by clicking on the page. A slider will appear, allowing you to adjust your zoom level. Return to the original size by clicking on the page again.
the page around when zoomed in by dragging it.
the zoom using the slider on the top right.
by clicking on the zoomed-in page.
by entering text in the search field and click on "In This Issue" or "All Issues" to search the current issue or the archive of back issues respectively.
by clicking on thumbnails to select pages, and then press the print button.
this publication and page.
displays a table of sections with thumbnails and descriptions.
displays thumbnails of every page in the issue. Click on a page to jump.
allows you to browse through every available issue.
GCN : December 2013
30 GCN DECEMBER 2013 • GCN.COM tivity so that the appropriate level of enforcement can be employed for each user. Content and services also can be filtered according to customer policy. When the service is integrated with Microsoft's Active Directory, granular poli- cies can be applied for individuals and workgroups. With just 6,658 permanent residents, Aspen, on the Western slope of the Rockies, is the 53rd largest city in Col- orado. It is the seat of Pitkin County, and its networks are tightly integrated with the county's, Sobieralski said. The combined networks have about 500 users distributed over 32 locations, most connected by a fiber backbone. Moving to a new DNS provider took care of the reliability issue, but the city began having problems with the appli- ance it was using to filter malware and block websites. "It wasn't doing a very good job," Sobieralski said, and it was expensive. It was replaced by the Enterprise Insights service earlier this year at a considerable savings. "It was costing us more in maintenance for the appliance than the entire OpenDNS service." Enterprise Insights also provides Web-based visibility for network managers to manage activity, and it also can iden- tify botnet communications and block outgoing traffic to command and control servers. Infected computers within the network can be identified this way. Customized policies are built from a collection of 58 cat- egories of online content, identified by OpenDNS, and eight security categories. Enforcement is not black and white, but can be applied through Active Directory based on the needs of individual users and workgroups --- and also selectively within each category. Aspen blocks access to most online gambling sites, for instance, but allows access to the Colo- rado state lottery site, accepting the fact that workers are going to want to check their lottery numbers while at work. In the months the OpenDNS security service has been in place its filtering appears to be accurate, Sobieralski said. The low rate of browser infections since using the service indicates a low level of false negatives in identi- fying malicious sites. "As for false positives, we rarely get those," he said. • CASE STUDY SECURITY AS A SERVICE Since Aspen, Colo., adopted the OpenDNS cloud-based service to lter Web content and enforce policies, browser infections have dropped to almost nothing, said John Sobieralski, network coordinator for the city and for Pitkin County. But don't be fooled into thinking the Web is the only source of malware. "Don't get rid of your antivirus," Sobieralski said. OpenDNS Enterprise Insights provides ltering and blocking of suspicious and malicious sites and content, but it does not look for or block all malware in a system. "It's a pretty good shield," he said of the service. "But it is one layer of security. You need a lot of different layers." Web or browser-based attacks, in which a malicious or a compromised website is used to deliver malware to a browser, are among the top threats, spurred in large part by the rapid growth in Web applications. Many activities that were once done on a computer or a local network are now done through a Web interface, and any time the browser connects to a suspect site, vulnerabilities can be exploited. Identifying and blocking these sites is important, but they are only one means of delivering exploits. Intrusions, e-mail, mobile media and other external devices can be malware vectors, and a basic level of anti-malware protection and intrusion prevention and detection is needed is needed to guard against them. Aspen is a small city with fewer than 7,000 permanent residents with limited resources to devote to network security, and the real bene t of the OpenDNS service is in making the most of those resources, Sobieralski said. "For us, it's almost like the equivalent of a full-time employee. We don't have the resources to monitor the network constantly. It saves us a lot of time and effort." --William Jackson Reminder: The Web is not the only source of malware "[Our previous DNS provider] was costing us more in maintenance for the appliance than the entire OpenDNS service." -- JOHN SOBIERALSKI