Information Security all in one place!

network security solution

Kaspersky Labs: New Generation of Ultimate PC Protection; for Home


Kaspersky Lab, a leading developer of secure content and threat management solutions today announced a new version of its flagship product for at-home PC protection — Kaspersky PURE 2.0 Total Security. Using Kaspersky Lab’s award-winning anti-malware protection and an array of additional security tools, Kaspersky PURE 2.0 Total Security is the easiest way to keep multiple PCs secure, irreplaceable digital assets protected, and children safe and responsible online.

Central Home PC Management

Ideal for households with multiple computers, including families with children, Kaspersky PURE uses Home Network Management to easily protect, manage and monitor every PC in the household from a single machine.

From one PC, you can:

— Run all scans, updates, and backup tasks on every PC in the house automatically or on-demand

— Fix security issues without getting up from your desk

— Manage parental controls from anywhere in the house, so your kids are protected even when they’re out of view

— Conveniently update the Kaspersky PURE licenses throughout your home

Total Package of Security Tools

Kaspersky PURE also includes everything you need to secure your online identity and protect your irreplaceable digital property. When you install Kaspersky PURE, our extra layers of security mean you can say good-bye to overpriced and inefficient niche products.

This is great work. I am demoing the product now and will post my review shortly. Very excited about how this will shape the home and small business central management landscape. Will vendors pile on?

 

More on this breaking news can be found here: http://www.marketwatch.com/story/kaspersky-lab-announces-new-generation-of-ultimate-pc-protection-for-your-home-2012-03-26

Advertisements

Network Scanning: Concerns and Countermeasures


 

Network Scanning Concerns and Countermeasures

Daniel Saucier (Student of the InfoSec Industry, March 2012) – Network vulnerability scanning can not be more important than it is, right now in this day and age of internet computing. As technology grows the architectures are not catching up quite as fast as most would like. This article written below assumes you have basic networking knowledge, and assumes no responsibility for actions taken from this article. It’s sole purpose is to educate the savvy portion of the internet community with different protection types and threat preventive measures for today’s networking environments.

Different IP network scanning methods allow you to test and effectively identify vulnerable network components. Here is a list of effective scanning techniques and there applications: These options can be found in most advanced configuration options on most downloadable network scanners.

ICMP scanning and Probing:

>| By launching an ICMP ping sweep, you can effectively identified poorly protected hosts ( as security conscious administrator such as myself, filter inbound ICMP messages) and perform a degree of OS fingerprinting and reconnaissance by analyzing responses to the ICMP probe.

Half-open SYN flag TCP port scanning:

>| A SYN port scan is often the most effective type of port scan to launch directly against a target IP network space. SYN scanning is very fast, which allows large networks to be scanned rather quickly.

Inverse TCP port scanning:

>| Inverse scanning types (particularly FIN, XMAS, and NULL) take advantage of idiosyncrasies in certain TCP/IP stack implementations. This scanning type is not useful for large networks. Use this scan type for testing individual host or small network segments‘ security. Make sure your code is as up to date as possible and apply any manual workarounds to protect gear from this type of scan. Some if not all of these type of scans identify weak components because of the cost of business.

Third-party TCP port scanning:

>| Using a combination of vulnerable network components and TCP spoofing, third-party TCP port scans can be effectively launched. Scanning in this fashion has two benenfits: hiding the true source of the TCP scan and assessing the filters and levels of trust between hosts. Although time-consuming to undertake, this can be proved to be very effective when applied correctly.

UDP port scanning:

>| Identifying accessible UDP services can be undertaken easily, only if ICMP type 3 Code 3 (“Destination port unreachable”) messages are allowed back through filtering mechanisms that protect target systems. UDP services can sometimes be used to gather useful data or directly compromise hosts (the DNS, SNMP, TFTP, and BOOTP services in particular). Make sure you are locking these down!!

IDS evasion and filter circumvention:

>| Intrusion detection systems and other security mechanisms can be rendered ineffective by using multiple spoofed decoy hosts when scanning or by fragmenting probe packets using Nmap or fragroute. Filters such as firewalls, routers, and even software (IPsec) can sometimes be bypassed using specific source TCP or UDP port, source routing, or stateful attacks.

Using the different scanning methods mentioned above you can harden you network pretty well, however. Change is always a factor, what if you need to undertake a major network overhaul and start exposing different types of protocols to the network. The following list will help you when considering modifications to your components and minimize risk of re-exposing vulnerable services.

>| This list could be used as a baseline, guideline in some cases on any network configuration.

