StoneBlog.stonesoft.com

Securing the access to data and systems continues to be one of the weakest points in the chain and PEBKAC is a constant issue.

Luckily, solutions exist… for those who think what strong innovative authentication could really mean.

StoneGate SSL VPN is the ultimate solution to secure the access to corporate data and applications, featuring over 25 authentication methods which can be combined in multiple fashions.

As stated in a previous post, very often it is not necessary to add complexity to the authentication process: combination of different techniques could help adding the needed… entropy.

Give a look to the interesting news linked here and let us know what you think!

written by RoarinPenguin - 860 views \\ tags: authentication, combining different authentication, hackers, Security, smartcard, sslvpn

NSS Labs recently released the results of its latest Network IPS Group Test, which was also covered by Jeremy Kirk at IDG News Service here. The results were interesting to say the least. Here are a few high level observations:

StoneGate IPS performance. Like a majority of the appliances tested, StoneGate received a Neutral rating indicating that the devices performed reasonably well and should be considered in the purchasing process. However, there were several areas where StoneGate IPS tested exceedingly well, including:

• Excellent in value purchase and TCO. Stonesoft’s StoneGate IPS-1205 and IPS-3205 appliances were rated excellent in value purchase. In the sub-gigabit category, the StoneGate IPS-1205 provided the best price per Mbps-protected. In the high-end appliance category, the StoneGate IPS-3205 had the second lowest three-year TCO.
• Ease of use. “Stonesoft‘s Management Center builds on its firewall management and is extremely intuitive and easy to use. Deploying Stonesoft‘s pre-defined policies is simple and efficient. It took almost no time to setup, configure and tune.”
• 100 percent protection against evasions. The StoneGate IPS-1205 and IPS-3205 successfully handled 100 percent of NSS Labs’ traditional evasion attempts without error, including HTML evasions. However, it’s important to note that Advanced Evasion Techniques (AETs) were not included in this test, so the 100 percent coverage is for basic evasions only and will not provide protection against AETs.According to NSS Labs:
  ”If an attacker can avoid detection by fragmenting IP Packets or segmenting TCP streams, an IPS will be completely blind to ALL attacks”.

This concept has been at the heart of our AET research, and is why we are expecting NSS Labs to raise the bar in 2011 by incorporating AET tools into their testing suite.

written by TimoT - 1,982 views \\ tags: IPS, Security

On 16th Nov 2010 OpenSSL reported a serious vulnerability in TLS server extension code parsing that enables remote exploits against vulnerable servers.

None of Stonesoft StoneGate products are affected. Although we use the vulnerable version of the OpenSSL library, the server extension where the vulnerable code lies has not been included into our products.

BR,

- Joona

written by joona - 946 views \\ tags: Security, stonegate

Yesterday we publicly announced the discovery of new, advanced evasion techniques (AET) that can pose a serious threat to existing network security systems worldwide. The details of the discovery have been shared with CERT-FI in Finland for vulnerability coordination purposes and validated by ICSA Labs.

This discovery by Stonesoft vulnerability experts is not a new exploit or vulnerability, but a new method of delivering new and existing exploits (such as Stuxnet or Zeus) by bypassing today’s network security systems. Evasions enable advanced and hostile cyber criminals to deliver any malicious content, exploit or attack to a vulnerable system, without detection. Most evasion techniques to date have stayed within the confines of established rules for network traffic. Security systems can be rendered ineffective against evasion techniques, in the same way a stealth fighter can attack without detection by radar and other defensive systems. While evasions are nothing new, with research dating back to the late 1990s at least, AETs extend the research dramatically, adding new techniques and dramatically increasing the successful combinations possible.

AETs, a new species of evasion techniques, can be altered or combined in any order to avoid detection by security systems. AETs are, by their nature, dynamic, unconventional, virtually limitless in quantity, and unrecognizable by conventional detection methods. The amount of new AETs is growing exponentially, and thus they create an everlasting and ever-changing challenge for the information security industry and organizations around the world.

For more information about the announcement, see the press release, and join the discussion at www.antievasion.com.

written by markb - 1,424 views \\ tags: AET, evasion, IPS, Security

StoneBlog has been sleeping for few days now, and I’d like to revitalize it with this post about a real risk I was chatting about few minutes ago with a friend.

We have talked in past posts about one splendid feature of our legendary StoneGate Management Center: geolocation.

This is undoubtedly a very useful tool for security administrator, to perform monitoring tasks and to act like “human correlation tools”; that is, to use the ability of our brain of looking to visual information and have intuitions about events with a logic that is not definable in rules. No IT tool can help in this, or at least it would help but also it would be prone to too many errors and false positives/negatives.

If geolocation is very useful for IT Security tools, I have serious doubt it is a good idea when applied to people and activities of people. For instance, think to the option offered by several smartphones to interact with social sites to geolocalize  a person and offer information about where he is, where he has been, what he’s doing right now and even offer a map about the area where the person is.

