| Network security is an evolving animal that changes every year. Just as your virus protection changes its signature database, your company needs to change its endpoint security to maintain quality security control throughout your network. Hackers are modifying their approach to attacks constantly and if you don’t change how your network filters out these attacks, then you will lose the war.
Managing endpoint security and control on your network is a key factor in your overall |
|
| security. Today endpoint security requires a multi-layer approach. A study done by the European Network and Information Security Industry showed that more than half of all exploits come in the form of browser hijacks and vulnerabilities. Attacks today are also becoming much more blended which means they take advantage of multiple protocols and mediums to accomplish the task. Attacks like these require that all points in your network are covered and endpoint security of the past is no longer effective enough.
The best way to combat against blended attacks today is with a blended or multi-layer endpoint security solution. Intrusion prevention systems are a must. They are not just a solution for enterprise business, but also for small and medium sized business, if not even more so. Today small businesses are becoming a large target for attackers. This is due to the fact that many small businesses process credit card information today, but then lack the budget for a quality endpoint security and control infrastructure. This makes them a an easy target for attackers. Your endpoint security and control infrastructure today contains several features that help protect your network. They typically involve several of the following forms of protection: antimalware, desktop firewall, hardware gateway firewall, intrusion prevent and detection, device control, application monitoring, and network wide event monitoring. All these facets are usually monitored and controlled to provide a comprehensive endpoint security solution. Because each facet can now be broken down into a seperate product in and of itself, it allows for scalability among all business levels. |
|
In a Microsoft Security Bulletin released late last week, 12 new security updates have been planned for release this Tuesday. Seven of those updates have been labeled as critical and the rest are labeled as important. This bulleting came at the same time of the Black Hat conference.
During last week’s Black Hat conference, researchers Mark Dowd and Alex Sotirov discussed ways to bypass Windows Vista memory protection techniques like DEP. They use several browser functionality methods to do so. They don’t exploit any software vulnerabilities which means these flaws will be much harder for Microsoft to correct. Microsoft has yet to comment on the findings.
Web 2.0 has become a huge buzz word on the internet in the last few years and it will only continue to grow over the next few. It provides a way for people to collaborate and share their ideas in ways they never could before. Generally speaking the internet has not changed much technically. But, since the introduction of Web 2.0, the way people use the internet has. Not only has the general public caught on to this idea of Web 2.0, but businesses are also seeing it as a great way for its employees to communicate, express their ideas, and promote teamwork. Today more than two-thirds of businesses are using at least one Web 2.0 application.
Information thieves have caught onto this fact and have begun looking into new ways to steal information and exploit weaknesses. Over the years we’ve seen many different ways for attackers to initiate attacks. Several years ago email attachments were one of the most prominent ways to spread a virus. But with the introduction of Web 2.0, attackers are seeing it as a new medium for malicious attack. Whereas before users would have to click on email attachments to execute them, now web protocols allow attackers ways to spread malicious code just when a user visits the web page.
Malicious code is not the only threat that Web 2.0 applications expose businesses to. Exposure of confidential information is one of the number one threats that face businesses that Web 2.0 directly exposes them to. More than a third of information leaks are through message boards or blogs that are found on the internet.
Controlling access to Web 2.0 applications has become a main concern for many IT departments. Content control is no longer just a concern for enterprise businesses. Today even small and medium sized businesses are having to look into solutions to control the access to certain content.
| More and more people today are taking their banking online. Some 42% of internet users do their banking online. Considering that this number is growing every year, banks and credit unions are looking at their online banking security and making sure that they are able to provide safe interactions with their customers. For those that don’t do their banking online claimed that their main reason for not doing so is the lack of online banking security. One of the reasons why they feel insecure about banking online is because of misinformation and not knowing the correct information on internet security. | |
| A study from the University of Michigan by Atul Prakash looks at design flaws that many banking sites have today that fail to protect users who don’t know the basics about internet security. It looks at design flaws rather than actual application vulnerabilities. Design flaws are different from application vulnerabilities because they are based on decisions that were made when designing the website. Many of these decisions that the designers of banking sites have made promote insecure user behavior and because many users are uneducated about basic internet security, these flaws can be taken advantage of.
