Skybox Security, Inc, a company specialising in Security Risk Management (SRM), launched on Tuesday (25 July) Skybox View Suite version 3.0.
According to the company, Skybox View v3.0 enables security and IT operations teams to use a common platform to automate processes associated with risk exposure assessment, network policy compliance, firewall configuration audit, and change assurance.
Skybox View 3.0 reportedly features automated firewall audit; regulatory compliance reporting; intrusion prevention system (IPS) modelling; application and database vulnerability scanning support; zero-day worm attack simulation; as well as modular and scalable architecture.
No pricing details were disclosed.
Sunday, December 31, 2006
Saturday, December 30, 2006
Travel Security Update
For more safety & security news, data and analysis, please go to: http://www.airguideonline.com/professional.htm Jul 31, 2006
Passports soon to be needed for Canada, Mexico, Caribbean. New laws will require U.S. travelers traveling by air or sea to the Caribbean, Mexico and Canada to have passports starting Jan. 1. The laws are intended to make it harder for terrorists to enter the U.S. Some lawmakers and travel organizations want to delay implementation for a few years and find an alternative system for U.S./Canadian border crossings. Jul 28, 2006
Waste, mismanagement plague DHS contracts, report finds. A bipartisan report has found widespread waste, abuse and mismanagement in many Department of Homeland Security contracts. The House Committee on Government Reform report says contracts were poorly planned and monitored and awarded without competition. It cites one case in which the Border Patrol paid $20 million for camera systems that either malfunctioned or were never installed. Jul 27, 2006
CACI wins DHS technology pact. Technology contractor CACI has landed a contract to provide information technology support to the Department of Homeland Security. The company will provide IT planning, network architecture and enterprise resource management. Jul 27, 2006
Passports soon to be needed for Canada, Mexico, Caribbean. New laws will require U.S. travelers traveling by air or sea to the Caribbean, Mexico and Canada to have passports starting Jan. 1. The laws are intended to make it harder for terrorists to enter the U.S. Some lawmakers and travel organizations want to delay implementation for a few years and find an alternative system for U.S./Canadian border crossings. Jul 28, 2006
Waste, mismanagement plague DHS contracts, report finds. A bipartisan report has found widespread waste, abuse and mismanagement in many Department of Homeland Security contracts. The House Committee on Government Reform report says contracts were poorly planned and monitored and awarded without competition. It cites one case in which the Border Patrol paid $20 million for camera systems that either malfunctioned or were never installed. Jul 27, 2006
CACI wins DHS technology pact. Technology contractor CACI has landed a contract to provide information technology support to the Department of Homeland Security. The company will provide IT planning, network architecture and enterprise resource management. Jul 27, 2006
Friday, December 29, 2006
Homeland Security Briefing on U.K. Terror Arrests; DHS Secretary Michael Chertoff, Attorney General Alberto Gonzales, TSA's Kip Hawley
We'd like to provide you with the latest information we have on recent events in the United Kingdom and an update on the actions that we are taking to protect our citizens and to keep air travel safe and secure.
We want to be as open as possible with the public about the facts. At the same time, it's important, I'm sure you'll understand, that we preserve confidentiality of matters that are necessary in order to complete this investigation. And we also have to respect the demands of the British legal process, which puts certain restrictions on what can be said about ongoing cases.
As I think you're all aware, British authorities have arrested 21 individuals who are now in custody who are alleged to have engaged in a plot to detonate liquid explosives on board multiple commercial aircraft departing from the United Kingdom and bound for the United States.
We want to be as open as possible with the public about the facts. At the same time, it's important, I'm sure you'll understand, that we preserve confidentiality of matters that are necessary in order to complete this investigation. And we also have to respect the demands of the British legal process, which puts certain restrictions on what can be said about ongoing cases.
As I think you're all aware, British authorities have arrested 21 individuals who are now in custody who are alleged to have engaged in a plot to detonate liquid explosives on board multiple commercial aircraft departing from the United Kingdom and bound for the United States.
Thursday, December 28, 2006
Cisco issues security warning
Cisco has issued a security warning about code published on the internet that targets weaknesses in its Internetwork Operating System (IOS).
The code was written by a group of teenagers in Italy calling themselves the Black Angels, and it exploits nine vulnerabilities in IOS, which runs on the Cisco Catalyst Ethernet switch, IP routers and other products.
The new program, called Cisco Global Exploiter, provides simple code streams to make it easier to exploit the weaknesses, most of which have been identified by Cisco over the past four years, and get round the vendor's workarounds.
"Customers should take steps to ensure that they have addressed each of these either via a software upgrade or workarounds in place as appropriate in order to mitigate any risk from this new exploit code," the company said on its web site.
Most of the vulnerabilities make Cisco routers and switches more susceptible to distributed denial of service attacks. These attacks occur when hackers take control of servers and flood the network with millions of packets, which eventually cripple devices like switches and routers that try to process all the packets.
The code was written by a group of teenagers in Italy calling themselves the Black Angels, and it exploits nine vulnerabilities in IOS, which runs on the Cisco Catalyst Ethernet switch, IP routers and other products.
The new program, called Cisco Global Exploiter, provides simple code streams to make it easier to exploit the weaknesses, most of which have been identified by Cisco over the past four years, and get round the vendor's workarounds.
"Customers should take steps to ensure that they have addressed each of these either via a software upgrade or workarounds in place as appropriate in order to mitigate any risk from this new exploit code," the company said on its web site.
Most of the vulnerabilities make Cisco routers and switches more susceptible to distributed denial of service attacks. These attacks occur when hackers take control of servers and flood the network with millions of packets, which eventually cripple devices like switches and routers that try to process all the packets.
Wednesday, December 27, 2006
Moving beyond managed security: providers are using network-based services to build more efficient enterprise productivity models
The face of business is changing, placing new demands on business' communications networks. Today's corporate network must not only reach mobile executives as they travel from city to city, it must also extend to the remote outposts that traditionally were not part of the network at all. Whether it is a 24-hour gas station in Tulsa, a parts supplier in Detroit, or car dealer located in another area of the world, an IT manager must figure out how to equip each remote user or locale with the full resources of the corporate network. Add to this the complexity of securing the entire network from today's myriad threats and you have a situation that is untenable to most enterprises. Faced with stagnant budgets and limited staffs, more and more IT departments are delegating the chore of protecting the corporate assets to their service providers.
Service providers, already tasked with managing some of the world's most complex networks, have the resources and expertise required for servicing the extended enterprise 24X7. For the provider, offering managed security services in addition to basic connectivity increases both revenue and customer penetration. However, many service providers view managed security as an incremental service as opposed to a strategic offering that will solidify the relationship with the enterprise. Services such as managed firewall or DoS (denial of service) protection are implemented in such a way that the provider is vulnerable to being displaced by either a competing carrier or a decision to move the service in-house.
Service providers, already tasked with managing some of the world's most complex networks, have the resources and expertise required for servicing the extended enterprise 24X7. For the provider, offering managed security services in addition to basic connectivity increases both revenue and customer penetration. However, many service providers view managed security as an incremental service as opposed to a strategic offering that will solidify the relationship with the enterprise. Services such as managed firewall or DoS (denial of service) protection are implemented in such a way that the provider is vulnerable to being displaced by either a competing carrier or a decision to move the service in-house.
Tuesday, December 26, 2006
Compact VPN appliance - Security appliances and VPNs - Advantech Network Computing FWA-230 - Brief Article - Product Announcement
The FWA-230 is a VPN/security appliance with three 10/100 Mbps autosensing Fast Ethernet ports in the front panel for WAN, LAN and DMZ connections. Also on the front panel is a nine-pin, RS-232 serial port for local system management, maintenance and diagnostics. The unit is preinstalled with the hardened Linux operating system and the latest Check Point VPN-1/FireWall-1 SmallOffice software. Accessible through a removable cover, a 128-MB compact flash card is used to avoid any potential service disruption caused by a hard disk's mechanical/magnetic failures. Each FWA-230 is equipped with a 566-MHz Intel Celeron processor, 128-MB PC-133/100 SDRAM, and an optional slim-type 2.5", 9.5 mm IDE HDD for storing event log and user data, all housed in a 8.8"x1.5"x6.7" desktop chassis.--Advantech Network Computing
Monday, December 25, 2006
Making security pay: savings generated by improved efficiency should not be offset by security losses - Network Management
Telecom did not need to wake up to security following tragic events last September. Security was a high priority before September 11 and remains so today, yet providers need a comprehensive strategy for proactive network element security. Increased deployment of TCP/IP has created new challenges. Some elements are now more vulnerable to intrusion, resulting in lost revenue, increased maintenance costs and reduced QoS.
The extent of security breaches and the associated costs are difficult to measure. Service providers are reluctant to disclose information about vulnerabilities for fear of encouraging more attacks. In addition, some security costs are not even being captured. Service disruptions or element malfunctions resulting from intrusions may be corrected without ever recognizing the intrusion, while theft of service can go undetected for years. Nevertheless, few knowledgeable professionals would deny that security is costing the industry millions of dollars each year.
Threats to TCP/IP-enabled network elements arise from both inside and outside the service provider organization, Certainly, outside attacks pose a real threat as hackers need only Internet access and an IP address to access unprotected network elements. Whether simply mischievous or truly malicious, hackers can steal or disrupt service and cause serious equipment malfunction.
The extent of security breaches and the associated costs are difficult to measure. Service providers are reluctant to disclose information about vulnerabilities for fear of encouraging more attacks. In addition, some security costs are not even being captured. Service disruptions or element malfunctions resulting from intrusions may be corrected without ever recognizing the intrusion, while theft of service can go undetected for years. Nevertheless, few knowledgeable professionals would deny that security is costing the industry millions of dollars each year.
Threats to TCP/IP-enabled network elements arise from both inside and outside the service provider organization, Certainly, outside attacks pose a real threat as hackers need only Internet access and an IP address to access unprotected network elements. Whether simply mischievous or truly malicious, hackers can steal or disrupt service and cause serious equipment malfunction.
Sunday, December 24, 2006
Securing network infrastructures: meshed topographies simultaneously preserve security and accessibility - Storage Networking
Over the past six years, malicious Internet attacks to corporate networks have increased 87%. This alarming growth of unauthorized network access clearly shows that the initial goal of creating shared, open infrastructures was not accompanied by an equally strong commitment to network security.
Let's take a pragmatic look at network security, while focusing on preventing network violations at the access point and discussing some practical recovery options.
Growing Security Threats
In the past, external security breaches represented a small percentage of violations, with most violations coming from within the network. From 1996 to 2001, the source of network attacks has shifted from internal to external violations.
While the number of intrusions by hackers has increased, internal security breaches--often by disgruntled employees--still represent the greatest number of computer crimes. Over the last two years, growth in the technology industry has slowed dramatically, resulting in large-scale layoffs. This, m turn, has made corporate networks the target of many disgruntled employees. In 2001, for example, technology and manufacturing companies reported $151 million in intellectual property theft, accounting for 41% of the losses related to computer crimes.
Let's take a pragmatic look at network security, while focusing on preventing network violations at the access point and discussing some practical recovery options.
Growing Security Threats
In the past, external security breaches represented a small percentage of violations, with most violations coming from within the network. From 1996 to 2001, the source of network attacks has shifted from internal to external violations.
While the number of intrusions by hackers has increased, internal security breaches--often by disgruntled employees--still represent the greatest number of computer crimes. Over the last two years, growth in the technology industry has slowed dramatically, resulting in large-scale layoffs. This, m turn, has made corporate networks the target of many disgruntled employees. In 2001, for example, technology and manufacturing companies reported $151 million in intellectual property theft, accounting for 41% of the losses related to computer crimes.
Saturday, December 23, 2006
Protect and survive: network monitoring tools, rather than traditional security measures of firewalls and IDSs , provide the strongest protection agai
The issue of network security has never been far from the top of the organisational agenda. However, it is pushed to the forefront when high-profile security attacks occur, such as the denial of service attack suffered by the Computer Emergency Response Team (CERT) last year. This made it clear that determined hackers can damage even the experts, and highlighted the fact that service providers and enterprises that depend on internet connections must take more stringent measures to protect themselves.
The notion that companies need to implement a full security policy is of course nothing new -- experts have been espousing the benefits of firewalls and intrusion detection systems (IDS) for years. However, as the CERT attack shows, anyone can get stung.
The CERT co-ordination centre is a hub of knowledge on internet security vulnerabilities and gives advice and training to improve network security. Last year the organisation was knocked offline for two days by a denial of service attack preventing anyone from accessing the CERT website. A spokesperson for CERT explained that connection to the internet had been totally saturated by the attack. The irony here is that the group was most probably targeted for attack in the first place because of its status as a champion for internet security issues.
The notion that companies need to implement a full security policy is of course nothing new -- experts have been espousing the benefits of firewalls and intrusion detection systems (IDS) for years. However, as the CERT attack shows, anyone can get stung.
The CERT co-ordination centre is a hub of knowledge on internet security vulnerabilities and gives advice and training to improve network security. Last year the organisation was knocked offline for two days by a denial of service attack preventing anyone from accessing the CERT website. A spokesperson for CERT explained that connection to the internet had been totally saturated by the attack. The irony here is that the group was most probably targeted for attack in the first place because of its status as a champion for internet security issues.
Friday, December 22, 2006
Juniper focuses on network security: CEO sees system integrators emerging as key telecom players amid industry evolution
Juniper Networks has realigned its security focus after its acquisition of NetScreen, with a push toward integrated security instead of stand-alone point solutions. Juniper CEO Scott Kriens, in a recent interview with Group Editor Joseph Waring, notes that trusting the network is the key in the drive toward an all-IP, ubiquitous network.
America's Network: There's been a great deal of talk about ubiquity. How important will it be in the near-term?
Scott Kriens: We believe there's going to be a ubiquitous network, it will be a single infrastructure, it will carry multiple services, it will be very intelligent, it will enhance our lives. That will all be true some day. The observation that that it is true is meaningless. The issue is when will what elements within that grand claim be true and what will it mean when they are. It is the path to how one gets there that is where all the real opportunities lie.
One of the reasons for the acquisition of our security portfolio is that we believe that the key enabler to making it all happen faster is that you have to trust the network to use it more. That is one driver. It not only has to be secure, but it also has to be assured, it has to be reliable and has to be able to deliver the quality for the video signal that I'm going to drive across it.
America's Network: There's been a great deal of talk about ubiquity. How important will it be in the near-term?
Scott Kriens: We believe there's going to be a ubiquitous network, it will be a single infrastructure, it will carry multiple services, it will be very intelligent, it will enhance our lives. That will all be true some day. The observation that that it is true is meaningless. The issue is when will what elements within that grand claim be true and what will it mean when they are. It is the path to how one gets there that is where all the real opportunities lie.
One of the reasons for the acquisition of our security portfolio is that we believe that the key enabler to making it all happen faster is that you have to trust the network to use it more. That is one driver. It not only has to be secure, but it also has to be assured, it has to be reliable and has to be able to deliver the quality for the video signal that I'm going to drive across it.
Thursday, December 21, 2006
Intrusion Detector delivers open-source network security
Using proprietary Meta Traffic Processor, MTP-1G wire-speed Gigabit Ethernet Network Intrusion Detection and Prevention System supports open-source network security and monitoring applications. Cards pass Gigabit Ethernet traffic between system's 2 ports with 400 ns latency while performing wire-speed, stateful, packet inspection. When determining whether to capture or block packets, cards can apply up to 1,500 wire-speed stateful policies per packet.
Los Gatos, California - Metanetworks Technologies, Inc. (metanetworks.org), a leading provider of high-speed network security and monitoring hardware, announces its MTP-1G - the world's first wire-speed Gigabit Ethernet Network Intrusion Detection and Prevention System (IDPS) specifically designed to support open-source network security and monitoring applications. The MTP-1G uses Metanetworks' Meta Traffic Processor (MTP), a unique network processor that was partially developed using research grants from the National Science Foundation and the US Air Force Rome Laboratories. The MTP is specifically designed to exploit massive, fine-grain, instruction-level parallelism, which is intrinsic to IDPS processing loads. Livio Ricciulli, Metanetworks Technologies' chief scientist, states that, "our MTP cards offer the lowest IPS filtering latency in the world because of our breakthrough processing architecture."
Metanetworks' MTP-1G cards routinely pass Gigabit Ethernet traffic between its two ports with 400 ns latency while performing wire-speed, stateful, packet inspection. When determining whether to capture or block packets, the cards can apply up to 1500 wire-speed stateful policies per packet. When the MTP-1G captures packets, it presents them to the operating system as a standard NIC in promiscuous mode.
