Security News Curated from across the world
As per the report, among those who have been already targeted, companies usually reported sustaining around 10 attacks in the last five years.
Cris Paden, a Symantec Spokesman stated that the Stuxnet worm was an instance that politically provoked attacks, while unusual, was real and could be successful, as reported by SCMagazineUS on October 7, 2010.
http://www.spamfighter.com/News-15211-Global-Critical-Infrastructure-Increasingly-Being-Penetrated-By-Cyber-Crooks.htm
These devices can be cell-phone switching systems, power grid controllers and HVAC systems, and they can also be network-equipped television sets, video disc players and DVRs. And we haven’t gotten to the mobile devices that people carry around, such as iPods, smartphones and GPS receivers. At first glance, it’s hard to see how these network-attached devices could threaten your enterprise, but on further inspection, networked devices are perhaps the single greatest area of risk in security today.
I was reminded of the nature of this threat when I was at Best Buy a couple of weeks ago shopping for a new television set. What I hadn’t expected was the flood of new consumer electronics that have reached the market lately boasting network connectivity. Every major vendor of televisions featured 802.11n wireless connectivity on some models, and some had wired Ethernet as well. There were network-aware Blu-ray players in all price ranges. None, as far as I could tell, included any sort of security.
The only reason I can think of that these devices haven’t been used as malware vectors is that the criminals who create malware haven’t gotten around to it. But there will come a time when some devices reach a critical mass, and—because of the unique vulnerability of these devices—start serving up attacks against your network or someone else’s.
In some ways the threat posed by mobile devices is even worse since they have a more direct connection to the Internet.
This is the future that Intel sees, and it’s why the company bought McAfee.
As nice as it might be to have a profitable business selling AV software, it will be a lot nicer for Intel to have the in-house expertise to create hardware-based security for as many of those network-equipped devices as it can supply network interfaces for. Because these devices are already connected, all Intel and McAfee need to do is create an ecosystem of device updating and reporting that not only keeps the protection current but also reports on emerging threats, much as McAfee’s current computer security products do.
http://www.eweek.com/c/a/Security/Intel-McAfee-Merger-Plugs-Network-Security-Hole-696433/?kc=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+RSS%2Feweeksecurity+%28eWEEK+Security%29
The ability to easily generate virtual machines tends to lead to a willingness to do more, and soon the IT manager finds virtual machine sprawl on his hands. In some cases, overallocation shortchanges operations elsewhere. Then as the number of virtual machines per host server increases, I/O problems start to develop.
Meantime, third parties had already spotted the issue. Xsigo, with its I/O Director, and others seek to virtualize the I/O and move it out of the hypervisor’s virtual switch onto a hardware device, where packets are separated into their respective storage and network destinations, relieving the host server of work.
As we shall see, management tools are paramount once the virtual environment is generated.
When Moon Son, director of IT infrastructure at Orchard Supply Hardware, a California chain of 91 stores, became head of the company’s data center in 2006, he realized immediately he would have to rebuild from the ground up around virtualization. He virtualized 13 host servers, and in the end, tripled the number of production systems to meet expanded company goals.
http://www.informationweek.com/news/storage/virtualization/showArticle.jhtml?articleID=226800073
“The Universal Collection Framework lets us pull in all the IT data within an infrastructure, and a key part of that is the Universal Log Data Protocol (ULDP) that we’ve created,” LogLogic CTO Stephen Manley told InternetNews.com. Manley added that the ULDP subset of the Universal Collection Framework, in its first release with LogLogic 5, is all about enabling WAN awareness of log data.
He said that encryption and compression are part of the protocol, as is reliable acknowledgment that log data has been received and committed to stable storage.
Manley added that in its first release of ULDP, LogLogic is not supporting the IF-MAP standard, which is being used by security vendors to pass log event data across devices for access control.
“The idea of a standardized protocol for transporting and storing log data sounds good in theory, but it’s unrealistic given the hundreds of different types of log sources and vendors,” Mike Reagan, vice president of marketing at LogRhythm, told InternetNews.com. “Standardization would make it easier for the log management or SIEM vendor, but the positive impact on the end customer is hard to see given the widespread collection and transportation capabilities that exist today.”
The LogLogic 5 solution which is scheduled to be available at the end of the third quarter, will also mark a shift in the underlying operating system technology used by LogLogic.
The LogLogic solution is a hardware appliance that to date has used a Linux base — actually a custom derivative of the CentOS Red Hat Enterprise Linux clone, Manley said.
http://www.enterprisenetworkingplanet.com/netsp/article.php/3899826/WAN+Log+File+Data+Collection+Heads+for+Standardization.htm
“Public cloud providers claim superiority over on-premise IT infrastructures on two fronts: cost and QoS,” noted the firm.
Right now the public cloud lacks any standard SLAs, so most companies using cloud services are opting for a private-cloud setup and even as SLAs improve in the public setting, “those with QoS requirement levels for which public clouds cannot cater will keep to private clouds (including shared or virtual private clouds, or both),” according to the report.
Public-cloud providers also are grappling with issues of security — or, at least, customer perceptions of security.
http://www.phoneplusmag.com/news/2010/08/report-cloud-offerings-grappling-with-qos.aspx
“This new tool shows how much money I.T. departments could be leaving on the table,” says Cory Vander Jagt, VP, Astadia ITX.
Astadia’s 4 step ITX process for doing this is described in more detail at www.astadia.com/itx.
http://www.prnewswire.com/news-releases/astadia-launches-roi-calculator-for-cloud-computing-100971789.html