www.eweek.com Jim Rapoza: It’s easier to lay low on the Web 46 T H E E N T E R P R I S E N E W S W E E K L Y CCYYBBEERR--SSIIEEVVEE BY CHRIS PREIMESBERGER Sandia National Laboratories’ Red Teams ponder the worst in cyber-terrorism— and then work on fixes PAGE 22 digital EXCLUSIVE BONUS CONTENT! NEWS & ANALYSIS HWEEK LABS Cisco takes SQL Anywhere NEWS LABS STAN GIBSON Online retailers Cameron When disaster on Riverbed in 10 boasts a long are gearing up Sturdevant walks strikes, IT for the holidays, readers through managers push for WAN list of valuable but can they the Core Impact should not forget take the heat? 6 penetration tool about the people optimization upgrades EW1 EW3 EW4 11 39 SEPTEMBER 4, 2006 VOL. 23, NO. 35 • $6 Advanced security not only protects your network. (It does wonders for your confidence.) Cisco® ASA 5510 Security Plus Appliance Provides a proactive threat defense that stops attacks before they spread using advanced security, a market-proven firewall, and antivirus and VPN capabilities. SonicWALL SSL-VPN 2000 Protects your network with powerful SonicWALL NetExtender technology that seamlessly integrates behind virtually any firewall. McAfee® Total Protection for Small Business Advanced Defends against viruses, spyware, hackers and identity thieves with always-on, always-up-to-date protection across desktops and servers. CDW Security Specialist Call CDW today and speak to an expert who knows what you need to defend against threats before they enter your network. The Security Solutions You Need When You Need Them Today’s sophisticated security threats go way beyond what antivirus can handle. That’s why CDW has all the technology you need for full network gateway protection. From firewall protection to antispyware to intrusion detection and beyond, we have a wide variety of the top names in the industry. And we have the expertise to answer questions, offer advice and build solutions that will hold up to the worst threats out there. So call today and get the total protection you need. Offer subject to CDW’s standard terms and conditions of sale, available at CDW.com. © 2006 CDW Corporation Advanced security not only protects your network. (It does wonders for your confidence.) Cisco® ASA 5510 Security Plus Appliance Provides a proactive threat defense that stops attacks before they spread using advanced security, a market-proven firewall, and antivirus and VPN capabilities. SonicWALL SSL-VPN 2000 Protects your network with powerful SonicWALL NetExtender technology that seamlessly integrates behind virtually any firewall. McAfee® Total Protection for Small Business Advanced Defends against viruses, spyware, hackers and identity thieves with always-on, always-up-to-date protection across desktops and servers. CDW Security Specialist Call CDW today and speak to an expert who knows what you need to defend against threats before they enter your network. The Security Solutions You Need When You Need Them Today’s sophisticated security threats go way beyond what antivirus can handle. That’s why CDW has all the technology you need for full network gateway protection. From firewall protection to antispyware to intrusion detection and beyond, we have a wide variety of the top names in the industry. And we have the expertise to answer questions, offer advice and build solutions that will hold up to the worst threats out there. So call today and get the total protection you need. Offer subject to CDW’s standard terms and conditions of sale, available at CDW.com. © 2006 CDW Corporation Who has the credentials to check the credentials of 13,000 government employees? NEC Express5800/ft series Server With NEC’s fault tolerant servers achieving up to 99.999% uptime, only those authorized to access your building will gain access to your building. NEC’s proven track record as a global technologies leader, combined with 30 years of research and development experience in the security technologies fi eld, offers much-needed assurance in today’s increasingly unsure times. Continuous security monitoring solutions. It’s one more way NEC empowers people through innovation. www.necus.com/security IT SERVICES AND SOFTWARE ENTERPRISE NETWORKING AND COMPUTING SEMICONDUCTORS IMAGING AND DISPLAYS ©NEC Corporation 2006. NEC and the NEC logo are registered trademarks of NEC Corporation. Empowered by Innovation is a trademark of NEC Corporation. f THIS WEEK National events again motivate authority to unite public- and private- flushed out threats and vulnerabilities, and eWeek’s look at IT and the