Los Gatos, California - Metanetworks Technologies, Inc. (metanetworks.org), a leading provider of high-speed network security and monitoring hardware, announces its MTP-1G - the world's first wire-speed Gigabit Ethernet Network Intrusion Detection and Prevention System (IDPS) specifically designed to support open-source network security and monitoring applications. The MTP-1G uses Metanetworks' Meta Traffic Processor (MTP), a unique network processor that was partially developed using research grants from the National Science Foundation and the US Air Force Rome Laboratories. The MTP is specifically designed to exploit massive, fine-grain, instruction-level parallelism, which is intrinsic to IDPS processing loads. Livio Ricciulli, Metanetworks Technologies' chief scientist, states that, "our MTP cards offer the lowest IPS filtering latency in the world because of our breakthrough processing architecture."
Metanetworks' MTP-1G cards routinely pass Gigabit Ethernet traffic between its two ports with 400 ns latency while performing wire-speed, stateful, packet inspection. When determining whether to capture or block packets, the cards can apply up to 1500 wire-speed stateful policies per packet. When the MTP-1G captures packets, it presents them to the operating system as a standard NIC in promiscuous mode.
Wednesday, December 20, 2006
Messaging System/Anti-Spam Service offer network security
FortiMail Secure Messaging Platform includes antivirus detection engine for virus and spyware protection and complete email scanning. It uses FortiGuard-Antispam, access policy filtering, content filtering, global and user black/white list filtering, and spam Real-time Blackhole List. FortiGuard-Antispam Service eliminates spam at network perimeter. It checks against known spammer IP addresses and email content with Universal Resource Identifier scanning.
FortiMail(TM) Family and FortiGuard-Antispam Service Offer Enterprises Multi-Layered Protection to Eliminate Spam and Inline Network Viruses
SUNNYVALE, Calif., Feb. 7-- Fortinet -- the confirmed market leader in Unified Threat Management and only provider of ASIC-accelerated, network-based antivirus firewall systems for real-time network protection -- today unveiled two powerful new additions to its network security solutions and services portfolio: FortiMail, a secure messaging system, and FortiGuard-Antispam, a managed antispam service. The FortiMail Secure Messaging Platform and FortiGuard-Antispam Service effectively layer antispam technology to offer antispam defense in-depth at the network perimeter and the mail server -- maximizing mail traffic performance by eliminating global spam at the network gateway, before it enters the corporate network.
Unwanted email or spam continues to present serious security challenges for enterprises and consumers alike. Increasingly, these messages contain spyware, grayware or other malicious attempts to adversely impact a customer's computing and networking resources. While many world governments have been writing legislation and enforcing penalties around spam creation and delivery, spam continues to be difficult to regulate and catch. Industry researchers suggest that 60 to 70 percent of all enterprise email is spam, and recent statistics suggest that a good portion of spam contains viruses or other types of attacks.
FortiMail(TM) Family and FortiGuard-Antispam Service Offer Enterprises Multi-Layered Protection to Eliminate Spam and Inline Network Viruses
SUNNYVALE, Calif., Feb. 7-- Fortinet -- the confirmed market leader in Unified Threat Management and only provider of ASIC-accelerated, network-based antivirus firewall systems for real-time network protection -- today unveiled two powerful new additions to its network security solutions and services portfolio: FortiMail, a secure messaging system, and FortiGuard-Antispam, a managed antispam service. The FortiMail Secure Messaging Platform and FortiGuard-Antispam Service effectively layer antispam technology to offer antispam defense in-depth at the network perimeter and the mail server -- maximizing mail traffic performance by eliminating global spam at the network gateway, before it enters the corporate network.
Unwanted email or spam continues to present serious security challenges for enterprises and consumers alike. Increasingly, these messages contain spyware, grayware or other malicious attempts to adversely impact a customer's computing and networking resources. While many world governments have been writing legislation and enforcing penalties around spam creation and delivery, spam continues to be difficult to regulate and catch. Industry researchers suggest that 60 to 70 percent of all enterprise email is spam, and recent statistics suggest that a good portion of spam contains viruses or other types of attacks.
Tuesday, December 19, 2006
Strong wireless security for the SOHO network
It's likely your home users haven't enabled security on their wireless networks. As the go-to guy you can configure security settings for them and hope those users don't mess those settings up, or add software that lets users add and remove new and visiting users (as for when your teen's friends come over) without much effort (or calling you on the phone).That's the idea behind Interlink Networks' LucidLink, which provides enterprise-level wireless security simply enough to use on the home network.
The software uses encryption based on Wi-Fi Protected Access (WPA), along with advanced authentication techniques to protect network traffic and initial access.lt uses a client/server model to authorize only those clients given specific permission to access the LAN.
WPA provides a higher level of protection than Wired Equivalent Privacy, but it doesn't address user authentication. Granting and revoking access to your wireless network, say, at the beginning and end of a LAN usage cycle, often involves changing the encryption key on every system on the network. LucidLink streamlines this process down to two button clicks.
The software uses encryption based on Wi-Fi Protected Access (WPA), along with advanced authentication techniques to protect network traffic and initial access.lt uses a client/server model to authorize only those clients given specific permission to access the LAN.
WPA provides a higher level of protection than Wired Equivalent Privacy, but it doesn't address user authentication. Granting and revoking access to your wireless network, say, at the beginning and end of a LAN usage cycle, often involves changing the encryption key on every system on the network. LucidLink streamlines this process down to two button clicks.
Monday, December 18, 2006
Evolving Network Demands Improved Security, The
A decade ago, a company could effectively secure its network through perimeter protection such as a firewall. At that time, networks had definitive borders, making it easier to safeguard critical internal assets with perimeter security technology.
However, as organizations recognized the business benefits of extending network access to customers, partners and vendors, the once-distinct perimeter quickly dissolved. With this increase in credentialed users now accessing the network from the outside, safeguarding internal assets with security technology located solely at the perimeter proved insufficient. Nonetheless, within many organizations, internal security still placed second in priority to increasing business process efficiency.
There is an inherent trade-off between security and accessibility, but many organizations have sought to strike a balance between making it easy for people to access the systems they need while still remaining secure. Yet many organizations, including CRM centers, are still exposed to more risk than necessary because they have not addressed the security ramifications associated with extending their network to third parties. For an organization to be truly protected today, it must continue to mind the perimeter, but it must also turn its focus inward and secure the internal network.
However, as organizations recognized the business benefits of extending network access to customers, partners and vendors, the once-distinct perimeter quickly dissolved. With this increase in credentialed users now accessing the network from the outside, safeguarding internal assets with security technology located solely at the perimeter proved insufficient. Nonetheless, within many organizations, internal security still placed second in priority to increasing business process efficiency.
There is an inherent trade-off between security and accessibility, but many organizations have sought to strike a balance between making it easy for people to access the systems they need while still remaining secure. Yet many organizations, including CRM centers, are still exposed to more risk than necessary because they have not addressed the security ramifications associated with extending their network to third parties. For an organization to be truly protected today, it must continue to mind the perimeter, but it must also turn its focus inward and secure the internal network.
Sunday, December 17, 2006
Weathering a Perfect Storm: Protecting your Email Network with a Layered Security Architecture
As an enterprise IT manager, your biggest email headache today is viruses. Yesterday it was Denial of Service attacks. Tomorrow it will be spam and phishing. Or perhaps customer privacy, regulatory compliance or employee misuse of email will consume your time and attention. You've responded to constant threats and risks with a variety of point products, both at your gateway and inside your network. The result: an email infrastructure that is enormously complex, costly to manage and not ready to protect your business when the next email security crisis inevitably hits. The truth is, no single product is a silver bullet. Large enterprises with complex networks need to take an architectural approach to email security. In this informative 50-minute eSeminar, Sendmail will explain the fundamental elements of email security architecture. Based on our experience implementing email systems for the world's largest enterprises, we'll explain: The four basic layers of email security architecture Typical security gaps in complex email networks, and how to fix them Best practices to improve email security in a multi-vendor environment If your email security architecture needs a closer look, join us for this revealing discussion, including an opportunity for live Q&A.
Saturday, December 16, 2006
Movin' On Up: Security Branches Off the Desktop and Onto the Network
Today's hackers are growing in their technological prowess and sophistication. Their extreme coding capabilities have allowed them to penetrate an Internet browser without a user ever opening up a corrupt e-mail file. To try and combat this, corporations are moving their security and antivirus efforts to the network level. This move to intrusion protection has resulted in a slew of new technologies and appliance-based security products that can be loaded on to networks and scan for viruses and other security threats. Whether your company is running a single vendor computing environment or, more commonly, a more complex multi-vendor environment, there are benefits to be realized by this security strategy. Join Larry Seltzer, editor of eWEEK.com's Security Center and a panel of experts as they discuss: The difference between security at the desktop level and at the network level The major benefits derived from securing the network What are the applications involved in this security strategy Should this strategy be managed by internal IT or a managed services company?
Friday, December 15, 2006
Cisco issues security warning
Cisco has issued a security warning about code published on the internet that targets weaknesses in its Internetwork Operating System (IOS).
The code was written by a group of teenagers in Italy calling themselves the Black Angels, and it exploits nine vulnerabilities in IOS, which runs on the Cisco Catalyst Ethernet switch, IP routers and other products.
The new program, called Cisco Global Exploiter, provides simple code streams to make it easier to exploit the weaknesses, most of which have been identified by Cisco over the past four years, and get round the vendor's workarounds.
"Customers should take steps to ensure that they have addressed each of these either via a software upgrade or workarounds in place as appropriate in order to mitigate any risk from this new exploit code," the company said on its web site.
Most of the vulnerabilities make Cisco routers and switches more susceptible to distributed denial of service attacks. These attacks occur when hackers take control of servers and flood the network with millions of packets, which eventually cripple devices like switches and routers that try to process all the packets.
The code was written by a group of teenagers in Italy calling themselves the Black Angels, and it exploits nine vulnerabilities in IOS, which runs on the Cisco Catalyst Ethernet switch, IP routers and other products.
The new program, called Cisco Global Exploiter, provides simple code streams to make it easier to exploit the weaknesses, most of which have been identified by Cisco over the past four years, and get round the vendor's workarounds.
"Customers should take steps to ensure that they have addressed each of these either via a software upgrade or workarounds in place as appropriate in order to mitigate any risk from this new exploit code," the company said on its web site.
Most of the vulnerabilities make Cisco routers and switches more susceptible to distributed denial of service attacks. These attacks occur when hackers take control of servers and flood the network with millions of packets, which eventually cripple devices like switches and routers that try to process all the packets.
Thursday, December 14, 2006
Network Security Services identify site vulnerabilities
Suited for Foxboro I/A Series automation systems, service is designed to protect against cyber attacks and other network intrusions at industrial sites. Site Security Review Service and System Security Hardening Service also help users develop effective security plan, identify specific site vulnerabilities, and protect against potentially catastrophic intrusions.
New services are designed to help identify site vulnerabilities and protect against cyber attacks and other network intrusions at industrial sites
HOUSTON, TEXAS, USA (ISA 2004 Conference and EXPO) - October 5, 2004 - Invensys Process Systems today introduced important new services designed to further enhance the security of the company's Foxboro-brand I/A Series automation systems. In development for more than two years, the new Site Security Review Service and the System Security Hardening Service are both part of Invensys' expanding suite of LifeTime Performance Improvement Services, which now also includes both Loop Management and Alarm Management services. These services work together to enable customers to maximize the performance of their installed automation assets.
"The industrial automation industry has been moving away from proprietary technology to more open and interoperable control systems. As underscored by a recent US government report , this trend clearly increases the potential vulnerability of these systems to cyber attacks via the Internet and from other external and internal network intrusions," said Ernest Rakaczky, director of process control network security at Invensys Process Systems.
New services are designed to help identify site vulnerabilities and protect against cyber attacks and other network intrusions at industrial sites
HOUSTON, TEXAS, USA (ISA 2004 Conference and EXPO) - October 5, 2004 - Invensys Process Systems today introduced important new services designed to further enhance the security of the company's Foxboro-brand I/A Series automation systems. In development for more than two years, the new Site Security Review Service and the System Security Hardening Service are both part of Invensys' expanding suite of LifeTime Performance Improvement Services, which now also includes both Loop Management and Alarm Management services. These services work together to enable customers to maximize the performance of their installed automation assets.
"The industrial automation industry has been moving away from proprietary technology to more open and interoperable control systems. As underscored by a recent US government report , this trend clearly increases the potential vulnerability of these systems to cyber attacks via the Internet and from other external and internal network intrusions," said Ernest Rakaczky, director of process control network security at Invensys Process Systems.
Wednesday, December 13, 2006
Moving beyond managed security: providers are using network-based services to build more efficient enterprise productivity models
The face of business is changing, placing new demands on business' communications networks. Today's corporate network must not only reach mobile executives as they travel from city to city, it must also extend to the remote outposts that traditionally were not part of the network at all. Whether it is a 24-hour gas station in Tulsa, a parts supplier in Detroit, or car dealer located in another area of the world, an IT manager must figure out how to equip each remote user or locale with the full resources of the corporate network. Add to this the complexity of securing the entire network from today's myriad threats and you have a situation that is untenable to most enterprises. Faced with stagnant budgets and limited staffs, more and more IT departments are delegating the chore of protecting the corporate assets to their service providers.
Service providers, already tasked with managing some of the world's most complex networks, have the resources and expertise required for servicing the extended enterprise 24X7. For the provider, offering managed security services in addition to basic connectivity increases both revenue and customer penetration. However, many service providers view managed security as an incremental service as opposed to a strategic offering that will solidify the relationship with the enterprise. Services such as managed firewall or DoS (denial of service) protection are implemented in such a way that the provider is vulnerable to being displaced by either a competing carrier or a decision to move the service in-house.
Service providers, already tasked with managing some of the world's most complex networks, have the resources and expertise required for servicing the extended enterprise 24X7. For the provider, offering managed security services in addition to basic connectivity increases both revenue and customer penetration. However, many service providers view managed security as an incremental service as opposed to a strategic offering that will solidify the relationship with the enterprise. Services such as managed firewall or DoS (denial of service) protection are implemented in such a way that the provider is vulnerable to being displaced by either a competing carrier or a decision to move the service in-house.
Tuesday, December 12, 2006
Security Appliance ensures secure credit card processing
Developed to address Visa USA and MasterCard International's security requirements at application and content level, PCI Risk Assessment program provides visibility into network applications used by employees to transmit data such as credit card numbers. PacketSure PCI security appliance performs deep packet analysis at packet level to determine what communication protocol is being used and only allows authorized protocols to be used to transfer corporate data.
Risk Assessment Program Will Use Palisade's PacketSure PCI Appliance to Analyze Network Applications Being Used by Employees to Transmit Credit Card Data
AMES, Iowa, Aug. 8 -- Palisade Systems, a leading provider of content and network security appliances, announced today a PCI Risk Assessment program for organizations processing and/or storing credit card information. Palisade's PacketSure PCI security appliance was developed specifically to address Visa USA and MasterCard International's soon to be unveiled security requirements at the application and content level. The first of its kind program is being offered to companies on a seven day risk assessment period. PacketSure PCI provides the visibility into the network applications being used by employees to transmit data including credit card numbers.
PacketSure PCI performs deep packet analysis at the packet level, not port level, to determine what communication protocol is being used. PacketSure eliminates unwanted applications being used on an organization's network allowing only authorized protocols to be used to transfer corporate data. PacketSure provides an additional layer of security on the authorized protocols by analyzing the data within the packets traveling across the network giving unprecedented security and compliance to Visa and MasterCard's PCI standards. PacketSure has been used as an assessment tool before, acting as a test monitor for simulations and cyber competitions by the U.S. Department of Justice funded Internet-Simulation Event and Attack Generation Environment cyber security lab.
Risk Assessment Program Will Use Palisade's PacketSure PCI Appliance to Analyze Network Applications Being Used by Employees to Transmit Credit Card Data
AMES, Iowa, Aug. 8 -- Palisade Systems, a leading provider of content and network security appliances, announced today a PCI Risk Assessment program for organizations processing and/or storing credit card information. Palisade's PacketSure PCI security appliance was developed specifically to address Visa USA and MasterCard International's soon to be unveiled security requirements at the application and content level. The first of its kind program is being offered to companies on a seven day risk assessment period. PacketSure PCI provides the visibility into the network applications being used by employees to transmit data including credit card numbers.
