This Week in Enterprise Tech 59

From The Official TWiT Wiki
Jump to: navigation, search
This Week in Enterprise Tech
Episode 59

Contents

This Week in Enterprise Tech 59:

Network penetration testing demo, Verizon won't activate the Nexus 7 LTE, Blackberry to go private, and more.

Enterprise Byte

Unlocked Phones

  • Jeff Jarvis' unable to activate Nexus 7 despite no technical prevention, Verizon has "not certified" the device for activation.
  • May be the legal department causing the support block.
  • Carriers would rather lease you a phone than have the consumer purchase the phone on their own, in order to get a term contract.
  • Carriers are obligated to accept any device on their network, unless the device will cause issues to their network.
  • Users will buy a locked device, and then move the SIM card to an unlocked device.
  • FCC ruled carriers cannot charge separately for tethering (double dipping).
  • Carriers also cannot restrict or deny a user solely based on network usage.
  • Competition may take advantage of limiting carriers to promote their less limited network.
  • Large carriers will require a large movement of users to competing carriers based on network limiting before they will change.

Blackberry Goes Private

  • BBM halted due to server crash.
  • Buyout offered at $9/share
  • Blackberry may be easier to deploy in the Enterprise (BYOD Support)
  • Blackberry Enterprise Server

Pen Testing

  • Penetration Testing tries to test technology by trying to break it.
  • Metasploit is a modular collection of vetted and current tools to exploit technology vulnerabilities.
  • Red team testing tries to achieve access to restricted data etc.
  • Metasploit lowers the bar to secure networks, and can be automated.
  • Metasploit can be used by script kitty, but is used by many professionals.
  • Building a VM that matches the target system, or the system you wish to secure, can provide a safe way to PEN test.
  • Finding the weakest link is often fastest.
  • Weakest link is often the human (social engineering).
  • Phishing attacks have to be prevented by IT (working with HR0, training employees.
  • Attacks can be done both external from a network, within a network, and also from a client's workstation attacking an internal application.
  • Attacks can be done on a client's running processes, so once a user has logged into their webmail, bank, etc., he attacker can open a new window on their own machine over proxy, and also use their authenticated session
  • Hackers no longer want to hack just to vandalize, their are financial gains to compromise systems.
  • Exploit tools supersede anti-virus/security software.
  • PEN tools can test assumptions, such as, "our firewall will block xyz".
  • Outside professionals can bring a different point of view to look for vulnerabilities.

Hardware & Software Mentions

Sponsors

  • Citrix Promo Code: ENTERPRISE
  • Ad time:
  • Ring Central Promo Code: TWIT
  • Call: (800) 543-9980
  • Ad time:

Production Information

  • Recorded Date: September 23, 2013
  • Release Date: September 23, 2013
  • Duration:
  • Log line:
  • Edited by:
  • Notes:
Info.png This area is for use by TWiT staff only. Please do not add or edit any content within this section.
Personal tools