Crimeware defense strategies: how to protect your network (and yourself)

Acclaimed security scientists say criminally motivated attacks are on the rise, but can be thwarted.

Internationally acclaimed security scientists and authors Markus Jakobsson and Zulfikar Ramzan were recently guests for a live Network World chat. The two, co-authors of the book Crimeware: understanding new attacks and defenses (published April 6), discussed defenses against financially motivated attacks, otherwise known as crimeware. The offered suggestions on how to protect your network (and yourself) against drive-by pharming, phishing attacks, identity theft, wireless network vulnerabilities and more

Internationally acclaimed security scientists Markus Jakobsson (pictured left) and Zulfikar Ramzan (pictured right) were recently guests for a live Network World chat. The two are co-authors of the new book Crimeware: understanding new attacks and defenses. They discussed defenses against financially motivated attacks, otherwise known as crimeware and offered suggestions on how to protect your network (and yourself) against drive-by pharming or phishing, identity theft, wireless network vulnerabilities and more.

Moderator-Julie: So, how did you guys meet and why did you decide to write this book?

Markus_Jakobsson: We have known each other for quite a while. We both have a background in theoretical cryptography, and used to hang out at crypto conferences all over the world. When we both got interested in online fraud and how to stop it, it was natural for us to work on this together.

MarkJ: Although every network is assailable, are there cryptographic tools and methods that can be employed by end users to defend against cybercrime attacks? This question assumes that firewalls, anti-virus, anti-spam and anti-spyware measures are all in place and current with patches. It also assumes that social engineering efforts have failed to provide an opening for the cybercriminal. What cryptographic tools and methods would you suggest?

Zulfikar_Ramzan: There are a variety of cryptographic tools that can certainly help -- e.g., proper encryption, authentication, key management, etc. However, one challenge with crimeware and modern attacks is that they blend many different aspects -- so there is no one-size fits all solution. Instead it helps to take a holistic approach that looks at all aspects of the problem.

MarkJ: As threats become more advanced, why should the infrastructure in a country not add a posture of ensuring trusted computing via the service provider or Internet gateway by a form of legislation? If the hidden attack source IP is known, should the government not help via diplomatic channels in capturing the culprits? Do you know any country that is moving in this direction, if not, why?

Markus_Jakobsson: This is a difficult thing to do. What makes an IP address bad? That it is in Nigeria? But what if my computer is corrupted? Blocking based on IP address might just change the problem. But of course, security software of different kinds use IP addresses.

vidaliaga: My biggest concern when deploying or using a program to help me determine or prevent attack, is that many times these programs themselves open up your network to hackers. Which is the bigger evil and how do we overcome that as IT managers?

Zulfikar_Ramzan: I think the main thing is to start with the low-hanging fruit. There are some tried-and-tested technologies and approaches, and even beginning there can help keep attackers at bay (or at least interested in going after other targets). I find that many times people don't deploy even basic countermeasures, and generally speaking attackers like going after the lowest-hanging fruit.

yolynda: Can you suggest some of the tried and tested technologies you mentioned? Are you referring to anti-virus, anti-spyware?

Zulfikar_Ramzan: From a technology standpoint, having a comprehensive client-side Internet security software goes a long way (e.g., including anti-virus/anti-spyware, intrusion protection, and the like). If you have a wireless network, making sure it's protected with an appropriate security protocol (e.g., WPA2) is helpful. Often times people don't do these basic things and this is how most attackers get through.

gar: What is your opinion on the state of wireless security (as compared to non-wireless)? I choose to use a wired router at home to avoid dealing with wireless hackers.

Markus_Jakobsson: That is a good idea, but not a panacea. See Zulfikar's and my work with my PhD student Sid Stamm - "drive-by pharming." If you go to a bad Web site, that site can make your computer move your router (wireless or not) into the DMZ, then it is accessible from the outside.

MarkJ: What's the scariest attack that you've come across? (scariest in terms of, "Wow, even I would fall for that")

Zulfikar_Ramzan: Drive-by pharming is up there just because it can be mounted without requiring the user to explicitly install software. Fortunately, my router password was changed, so I wouldn't have fallen for it specifically, but I know quite a few very security savvy individuals who would have. The other area that scares me is Web browser vulnerabilities, since a well-designed exploit can infect your machine without requiring explicit user permission. And we are seeing more and more well-trafficked Web sites that become compromised and used as a launch pad for such attacks.

ckstopford: Can you describe a typical drive-by pharming attack - how it works?