PacketSure PCI performs deep packet analysis at the packet level, not port level, to determine what communication protocol is being used. PacketSure eliminates unwanted applications being used on an organization's network allowing only authorized protocols to be used to transfer corporate data. PacketSure provides an additional layer of security on the authorized protocols by analyzing the data within the packets traveling across the network giving unprecedented security and compliance to Visa and MasterCard's PCI standards. PacketSure has been used as an assessment tool before, acting as a test monitor for simulations and cyber competitions by the U.S. Department of Justice funded Internet-Simulation Event and Attack Generation Environment cyber security lab.
Monday, December 11, 2006
Trend Micro unveils 2007 Internet Security
Antivirus and content security firm Trend Micro Inc (NASDAQ: TMIC) announced on Wednesday (20 September) the 2007 version of its Internet security suite.
According to the company, the 2007 Internet Security release will incorporate Trend Micro's PC-cillin engine and anti-malware protection, as well as TrendSecure, Trend Micro's new online security services. The suite is reportedly designed to identify, block and automatically remove viruses, trojans and spyware; filter spam; warn about unauthorized wireless access to the network; block objectionable content; identify fraudulent phishing scams; and provide users with real-time defence against online and offline identity and data theft.
Trend Micro Internet Security comes with a household license for up to three PCs for one year at GBP49.95, including free email and online support and the TrendSecure online services
According to the company, the 2007 Internet Security release will incorporate Trend Micro's PC-cillin engine and anti-malware protection, as well as TrendSecure, Trend Micro's new online security services. The suite is reportedly designed to identify, block and automatically remove viruses, trojans and spyware; filter spam; warn about unauthorized wireless access to the network; block objectionable content; identify fraudulent phishing scams; and provide users with real-time defence against online and offline identity and data theft.
Trend Micro Internet Security comes with a household license for up to three PCs for one year at GBP49.95, including free email and online support and the TrendSecure online services
Sunday, December 10, 2006
Research center plugs physical security into its network
Keeping its huge data center humming is vital at NASA Ames Research Center, where 4,000 scientists are working on aeronautics and biotechnology projects. When a new custom-built air conditioning system couldn't keep the research outfit's network equipment at the right temperature, it was the IT department's equivalent of a space mission gone wrong.
"It failed miserably? says George Alger, assistant division chief of the applied information technologies division and IT services manager. He worried that the A/C fluctuations threatened to disrupt or even damage the 50 racks of servers and .switches housed in the Moffett Field,Calif.,data center.
"The air conditioning should have maintained 68 degrees to 70 degrees in the room, but it didn't," Alger says about the custom-built system, which cost about $800,000.
NASA Ames became aware of the high and low temperature spikes because two physical- security sensors from NetBotz continuously monitor the data center's environment.
"It failed miserably? says George Alger, assistant division chief of the applied information technologies division and IT services manager. He worried that the A/C fluctuations threatened to disrupt or even damage the 50 racks of servers and .switches housed in the Moffett Field,Calif.,data center.
"The air conditioning should have maintained 68 degrees to 70 degrees in the room, but it didn't," Alger says about the custom-built system, which cost about $800,000.
NASA Ames became aware of the high and low temperature spikes because two physical- security sensors from NetBotz continuously monitor the data center's environment.
Saturday, December 09, 2006
Security System strengthens phone authentication processes
With ability to automate and strengthen call center authentication to help financial institutions meet FFIEC guidance, RSA[R] Adaptive Authentication for Phone provides multifactor authentication for retail and commercial banking. It analyzes various phone channel-specific risk parameters, from phone number itself to biometric voiceprint and user behavior profiles. System generates risk and authentication score for every call received and every high-risk transaction conducted.
Leverages RSA's proven risk-based authentication expertise and live voice biometrics technology
Automates and strengthens call center authentication to help financial institutions meet FFIEC guidance
BEDFORD, Mass., Oct. 24 / - RSA, The Security Division of EMC (NYSE:EMC), today announced RSA[R] Adaptive Authentication for Phone. The product is designed to meet the financial industry's need for strong, automated and convenient caller authentication for telephone banking, given the nature of fraud migration and the regulatory requirements stated in the FFIEC's Authentication in an Internet Banking Environment guidance.
Designed with a focus on the end-user experience and strengthening phone authentication processes, RSA Adaptive Authentication for Phone leverages the core concept and expertise used in RSA Adaptive Authentication for Web, currently used by more than 35 of the top 100 US financial institutions and some of the largest banks in Europe. The new solution also incorporates RSA's voice biometric solution, based on the previously-acquired Vocent technology and integrated with the market-leading voiceprint engine from Nuance; the Vocent-Nuance solution is in production at several large banks in the United States today, with consumer-facing deployments planned for Q1 2007.
Leverages RSA's proven risk-based authentication expertise and live voice biometrics technology
Automates and strengthens call center authentication to help financial institutions meet FFIEC guidance
BEDFORD, Mass., Oct. 24 / - RSA, The Security Division of EMC (NYSE:EMC), today announced RSA[R] Adaptive Authentication for Phone. The product is designed to meet the financial industry's need for strong, automated and convenient caller authentication for telephone banking, given the nature of fraud migration and the regulatory requirements stated in the FFIEC's Authentication in an Internet Banking Environment guidance.
Designed with a focus on the end-user experience and strengthening phone authentication processes, RSA Adaptive Authentication for Phone leverages the core concept and expertise used in RSA Adaptive Authentication for Web, currently used by more than 35 of the top 100 US financial institutions and some of the largest banks in Europe. The new solution also incorporates RSA's voice biometric solution, based on the previously-acquired Vocent technology and integrated with the market-leading voiceprint engine from Nuance; the Vocent-Nuance solution is in production at several large banks in the United States today, with consumer-facing deployments planned for Q1 2007.
Friday, December 08, 2006
Keeping America out of harm's way: from a national health-surveillance network to better whistle-blower protection, security experts provide their com
U.S. leaders and our allies have made great strides in fighting terrorism and increasing homeland security. During the last seven months they have ousted the Taliban, frozen substantial assets used to fund Osama bin Laden and his associates, rounded up hundreds of likely terrorist "sleepers" and enacted a host of measures to try to stop the next attack before it happens.
This all comes at a price: The war on terrorism not only has cost billions of dollars, but precious lives as well. And every step along the way has required expenditure of political capital and high-level maneuvering of the sort that accompanies every initiative originating inside the Washington Beltway. The controversial USA PATRIOT Act, an attempt to balance security with concerns about civil liberties, and continued bickering about screening at the nation's airports show that the war on terrorism has been as divisive as many another war. Even when the United States is united, as polls indicate it is now, concerns about politics and money tend to slow the drive for reform.
Meanwhile, say Capitol Hill insiders, many of the nation's most vital structures remain vulnerable to attack, and measures to reform key institutions such as the Immigration and Naturalization Service still are being battered in bureaucratic turf wars. Does this mean the quest for a secure America has stalled? Not necessarily.
This all comes at a price: The war on terrorism not only has cost billions of dollars, but precious lives as well. And every step along the way has required expenditure of political capital and high-level maneuvering of the sort that accompanies every initiative originating inside the Washington Beltway. The controversial USA PATRIOT Act, an attempt to balance security with concerns about civil liberties, and continued bickering about screening at the nation's airports show that the war on terrorism has been as divisive as many another war. Even when the United States is united, as polls indicate it is now, concerns about politics and money tend to slow the drive for reform.
Meanwhile, say Capitol Hill insiders, many of the nation's most vital structures remain vulnerable to attack, and measures to reform key institutions such as the Immigration and Naturalization Service still are being battered in bureaucratic turf wars. Does this mean the quest for a secure America has stalled? Not necessarily.
Thursday, December 07, 2006
Securing the network: Juniper Networks has realigned its security focus after its acquisition of NetScreen, with a push toward integrated security ins
Telecom Asia: There's been a great deal of talk about ubiquity. How important will it be in the near term?
Scott Kriens: We believe there's going to be a ubiquitous network, it will be a single infrastructure, it will carry multiple services, it will be very intelligent, it will enhance our lives. That will all be true some day. The observation that that it is true is meaningless. The issue is when will what elements within that grand claim be true and what will it mean when they are. It is the path to how one gets there that is where all the real opportunities lie.
One of the reasons for the acquisition of our security portfolio is that we believe that the key enabler to making it all happen faster is that you have to trust the network to use it more. That is one driver. It not only has to be secure, but it also has to be assured--it has to be reliable and has to be able to deliver the quality for the video signal that I'm going to drive across it.
How will it happen? The way the Internet got to scale was simply by dividing everywhere--that way it didn't have to happen in any one place. Ubiquity will happen in the same way. Pockets [of IP infrastructure build-outs] are popping up and establishing themselves and they will all look to connect. Major commitments to rolling out IP infrastructure already include moves by China Telecom, NTT East and West, Deutsche Telecom, MCI and Verizon. This peer-to-peer nature of the arrival of the Internet is going to be exactly the way the next generation of applications that will build on top of it will come into existence. Then we can create some standards to put some order to the chaos.
Scott Kriens: We believe there's going to be a ubiquitous network, it will be a single infrastructure, it will carry multiple services, it will be very intelligent, it will enhance our lives. That will all be true some day. The observation that that it is true is meaningless. The issue is when will what elements within that grand claim be true and what will it mean when they are. It is the path to how one gets there that is where all the real opportunities lie.
One of the reasons for the acquisition of our security portfolio is that we believe that the key enabler to making it all happen faster is that you have to trust the network to use it more. That is one driver. It not only has to be secure, but it also has to be assured--it has to be reliable and has to be able to deliver the quality for the video signal that I'm going to drive across it.
How will it happen? The way the Internet got to scale was simply by dividing everywhere--that way it didn't have to happen in any one place. Ubiquity will happen in the same way. Pockets [of IP infrastructure build-outs] are popping up and establishing themselves and they will all look to connect. Major commitments to rolling out IP infrastructure already include moves by China Telecom, NTT East and West, Deutsche Telecom, MCI and Verizon. This peer-to-peer nature of the arrival of the Internet is going to be exactly the way the next generation of applications that will build on top of it will come into existence. Then we can create some standards to put some order to the chaos.
Wednesday, December 06, 2006
Technical advances expand the options available: urban rail operators face increased demands for greater security and safety. Advances in technology n
IF safety is seen as the guarantee of proper performance without accident, efficient signalling is the way to provide safe train organisation. If security is intended to defend against intentional and unlawful aggressions, closed-circuit television (CCTV) is a very useful tool to provide video surveillance.
Alcatel has used similar transmission technologies to combine fixed optical fibre networks and high-speed radio solutions to enhance both safety and security for urban rail. This is part of an integrated communication concept whereby a single multi-service platform supports the deployment of new advanced applications for a wide range of uses.
New digital systems have extended video surveillance from station platforms and concourses to trains on the move. Onboard equipment includes CCTV cameras, a digital video recorder (DVR), a mobile radio, and antennas. Access points at the wayside collect the video and interface it through the fixed backbone to the control centre. Thereby, on-board video is successively:
Alcatel has used similar transmission technologies to combine fixed optical fibre networks and high-speed radio solutions to enhance both safety and security for urban rail. This is part of an integrated communication concept whereby a single multi-service platform supports the deployment of new advanced applications for a wide range of uses.
New digital systems have extended video surveillance from station platforms and concourses to trains on the move. Onboard equipment includes CCTV cameras, a digital video recorder (DVR), a mobile radio, and antennas. Access points at the wayside collect the video and interface it through the fixed backbone to the control centre. Thereby, on-board video is successively:
Tuesday, December 05, 2006
VoIP industry moves to bolster network security: new group to define requirements
Looking a decade ahead, the VoIP industry has taken its first steps towards foiling future attempts by Internet-style hackers to bring down a major IP phone service. A new group, the VoIP Security Alliance, or VOIPSA, recently launched two projects aimed at developing industrial-grade VoIP security methods.
VOIPSA members include manufacturers, service providers, research institutions and consultancies. The first two projects of the organization, which was formed in February, aim to develop a "threat taxonomy" and to define security requirements.
VOIPSA's efforts will be of particular interest to manufacturers of session border controllers, or SBCs, which will for a long time to come play a crucial role in defending VoIP networks from attack.
SBCs, which typically sit between the softswitches that control VoIP services and the public Internet, have a number of functions. One of the most important is firewall traversal. When a VoIP call has to go through a firewall, as most do, it can easily fail. Firewalls don't know how to deal with VoIP, which can involve as many as five separate data streams. SBCs know how to manuever both VoIP and video traffic through them.
VOIPSA members include manufacturers, service providers, research institutions and consultancies. The first two projects of the organization, which was formed in February, aim to develop a "threat taxonomy" and to define security requirements.
VOIPSA's efforts will be of particular interest to manufacturers of session border controllers, or SBCs, which will for a long time to come play a crucial role in defending VoIP networks from attack.
SBCs, which typically sit between the softswitches that control VoIP services and the public Internet, have a number of functions. One of the most important is firewall traversal. When a VoIP call has to go through a firewall, as most do, it can easily fail. Firewalls don't know how to deal with VoIP, which can involve as many as five separate data streams. SBCs know how to manuever both VoIP and video traffic through them.
Monday, December 04, 2006
Network security drives value
Many valuable business models depend vitally on secure networking. These business models include:
* Delivery of content (music, movies, TV, radio and interactive games);
* IP Network-enabled virtual enterprises, including work-at-home;
* E-commerce (retail, financial services, travel services and many transaction-oriented activities); and
* Messaging services such as e-mail and instant messaging.
Each model imposes its own unique security and performance requirements that influence economic success. Content delivery went nowhere until the RIAA (Recording Industry Association of America) was satisfied that the technology existed for secure content distribution. Network-enabled enterprise models are gaining favor now that IP traffic can be handled securely and privately in conformance with federal laws such as Gramm-Leach-Bliley and HIPPA.
Network security challenges include going beyond perimeter-based security, bad behavior by authorized applications, SPAM, patching, content filtering, vulnerability analysis and application traffic management.
* Delivery of content (music, movies, TV, radio and interactive games);
* IP Network-enabled virtual enterprises, including work-at-home;
* E-commerce (retail, financial services, travel services and many transaction-oriented activities); and
* Messaging services such as e-mail and instant messaging.
Each model imposes its own unique security and performance requirements that influence economic success. Content delivery went nowhere until the RIAA (Recording Industry Association of America) was satisfied that the technology existed for secure content distribution. Network-enabled enterprise models are gaining favor now that IP traffic can be handled securely and privately in conformance with federal laws such as Gramm-Leach-Bliley and HIPPA.
Network security challenges include going beyond perimeter-based security, bad behavior by authorized applications, SPAM, patching, content filtering, vulnerability analysis and application traffic management.
Sunday, December 03, 2006
The coast is clear: security software lets you know who's on the network
Getting your Wi-Fi equipment set up for security isn't as troublesome as it once was, but it can still be a headache. That's where software like Interlink Networks' LucidLink (www.lucidlink.com) comes in, offering enterprise-strength security for small and midsize businesses.
Ease of use is a must, and LucidLink gets good marks in that area. The only major hardware requirement is a computer wired to your router to run the authentication server part of the package. That computer has to be on whenever you want to use the software, but it doesn't have to be dedicated to the task. A small client program is then installed and configured on each computer you want to connect to your wireless network. The administrator authorizes users and can keep track of who is accessing the network.
LucidLink supports automatic access-point configuration for some devices. For other devices, you might have to manually configure your access point or router following instructions available online. Check the website to see if your hardware is supported. LucidLink is free for three or fewer users. Otherwise, pricing starts at $549 for four to 10 users.
Ease of use is a must, and LucidLink gets good marks in that area. The only major hardware requirement is a computer wired to your router to run the authentication server part of the package. That computer has to be on whenever you want to use the software, but it doesn't have to be dedicated to the task. A small client program is then installed and configured on each computer you want to connect to your wireless network. The administrator authorizes users and can keep track of who is accessing the network.
LucidLink supports automatic access-point configuration for some devices. For other devices, you might have to manually configure your access point or router following instructions available online. Check the website to see if your hardware is supported. LucidLink is free for three or fewer users. Otherwise, pricing starts at $549 for four to 10 users.
Saturday, December 02, 2006
Intrusion Detector delivers open-source network security
Using proprietary Meta Traffic Processor, MTP-1G wire-speed Gigabit Ethernet Network Intrusion Detection and Prevention System supports open-source network security and monitoring applications. Cards pass Gigabit Ethernet traffic between system's 2 ports with 400 ns latency while performing wire-speed, stateful, packet inspection. When determining whether to capture or block packets, cards can apply up to 1,500 wire-speed stateful policies per packet.
