Thursday, November 30, 2006

GFI LANguard Network Security Scanner 3.3

GFI LANguard Network Security Scanner 3.3 covers the basics of vulnerability scanning well, though it lacks some of the advanced capabilities found in more enterprise-focused products such as eEye's Retina Network Security Scanner and NetIQ's Security Analyzer 5.0. LANguard cannot take the in-depth look at CGI scripting that Retina can or scan some types of network hardware, such as routers. But it's also much less expensive than the products from eEye and NetIQ.

To perform a basic scan of your network, you simply enter an IP address or range and press Start. LANguard gives you many types of predefined security scan profiles. For example, you can scan using only ICMP for discovery, scan all available ports, or scan for open shares or missing patches. You can also define and save your own security scan profiles.

Without administrative privileges in a Windows domain, you can determine computer names, MAC addresses, open ports, operating system versions, and SNMP information, all reported in a tree structure of results sorted by IP address. With domain administrative privileges, you can determine significantly more information about each system, such as shares, user accounts, services, password policies, registry information, and installed patches. Your scan can also include testing for CGI abuses as well as FTP, DNS, mail, service, and registry vulnerabilities. The results are grouped by category and include either a recommendation for remediation or a BugTraq, CVE, or Microsoft Security Bulletin reference.

Within the report generator you can create and save custom reports to meet your individual security needs. For example, you can generate a report of all systems that have either TCP port 80 (Web) or port 21 (FTP) open. As with Retina and SAINT 5, an included utility lets you compare two reports for new, removed, or changed items, as well as alert and hot-fix changes.

LANguard is also marketed as a patch management and deployment solution. During a scan of a Windows network, LANguard determines which patches have been installed on your systems and which are missing, based on GFI's coordination with Microsoft. It deploys hot fixes as well as service packs.

Tuesday, November 28, 2006

Web Security Software protects mobile users outside network

Websense[R] Remote Filtering extends web filtering and web security technology to laptop users outside of organization's network to ensure secure internet use anytime and anywhere. Organizations can apply internet usage policies to remote users, protecting them from security threats and managing access to objectionable content. Specifically, software provides protection from accessing phishing sites, sites that contain spyware, or sites corrupted with malicious code.


New Functionality Will Extend Web Filtering and Web Security Policies to Remote Users, Regardless of Location or Type of Network Connection

SAN DIEGO, Sept. 19 -- Websense, Inc. (Nasdaq: WBSN), the world's leading provider of employee internet management solutions, today announced the upcoming release of Websense(R) Remote Filtering technology, extending Websense's industry-leading web filtering and web security technology to corporate laptop users outside of the organization's network. Remote Filtering capabilities will be seamlessly incorporated into the newest versions of Websense web filtering and web security software, expected to be available in October 2005.

With the growing rate of telecommuting and business travel, it has become critical for organizations to enable employees who work remotely to use their laptop computers effectively and safely. As broadband internet access becomes more pervasive in non-traditional settings such as airports, hotels or local coffee houses, the necessity to protect remote laptop users from malicious threats lurking in unknown networks intensifies exponentially. Websense Remote Filtering ensures secure employee internet use anytime and anywhere, becoming a critical component of any organization's endpoint security and protection strategy.

Wednesday, November 22, 2006

Performance Analysis: Network Security Scanners

PC Magazine Labs has taken an in-depth look at the six network vulnerability scanners in our roundup, as well as the tools included in our sidebars (the Foundstone FS1000 Appliance, Microsoft Baseline Security Analyzer (MBSA), Nmap, and Stealthbits Technologies' StealthAudit). When we tested how well they could catch basic network vulnerabilities, all the scanners performed adequately. But the quality—and more important, the ease of use of the reports the products generate—varied significantly.

Our test network comprised a Linksys BEFVP41 router and a mix of Microsoft Windows clients and servers (Windows 98, 2000 Workstation, 2000 Advanced Server, and XP). We also deployed Linux hosts (Red Hat 8 and 9 Professional, SuSE Enterprise Server 8, and SuSE 8.1 Professional) to test each application's cross-platform capabilities.

We updated all systems with all appropriate patches, but we did not fix a select number of critical vulnerabilities on the target hosts. On our Windows hosts we left vulnerabilities described in Microsoft Security Bulletins MS03-039 (Buffer Overrun In RPCSS Service, CAN-2003-0715, CAN-2003-0528, and CAN-2003-0605) and MS03-041 (Vulnerability in Authenticode Verification, CAN-2003-0660). Under the right circumstances, both can let hackers execute code on target systems.

We left our Linux machines vulnerable with an exploitable version of OpenSSH (CAN-2003-0682, CAN-2003-0693, and CAN-2003-0695), a file share (/usr) exported with no access restrictions (CAN 1999-0554), and a denial-of-service vulnerability in the Unix Domain Name Service BIND 9.1.3 (CAN-2002-0400). Such Linux vulnerabilities can create a severe security risk, compromising your network and data.

All the products correctly identified the Windows vulnerabilities, and their reports included references to the appropriate Microsoft Security Bulletins. But the Linux vulnerabilities posed a bigger challenge to some of the Windows scanners.

Saturday, November 18, 2006

Hitachi Software and KDDI Network & Solutions to Market English HIBUN Information Security Management Solutions Overseas

Hitachi Software Engineering Co. Ltd. (HitachiSoft) and KDDI Network & Solutions Inc. (KNSL) have agreed to collaborate on the overseas marketing of HitachiSoft's HIBUN series of information security management systems in North America, Europe and Asia, and will be releasing English-language versions effectively this month.

