Author
 Mike Fratto
Twitter
LinkedIn
Google+
RSS
E-Mail

Profile of Mike Fratto

Former Network Computing Editor
News & Commentary Posts: 96

Mike Fratto is a principal analyst at Current Analysis, covering the Enterprise Networking and Data Center Technology markets. Prior to that, Mike was with UBM Tech for 15 years, and served as editor of Network Computing. He was also lead analyst for InformationWeek Analytics and executive editor for Secure Enterprise. He has spoken at several conferences including Interop, MISTI, the Internet Security Conference, as well as to local groups. He served as the chair for Interop's datacenter and storage tracks. He also teaches a network security graduate course at Syracuse University. Prior to Network Computing, Mike was an independent consultant.

Articles by Mike Fratto

Inside Interop 2011 Hot Stage

5/6/2011
Three months of planning the Interop network. Two weeks staging the equipment and preparing the network. Dozens of people from as many vendors all focused on putting together a network that will go live for six days. Glenn Evans, Interop network project lead and benevolent dictator, works with the vendors and volunteers to design, build, troubleshoot, and manage the InteropNet.

The hot stage is when all of the planning comes together. The InteropNet team documents every detail, down to

Post a Comment

Performance Testing And Integration At Interop

5/20/2009
If networking is cool at Interop, then testing, the red-headed stepchild of networking, is going to make itself known. Factors like data center consolidation and virtualization are changing the demands made of the network for more resilient, low latency and high speed capacity.

Post a Comment

Just Say No to Virtual Security FUD

4/30/2009
What is special about a virtual computer-a VM? It's a computer in a file. That's it. It's just a computer stored in a file with similar foibles and management issues as a physical computer. So why do some people invest virtual computers some magical transformative powers? Do they not understand what a virtual computer is?

Post a Comment

New ProCurve Threat Module: Flexibility Requires Planning

4/29/2009
HP ProCurve announced a new module for their ProCurve 8212 and 5400 modular switches. The Threat Management Module offers firewall, VPN, and IPS functions simultaneously on the switch backplane which is unlike Cisco's approach with the Catalyst 6500 requiring separate security modules firewall, VPN, and IPS. The cost, however, is lower performance per module. ProCurve needs to increase module performance to make it a replacement for appliances.

Post a Comment

IBM to OEM Brocade Switches. It's IBM vs HP.

4/28/2009
IBM and Brocade jointly announced that Big Blue will be selling Brocade network switches branded as IBM Ethernet switches. The agreement extends the existing IBM/Brocade OEM deal for SAN equipment. A lot of people will see this as a reaction to Cisco's UCS launch, but according to IBM, nothing is further from the truth. I think it pits IBM against HP.

Post a Comment

Time Warner Cable Fights For Its Monoply

4/15/2009
I am one of those people who believes in universal access. I think it is desirable for those of us living in urban/suburban areas to subsidize telecommunications to rural areas. Subsidies help build out and maintain our telephone network resulting in a net benefit. So subsidizing broadband roll-outs with government funds a good as well. Too bad Time Warner and others are trying to strong arm the FCC into supporting a tacit monopoly with public funds.

Post a Comment

We Want You For Application Delivery

3/24/2009
Network connections have been getting faster over time and, correspondingly, applications have been keeping pace by getting fatter. Add in the changes in how applications are delivered as Web applications, hosted applications, and virtual desktops, application performance is becoming increasingly important. We want to get your thoughts on application delivery. Please take a few moments to fill out our InformationWeek

Post a Comment

Drawing A Line On Web Application Security

3/11/2009
Web application security is of particular importance because so much of our digital life is spent interacting with Web applications. Lori MacVittie, technical marketing manager with F5 and former Network Computing senior technology editor, has spent years kicking the question of where application security belongs -- in the network or the application -- back and forth. But I want to draw a line in the sand: Don't depend on Web application firewalls to fix your software problems.

Post a Comment

Virtualizing Switch Management

3/4/2009
What has been happening to your data center port density over the years? If you've been adding server hardware, then chances are port density has been increasing in one's and two's. But if you've been adding virtualization, the port density may be rising in four's or eight's as you try to balance network I/O over multiple NIC's. Get ready to virtualize your management.

Post a Comment

DNSSEC: Forgetting The User, Again.