Los Gatos, California - Metanetworks Technologies, Inc. (metanetworks.org), a leading provider of high-speed network security and monitoring hardware, announces its MTP-1G - the world's first wire-speed Gigabit Ethernet Network Intrusion Detection and Prevention System (IDPS) specifically designed to support open-source network security and monitoring applications. The MTP-1G uses Metanetworks' Meta Traffic Processor (MTP), a unique network processor that was partially developed using research grants from the National Science Foundation and the US Air Force Rome Laboratories. The MTP is specifically designed to exploit massive, fine-grain, instruction-level parallelism, which is intrinsic to IDPS processing loads. Livio Ricciulli, Metanetworks Technologies' chief scientist, states that, "our MTP cards offer the lowest IPS filtering latency in the world because of our breakthrough processing architecture."
Metanetworks' MTP-1G cards routinely pass Gigabit Ethernet traffic between its two ports with 400 ns latency while performing wire-speed, stateful, packet inspection. When determining whether to capture or block packets, the cards can apply up to 1500 wire-speed stateful policies per packet. When the MTP-1G captures packets, it presents them to the operating system as a standard NIC in promiscuous mode.
The MTP-1G cards support existing, open-source network security and monitoring applications. They accomplish this by specifying capture and filtering policies using public-domain IDS signatures or standard network monitoring libraries. Metanetworks' MTP technology also provides developers a rich API for creating custom network security and monitoring applications.
Because the MTP-1G cards interface with the host operating system as standard NICs, they can seamlessly run a variety of standard application software at much faster speeds. For example, open-source Snort IDS software can monitor a few hundred megabits of traffic with a standard NIC. With the MTP-1G card, Snort can monitor a full gigabit of traffic without modification. The MTP-1G cards are also compatible with other popular libpcap-based network monitoring applications such as tcpdump.
The University of California, Santa Cruz (UCSC) will present the impressive capabilities of the MTP-1G PCI cards at the upcoming North American Network Operators' Group (NANOG) Conference from January 30th to February 1st in Las Vegas, Nevada. UCSC integrated a Metanetworks MTP into one of its production networks and has confirmed that it greatly enhanced their existing IDS capabilities. "The MTP enables a whole range of open source security applications that were not possible before," says Paul Tartarsky, the UCSC consultant network security engineer in charge of integrating the MTP-1G. "As far as I can tell, the MTP has eliminated a huge roadblock to developing high performance IDPS applications at a low cost."
Los Gatos, California - Metanetworks Technologies, Inc. (metanetworks.org), a leading provider of high-speed network security and monitoring hardware, announces its MTP-1G - the world's first wire-speed Gigabit Ethernet Network Intrusion Detection and Prevention System (IDPS) specifically designed to support open-source network security and monitoring applications. The MTP-1G uses Metanetworks' Meta Traffic Processor (MTP), a unique network processor that was partially developed using research grants from the National Science Foundation and the US Air Force Rome Laboratories. The MTP is specifically designed to exploit massive, fine-grain, instruction-level parallelism, which is intrinsic to IDPS processing loads. Livio Ricciulli, Metanetworks Technologies' chief scientist, states that, "our MTP cards offer the lowest IPS filtering latency in the world because of our breakthrough processing architecture."
Metanetworks' MTP-1G cards routinely pass Gigabit Ethernet traffic between its two ports with 400 ns latency while performing wire-speed, stateful, packet inspection. When determining whether to capture or block packets, the cards can apply up to 1500 wire-speed stateful policies per packet. When the MTP-1G captures packets, it presents them to the operating system as a standard NIC in promiscuous mode.
The MTP-1G cards support existing, open-source network security and monitoring applications. They accomplish this by specifying capture and filtering policies using public-domain IDS signatures or standard network monitoring libraries. Metanetworks' MTP technology also provides developers a rich API for creating custom network security and monitoring applications.
Because the MTP-1G cards interface with the host operating system as standard NICs, they can seamlessly run a variety of standard application software at much faster speeds. For example, open-source Snort IDS software can monitor a few hundred megabits of traffic with a standard NIC. With the MTP-1G card, Snort can monitor a full gigabit of traffic without modification. The MTP-1G cards are also compatible with other popular libpcap-based network monitoring applications such as tcpdump.
The University of California, Santa Cruz (UCSC) will present the impressive capabilities of the MTP-1G PCI cards at the upcoming North American Network Operators' Group (NANOG) Conference from January 30th to February 1st in Las Vegas, Nevada. UCSC integrated a Metanetworks MTP into one of its production networks and has confirmed that it greatly enhanced their existing IDS capabilities. "The MTP enables a whole range of open source security applications that were not possible before," says Paul Tartarsky, the UCSC consultant network security engineer in charge of integrating the MTP-1G. "As far as I can tell, the MTP has eliminated a huge roadblock to developing high performance IDPS applications at a low cost."
Friday, December 01, 2006
Messaging System/Anti-Spam Service offer network security
FortiMail Secure Messaging Platform includes antivirus detection engine for virus and spyware protection and complete email scanning. It uses FortiGuard-Antispam, access policy filtering, content filtering, global and user black/white list filtering, and spam Real-time Blackhole List. FortiGuard-Antispam Service eliminates spam at network perimeter. It checks against known spammer IP addresses and email content with Universal Resource Identifier scanning.
Fortinet -- the confirmed market leader in Unified Threat Management and only provider of ASIC-accelerated, network-based antivirus firewall systems for real-time network protection -- today unveiled two powerful new additions to its network security solutions and services portfolio: FortiMail, a secure messaging system, and FortiGuard-Antispam, a managed antispam service. The FortiMail Secure Messaging Platform and FortiGuard-Antispam Service effectively layer antispam technology to offer antispam defense in-depth at the network perimeter and the mail server -- maximizing mail traffic performance by eliminating global spam at the network gateway, before it enters the corporate network.
Unwanted email or spam continues to present serious security challenges for enterprises and consumers alike. Increasingly, these messages contain spyware, grayware or other malicious attempts to adversely impact a customer's computing and networking resources. While many world governments have been writing legislation and enforcing penalties around spam creation and delivery, spam continues to be difficult to regulate and catch. Industry researchers suggest that 60 to 70 percent of all enterprise email is spam, and recent statistics suggest that a good portion of spam contains viruses or other types of attacks.
"As an industry leader in the design and manufacture of advanced semiconductors, we have many daily demands on our network and cannot sacrifice network performance due to spam, viruses or other unwanted network traffic," said Edward Huang, corporate IT infrastructure manager for Atmel. "Solutions such as Fortinet's network security platforms and FortiGuard-Antispam Service help to minimize unwanted and malicious network traffic, without network performance degradation or a lot of administrative overhead, which is essential for ensuring a productive business."
FortiMail Secure Messaging Platform
The FortiMail Secure Messaging Platform is a dedicated system based on Fortinet's award winning FortiOS technology and includes an antivirus detection engine for virus and spyware protection and complete email scanning. FortiMail uses advanced spam detection and filtering methods such as FortiGuard-Antispam, access policy filtering, content filtering, global and user black/white list filtering, spam Real-time Blackhole List (RBL), per user Bayesian filtering so that individual users can set their own profiles, heuristics filtering and denial-of-service.
The FortiMail-400 system is the first in a family of secure messaging platforms and is designed for medium to large enterprises and remote branch offices. Future FortiMail systems will be available to secure messaging for high-volume, mission-critical infrastructures such as large enterprises, universities and managed security service providers (MSSPs).
The FortiMail Secure Messaging Platform offers users three protective modes of operation:
-- Transparent mode: FortiMail platform is placed in front of the existing email server without any changes to the existing email topology to provide seamless integration into existing network environments.
-- Gateway mode: FortiMail platform is placed in front of the existing email server providing in-bound and out-bound email relay services, which allows for scanning of both in-bound and out-bound email messages.
-- Server mode: FortMail platform provides complete email server functionality in addition to antivirus and antispam functionality, which is ideal for medium sized companies and remote branch office locations.
FortiGuard-Antispam Service
FortiGuard-Antispam Service is a new fully managed service that helps companies of all sizes reduce the amount of spam by eliminating it at the network perimeter. Fortinet developed this service internally and optimized it for operation on Fortinet's FortiGate network security platforms and the new FortiMail system family. On either system deployment, FortiGuard-Antispam can significantly reduce the amount of unwanted and possibly malicious spam messages passing through corporate email servers.
Using Fortinet's "dual pass" scanning technology in either the FortiMail or FortiGate systems, the FortiGuard-Antispam Service checks against known spammer IP addresses and email content with Universal Resource Identifier (URI) scanning. URI scanning looks deep into each email message to scan for well-known spam content such as spam URL links. The pairing of this new service with Fortinet security systems will help increase spam detection rates, as spammers get more creative and use infected PCs to deliver spam.
Fortinet -- the confirmed market leader in Unified Threat Management and only provider of ASIC-accelerated, network-based antivirus firewall systems for real-time network protection -- today unveiled two powerful new additions to its network security solutions and services portfolio: FortiMail, a secure messaging system, and FortiGuard-Antispam, a managed antispam service. The FortiMail Secure Messaging Platform and FortiGuard-Antispam Service effectively layer antispam technology to offer antispam defense in-depth at the network perimeter and the mail server -- maximizing mail traffic performance by eliminating global spam at the network gateway, before it enters the corporate network.
Unwanted email or spam continues to present serious security challenges for enterprises and consumers alike. Increasingly, these messages contain spyware, grayware or other malicious attempts to adversely impact a customer's computing and networking resources. While many world governments have been writing legislation and enforcing penalties around spam creation and delivery, spam continues to be difficult to regulate and catch. Industry researchers suggest that 60 to 70 percent of all enterprise email is spam, and recent statistics suggest that a good portion of spam contains viruses or other types of attacks.
"As an industry leader in the design and manufacture of advanced semiconductors, we have many daily demands on our network and cannot sacrifice network performance due to spam, viruses or other unwanted network traffic," said Edward Huang, corporate IT infrastructure manager for Atmel. "Solutions such as Fortinet's network security platforms and FortiGuard-Antispam Service help to minimize unwanted and malicious network traffic, without network performance degradation or a lot of administrative overhead, which is essential for ensuring a productive business."
FortiMail Secure Messaging Platform
The FortiMail Secure Messaging Platform is a dedicated system based on Fortinet's award winning FortiOS technology and includes an antivirus detection engine for virus and spyware protection and complete email scanning. FortiMail uses advanced spam detection and filtering methods such as FortiGuard-Antispam, access policy filtering, content filtering, global and user black/white list filtering, spam Real-time Blackhole List (RBL), per user Bayesian filtering so that individual users can set their own profiles, heuristics filtering and denial-of-service.
The FortiMail-400 system is the first in a family of secure messaging platforms and is designed for medium to large enterprises and remote branch offices. Future FortiMail systems will be available to secure messaging for high-volume, mission-critical infrastructures such as large enterprises, universities and managed security service providers (MSSPs).
The FortiMail Secure Messaging Platform offers users three protective modes of operation:
-- Transparent mode: FortiMail platform is placed in front of the existing email server without any changes to the existing email topology to provide seamless integration into existing network environments.
-- Gateway mode: FortiMail platform is placed in front of the existing email server providing in-bound and out-bound email relay services, which allows for scanning of both in-bound and out-bound email messages.
-- Server mode: FortMail platform provides complete email server functionality in addition to antivirus and antispam functionality, which is ideal for medium sized companies and remote branch office locations.
FortiGuard-Antispam Service
FortiGuard-Antispam Service is a new fully managed service that helps companies of all sizes reduce the amount of spam by eliminating it at the network perimeter. Fortinet developed this service internally and optimized it for operation on Fortinet's FortiGate network security platforms and the new FortiMail system family. On either system deployment, FortiGuard-Antispam can significantly reduce the amount of unwanted and possibly malicious spam messages passing through corporate email servers.
Using Fortinet's "dual pass" scanning technology in either the FortiMail or FortiGate systems, the FortiGuard-Antispam Service checks against known spammer IP addresses and email content with Universal Resource Identifier (URI) scanning. URI scanning looks deep into each email message to scan for well-known spam content such as spam URL links. The pairing of this new service with Fortinet security systems will help increase spam detection rates, as spammers get more creative and use infected PCs to deliver spam.
Thursday, November 30, 2006
GFI LANguard Network Security Scanner 3.3
GFI LANguard Network Security Scanner 3.3 covers the basics of vulnerability scanning well, though it lacks some of the advanced capabilities found in more enterprise-focused products such as eEye's Retina Network Security Scanner and NetIQ's Security Analyzer 5.0. LANguard cannot take the in-depth look at CGI scripting that Retina can or scan some types of network hardware, such as routers. But it's also much less expensive than the products from eEye and NetIQ.
To perform a basic scan of your network, you simply enter an IP address or range and press Start. LANguard gives you many types of predefined security scan profiles. For example, you can scan using only ICMP for discovery, scan all available ports, or scan for open shares or missing patches. You can also define and save your own security scan profiles.
Without administrative privileges in a Windows domain, you can determine computer names, MAC addresses, open ports, operating system versions, and SNMP information, all reported in a tree structure of results sorted by IP address. With domain administrative privileges, you can determine significantly more information about each system, such as shares, user accounts, services, password policies, registry information, and installed patches. Your scan can also include testing for CGI abuses as well as FTP, DNS, mail, service, and registry vulnerabilities. The results are grouped by category and include either a recommendation for remediation or a BugTraq, CVE, or Microsoft Security Bulletin reference.
Within the report generator you can create and save custom reports to meet your individual security needs. For example, you can generate a report of all systems that have either TCP port 80 (Web) or port 21 (FTP) open. As with Retina and SAINT 5, an included utility lets you compare two reports for new, removed, or changed items, as well as alert and hot-fix changes.
LANguard is also marketed as a patch management and deployment solution. During a scan of a Windows network, LANguard determines which patches have been installed on your systems and which are missing, based on GFI's coordination with Microsoft. It deploys hot fixes as well as service packs.
To perform a basic scan of your network, you simply enter an IP address or range and press Start. LANguard gives you many types of predefined security scan profiles. For example, you can scan using only ICMP for discovery, scan all available ports, or scan for open shares or missing patches. You can also define and save your own security scan profiles.
Without administrative privileges in a Windows domain, you can determine computer names, MAC addresses, open ports, operating system versions, and SNMP information, all reported in a tree structure of results sorted by IP address. With domain administrative privileges, you can determine significantly more information about each system, such as shares, user accounts, services, password policies, registry information, and installed patches. Your scan can also include testing for CGI abuses as well as FTP, DNS, mail, service, and registry vulnerabilities. The results are grouped by category and include either a recommendation for remediation or a BugTraq, CVE, or Microsoft Security Bulletin reference.
Within the report generator you can create and save custom reports to meet your individual security needs. For example, you can generate a report of all systems that have either TCP port 80 (Web) or port 21 (FTP) open. As with Retina and SAINT 5, an included utility lets you compare two reports for new, removed, or changed items, as well as alert and hot-fix changes.
LANguard is also marketed as a patch management and deployment solution. During a scan of a Windows network, LANguard determines which patches have been installed on your systems and which are missing, based on GFI's coordination with Microsoft. It deploys hot fixes as well as service packs.
Tuesday, November 28, 2006
Web Security Software protects mobile users outside network
Websense[R] Remote Filtering extends web filtering and web security technology to laptop users outside of organization's network to ensure secure internet use anytime and anywhere. Organizations can apply internet usage policies to remote users, protecting them from security threats and managing access to objectionable content. Specifically, software provides protection from accessing phishing sites, sites that contain spyware, or sites corrupted with malicious code.
New Functionality Will Extend Web Filtering and Web Security Policies to Remote Users, Regardless of Location or Type of Network Connection
SAN DIEGO, Sept. 19 -- Websense, Inc. (Nasdaq: WBSN), the world's leading provider of employee internet management solutions, today announced the upcoming release of Websense(R) Remote Filtering technology, extending Websense's industry-leading web filtering and web security technology to corporate laptop users outside of the organization's network. Remote Filtering capabilities will be seamlessly incorporated into the newest versions of Websense web filtering and web security software, expected to be available in October 2005.
With the growing rate of telecommuting and business travel, it has become critical for organizations to enable employees who work remotely to use their laptop computers effectively and safely. As broadband internet access becomes more pervasive in non-traditional settings such as airports, hotels or local coffee houses, the necessity to protect remote laptop users from malicious threats lurking in unknown networks intensifies exponentially. Websense Remote Filtering ensures secure employee internet use anytime and anywhere, becoming a critical component of any organization's endpoint security and protection strategy.
