Author: admini

IPS Technology: Ready for Overhaul

Posted on by admini

“It gave you a device to protect your vulnerable systems behind the network from SQL Slammer, Blaster, etc.,” says Richard Stiennon, president of IT-Harvest. But major worm infestations aren’t the problem any more: “The trouble is what we’ve really been doing for the last four years is vulnerability and patch management. “The driver for IPS hasn’t really been there.”

In some cases, the technology is being integrated into hardware and services; in other cases, it is evolving to offer new capabilities.

Arbor Networks’ Morville says service providers and managed security service providers meanwhile are already delivering firewall and IPS-based services, and that trend of blended security services will “accelerate” over the next few years.

Switches, too, are already coming with some IPS technology: Cisco, for instance, sells blades for its Catalyst switches with IPS functionality.

What about the signature-based limitations of IPSes? IPS will also converge with anomaly detection and other features that expand its inspection capabilities beyond known threats, experts say. Rate-based anomaly detection, such as spotting a traffic flood, makes sense at the perimeter, Morville says. And behavioral anomaly detection — where you’re looking for individual people or hosts acting outside the norm — is best for the internal network, he says.

Some experts envision IPSes deploying virtual machine technology — as FireEye’s does with its network access control (NAC) appliance –where virtual machines run copies of incoming traffic to see if it’s legit, rather than just using signatures. The trick with a beefed-up IPS is getting good performance, though: Hardware would have to catch up to make it viable, especially if virtual machine-based features are added, says John Pescatore, a vice president with Gartner.

http://www.darkreading.com/document.asp?doc_id=102608&WT.svl=news1_3

Read more

Survey: Data breaches difficult to spot, prevent

Posted on by admini

“I don’t think I expected two-thirds to say they can’t prevent a breach,” said Larry Ponemon, chairman and founder of the Ponemon Institute. “If your first line of defense says you can’t win the war, it indicates a big problem.”

High false positive rates of up to 35% affect the ability of many organizations to detect a breach.

According to the Ponemon Institute’s final report on the survey:
-High false positive rates of up to 35% affect the ability of many organizations to detect a breach.
– 41% of respondents don’t believe they are effectively enforcing data security policies. The top reason given for failed enforcement is lack of resources.
– Respondents said there’s a 68% probability they can detect a large data breach involving more than 10,000 data files.
– But they said small data breaches involving fewer than 100 files are only likely to be detected 51% of the time.
– Only 16 % of respondents believe they are invulnerable to a data breach.
– Excessive cost was the main reason 35% of respondents said they’re not using leak-prevention technologies.

“There’s a lot of frustration at the CIO level, because there’s a feeling that the responsibilities should be shared across the management structure more than they are,” he said. “They’re also concerned about their ability to enforce security policies. Even when someone finds the culprit behind a breach, policies aren’t enforced and mistakes are repeated in terms of what users do in their computing habits.”

Raj Dhingra, PortAuthority Technologies’ vice president of products and marketing, said his company sponsored the study because it wanted to pinpoint the root causes of corporate data breaches. “We feel this study helps bring greater understanding of these issues, while validating that the industry requires much more than just monitoring of information leaks, but automated enforcement to best prevent information leaks,” he said.

http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci1213621,00.html

Read more

Two years on, Netsky-P tops virus charts

Posted on by admini

Sophos identified a total of 1,998 new threats in August 2006, with Trojan horses accounting for 71.8 percent of those threats.

“It is certainly frustrating that such easily beaten threats are still plaguing our e-mail highways,” Carole Theriault, a Sophos senior security consultant, said in a statement. “If you use the Internet and don’t have proper security measures in place, you are not only endangering your data, you are keeping nasty old timers like Mytob and Netsky worms alive and kicking.”

But some industry observers question the usefulness of keeping tabs on how widespread a virus roams, versus other metrics such as the degree in which it affects users’ pocketbooks when sensitive data is stolen. Malicious attackers over the years have switched their agenda from seeking fame to obtaining profits.

http://news.com.com/Two+years+on%2C+Netsky-P+tops+virus+charts/2100-7349_3-6111716.html?tag=nefd.top

Read more

Trusted computing a shield against worst attacks?

Posted on by admini

“We didn’t know what we were going to get back–what we wanted was to objectively look at the losses caused by attacks,” said Dirck Schou, senior director of security solutions for Phoenix Technologies.

Device identification–or attestation–is a central capability of the hardware component of the trusted computing model, known as the Trusted Platform Module (TPM). Phoenix Technologies, which makes one version of the basic input/output system (BIOS) that allows operating systems to control a computer’s hardware, has created products that work with the TPM to identify the computer systems on a corporate network, but has also created products that can also work without the specialized hardware, Schou said.