big sector entities in the effort to secure the this is probably true. But more leadership picture. Last week eWeek used nation’s critical cyber-infrastructure. must be shown from the top branches of the anniversary of Hurricane Katrina to Still, work is being done to locate and government. examine how lessons learned from that plug holes before they can be exploited. Also on the security front this week, storm are being put into practice. We Sandia National Laboratories’ Red Microsoftis making an aggressive move found that IT managers have Teams monitor water, power, in creating a new technology called been busy the past year putting computer and telecommuni- BrowserShield, which can serve as a additional redundancies into cations systems in an effort quicker alternative to current software their disaster recovery plans. to anticipate attacks, reports patch releases, reports eWeek Senior This week’s report on the state eWeek Senior Writer Chris Writer Ryan Naraine on Page 14. The tech- of IT affairs five years after the Preimesberger on Page 22. The nology promises to actually rewrite HTML World Trade Center and Pen- Red Teams’ efforts are well- on the fly if it encounters a malicious tagon attacks is not as upbeat conceived, but the job is too big script and strip out the bad code before the and, in fact, has a sense of for them. In some cases, the page gets to the user’s browser. ´ urgency about it. The terrorists best they can do is pass on test- SCOT PETERSEN are still on the offensive, and ing and training methodologies Contact eWEEK Editor Scot Petersen at we are still vulnerable. to local government or industry groups, [email protected]. The National Strategy to Secure where we can only hope there is suffi- Cyberspace has gone nowhere during cient follow-through. PODCASTS the past three years, reports eWeek More must be done. Many in the Senior Writer Wayne Rash on Page 26. know insist that the public does not know TheWhite House is close to announcing the extent to which the government has go.eweek.com/podcasts a new cyber-czar, but the position was vacant for a year. Even before that, critics TestRun pointed out that the position lacked real eWEEK Labs Director Jim Rapoza talks to Advanced Technologies Analyst Ja- F WEEK.COM son Brooks about a new type of Linux happening in San grid computing distribution called rPath. Jason says Francisco Sept. and shared com- that rPath combines the strength of rDEVELOPMENTECLIPSE- 6-8. Senior Writer puting resources. Linux, virtualization and appliances to WORLD is in Cambridge, Chris Preimes- create a useful application platform for TAKING CARE OF Mass., Sept. 5-8. Keynoters berger is covering both ISVs and businesses. BIDNESSHP’s will include Mike Milinkovich, the keynote of Citi- in New York on Sept. 6, with OnSecurity executive director of the group’s John Van Uden, whose Satjiv Chahil, senior vice presi- Eclipse Foundation. Senior Edi- theme is grid’s coming of age, eWEEK Senior Writer Matt Hines speaks dent of the Personal Systems torDarryl K. Taft will be cov- and the panel of IDC analyst with Panda Software CTO Patrick Hinojosa Group, and David Roman, PSG ering Eclipse and SOA, Eclipse Vernon Turner, who’s going to about the challenges faced by the security vice president, explaining why for Web 2.0, the Eclipse Rich ask who’s ready for the next- company and other Microsoft partners in the company’s poised to cap- Client Platform technology, and gen data center. IBM’s Ken King building applications that interface with ture the business client market Eclipse support for dynamic is also planning to discuss Grid Vista’s locked-down OS kernel. as it continues growth through languages. Computing: The Fuel for Innova- 2008. We’re sending Senior eWEEK InfraSpectrum tion. Preimesberger expects to GRID COMPUTING The PLAT- WriterJohn Hazard and Edito- Peter Coffee talks with Andrew Dent, hear about real-world use of FORM GRID CONFERENCE is rial Director Eric Lundquist. founder/CTO of Hubspan, about enterprise COPY THAT, BIG X It’s financial middleware’s evolution to hosted service. TRY IT NOW! digital analyst day for XEROX in New go.eweek.com/zinio eWEEK Podcast York on Sept. 7. We’re sitting Exclusive bonus coverage for digital edition subscribers: down with CEO Anne Mulcahy Get a full dose of the week’s top news to hear about the company’s headlines from Stan Gibson, a look at News Labs Stan Gibson continued services push. Look the latest products in eWEEK Labs, and Online retailers Cameron When disaster for news to come in from Senior