New Functionality Will Extend Web Filtering and Web Security Policies to Remote Users, Regardless of Location or Type of Network Connection
SAN DIEGO, Sept. 19 -- Websense, Inc. (Nasdaq: WBSN), the world's leading provider of employee internet management solutions, today announced the upcoming release of Websense(R) Remote Filtering technology, extending Websense's industry-leading web filtering and web security technology to corporate laptop users outside of the organization's network. Remote Filtering capabilities will be seamlessly incorporated into the newest versions of Websense web filtering and web security software, expected to be available in October 2005.
With the growing rate of telecommuting and business travel, it has become critical for organizations to enable employees who work remotely to use their laptop computers effectively and safely. As broadband internet access becomes more pervasive in non-traditional settings such as airports, hotels or local coffee houses, the necessity to protect remote laptop users from malicious threats lurking in unknown networks intensifies exponentially. Websense Remote Filtering ensures secure employee internet use anytime and anywhere, becoming a critical component of any organization's endpoint security and protection strategy.
Wednesday, November 22, 2006
Performance Analysis: Network Security Scanners
PC Magazine Labs has taken an in-depth look at the six network vulnerability scanners in our roundup, as well as the tools included in our sidebars (the Foundstone FS1000 Appliance, Microsoft Baseline Security Analyzer (MBSA), Nmap, and Stealthbits Technologies' StealthAudit). When we tested how well they could catch basic network vulnerabilities, all the scanners performed adequately. But the quality—and more important, the ease of use of the reports the products generate—varied significantly.
Our test network comprised a Linksys BEFVP41 router and a mix of Microsoft Windows clients and servers (Windows 98, 2000 Workstation, 2000 Advanced Server, and XP). We also deployed Linux hosts (Red Hat 8 and 9 Professional, SuSE Enterprise Server 8, and SuSE 8.1 Professional) to test each application's cross-platform capabilities.
We updated all systems with all appropriate patches, but we did not fix a select number of critical vulnerabilities on the target hosts. On our Windows hosts we left vulnerabilities described in Microsoft Security Bulletins MS03-039 (Buffer Overrun In RPCSS Service, CAN-2003-0715, CAN-2003-0528, and CAN-2003-0605) and MS03-041 (Vulnerability in Authenticode Verification, CAN-2003-0660). Under the right circumstances, both can let hackers execute code on target systems.
We left our Linux machines vulnerable with an exploitable version of OpenSSH (CAN-2003-0682, CAN-2003-0693, and CAN-2003-0695), a file share (/usr) exported with no access restrictions (CAN 1999-0554), and a denial-of-service vulnerability in the Unix Domain Name Service BIND 9.1.3 (CAN-2002-0400). Such Linux vulnerabilities can create a severe security risk, compromising your network and data.
All the products correctly identified the Windows vulnerabilities, and their reports included references to the appropriate Microsoft Security Bulletins. But the Linux vulnerabilities posed a bigger challenge to some of the Windows scanners.
Our test network comprised a Linksys BEFVP41 router and a mix of Microsoft Windows clients and servers (Windows 98, 2000 Workstation, 2000 Advanced Server, and XP). We also deployed Linux hosts (Red Hat 8 and 9 Professional, SuSE Enterprise Server 8, and SuSE 8.1 Professional) to test each application's cross-platform capabilities.
We updated all systems with all appropriate patches, but we did not fix a select number of critical vulnerabilities on the target hosts. On our Windows hosts we left vulnerabilities described in Microsoft Security Bulletins MS03-039 (Buffer Overrun In RPCSS Service, CAN-2003-0715, CAN-2003-0528, and CAN-2003-0605) and MS03-041 (Vulnerability in Authenticode Verification, CAN-2003-0660). Under the right circumstances, both can let hackers execute code on target systems.
We left our Linux machines vulnerable with an exploitable version of OpenSSH (CAN-2003-0682, CAN-2003-0693, and CAN-2003-0695), a file share (/usr) exported with no access restrictions (CAN 1999-0554), and a denial-of-service vulnerability in the Unix Domain Name Service BIND 9.1.3 (CAN-2002-0400). Such Linux vulnerabilities can create a severe security risk, compromising your network and data.
All the products correctly identified the Windows vulnerabilities, and their reports included references to the appropriate Microsoft Security Bulletins. But the Linux vulnerabilities posed a bigger challenge to some of the Windows scanners.
Saturday, November 18, 2006
Hitachi Software and KDDI Network & Solutions to Market English HIBUN Information Security Management Solutions Overseas
Hitachi Software Engineering Co. Ltd. (HitachiSoft) and KDDI Network & Solutions Inc. (KNSL) have agreed to collaborate on the overseas marketing of HitachiSoft's HIBUN series of information security management systems in North America, Europe and Asia, and will be releasing English-language versions effectively this month.
The implementation of Japan's Personal Information Protection Law has spurred the introduction of measures to enhance information security management in Japan and demand for security measures is growing among overseas branches and subsidiaries. Following this demand, KNSL and HitachiSoft will release the HIBUN series, already with 1,700 corporate users and 1.5 million licenses in Japan as of July 31, 2005, overseas.
HitachiSoft has developed English-language versions of three products in its HIBUN range of information security management solutions - HIBUN AE Information Cypher, which encrypts drives, media and files, HIBUN AE Information Fortress, which controls transfer to external media and printing, and HIBUN AE Server, which provides logging and user control functions - to be released in November. As primary agent, KNSL will provide support services in Japanese and English to overseas sales companies, 24 hours a day, 365 days a year. The products will be marketed by a US subsidiary of KDDI Corporation, while HitachiSoft's US subsidiary Hitachi Software Engineering America, headquartered in San Francisco, will handle sales, implementation and configuration and SE support services to customers.
The new solutions will initially be marketed from bases in the United States, Europe and Asia, targeting local subsidiaries of Japanese companies in the United States, the United Kingdom, France, Germany, the Netherlands, Belgium, Hong Kong, Taiwan, Korea, Singapore, Thailand, Malaysia,, Indonesia, the Philippines, Vietnam, Australia, while marketing activities will gradually be expanded. From September, promotional activities such as seminars will be conducted overseas, and the products will go on sale at promotional prices. KNSL and HitachiSoft aim to sell 200,000 licenses over a three-year period.
The implementation of Japan's Personal Information Protection Law has spurred the introduction of measures to enhance information security management in Japan and demand for security measures is growing among overseas branches and subsidiaries. Following this demand, KNSL and HitachiSoft will release the HIBUN series, already with 1,700 corporate users and 1.5 million licenses in Japan as of July 31, 2005, overseas.
HitachiSoft has developed English-language versions of three products in its HIBUN range of information security management solutions - HIBUN AE Information Cypher, which encrypts drives, media and files, HIBUN AE Information Fortress, which controls transfer to external media and printing, and HIBUN AE Server, which provides logging and user control functions - to be released in November. As primary agent, KNSL will provide support services in Japanese and English to overseas sales companies, 24 hours a day, 365 days a year. The products will be marketed by a US subsidiary of KDDI Corporation, while HitachiSoft's US subsidiary Hitachi Software Engineering America, headquartered in San Francisco, will handle sales, implementation and configuration and SE support services to customers.
The new solutions will initially be marketed from bases in the United States, Europe and Asia, targeting local subsidiaries of Japanese companies in the United States, the United Kingdom, France, Germany, the Netherlands, Belgium, Hong Kong, Taiwan, Korea, Singapore, Thailand, Malaysia,, Indonesia, the Philippines, Vietnam, Australia, while marketing activities will gradually be expanded. From September, promotional activities such as seminars will be conducted overseas, and the products will go on sale at promotional prices. KNSL and HitachiSoft aim to sell 200,000 licenses over a three-year period.
Tuesday, November 14, 2006
Security group warns of VPN vulnerabilities
The UK's National Infrastructure Security Coordination Center (NISCC) has warned of potential attacks on the IPSec protocol used in browser-based virtual private networks, which could render encrypted messages as plain text with only "moderate effort". This would affect many remote communications to enterprise networks via Wi-Fi and other networks, with IPSec becoming increasingly popular among mobile workers.
The NISCC describes the weakness as "severe" and says it applies to IPSec configurations that rely on Encapsulating Security Payload (ESP) in tunnel mode with confidentiality only, or with integrity protection offered by a higher layer protocol.
The attacks need to be carried out many times before they are successful, but once this phase is reached, "the results can be reused to efficiently recover the contents of further inner packets". The attacks are fully automatable.
The main safeguards that companies should take are to configure ESP to use both confidentiality and integrity protection; use the AH protocol alongside ESP to provide integrity protection; and filter ICMP messages at a firewall or security gateway.
The NISCC describes the weakness as "severe" and says it applies to IPSec configurations that rely on Encapsulating Security Payload (ESP) in tunnel mode with confidentiality only, or with integrity protection offered by a higher layer protocol.
The attacks need to be carried out many times before they are successful, but once this phase is reached, "the results can be reused to efficiently recover the contents of further inner packets". The attacks are fully automatable.
The main safeguards that companies should take are to configure ESP to use both confidentiality and integrity protection; use the AH protocol alongside ESP to provide integrity protection; and filter ICMP messages at a firewall or security gateway.
Thursday, November 09, 2006
Network Security: Know Your Weaknesses
As the person responsible for your company's network security, you know you are sorely outnumbered. A seemingly infinite number of potential intruders are lurking out there, and there's never enough time to prepare.
Without a doubt, the costs of cyberattacks are significant, as shown by the 2003 Computer Crime and Security Survey, conducted by the Computer Security Institute and the FBI. The 250 organizations that participated in the eighth annual study reported combined losses of $202 million, with causes ranging from theft of proprietary information, denial-of-service attacks, and viruses to insider abuse of network access.
How do you improve your odds? Your obvious first step is to identify system weaknesses. Vulnerability assessment scanners not only automatically discover security flaws on a network but in some cases correct them, too. Such tools have been around for years, but only recently have they matured into more comprehensive and user-friendly—if still complex—products, with features like customized reporting, distributed threat assessment, and automatic correction of potential problems.
Among the things such scanners can identify are known software bugs, viruses, and weak access control policies. Commonly found workstation vulnerabilities include open NetBIOS ports for file and printer sharing, as well as users who run rogue Web servers or peer-to-peer file-sharing clients.
Vulnerability assessment scanners can also find improper configurations of applications, which can leave a network unprotected. For example, Microsoft Exchange's default configuration used to leave the server as an open SMTP relay, which could be exploited by spammers. This resulted in attackers hijacking servers and sending millions of e-mails that appeared to originate as legitimate traffic from the victims' networks.
Without a doubt, the costs of cyberattacks are significant, as shown by the 2003 Computer Crime and Security Survey, conducted by the Computer Security Institute and the FBI. The 250 organizations that participated in the eighth annual study reported combined losses of $202 million, with causes ranging from theft of proprietary information, denial-of-service attacks, and viruses to insider abuse of network access.
How do you improve your odds? Your obvious first step is to identify system weaknesses. Vulnerability assessment scanners not only automatically discover security flaws on a network but in some cases correct them, too. Such tools have been around for years, but only recently have they matured into more comprehensive and user-friendly—if still complex—products, with features like customized reporting, distributed threat assessment, and automatic correction of potential problems.
Among the things such scanners can identify are known software bugs, viruses, and weak access control policies. Commonly found workstation vulnerabilities include open NetBIOS ports for file and printer sharing, as well as users who run rogue Web servers or peer-to-peer file-sharing clients.
Vulnerability assessment scanners can also find improper configurations of applications, which can leave a network unprotected. For example, Microsoft Exchange's default configuration used to leave the server as an open SMTP relay, which could be exploited by spammers. This resulted in attackers hijacking servers and sending millions of e-mails that appeared to originate as legitimate traffic from the victims' networks.
Friday, November 03, 2006
Retina Network Security Scanner
Intelligent, out-of-the-box ESP 3000 solution consists of integrated layers of security technologies including IDS, IPS, behavioral analysis, event and global threat correlation, vulnerability scanning, vendor alerts, asset database, and security dashboard. Browser-based Master Control Unit acts as monitoring console, signature server, cluster manager, and Web server, while also containing Web portal housing all reports and graphs for appliance suite.
New SRM solution from a proven network security innovator arms organizations with more complete protection, cost savings and ability to preemptively avoid network attacks
DALLAS, TX. - September 26th, 2005 - Global DataGuard, the premier provider of Security Risk Management (SRM) solutions for midsize-to-enterprise organizations, today announced it is rolling out a fully integrated, groundbreaking suite of new SRM solutions that enable organizations to immediately and economically understand where their networks are vulnerable, who's trying to attack them and what they can do to prevent network security problems.
Global DataGuard's intelligent, out-of-the-box ESP 3000 solution consists of integrated layers of security technologies that together provide unmatched risk management: IDS, IPS, behavioral analysis, event and global threat correlation, vulnerability scanning, vendor alerts, an asset database and a security dashboard. Each layer complements and augments the others, with intelligent behavioral analysis and correlation capabilities comprising the GDG difference. The result is early warnings of threats other solutions cannot see; far fewer false positives; cost savings, more thorough compliance and the ability to manage security solutions with one console.
The installation process is straightforward, and upon start-up, Retina synchronizes its vulnerability signature databases with eEye's server. When Retina opens, the main user interface provides access to four modules: the browser, tracer, miner, and scanner. The integrated Web browser lists all page elements in a tree view, and the tracer creates a traceroute and displays response times. But the miner and scanner modules are the brains of the operation. With its proprietary artificial-intelligence engine, the miner tries to mimic a hacker's behavior by attacking security weaknesses.
New SRM solution from a proven network security innovator arms organizations with more complete protection, cost savings and ability to preemptively avoid network attacks
DALLAS, TX. - September 26th, 2005 - Global DataGuard, the premier provider of Security Risk Management (SRM) solutions for midsize-to-enterprise organizations, today announced it is rolling out a fully integrated, groundbreaking suite of new SRM solutions that enable organizations to immediately and economically understand where their networks are vulnerable, who's trying to attack them and what they can do to prevent network security problems.
Global DataGuard's intelligent, out-of-the-box ESP 3000 solution consists of integrated layers of security technologies that together provide unmatched risk management: IDS, IPS, behavioral analysis, event and global threat correlation, vulnerability scanning, vendor alerts, an asset database and a security dashboard. Each layer complements and augments the others, with intelligent behavioral analysis and correlation capabilities comprising the GDG difference. The result is early warnings of threats other solutions cannot see; far fewer false positives; cost savings, more thorough compliance and the ability to manage security solutions with one console.
The installation process is straightforward, and upon start-up, Retina synchronizes its vulnerability signature databases with eEye's server. When Retina opens, the main user interface provides access to four modules: the browser, tracer, miner, and scanner. The integrated Web browser lists all page elements in a tree view, and the tracer creates a traceroute and displays response times. But the miner and scanner modules are the brains of the operation. With its proprietary artificial-intelligence engine, the miner tries to mimic a hacker's behavior by attacking security weaknesses.
Saturday, October 28, 2006
Network Security System offers fully integrated solution.
Intelligent, out-of-the-box ESP 3000 solution consists of integrated layers of security technologies including IDS, IPS, behavioral analysis, event and global threat correlation, vulnerability scanning, vendor alerts, asset database, and security dashboard. Browser-based Master Control Unit acts as monitoring console, signature server, cluster manager, and Web server, while also containing Web portal housing all reports and graphs for appliance suite.
New SRM solution from a proven network security innovator arms organizations with more complete protection, cost savings and ability to preemptively avoid network attacks
DALLAS, TX. - September 26th, 2005 - Global DataGuard, the premier provider of Security Risk Management (SRM) solutions for midsize-to-enterprise organizations, today announced it is rolling out a fully integrated, groundbreaking suite of new SRM solutions that enable organizations to immediately and economically understand where their networks are vulnerable, who's trying to attack them and what they can do to prevent network security problems.
Global DataGuard's intelligent, out-of-the-box ESP 3000 solution consists of integrated layers of security technologies that together provide unmatched risk management: IDS, IPS, behavioral analysis, event and global threat correlation, vulnerability scanning, vendor alerts, an asset database and a security dashboard. Each layer complements and augments the others, with intelligent behavioral analysis and correlation capabilities comprising the GDG difference. The result is early warnings of threats other solutions cannot see; far fewer false positives; cost savings, more thorough compliance and the ability to manage security solutions with one console.
New SRM solution from a proven network security innovator arms organizations with more complete protection, cost savings and ability to preemptively avoid network attacks
DALLAS, TX. - September 26th, 2005 - Global DataGuard, the premier provider of Security Risk Management (SRM) solutions for midsize-to-enterprise organizations, today announced it is rolling out a fully integrated, groundbreaking suite of new SRM solutions that enable organizations to immediately and economically understand where their networks are vulnerable, who's trying to attack them and what they can do to prevent network security problems.
