admini – Page 372 – CyberSecurity Institute

The Network Strikes Back: Experts Worry About Tech Retaliation

Posted on June 21, 2004December 30, 2021 by admini

Symbiot Security says its new Intelligent Security Infrastructure Management Systems not only defends networks but lets them fight back, too.

Though the notion of striking back against “bad guys” may satisfy primal urges, most security experts question whether retaliation will actually halt cyberattacks. Ideas about going on the offensive against Internet attackers “have been bounced around for a while,” said senior analyst Jesse Dougherty of the security firm Sophos. Hackers, worms and data attacks are costing companies dearly, and open the door to identity theft and the loss of intellectual property.

The offering, known as iSIMS, comes amid growing frustration over computer intruders. In documents on the Austin, Texas, company’s Web site, Symbiot advocates a gradual escalation of action based on the best information available and the customer’s preference. A position paper attributed to Symbiot’s executives and posted on its Web site broadly outlines the counter-strike philosophy.

“On the Rules of Engagement for Information Warfare” says computer intrusions deserve a response in kind – including “asymmetric” countermeasures that can include flooding the attacking computers with data, rendering them Internet-blind, and other measures to neutralize the problem.

The responses mirrored the content of Symbiot’s Web site, which describes the 18-employee company as “emerging as a leader” in security infrastructure management. For instance, if a hacker takes advantage of vulnerabilities on multiple PCs to relay the assault through them, then the victim can trace it by exploiting the same vulnerabilities as the initial act.

In the past, some attempts to fight fire with fire have misfired. “We’ve seen worms that have had major impact like causing delays in airline schedules, shutting down ATM machines, 911 systems and so on,” said Dorothy Denning, a professor of defense analysis at the Naval Postgraduate School.

More info: http://www.crn.com/showArticle.jhtml?articleID=22101131

June News

Posted on June 20, 2004December 30, 2021 by admini

From_the_desk_of_Paul_-_06152004.pdf

Network Associates Beefs Up Intrusion Defenses

Posted on June 19, 2004December 30, 2021 by admini

“The combined IPS solution has protected against every recent outbreak, even zero-day attacks,” claimed Vimal Solanki, the director of marketing for McAfee’s IPS line.

IntruShield is moving to version 2.1, adding a first in the intrusion-detection system (IDS) and IPS market: the ability to protect encrypted attacks on SLL data transmissions by decrypting and inspecting the traffic. The integrity of the encrypted data and encryption keys are retained, said Solanki, and analysis of the data for signature, anomaly, and DoS attacks occurs in real time without degrading transaction speeds. Other changes to IntruShield include an internal, integrated firewall that protects the systems inside the network from attack, just as existing firewalls guard the perimeter.

IntruShield’s firewall can be sliced and diced in a virtualization mode to set policies for individual machines, groups of desktops or servers, or the entire network. Version 5.0 defends desktops and servers against traditional as well as zero-day attacks-so-called because they exploit vulnerabilities not yet patched–by using signatures and profiles of known and anticipated threats. Like its IntruShield cousin, Entercept 5.0 adds integrated firewall capabilities to provide more protection between individual systems and the rest of the network, or the Internet in general.

More info: http://www.securitypipeline.com/news/21700492;jsessionid=HPOWFZ5SDH2U4QSNDBNCKHY

From Cisco, self-defense weapons for networks

Posted on June 18, 2004December 30, 2021 by admini

The company plans to announce new capabilities in its routers to help protect corporate networks from viruses and worms, two sources close to the company.

The release is the first phase Network Admission Control (NAC), a collaboration program between Cisco and antivirus companies. Through this program, Cisco has developed technology with three antivirus specialists–Network Associates, Symantec and Trend Micro–that will let Cisco’s networking products communicate with antivirus products. Devices running NAC technology will allow network access only to compliant and trusted endpoint devices, like PCs and PDAs (personal digital assistants).

In the second phase of the program, the company plans to extend this offering to its Catalyst 2900 to Catalyst 6500 switches. These switches are often used to connect users within the same building. The technology will also enable the capability on the VPN 3000 remote access product, which provides remote connectivity to the corporate network.

Extending security to these network elements helps Cisco fulfill its vision of protecting the entire network. For Cisco to achieve its networking vision, it has to expand this security technology throughout its product line, Yankee Group analyst Zeus Kerravala said.

“In order for the self-defending network concept to work, Cisco needs to have this technology on devices throughout the network,” Kerravala said.

Initially, Cisco plans to combine Trend Micro’s network worm and virus signatures with the its Intrusion Detection System (IDS) software implemented in its routers, switches and network security appliances. The NAC program and Cisco’s relationship with Trend Micro fall in line with Cisco’s strategy on security, which is to embed as much security technology as it can throughout the network, so that the network itself can detect and defend against malicious attacks.