2/24/2009
A lot of very smart people are working very hard to make the Internet trustworthy. The Internet Assigned Numbers Authority (IANA) has launched a beta Interim Trust Anchor Repository so top-level domain owners can publish DNSSEC material while ICANN works out signing of the root zones. The ITAR is one more step in the road to DNSSEC. But DNSSEC is a technical solution and, like other technical solutions, ultimately misses

Post a Comment

ROI Is Not A Good Justification For Security

2/18/2009
It's no secret that the business office uses financial models to approve and disapprove purchases. Getting proposals approved on business merit is often misunderstood by many IT and security practitioners who see the need for a technology, but can't convince business folks. Return on investment, ROI, often is used to justify, in part, an IT purchase which results in the percentage return. Risk reduction is the primary goal.

Post a Comment

My Computer, A La Carte

2/12/2009
OS installs have gotten easier over the years, whether it's a Linux distribution, Mac OS X, or Windows. Fewer choices to make and fewer technical decisions that need to be pondered. But today, I found the easiest of them all, Slax 6 Build a Distribution and I think it serves as a model for how software should be distributed, a la carte, and as a model for smart system recovery.

Post a Comment

Bandwidth Management Coming To You

1/29/2009
Cox Communications recently announced a new bandwidth management program, while Google and partners are releasing a tool to detect throttling. The traffic battles are heating up, but the deck is stacked against users since we use the pipes, not manage them. Even so, Cox's plan seems responsible and, if done right, can balance competing network demands.

Post a Comment

Don't Chase Checkboxes

1/22/2009
Drew Conry-Murray takes apart PCI in his recent blog PCI Is Meaningless, But We Still Need It. I agree with most of his points, but they mostly apply to companies that view compliance as a set of checkboxes that have to be filled in annually. Filling checkboxes is doomed to failure. Focus on the spirit of the requirements and your company's security posture will be the better for it.

Post a Comment

Nortel Restructuring: Breathe And Relax

1/14/2009
Nortel has initiated a restructuring process in an attempt to turn the company around. Despite the doom and gloom about the announcement, Nortel is far from a fire sale. Restructuring may be a good step to get control of the company. With $2.4 billion in cash, Nortel is in a far different position than U.S. automakers. Nortel has been struggling for the last few years to turn its business around.

Post a Comment

CWE/SANS Top 25 Programming Errors

1/13/2009
A group of security experts comprised of vendors, government experts, educators, and individuals published Mitre's Common Weakness Enumeration, a scheme that identifies common programming problems and offers guidance to avoid the problem in the first place. The group hopes the CWE list will be used by colleges to teach secure programming, vendors to avoid the mistakes, and customers to demand these problems are not in shipping code.

Post a Comment

Yes, Trust In The PKI Is Broken

12/30/2008
The trust in digital certificates relies on the fact that the authority issuing the certificate has validated the identity of the person or company making the request and that the digital certificate can't be forged. New research presented at the 25th Chaos Computer Congress shows that forging digital certificates is possible and practical. Trust in the SSL i

Post a Comment

NMAP Network Scanning: A Must-Have Addition To Your Library

12/29/2008
NMAP, the open source network mapping tool, should be in any network or security administrator's toolbox. It's a feature-rich network scanner that goes far beyond port scanning such as service and OS detection, stealth and evasion modes, and sports an internal scripting engine. NMAP Network Scanning, a reference guide written by Gordon Lyon, a.k.a. Fyodor, is a must-have book to get the most out of NMAP.

Post a Comment

Security Threats Aren't Mitigated By Details

12/18/2008
Good security programs start with asking the right questions. All too often, security and network engineers sweat the details of some security technology or other and don't examine the most likely sources of attack. I recently overhead the question "How long should I set an IPSec VPN rekey time interval?" Answer the question by asking how worried you are about an attacker breaking into your VPN and how that might be accomplished.

Post a Comment

What Is The Next Step In The War On Spam?

12/8/2008
We all know that spammers will do whatever it takes to find a way to send their advertisements and scams to potential victims. Spammers are circumventing methods services like Gmail, HotMail, and Yahoo use to stop automated spam to the point that even legitimate users of these services are unwitting victims of anti-spam.

Post a Comment

Alcatel-Lucent's Big Plans

12/1/2008
Alcatel-Lucent recently announced a sweeping set of enhancements across many of its switch and unified communications product lines. ALU, better known in the service provider arena, wants to send the message that it can compete with the likes of Cisco, Hewlett-Packard, and 3Com as a total solution provider for voice and data services rather than a point product vendor. Is a single source necessary or the best option?

Post a Comment

CSI 2008: You Want Standards, You Have To Demand Them

11/18/2008
This morning's Trusted Computing Group summit focused on the Trusted Platform Module (TPM), NAC, and the TNC. The event was well-attended and covered a range of topics from what the TPM is and what it is used for to the TNC's role in NAC and NAC standards. One overwhelming message came out: Users want standards. Vendors are not listening.

