Author: admini

Check Point calls off Sourcefire buy

Posted on by admini

Check Point, an Israeli company best known for its firewall technology that defends networks against Internet attacks, announced in October that it had signed a deal to buy Sourcefire, which makes security appliances for protecting a corporation’s internal networks.

The deal had been under scrutiny since February by the Committee on Foreign Investment in the United States, or CFIUS, a panel made up of representatives from a dozen government agencies tasked with investigating foreign investments in U.S. companies that could affect national security.

Check Point had committed to an all out effort to lobby the committee for approval, but the process fell afoul of international politics following the public outcry over the failure of CFIUS to further investigate a proposed deal that would have given a Middle Eastern company control over six major U.S. ports. The proposed Check Point acquisition was under initial review by the U.S. Treasury-led CFIUS, when the Associated Press broke the news that United Arab Emirates-based Dubai World Ports planned to close a deal which would have given the company responsibility for security at six major U.S. ports.

Congress established CFIUS under the U.S. Treasury Department in 1988, when fears of growing Japanese ownership of U.S. companies caused legislators to pass the Exon-Florio Act.

http://www.securityfocus.com/news/11382?ref=rss

Read more

Managed Security Services Ready For Growth

Posted on by admini

“If you’re just selling boxes, you’re only as good as your last month,” said Stuart Chandler, president and CEO of Optivor Technologies, a Nortel Networks Elite Advantage Partner in Elkin City, Md. “But if you’re locking a customer into a two-year managed services contract, now you have monthly recurring revenue coming in and you can forecast your profitability reliably.

Security solution provider Jenlor, Bridgeville, Pa., made the transition to managed services after realizing it was literally walking away from new business at customer sites it already owned. “We started out in 2001 selling firewalls,” said Jenlor Managing Partner Bill Peters. Peters said Jenlor doesn’t always lead with managed services because customers often fear that monthly cost and contract.

http://www.securitypipeline.com/news/183701716;jsessionid=SZULMWMTXN0HSQSNDBECKICCJUMEKJVN

Read more

Many Data Centers Still Have No Risk Management Plan

Posted on by admini

“The question becomes whether companies are focusing their dollars on potential disruptions that have the highest probability of affecting the organization,” Caprio said.

The survey found that more than 60% of respondents say 10% or less of their data center budgets are allocated to risk management, while only 18% dedicate 25% or more of the budget in that area. While 42% don’t foresee implementing some form of grid computing or virtual processing in their data center, 37% say they will within two years, 17% within five years, and 4% within 10 years. Nearly a third expect to have to relocate their data centers, while 45% believe they will need to make major improvements to existing data centers.

In the past five years, 34% of respondents have had to upgrade or add feeders to their data centers to accommodate higher loads, 14% had to build new centers with additional capacity to meet IT requirements, and 8% had to ask landlords for more electrical capacity.

http://www.securitypipeline.com/news/183701727

Read more

VoIP security at odds with QoS

Posted on by admini

“We have to follow standards and listen to news groups. Adding encryption to prevent outsiders listening into conversations can also degrade performance.

“Providing QoS to use limited bandwidth but still encrypt data limits the ability to analyse what application is running, or decide what QoS should apply, ” said Gilad Brand, director of product management at VoIP gateway specialist Jungo.

SIP is an open standard that should help to address the security versus performance issue, but vendors’ implementations of the technology differ, so interoperability and uniform feature sets are not assured in the short term, said Slaby.

http://www.vnunet.com/2152383

Read more

Debit-card fraud underscores legal loopholes

Posted on by admini

“There are few details of these leaks because credit-card companies do not want people to lose confidence in debit cards,” said Beth Givens, executive director of the consumer advocacy group Privacy Rights Clearinghouse. The mystery surrounding the data breaches underscores loopholes within the majority of state laws which aim to mandate the disclosure of security breaches. Moreover, the silence over responsibility for the breaches contrasts consumer advocates’ warnings that a federal law currently being considered by Congress will ironically roll back protections even further.

There are three cases in which a company suffering a breach can bypass most current notification laws, all of which have some basis in the legislation first drafted in California, security and legal experts told SecurityFocus. A company suffering a data breach can delay notification during a criminal investigation by law enforcement. If the stolen data includes identifiable information–such as debit card account numbers and PINs–but not the names of consumers, then a loophole in the law allows the company who failed to protect the data to also forego notification. Finally, if the database holding the personal information was encrypted but the encryption key was also stolen, then the company responsible for the data can again withhold its warning. In those cases, “they have no obligation to notify,” said Avivah Litan, vice president of security and privacy research for business analysis firm Gartner.

“The bottom line is that they escaped the disclosure law–at least for now.”

At least one state’s notification law has language that forces companies to disclose a breach even if the database records did not contain names or were encrypted and were stolen with the key. The state of New York’s Information Security Breach and Notification Act (S03492) passed in August 2005 does not contain the loopholes. A breach that includes any consumers from New York state would fall under the law’s jurisdiction.

Last June, Mastercard International published a statement warning that online attackers had breached the network of CardSystems Solutions and collected as many as 40 million credit-card accounts of various brands.

A rash of fraud that started in February was blamed on the leak, and media reports pointed at OfficeMax as the source.

“There is an ongoing federal investigation relating to ATM fraud involving legitimate debit card use at various retailers that was later tied to fraudulent transactions outside the U.S.,” the company stated in the filing to the Securities and Exchange Commission.

In the past month, law enforcement authorities in New Jersey and New York arrested more than a dozen people in connection with an organized identity theft operation, said Edward DeFazio, the prosecutor for Hudson County, New Jersey.

http://www.securityfocus.com/news/11381?ref=rss

Read more

DNS recursion leads to nastier DoS attacks

Posted on by admini

Under a more common distributed DoS (DDos) attack, a botnet — a network of compromised PCs being remotely controlled — directly inundates a victim’s Web server, name server or mail server with a multitude of queries. The goal of a DoS attack is to crash the victim’s system or take their Web site offline, as either tries to respond to the requests.

But in this latest spate of DDoS attacks, bots are sending queries to DNS servers with the return address pointed at the targeted victim.

While it is possible to stop a bot-delivered DDoS attack by blocking the bots’ IP addresses, blocking queries from DNS servers would prove more difficult, Silva said.

http://news.zdnet.co.uk/internet/0,39020369,39257938,00.htm

Read more