Some of the flaws of online banking security that were noted were things such as being able to access the site by using insecure HTTP, being redirected to an untrusted site, low security password thresholds, and emailing confidential data to users. These are all flaws that have been found that if a user is unaware of the risks that these designs pose, can lead to confidential data being leaked. As far as user password information goes, many of the sites involved in the study don’t require password restrictions for users. Having low quality passwords invite themselves to being disclosed by brute-force attacks. But it is also noted that with the introduction of phishing sites and keyloggers, having a strong password doesn’t protect against those and many banks find it to be just an inconvenience for their users to force strong passwords. It is also claimed that by enforcing a ‘three-strikes’ lockout policy when incorrectly typing in a password makes brute-force attacks on low quality passwords unrealistic. But the study finds that even enforcing a lockout policy is not enough if low quality passwords are allowed. Parallel dictionary attacks can be used if a list of usernames are available where a string of authentication requests are run across all the usernames using common passwords. The study also mentions websites that break the chain of trust. Often times bank websites will redirect to other websites without notice. Regardless of whether these sites are secured by using SSL, many times the certificates used are not affiliated with the bank at all and there is no way for the user to tell if they are still on the banks website or not. This makes it hard for even a knowledgable user to know if they are on a phishing site or not. As mentioned, other sites present secure login options under insecure webpages. While their site may offer secure logins via SSL and HTTPS, that same webpage may be available insecurely under an HTTP version. While redirection to a secure page may occur, if the user had already entered in credential information under the insecure page, their credentials are at risk of being compromised. For more information on this online banking security study, you can visit the following page: Analyzing Websites for User-Visible Security Design Flaws |
|
Email is a part of everyday life in the business world. Even small companies will see thousands of emails pass through their servers each day. This means there is plenty of opportunity for attack against your mail server. So here are 5 good tips to help keep your email secure.
1) Change your SMTP banner: Most mail servers accept connections of port 25 for use with SMTP. If you telnet on port 25 to a mail server that is opened up on port 25, you will receive a response from that server. This response is called the SMTP banner. Usually by default (with Exchange) this banner will not only display the actual server name and domain, but it will also show the version number and software that is running on that server. This is crucial information that an attacker can utilize when planning an attack. It is important that if your server accepts connections on port 25 that you mask this banner with a canned message that doesn’t display sensitive information like that. For more information on changing this banner with Microsoft Exchange, read this Microsoft article: Changing your SMTP Banner
2) Enabled Relay Restrictions: This is usually set by default on mail servers so that only authentication or specified servers are allowed to relay email through your mail server. But, it is a good security measure to take to ensure that your mail server is not an open relay. If there are no restrictions set, spammers will have a field day with your server. Not only can this really cripple your server if not taken care of promptly, but it can also get your server blacklisted. Once blacklisted you will need to score which blacklists you are on and request to be removed once you prove to them that you are no longer spamming from your server. This can take weeks or months depending on which list you are on. If you aren’t sure if your server is an open relay, you can use this tool to check: Open Relay Checker
3) Make sure your server is up-to-date: Because your mail server is constantly in touch with connections to the outside world, it is crucial that your mail server is always up-to-date. A lot of IT professionals will ensure that their servers have the latest Windows Updates run on their servers, but don’t forget about Exchange updates and service packs as well. Automatic updates won’t keep that up-to-date and many times the security vulnerabilities needed to be patched with Exchange are more critical than your typical Windows update. While there is no excuse for an out-of-date server, if installing updates is something that takes up too much of your time, then look into a patch management solution. Microsoft offers a free solutions for all their software systems called Windows Server Update Services.
4) Protect your mail server with a front-end server: Another good idea for security is to set up a front-end server to act as either a proxy or relay between the mail server that stores your mail databases and the internet. The front-end server will handle all HTTP and SMTP requests for your main mail server. All emails will then be relayed from this front-end server to your main mail server. What this allows you to do is close off port 25 to your main mail server so that it is hidden behind your firewall. Many companies will even provide this service for you. Having your server behind a firewall and accepting connections from only internal mail clients and the front-end server will greatly increase the security of your server.