Post a Comment

Green Hills Software Integrity: A Secure OS At Last

11/18/2008
Green Hills Software Integrity 178B operating system is the first, and only, certified Common Criteria Evaluation Assurance Level (EAL) 6+ operating system on the market. Green Hills Software uses Integrity as the basis for a secure PC operating system called Integrity PC and includes Padded Cell Virtualization, a secure hypervisor running within Integrity PC. Integrity Global Security LLC has been formed as a subsidiary of Green Hills Software to market Integrity PC. Integrity PC is provably se

Post a Comment

CSI 2008: The Business Case For Governance, Risk, And Compliance

11/17/2008
There are three legs of a table that, if weakened, put your organization at risk and, if a leg is removed, let the table fall to the ground. IT governance, risk, and compliance (GRC) is fundamentally a return to the basics of information security. Regardless of technology, you need to know what to protect, when it needs protecting, and why it needs protecting. Getting ahead of the game is more effective than catching up later.

Post a Comment

CSI 2008: Brian Snow's Assurance And Controls

11/17/2008
Brian Snow's keynote at CSI 2008 started with an amusing graphic of a guy pouring gas over his head while lighting a cigar. The message was we always take risks, even when we aren't aware of them. Snow learned a thing or two about risk while working at the NSA for 20 years, ending as technical director for information assurance. Information risks, he points out are, moving targets and information security programs need to be adaptable and w

Post a Comment

CSI2008: Security Reconsidered

11/16/2008
This year's CSI 2008 event promises to be every bit as interesting as ever. CSI tracks are broad, the topics deep, and the speakers top-notch. Once again I find myself wanting to see all of it (9 tracks!) but only one of me.

Post a Comment

NIST Seeks New Hash Algorithm

10/31/2008
NIST is wrapping up accepting submissions for a new cryptographic one-way hash algorithm today. NIST's competition follows a tradition of peer review, public discussion, and acceptance of algorithms that brought us DES, SHA, and AES. The selection process won't be complete until 2012, but final selection should addresses weaknesses in the hash algorithms used today.

Post a Comment

ICANN Opens Comments On gTLD Creation

10/24/2008
ICANN, the organization that manages the technical aspect of the DNS, among other things, has opened up a 45-day public comment period on the process for requesting a new generic Top Level Domain (gTLD) such as .com, .net, and .gov. The comment period is the next step along the path of adding more gTLD's to DNS. If you are involved with DNS, or work for a global or national brand, you want to pay attention to t

Post a Comment

MEF: The Standards Group To Watch

10/22/2008
The Metro Ethernet Forum (MEF) really is a good model for standardization bodies. The MEF brings service providers and equipment makers together to create standards for all facets of Carrier Ethernet as well as providing conformance testing and certification. Kevin Vachon, COO of the MEF, provided some interesting insights into the direction of the MEF and, therefore, the direction of Carrier Ethernet.

Post a Comment

Ethernet Expo: Future Of Carrier Ethernet

10/22/2008
Ethernet Expo is the place to be to get current on the technology and service offerings. While the main show is aimed more toward service providers, enterprise attendees to the show can gain some valuable insights on upcoming standards work, deployments, and last mile connectivity.

Post a Comment

TCP Flaw An Abject Lesson On Responsible Disclosure

10/3/2008
The pendulum swing between responsibly disclosing a vulnerability privately to affected vendors so they can create a fix versus telling the world so IT can be aware of potential problems is swinging back into the vendors' favor. The result is that without public awareness, vendors aren't motivated to institute fixes on a timely basis.

Post a Comment

Data Leakage Is A People Problem

9/30/2008
Cisco commissioned a global survey of IT administrators and computer users about their perceptions on data leakage. Not surprisingly, the study found employees use their work computers for personal use and IT knows it.

Post a Comment

Lack Of Standards Adoption Is Softening NAC Uptake

9/18/2008
There are a lot of reasons why NAC adoption is slower than expected -- it's expensive, it's complicated, there isn't always a clear benefit, competing IT projects are taking priority, and there's still a lot of confusion about NAC technologies. Until IT grasps these issues, they won't move forward.

Post a Comment

Network Recorders Are A Window To The Past

9/17/2008
Announced at Interop, Endace Analytics Center 2000 provides network analysis for Endace's NinjaProbe, while Solera Networks announced an OEM program providing data-capture services to others. In both cases, the ability to play back captured network traffic eases troubleshooting and resolution.

