I was very interested in having a presentation about Information Security, today So I am so pleased that AT&T agreed to sponsor this event and provide us a great lunch. Another partner with us is the University of Oklahoma Center for Public Management. They take care of the coordination with AT&T, and do a great job I thought today. Also Steven Dial is on the focus board with the University of Oklahoma. Do you want to stand up Steve, so people can see you? So he also represents Oklahoma on the Focus Users group. (Clapping) And I know that is a burden these days for people from Norman to drive all the way to Oklahoma City, so we’re glad that you’re able to make it through all the construction. Uh, AT&T staff, do you want to wave and show folks who you are as our partners today? Thank you guys so much and we’re glad you’re here, and glad you’re providing lunch. Our speaker today is Steven Hurst, he was telling me a little bit about his back ground and work history. I don’t have time to go into all the details. But he was telling me about working with an MTV V-Jay. MTV early in his career promoting the internet and very interesting. I don’t think we’ll hear about that today. But maybe a little bit. Steve has been with AT&T for over ten years, serving in sales and technical sales support roles. He’s developed several information security products for AT&T. And has worked from the conception to the actual launch of those products. He’s earned an associate degree in Criminal Science, a bachelor’s degree in Communication and Theatre, so it should be entertaining today. A master’s of Education degree in Educational media from Temple University in Philadelphia. He also holds two independent security certifications in the CISSP. Certify Information Security System Security professional. He’s an active member of ISSA, and you’re an inform guard? Is that okay, I can’t wait to hear what that is. Alright thank you please join me in welcoming Steven Hurts. [Clapping] Info guard, before we get started. Info guard is a public private partnership between the FBI, and the members of the Industry Critical Intro Structure. There’s probably an Infer guard chapter operated in and out of the Oklahoma FBI office. If you’re not involved, I would strongly encourage you to get involved, it’s a great organization to be part of. And really giving you an insight of all aspects of securing the critical infrastructure. What we’re going to talk about today is a little bit about security and networking security. From a business perspective we’re seeing a lot of changes through the business environment. Business has gone from being a very local community focus event to really being a state wide national and global event. While these changes have taken place is we’ve really seen a lot of changes occur in the way that people are communicating. And a way business is taking place, so as your developing businesses and developing solutions. There are a lot of elements that get outsourced that you choose to outsource manufacturing or support to areas outside the area of your local geography. Things are being virtualized; the essence today, one of the key things is becoming green. Developing a green data center and green environment, and being more ecologically friendly, while maintaining the same critical association that you have with the data you need to access. We have been working in that environment, we have been working in the spreading of investments and resources both national and global and mobility. I saw a number of people as we were coming in today squirreling away on their blackberries with their I-phones. Mobility is really become another game changer in the face of businesses today. And when you take mobility and you leverage that with virtualization, you’ve really eliminated the walls of your business. You’ve allowed people to conduct their work to do what they need to do in order to meet their goals from anywhere at any time. Regardless of where they are in the world. So what you really have is they knew that definition of how you communicate and how you run your business. Where as your business ten years ago was critical that you had a telephone. That you had a phone on your desk and you could pick up the phone on your desk. It was critical that you could get to resources on systems that you were attached to via wire. Today you neither need the phone on your desk nor the wire. So what this has done has really changed how we look at businesses and how you look at your information and how you maintain the liability of your networks. Because your network now is not confined to a particular resource in a particular space. But with the advent of mobility and virtualization your network can be anywhere. People can do their jobs from anywhere, but from a security perspective you need to now protect the information from anywhere. And the threats information is wide and varies. I was reading on my way in last night an article on dumpster diving. You won’t think that dumpster diving would be a critical concern any more. But the article went into a bank, a local bank and the dumpster from behind the bank. And this particular professional went into the dumpster because the banks had no security breeches. And they found credit card information and they found account information. They found social security numbers and they found a laptop in the dumpster behind the bank. Now the same say the people may not be paying attention to their data in a dumpster. People are not also paying attention to what happens to the data as its