5) Spam and Virus Protection: I’ve listed both spam and antivirus under the same number here because I think we are at the stage where they both go hand in hand. It is important that you maintain antivirus and antispam software on your network. I recommend using a seperate appliance for spam as this will help catch spam emails from even reaching your mail server. If your mail server processes a lot of emails everyday, then this will help eleviate some of the strain that it carries. Making sure that both systems are up-to-date with the latest signatures goes without saying.
These are only 5 tips for helping maintain security on your mail server and there are a ton more. Hopefully these will get you on the right track and taking email security serious.
Keeping data secure at all times is crucial if you want to keep confidential files confidential. Any data that is stored on disk is at risk of being compromised in some way. It is important to learn ways to keep it as safe as possible and to encrypt it to ensure that if an attacker does gain access to files on your hard disk, then the encryption on the files will deter them from accessing your confidential data.
One program I use to encrypt my most confidential data files is called TrueCrypt. It is an open-source program that creates a virtual disk on your computer to access the files within the encrypted file and mounts it as an actual disk. When you dismount the disk, your files are kept securely within the encrypted file. It also has the ability to encrypt an entire partition and whole disk encryption. If you want to encrypt everything on your computer, it utilizes pre-boot authentication and allows you to encrypt the system partition as well.
The nice thing about the application is that you can put the program on a thumb drive and run the application from any PC without the need for installation. This allows you to carry the encrypted file with you anywhere and have access to your data while keeping it securely contained. There are a ton of great security features in the free download. Check it out and let me know what you think. It can be downloaded here: TrueCrypt.
So there has been a lot of talk lately about Kaminsky’s DNS Poisoning Vulnerability. What is it and why is it such a hot topic, yet kept so secret at the same time. Well I can’t tell you exactly what the issue is. If I could then I’d probably be directly in touch with Dan Kaminsky and would be at Defcon with him at the end of the week. But there is a little bit of information out about the severity of it and why it is kept such a huge secret. There was a design flaw found with DNS that allows an attacker to poison the cache on a DNS server with invalid entries.
What poisoning is refered to in IT is when entries in a cache system are replaced with fake or incorrect entries on purpose from an attacker. With DNS what this results in if someone were to take advantage of it is the attacker could revert any traffic to any particular website hosted on the compromised DNS server to any other web server on the internet. This means the attacker could place a phishing web page at the new destination. Email could also be compromised by poisoning MX records and then having confidential emails redirected to another email server on the internet. Basically the internet would become compromised.
But, thanks to a collaboration of some of the best minds in the industry, this issue has been kept secret and has given everyone hopefully enough time to patch the vulnerable systems. Here is a little more information on the DNS vulnerability at hand.
No computer network can be 100% protected from threats that the internet and attackers can bring. But with a smart IT security policy and using a layered approach, you can reduce your company’s risk to attack.
Viruses today are more blended and have a higher payload than ever before. This means that they are easier to distribute and can do greater damage. Viruses today can attack networks at even the lowest level which means they can bypass desktop and server antivirus software. Software antivirus no longer provides the complete protection that it once did.
So what is layered antivirus and network security and how should you approach it? Simply put, it is like placing a defense barricade at every possible entry point onto your network. A typical layered antivirus solution will include server AV, desktop AV, gateway AV, email AV, and sometype of intrusion detection/prevention service (IDS, IPS).
This approach will not only protect from threats that come in at the computer and file system level, but will also protect your network from denial of service and other network level attacks.
A layered approach also helps provide efficiency and load-balancing on your network. If you find that your email server is getting pounded by daily phishing or virus emails, then having gateway antivirus can help take some of the load off of your email server by stopping those emails from ever reaching the server.
Protecting your network with a layered approach is now not just a security design for enterprise networks, it is a requirement for all business networks.