Sure it is nice to show to friends that we are always on, always connected, always on the Net and always reachable, but imagine how these information could be potentially used to study an attack, or to plan a robbery, or to violate people properties, etc.

It’s not (anymore only) about privacy, it’s more about security… right?

I’m interested in understanding your comments about this topic, to continue to simplify… security.

written by RoarinPenguin - 825 views \\ tags: geolocation, Security

It seems the U.S. Congress is finally gaining an understanding of how cybersecurity should be managed. Maybe someone told them security is a process and they finally understood. At any rate, it’s welcome news that the recent cybersecurity reforms passed. While the original FISMA was well-intentioned, it was clear that it wasn’t helping security in any meaningful way. Often our customers and prospects were spending more time worried about generating large binders full of paperwork and less time on monitoring and examining events on the network.

It’s good to read news reports that departments and agencies like NASA and the U.S. State Department have recognized the value of real time, continuous monitoring and rapid threat mitigation instead, and are pushing for more of the Fed to move in that direction. Stonesoft’s own recommendations are along those lines.

Security truly is a process at the end of the day and any tools that facilitate that process should be considered. Geographic mapping of events in real time, effortless log data management and forensics analysis, visualization of events in both physical and virtual environments and all wrapped up in a centralized management center is the way to go. Of course, our own StoneGate solution is designed this way too.

Do you think the new direction of the Fed is good or bad? Stop by Booth 33 at <a href="Black Hat 2010 this week in Las Vegas and discuss it with us. We’d love to hear from you! Or come learn more about network security. Simplified.

written by markb - 1,217 views \\ tags: cybersecurity, information assurance, legislation, Security

Maybe old Benny had authentication in mind when he wrote this (paraphrased) quote.

Surely this is a great truth that we do understand well in Stonesoft, since we always kept focus and attention on usability of our solutions. Our legendary SMC ease of use is a proof of that, and another is SMS based authentication featured by StoneGate SSL VPN.

Recent cloud computing mega trend raised again concerns for authentication tied to access to the cloud, and many blog posts and discussion are undergoing about what are best methods to ensure strong enough, yet easy to achieve and use authentication method.

One time passwords seems to be a good idea, but implementation often made it too complicated because relying on hardware devices, software to install on hardware devices, PIN to remember, etc.

Few years ago, Finland made a nice technological gift to the world with first text message sent from a cell phone to another by a student staging at Nokia, and since then the situation evolved to 4.1 trillion of messages sent in year 2008. This indicates clearly that:

• mobile phones are quite popular
• we always keep them with us (and return home if we leave them there)
• SMS is a widely used technology, no matter which type of mobile phone we have

As stated in a previous post, StoneGate SSL VPN can be used to implement text messaging based authentication with OTP and… my Nokia proves it here below

Network Security. Simplified!

written by RoarinPenguin - 1,086 views \\ tags: authentication, sms, SSL VPN, stonegate, text messaging

IE 6&7 have remote a vulnerability that is being exploited in the wild right now. There are no patches available. If you use StoneGate IPS with strict policy and have update package 293 activated && policy refreshed, you should be safe. If you don’t, you’d want to make sure that the fingerprint situation HTTP_SS-Microsoft-Internet-Explorer-Invalid-Pointer-Reference-CVE-2010-0806 is in your inspection policy with action “Terminate”.

written by Olli-Pekka Niemi - 1,418 views \\ tags: cve, Security, security threat, Vulnerability

Screen capture videos of StoneGate Management Center are featured in the "Huomenta Suomi" TV program from this morning. Click the picture below to view the recording of the program at MTV3′s Katsomo (unfortunately it is only in Finnish).

Those ones who do not understand Finnish, you can check the SMC video clips also here:

• Log Data Mining á la Stonesoft
• Real-Time Monitoring with StoneGate Overviews

Enjoy!

written by Tero Jantunen - 2,135 views \\ tags: demo, Geolocations, logs, military, MTV3, Overviews, Videos

Up until recently, DoS attacks, Syn-Flood and other security issues were items that those in the business world thought were made up phrases or part of some terrible attempt of a Haiku.

But now, what do sites like CNN, eBay, Amazon, Yahoo and most recently Twitter all have in common? They’ve all been on the cover of main-stream media – and not for the right reasons. In fact, they were all the target of successful DoS attacks.

It was interesting to see that one of the main business media outlets published an entire report of DoS and other security related issues. When the demographics are CEO, investors, CFO it’s  great example to show how the drive of integration security into business is drawing closer to closer and ever more important. Here is the link to the video from CNBC.com

http://www.cnbc.com/id/15840232?video=1219614333&play=1

Interestingly, StoneGate provides a variety of solutions to help protect from these types of attacks, and even most recently by integrating DoS protection into our FW/VPN appliances. There was also a recent case where an international client was the target of a DoS, which impacted them for several days. Around the same time, we released our new code, which they downloaded and as soon as they pushed the new version out, it immediately stopped the attacks – as easy as that.

written by wpoveromo - 1,224 views