inflow. One of the things that are really recently in the news is the Conficker worm. It was announced around the first of April and was suppose to really hit and become a major event. It really didn’t hurt talking to its controllers until around the 7th or 8th of April. And nobody is really sure what its going to do. RC at Ambrosia spoke with congress about two weeks ago about BotNets and the fear of BotNets and what can you do to protect the infrastructure and more importantly your information from BotNets. And really what it comes down to was taking the lowest common dominator and leveraging it together to your benefit. Taking information that you can gather from the network that you’re attached to. Gathering that information and honing it into something that’s critical that you can act against and in this particular case prioritizing to the point where it becomes a critical activity. One of the premier researchers and developers of the fire wall, Steve Belvin, does not run a personal firewall on his lap top. What he does instead is he patches his laptop at least four or five times a day. Because he’s decided as a researcher and he’s well ahead of the curve of most of us, including myself. But he’s decided that if he can keep his laptop patched, the people writing the software are going to find the holes and fill them faster than most people can exploit. Confickers the same way, we see it and know about it, and we saw it in advanced. However if your windows machine was patched you weren’t affected. So there was a patch that was released in October,November time frame that if you implemented, you’re protected. But there are other state agencies that were working with today, we’re working to mediate events to driving across their networks today, based upon a patch that they could have employed in October. And nobody know what this is going to do yet, its loading some false software, it may be taking information off a hard drive or it might BotNet or e-mail launching engine, nobody knows yet. Which brings us to data leakage which is really critical to the operation of your business? It’s taking the information and deciding what’s going where. And when you look at information on forward looking bases, protecting your information is going to become more critical than protecting your network. Now security is based upon defense and depth, its multiple layers and multiple touch points between the user, the data and the data itself. Data leakage is figuring out where that data is going and protecting regardless of where it is. Or stopping it from exiting your enterprise, however you define that enterprise. Of course there are solutions that you can put up on prime, or solutions you can load on devises. Critical today is just encrypting endpoint devices. But when you’re looking a fairly large organizations and that large organization is depending up on who the scope can be. It could be five people or five hundred people. Its encrypting that has been able to control that information wherever it is. And there are solutions that are being developed today that will give you that control of that information regardless of where it is. Regardless of how it’s accessed in regards of when it’s been left and saved and what it was called when last saved. And these solutions are becoming available today. In fact we have one available now my sales hat is on, and if you talk to your accountant he can tell you about the AT&T encryption offers. But all of these things together really many have not changed in years. But what it does dictate is that we have to continue to be very vigilant. And the best thing that can happen to us is security professionals is events like Conficker because it raises the ability to you and your peers who are in critical positions to the organizations to protect the information and protect the network its self. And the network never goes away and protecting the network never goes away. It just becomes part of protecting the data that you’re running over that network. So let’s look at security and look how security gets deployed and how security gets managed today. Most companies and most organizations and most governmental agencies make use of an edge based approach. And an edge based approach is very similar to what indigenous populations did thousands of years when they decided to all come together and stay in one area. “They say oh we’re going to stay together, how can we protect ourselves, well let’s put a wall around it. So edge based security is really no different than that, its defining your enterprise, its defining your organizations and defining your agency. And putting security on the edge of that organization, whether your doing data leakage prevention your doing fire walls and intrusion detection, policy enforcement of other types is enforcing that information and gateway at the edge of your network and somebody else’s network. And in off times I’ve been in the public internet. When you look at this kind of approaching and look at the mobility and you look at when people log in and remotely come in and have VPN access. Whether it’s from satellite or wired to wireless broadband. The edge of the network is the definable of your networks starts to disappear. Now you start working with partners, you have a partner who you need to buy office supplies from. Well instead of maintaining an office supplies group you go to a large retailer, who gives you a website to go access, or you have to book travel, and you go to a travel site to give you a website to access. Each one of these