To address one obvious point up front: not everyone agrees that a problem exists.  Various companies have either said they’ve been unable to reproduce NSS Labs’s results, or that they protect users against the TCP Split Handshake spoof in a different way.

Fortinet argued, for example, “FortiGate platforms are not susceptible to split handshake attacks when AV and IPS engines are enabled.  Approximately 85% of our customers implement our product using multiple security components within one appliance.  Not only does this test support the fact that traditional stand-alone firewalls are ineffective, it also supports the need to aggregate multiple security functions in an easy to use, low TCO product to provide the best protection.”

But in any event, NSS Labs found through independent testing that the Cisco ASA 5585, Fortinet Fortigate 3950, Juniper SRX 5800, Palo Alto Networks PA-4020, and Sonicwall E8500 “failed to correctly handle the TCP Split Handshake spoof (aka Sneak ACK attack), thus allowing an attacker to bypass the firewall.”

Meanwhile, just the Check Point Power-1 11065 passed this particular test.

That led Vik Phatak, the CTO of NSS Labs, to conclude in an official statement, “IT organizations worldwide have relied on third-party testing and been misled.  These test results point towards the need for a much higher level of continuous testing of network firewalls to ensure they are delivering appropriate security and reliability.”

Of course, the good news is that the tests have drawn attention to the issue, and while people may dispute some details, any problems should be addressed in the long run.  Firewall makers won’t want to have to go through this again and again in the future, after all.

So network professionals who employ the “failed” firewalls shouldn’t necessary panic and unplug everything.  This will just be a matter worth monitoring as everyone takes a stance and/or commits to making upgrades.

There are several upsides to this, and a major one relates to speed.  New equipment should allow for faster data transfers, allowing organizations to both easily store more information and be more efficient in accessing it, which could result in decreased costs and happier customers.

Decreased costs may also be seen if the new equipment is more energy-efficient than what everyone’s using now (a likely circumstance).

Finally, if the new network equipment turns out to be in any way more secure, then businesses and consumers will again benefit due to decreased instances of hacking and data theft.

There are drawbacks to TechNavio’s prediction, however, starting with that $3.23 billion price tag.  After all, not every business will be able to afford new stuff, and that could mean some organizations will fall behind in technical competence due to budget shortfalls.

There are risks related to public perception, too, as businesses with older – but perfectly functional – solutions may risk seeing raised eyebrows and decreased confidence.

Anyway, if you’re interested in how TechNavio reached its conclusions, the firm explained in a statement, “The report, Global Next Generation Network Equipment, is based on an extensive research from inputs by industry experts, vendors and end-users.”

Then if you’d like more of a year-by-year perspective on what sort of spending increase it’s predicting, TechNavio said, “Research conducted by TechNavio reveals that the global next generation equipment network market is expected to grow at a CAGR of 14.2 percent.”

It should be interesting to see if reality measures up to that ambitious forecast.

Meanwhile, network professionals may want to start checking what they can do to influence their organization’s budget, while at the same time being careful about purchases that would stick them with tech that might soon be obsolete.

A little background info in case you’re not familiar with Rustock: a post on the official Microsoft on the Issues blog explained that the botnet is thought to have infected around one million computers, and has sent out billions of spam messages on a daily basis.

Rustock even earned its own Wikipedia entry, which should prove how high its profile was.

Now Rustock’s more or less out of order, though.  The blog post stated, “Microsoft filed suit against the anonymous operators of the Rustock botnet, based in part on the abuse of Microsoft trademarks in the bot’s spam.”  Then, “[W]e sought and obtained a court order allowing us to work with the U.S. Marshals Service to physically capture evidence onsite and, in some cases, take the affected servers from hosting providers for analysis.

“Specifically, servers were seized from five hosting providers operating in seven cities in the U.S., including Kansas City, Scranton, Denver, Dallas, Chicago, Seattle, Columbus and, with help from the upstream providers, we successfully severed the IP addresses that controlled the botnet, cutting off communication and disabling it.”

That’s a huge achievement.  Anti-spam organizations can usually at best hope to knock a threat offline for a short period.  Microsoft deserves a lot of credit for organizing this coalition to cripple the botnet.

