framework's ability to merge a supertemplate with user-defined content replacements.
"Build Real-Time Web Images," by Roger Jennings. Location-based Web services will play an increasingly important role as handheld devices add carrier-based and GPS-positioning capabilities. Microsoft, map providers, and cellular carriers will likely offer an expanding array of geo-coded imaging Web services, and Jennings says now's the time to start exploring new VS.NET mapping applications. He describes how to use Microsoft's TerraService and MapPoint Web services to start Visual Studio .NET-based mapping projects.
Dr. Dobb's Journal,
July 2004

"Java Management Extensions," by Paul Tremblett. Tremblett uses a television broadcast simulation to describe the JMX architecture and show how to create managed beans (Mbeans) — the objects used to instrument resources and render them suitable for management.
"Mixing ActiveX with Java," by Al Williams. Although the Microsoft Java virtual machine no longer exists, the Java Com Bridge (Jacob) open-source library essentially duplicates its ability to let Java code running under Windows connect with ActiveX objects. Williams examines how.
"Making .NET Assemblies Tamper Resistant," by Richard Grimes. Executing "malware" attachments to email is a prime method of spreading viruses, primarily by making changes to application files. Grimes explains the .NET file structure and shows how it prevents such alterations from being performed on .NET assemblies.
"Java and the OpenCable Application Platform," by Linden deCarmo. According to the author, the U.S. cable industry is making a massive investment in Java technology to escape the quagmire of proprietary network software and APIs. Java is at the core of the standards-based OpenCable Application Platform (OCAP); properly written OCAP applications can run on any OCAP-compliant North American cable network. In this article, the author looks at the strengths and weaknesses of OCAP's java interfaces as they relate to OCAP's goals.
August 2004

"Continuous Integration and .NET: Part I," by Thomas Beck. The subject of several books, continuous integration is an automated process that lets teams build and test software multiple times a day. In the first of two articles, Beck examines the building blocks of an open-source continuous integration solution, including descriptions of Java-based tools such as Ant and JUnit, which support it.
Network Management
Network Magazine,
June 2004

"The Long Arm of Wi-Fi," by Andy Dornan. Improved Wi-Fi equipment is available now, though it's not suitable for everyone. After all, Wi-Fi was designed to be a LAN technology — it can't match 3G or emerging standards such as 802.16 (WiMAX) and 802.20 (Wi-Mobile) in the wide area, according to Dornan. New wireless WAN technologies are already available in some areas and will slowly be rolled out nationwide over the next decade.
July 2004

"Locking Down the House," by Rik Farrow. other than denial-of-service (DoS), all attacks have the same goal: to take control of a system. The most publicized attacks involve indiscriminate, self-propagating worms such as Sasser or Blaster, while others target specific computers or networks. All depend on the ability to execute the attacker's code on victim systems. Farrow argues that a host-based intrusion-prevention system (HIPS) might be a better solution to network attacks than any network-based IPS (NIPS). However, users must be willing to pay a price in installation costs and performance.
"The Anti-spam Cocktail: Mix It Up to Stop Junk E-Mail," by Andrew Conry-Murray. Approximately 2.5 of the 3 billion e-mails received by Microsoft Hotmail are now spam. However, thanks to a cocktail approach that blends traditional spam filters with cutting-edge technology, spam is becoming a non-issue for corporate mail users. Researchers and vendors have stopped proselytizing individual approaches and found ways to integrate and optimize existing technologies while seeking new solutions, says the author. Machine learning is the hot anti-spam ingredient at the moment, and new products are now integrating it with black lists, content filters, spam signatures, and heuristics for a powerful anti-spam cocktail.
PC Magazine,
July 2004

"Buying Guide: Servers and Storage," by John R. Delaney and Robert P. Lipschutz. Delaney and Lipschutz describe how to choose the right server for a business by assessing performance, cost, space, and other concerns. They also examine the differences between direct-attached storage (DAS), network-area storage (NAS), storage-area network (SAN), and SCSI devices.
David Clark is a freelance writer based in Lafayette, Colorado.
6 ms
(Ver 2.0)

Marketing Automation Platform Marketing Automation Tool