Yet, more and more personal computers and laptop systems are shipped with the technology already on board. About 20 million computers, most of them laptops, shipped with the Trusted Platform Module in 2005, according to the Trusted Computing Group, the industry association that has created the hardware specification.

“For example, IP addresses could be used to authenticate some machines–and are probably sufficient under some threat models and policies to make the distinction between ‘sanctioned’ and ‘unsanctioned’ machines.”

The study found that the industries hardest hit by attacks were government, retail and high-tech, and that 78 percent of attackers used a home computer to do the deed, but that leaves a lot of questions unanswered, Schoen said.

Companies should ask whether they can reliably distinguish between sanctioned and unsanctioned computers on the network, whether employees working from home on unsanctioned computers would be allowed to access the network, and whether the technology could be deployed pervasively enough to matter. “We would need to know that the unsanctioned computers were actually necessary to the commission of these crimes, and that the crimes could not have been committed without using the unsanctioned computers,” Schoen stated in the e-mail interview.

http://www.securityfocus.com/news/11410

Read more

The Current State of: Windows Mobile 5.0 Security Tools

Posted on by admini

I started the search for a set of security tools about two months ago and I have been avidly watching a couple of vendors to see when they are going to do. There are the normal big players like Symantec, Trend and Mcafee but there are also some niche players like AirScanner (http://www.airescanner.com) and Bluefire (http://www/bluefire.com). The problem is that none of them are perfect or complete.

What is my wish list of security components?
– A firewall. This device can connect to networks easily, and I would like to limit the amount of access both incoming and outgoing. Stateful inspection would be really nice.
– Virus Protection. Maybe even spam control for incoming and outgoing email and IMs.
– IDS. A bit of an advanced idea but I would like to at least make it a hassle for someone to try and crack my device remotely.
– Encryption. This is a big one for me since nowadays we store our personal information, business emails and contacts and loads of sensitive notes.

So what appears to be the state of play when it comes to the vendors:

Mcafee – Hey guys, where is that solution you announced in February(http://www.informationweek.com/hardware/showArticle.jhtml?articleID=180200580&subSection). I can only seem to find references to a new beta program that you launched in June (http://beta.mcafeemobile.com/).

Trend – They have a virus protection solution and they will be launching a beta next Monday that adds a firewall. I signed up for the beta and I will let you know how it goes.

Symantec – Virus protect yes. Anything else… Couldn’t find it.

CA – They have an antivirus solution.

So moving to the niche players, thinks look promising, but that’s the problem, we are dealing with a vision, not actual product.

AirScanner’s suite looks great. I don’t know where they get their virus from but I hope it regularly updates itself. And the encryption solution, looks great. I will probably try it out. But, and a big but for me, the firewall doesn’t work with WM 5 and they have a message saying that they are working with Microsoft on resolving that problem but there is no ETA and you would think with the exploding market of WM5, they would want to get that out quickly. They also have WiFi Scanner but I am not really interested in that and it seems to be very sensitive about the hardware (i.e. there is a list of not supported/never will be supported phones) so be careful before you buy the s/w.

Bluefire – Looks like a very nice product but I haven’t had a chance to play with it since it is only available for enterprise sized organizations. They are promising a SMB version but there is no ETA.

So where does that leave us. There is no single solution to protect your Windows Mobile 5.0 phone.

I will probably end up with Airscanner’s encryption and Trends firewall and virus protection. Bluefire looks very interesting but you it looks like you need to have an infrastructure to manage it, so individual users will luck out here. Perhaps I can convince them to let me resell their product to users.

If you have comments, don’t hesitate to send to me or if you’re a member, add your comments.
Have fun, keep safe.

Paul

Read more

Track Hurricanes From Mobile Handsets

Posted on by admini

According to Digital Cyclone Chairman Paul Douglas, “With the new Hurricane Tracker feature, My-Cast users get that extra margin of safety, the critical hurricane information they need delivered directly to their mobile phone, to get a head-start and take appropriate action.”

Also included are StormWatch plots and warnings for affected counties, lightning tracking and alerts from the National Weather Service given virtually as they are issued.

My-Cast features radar images that show the speed and direction of approaching weather, visible and infrared satellite imagery, plus hourly and extended forecasts for up to 7 days, the company says. With GPS-enabled phones, location-aware My-Cast delivers data for the precise current location of the user automatically.

http://www.pocketpccity.com/articles/2006/8/2006-8-29-Track-Hurricanes-From.html

Read more