Global DataGuard's intelligent, out-of-the-box ESP 3000 solution consists of integrated layers of security technologies that together provide unmatched risk management: IDS, IPS, behavioral analysis, event and global threat correlation, vulnerability scanning, vendor alerts, an asset database and a security dashboard. Each layer complements and augments the others, with intelligent behavioral analysis and correlation capabilities comprising the GDG difference. The result is early warnings of threats other solutions cannot see; far fewer false positives; cost savings, more thorough compliance and the ability to manage security solutions with one console.
Saturday, October 21, 2006
Guard your systems from network parasites with the WolfPac Security Suite - Top Technology Showcase
PSINet Europe, a leading provider of corporate IP-based communication services, recently conducted a little experiment: To prove the importance of network security, it set up an anonymous "dummy server" containing no data and no public profile. Within 24 hours it was attacked 467 times. This large number reflects the fact that computer hacking is no longer just a hobby for computer geeks--it is now a full-time job. Network professionals need to be aware of this growing problem and learn to protect themselves from uninvited guests.
NetWolves' latest offering is designed to prevent system robbery. It acts as a hacker's kryptornte making your servers secure from outside intrusions. The Security Suite acts as a link between large companies and remote offices or as a single gateway for small-to-medium size businesses. It provides companies with an option for shielding their intellectual property from information thievery.
The suite comes in two platforms: the WolfPac 2020 and the WolfPac 3020. They both come equipped with three Ethernet 10/100 interface cards for WAN, LAN and DMZ connections. The security suite is offered with either a 600MHz or 900MHz processor, 20- to 100GB hard drive, and up to 1,024MB of RAM.
NetWolves' latest offering is designed to prevent system robbery. It acts as a hacker's kryptornte making your servers secure from outside intrusions. The Security Suite acts as a link between large companies and remote offices or as a single gateway for small-to-medium size businesses. It provides companies with an option for shielding their intellectual property from information thievery.
The suite comes in two platforms: the WolfPac 2020 and the WolfPac 3020. They both come equipped with three Ethernet 10/100 interface cards for WAN, LAN and DMZ connections. The security suite is offered with either a 600MHz or 900MHz processor, 20- to 100GB hard drive, and up to 1,024MB of RAM.
Thursday, October 19, 2006
Web application assessment - Network monitoring and security - Weblnspect 3.0 Enterprise Edition - Brief Article
Discover where network security needs improvement with Weblnspect 3.0 Enterprise Edition, a product designed to automate the assessment of Web services security. Users can perform security assessments on any Web-enabled application, including specific assessment capabilities for Microsoft .NET, IBM WebSphere, Lotus Domino, Oracle Application Servers and MacroMedia ColdFusion. An intuitive, wizard-driven interface, and integrated tools and utilities provide easy access to Web application vulnerabilities. In addition, an expert mode allows advanced users to manually interact with the assessment process and create custom test scripts. The configurable XML export tool enables users to export any and all information found during the scan in a standardized XML format, including comments, hidden fields, Javascript, cookies, Web forms, URLs, requests and sessions.
Friday, October 13, 2006
Scan like a hacker - Network monitoring and security
ScanDo is a Web application scanner that assesses the entire Web application to identify security loopholes through comprehensive exploration and penetration of the Web application and its operating environments. The tool reveals Web application vulnerabilities using the same techniques used by hackers, including the manipulation of IT infrastructure vulnerabilities, parameter tampering, Web services and SOAP vulnerabilities, hidden field manipulation, cookie poisoning, stealth commanding, backdoor and debug options, database sabotage, buffer overflow attacks, data encoding, and protocol piggybacking. Weaknesses are pinpointed and the risk level assessed within the applications to be managed. The solution then generates reports in graphical or textual formats for novice or experienced security personnel.
Monday, October 09, 2006
Questioning the cost of compliance: some say a new network security rule puts an unfair burden on higher ed
WITH LEGISLATION TO reauthorize the Higher Education Act (HEA) lumbering toward enactment, although its final form remains uncertain, the higher education community in Washington is paying attention to new developments in other areas.
One issue: regulations issued by the Federal Communications Commission (FCC) to broaden law enforcement's ability to monitor electronic communications involving suspected terrorists and criminals.
The new regulations extend to universities, as well as libraries, airport public wireless networks, and commercial Internet service providers, provisions of the 1994 Communications Assistance for Law Enforcement Act. That measure directed telephone companies to redesign their networks to enable law enforcement agencies to have remote access to their systems.
The rules, newly issued by the FCC, extend the remote access requirements to computer networks. Implementation requires all Internet service providers, including IHEs, to upgrade network switches and routers by June 2007 to enable remote monitoring. The cost to upgrade computer networks at IHEs is estimated at $7 billion, according to the American Council on Education (www. acenet.edu), which quickly challenged the FCC's rules in the federal appellate court for the District of Columbia.
"Potentially, this is a huge deal over a complicated set of issues," says ACE Senior Vice President Terry W. Hartle. Some people would argue there is a broader privacy issue here. "What we have argued is simply that we will comply; we are anxious to do our part in the war on terror, but what the government is asking us to do is very expensive for very little return."
Higher ed institutions have long worked with law enforcement agencies pursuing criminal investigations, adds Sheldon E. Steinbach, ACE vice president and general counsel. He says that by filing suit, ACE hopes to convince the FCC that institutions "can provide the same access through alternative approaches" without having to shell out $7 billion.
"When you evaluate efficiency versus the incredible cost of compliance, we just don't think it makes a lot of sense," Steinbach says.
SHAPING THE FUTURE
In another development, U.S. Education Secretary Margaret Spellings kicked off a national commission established to shape the future of higher ed in the U.S. and asked it to submit specific recommendations by August 1, 2006, on four areas: accessibility, affordability, accountability, and quality.
The commission, made up of 19 business, foundation, and higher ed representatives, got an immediate taste of its mission when the College Board reported that there continue to be significant long-term concerns about college access and affordability.
Although average grant aid per student is growing, it's not by enough to prevent increased reliance on borrowing, the College Board stated. Low-income students receive more grant aid, on average, than higher-income students, but new student aid policies have benefited those in the upper half of the income distribution most.
HEA UPDATE
Meanwhile, the Senate and House are still moving in their own ways to reauthorize the HEA. At the outset of the congressional budget process last February, both bodies agreed to reduce the federal deficit by $35 billion over five years by cutting entitlement programs, a process known as reconciliation. The Senate Committee on Health, Education, Labor and Pensions must contribute one-third of the total cuts in the Senate.
In October, the Senate Committee approved budget reconciliation legislation that encompasses HEA reauthorization. The measure cuts $15.1 billion over five years from the federal student loan and pension programs. The House Education and Workforce Committee cut $20.8 billion.
Higher ed lobbyists continue voicing concerns over spending cuts. But Congress is under pressure to help pay for hurricane relief and the war in Iraq. Unsure when it will complete reauthorization, Congress extended programs under HEA as they stand until December 31.
One issue: regulations issued by the Federal Communications Commission (FCC) to broaden law enforcement's ability to monitor electronic communications involving suspected terrorists and criminals.
The new regulations extend to universities, as well as libraries, airport public wireless networks, and commercial Internet service providers, provisions of the 1994 Communications Assistance for Law Enforcement Act. That measure directed telephone companies to redesign their networks to enable law enforcement agencies to have remote access to their systems.
The rules, newly issued by the FCC, extend the remote access requirements to computer networks. Implementation requires all Internet service providers, including IHEs, to upgrade network switches and routers by June 2007 to enable remote monitoring. The cost to upgrade computer networks at IHEs is estimated at $7 billion, according to the American Council on Education (www. acenet.edu), which quickly challenged the FCC's rules in the federal appellate court for the District of Columbia.
"Potentially, this is a huge deal over a complicated set of issues," says ACE Senior Vice President Terry W. Hartle. Some people would argue there is a broader privacy issue here. "What we have argued is simply that we will comply; we are anxious to do our part in the war on terror, but what the government is asking us to do is very expensive for very little return."
Higher ed institutions have long worked with law enforcement agencies pursuing criminal investigations, adds Sheldon E. Steinbach, ACE vice president and general counsel. He says that by filing suit, ACE hopes to convince the FCC that institutions "can provide the same access through alternative approaches" without having to shell out $7 billion.
"When you evaluate efficiency versus the incredible cost of compliance, we just don't think it makes a lot of sense," Steinbach says.
SHAPING THE FUTURE
In another development, U.S. Education Secretary Margaret Spellings kicked off a national commission established to shape the future of higher ed in the U.S. and asked it to submit specific recommendations by August 1, 2006, on four areas: accessibility, affordability, accountability, and quality.
The commission, made up of 19 business, foundation, and higher ed representatives, got an immediate taste of its mission when the College Board reported that there continue to be significant long-term concerns about college access and affordability.
Although average grant aid per student is growing, it's not by enough to prevent increased reliance on borrowing, the College Board stated. Low-income students receive more grant aid, on average, than higher-income students, but new student aid policies have benefited those in the upper half of the income distribution most.
HEA UPDATE
Meanwhile, the Senate and House are still moving in their own ways to reauthorize the HEA. At the outset of the congressional budget process last February, both bodies agreed to reduce the federal deficit by $35 billion over five years by cutting entitlement programs, a process known as reconciliation. The Senate Committee on Health, Education, Labor and Pensions must contribute one-third of the total cuts in the Senate.
In October, the Senate Committee approved budget reconciliation legislation that encompasses HEA reauthorization. The measure cuts $15.1 billion over five years from the federal student loan and pension programs. The House Education and Workforce Committee cut $20.8 billion.
Higher ed lobbyists continue voicing concerns over spending cuts. But Congress is under pressure to help pay for hurricane relief and the war in Iraq. Unsure when it will complete reauthorization, Congress extended programs under HEA as they stand until December 31.
Monday, October 02, 2006
Credit union serves up secure solution; password technology system provides members with authenticated, 24/7 network access - Network Security - State
More than 73,000 members. $530 million in assets. A fast-growing dial-in network where remote users can gain 24/7 access. A potential security nightmare.
That was the challenge facing the State Employees Credit Union (SECU) in Lansing, Mich., which, since its charter in 1952, has grown to become one of the leading credit unions in Michigan and the United States. With its burgeoning network, however, Mark Davis, SECU assistant vice president of data center operations, understood the dangers of unauthorized access, and wanted to be able to identify each individual user attempting to log on to the system.
"As far as remote dial-in, we were getting to the point where our network was too exposed and anybody would be able to get in," says Davis. "I realized that greater security would be needed as we basically just had someone dialing into a router to use NT security."
SECU underwent an exhaustive search to identify a cost-effective method to provide high-level security for its dial-in network.
That was the challenge facing the State Employees Credit Union (SECU) in Lansing, Mich., which, since its charter in 1952, has grown to become one of the leading credit unions in Michigan and the United States. With its burgeoning network, however, Mark Davis, SECU assistant vice president of data center operations, understood the dangers of unauthorized access, and wanted to be able to identify each individual user attempting to log on to the system.
"As far as remote dial-in, we were getting to the point where our network was too exposed and anybody would be able to get in," says Davis. "I realized that greater security would be needed as we basically just had someone dialing into a router to use NT security."
SECU underwent an exhaustive search to identify a cost-effective method to provide high-level security for its dial-in network.
Friday, September 29, 2006
Internet Security Gateway targets small network environments
Providing unified threat management, InstaGate 305 includes network intrusion prevention, and deep packet inspection firewall to detect and stop threats at all layers of network. IPSec VPN with 3DES/AES encryption and digital certificate support allows site-to-site security and remote-access connectivity. Based on user-definable keywords, full URLs, and regular expression matching, URL filtering allows organization to limit URLs accessible from behind firewall.
Device Raises the Bar for Sub-$1,000 Unified Threat Management (UTM) Solutions by Including Gateway Anti-Virus, URL Filtering and Intrusion Prevention
BROOMFIELD, Colo., Sept. 14 -- eSoft, Inc., a leading vendor of integrated Internet security and content management solutions, announced today the availability of its newest product, the InstaGate 305 integrated security gateway, which integrates Firewall, IPSec VPN, Gateway Anti-Virus, Web URL Filtering and Network Intrusion Prevention into a single, easy-to-deploy and manage solution.
The InstaGate 305, tailored for small network environments with critical security needs, is the latest addition to eSoft's award-winning line of unified threat management (UTM) solutions that integrate dynamic Deep Packet Inspection services such as Anti-Virus and Intrusion Prevention into traditional Firewall/VPN network security appliances. While many devices in the sub-$1,000 market provide stateful Firewall and VPN functionality, few provide the performance and depth of inspection of the InstaGate 305, which is based on a powerful Intel(R) XScale processor with a large memory footprint.
"The InstaGate 305 fills a critical gap in one of the most under-served areas of the market," said Scott Lukes, eSoft vice president of marketing. "Small organizations are exposed to the same Internet threats as large Fortune 500 enterprises -- the only difference is that they don't have the same resources to deal with them. The 305 was designed to provide all of the necessary tools to protect small networks from modern, dynamic threats -- like the recent Zotob virus -- with minimal requirements from IT."
Device Raises the Bar for Sub-$1,000 Unified Threat Management (UTM) Solutions by Including Gateway Anti-Virus, URL Filtering and Intrusion Prevention
BROOMFIELD, Colo., Sept. 14 -- eSoft, Inc., a leading vendor of integrated Internet security and content management solutions, announced today the availability of its newest product, the InstaGate 305 integrated security gateway, which integrates Firewall, IPSec VPN, Gateway Anti-Virus, Web URL Filtering and Network Intrusion Prevention into a single, easy-to-deploy and manage solution.
The InstaGate 305, tailored for small network environments with critical security needs, is the latest addition to eSoft's award-winning line of unified threat management (UTM) solutions that integrate dynamic Deep Packet Inspection services such as Anti-Virus and Intrusion Prevention into traditional Firewall/VPN network security appliances. While many devices in the sub-$1,000 market provide stateful Firewall and VPN functionality, few provide the performance and depth of inspection of the InstaGate 305, which is based on a powerful Intel(R) XScale processor with a large memory footprint.
"The InstaGate 305 fills a critical gap in one of the most under-served areas of the market," said Scott Lukes, eSoft vice president of marketing. "Small organizations are exposed to the same Internet threats as large Fortune 500 enterprises -- the only difference is that they don't have the same resources to deal with them. The 305 was designed to provide all of the necessary tools to protect small networks from modern, dynamic threats -- like the recent Zotob virus -- with minimal requirements from IT."
Monday, September 25, 2006
Revamp your network security - now
Did you like to blow things up when you were little? Come on, be honest. I'll come clean. More than a few mailboxes fell under the onslaught of my juvenile pyromania. Being an adult means wanton destruction is frowned upon. But maybe there is something we can do to regain the thrill.
Try this on for size: You should blow up your network. That's right - over the next 18 months you'll be overhauling your campus network. It's time. You know you are tired of those old Layer 3 switches. Those are so five years ago. Aren't those boxes depreciated yet? Get the finance guys on the horn.
The business has changed. The insider threat is real. Folks connect to your network from conference rooms and over VPNs from unsafe environments. You can't stick your head in the sand anymore. Compliance has teeth and you need to segment networks and protect sensitive data. Acknowledging this is a huge change for me, since I used to laugh when told that people needed to secure internal networks.
I remember talking years ago to companies that were pitching that customers needed to extend the protection deeper into the network. I laughed. The moat is deep and wide. The bad guys cannot get in. Well, now the bad guys are us and they may already be on the network. We need to make the network much less hospitable to them.
Try this on for size: You should blow up your network. That's right - over the next 18 months you'll be overhauling your campus network. It's time. You know you are tired of those old Layer 3 switches. Those are so five years ago. Aren't those boxes depreciated yet? Get the finance guys on the horn.
The business has changed. The insider threat is real. Folks connect to your network from conference rooms and over VPNs from unsafe environments. You can't stick your head in the sand anymore. Compliance has teeth and you need to segment networks and protect sensitive data. Acknowledging this is a huge change for me, since I used to laugh when told that people needed to secure internal networks.
I remember talking years ago to companies that were pitching that customers needed to extend the protection deeper into the network. I laughed. The moat is deep and wide. The bad guys cannot get in. Well, now the bad guys are us and they may already be on the network. We need to make the network much less hospitable to them.
