by clicking on the page. A slider will appear, allowing you to adjust your zoom level. Return to the original size by clicking on the page again.
the page around when zoomed in by dragging it.
the zoom using the slider on the top right.
by clicking on the zoomed-in page.
by entering text in the search field and click on "In This Issue" or "All Issues" to search the current issue or the archive of back issues respectively.
by clicking on thumbnails to select pages, and then press the print button.
this publication and page.
displays a table of sections with thumbnails and descriptions.
displays thumbnails of every page in the issue. Click on a page to jump.
allows you to browse through every available issue.
GCN : January 2013
8 GCN JANUARY 2013 • GCN.COM [BrieFing] NEWS ANALYSIS The Recovery Accountability and Trans- parency Board has deployed a cloud hub that lets the organization securely integrate and manage a variety of cloud services from multiple providers. The hub allows the RATB to use mul- tiple cloud providers in conjunction with its own internal private cloud infrastruc- ture, according to agency CIO Shawn Kingsberry. The cloud hub provides a technology stack that includes a rewall between the agency's enterprise opera- tions and the cloud service provider, a router for virtual private network servic- es, and computing services that include integrated security and service manage- ment, Kingsberry said. A critical component of the hub is the ability to control, monitor and audit ac- cess to systems and information within a hybrid cloud infrastructure. As a result, RATB has deployed Xceedium's Xsuite software, which provides a single point of policy management for controlling privileged access to information and ap- plications. Xsuite also gives RATB the abil- ity to enforce separation of duties and record sessions of all administrators accessing its internal server stack as well as its managed service offering to other federal agencies. The software will protect servers running on the agency's internal private cloud, based on VMware virtualization technology, and infrastruc- ture running on Amazon Elastic Compute Cloud and the company's Simple Stor- age Service. Xsuite software can run on a physi- cal appliance residing in a data center or across that facility, or as a virtualized appliance within a cloud provider's infra- structure, such as Amazon, said Ken Am- mon, Xceedium's chief strategy of cer. Additionally, RATB managers will be able to deploy Personal Identity Veri cation (PIV) cards for system administrators working with Recovery. gov, providing multi-factor authentica- tion before they are granted access to critical systems and cloud manage- ment consoles. RATB will implement PIV cards for administrative access to servers wherever they reside, without having to change how the agency man- ages passwords and other credentials on its systems. "But the cool thing about that is, our architecture can support bring--your- own-device," Kingsberry added. If RATB can get the unique information from each user's mobile device, then managers can say, "Only connect with this device," and access will be permit- ted for smart phones by model, serial number and telephone number. "We thought about a lot of that as we architected our cloud hub," he said. It wasn't easy, but Kingsberry credited his colleagues at RATB with making it work. • How the Recovery Board gathered multiple clouds Research In Motion's long- awaited new mobile OS, the BlackBerry 10, contains a black- list of 106 verboten passwords that users will not be able to use to secure access to their devices, researchers have found. The new OS is expected to be released Jan. 30 and is part of a major e ort by RIM to regain some of the government market share it has lost in the face of growing competition from Apple and Android. The blacklist is a small but clever feature in a device that clearly is focusing on security for its enterprise users. It features strong AES 256-bit encryption that already is FIPS 140-2 certi- fied, it allows segregated work and personal user profiles, and the browser includes a read- only mode that strips possible executables from the display. The forbidden passwords include the obvious --- "123456" and "abcdef," "password" and "qwerty" --- as well as some less obvious --- "trustno1" and "zapata." For the tipplers there is "miller" and "molson" (RIM is Canadian, after all). Not everyone is impressed by the feature. John Yeo, director of Trustwave Spid- erLabs EMEA, called it a token that will do little to improve security. "Instead of blacklist- ing a few words, a more secure option would be to enforce some basic password complexity requirement," he wrote. Considering the computing power that can be thrown into dictionary and brute force pass- word attacks, I don't think that the exclusion of 106 words from the possibilities will make much di erence. And while enforcing basic password complexity is a good idea, that is a policy issue between the user and the enter- prise. Baking policy requirements into the OS could create di cul- ties and conflicts without doing much to improve overall security. --- William Jackson BlackBerry's blacklist: 106 passwords you can't use