admini – Page 215 – CyberSecurity Institute

Cisco, Microsoft Reveal Long-Awaited Network Access Control Plans

Posted on September 6, 2006December 30, 2021 by admini

But the need for network access control won’t wait that long, so businesses will have to continue to control network access using technology already available in some of Cisco’s products and through other security vendors.

By year’s end, Cisco and Microsoft will offer a limited beta program–with no more than three mutual customers–to gain a more realistic understanding of how their access control technologies will work together. As these beta testers will soon find out, combined network access protection and network access control consists of several client-side software applications that check and communicate the health of laptops, desktops, and other devices attempting to connect into a given network.

On the network side, Cisco routers and switches, Cisco Secure Access Control Server, Microsoft Network Policy Server, and policy servers from other vendors work together to give the thumbs up or thumbs down to any device seeking to connect.

Cisco and Microsoft have cross-licensed the Cisco NAC and Microsoft NAP protocols used to communicate information between clients and networks to help ensure their products continue to work together.

A Forrester Research study of 149 technology decision makers at North American companies found that while more than one-third plan to adopt some type of network access control this year, the rest cite cost and manageability as obstacles to deployment.

http://www.informationweek.com/news/showArticle.jhtml?articleID=192501974

Researchers Challenge DOS Attack Data

Posted on September 6, 2006December 30, 2021 by admini

But because this measurement technique assumes the DOS attack was launched through spoofed IP addresses, it doesn’t account for DOS attacks launched via botnets, which have become a much more attractive vector for attackers, the research team said.

The new study combines traditional indirect measurement of backscatter with direct measurement of Netflow and alarms from a commercial DOS detection system.

http://www.darkreading.com/document.asp?doc_id=103049&WT.svl=news2_3

Network security sales top $1.1 billion in 2Q06

Posted on September 5, 2006December 30, 2021 by admini

2Q06 Highlights
– Cisco continues to lead in worldwide network security appliance and software sales, with 36% of total revenue, a position they have more or less maintained since 2002
– Juniper passes Check Point and is now in second place for worldwide revenue at 10%
-Check Point is now third for worldwide revenue at 9%
-Integrated security appliances and software make up 85% of worldwide network security revenue, IDS/IPS 15

http://www.infonetics.com/resources/purple.shtml?ms06.sec.2q06.nr.shtml

IPS Technology: Ready for Overhaul

Posted on September 1, 2006December 30, 2021 by admini

“It gave you a device to protect your vulnerable systems behind the network from SQL Slammer, Blaster, etc.,” says Richard Stiennon, president of IT-Harvest. But major worm infestations aren’t the problem any more: “The trouble is what we’ve really been doing for the last four years is vulnerability and patch management. “The driver for IPS hasn’t really been there.”

In some cases, the technology is being integrated into hardware and services; in other cases, it is evolving to offer new capabilities.

Arbor Networks’ Morville says service providers and managed security service providers meanwhile are already delivering firewall and IPS-based services, and that trend of blended security services will “accelerate” over the next few years.

Switches, too, are already coming with some IPS technology: Cisco, for instance, sells blades for its Catalyst switches with IPS functionality.

What about the signature-based limitations of IPSes? IPS will also converge with anomaly detection and other features that expand its inspection capabilities beyond known threats, experts say. Rate-based anomaly detection, such as spotting a traffic flood, makes sense at the perimeter, Morville says. And behavioral anomaly detection — where you’re looking for individual people or hosts acting outside the norm — is best for the internal network, he says.

Some experts envision IPSes deploying virtual machine technology — as FireEye’s does with its network access control (NAC) appliance –where virtual machines run copies of incoming traffic to see if it’s legit, rather than just using signatures. The trick with a beefed-up IPS is getting good performance, though: Hardware would have to catch up to make it viable, especially if virtual machine-based features are added, says John Pescatore, a vice president with Gartner.

http://www.darkreading.com/document.asp?doc_id=102608&WT.svl=news1_3

Survey: Data breaches difficult to spot, prevent

Posted on September 1, 2006December 30, 2021 by admini

“I don’t think I expected two-thirds to say they can’t prevent a breach,” said Larry Ponemon, chairman and founder of the Ponemon Institute. “If your first line of defense says you can’t win the war, it indicates a big problem.”

High false positive rates of up to 35% affect the ability of many organizations to detect a breach.

According to the Ponemon Institute’s final report on the survey:
-High false positive rates of up to 35% affect the ability of many organizations to detect a breach.
– 41% of respondents don’t believe they are effectively enforcing data security policies. The top reason given for failed enforcement is lack of resources.
– Respondents said there’s a 68% probability they can detect a large data breach involving more than 10,000 data files.
– But they said small data breaches involving fewer than 100 files are only likely to be detected 51% of the time.
– Only 16 % of respondents believe they are invulnerable to a data breach.
– Excessive cost was the main reason 35% of respondents said they’re not using leak-prevention technologies.

“There’s a lot of frustration at the CIO level, because there’s a feeling that the responsibilities should be shared across the management structure more than they are,” he said. “They’re also concerned about their ability to enforce security policies. Even when someone finds the culprit behind a breach, policies aren’t enforced and mistakes are repeated in terms of what users do in their computing habits.”

Raj Dhingra, PortAuthority Technologies’ vice president of products and marketing, said his company sponsored the study because it wanted to pinpoint the root causes of corporate data breaches. “We feel this study helps bring greater understanding of these issues, while validating that the industry requires much more than just monitoring of information leaks, but automated enforcement to best prevent information leaks,” he said.

http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci1213621,00.html

Two years on, Netsky-P tops virus charts

Posted on September 1, 2006December 30, 2021 by admini

Sophos identified a total of 1,998 new threats in August 2006, with Trojan horses accounting for 71.8 percent of those threats.

“It is certainly frustrating that such easily beaten threats are still plaguing our e-mail highways,” Carole Theriault, a Sophos senior security consultant, said in a statement. “If you use the Internet and don’t have proper security measures in place, you are not only endangering your data, you are keeping nasty old timers like Mytob and Netsky worms alive and kicking.”

But some industry observers question the usefulness of keeping tabs on how widespread a virus roams, versus other metrics such as the degree in which it affects users’ pocketbooks when sensitive data is stolen. Malicious attackers over the years have switched their agenda from seeking fame to obtaining profits.

http://news.com.com/Two+years+on%2C+Netsky-P+tops+virus+charts/2100-7349_3-6111716.html?tag=nefd.top