  1. Filter inbound ICMP message types at the border, or perimeter if you DMZ any servers on any routers and firewalls. This will force an attackers to use full-blown out TCP scans against all of your IP addresses to map effectively.
  2. Filter all outbound ICMP type 3 “unreachable” messages at the edge routers and firewalls to prevent UDP port scanning and firewalking from being effective. Firewalking – process of identifying firewalls in the scanning enumerations
  3. Consider configuring Internet firewalls so they can identify ports scans and throttle the connections accordingly. You can configure such as Check Point, NetScreen, and Watchguard appliances to name a few to prevent fast port scans and SYN floods from being launched against your network. However, this can back fire if the attacker is using a spoofed source address, resulting in DoS. PortSentry as an Open Source option is pretty effective as well in identifying scanns against your network.
  4. Asses the way that your network firewall or IDS devices handle fragmented IP packets by using tools such as fragtest and fragroute. Such devices can be taken down by being flooded with high volumes of fragments being processed. Bring your findings to the vendors attention……
  5. Ensure that your routing and filtering appliances (both routers and firewalls) can’t be bypassed using specific source ports or source routing techniques.
  6. If you run FTP services; ensure that your firewalls aren’t vulnerable to stateful circumvention attacks relating to malformed PORT and PASV commands
  7. If a commercial firewall is being used, ensure the following:
  • Latest code is installed, consider replacement is you can not comply
  • Antispoofing rules have been correctly defined so that the device doesn’t accept packets with private spoofed source addresses on its external interfaces

8.  Investigate the use of reverse proxy services if high security is a must. Fragments and malforms are not getting  by these guys, thus mitigating low level recon.

Wrapping up this article I would like to mention; be aware of your own network configurations and its publicly accessible ports by launching TCP and UDP port scans along with ICMP probes against your own IP address space. It really is surprising how many companies large and small still do not undertake proper scanning exercises.

Happy Hardening!

-DS


SonicWall: Expansion of Security Services; Kaspersky Anti-Virus


Kaspersky Lab

Intelligent network security and data protection solutions provider, SonicWall, has expanded its suite of firewall security services with the addition of Kaspersky Anti-Virus to its Enforced Client Anti-Virus and Anti-Spyware solution.

SonicWall Firewalls are designed to ensure easy  deployment, provisioning and enforcement of the client on endpoint devices  through a unique policy-driven engine.

SonicWall Next-Generation and Unified Threat Management  firewalls already provide gateway anti-virus through SonicWall’s proprietary  reassembly-free deep packet inspection anti-malware solution, protecting the  perimeter, wireless and VPNs. But, according to SonicWall, viruses can still enter the  network through laptops, thumb drives or other unprotected systems. Protection  at multiple layers is the best defence against sophisticated modern threats,  however, maintaining, enforcing and deploying the right security software on  endpoint devices can put a strain on IT resources and budgets. SonicWall firewalls are designed to provide an innovative  multi-layered anti-malware strategy consisting of its anti-malware solution at  the gateway and enforced anti-virus solution at the endpoints.

When a non-compliant end-point within the network tries  to connect to the internet, the firewall will redirect the user to a web page to  install the latest SonicWall Enforced Client Anti-Virus and Anti-Spyware  software. The firewall is also designed to ensure that all the  end-point clients are automatically updated with the latest anti-virus and  anti-spyware signatures without end-user intervention. The updated clients can  remediate infections by cleansing the endpoint systems and thus preventing  further propagation of the threat throughout the network. SonicWall has integrated Kaspersky technology into its  enforced client solution. The software resides on endpoint computers and  delivers critical protection against viruses, spyware, Trojans, worms, rootkits  and more. “Deploying, maintaining and enforcing the right security  software on endpoint devices within a network can be difficult,” said Swarup  Selvaraman, product line manager at SonicWall. “Our innovative SonicWall  solution simplifies this process and gives IT managers’ easy-to-deploy  anti-virus and anti-spyware protection across any number of devices using  policy-based management and reporting. Kaspersky support bolsters our existing  offering and gives customers more opportunities to choose the anti-virus  solution that best meets their needs.” The solution is designed to support Microsoft Windows PCs  and laptops and is ideal for deployments scaling from a few to thousands of  end-points.


BYOD Control: Aruba brings it together with ClearPass


Aruba Delivers BYOD Control with ClearPass

The bring-your-own-device (BYOD) era is booming, while BYOD delivers some freedom to users and is great don’t get me wrong, however. It is still absolutely critical that companies reachthe same degree of protection,  and control that corporate owned devices also receive to these devices. It has to be thought of as a wired device, in my opinion.

Networking vendor Aruba is now debuting a solution for BYOD, built on Linux and leveraging the open source FreeRADIUS access controlsolution to help return control to enterprises.