Like Cisco, Enterasys has embedded intrusion detection and prevention and antivirus functionality into its networking gear.

More info: http://zdnet.com.com/2100-1105_2-5239359.html

Senate debates cybercrime treaty

Posted on June 18, 2004December 30, 2021 by admini

Richard Lugar, R-Ind., said at a hearing Thursday that the Council of Europe’s cybercrime treaty should be ratified quickly because it “will help the United States continue to play a leadership role in international law enforcement and will advance the security of Americans at home and abroad.” Lugar is the chairman of the Senate Foreign Relations Committee.

The treaty would require participating nations to update their laws to reflect computer crimes such as unauthorized intrusions into networks, the release of worms and viruses, and copyright infringement. The measure, which has been ratified by Albania, Croatia, Estonia, Hungary, Lithuania and Romania, also includes arrangements for mutual assistance and extradition among participating nations.

If ratified by the Senate, the treaty would “enhance the United States’ ability to receive, as well as render, international cooperation in preventing, investigating and prosecuting computer-related crime,” Samuel Witten, a legal adviser at the U.S. State Department, said when he testified Thursday.

“Such international cooperation is vitally important to our efforts to defend against cyberattacks and generally improve global cybersecurity.” An addition to the treaty would require nations to imprison anyone guilty of “insulting publicly, through a computer system” certain groups of people based on characteristics such as race or ethnic origin, a requirement that could make it a crime to e-mail jokes about Polish people or question whether the Holocaust occurred.

The Department of Justice has said that it would be unconstitutional for the United States to sign that addition because of the First Amendment’s guarantee of freedom of expression. Because of that objection, the Senate is not considering the addition, but other nations ratifying the treaty are expected to adopt both documents. Still, some civil liberties groups have criticized the portion of the treaty that is moving through the Senate.

The Electronic Privacy Information Center on Thursday sent a letter to the Foreign Relations Committee saying it should not be ratified because it would “would create invasive investigative techniques while failing to provide meaningful privacy and civil liberties safeguards.”

More info: http://news.com.com/Senate+debates+cybercrime+treaty/2100-1028_3-5238865.html

Interesting commentary of Internet Explorere vs. Mozilla Firefox

Posted on June 17, 2004December 30, 2021 by admini

For instance, last August, Microsoft issued a patch that fixed a hole that the company described this way: “It could be possible for an attacker who exploited this vulnerability to run arbitrary code on a user’s system. If a user visited an attacker’s Web site, it would be possible for the attacker to exploit this vulnerability without any other user action.”

“IE is a buggy, insecure, dangerous piece of software, and the source of many of the headaches that security pros have to endure…”

A little over a week ago, the SecurityFocus Vulnerability Database reported the “Microsoft Internet Explorer Modal Dialog Zone Bypass Vulnerability,” which “may permit cross-zone access, allowing an attacker to execute malicious script code in the context of the Local Zone.” That was just one of the six reported so far this month – and we’re only halfway through!

In fact, it’s gotten so bad that now spyware creators (AKA, scumbags) are using flaws in IE to surreptitiously install the I-Lookup search bar (or one of several others) into the browser. Again, the user doesn’t need to do anything – just visit a Web site or click on a URL in an email. Your home page is changed, a bunch of new bookmarks show up in your Favorites, and popup windows for porn sites open constantly.

On Monday, the Mozilla Foundation released its latest preview release of Mozilla Firefox, available for download and ready to run.

As most of you probably already know, the Mozilla browser is great, but it’s also a huge software project, encompassing a Web browser, an email program, an address book, a Web page editor, and much, much more. Mozilla Firefox is an effort to pull out the browsing component, resulting in a faster, more focused, and more innovative Web browser. Its feature set is enviable: pop-up blocking, tabs, integrated search, an awesome level of customizability, and excellent support for Web standards.

But it has really shone (as has the Mozilla Project as a whole, actually) in the area of privacy and security. All software has bugs, and none is totally “secure”. As has been said so many times, security is a process, not a product. So I’m quite aware that Firefox has had security issues, and will have more in the future as sure as the sun rises.

In addition to a good track record in the past, Firefox and the Mozilla Foundation are taking a proactive approach to securing the Web browser in the future. The privacy and security settings available in Preferences are intelligent and effective, and the browser itself does not accept ActiveX controls, a key vulnerability in IE. Firefox uses XPI files to install themes, extensions, and other add-ons.

As people who care about security – and who so often work with people who care nothing about security – it’s our responsibility to spread the word about a better Web browser that does not constantly compromise the basic security of our computers and networks.

More info: http://www.securityfocus.com/columnists/249