Zulfikar_Ramzan: It works as follows. First, a user is exposed to malicious HTML code (either because he looked at a Web site or at an e-mail he received that contained it). The HTML code will attempt to surreptitiously connect to the user's home broadband router (wireless or wired), and will attempt to change its DNS settings. For this to work, the router has to be susceptible to a cross-site request forgery vulnerability - and many routers are, especially in cases where the user fails to change their default administrative password for the router. Once the DNS settings are changed, the attacker effectively "owns" the victim's Internet connection because the attacker can send the user to sites of the attacker's choice no matter what domain the victim thinks he is receiving data from or transacting with.

MarkJ: Is it possible for users to get infected by just viewing an e-mail message (with no images)?

Zulfikar_Ramzan: If there is HTML inside the e-mail and the HTML gets rendered by your e-mail client program, then it's possible to get compromised by simply viewing an e-mail (e.g., by a drive-by pharming attack). However such an attack might also leverage other vulnerabilities (e.g., a router cross-site request forgery). Beyond that I don't know of how one can get infected just by viewing an e-mail message.

ITPRO: Is viewing text-only mail safe?

Markus_Jakobsson: I would venture to say that it is. But the e-mail may have links to things, and if you go there ... all bets are off. So to return to what I suggested before: What if you get an e-mail from a friend of yours, it says "This is an awesome movie, take a look at it." If you go there, you need to accept a certificate, then you can watch the movie. That could mean real danger. Maybe you would never fall for an attack like this, but you bet, normal users would.

soamr: What is the most significant trend that will negatively affect network and system security over the near-term? And can we expect any relief in the form of more securely architecting software and operating systems?

Markus_Jakobsson: In my view the most significant trend is crimeware. And to be a bit more specific, targeted crimeware. Attackers are starting to use data-mining techniques to make the attacks better. Assume an attacker wants to send Joe at company X an infected attachment, and have him open it. If he can figure out who are Joe's colleagues at X, then he can spoof an e-mail to Joe from one of them. Maybe Joe's boss. "Joe, take a look at this PowerPoint presentation, and let me know what you think." Can that be done? You bet! For example, consider the simple Google query "at X" site:linkedin.com" – this will cause a list of public LinkedIn profiles to be returned, each one which will specify the name of the person working at Company X, along with his or her position, and maybe even a list of his or her closest colleagues.

MarkJ: What's the best way to defend against a DDoS attack by numerous bot networks?

Zulfikar_Ramzan: My feeling is that DDoS is hard to defend against if someone is really trying to specifically target you and willing to expend the resources to do so. However, we're finding that DDoS is not as popular as it used to be because it's hard to monetize such attacks (even extortion can be more challenging). Instead, attackers have found easier ways to make money off of botnets (e.g., spam).

FrankM: Do most attacks require the user to have administrator rights on the PC?

Zulfikar_Ramzan: Attacks based on writing to the file system certainly do. But there is definitely a whole class of attacks that do not -- e.g., phishing attacks. Because of their simplicity, these attacks are becoming more and more popular. Symantec blocks somewhere on the order of several billion phishing e-mails in a given year.

Raspie: What would you say poses the biggest threat to the online community, especially the financial services sector: the advancement of technological attacks, or the organization of different cybercrime syndicates combining the type of attacks and focus on a target? Second question: do you see any specific new threats in either areas (technological/organization-wise)?

Zulfikar_Ramzan: I really believe that the bigger "innovations" so to speak are happening not so much at the technological level but really are more about improving the attacker's business models. We're seeing more malware authors adopt traditional software development lifecycles, applying QA, and even offering support contracts for people who buy their "products." The trends that worry me are those associated with blending threats and also with targeted attacks (since attackers are getting good at making their attacks more compelling and leveraging social engineering mechanisms).

ITPRO: I heard about someone who had his identity stolen. The bad guy said he got the identity because the victim left his machine on the Internet all the time. Could the victim have protected himself behind a firewall?

Markus_Jakobsson: It probably would have helped, but only if it were correctly configured. A lot of people do not do that. It is important to realize that this is not a pure technical problem. What if the end user can be tricked to circumvent the protection techniques? What if he cannot configure the system correctly, and as a result, there is a vulnerability?

Raspie: What will be the most interesting of devastating threats in the next three years? What direction do you think it will go?

