http://www.vnunet.com/vnunet/news/2164096/fifth-third-bank-heads-august
Author: admini
Guide to Intrusion Detection and Prevention (IDP) Systems (Draft) – Special Publication 800-94
IDPs have become a necessary addition to the security infrastructure of nearly every organization. IDPs typically record information related to observed events, notify security administrators of important observed events, and produce reports.
This NIST publication describes the characteristics of IDP technologies and provides recommendations for designing, implementing, configuring, securing, monitoring, and maintaining them.
Securing IDP components is very important because IDPs are often targeted by attackers who want to prevent the IDPs from detecting attacks or want to gain access to sensitive information in the IDPs, such as host configurations and known vulnerabilities.
IDPs are composed of several types of components, including sensors or agents, management servers, database servers, user and administrator consoles, and management networks.
Administrators should maintain the security of the IDP components on an ongoing basis, including verifying that the components are functioning as desired, monitoring the components for security issues, performing regular vulnerability assessments, responding appropriately to vulnerabilities in the IDP components, and testing and deploying IDP updates.
Organizations should consider using multiple types of IDP technologies to achieve more comprehensive and accurate detection and prevention of malicious activity.
The four primary types of IDP technologies—network-based, wireless, NBAD, and host-based—each offer fundamentally different information gathering, logging, detection, and prevention capabilities. For most environments, a combination of network-based and host-based IDP technologies is needed for an effective IDP solution. Wireless IDP technologies may also be needed if the organization determines that its wireless networks need additional monitoring or if the organization wants to ensure that rogue wireless networks are not in use in the organization’s facilities. NBAD technologies can also be deployed if organizations desire additional detection capabilities for denial of service attacks, worms, and other threats that NBADs are particularly well-suited to detecting. Direct IDP integration is most often performed when an organization uses multiple IDP products from a single vendor, by having a single console that can be used to manage and monitor the multiple products.
Evaluators need to understand the characteristics of the organization’s system and network environments, so that an IDP can be selected that will be compatible with them and able to monitor the events of interest on the systems and/or networks. Evaluators should articulate the goals and objectives they wish to attain by using an IDP, such as stopping common attacks, identifying misconfigured wireless network devices, and detecting misuse of the organization’s system and network resources.
http://www.bankinfosecurity.com/regulations.php?reg_id=307&PHPSESSID=a842e1d4d220653dc1dd762d42e04179
Survey: Most insider-related data breaches go unreported
“Because it’s insider-related normally, involving a careless or negligent employee [and] not an evil employee, maybe they are more likely to go unreported because people know each other, and maybe because people know each other, they say it was a mistake and maybe in the future they’ll fix it.”
More than 61% of the survey respondents said that accidental data leaks occur “frequently” or “very frequently” because employees or contractors lack sufficient knowledge about preventative measures or because employees or contractors are careless.
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9003211
Symantec, Juniper Detail New Security Partnership
In a conference call with media and analysts, Symantec Chairman John Thompson and Juniper Chairman Scott Kriens outlined the business relationship through which they said the companies will be able to provide end-to-end security protection for their customers’ networks and desktop computers. By pooling the data that Symantec receives from the estimated 100 million desktops on which its security applications run worldwide, along with the threat detection capabilities built into the massive networks managed by Juniper, considered the second largest company in its space behind Cisco Systems, the partners will be able to predict how threats will develop and when they may arrive far more effectively than on their own, the executives said. “At its core one of the real drivers of this partnership is the ever-changing threat landscape, as over even the last few months we haven’t just seen a rise in the number and variety of threats, but also in the demand for improved speed in responding to these attacks,” Thompson said.
The announcement between the two massive vendors comes just under a week after Microsoft and Cisco announced the completion of their work to create interoperability between their respective NAC (network access control) technologies, a partnership that many industry watchers believe could drive future adoption of those products. While the Microsoft-Cisco partnership deals primarily with network access tools and the enforcement of desktop security policies, the Symantec-Juniper marriage will influence products in nearly every area of the IT security landscape, from PC anti-virus tools to network intrusion detection technologies and beyond, he said.
Among the other noteworthy elements of the deal detailed by the executives was Thompson’s announcement that Symantec has ceased development of custom security hardware for the UTM (unified threat management) market, where it will now depend on Juniper. The newly sourced Symantec tools are expected to arrive in Juniper products within the next 90 to 120 days, the companies said. Symantec will also begin licensing Juniper’s wireless access technology for use in its own endpoint security products, with plans to begin offering those tools to customers sometime in the next several months.
At least one industry analyst said the deal could work out favorably for the two partners, at least in the sense that they will no longer be preoccupied with trying to create products that are considered comparable to each others’. Symantec will be able to walk away from the custom security hardware sector and focus more attention on its software business, while Juniper can tap into its partner’s expertise instead of spending lots of money trying to compete with Symantec’s anti-virus tools, said Andrew Jaquith, an analyst with Boston-based Yankee Group Research.
http://www.eweek.com/article2/0,1895,2015042,00.asp?kc=EWWHNEMNL091406EOAD
Phishing reaches record numbers
http://www.securityfocus.com/brief/299?ref=rss
Symantec consumer desktop upgrades likely to hit the enterprise
One change this year is in the desktop firewall. Symantec has determined that consumers are having a hard time configuring the firewalls based on prompts, so Norton Internet Security 2007 will set the firewall’s parameters based on its own analysis of how desktop software attempts to communicate with the Internet.
Norton Internet Security will also have a new “security history” feature to display the actions the software took or even undo them if desired.
While Norton AntiVirus and Norton Internet Security are available beginning tomorrow, the vendor envisions other consumer products for the future.
The third Windows XP-based based desktop product Symantec announced today, Norton Confidential, is a brand-new entry that was developed to protect consumers during e-commerce transactions. Norton Confidential will block consumers from visiting known or suspected phishing sites. While it does some target malware eradication, Norton Confidential does not contain the full antivirus/antispyware eradication capability of Norton AntiVirus. The purpose of Norton Confidential is to protect the transactions of Web users and ensure that a Web site is genuine, not a phishing site. “We keep score on nearly 120 different things on that Web site,” Rosenkrantz said, noting that the capability is based on the e-commerce protection technology gained through the acquisition of security start-up WholeSecurity.
Norton AntiVirus 2007 costs $40, and Norton Internet Security and Norton Confidential cost $50.
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9003162&source=NLT_AM&nlid=1