Immunize Your Servers Against Attack

Posted on by admini

Primary Response 2.2 is software you install on Windows NT, 2000, 2003, or Solaris servers. It “immunizes” your servers against undefined intrusions, the way the human body defends itself against biological viruses it’s never seen before, according to its developer, Sana Security.

The basic security features of Primary Response 2.1, the software’s previous version, have just been certified by ICSA Labs, an independent testing firm, according to a lab spokesperson. This is the first such certification given to a new kind of program known as host-based intrusion prevention systems or HIPS, according to Dr. Steven Hofmeyr, Sana’s founder and chief scientist.

A NIPS solution is typically a hardware appliance that’s plugged in between a company’s servers and the Internet. Such devices monitor network traffic and protect the servers from inappropriate packets, such as hacker attacks. NIPS, however, cannot protect applications that are running on individual PCs or defend against the behavior of insiders, which most intrusions are.

Host-based intrusion prevention systems, such as Primary Response, install on each server that you wish to protect. Installing a HIPS solution, unfortunately, doesn’t eliminate the need for companies to also purchase NIPS and client-based security software.

But corporations can save big bucks with HIPS by installing Microsoft patches only once every calendar quarter, instead of once a month or more, Hofmeyr says.

A Primary Response 2.2 installation consists of at least one “management server,” which lists for $6,500, and one “agent” per server you wish to protect.

More info: http://itmanagement.earthweb.com/columns/executive_tech/article.php/3364491

Read more

Cybersecurity: Too important to leave in private hands?

Posted on by admini

During a panel discussion about the possibility of government creating cybersecurity regulations, Press and Rich Mogull, a research director for Gartner Research, advocated government taking a more active role.

While others on the panel suggested the U.S. government could affect cybersecurity by using its huge purchasing power to influence companies, Press questioned why software vendors aren’t sued for selling products with security flaws. Without laws allowing software vendors to be sued, “you are rewarding people for selling broken products,” he added. Instead of software vendors being held responsible for cybersecurity problems, the buyers pay the bill, Press said. Instead of government regulations, software buyers should demand better products, he said. In all but the desktop market, where Microsoft dominates, competition over the past couple of years has helped improve software security, Pescatore added.

Fred Barnes, executive editor of the conservative Weekly Standard and cohost of Fox News’ Beltway Boys, asked the panel why more cybersecurity legislation hasn’t been considered in the U.S. Congress.

“There’s a fear of stifling innovation,” said Roger Cressey, president of Good Harbor Consulting LLC and former counterterrorism expert at the White House.

Fred Barnes, executive editor of the conservative Weekly Standard and cohost of Fox News’ Beltway Boys noted that some government and private cybersecurity experts have been warning of the possibility of a “digital Pearl Harbor,” a massive attack on U.S. IT assets, for several years. The threat cannot be overstated, answered Bob Dix, staff director for the technology and information policy subcommittee of the House Government Reform Committee. However, Dix said Monday he hopes the subcommittee’s efforts to raise awareness about cybersecurity will get company chief executives to take the issue seriously.

But Press suggested that the software industry should be proactive and work with Congress now to pass legislation the industry can live with.

More info: http://www.nwfusion.com/news/2004/0607cybertooi.html

Read more

Zombie PCs generate 80 per cent of spam

Posted on by admini

The company found that Trojans, typically installed surreptitiously by worms or spyware, exploit vulnerabilities to bypass normal email routing and drop spam messages directly into end user machines.

Many of the most well-publicised worm attacks in recent months were launched expressly to install spam Trojans on unsuspecting end users’ machines, waiting to be used at a later date as a spam delivery relay, Sandvine warned.

The report also found that the behaviour of spam Trojans taxes ISPs’ infrastructures and, in the case of smaller ISPs, creates perceptions that some networks are generating more than their fair share of spam. “Subscribers’ in-boxes are bombarded daily and, while spam filters can provide an effective treatment, the scale and scope of the problem means that additional remedies are needed,” said Marc Morin, co-founder and chief technology officer at Sandvine, in a statement.

“As a complement to existing mail server and client-based tools, service providers need to arm themselves with network-based anti-spam defences.”

More info: http://www.vnunet.com/news/1155583

Read more

New Viruses Hit 30-Month High

Posted on by admini

Five new viruses released in May made Sophos’s Top 10 for the month. Included are Sasser, Netsky-Z, Sober-G, Bagle-AA, and Lovgate-V, the company said.

Sasser led the pack in the number of infected machines reported. Sophos found a total of 959 new viruses on the Internet in May, the highest number since December 2001. The number includes new viruses that were variants of older viruses.

More info: http://www.informationweek.com/story/showArticle.jhtml?articleID=21401332

Read more

Windows gets ‘strong’ passwords as SecurID trials kick off

Posted on by admini

SecurID is one of the most popular two-factor authentication systems and is already used by many large enterprises. The token is about the size of a matchbox and generates a new six-digit code every minute. Users are given an easy-to-remember PIN number to type in alongside the code displayed on the token.

With an integrated SecurID system within Windows, enterprises should find easier and cheaper to ensure users do not use weak passwords or forget them.

George Anderson, IT security business development manager at services firm Computacenter, which is one of the participants in the beta trial, said the SecurID and Windows combination is a welcome relief. “We recognise that password-only security has for some time been inadequate for truly protecting Windows workstations,” Anderson said.

The beta test programme is being rolled out to a small number of companies and is expected to last around a month.

RSA Security expects the full commercial version to be available in shortly after the trial ends. Jason Lewis, vice president of product management at RSA Security, said the technology complements RSA’s core business, which is to authenticate remote users. “We’ve been traditionally focused on security issues outside the firewall and although securing remote access is critical, the RSA SecurID for Microsoft Windows solution addresses a real threat to exposing an organisation’s sensitive data within the enterprise,” said Lewis.

The integration of SecurID and Windows was first announced at the RSA Security conference in San Francisco earlier this year. At the time, Microsoft’s chairman Bill Gates said the development signalled the death of the traditional password.

More info: http://news.zdnet.co.uk/hardware/0,39020351,39156548,00.htm

Read more