Zulfikar_Ramzan: It's always hard to say since attackers can get quite creative - but I feel that they generally innovate only when they are forced to. So to predict trends, I think about where security technology and adoption is heading and then that gives me a sense of what attackers might be willing to try later. I think as technology gets better, we will see more targeted attacks. I also expect to see continuing innovation with regard to business models used and an ongoing evolution of the supply chain in the underground economy.

vidaliaga: In your opinion, which threat is the most devastating to a company's network (the one we should focus on the most) and should we go at it with hardware, software or just good old user training?

Markus_Jakobsson: All of the above. Social engineering is becoming a big deal now that technical countermeasures are improving. The human question is both about education (see my effort at www.securitycartoon.com for some examples of how I think this should be done) and about designing proper procedures for people to follow - to make security possible in the first place! You need to understand the social aspects of the technology. How can you make sure people do the right thing? How can you measure what happens? Example: in a recent paper of mine, co-authored by my PhD student Jacob Ratkiewicz, we show that people do not really pay attention to the personalized greeting that is used by eBay. That means that is not really a security feature you can count on. The same study measures the degree to which people (general users, that is) understand URLs. To many, an IP address means danger. (That is nice.) But almost nobody understands cousin-name attacks ("bank-of-america-secure-login.com" appears to them to be a part of BofA).

Markus_Jakobsson: On the topic of spoofing sites, who do you think owns "democratic-party.us"? Must be the Democratic party, right? Wrong. Same with "support-gop.org." It is not only financial institutions that can be spoofed. Political parties, too. You get an incensed e-mail asking for a contribution ... just $5 ... would you pitch in? If you do, your credentials are gone...

Markus_Jakobsson: Also, take a look at www.i-forgot-my-password.com ... this is one of my recent passions: to fix the big problem of password reset. Of course, there is no silver bullet any time when security is concerned, but I think the approach we are taking has a chance to take a big bite out of the problem.

doug: With all the news recently about compromised Web sites... what should I be looking for to determine if our Web site has been compromised?

Zulfikar_Ramzan: The biggest tell-tale sign is the presence of HTML or JavaScript code that you are not familiar with on the site - especially anything that points to a separate domain or anything that contains components that would be invisible to a user (e.g., a zero-sized IFRAME). There is also technology that can determine if someone has compromised your Web site and is using it to host an exploit to a browser vulnerability.

karlhart: What is your reaction to Remote Desktop Protocol (Microsoft Terminal Services) as a mechanism to extend the corporate boundary to teleworkers. Are you aware of any specific security flaws in RDP or the typical implementation?

Zulfikar_Ramzan: I'm not aware of specific technical vulnerabilities related to RDP, but I'm far from an expert on the topic. I believe that these technologies point to the way that the global workforce is changing. Ultimately, though, attackers are usually less interested in exploiting technical vulnerabilities - and more interested in social engineering-based approaches. For example, only about 10% of the malware samples Symantec sees exploit a vulnerability. The remaining 90% either piggyback on top or use social engineering mechanisms to get onto the victim's machine.

Rex: I'm looking at installing a wireless mesh over the city that will include cameras in the parks, etc. I have a gateway, anti-virus, etc., already installed. What else should I be looking at to fight off attacks?

Markus_Jakobsson: Well, this might be a case of where the underlying protocol is very important. How do you send data? Can an eavesdropper get valuable information, including just traffic analysis data? Can he mess up the network by running replay attacks? Is the crypto strong enough? Do you have ways to update individual nodes if they are compromised? What if the attacker steals and reverse-engineers a few nodes? Are you still OK? Then turn to installation and configuration. Are there possibilities for human error that can wreak havoc later on?

Dan: What are some emerging threats that we should be aware of when protecting corporate networks?

Zulfikar_Ramzan: One that keeps coming up when I talk to our customers is spear phishing -- where an attacker will try to target a specific "high-valued" individual inside of a company (e.g., the CEO or CFO). Without a comprehensive defense-in-depth program, it can be hard to defend against such attacks.

ckstopford: What is your view on disclosure of security vulnerabilities? Is it preferable to allow the vendor time to remediate before disclosing? What pressure can we put on vendors to respond in a more timely manner?

Markus_Jakobsson: Most security researchers are in total agreement on this: If possible, one has to notify the vendor before disclosing vulnerabilities. But what is the reasonable amount of time? I do not know. It depends on the situation, really.

MarkJ: With all of the threats that you guys have discovered in writing the book, do you do any online banking or financial transactions?