commentary from Peter Coffee and are gearing up for Sturdevant walks strikes, IT the holidays, but readers through managers should WriterJohn Hazard. Spencer F. Katt. can they take the Core Impact 6 not forget about the heat? penetration tool the people www.eweek.com SEPTEMBER 4, 2006 n eWEEK 5 The Paradox: Multiple layers of security make life harder for threats. Multiple layers of security make life harder for you. The Answer: Proven security. Anti-Spam & Anti-Spyware Security threats are mounting in number—and they’re evolving in complexity. Your security must evolve as well. This used to mean managing multiple products without integration, which created operational Network Access Control challenges, risk, and increasing costs. Not any more. With McAfee® Total Protection for Enterprise, you’ll Intrusion Prevention have comprehensive, integrated protection. You’ll control everything—from anti-virus to network access control to anti-spyware—all from a single management console. McAfee Total Protection solutions are Desktop Firewall engineered to provide maximum manageability and deliver total endpoint security without compromise. McAfee, the dedicated security company that blocked or contained 100% of the top attacks in 2005, E-Mail Security delivers proven results backed by more than 15 years of experience. Secure your business advantage. Anti-Virus Learn more at www.mcafee.com/total Top list of attacks as reported by Wildlist.org and McAfee AVERT Labs. McAfee and/or additional marks herein are registered trademarks or trademarks of McAfee, Inc. and/or its affiliates in the U.S. and/or other countries. McAfee Red in connection with security is distinctive of McAfee brand products. All other registered and unregistered trademarks herein are the sole property of their respective owners. © 2006 McAfee, Inc. All rights reserved. Please examine these materials carefully. Call the Production Manager immediately if you detect problems. PM: C. Pallo 415.403.8061 Approval Date Job#:NEA-NA-256 Mech Date:03/29/06 DM Specs: TM: M. Mahl PM: C. Pallo Client: MCAFEE Round#: 0 Revision#: 1 Version: 0 Size: Flat: N/A DPA: I. Soria Job Name: Q2-DOX-TOP-ENT-NA AD Specs: 4/4 Standard Page Folded: N/A PR: X. XXXX (Micci) Size: Live: 7" x 10" Color(s): Front: N/A 000 000 000 AD: B. Shown Pub(s): eWeek, Info World Trim: 7.875" x 10.5" CW: C. Daniel Back: N/A 000 000 000 Component: AD AE: M. Whichard Bleed: 8.125" x 10.75" Issue date(s): 4/10/06 AS: B. Eagen Scale: 100% CS: X. XXXX Close date(s): 3/31/06 Client GREYSAN FRANCISCO 303 2nd Street, Suite 300 North San Francisco, CA 94107 415.403.8000 9294 Grey 133 M9294_eWeek_Revised 04.12.06 cb CYANMAGENTAYELLOW BLACK SEPTEMBER 4, 2006 Editorial Director Eric Lundquist Editor Scot Petersen CONTENTS Executive Editor/News Larry Dignan Director/eWEEK Labs Jim Rapoza Executive Editor/eWEEK Labs Deb Donston Technology Editor Peter Coffee Executive Editor Stan Gibson NEWS News Editors John Pallatto, Lisa Vaas, Steve Bryant, Don Sears Senior Editors Jeffrey Burt, Peter Galli, Paula Musich, Darryl K. Taft Senior Writers Renee Boucher Ferguson, John Hazard, Matt Hines, Ryan NJoahrna inGe., SCphoroisn ePrr,e Wimaeysnbee rRgaesr,h 11 OPINION Staff Writers Scott Ferguson, Deborah Rothberg gWEEK LABS West Coast Technical Director C ameron Sturdevant 5 This eWEEK: IT is still Advanced TecThencohlnoigcaiel sA Annalaylsytsst JM aiscohna eBl rCooaktosn, Andrew Garcia open to terrorist attacks. Senior Writer Anne Chen 8 Eric Lundquist: Good FEATURES management overcomes Associate Editor, Solutions Series David Weldon Senior Editor Kevin Fogarty immature technology. EDITORIAL PRODUCTION Managing Editor Rick Dagley 52 Deputy Managing Editor Debra Perry Copy Chief Jim Williams Senior Copy Editor Emily Zurich Copy Editors Kelsey Adams, Vikki Lipset, Shane O’Neill Newsletter Editors Jenni Miller, Alethea Yip ART DEPARTMENT NEWS& fWEEKLABS Senior Art Director Stephen Anderson Associate Art Director Paul Connolly Senior Production Designer Tara-Ann Fasulo Senior Designer Chip Buchanan ANALYSIS 39 REVIEW: SQL gWEEK Publisher Anywhere 10 proves to Karl Elken 11 Riverbed and Cisco are be worth the wait with a Business Manager Eric Berk girding for a showdown long list of improvements. PeterE Crich iaLcucbheicakro, ,S MAeasnsriokorec Ritaientesg eRaercseha Drcirhe cMtoarnager iWn tAhNe aopppti macizcaetiloenra stipoanc/e. 42 Tech Analysis:rPath Production Manager smooths the way for 32 Mary Jo Foley: It’s time Michael DiCarlis Ad Traffic Coordinator 14 Microsoft is working optimized