Category: News

“We consider MAC to be a key enabling technology to aid government and businesses alike, in being confident they can deliver more services, more quickly, and with better function, without compromising security,” said Marsh.

Gary Barnett, research director at Ovum, said the announcement shows the potential of public-private partnerships. “This is an important announcement that shows how both government and business can take security to the next level”, said Barnett. “The traditional ‘border control’ approach to security will no longer be good enough as organizations, including government, are increasingly obliged to grant access to internal systems to a wider range of external parties.

MAC addresses this issue by applying the ‘need to know’ security principle to operating systems, this means that rogue applications or malicious users are automatically contained and cannot cause damage beyond their immediate context.

SELinux is the first commercially available operating system to implement this sophisticated level of security, and today’s announcement shows how this can be combined with a commercial J2EE application server to form the basis of a complete solution,” added Barnett. Enterprises will also be able to take advantage of the technology, said Doc Shankar, worldwide Linux security lead for IBM. “What we’ve demonstrated here with WebSphere and SELinux can be repeated with other software such as DB2 and business applications. In other words through the use of this technology, any organization will have the ability to contain hackers, provide the necessary confinement for its applications and minimize damage to the enterprise,” said Shankar.

The proof of concept is planned to go live this month at County Durham & Darlington Acute Hospitals NHS Trust and will focus on providing secure system access for the hospital’s new finance system.

http://www.scmagazine.com/uk/news/article/556670/uk+cabinet+office+backs+security+enhanced+linux/

http://www.fcw.com/article94229-04-28-06-Web

“We have a fair number of employees who are telecommuters,” says Dan Lukas, lead security architect at Aurora Health Care in Wisconsin, which operates 13 hospitals and dozens of clinics and has about 25,000 employees. These transcriptionists, situated all over the country, then remotely access Aurora’s private-line network over the Internet to file each transcribed recording with a patient’s online medical records. “More and more, physicians want access to their offices from home, and we’re giving radiologists secure access so they can read images from home,” says Bob Burritt, Kettering Medical Center Network’s director of technology.

Lukas says Aurora transcriptionists who telecommute are given PCs with a standard image on them for hospital applications and security, such as anti-virus. The hospital is migrating from a Cisco IPSec VPN to a Juniper SSL VPN, because it doesn’t require special agent-based software to deploy.

Despite the industry buzz about automated procedures for checking a user’s anti-virus and patch updates before granting network access, Lukas says Aurora officials, who recently tested Cisco’s Network Admission Control products, believe that for the moment it’s not a mature technology and is too expensive.

Consultant Tom Walsh recommends that organizations adopting telecommuting equip at-home employees with dedicated PCs to be used for work only.

http://www.networkworld.com/cgi-bin/mailto/x.cgi

Development of the standards and supporting guidelines are the first phase of FISMA implementation, he said. “We’re completing the last document now,” Katzke said.

NIST has begun the second phase of implementation, which is an accreditation program for security assessment providers. A third phase, development of a system to validate FISMA compliance tools, is “out in the future.”

Keith Beatty of Science Applications International Corp. went out on a limb by praising the oft-criticized Common Criteria program operated by NIST and the National Security Agency. “You don’t get your evaluation before the product goes out the door,” one person said.

One person said the Common Criteria evaluation was not worth the $150,000 “entry fee” a vendor could expect to pay unless the vendor had a government contract in hand that would justify the process.

http://www.gcn.com/online/vol1_no1/40437-1.html

The security researcher, a student in the information systems program at Missouri State University, is currently working with Metasploit founder HD Moore to find flaws in Internet Explorer and other browsers using data fuzzing techniques. Murphy and others also took issue with the lack of details about Microsoft’s other security enhancements, including defense-in-depth changes and changes to how ActiveX controls are run.

http://www.securityfocus.com/brief/187?ref=rss

The botnets are used by their owners to defraud Internet advertisers, as in Ancheta’s case, or they can be rented out by the hour to those who want to carry out cheap mass-mailing campaigns. Extortionists may also rent them to launch denial-of-service attacks on legitimate Web sites.

“We are seeing less of the big virus outbreaks such as Sasser and Blaster, and so some people believe the situation is getting better, when in fact it is getting worse,” said Mikko Hypponen, chief research officer at security company F-Secure. He sees botnets as a major problem that cannot be easily fixed, because the hijacked machines are mostly home PCs connected to an ADSL line.

“Once active, it monitors every Internet connection, every access to Web pages and access to the bank, and reports it back to the creator of the Trojan,” Sancho said.

While Windows PCs remain the prime target for attacks, prepare to see more activity targeted at the mobile phone. F-Secure recently detected the first malicious Java software on a cell phone, meaning it could affect most handsets, and not just the high-end models, Hypponen said. And in March, he spotted a Trojan horse that plants itself on the cell phone and calls a premium rate number in Russia, each time clocking up five euros ($6.04) for the criminal who sent it.

Even so, the rapidly growing world population of broadband users means that botnets will continue to be the main focus for Internet criminals.

All of the people in the Rogues Gallery of the world’s top 10 spammers, on the Spamhaus Project Web site, are constantly topping up their networks with new zombie machines owned by people with little concept of security.

http://news.com.com/Whats+the+next+security+threat/2100-7349_3-6061341.html