Markus_Jakobsson: You bet! If I get defrauded, I would be pleased. I would learn something new. My wife may disagree, though. But yes, I live and work online, just like most everybody else.

Ty!: Apparently spam is still creating enough revenue to warrant the use of attack vectors such as the creation of botnets. On the other hand, companies are spending a tremendous amount fighting spam. Is this a problem that will only go away when demand for the spam-offered products goes away or has other avenues (e.g. cheap pills, embarrassing purchases, etc.)? Or can we do anything else to reduce the monetary value of such spam, thereby reducing the desire to create these spam networks?

Zulfikar_Ramzan: You're thinking about this problem in exactly the way you should. Ultimately, you're right - as long as spam makes economic sense for the spammers (e.g., because people respond to the spam and purchase products that are offered), spam will continue to be a big business. Anti-spam products can help reduce part of the monetary value of spam because they decrease the "conversion rate" of the spammer. Also, most spam is sent out through compromised machines, so to the extent that fewer machines are compromised, a spam zombie will be more expensive to rent. I agree 100% with you that it's important to think about these problems from an economic perspective.

soamr: Social engineering has been around for a long time, do you see any solutions to develop more savvy or less vulnerable users?

Markus_Jakobsson: Social engineering is here to stay. People in this chat may be different from the rest of the world. You care enough about security to join here, after all. Most people don't really think a lot about security, and will do whatever is convenient. Many people are a bit naive, and also, would like to think that the world is a good place. (Don't we all?) That makes them vulnerable.

ckstopford: One of the things I don't see a lot of focus on is defenses that keep your network from being a mule, if you will, for cybercriminals. Things like protecting your DNS from cache poisoning, egress filtering, etc. In terms of protecting your users, I still recommend not allowing admin privileges, installation of software, etc.

Zulfikar_Ramzan: I agree. There are a number of protection mechanisms you can put in place in general. Our guiding philosophy for the book is that attacks and defenses are moving more and more towards the end point, and ultimately to the end user.

jdub: What are some of your favorite tools to use in testing the security of a company or site?

Markus_Jakobsson: There are automated tools that poke at the firewall, etc. Lots of products. What I think is interesting is to look at what information is available about the people on that site. Can an attacker learn their names? Their e-mail addresses? Is there any way for the attacker to guess their "non-work" e-mail addresses to create a side-channel that avoids the corporate screening? (Take my Web site, for example. My Web site is www.markus-jakobsson.com/ That gives away my name, already. The content confirms it. You can get my work e-mail address on it. You can probably guess my Gmail address (if I have one) with a pretty decent chance of success. What can an attacker learn about his victim? A lot, in most cases. This is more of a technique than a tool, though, but it matters to understand vulnerabilities.

MarkJ: With more employees working at home, should IT take the lead in making sure that their employees' home PCs are not compromised to become zombies or other conduits into the corporate network?

Zulfikar_Ramzan: Absolutely. Telecommuting makes the corporate boundary far more fuzzy. On the one hand it benefits companies since employees can be more productive. On the other hand, it can post a challenge for IT managers who now have to worry about a much broader attack surface that can be compromised. I think your suggestion of being proactive about home PC security is an excellent one.

Randy.Davis: The company I work for absolutely forbids non-work computers from attaching to the network either locally or through VPN. We are provided with laptops for a main work computer that we can take home if we have a need to VPN in. That being said, outside of making sure that WPA2 is running correctly on somebody's home wireless network, is there a good way to keep the mobile workforce from becoming compromised?

Zulfikar_Ramzan: That's a good (and tough!) question. I don't know if there is an easy answer. One possibility is to ensure that all machines on an employee's home network are protected. Also, making sure that any network devices are adequately configured (e.g., default passwords changed, etc.) would be helpful. I haven't thought about how cost prohibitive this would be, so ultimately there will be some tradeoff between how much effort you want to spend protecting home PCs and how much it reduces your risk. I suspect the answer is different depending on the employees of the company and what the company does.

vidaliaga: Do you think the ever-growing trend of outsourcing to overseas countries is lending a hand in security fraud?

Markus_Jakobsson: It does not have to be to foreign countries. All e-mail from JP Morgan Chase is sent by a company called Bigfoot. So if you look at an e-mail from Chase, and the path and all, you see Bigfoot. Most people would not look, of course, and would not care. But when outsourcing becomes more and more common, it becomes tough even for people who care to know. Fraud, too, is being outsourced. Tasks are split, attackers subcontract for each other. We live in an outsourcing economy -- for good and bad.

ckstopford: What about use of cryptography for integrity checking – does it have a role in stopping crimeware?