English: offical logo of Aruba Networks

“ClearPass provides a networking solution for BYOD to address all of the majoroperating systems and any networking vendor’s network architecture,” Robert Fenstermacher, director of Product Marketing at Aruba, told InternetNews.com. “It can act as a single point of policy control across all wired, wireless and remote infrastructure for a global organization.”

More from ENP: http://www.enterprisenetworkingplanet.com/netsysm/aruba-delivers-byod-control-with-clearpass.html


Qualys: Going Public with IPO?


Vulnerability assessment and management company Qualys has announced plans for an IPO later this year.

In a recent article posted on Network World,  Qualys; a security firm specializing in vulnerability scanning and assessment says they are ready to go public. Based on my experience with the product I would have to agree that this would be a good decision. Regarding the fact that I have used, and currently using Qualys on a contract position, many hours have been spent using and abusing these appliance(s). I have witnessed first hand the ways the scanning engines have morphed into a dependable tool with low false positives. Offering more asset control to the administrator than in recent years, and the overall performance issues that have been handled through it’s generations have made this product ready for prime time. Apparently I am not the only one who thinks so – with over 5,000 appliances currently running on production environments world wide.

Qualys

“‘We are ready,’ says Qualys CEO Philippe Courtot,” writes Network World’s Ellen Messmer. “He says the company, which he founded in 1999, has achieved profitability and is increasing revenues.”

“Courtot says the company did about $76 million in revenue last year, showing profitability, and expects to see revenues grow to $94 million this year,” Messmer writes. “Its variety of products, and scanning and compliance services, have become widely used by about 5,000 organizations around the world.”

For the full story click here: http://www.networkworld.com/news/2012/022112-qualys-ipo-256396.html

 

 

 


Android: Malware Magnet


In the last seven months of 2011, malware targeting the Android platform jumped 3,325 percent!

According to Juniper Networks‘ Mobile Threat Report, malware targeting the Android OS grew by 3,325 percent in the last seven months of 2011.

“Android malware accounted for about 46.7 percent of unique malware samples that targeted mobile platforms, followed by 41 percent for Java Mobile Edition,” writes eWeek’s Fahmida Y. Rashid.

Android System architecture

Android System Architecture

“The explosion in Android malware is a direct result of the platform’s diverse and open marketplace where developers are free to post their apps as well as growing market share, according to Juniper,” Rashid writes. “Google‘s market share in the mobile space, at 46.9 percent, is statistically the same as the proportion of Android malware detected by Juniper.”

 

Read More: 2011 Android Report: Malware

 

 

 


5 Steps for analyzing your WLAN


Assessing Your Wireless Network Security

Wireless network penetration testing—using tools and processes to scan the network environment for vulnerabilities—helps refine an enterprise’s security policy, identify vulnerabilities, and ensure that the security implementation actually provides the protection that the enterprise requires and expects. Regularly performing penetration tests helps enterprises uncover WLAN network security weaknesses that can lead to data or equipment being compromised or
destroyed by exploits (attacks on a network, usually by “exploiting” a vulnerability of the system),Trojans (viruses), denial of service attacks, and other intrusions.

Here is a great article I was reading on Cisco blogs and found it useful to post. Enjoy!

5 Steps for Assessing Your Wireless Network Security

Sampa Choudhuri – Network security is a never-ending task; it requires ongoing vigilance. Securing your wireless network can be particularly tricky because unauthorized users can quietly sneak onto your network, unseen and possibly undetected. To keep your WLAN secure, it’s important to stay on top of new wireless vulnerabilities. By regularly performing a vulnerability assessment on your wireless network, you can identify and close any security holes before a hacker can slip through them.

With a WLAN vulnerability assessment, you’re figuring out what your wireless network looks like to the outside world on the Internet. Is there an easy way in to your network? Can unauthorized devices attach themselves to your network? A WLAN vulnerability assessment can answer these questions—and more.

Teaser:

1. Discover wireless devices on your network. You need to know everything about each wireless device that accesses your network, including wireless routers and wireless access points(WAPs) as well as laptops and other mobile devices. The scanner will look for active traffic in both the 2.4GHz and 5GHz bands of your 802.11n wireless network. Then, document all the data you collect from the scanner about the wireless devices on your network, including each device’s location and owner.

English: A Linksys wireless-G router.

2. Hunt down rogue devices. Rogue devices are wireless devices, such as an access point, that should not be on your network. They should be considered dangerous to your network security and dealt with right away. Take your list of devices from the previous step and compare it to your known inventory of devices. Any equipment you don’t recognize should be blocked from network access immediately. Use the vulnerability scanner to also check for activity on any wireless bands or channels you don’t usually use.

Read the 5 Steps here:

http://blogs.cisco.com/smallbusiness/5-steps-for-assessing-your-wireless-network-security/