websites is another pathway through that gateway that you’ve defined. Now you go down to your large electronic retailer, and you can for under fifty dollars you can pick up a wifi hotspot. You can pick up a devise that is probably no bigger than this clicker or smaller. In fact there is one that’s a file you can plug into your PC to initiate wireless network and for under fifty dollars you can establish yourself an unsecured wireless access point. Which means that anybody in any of your offices at any time can plug in to your network and all of a sudden you’ve got an open connection to your network from anybody that has access to via PC. So essential what we have is a network that’s very porous in fact it’s so porous that very little in a traditional approach, you’ll have more things passing your gateway and you’ll be stopping at your gateway. So how do you litigate for that, how do you lessen that? AT&T researchers ten, twelve years ago were doing some research into the nature of networking and that nature of networks. And what we discovered that we can analyze the flow of traffic across your network. And we can put control points within the core of our network and then we can virtualize it. This is before security service between virtualization came the buzz word of the month. We can take security and take security control points and we can build it into a network structure. We can give individuals entities control over their unique policies as they cross the AT&T network. So instead of enforcing policies at the edge of your network, you can now enforce them inside your network. While more explicably inside of our network, and by enforcing those policies with inside our network you’re taking many of the risks that could bring your network down or affect your network and pushing that into the network cloud. Those risks are things such as denial service events denial of service attacks. Where someone is trying either break a servers or break through or take you down, bring your network offline. By being able to identify those events with while that traffic is in the core, we can mitigate it within the core so you don’t’ get affected by those events. That’s happened to financial institutions in this local area, who I can’t talk about. Firewalling, intrusion detection policies, these are all things that bring in traffic flows can all be enforced in the network. Whether its the AT&T digital backbone or the internet backbone or core backbone. So by taking the approach and moving this perceived edge into the network core you’re moving it to the lowest common dominator. Now that doesn’t eliminate somebody with a wireless point. It does minimize your risk and lets you bring in security policies, it lets you bring in remote access and have it all terminate within the AT&T core before it comes in to your networks. Well what do you do with these rogue wireless access points? You can try identifying them, most of them are very difficult to identify. You can try walking around with sensors and trying to pick them up, but somebody is just going to shove it in their desk when they see you enter the floor. Bring it out when you leave or you can take where you had defined on the edge of network and re-deploy that inside your network to protect critical infrastructure. So what you’re doing is building and re-forcing the defense and depth security architecture, but instead of leveraging the defense and depth just within areas you can touch. You can now layer defense and depth within the carrier network all the way down to in front of the servers that are on your network. And now there is software that’s becoming available, you can place on that server to protect the information and the code that’s on that server its self. And a lot of these solutions work whether it’s in your data center or AT&T center or it’s in a security in service data center. Where you’re purchasing services off of a shared infrastructure because they have a need and we’re be protecting the infrastructure, you need to protect the data while it’s in flow. Now parts of this own network approach is also to leverage the new edge of your network. So you’ve got your firewalls, your intrusion detections services that we’re on the physical edge of your network. Now coming in to protect the servers within your network, but where is the other edge of your network? The other edge of your network is your PC, your laptop, your smart phone, your blackberry, or your I-phone. Any device that has an input capability that has an IP access. So by taking solutions that you can manage within the cloud, but have agents that are sitting on endpoints you can now leverage security in the cloud from the edge of your network where the systems are, to the edge of your network where the people are. And now you truly have defense and depth and you have multiple security control points you can place it at various points across the network. That not only will protect your network, will maintain the availability of data, but can also prevent data or will lesson the risk of data leaving your network. Or maintain if indeed it does leave your network. And that encryption when it leaves your network become critical when you look at it long term. In the news a little company called DuPont had an issue about two years ago where one of their chief scientists walked out with oh years of research that he had e-mailed to his public e-mail account and walked out with other information on his memory stick. If it had been encrypted he would have had it and he could have turned it