Zulfikar_Ramzan: Cryptography is certainly very important and can play a role in a defense. But ultimately, I believe it's insufficient because of social engineering mechanisms, e.g., even if you require code to be signed, it's very likely that a user will click OK on any dialog boxes or warnings. The one benefit of cryptographic technologies is whether they can decrease the spread or effectiveness of crimeware. In that case, you can reduce the attacker's profitability, which might cause attack instances to go down or potentially even disappear.

mxmissle: Do you know of any good sources of data, education, etc., to help management understand the importance of implementing and funding security projects when they seem disinterested in understanding the issues?

Zulfikar_Ramzan: A bit of a self plug here: Symantec produces the Symantec Internet Security Threat Report, which is a comprehensive look at the state of Internet security. The report is generally objective and vendor neutral -- aiming to present the data and corresponding stats. It can help make an appropriate business case to your management with concrete numbers regarding the magnitude of a specific threat.

Markus_Jakobsson: Let me answer the education part of this question. In Zulfikar's and my recent book, there is a chapter on education and pitfalls. Education is not straightforward. If you manage to convey a message, the attackers are (quite naturally) likely to do their best to take advantage of this. A classic example is bank mergers: When two banks merge, they tell all their clients (and then some). Attackers start sending out spam saying that the recipient needs to update passwords etc because of the merger. Security education can have the same impact: if conveyed to people, it may create new attacks. So it has to be done right to begin with.

ckstopford: Do you know of any good sources of cybercrime statistics that would help in determining major attack vectors - say, to help justify security spending?

Zulfikar_Ramzan: The Symantec Internet Security Threat report is, in my (very biased!) opinion, one of the best sources out there for good stats. Another good source of information on our site is the Symantec Security Response blog. It contains a wealth of interesting information on the latest attacks and trends that we're seeing.

Markus_Jakobsson: A great source of information is the Anti-Phishing Working Group (APWG.com). They have information on their Web site, and they run really good conferences - some open to the public, others not. (Sometimes, you really do not want the attackers to know the latest things...) And take a look at Gartner. But remember that all stats are about what is reported: what if the victims do not know? Or what if they are embarrassed to report? See my recent work on "Social Phishing" - showing, among other things, that people are very likely to under-report due to embarrassment.

karlhart: Do you see any indication that threats to Windows PC systems are driving adoption of alternative desktop OSs such as Apple or Linux? Do you have a sense of what level of market penetration will spur the hacking community to aggressively alter attack vectors to more OS platforms?

Zulfikar_Ramzan: I think it's unlikely that we'll see a major shift in which desktop operating system is used just because of security reasons. As you alluded to, I think there's a common misconception that some operating systems are inherently more secure than others because some have had more widely publicized vulnerabilities. Ultimately, for attackers, I believe it's largely about market share - the more popular platforms will be targeted more because they lead to the biggest profits.

Therese: What is your view on cybercrime concerning eBay and stolen products being resold, and what can be done about that? Are there any new tools that are being used in that area or any interesting stats?

Markus_Jakobsson: eBay and PayPal are making quite amazing progress at quenching fraud, but they are still among the most targeted. They are simply so big that they make good targets. If you were an attacker and you wanted to spoof a company, you'd pick a target company that everybody knows about and a fair portion of your victims have a relationship with. There are a lot of different kinds of fraud on auction sites, and eBay in particular. Resale of stolen products, I think, is not really one of the biggest problems. Theft of credentials (whether of sellers or buyers) is a bigger problem. Now, when I say credentials, it is not only about passwords, but also the answers to the challenge questions that are used to reset passwords. What happens if the attacker knows the answers to your questions? They are you, in a way.

Therese: Interesting. Thank you for your response. Do you know is there a way to find out if a tech item you may want to buy is stolen?

Markus_Jakobsson: I would actually not worry so much about that. But I would worry about other things. Say that you buy a consumer router. Can you know that its firmware has not been altered? (Doing so is trivial, and has huge consequences.) How about the laptop you just bought - why do you think that the pre-installed AV software is really AV software?

Therese: I would say that something is missing if a service like eBay can't tell me if a phone, or if a laptop is stolen. I don't want to purchase something that is shut down or not usable. Do you think auction services have some responsibility in this area?

