Thursday, September 27, 2007

Video security networks: IT's newest frontier

You may think you have security locked up. But unless you've brought video surveillance and building access control networks under the IT umbrella, you've still got some work to do.

"People still think of physical and information security as two separate entities. But to completely manage risk and identity you have to bring all the pieces of security together. It doesn't matter if you're talking people, products, data or data systems -- they're all assets that have to be protected," says Marene Allison, vice president of global security at Medco Health Solutions Inc. in Franklin Lakes, N.J.

Allison signed on at Medco three years ago to create a converged security application for the Fortune 50 pharmacy benefit company. With HIPAA, Sarbanes-Oxley, the Payment Card Industry Act and other mandates to comply with, she says the walls between physical and information security have come tumbling down and IT executives now are responsible for all aspects of data security. "Physical security is just one more peel of the onion skin that has to be dealt with, like firewalls and intrusion detection," she says.

In addition, she says video surveillance networks and access control are becoming more advanced and can ride on the IP network.

Moving video surveillance and access control, such as closed circuit television (CCTV) and building entry card readers, onto the IT platforms leads to reduced costs and management headaches for both IT and physical security teams.

To capitalize on the possibilities, Allison merged her physical security unit with the IT security team to take advantage of each group's knowledge base. She cross-trained the teams to learn each other's security approach. Her team also upgraded the CCTV and access control technology into a single, cohesive IP-based business intelligence network using Dallas-based TAC's integrated security systems.

"We use the CCTV in conjunction with alerting methodology and more traditional IT intrusion detection to know who is touching data and data systems when," she says. By integrating her video surveillance and network access control systems with her IP network, the unified security team can now set policies that dictate how long a building door should stay open.

Real-time video

If they receive an alert that an entryway has stayed open too long, they can call up real-time video, stored video and access control information right from their desktops. In the past, they would have had to wait for the physical team to notice an anomaly in its building access reports and then search through an analog videotape to find the culprit.

"This definitely narrows the window on solving security problems," Allison says. It also helps her prove a safe chain of command for data control, which many federal and private sector mandates require.

While Medco's approach might be cutting edge to some, a January 2007 IDC report finds a worldwide shift from analog surveillance cameras to digital network cameras. "In 2008, analog cameras will occupy 75% of the total market, yet as more usage of the network occurs for more than simple data transmission, we expect the network share to take off in 2009 and 2010," IDC says. In fact, the research firm predicts that global shipments of network cameras will increase at a five-year compound annual growth rate of 63%, moving from 540,817 in 2006 to 6.2 million in 2011.

IDC calls the use of the corporate network as a means to facilitate surveillance, security and monitoring "a natural extension of [network] capital expenditure."

Network cameras definitely offer advantages over analog cameras that transfer black-and-white images over coaxial cables to proprietary recorders with magnetic tapes. Companies then log the tapes and store them for certain periods of time before erasing and reusing them -- all of which consume human and monetary resources.


Tuesday, September 25, 2007

Lawsuit charging GPL violation is first ever

In what may be the first action of its kind in the U.S., the Software Freedom Law Center has filed a lawsuit to enforce an open-source license.
The SFLC filed the suit on Wednesday in the United States District Court for the Southern District of New York against Monsoon Multimedia Inc., on behalf of the developers of BusyBox, Erik Andersen and Rob Landley. The suit charges Monsoon with using BusyBox under the GNU General Public License version 2 but failing to publish its source code. Under the terms of the license, distributors of software that uses the licensed software must make their source code available. Failing to do so is considered copyright infringement.

BusyBox, members of the public and the SFLC legal team notified Monsoon of its responsibilities, but Monsoon has not yet published the code, said Dan Ravicher, legal director at SFLC. While it's relatively common for licensees to neglect to share their code, parties typically work through the issue without having to go to court, he said.

This case is a last resort after Monsoon failed to rectify the situation, he said. The suit is necessary because from a legal perspective, copyright owners can start to lose rights if they don't act to protect them, he said.

BusyBox is a lightweight set of Unix utilities used in embedded systems. Monsoon develops digital video products, including a Slingbox-like device that enables remote TV viewing.

If BusyBox ultimately prevails in the case, under copyright law the company is entitled to damages, an injunction prohibiting continued infringement and court costs, Ravicher said.

He believes this is the first case filed in the U.S. in order to enforce an open-source license.

The GPL Violations Project is a group that actively pursues license violators and has brought at least one case to court in Germany. Earlier this year, one of the project's team members publicly revealed violations that Cisco Systems Inc. made in its phone previously called the iPhone. Cisco subsequently corrected the problem.

Monsoon did not reply to a request for comment.

The IDG News Service is a Network World affiliate.


Vista Backlash: Microsoft Quietly Lets Vista Users Revert to XP

Hate Vista? If your PC is running Microsoft Windows Vista Business or Windows Ultimate and you're fed up with the OS you may be able to ditch Vista for XP Pro. Microsoft is quietly allowing you to downgrade to Windows XP Pro.

Dell, Hewlett-Packard, and Lenovo are just a few of the system manufacturers offering downgrades. Each of these PC makers offer an XP Pro recovery disc to those who request one that can be used to revert a Vista machine to XP Pro.

Dell, HP, and Lenovo customers can request a Windows XP Pro recovery disc to be included with their purchase of a Vista machine - should they want to revert in the future. Customers who already have purchased a Vista-PC can request an XP Pro recovery CD for between $15 to $20 by calling technical support.

Different Policies for Different Vendors

A Lenovo Website for downgrading to XP Pro states: "For a limited time only Lenovo customers that have Windows Vista Business or Ultimate installed on their machines will have the chance to purchase a Windows XP Recovery CD."

Dell small business sales told me if I purchased a system with either the Vista Business or Ultimate operating system I could pay an extra $20 to have XP Pro recovery discs shipped with the machine. Dell told me I wouldn't need an extra Windows license for the XP Pro software.

HP business sale's staff described a near identical downgrade plan, except for the fact the XP Pro recovery discs would not include a license to activate the OS.

The desire to revert to XP Pro from Vista is a business trend, not a consumer trend, says Chris Swenson, director, software industry analysis, for market research firm NPD Group.

"Retail consumers are not requesting to go back to XP," Swenson says. Businesses are more sensitive to upgrades because Vista requires a more robust computer to run programs at peak performance. Vista's requires better graphics and memory than XP, forcing companies to spend more on systems, he says.

Additionally some customers and businesses have complained about Vista's lack of support for software and hardware designed originally for XP.