off and he would have had a memory stick full of garbage. So maintaining the leverage of information security becomes critical. Now when you move security into your network, you might think there was a risk of being an network outage, and you lose access to the internet, you lose assess to other systems. So when we built our network in structure both security into the network itself, we looked at the network and how you secure information. And we looked how information flows work. Now there are really two types of network to network communications that are very popular. The most popular of course is from you location to the public internet. Or through VPN coming back, the second is between two networks as you would do with a partner. Whether you’re good with that partner, especially if that partner is communicating over a private network. So you have network to network interfaces EDI’s; Electronic Data Interface is one way you can do a network to network communication. And any more companies are connecting directly into each other and accessing service directly. But both of these are passing through the network, so into the network we build a statement firewall that allows you to inforce individual policies while that traffic is in flow. We built in intrusion protection that allows you to look at different types of events based on a signature, based on known traffic patterns and block that. We’ve done URL filtering because not everybody necessarily wants to have the ability to go anywhere. Based on your HR policies there may be sites that you don’t want people to be able to access. Gaming for instances is a very popular category. And they don’t want people going out and gambling during work I don’t know what it is about gambling. [Laughing] There’s enough risk involved in work that you don’t need to gamble on top of it. [Laughing] But that’s a common category to get flocked with network and networks firewall you can do that across the entire enterprise in one policy. Whether you have one site or you have five sites or you have fifty sites. Fenced internet is limiting of where someone can go. Any virus or any spam, a lot of events come in through e-mail and a lot of events come in through web attacks that are build into the infrastructure. Its something in the network that will stop anything that’s bring excesses traffic in. The e-mail traffic depending up on the research you look at, is somewhere between seventy and ninety percent of e-mail traffic is not necessary. Its spam, it contains malicious code, its phishing attacks, and its things you don’t want to see. That can all get blocked. Looking at reliability and resilience it’s higher infrastructure is built as a high ability infrastructure. So there’s not one set of fire walls at every gateway, there’s two sets of firewalls at every gateway. There’s not one connection to the internet, there’s two redundant and diverse connections to the internet. Nor is there one connection into the network, there are two redundant resilient connections into the network without a fail over in each gateway. So every gateway is a hundred percent fail over, and when band wave get previsions, gateway gets two hundred percent. So I need five Megs of bandwidth. Customers who make use of our gateway, we provision ten Megs of bandwidth. Five on this leg and five on this leg, you can only use five at a time, but you get ten. Uh so it’s fully redundant and everything is redundant and everything is resilient. Uh access for reports because you need to validate to meet regulatory requirements or through primary or secondary portal dependant of where we are in our upgrade cycles to access policies to be able to validate policies that are deployed to the ones that you want to have deployed. We’re doing all the management so we put an extra level of change control. Because change control is something that a lot of companies don’t pay that much attention too. And when you look at an edge based firewall, especially with five, ten locations. Within three or four years every one of those locations may have a totally different policy. By going to this infrastructure you have consolidated that into a single policy that can be managed by a few numbers of individuals. Now your not or things your not doing, your not patching the fire servers anymore, your not physically implementing policies. You’re not testing policies, however you’re still responsible for the policy itself and the inplementation itself. So its really not “I don’t need these people any more. I can repurpose people and I can get people who can specialize in security and focus on security. And of course we build it to be globally accessible. Anywhere in the world multiple gateways are, and gateways are coming up all the time. In fact we’re bringing at least two more gateways in the US this year which will give us four gateways in the US. And then two in the major region around the world outside the US. And that’s growing based upon customer needs. I want to talk about how the network fire wall can really help you then because that’s what it’s all about. How do you stay in business? Well little hurricane came through a couple years ago, and hit New Orleans. And had some massive effect in New Orleans and Texas and Louisiana and Mississippi. Did a little bit of flooding and a few businesses down. We had a customer during that event whose head quarters and their data center were in the heart of New Orleans. Small manufacture they manufactured modems and telephone connections and devices to connect the servers and