Markus_Jakobsson: But how could they tell? They never touch the product. Say that I am selling my laptop. How can they tell where it came from? That said, of course they want to be careful to do their best. If it becomes known (through complaints) that a particular seller deals with stolen goods, of course it is their duty to react. And they will. That account will be locked down. But the problem does not go away, because it is so easy to create new accounts, and so hard to verify who is behind an account registration. I am sure that there is a fair amount of stolen goods on eBay, Craigslist, etc. But in the pre-Internet days, the same stuff was for sale in ads in the Sunday newspaper. It is just a change of venue in a way and I do not quite see the auction vendors as responsible.

ckstopford: You mentioned requiring signed code - Lotus Notes client can be configured to accept only known good signatures - any trends in that direction, or is Lotus alone in that space?

Zulfikar_Ramzan: I think that there is a general trend in the industry towards only accepting what's good rather than trying to keep out what's bad (i.e., a white-listing approach). For example, we're seeing an explosive amount of malware. I think we may be on the way to an inflection point where ultimately there is more "bad stuff" out there than good stuff. And when that happens, the game will likely change considerably.

ckstopford: Isn't that a good coding practice, too? In other words, accept only known good input from a user?

Zulfikar_Ramzan: Absolutely - the most rigorous defense is to deny by default. However, I think that there are a host of administrative challenges to making such an approach work - especially since you may need to permit some level of flexibility while retaining sufficient security.

Stiennon: Why doesn't the whitelist approach (accepting what's "good" rather than keeping out "bad") work with e-mail, where most solutions still classify spam as "bad" to filter it out?

Markus_Jakobsson: There are so many sites out there, and so many new. It is an almost impossible job to list all good ones. And sites are corrupted: good ones become bad.

MarkJ: How vulnerable are social networking sites to crimeware attacks? Sites like Facebook, Twitter, etc.

Markus_Jakobsson: They are probably among the prime targets right now. What a source of data! Look at my study on "Social Phishing" ... we measured a success rate for our simulated attack of more than 70%, because we started by gathering data from Facebook. 70%! That is one instance of the attack, and should be compared to 5-10% (according to Gartner estimates) per year. Social networking sites are gold mines to attackers, and their control of users is very loose.

yolynda: What if your company is a university and you can't possibly control the laptops/remote users. How do you protect your network?

Markus_Jakobsson: Start by educating your users. Every tenth time they log in (you do not want it to be boring routine) then give them a short security message. Be consistent about how you communicate with them. And scan their machines when they connect. You can scan any machine, even if you do not have software running on it. They just have to connect to your network -- see http://www.ravenwhite.com/files/pphm.pdf for a description of how to do it without even making it a privacy trap.

ckstopford: Do you advocate segmenting the network into security zones - like in the example of remote users, determining access in part based on the condition of the machine that's connecting? How hard is this to implement?

Markus_Jakobsson: That makes a lot of sense. For example, is the user inside or outside the firewall? Is it a laptop or a desktop (the latter is less likely to travel to "bad" places). And what is in the user's browser history? Did he just visit a phishing site? It is not difficult to implement a basic system. To iron out all the nitty-gritty details ... a lot more, of course.

Bogie: What's the best way to defend your network against corrupted machines used by visitors, or even worse, contractors that need network access?

Zulfikar_Ramzan: One possibility is to require visitors to work inside of a virtual machine. Once they are done, the image can be reverted back to a clean state. This would mitigate the damage. Another possibility might be just to implement a similar policy, but use a back-up reimaging tool. Finally, the machine can be configured to make it more challenging to compromise (i.e., by not having users run in administrative mode and by turning off non-essential services and functionality).

Moderator-Julie Well, our time is up. Thank you all for coming! And thank you Zulfikar and Markus for being our guests today. Please remember to join us for our upcoming chats, all of them begin at 2 p.m. ET, at www.networkworld.com/chat.

- Tuesday, June 10 Enterprise technology trends IT departments can't afford to ignore with John Hagel and Eric Openshaw.

- Wednesday, June 18 Counterfeit network gear: how to detect it and protect yourself with Mike Sheldon.

- Soon to come (in July) Everything you need to know about Cisco certifications and building home labs, with Wendell Odom.

Have other ideas for chats? Send them to Network World community editor Julie Bort, jbort@nww.com.

Markus_Jakobsson Thanks all for joining, great questions!

Zulfikar_Ramzan Thank you all!

Also check out these transcripts from recent Network World chats 

Learn more about this topic

 
1 2 3 4 Page 1
Page 1 of 4
IT Salary Survey: The results are in