Category: Product

The good news about open source security tools is that they’re cheap and don’t require much administration.

The security tools available in the open source environment are easy to procure, but they don’t offer a central method of handling administration across multiple servers.

Trusted Computer Solutions Inc. tomorrow will attempt to jump into this void with the introduction of Security Blanket 2.0 Enterprise Edition, an automated “system lock down” and security management tool for Linux operating systems that can manage all local and remote Linux servers from a centralized Web-based management console. The idea is to make it easier for larger Linux environments, such as government and educational organizations, to do the “hardening” process required to meet security compliance requirements, says Jamie Adams, senior developer at TCS.

“It helps you figure out what needs to be configured, and then it helps you do the configuration.”

Currently, the primary open source tool for security administration is Bastille, but Bastille can’t configure multiple servers from a central location and doesn’t always meet current standards for compliance. The Enterprise version enables administrators to easily group Linux servers, associate a lockdown profile with a group of servers, scan all servers within a group to determine compliance, and configure the server operating systems to the lockdown level of the chosen profile.

Security Blanket 2.0 Enterprise includes the security guidelines recommended by the Center for Internet Security (CIS), the Defense Information Security Agency (DISA) Security Technical Implementation Guides (STIGs), and select guidelines from the SANS Institute’s defined risks associated with Linux.

Automation might increase organizations’ interest in server hardening, which many still don’t do, said Forrester Research in a report issued last year.

http://www.darkreading.com/document.asp?doc_id=151607&WT.svl=news2_1

It functions in compliance with S/MIME and OpenPGP, the two internationally established standards for e-mail security, and is compatible to all current e-mail programmes.

Another new feature of this product is its validation and archiving link for attached documents — such as i.e., invoices with a qualified signature.

The new version recognises, effective immediately, any attachments in incoming e-mails with a qualified signature (SigG/SigV), then validates them and transmits the validation report as an XML file, analogue to GDPDU – along with the e-mail itself — to an existing archiving system.

http://www.net-security.org/secworld.php?id=6023

With a 6.1 Gbps intrusion prevention speed, customers also gain the ability to stop application layer threats at industry-leading speeds. Consequently, organizations facing application security threats, such as worms or buffer overflows, will be able to stop them while maintaining high performance for business critical applications.

Multiple Power-1 appliances can be centrally managed with other Check Point security gateways through a single console, thus simplifying network security management and reducing administrative costs.

http://www.net-security.org/secworld.php?id=6021

Identum will likely strengthen Trend’s software-as-a-service product portfolio, however, because it gives the company a way to add e-mail encryption to its InterScan Messaging Hosted Security product line.

Like other security vendors, Trend has been trying to beef up its software-as-a-service lineup in recent months, offering customers a simpler way to keep on top of the latest threats than is found with traditional security products. The acquisition will “ensure an even safer, more secure Internet experience for the company’s global customers,” Trend said in a statement.

http://www.networkworld.com/news/2008/022508-trend-micro-buys-uk-encryption.html

“People doing manual code review look for vulnerabilities, but not typically for backdoors,” says Chris Wysopal, CTO and co-founder of Veracode. “We built a metal detector for this.” Wysopal says several of Veracode’s financial services customers had approached the company with concerns about this potential threat in the third-party software products they purchase and that their developers write.

In a recent report by the Defense Science Board on the risks of the Department of Defense’s dependence on software manufactured outside of the U.S., the DSB discusses the need for assuring the software purchased by the DOD isn’t sabotaged in any way. He found that 23 software packages that government employees might download for tools or for developing apps for their agencies, had backdoors within them.

Special credential backdoors are when a developer or attacker hard-codes passwords or keys into the program code, including username and password, for instance. Hidden functionality backdoors are special commands inserted into the code that lets an attacker issue commands or authenticate without going through the app’s standard application procedure. Still, that’s a dangerous practice, Wysopal says: “I don’t care if a feature was put in on purpose by the developer for debugging, or maliciously by an attacker. “The big tell-tale sign of a rootkit is the software is doing something it’s not supposed to do,” Wyospal says.

http://www.darkreading.com/document.asp?doc_id=141487&WT.svl=news2_4

Cisco’s NAC Appliance is doing reasonably well providing self-service remediation for non-compliant endpoint configurations. The primary market for NAC Appliance is still higher education – this may help Cisco sell security into the corporate ISR base.

Network managers can use this capability to have near real-time views of what’s connected to their network. The products actually do good things in a Cisco context, except that NAC Profiler requires NAC Appliance.

http://www.computerworld.com/blogs/node/6201