The corporation’s going to do its best to ensure Rustock isn’t resurrected, too, as its next goal involves getting the Rustock malware off infected computers.

Hopefully that part of the operation will go smoothly.  And network professionals should hope that Microsoft doesn’t stop there, as there’s a definite possibility that the company could start the process all over and hunt another botnet.

In the meantime, enjoy any letup in spam you observe and perhaps use this as an opportunity to run some deep security scans for any remaining problems that might exist.

That’s not an insignificant honor.  The Ethisphere Institute considers itself a leading international think tank, and its membership groups consist of over 200 different organizations.  What’s more, U.S. Chamber of Commerce COO David Chavern even agreed to give a keynote speech related to the ethical companies list.

Also, if you’re curious, other winners include important corporations like Adidas, American Express, eBay, Ford, Pepsi, Starbucks, and Xerox.

So to return to the matter at hand, Ethisphere’s executive director, Alex Brigham, said in a statement, “As companies strive to maintain a competitive advantage, good ethics translate into better business, and better business means better bottom lines.  Juniper Networks recognizes the important role that principled practices play in brand reputation, which ultimately is the most valuable asset for a corporation.”

Mitchell Gaynor, the executive vice president, general counsel, and secretary of Juniper Networks, added, “We are extremely pleased with this recognition.  At Juniper, we believe who we are on the inside is who we are on the outside.  Our core values direct our employees’ decisions and actions, and require an unwavering dedication to the highest ethical standards from employees at every level of our organization.”

This development could help Juniper Networks attract more customers, partners, and employees.

A panel of SC Magazine‘s readers made that determination, giving Sourcefire’s product the most votes.  And that’s an important detail, since it means real-world users, and not just one or two deskbound editors, put their knowledge and experience to work.

Otherwise, an official statement released by Sourcefire explained, “The SC Awards Readers Trust Voting Panel is comprised of security and technology experts from large, medium and small enterprises throughout major vertical markets.  The panel weighs nominees against a number of key criteria including functionality, manageability, ease of use and scalability of the product, as well as the customer service and support provided for it.”

Next, John Burris, the CEO of Sourcefire, outlined his product’s benefits by adding, “Organizations require an IPS that adapts in real-time to defend their networks, users and applications from the latest targeted attacks.  Providing users with increased visibility and contextual awareness, the Sourcefire IPS has the power to stop today’s sophisticated threats, while also offering intelligent automation for simplified and accurate protection.”

More specifically, key Sourcefire IPS features include contextual awareness that is supposed to pick up on common network usage patterns.  Then it can reduce intrusion alerts, block suspicious behavior, and identify users judging from their IP addresses.

So it seems that Sourcefire is on a roll.  (The company’s actually received recognition from SC Magazine under a couple other circumstances in the last little while, was named to the Deloitte Technology Fast 500, and received a five-star rating in the Everything Channel Partner Program Guide.)

Network professionals interested in reading more about the Sourcefire IPS can do so here.  A seven-minute demo of the Sourcefire 3D system is also available in the event anyone really wants to dive in.

The relevant products include Cisco SecureX Architecture, the Cisco Adaptive Security Appliance, and Cisco AnyConnect 3.0.  As for what the upgrades involve, Cisco was quick to explain in a statement.

The company said, “To enable companies to conduct business without borders, Cisco is introducing a new highly distributed security architecture that manages enforcement elements like firewalls, Web proxies and intrusion-prevention sensors with a higher-level policy language that is context-aware to accommodate business needs.”

Then the statement continued, “These next-generation scanning elements are independent of the physical infrastructure and can be deployed as appliances, modules and cloud services.  Better suited to address today’s security challenges, they are designed to know exactly who a user is, what role that user plays in the organization, and whether that user should be allowed access.”

Those could be valuable capabilities, depending on the organization.  Here’s hoping they prove useful to system administrators and don’t come at too high a price.

To provide some background information: an organization called The Business Press was behind the list, and it’s published by Enterprise Media, a subsidiary of A.H. Belo Corporation.  So this wasn’t an honor of the unimportant, available-for-$4.99 variety.  Some big names are behind it.