Monday, September 18, 2006
Remote application console - Network security - Remote Console Server 3.0 - Brief Article
Providing remote access to console and DOS legacy applications, Remote Console Server 3.0 is an advanced remote-access server that runs as a regular network service for Windows NT/ 2000/XP. The solution dynamically displays a console panel (up to 255x255) without distortions, and supports a mouse, function keys and hot key combinations. Administration options include access time management, session monitoring and reviewing, capability to set restrictions by IP and domain address, sending messages to currently connected users, forced online session disconnection and termination, and overtaking control. The program features in-session file uploading and downloading support; every session has an independent clipboard on the server side; and for every process, the duration time limit is user defined.--Zilab Software
Tuesday, September 12, 2006
AT&T to upgrade network infrastructure for Internet Security Systems
Telecomms holding company AT&T Inc (NYSE:T) has signed a three year contract to upgrade the network infrastructure of enterprise security company Internet Security Systems Inc (ISS).
AT&T said the new contract, which follows ISS's adoption of AT&T's MPLS technology in 2004, which extends the MPLS services to ISS locations in the US, Europe and the Asia-Pacific region. ISS will use the network upgrade to add further company locations in the future.
According to AT&T, the network upgrade will provide ISS with disaster recovery services which use the fastest, most advanced any-to-any mesh connectivity, to ensure outages at centralised hubs do not disrupt the networks.
ISS will also use the upgraded network to introduce VoIP capabilities across its enterprise, enabling it to streamline internal voice communications and gain maximum cost-efficiencies. The new contract also covers dedicated Internet, long distance and AT&T ultravailable local access services
Thursday, September 07, 2006
THE NEED FOR INTERNAL SECURITY
To thwart viruses and worms, security controls need to be instituted at the wireless edge, so malicious TCP/IP traffic can be stopped before it spreads to other devices. Complementing the external security perimeter that protects wired networks, enterprises need to create an internal security perimeter to secure their WLANs.
One solution is to deploy WLAN security gateways, which are network appliances designed to secure, manage and power WLANs. Operating at the wireless edge, between access points and other devices upstream, WI,AN security gateways protect networks from security attacks launched from wireless devices.
These gateways should meet three key requirements:
1. Precise packet-filtering controls for blocking or redirecting traffic. The gateway should include precise packet-filtering controls that can distinguish malicious traffic from legitimate traffic, and take action to block or redirect malicious traffic. A network administrator should be able to read a security bulletin describing the characteristics of a virus or worm and then precisely define a filter that targets the traffic of that virus or worm. The filter should block malicious traffic without interfering with legitimate traffic. By detecting and blocking the traffic that viruses and worms depend on, the filtering capabilities of a WLAN security gateway contain airborne attacks.
2. Filtering at the wireless edge to manage traffic among devices. To contain an attack, packet filtering must occur at the wireless edge, as close as possible to the access point. For optimal protection of the network, WLAN security gateways should be installed between the access point and the next upstream network device.
3. Session logging and audit tools for identifying infected computers and accelerating repairs. WLAN security gateways should provide logging and audit tools to help administrators remediate an attack, once it is contained. By maintaining full session logs of network traffic and tracking Layer 3 traffic data, WEAN security" gateways facilitate the identification of users with infected computers and the MAC addresses of the computers themselves. Using this information, administrators can contact users directly and begin cleaning up any infected computers.
CENTRALIZED POLICY MANAGEMENT
A tiered solution that combines WLAN security gateways at the wireless edge with a centrally located policy server provides additional advantages for network administrators combating viruses and worms. By providing centralized control over filters, the central policy server allows administrators to define a policy that immediately takes effect across the network. The policy server automatically distributes filters to all the WLAN security gateways, providing immediate protection at every access point on the network. This centralization also reduces manual labor and the risk of error.
The central policy server can manage user accounts and user groups for wireless users. Administrators can use the server's group-management features to define a special user group for users with infected computers. The group characteristics would include redirecting users to a Web page with information about how to install security patches and clean up infections.
By temporarily assigning users with infected computers to this group, administrators can ensure that users with infected computers receive the information they need the next time they log in. Once administrators have verified that the infected computers have been cleaned, they can remove users from this group and restore their normal access rights.
One solution is to deploy WLAN security gateways, which are network appliances designed to secure, manage and power WLANs. Operating at the wireless edge, between access points and other devices upstream, WI,AN security gateways protect networks from security attacks launched from wireless devices.
These gateways should meet three key requirements:
1. Precise packet-filtering controls for blocking or redirecting traffic. The gateway should include precise packet-filtering controls that can distinguish malicious traffic from legitimate traffic, and take action to block or redirect malicious traffic. A network administrator should be able to read a security bulletin describing the characteristics of a virus or worm and then precisely define a filter that targets the traffic of that virus or worm. The filter should block malicious traffic without interfering with legitimate traffic. By detecting and blocking the traffic that viruses and worms depend on, the filtering capabilities of a WLAN security gateway contain airborne attacks.
2. Filtering at the wireless edge to manage traffic among devices. To contain an attack, packet filtering must occur at the wireless edge, as close as possible to the access point. For optimal protection of the network, WLAN security gateways should be installed between the access point and the next upstream network device.
3. Session logging and audit tools for identifying infected computers and accelerating repairs. WLAN security gateways should provide logging and audit tools to help administrators remediate an attack, once it is contained. By maintaining full session logs of network traffic and tracking Layer 3 traffic data, WEAN security" gateways facilitate the identification of users with infected computers and the MAC addresses of the computers themselves. Using this information, administrators can contact users directly and begin cleaning up any infected computers.
CENTRALIZED POLICY MANAGEMENT
A tiered solution that combines WLAN security gateways at the wireless edge with a centrally located policy server provides additional advantages for network administrators combating viruses and worms. By providing centralized control over filters, the central policy server allows administrators to define a policy that immediately takes effect across the network. The policy server automatically distributes filters to all the WLAN security gateways, providing immediate protection at every access point on the network. This centralization also reduces manual labor and the risk of error.
The central policy server can manage user accounts and user groups for wireless users. Administrators can use the server's group-management features to define a special user group for users with infected computers. The group characteristics would include redirecting users to a Web page with information about how to install security patches and clean up infections.
By temporarily assigning users with infected computers to this group, administrators can ensure that users with infected computers receive the information they need the next time they log in. Once administrators have verified that the infected computers have been cleaned, they can remove users from this group and restore their normal access rights.
Friday, September 01, 2006
Prevent viruses on enterprise WLANs: security gateways provide protection from within the network perimeter - Wireless
Before wireless LANs (WLANs) became popular, the only way viruses and worms could reach an organization's computers was through portable media, such as floppy disks, or through the network perimeter, which was secured by an increasingly complex battery of defenses, including firewalls, e-mail filters and antivirus engines. The use of floppies and other portable media is declining. E-mail attachments have become the preferred channel for transferring files. As a result, on a wired network, just about all potentially malicious data enters an enterprise through the network perimeter, where it will likely be detected and blocked.
WLANs undermine perimeter defenses. Wireless users are mobile. They take their computers to other networks. Some of these networks are se cure and well managed; others are not. Computers on these networks may become infected without their users knowing it.
When these users reconnect to the enterprise network-inside the perimeter-they bring their viruses and worms with them. Once loose on the network, viruses and worms can launch attacks against internal IT systems and the network itself, bypassing the network's perimeter defenses.
Viruses and worms typically use TCP/IP traffic to replicate themselves on a network and to unleash their attacks. Many send flurries of Internet control message protocol messages to locate other local devices that may be vulnerable to attack. Standard WLAN infrastructures (access points, network cards, RADIUS servers) have no means of identifying and stopping this traffic; wireless traffic, malicious or not, from authenticated users is simply passed through to the wired network.
WLANs undermine perimeter defenses. Wireless users are mobile. They take their computers to other networks. Some of these networks are se cure and well managed; others are not. Computers on these networks may become infected without their users knowing it.
When these users reconnect to the enterprise network-inside the perimeter-they bring their viruses and worms with them. Once loose on the network, viruses and worms can launch attacks against internal IT systems and the network itself, bypassing the network's perimeter defenses.
Viruses and worms typically use TCP/IP traffic to replicate themselves on a network and to unleash their attacks. Many send flurries of Internet control message protocol messages to locate other local devices that may be vulnerable to attack. Standard WLAN infrastructures (access points, network cards, RADIUS servers) have no means of identifying and stopping this traffic; wireless traffic, malicious or not, from authenticated users is simply passed through to the wired network.
Monday, August 28, 2006
Security Appliances guard against malicious network traffic
Ally(TM) ip100(TM) v3.0 and IP1000(TM) v3.0 secure networks from information gathering, vulnerability exploitation, and zero-day worm attacks. Powered from USB port of PC or laptop, Ally ip100 protects SMB networks as well as enterprise wireless access points and branch or remote offices. Ally IP1000 is 1Gb, in-line, high-availability security appliance that protects larger networks, offering security for out-of-band remote management for users requiring full management access.
First Significant Product Enhancements Deliver New Features and Benefits to Better Protect Networks, Wireless Access Points and Remote Offices
HUNTSVILLE, Ala., May 3, 2006 - Arxceo(TM) Corporation, a provider of anti-reconnaissance and anomaly-based, attack-prevention technology, today announced the first significant product enhancements to its Ally(TM) family of security appliances designed to secure networks from information gathering, vulnerability exploitation, zero-day worm attacks and other malicious network traffic. Version 3.0 of the Ally ip100(TM) and Ally IP1000(TM) delivers greater ease-of-use, increased reporting capabilities, improved firmware upgrade processes and better granularity for blacklist management.
"The new version of our Ally products reflect our customers' need to protect their networks and access points with security appliances that deliver optimal performance and ease-of-use," said Don Davidson, CEO, Arxceo. "We are also pleased to announce that we are now offering the Ally IP1000 at a reduced price of $6,495.00. This price reduction is a direct result of the cost savings we have realized on this hardware platform. We believe that by passing along this cost savings, we will also encourage SMBs that can benefit from increased throughput to adopt this product.
First Significant Product Enhancements Deliver New Features and Benefits to Better Protect Networks, Wireless Access Points and Remote Offices
HUNTSVILLE, Ala., May 3, 2006 - Arxceo(TM) Corporation, a provider of anti-reconnaissance and anomaly-based, attack-prevention technology, today announced the first significant product enhancements to its Ally(TM) family of security appliances designed to secure networks from information gathering, vulnerability exploitation, zero-day worm attacks and other malicious network traffic. Version 3.0 of the Ally ip100(TM) and Ally IP1000(TM) delivers greater ease-of-use, increased reporting capabilities, improved firmware upgrade processes and better granularity for blacklist management.
"The new version of our Ally products reflect our customers' need to protect their networks and access points with security appliances that deliver optimal performance and ease-of-use," said Don Davidson, CEO, Arxceo. "We are also pleased to announce that we are now offering the Ally IP1000 at a reduced price of $6,495.00. This price reduction is a direct result of the cost savings we have realized on this hardware platform. We believe that by passing along this cost savings, we will also encourage SMBs that can benefit from increased throughput to adopt this product.
Tuesday, August 22, 2006
Spy vs. spy: companies are spending billions on network security, but staying ahead of hackers may be a pipe dream - techwatch
ANY WAY YOU LOOK AT IT, 2003 was a real bad year for network security. Although corporate concern over cyber threats jumped dramatically, so too did the number of cyber attacks against companies and their machines. Indeed, security specialist MessageLabs reports that spam accounted for 50 percent of all business E-mail traffic in the United States in May, the first time that junk E-mail outstripped the number of legitimate electronic messages sent to corporations. And if much spam is relatively harmless, some is decidedly not. Digital pathogens such as SoBig, Mimail, and Yaha, which can infect employee computers and servers alike, all spread via E-mail. MessageLabs reckons that two-thirds of all spam is now being sent by open proxies--created in part by computers and other gadgets infected by viruses.
Thursday, August 10, 2006
Serial Device Routers offer industrial networking security
Magnum DX 800 and DX 40 Serial-IP Converters extend security and network management to distributed serial devices in power substations and other harsh industrial environments. Magnum DX800 provides Dynamic Serial Edge that combines features of serial-IP device server, Ethernet switch, IP router, and IP firewall. It supports 4 serial interfaces and 4 Ethernet ports, including 2 fiber ports. Magnum DX40 provides 2 serial ports and 2 Ethernet ports, one or both of which may be fiber.
Magnum DX 800 and DX 40 Integrate IP/Ethernet Technologies With Existing Industrial Devices
FREMONT, Calif., Oct. 31 -- GarrettCom, Inc., is introducing a groundbreaking line of Serial-IP converters that extend security and resiliency and network management to distributed serial devices in power substations and other harsh industrial environments. The Magnum DX line of Serial Device routers provides intelligent Serial-to-IP/Ethernet protocol services that integrate the large installed base of devices that use Serial data protocols for SCADA (Supervisory Control and Data Acquisition) and remote device console access.
The Magnum DX Serial Device Routers provide what the company calls a Dynamic Serial Edge for hardened industrial networks that combines the features of a serial-IP device server, Ethernet switch, IP router and IP firewall in a compact, substation-hardened product with a variety of field mounting and power supply options. The Magnum DX800 Serial Device Router supports four serial interfaces and four Ethernet ports, including two fiber ports. The Magnum DX40 Serial Device Router provides two serial ports and two Ethernet ports, one or both of which may be fiber.
Magnum DX 800 and DX 40 Integrate IP/Ethernet Technologies With Existing Industrial Devices
FREMONT, Calif., Oct. 31 -- GarrettCom, Inc., is introducing a groundbreaking line of Serial-IP converters that extend security and resiliency and network management to distributed serial devices in power substations and other harsh industrial environments. The Magnum DX line of Serial Device routers provides intelligent Serial-to-IP/Ethernet protocol services that integrate the large installed base of devices that use Serial data protocols for SCADA (Supervisory Control and Data Acquisition) and remote device console access.
The Magnum DX Serial Device Routers provide what the company calls a Dynamic Serial Edge for hardened industrial networks that combines the features of a serial-IP device server, Ethernet switch, IP router and IP firewall in a compact, substation-hardened product with a variety of field mounting and power supply options. The Magnum DX800 Serial Device Router supports four serial interfaces and four Ethernet ports, including two fiber ports. The Magnum DX40 Serial Device Router provides two serial ports and two Ethernet ports, one or both of which may be fiber.
Tuesday, August 08, 2006
Fortinet enhances FortiGate network security platform
Unified Threat Management provider Fortinet has announced five new network security systems - FortiGate-100A, FortiGate-200A and FortiGate-300A systems, designed for SMBs, and the FortiGate-400A and FortiGate-500A systems for mid-sized enterprises.
According to the company, the A-series systems, which expand Fortinet's FortiGate Antivirus Firewall platform, feature high performance, additional interfaces, FortiASIC for gigabit speed network content processing and FortiOS 2.8 firmware, as well as support for high-availability clustering technology.
The new systems are currently available for order and will ship in mid-November. No pricing details have been disclosed.
According to the company, the A-series systems, which expand Fortinet's FortiGate Antivirus Firewall platform, feature high performance, additional interfaces, FortiASIC for gigabit speed network content processing and FortiOS 2.8 firmware, as well as support for high-availability clustering technology.
The new systems are currently available for order and will ship in mid-November. No pricing details have been disclosed.
Thursday, August 03, 2006
The hidden security hole; how to protect the network - Guest Column - Column
The defense mechanism of choice against virus and hacker attacks is the firewall. It protects the front door of the network, much like humans throwing furniture in front of the doors on the main floor to keep out the zombies in all those horror films. Yet, just as in those films, there is a back door no one even bothers to lock. It is the domain name service, or DNS, one of the foundation blocks of network infrastructure, websites, IP-based applications and e-mail.
DNS sits outside the firewall, quietly acting as the Internet's phone book. It takes text addresses like www.redcross.org and converts them into digital IP addresses, such as "207.168.0.50," allowing one computing device to find another and interact over the network.
Most organizations use the Berkley Internet name domain (BIND) convention to run their DNS. BIND is an open source server code, which has to be configured by each organization or ISP in order for information to pass from one device to another. This lack of central control creates an inherent weakness that hackers find easy to exploit, because there is no quick, universal fix.
When the SANS Institute and the FBI come out with their yearly list of top security risks, BIND is invariably on it. This list becomes a virtual menu for hackers who want to cause problems. Imagine if the local police published a list in the newspaper of all the ways to break into a house. Could a homeowner fix all the problems before the thieves started breaking in?
In the case of BIND, it is open season, because every organization has to create its own solution based on its specific implementation. By the time many enterprises receive and read the CERT Alerts from the CERT Coordination Center at Carnegie Mellon University, figure out which version they have and what they need to upgrade, and then free up the resources to create the solution, their data is well on its way to a server somewhere in China. Or their multimillion-dollar network is producing "404 File Not Found" messages in huge volume.