Linux distros. for Microsoft to open up. Tim Bennett on a browser shield to 44 REVIEW: Core Impact 34 Our View: We must work block malicious code. 6’s penetration testing together on cyber-security. ZIFF DAVIS MEDIA 16 Intel will release its new targets Mac OS X sys- 34 Reader mail Chairman & CEO vPro chip on Sept. 7. tems. Robert F. Callahan 46 Jim Rapoza: Reasons Chief Financial Officer 18 Intel hopes “Tulsa” will 47 REVIEW: Xerox’s Mark Moyer abound to support Tor. Executive Vice President &Chief Content Officer sway users from AMD’s DocuShare provides Executive Vice PreMsiidcehanet,l LJ.i cMenillseirng & Legal Affairs, Opteron processors. solid document man- 54 Peter Coffee: Online General Counsel agement. retailers need to embrace Gregory Barton 18 Quad-core desktop outside reviewers. PRESIDENTS chips from Intel may 52 REVIEW: Toshiba’s SlSoacno tSt MeycmCoaurrt h(yE n(Gtearpmreis eG Groruopu)p) arrive by the holidays. Tecra A8 provides per- 58 Spencer F. Katt: The Jason Young (Consumer Tech/Small Business Group) formance at a low price. Google-Microsoft turf 20 Labs: An Ubuntu bug-fix SENIOR VICE PRESIDENTS battle flares anew. Kenneth Beach (Corporate Sales) blunderraises questions Jim Louderback (EdiAtoInrrgaia elB lDoe icrMekacentro d(rG,a rCaamonones (uGInmrtoeeurrn/pSe)tm)all Business Group) about Linux GUIs. FACING THREATS Martha Schwartz (Custom Solutions Group) 20 Work in Progress: Labs Michael Vizard (Editorial Director, Enterprise Group) says CA’s Unicenter NSM VICE PRESIDENTS John Davison (Game Group) r11.1 offers a global view. 22 Sandia Elaine Ebner (Corporate Sales) National Karl Elken (Publisher, eWEEK) 29 Google’scommunica- Aaron Goldberg (Market Experts) Labs’Red Barry Harrigan (Web Buyers Guide) tions tool set takes on Kristin Holmes (International Licensing) Teams are Michael Krieger (Market Experts) Microsoft’s offerings. Ray Ledda (Game Group) working to Rick Lehrbaum (Internet) Eric Lundquist (Editorial Director, eWEEK) 31 Career Central deter cyber- Chris Maginn (Internet) SJcimot tM MccCDaabneie (lP (CG aMmaeg Gazrionuep)) 33 The Buzz terrorism. Paul O’Reilly (Event Marketing Group) Beth Repeta (Human Resources) 26 The DHS’ Chris StetsDoanv e(R Reosecakr (cCh/irMcualrakteiot nIn)telligence) lengthy search Stephen Sutton (Audience Development, Consumer/Small Business) for a cyber- Stephen Veith (Enterprise Group Publishing Director) Monica Vila (Event Marketing Group) security chief Randy Zane (Corporate Communications) is almost over. beWe ErEeKa cehdeidto raiat l (s7t8a1ff) m9e3m8-b2e6r0s0 c aonr Photo: Jon Chomitz (800) 451-1032, or via e-mail using the following formula: firstname_ [email protected]. For example: [email protected]. (Don’t use middle initials in address.) www.eweek.com SEPTEMBER 4, 2006 n eWEEK 7 & NEWS ANALYSIS WEBLOG ERIC LUNDQUIST: UP FRONT IT success knows no boundaries ERIC’S PICKS FROM GWEEK BLOGS go.eweek.com/weblog HALF A WORLD APART, EXECS’ EXPERTISE TRANSCENDS TECHNOLOGY @ This is the tale of “It does not pay for us to be up and running ALLAN ALTER CIOs and change two IT executives. if our customers are down,” said Boyd, not- One runs an out- ing that programs such as EnerNOC allow sourced data center for customers such as Offsite not only to be good Why do 57 percent of IT organizations such as environmental citizens but also to contribute executives believe their depart- hospitals that want to out- to electrical and data center uptime for their ments are going through more source their data center customers. change than they’ve ever processing rather than IT execs in the past have been knocked seen in their careers [accord- worry about uptime, net- for being too cocooned in technology to ing to a CIO Insight survey]? work transport speeds and never-ending data understand their company’s business. Boyd is At companies where the IT storage upgrades. among the tech exec leaders who understand organization is growing larger, The other exec is now in Hong Kong not only their company’s business but also IT execs experience extraordi- after spending a few years in the backwoods the social and economic world where their nary change more often when regions of China and Mongolia doing educa- customers’ businesses operate. IT has absorbed functions or tion support. Education support can mean In addition to Boyd, I’d like to add Doc- personnel previously part of everything from building a network around a tor John to the smart IT execs list—not other departments or when single dial-up connection to installing servers the Doctor John