Also, Accent Computer Solutions describes itself by stating that it “was founded in the 1980s and helps businesses use Information Technology to cut their costs and boost their business.  Accent knows firsthand the impact a properly managed IT system can have on their clients’ success, so they built their business to prevent IT problems from happening in the first place.”

Later, the description continues, “Accent’s focus is on reducing the cost and the risk of Information Technology by providing proactive IT services, IT outsourcing, network services, business telephone/VoIP, new building and remodel cabling, and wireless solutions for a wide spectrum of businesses.  Accent continues to be the leader in computer support, network services, and IT consulting for companies throughout the Inland Empire, Los Angeles, and Orange County.”

Now back to the fresh news.  Following a series of wins in 2007, 2008, and 2010, Accent Computer Solutions was ranked the number one IT and network services company in The Business Press’ Book of Lists again this year.

Marty Kaufman, the firm’s president, said in response, “I can’t thank my team enough for consistently providing excellent IT service and support for our clients.”

Other companies might do well to research and imitate the practices of Accent Computer Solutions.  That way, they can at least become better, if not the best.  We’d find it hard to blame any individuals who decided to submit their applications for future open positions, as well.

Gawker, which actually owns a considerable collection of sites aside from Gawker.com, made a good move by emailing some users to let them know their accounts had been compromised.  Also, since not everyone could be reached by email, Gawker put a banner notice on all its properties.

The notice then led to a FAQ, constructed so that users could learn all about the incident in a single place.

One last, rather nice touch: Gawker’s founder and CEO, Nick Denton, spent some time fielding questions and acknowledging suggestions in the comments sections of Gawker’s sites.

There were just two problems with Gawker’s handling of the situation, the more serious of which was its response time.  Lots of people noticed that Gawker took a few hours to get into figurative gear, during which the hackers were able to recycle passwords and gain access to some Twitter accounts.

Also, an employee or two might have reacted in a flippant manner at first, further aggravating users.

Organizations that deal with both networks and the public should learn from this situation and come up with a better way to react.

A reverse situation is possible, too, where someone watching YouTube videos or playing online games on his lunch break would cause callers to have a bad experience. And it would be a real pain if it were necessary to make a company-wide announcement every time the phone rang.

So David Sims talked to officials at VoIP Insider about how to take VoIP calls into account, and they told him, “[Y]ou should calculate the total bandwidth needed to send and receive your calls. You can do this by multiplying the number of anticipated simultaneous calls times the packet size of the voice codec you will be using (like G.722 or G.729).”

Then, depending on how things look, the officials said, “[Y]ou may want to prioritize or even segment your voice traffic.” (This can also serve as a good precaution against unforeseen Internet problems even if the situation seems under control.)

If problems still exist after all this, it may be time to rework the VoIP cost analysis. Specifically, the cost of more bandwidth will have to be weighed against the cost of using traditional phones. It’s possible VoIP won’t represent such a great deal once the added expense is factored in.

The good news is that most organizations with decent Internet connections shouldn’t encounter a lot of problems when using VoIP tech. It’s just best to think about this sort of stuff before going through with any transitions; no one will win if all of a company’s phones are accidentally transformed into little more than paperweights.

Network-attached storage devices can often perform all sorts of nifty functions, and in an article for Gizmodo, John Mahoney started by writing about remote access.  His key point: “The easiest way to access your NAS from outside of your home network is to set up an FTP server.”

Next, Mahoney addressed the idea of using any device in conjunction with Apple’s Time Machine utility, which is important since Apple’s Time Capsule is all it’s really supposed to work with.  And on a related note, he later talked about Windows and Mac compatibility, as well.

What’s more, Mahoney covered the concept of RAID (“go RAID 1 or don’t worry about it”), and if you have any videos that someone would like to watch on a regular television, he even wrote about NAS devices as they apply to console video streaming.

Since network-attached storage still isn’t free – and since quite a lot can go wrong if data doesn’t travel and/or get stored as intended – it’s probably worth your while to follow these tips and get the most out of your NAS devices.