This, incidentally, is the benefit of the server appliance model. The code is developed by the manufacturer and incorporated as part of a complete software/hardware/OS product, rather than being developed individually at the user level. This is important because DNS is such a background system that most organizations do not notice it until something goes wrong.
CERT estimates that 80% to 90% of companies are using BIND versions that leave them open to serious security breaches. So, what can be done to protect a network? There are several steps that can be taken today.
Admit vulnerablility. Ignorance is probably the single greatest enemy. Remember those zombies--guard the back door, as well as the front one.
Keep up with upgrades. Letting upgrades slide in the crush of other tasks is easy--but risky. Keep BIND software up to date, especially all security patches.
Monitor CERT alerts, then take action. Remember the menu for hackers? They are licking their chops waiting to be told where anyone is vulnerable. Servers that host multiple services, in addition to DNS, are particularly vulnerable. Beat them to the punch by checking frequently for new discoveries, and then implementing the solution immediately.
Shut the door on open ports. Because external DNS servers reside outside the firewall, they are often the first point of attack for hackers conducting a port scan to look for those that are open. Either close all ports on the current server, or buy dedicated solutions that eliminate extraneous ports.
Explore other solutions. The cost of purchasing a complete system, rather than "rolling your own" BIND application, is often a wash. Yet, they are often more secure and reliable. Server appliances that have prewritten software and updates developed by their manufacturers take the burden off internal staff, and are often automatically pushed out as they become available. Other alternatives exist, as well.
DNS sits outside the firewall, quietly acting as the Internet's phone book. It takes text addresses like www.redcross.org and converts them into digital IP addresses, such as "207.168.0.50," allowing one computing device to find another and interact over the network.
Most organizations use the Berkley Internet name domain (BIND) convention to run their DNS. BIND is an open source server code, which has to be configured by each organization or ISP in order for information to pass from one device to another. This lack of central control creates an inherent weakness that hackers find easy to exploit, because there is no quick, universal fix.
When the SANS Institute and the FBI come out with their yearly list of top security risks, BIND is invariably on it. This list becomes a virtual menu for hackers who want to cause problems. Imagine if the local police published a list in the newspaper of all the ways to break into a house. Could a homeowner fix all the problems before the thieves started breaking in?
In the case of BIND, it is open season, because every organization has to create its own solution based on its specific implementation. By the time many enterprises receive and read the CERT Alerts from the CERT Coordination Center at Carnegie Mellon University, figure out which version they have and what they need to upgrade, and then free up the resources to create the solution, their data is well on its way to a server somewhere in China. Or their multimillion-dollar network is producing "404 File Not Found" messages in huge volume.
This, incidentally, is the benefit of the server appliance model. The code is developed by the manufacturer and incorporated as part of a complete software/hardware/OS product, rather than being developed individually at the user level. This is important because DNS is such a background system that most organizations do not notice it until something goes wrong.
CERT estimates that 80% to 90% of companies are using BIND versions that leave them open to serious security breaches. So, what can be done to protect a network? There are several steps that can be taken today.
Admit vulnerablility. Ignorance is probably the single greatest enemy. Remember those zombies--guard the back door, as well as the front one.
Keep up with upgrades. Letting upgrades slide in the crush of other tasks is easy--but risky. Keep BIND software up to date, especially all security patches.
Monitor CERT alerts, then take action. Remember the menu for hackers? They are licking their chops waiting to be told where anyone is vulnerable. Servers that host multiple services, in addition to DNS, are particularly vulnerable. Beat them to the punch by checking frequently for new discoveries, and then implementing the solution immediately.
Shut the door on open ports. Because external DNS servers reside outside the firewall, they are often the first point of attack for hackers conducting a port scan to look for those that are open. Either close all ports on the current server, or buy dedicated solutions that eliminate extraneous ports.
Explore other solutions. The cost of purchasing a complete system, rather than "rolling your own" BIND application, is often a wash. Yet, they are often more secure and reliable. Server appliances that have prewritten software and updates developed by their manufacturers take the burden off internal staff, and are often automatically pushed out as they become available. Other alternatives exist, as well.
Saturday, July 29, 2006
The network security challenge: three industry experts sound off about inherent dangers and how service providers can overcome them
In the period immediately following the catastrophic terrorist attacks of 2001, many thoughtful persons within the telecommunications industry felt that something approaching a thorough security audit of all public networks was desperately needed. Perceiving those terrorist acts of three years ago as the opening salvo in a total war against the United States, some industry executives assumed that national infrastructure--especially the telecommunications system--represented a key target of opportunity whose vulnerabilities likely would be exploited sooner or later, presumably on a grand scale.
Three years later, it is still too early to conclude that such fears are groundless. The anticipated ideologically motivated sabotage hasn't occurred. Even so, technological advancements have presented new security challenges to enterprise and public networks.
Public networks today are hardly safe and secure avenues of communication. If orchestrated attacks by terrorist organizations have yet to take place, individual exploits by hackers and authors of malicious code have become much more commonplace.
Three years later, it is still too early to conclude that such fears are groundless. The anticipated ideologically motivated sabotage hasn't occurred. Even so, technological advancements have presented new security challenges to enterprise and public networks.
Public networks today are hardly safe and secure avenues of communication. If orchestrated attacks by terrorist organizations have yet to take place, individual exploits by hackers and authors of malicious code have become much more commonplace.
Tuesday, July 25, 2006
Focus turns to network security: while many consider the telecoms infrastructure a vulnerable target for terrorists, the more immediate threats are at
Following the 9/11 attacks in the US, many within the telecommunications industry felt that a thorough security audit of all public networks was desperately needed. Some industry executives assumed that the country's infrastructure--especially the telecommunications system--represented a key target whose vulnerabitities would likely be exploited sooner or later.
Although the anticipated ideologically motivated sabotage hasn't occurred, technological advancements have presented new security challenges to enterprise and public networks.
Public networks today are hardly secure avenues of communication. If orchestrated attacks by terrorist organizations have yet to take place, individual exploits by hackers and authors of malicious code have become much more commonplace.
Such individuals often succeed in swamping both public and private networks with denial-of-service assaults. More frequently, they spread viruses and worms that are destructive to individuals using the public networks, rather than impacting the networks directly.
Although the anticipated ideologically motivated sabotage hasn't occurred, technological advancements have presented new security challenges to enterprise and public networks.
Public networks today are hardly secure avenues of communication. If orchestrated attacks by terrorist organizations have yet to take place, individual exploits by hackers and authors of malicious code have become much more commonplace.
Such individuals often succeed in swamping both public and private networks with denial-of-service assaults. More frequently, they spread viruses and worms that are destructive to individuals using the public networks, rather than impacting the networks directly.
Wednesday, July 19, 2006
CinTel develops a network security solution that enables content filtering proxy
CinTel Corp., Korea's top Internet Traffic Management (ITM) solution provider, is pleased to announce that it has developed a new network security solution that enables the filtering of outgoing web traffic. Using this new technology, CinTel expects to announce a new product that includes a web caching solution and content filtering proxy solution as early as the fourth quarter of this year.
One of the most important challenges facing enterprises in recent years is preventing important, and often times confidential, information from going out through the network. Until now, simple fire walling has failed to prevent information leakage through web mail, email, web hard, blogs, or internet bulleting boards, and it was impossible to trace these information leaks. In the network security industry, a solution which addresses these issues has been sought after for some time now.
CinTel's new security solution prevents leakage of confidential information via web mail, email, web hard, blog or bulletin boards. Moreover, it allows tracking of such leakage after the event. The new security solution, using this technology, allows filtering of outgoing web content according to a variety of desired parameters. The solution also enables forensic network analysis, therefore the network security administrator will be able to back-up, monitor and trace all data that leaves the network. CinTel's new security solution system comes equipped with a two-tier "Data Probe" and "Data Archive" system which enables huge data storage ability. Combining "Data Probe" with iCache provides both web caching and security solution in one unique piece of equipment.
One of the most important challenges facing enterprises in recent years is preventing important, and often times confidential, information from going out through the network. Until now, simple fire walling has failed to prevent information leakage through web mail, email, web hard, blogs, or internet bulleting boards, and it was impossible to trace these information leaks. In the network security industry, a solution which addresses these issues has been sought after for some time now.
CinTel's new security solution prevents leakage of confidential information via web mail, email, web hard, blog or bulletin boards. Moreover, it allows tracking of such leakage after the event. The new security solution, using this technology, allows filtering of outgoing web content according to a variety of desired parameters. The solution also enables forensic network analysis, therefore the network security administrator will be able to back-up, monitor and trace all data that leaves the network. CinTel's new security solution system comes equipped with a two-tier "Data Probe" and "Data Archive" system which enables huge data storage ability. Combining "Data Probe" with iCache provides both web caching and security solution in one unique piece of equipment.
Saturday, July 15, 2006
Organisations fear network security threats from Instant Messaging - report
Over half of organisations believe that Instant Messaging (IM) improves overall communications, but 68% are concerned or very concerned about the potential security threats of the technology, according to the results of research by analyst firm Osterman Research.
The concern about the potential security threats from viruses, worms and spyware is largely due to the well-publicised nature of the growing number of IM threats that have affected IM systems. The number of threats so far in 2005 is higher than for all of 2004, said the president of Osterman Research.
The results also showed that 52% of organisations are using IM for business applications although 75% of companies surveyed had not yet settled on one or more product as an IM standard. Most popular IM clients remained AOL Instant Messenger, MSN Messenger and Yahoo Messenger, with Google Talk already present in a significant percentage of the surveyed organisations. Lotus Instant Messaging and Web Conferencing (Sametime) continues to be the leading enterprise IM system in use, with Microsoft Live Communication Server steadily increasing its market penetration.
The concern about the potential security threats from viruses, worms and spyware is largely due to the well-publicised nature of the growing number of IM threats that have affected IM systems. The number of threats so far in 2005 is higher than for all of 2004, said the president of Osterman Research.
The results also showed that 52% of organisations are using IM for business applications although 75% of companies surveyed had not yet settled on one or more product as an IM standard. Most popular IM clients remained AOL Instant Messenger, MSN Messenger and Yahoo Messenger, with Google Talk already present in a significant percentage of the surveyed organisations. Lotus Instant Messaging and Web Conferencing (Sametime) continues to be the leading enterprise IM system in use, with Microsoft Live Communication Server steadily increasing its market penetration.
Thursday, July 06, 2006
Campus information technology officials identify "network and data security" as the "single most important IT issue affecting their institutions over
Campus information technology officials identify "network and data security" as the "single most important IT issue affecting their institutions over the next two-three years," reports the annual Campus Computing Survey. A new item on the questionnaire reveals that 50.7% of institutions experienced hacks or attacks on their campus networks in the past academic year; 41.2% reported major spyware infestations; while 35.2% endured major virus infestations, and 19.6% acknowledged major security incidents involving identity management.
Saturday, July 01, 2006
Corporate concern about network security
Facing an ever-growing array of threats to corporate information systems, technology executives now see enhancing network security as job one, shows a survey developed by Robert Half International, Menlo Park, Calif., a provider of information technology professionals on a project and full-time basis. Thirty-five percent of chief information officers polled say improvements to network security are their highest priority. Operating-system upgrades were the second-most frequent response, cited by 16% of executives.
"Security is moving from being regarded as largely a defensive measure to one that has become an integral part of systems design," emphasizes Katherine Spencer Lee, executive director of Robert Half. "The increasing sophistication of threats, along with new security requirements mandated by the Sarbanes-Oxley Act and other government regulations, means that ensuring network security now demands a proactive, enterprisewide strategy."
Lee points out that the growing importance of information security translates into increased employment opportunities for highly skilled professionals. "As this issue moves to the forefront, firms that had included security as part of the network administrator's role, in many cases, are creating new positions focused entirely on this function."
"Security is moving from being regarded as largely a defensive measure to one that has become an integral part of systems design," emphasizes Katherine Spencer Lee, executive director of Robert Half. "The increasing sophistication of threats, along with new security requirements mandated by the Sarbanes-Oxley Act and other government regulations, means that ensuring network security now demands a proactive, enterprisewide strategy."
Lee points out that the growing importance of information security translates into increased employment opportunities for highly skilled professionals. "As this issue moves to the forefront, firms that had included security as part of the network administrator's role, in many cases, are creating new positions focused entirely on this function."
Sunday, June 25, 2006
Network configuration management: an innovative, additional layer of network security - Storage Networking
With the increased number of cyber attacks and the overall complexity of enterprise networks today, IT professionals are challenged with the daunting task of protecting networks from known and unknown malicious activity. To combat network security issues, many organizations are deploying a layered security architecture that spans from the Internet to the desktop. The typical network security solutions companies deploy include firewalls, intrusion detection systems, anti-virus software, etc. Many organizations also utilize vulnerability assessments, penetration tests and other means to identify network vulnerabilities.
While traditional security solutions and services are being deployed to protect the network, devices continue to fall victim to attacks. As a result, many organizations are looking outside the "security application box" to other solutions that can more effectively secure, manage and maintain critical devices throughout the network. One particular application category IT professionals are turning to is Network Configuration Management.
Network configuration management solutions are specifically designed to automate the process of changing, securing and managing devices throughout the enterprise. Companies are turning to network configuration management solutions because there is a direct correlation between properly configured devices and network security. Whether configuration changes are introduced through malicious attacks, manual update errors, or network product defects, devices can become vulnerable and place your business at risk.
By leveraging a configuration management solution as part of your security strategy, organizations can arm IT professionals with device security and intrusion response functionality that is not found in traditional security solutions. Additionally, network configuration management solutions provide organizations with a disciplined, change management methodology that ensure IT professionals can only make changes that comply with the enterprise security policies.
While traditional security solutions and services are being deployed to protect the network, devices continue to fall victim to attacks. As a result, many organizations are looking outside the "security application box" to other solutions that can more effectively secure, manage and maintain critical devices throughout the network. One particular application category IT professionals are turning to is Network Configuration Management.
Network configuration management solutions are specifically designed to automate the process of changing, securing and managing devices throughout the enterprise. Companies are turning to network configuration management solutions because there is a direct correlation between properly configured devices and network security. Whether configuration changes are introduced through malicious attacks, manual update errors, or network product defects, devices can become vulnerable and place your business at risk.
By leveraging a configuration management solution as part of your security strategy, organizations can arm IT professionals with device security and intrusion response functionality that is not found in traditional security solutions. Additionally, network configuration management solutions provide organizations with a disciplined, change management methodology that ensure IT professionals can only make changes that comply with the enterprise security policies.
Tuesday, June 20, 2006
Network Security Services target small to medium businesses
Secure Remote Management and Threat Management Services guide SMBs through IP migration process by providing assessment, provisioning and integration, monitoring and proactive management, and issue resolution for network and security events. Remote Management Service monitors each component of infrastructure, including devices, servers, and applications. Threat Management Service extends security capabilities through continuous monitoring of routers, security devices, and Internet data traffic.
New NEC Secure Remote Management and Threat Management Services Provide Unparalleled Network Reliability and Security
IRVING, Texas, March 7 /-- NEC Unified Solutions, Inc. (NEC), a leader in converged voice and data communications for the enterprise, today announced the availability of two new managed services offerings: NEC Secure Remote Management Services and NEC Secure Threat Management Services. Designed for the small-to-medium business (SMB) and enterprise markets, these solutions improve network management and reliability while mitigating security risks and bolstering customers' network security posture.
Together, NEC's latest offerings ensure application and hardware availability by taking proactive measures to monitor and assess potential network issues and threats and enable NEC to assist customers throughout all phases of the IP migration process. The new services provide end-to-end assistance through the assessment, provisioning and integration, monitoring and proactive management and issue resolution for network and security events that occur in any organizations' business-critical voice and data networks.
New NEC Secure Remote Management and Threat Management Services Provide Unparalleled Network Reliability and Security
IRVING, Texas, March 7 /-- NEC Unified Solutions, Inc. (NEC), a leader in converged voice and data communications for the enterprise, today announced the availability of two new managed services offerings: NEC Secure Remote Management Services and NEC Secure Threat Management Services. Designed for the small-to-medium business (SMB) and enterprise markets, these solutions improve network management and reliability while mitigating security risks and bolstering customers' network security posture.
Together, NEC's latest offerings ensure application and hardware availability by taking proactive measures to monitor and assess potential network issues and threats and enable NEC to assist customers throughout all phases of the IP migration process. The new services provide end-to-end assistance through the assessment, provisioning and integration, monitoring and proactive management and issue resolution for network and security events that occur in any organizations' business-critical voice and data networks.
Subscribe to:
Posts (Atom)
Posts