The implementation of Japan's Personal Information Protection Law has spurred the introduction of measures to enhance information security management in Japan and demand for security measures is growing among overseas branches and subsidiaries. Following this demand, KNSL and HitachiSoft will release the HIBUN series, already with 1,700 corporate users and 1.5 million licenses in Japan as of July 31, 2005, overseas.

HitachiSoft has developed English-language versions of three products in its HIBUN range of information security management solutions - HIBUN AE Information Cypher, which encrypts drives, media and files, HIBUN AE Information Fortress, which controls transfer to external media and printing, and HIBUN AE Server, which provides logging and user control functions - to be released in November. As primary agent, KNSL will provide support services in Japanese and English to overseas sales companies, 24 hours a day, 365 days a year. The products will be marketed by a US subsidiary of KDDI Corporation, while HitachiSoft's US subsidiary Hitachi Software Engineering America, headquartered in San Francisco, will handle sales, implementation and configuration and SE support services to customers.

The new solutions will initially be marketed from bases in the United States, Europe and Asia, targeting local subsidiaries of Japanese companies in the United States, the United Kingdom, France, Germany, the Netherlands, Belgium, Hong Kong, Taiwan, Korea, Singapore, Thailand, Malaysia,, Indonesia, the Philippines, Vietnam, Australia, while marketing activities will gradually be expanded. From September, promotional activities such as seminars will be conducted overseas, and the products will go on sale at promotional prices. KNSL and HitachiSoft aim to sell 200,000 licenses over a three-year period.

Tuesday, November 14, 2006

Security group warns of VPN vulnerabilities

The UK's National Infrastructure Security Coordination Center (NISCC) has warned of potential attacks on the IPSec protocol used in browser-based virtual private networks, which could render encrypted messages as plain text with only "moderate effort". This would affect many remote communications to enterprise networks via Wi-Fi and other networks, with IPSec becoming increasingly popular among mobile workers.

The NISCC describes the weakness as "severe" and says it applies to IPSec configurations that rely on Encapsulating Security Payload (ESP) in tunnel mode with confidentiality only, or with integrity protection offered by a higher layer protocol.

The attacks need to be carried out many times before they are successful, but once this phase is reached, "the results can be reused to efficiently recover the contents of further inner packets". The attacks are fully automatable.

The main safeguards that companies should take are to configure ESP to use both confidentiality and integrity protection; use the AH protocol alongside ESP to provide integrity protection; and filter ICMP messages at a firewall or security gateway.

Thursday, November 09, 2006

Network Security: Know Your Weaknesses

As the person responsible for your company's network security, you know you are sorely outnumbered. A seemingly infinite number of potential intruders are lurking out there, and there's never enough time to prepare.

Without a doubt, the costs of cyberattacks are significant, as shown by the 2003 Computer Crime and Security Survey, conducted by the Computer Security Institute and the FBI. The 250 organizations that participated in the eighth annual study reported combined losses of $202 million, with causes ranging from theft of proprietary information, denial-of-service attacks, and viruses to insider abuse of network access.

How do you improve your odds? Your obvious first step is to identify system weaknesses. Vulnerability assessment scanners not only automatically discover security flaws on a network but in some cases correct them, too. Such tools have been around for years, but only recently have they matured into more comprehensive and user-friendly—if still complex—products, with features like customized reporting, distributed threat assessment, and automatic correction of potential problems.

Among the things such scanners can identify are known software bugs, viruses, and weak access control policies. Commonly found workstation vulnerabilities include open NetBIOS ports for file and printer sharing, as well as users who run rogue Web servers or peer-to-peer file-sharing clients.

Vulnerability assessment scanners can also find improper configurations of applications, which can leave a network unprotected. For example, Microsoft Exchange's default configuration used to leave the server as an open SMTP relay, which could be exploited by spammers. This resulted in attackers hijacking servers and sending millions of e-mails that appeared to originate as legitimate traffic from the victims' networks.

Friday, November 03, 2006

Retina Network Security Scanner

Intelligent, out-of-the-box ESP 3000 solution consists of integrated layers of security technologies including IDS, IPS, behavioral analysis, event and global threat correlation, vulnerability scanning, vendor alerts, asset database, and security dashboard. Browser-based Master Control Unit acts as monitoring console, signature server, cluster manager, and Web server, while also containing Web portal housing all reports and graphs for appliance suite.

New SRM solution from a proven network security innovator arms organizations with more complete protection, cost savings and ability to preemptively avoid network attacks

DALLAS, TX. - September 26th, 2005 - Global DataGuard, the premier provider of Security Risk Management (SRM) solutions for midsize-to-enterprise organizations, today announced it is rolling out a fully integrated, groundbreaking suite of new SRM solutions that enable organizations to immediately and economically understand where their networks are vulnerable, who's trying to attack them and what they can do to prevent network security problems.

Global DataGuard's intelligent, out-of-the-box ESP 3000 solution consists of integrated layers of security technologies that together provide unmatched risk management: IDS, IPS, behavioral analysis, event and global threat correlation, vulnerability scanning, vendor alerts, an asset database and a security dashboard. Each layer complements and augments the others, with intelligent behavioral analysis and correlation capabilities comprising the GDG difference. The result is early warnings of threats other solutions cannot see; far fewer false positives; cost savings, more thorough compliance and the ability to manage security solutions with one console.

The installation process is straightforward, and upon start-up, Retina synchronizes its vulnerability signature databases with eEye's server. When Retina opens, the main user interface provides access to four modules: the browser, tracer, miner, and scanner. The integrated Web browser lists all page elements in a tree view, and the tracer creates a traceroute and displays response times. But the miner and scanner modules are the brains of the operation. With its proprietary artificial-intelligence engine, the miner tries to mimic a hacker's behavior by attacking security weaknesses.