individuals into systems and into data centers. There head-quarters was in New Orleans, the dikes broke, they got flooded out and lost internet connectivity. They had an AT&T, PMTOS network, private Network Transport MPLS, very cost effective way to bring up MPLS traffic into your enterprise. So they could talk with between their facilities, but they couldn’t get to their data center. And their data center to access their customers was about seventy percent of their business comes over the internet. They couldn’t get to their tools to access the internet. So they called us in a panic, “saying you’ve got to help us.” “We’re down, and we can’t run our business, we’re going to go out of business.” So we said HAH, we have an idea for you, what do you think about bringing a gateway up between your network? What do you think about being able to put your servers anywhere in your network and be able to access it, would that help you? They said “yeah we’ve got it the network and the servers and back up servers and their up. But we’re being told it will be two weeks to get internet connection, because they can’t bring an access lines to bring up the internet. We said “this is an emergency; I bet we can get it in least than a week. So what did we do, we brought up our network based firewalls and connected it into their network. Brought in redundant connections into their MPLS network, and gave them asses to all their sites. And eventually when they brought head-quarters back on line they got access to their headquarters. Through that we brought a tunnel in into a DMZ where they had their servers and they brought their web servers up. So now every site within their network instead of coming through head-quarters and going out. Its going directly to the internet when it needs to assess the internet. Their servers were placed in one of their remote locations and was up and running. Now in a disaster scenario if an event happens again to bring their data center down, they can bring up their backups into any one of their locations. Whether it’s the sales office or the manufacturing location. Now this was an emergency and a critical event, and of course we try to take care of our customers even more so during critical events. Guess how long it took us to bring up the solution? Any idea, it was going to be two weeks to bring the internet connection. Audience (Five Hours) A little longer than five hours. Audience (Three Days) Three days, three days you hit it. From the time we first talked to them, to the time their server’s came up was three days. Now that’s three days I did include provisions of connections into their network, that includes while developing it and implement policy, on the firewall. And that includes bringing up the servers and testing them and having them accepted, three days versus two weeks. Now that an unusual implementation, so your not normally going to see it come up in three days or five hours. We would love to do it in five hours, but quite honestly I’m not sure of a company in the world that can come up with a security policy in five hours. Though it’s a nice thought it’s a good call, I’ll give it to the team. So what they did three days before we brought them back up into business. And we virtually for all purpose to saved their business. Now, you say okay this is a lot to deal with and a lot of complexity. Well in looking at another customer and this one is I’m not going to point out. We don’t have time, okay they had a twenty site network. They were concerned about twenty sites and twenty internet connections. Each one with a different policy than the firewall. They were concerned about having IT people have to go out to patch firewalls, and to patch devices over and above what they needed to maintain the network. And they said “what can you do to help us”? We’re already moving to an MPLS WAN I think they were on a frame relay, so there moving from to any WAN environment. We know we need to access the internet, we know we have application access for the internet and the WAN. “We want to maximize our network now, we want to minimize the cost, and we want to try to simplify, can you help us?” So we said sure: so what we did again we brought up a network base firewall. So what we’ve done is we’ve taken twenty internet sites and collapsed them into a single gateway. So twenty connections to the gateway internet are now through one high availability point. Within the core of the AT&T network, so instead of having twenty internet connections coming off each one of their field offices. Or twenty field offices talking to head-quarters and then goes out to the internet. They had twenty connections to the internet directly. So what they found is that their fear was to have the controls that they wanted and would have to bring everything through their data center. So from a simplification connection perspective they’ve taken twenty firewalls, that had zero into twenty firewall policies trying to protect a single enterprise in to one firewall and one set of policies. They avoided hair pinning all their traffic through their data center, because now all the public internet traffic goes directly out to the internet. VPN’s they say we are remote net workers, we’ve got sales guys in the street, we’ve got people who are going out and serving people in other location. They need to be able to get in through a VPN. We’ve brought up the AT&T and neuron surface, which is a VPN into the MPLS network directly. So now they’ve got VPN’s coming in through the network, they’ve got security internet access