of New Orleans fame, but insourcing is taking place. (after you’ve first figured out how to buy a box the Doctor John who has spent the last I’ve sometimes seen CIOs or of parts that may or may not be a server once four years in China teaching and building IT departments put in charge assembled). technology networks at schools, including of business strategy, process Despite an ocean of distance between the the Mongolia University for Nationalities. improvement or e-business. two executives, they both have lessons to I first came across Doctor John (the name This inevitably has to impact teach us all, and IT pros, in particular. he goes by in China) when he wrote some the organization. Insourcing John Boyd is the president of Offsite, dispatches for The Register about a year ago. also can have a big impact based in Manchester, Conn. You can get The dispatches were very interesting read- on an organization, I suspect, a full description of ing then, and I spent because there’s the double Offsite’s facility at www. THE BEST TECH EXECS about a month hunting shock of handing off tasks offsitenow.com. The him down via e-mail, to outside firms only to bring SKIP THE COMPLAINING capacity, redundancy and then I asked him to them back in again. 8/24/06 and planning that went AND GO IN AND DO A JOB. write a lessons-learned @ into the site’s construc- dispatch for us. You can tion would make any IT manager trying to read that dispatch on our site. LISA VAAS 11g on the way? squeeze one more server into an already “The IT role [in China] can be unique and overheated and overcrowded server room often is. Most of the places I have been had very envious. no infrastructure in place. If they did have It’s been long enough, and Boyd spent 20 years as the chief technolo- something, it was mostly based on old, odd I’m ready to say the words: gist at Northeast Utilities, which helps and unavailable technology. Add to this a real Oracle Database 11g. When’s explain his preoccupation with making the frightful bundle of communication issues. it coming? Sources tell me it’s overused term of 24/7 operation a reality Not too many Western IT managers find due sometime in 2007. Don regardless of weather, customer require- themselves in a position where they feel a Burleson did this crazy little ments or electrical requirements on New need to learn Chinese and Mongolian to do trend graph based on previ- England’s power grid. their job,” Doctor John wrote in an e-mail. ous major releases and the Boyd also is on the forefront of looking at The best IT execs I’ve run across are the time that elapses between his power usage as a contributor to the overall ones who skip the complaining about man- them to come up with the power grid rather than simply a user. He is agement and go in and do a job that seemed average number of years working with EnerNOC (www.enernoc.com) impossible in the face of immature technol- between releases being 3.2. to become part of the EnerNOC “negawatt” ogy, indifferent management and throttled That makes it April 2007 for grid. The negawatt grid acts as a go-between budgets. Remember, if Doctor John can do 11g, but I agree with Don in for utilities and major power customers, it in Mongolia, you can do it in your facility, thinking the R-Shores crowd enabling those customers to make small wherever that may be. ´ would aim to make a splash adjustments to their power consumption. In at the fall Oracle OpenWorld return for those 1- to 3-degree temperature Editorial Director Eric Lundquist can be reached at 2007. 8/25/06 adjustments, EnerNOC customers get paid. [email protected]. 8 eWEEK n SEPTEMBER 4, 2006 www.eweek.com (cid:149) GET A JUMP ON SECURITY THREATS. Go Pro. Introducing Intel® vPro™ technology. Greater security built in to your desktop eet. Intel® vPro™ technology is more than just a new processor. It’s an integrated set of new technologies designed to work together. Your ability to manage your entire enterprise is built in. So is your ability to remotely heal PCs even when powered down. Built around the extraordinary performance of the new Intel® Core™ 2 Duo processor, Intel vPro technology adds functionality to leading network security software. To download the Intel vPro technology whitepaper, go to intel.com/vpro. ©2006 Intel Corporation. Intel, the Intel logo, Intel vPro, Intel Core, Intel. Leap ahead., and the Intel. Leap ahead. logo are trademarks or registered trademarks of Intel Corporation or its subsidiaries in the United States and other countries. All rights reserved.