Monday, August 28, 2006

Security Appliances guard against malicious network traffic

Ally(TM) ip100(TM) v3.0 and IP1000(TM) v3.0 secure networks from information gathering, vulnerability exploitation, and zero-day worm attacks. Powered from USB port of PC or laptop, Ally ip100 protects SMB networks as well as enterprise wireless access points and branch or remote offices. Ally IP1000 is 1Gb, in-line, high-availability security appliance that protects larger networks, offering security for out-of-band remote management for users requiring full management access.

First Significant Product Enhancements Deliver New Features and Benefits to Better Protect Networks, Wireless Access Points and Remote Offices

HUNTSVILLE, Ala., May 3, 2006 - Arxceo(TM) Corporation, a provider of anti-reconnaissance and anomaly-based, attack-prevention technology, today announced the first significant product enhancements to its Ally(TM) family of security appliances designed to secure networks from information gathering, vulnerability exploitation, zero-day worm attacks and other malicious network traffic. Version 3.0 of the Ally ip100(TM) and Ally IP1000(TM) delivers greater ease-of-use, increased reporting capabilities, improved firmware upgrade processes and better granularity for blacklist management.

"The new version of our Ally products reflect our customers' need to protect their networks and access points with security appliances that deliver optimal performance and ease-of-use," said Don Davidson, CEO, Arxceo. "We are also pleased to announce that we are now offering the Ally IP1000 at a reduced price of $6,495.00. This price reduction is a direct result of the cost savings we have realized on this hardware platform. We believe that by passing along this cost savings, we will also encourage SMBs that can benefit from increased throughput to adopt this product.

Tuesday, August 22, 2006

Spy vs. spy: companies are spending billions on network security, but staying ahead of hackers may be a pipe dream - techwatch

ANY WAY YOU LOOK AT IT, 2003 was a real bad year for network security. Although corporate concern over cyber threats jumped dramatically, so too did the number of cyber attacks against companies and their machines. Indeed, security specialist MessageLabs reports that spam accounted for 50 percent of all business E-mail traffic in the United States in May, the first time that junk E-mail outstripped the number of legitimate electronic messages sent to corporations. And if much spam is relatively harmless, some is decidedly not. Digital pathogens such as SoBig, Mimail, and Yaha, which can infect employee computers and servers alike, all spread via E-mail. MessageLabs reckons that two-thirds of all spam is now being sent by open proxies--created in part by computers and other gadgets infected by viruses.

Thursday, August 10, 2006

Serial Device Routers offer industrial networking security

Magnum DX 800 and DX 40 Serial-IP Converters extend security and network management to distributed serial devices in power substations and other harsh industrial environments. Magnum DX800 provides Dynamic Serial Edge that combines features of serial-IP device server, Ethernet switch, IP router, and IP firewall. It supports 4 serial interfaces and 4 Ethernet ports, including 2 fiber ports. Magnum DX40 provides 2 serial ports and 2 Ethernet ports, one or both of which may be fiber.


Magnum DX 800 and DX 40 Integrate IP/Ethernet Technologies With Existing Industrial Devices

FREMONT, Calif., Oct. 31 -- GarrettCom, Inc., is introducing a groundbreaking line of Serial-IP converters that extend security and resiliency and network management to distributed serial devices in power substations and other harsh industrial environments. The Magnum DX line of Serial Device routers provides intelligent Serial-to-IP/Ethernet protocol services that integrate the large installed base of devices that use Serial data protocols for SCADA (Supervisory Control and Data Acquisition) and remote device console access.

The Magnum DX Serial Device Routers provide what the company calls a Dynamic Serial Edge for hardened industrial networks that combines the features of a serial-IP device server, Ethernet switch, IP router and IP firewall in a compact, substation-hardened product with a variety of field mounting and power supply options. The Magnum DX800 Serial Device Router supports four serial interfaces and four Ethernet ports, including two fiber ports. The Magnum DX40 Serial Device Router provides two serial ports and two Ethernet ports, one or both of which may be fiber.

Tuesday, August 08, 2006

Fortinet enhances FortiGate network security platform

Unified Threat Management provider Fortinet has announced five new network security systems - FortiGate-100A, FortiGate-200A and FortiGate-300A systems, designed for SMBs, and the FortiGate-400A and FortiGate-500A systems for mid-sized enterprises.

According to the company, the A-series systems, which expand Fortinet's FortiGate Antivirus Firewall platform, feature high performance, additional interfaces, FortiASIC for gigabit speed network content processing and FortiOS 2.8 firmware, as well as support for high-availability clustering technology.

The new systems are currently available for order and will ship in mid-November. No pricing details have been disclosed.

Thursday, August 03, 2006

The hidden security hole; how to protect the network - Guest Column - Column

The defense mechanism of choice against virus and hacker attacks is the firewall. It protects the front door of the network, much like humans throwing furniture in front of the doors on the main floor to keep out the zombies in all those horror films. Yet, just as in those films, there is a back door no one even bothers to lock. It is the domain name service, or DNS, one of the foundation blocks of network infrastructure, websites, IP-based applications and e-mail.

DNS sits outside the firewall, quietly acting as the Internet's phone book. It takes text addresses like www.redcross.org and converts them into digital IP addresses, such as "207.168.0.50," allowing one computing device to find another and interact over the network.

Most organizations use the Berkley Internet name domain (BIND) convention to run their DNS. BIND is an open source server code, which has to be configured by each organization or ISP in order for information to pass from one device to another. This lack of central control creates an inherent weakness that hackers find easy to exploit, because there is no quick, universal fix.

When the SANS Institute and the FBI come out with their yearly list of top security risks, BIND is invariably on it. This list becomes a virtual menu for hackers who want to cause problems. Imagine if the local police published a list in the newspaper of all the ways to break into a house. Could a homeowner fix all the problems before the thieves started breaking in?

In the case of BIND, it is open season, because every organization has to create its own solution based on its specific implementation. By the time many enterprises receive and read the CERT Alerts from the CERT Coordination Center at Carnegie Mellon University, figure out which version they have and what they need to upgrade, and then free up the resources to create the solution, their data is well on its way to a server somewhere in China. Or their multimillion-dollar network is producing "404 File Not Found" messages in huge volume.

This, incidentally, is the benefit of the server appliance model. The code is developed by the manufacturer and incorporated as part of a complete software/hardware/OS product, rather than being developed individually at the user level. This is important because DNS is such a background system that most organizations do not notice it until something goes wrong.

CERT estimates that 80% to 90% of companies are using BIND versions that leave them open to serious security breaches. So, what can be done to protect a network? There are several steps that can be taken today.

Admit vulnerablility. Ignorance is probably the single greatest enemy. Remember those zombies--guard the back door, as well as the front one.

Keep up with upgrades. Letting upgrades slide in the crush of other tasks is easy--but risky. Keep BIND software up to date, especially all security patches.

Monitor CERT alerts, then take action. Remember the menu for hackers? They are licking their chops waiting to be told where anyone is vulnerable. Servers that host multiple services, in addition to DNS, are particularly vulnerable. Beat them to the punch by checking frequently for new discoveries, and then implementing the solution immediately.

Shut the door on open ports. Because external DNS servers reside outside the firewall, they are often the first point of attack for hackers conducting a port scan to look for those that are open. Either close all ports on the current server, or buy dedicated solutions that eliminate extraneous ports.

Explore other solutions. The cost of purchasing a complete system, rather than "rolling your own" BIND application, is often a wash. Yet, they are often more secure and reliable. Server appliances that have prewritten software and updates developed by their manufacturers take the burden off internal staff, and are often automatically pushed out as they become available. Other alternatives exist, as well.