through the network. They’ve significantly simplified the management of their policy. They still have control, they didn’t do it but they could if they had a large critical web infrastructure bring in dedicated internet connections so that web infrastructure. But there are e-mails coming in through the gateway, their critical web applications are being accessed through the gateway. And it’s being protected with a common set of security policies that from their perspectives is much easier to manage. And now those resources that they had managing the twenty firewalls in twenty locations put in scads of time on the road going from location to location. Were repurposed and managed in other aspects of their network more efficiently, so the work flow and back log of work flow has shortened as we all know in this industry. I don’t think the back log ever goes away, but it does shorten to something that was manageable and was less daunting from a forward looking perspective. So the company became more efficient. So when you ask what did it save them, let’s look at what it saved them. The first year you have to refresh hardware base, hardware. The first year to do it them selves refresh all their hardware would have cost about one hundred and thirty five thousand dollars. With staff and management, with software in addition to the bandwidth they would have to purchase. By running through the network base firewall that first year they saved fifty percent, and that includes the cost of the band ware. The second year they saved closer to forty-five percent as with the third year. Because with many firewalls the cost is not in purchasing the hardware it’s the licensing cost. And the licensing cost over and over again and the patching over and over again and then the complexity of managing policies and trying different kinds of policies between twenty sites and looking at it and auditing it over and over again. And maintaining the records through out audit compliance for twenty sites. And all the information you have to save so if somebody comes in and wants to do an audit. You can show them what we’re doing across twenty sites. Conservatively their saving fifty percent, slightly under fifty percent across three years. So instantly by moving to a network solution there saving themselves some money. Now they did the same thing that I suggested earlier, they took their edge devices, and employed them inside. But now there critical of infrastructure, the data that they actually run their organization from is better protected. Because they now have another gateway between these users data and the data itself. So briefly you guys can bring in your accounting to go into details of the technical details. We have a transparent inspection firewall that is embedded in the AT&T infrastructure. It’s embedded today and six locations globally, two in the US and two in Europe, and two in Asia. Within the next month, they’ll be three in the US and within the next six months they’ll be four in the US and with a disaster recovery center for inbound traffic in Virginia. Inbound is different from outbound routing perspective because you can’t bail over two data center’s, for inbound traffic. The IT addressing the TCPIP proticols get really upset if you try to provision the same thing into two IP addresses at the same time. So what we’ve done is leveraging in the benefits of IP network and we’re bring a DR site just for inbound traffic into a different center. So if you have a server that’s setting there and we need to fail it over. We can fail over the gateways and dedicated gateway in bound traffic. So it’s just a matter of swinging the address into the DR Center, so the network re-converges traffic is going where it needs to go. So we’re fully redundant and dual-railed, one hundred resilient and one hundred percent fell over gateway. We can also fail over between gateways as in an exit provisional feature. So if you need those extra more than four nines availability that can be gotten between data centers. Reports are roughly twenty-eight standard reports that are available via business direct including all the common security reports. Plus bandwidth unitization. VPN tunneling can come into two devices through static net or through the service. To bring you right into the cloud and right in to your network. Harden D and S is included, there’s three different ways to deploy it and separate DMZ’s so you can deploy those services. Standard bandwidth from 1.5 Megs so it equivalent to T-1 up to 135 megs per gateway. And that 135 Megs is the standard pricing level, we can do more than that. But most customers don’t ask for it so we don’t put it on the price sheet. But up to 135 Megs per gateway is standard, so if you need pro band width and you all of a sudden have a need an application that needs to have additional band width. By placing a ticket in band widths can be very rapidly increased within that three day time frame. We can go from two Megs to five Megs in three days. Very simple to do and of course if you have a special event and need to back it off again. You can back it off again and you have an incremental months billing for additional bandwidths, very easy to do. Contacts filtering with those gaming sites are visited. You want to make sure that gaming does not occur within the enterprise. And of course virus screening, spam filtering, applications filtering, e-mail filtering can all be interfaced and are included in the infrastructure. It’s done once a day from an infrastructure called I-Policy. It’s a company that