Post a Comment

Beating The NAC Standards Bush

9/16/2008
Halfway through NAC Day at Interop, I moderated a panel populated by representatives from the sponsors. What became clear during and after the panel is that attendees are very concerned about standardizing NAC. Who wants to buy a proprietary product that won't play well with others?

Post a Comment

NAC Happenings At Interop

9/10/2008
Earlier this summer I was tapped for NAC Day 2008. It's a day-long event on the topic of Network Access/Admission Control at Interop NY held at the Javits Center. I'll agree to almost anything if I can get a trip to Manhattan out of the deal. I hope to cover nearly every aspect of NAC in 5 hours and 45 minutes.

Post a Comment

Privacy Policies Are For PhDs

9/4/2008
BNET has a story, Privacy Policies Are Great -- For PhDs, highlighting the point that privacy policies are so obtuse that a college education or better is required to understand them. That point is perfectly clear to anyone who has read a privacy policy or an end-user license agreement (EULA). These policies are written for legal professionals, not the masses.

Post a Comment

Getting A Perspective On Man In Middle Attacks

8/25/2008
Researchers at Carnegie Mellon University have proposed a system whereby you can ensure that when you attach to a server that uses SSH or a self-signed digital certificate and you haven't verified the authenticity of the host identity beforehand, you aren't subject to a man in the middle attack.

Post a Comment

Untrusted SSL Certificates Indicate A Failure

8/22/2008
An unknown certificate is a failure in SSL/TLS, and that's how it should be. Ever since Firefox 3 came out, the way it presents SSL-enabled Web sites with self-signed certificates has been called scary and hurtful. Untrusted self-signed certificates should be scary because untrusted self-signed certificates are a failure in SSL/TLS, and a failure in your authen

Post a Comment

EV Certificates Enhance The Bottom Line, Not Trust

7/29/2008
VeriSign has been very active in beating the Extended Validation certificate drum. I just have a real problem with EV certificates being sold as "better" than regular EV certificates. EV certificates don't change the security features of the resulting SSL connection. The green or red address bar doesn't tell us whether a Web site is trustworthy or not. But the green bar adds greenback to you

Post a Comment

On The Internet, There Are No Secrets

7/22/2008
One thing is true about the security research community, it is populated by people that don't like to be told what to do or how to act. Halvar Flake thought the way the DNS disclosure was handled was OK, but didn't think the discussion blackout would be useful. So setting off as a DNS novice, he spent a few hours figuring out the problem. He got pretty close, too. So then Matasano Security

Post a Comment

Time To Patch DNS Servers And Clients

7/8/2008
CERT has issued an advisory, short on details about the exact nature of the problem, about a fundamental flaw in the DNS protocol which allows an attacker to poison a DNS cache. Working with the person who found the flaw, Dan Kaminsky, CERT notified vendors of the problem and is coordinating a publication of the patch. If you run a DNS server, check with your vendor to see if a patch is available.

Post a Comment

No One Gets Fired For Registering A Dot-Com

6/27/2008
ICANN, the Internet Corporation for Assigned Names and Numbers, which manages the generic Top Level Domain (gTLD), recommended opening the gTLDs to organizations that can afford the registration process and can prove they have the wherewithal to manage a gTLD. Many are predicting Wild West expansion of names and the death of the .com. I predict it will be risky business for domain name owners.

Post a Comment

Don't Troubleshoot. Change The Way You Work

6/26/2008
Many of us computer users suffer in silence. Yes, there are the outspoken people we see complaining on message boards, but in general, we put up with the quirks of applications because the alternatives are not worthwhile. And sometimes, we have to go along to get along, which means forced updates to the latest version of software for no other reason than you have to be able to share files easily. Computers should change to fit our needs, not the other way around.

Post a Comment

Unified Threat Management: The New Firewall?

4/20/2005
We put five UTM firewalls through extensive tests to see if they could detect blended threats and maintain high performance. Although we were mostly underwhelmed with the results, our Tester's Choice stood out from the rest, having caught all our 'attacks' the first time around.

Post a Comment
IT's Reputation: What the Data Says
IT's Reputation: What the Data Says
InformationWeek's IT Perception Survey seeks to quantify how IT thinks it's doing versus how the business really views IT's performance in delivering services - and, more important, powering innovation. Our results suggest IT leaders should worry less about whether they're getting enough resources and more about the relationships they have with business unit peers.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Must Reads Oct. 21, 2014
InformationWeek's new Must Reads is a compendium of our best recent coverage of digital strategy. Learn why you should learn to embrace DevOps, how to avoid roadblocks for digital projects, what the five steps to API management are, and more.
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
A roundup of the top stories and trends on InformationWeek.com
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.