was founded originally in California called Tech-Hinder (sp) which is one of the largest Indian outsourcing companys. We’re migrating that infrastructure over the course of the next year to a company called Fordanet (sp) which is based up in Cambridge with offices in Silicon Valley and scattered across the states, and world wide. To increase our bandwidth group we put and added some additional functionality. Those upgrades are all part of our infrastructure investment. There not part of your infrastructure investments. So customers who come on to our network based firewall today. Getting firewall today, and getting IDS additional features, all of a sudden become available as we upgrade the infrastructures. And because when we do upgrades and do patching, we leverage and test our DOR secenarios migration should be near seamless. Though of course we’ll work with you when we do a migration and they should be near seamless. Because when we do upgrades we fail over we do everything over to one leg. We upgrade these now vacant leg, test it and fail everybody over to that vacant leg, and then upgrade the second leg. So even through up grades cycles there’s never a down time. You get notified of upgrades cycles, I’ve been on the phone with customers who were conducting businesses during upgrade cycles. Who didn’t know when we flipped them over, and it’s pretty impressive and they were really surprised. When we said well “we’re on a single round now,” and they said “you are”? “Yeah we flipped your traffic over about five minutes ago.” They were blown away, no sessions failed over, VPN kept state, and they were amazed. When we look at it what do we have, what are the benefits here? High availability, its redundant, its resilient it’s the same way you want to maintain your information, full time. Singular global policies, easy to administer, you still responsible for the policy. It’s still your responsibility to maintain the policy that’s being used to enforce your enterprise. Inter activity integrated into the network, so we’re stopping stuff before it comes into your network, or into your core. We’re stopping or have the ability based on your policies to stop viruses, malware and certain types of worm attacks or certain types of Trojans un-authorized access all while it’s in the core of AT&T network. We’ve minimized the amount of capital expenditures, so now it’s my expense, not your expense. Easy scaleable, band up and down with a couple of days. If it’s an emergency it needs to be done faster, you’re now not implementing or managing dedictated internet connections. It gives you a lot more flexibility with your staff and other securities functions are embedded in the infrastructure and are continuing to be embedded into that infrastructure as we’re doing our upgrades. And as those infrastructures grades take place you of course get access to that information. And those extra benefits so that you could add a hypothetical speaking data leakage solution, without having to deploy additional hardware. You would be able to access applications level filtering with out having to deploy an application firewall. You would be able to get the reports necessarily to maintain the compliance that you need based upon the Federal and State regulations. As well as for any of you with credit cards, PCI data research standards certifications. And the entire infrastructures are (.) and PCI certified. So what do you do now, look at the network and look at how you’re communicating and look at the way your businesses is taking place. Look at the way your communicating between yourselves. Look how businesses is transacting and try to anticipate how you’re going to communicate in the future. Get ready to start the secure your data, because we all know that the data is what you run your company on. If you can secure the data you can maintain the company. Based around the first World Trade Center bombing, and studies that were done to the businesses that were affected local and national and international.. The company was without their data for a week and within five years, they were out of business. So it critical to maintain that data and obtain access to that data. And while you’re doing all this consideration take the time and try network based firewall. Try AT&T’s embedded services more analyzing data traffic. Does the AT&T protect or my internet protect. If you’re using the new AT&T internet connections ADT defense to protect you structure from liable events. These are all things you can test and try and work with and play with. We can work with you and your accountant can work to get into place. Make use of all your resources. You’ve got an infrastructure in place where you have multiple areas. You’ve got multiple points of contact, or you should have multiple points of contact. Between the user and the data and the data itself. We all have the same issues with bots with rogue information, with networks. With people coming in from various locations, look at all these things and where you can best put your security. To best protect your network, with ultimate the goal of protecting your data. And put those in place and play with it, because if you don’t play with it your really not going to benefit from it in the future and as communication continues to evolve. This is the standard marketing slide. It says we’re great and have been doing this forever and we great, we established the first firewall the first IDS and running on a twenty-four by seven operations center. All the good stuff that you want to see and hear.