StoneBlog.stonesoft.com

Hi all!

As we wrote earlier, last week we offered selected Finnish journalists a rare chance to peek into the mind of an IT criminal. The event, called “Hack the lab” was a total success. After some initial hesitation, a wave of enthusiasm and joy of discovery spreaded among participants. The journalists had the chance to try out different techniques, such as port scanning, password breaking and the use of intrusion tools. We let them do all the work, and just provided some advice and guidance in the background.

Based on the feedback, we realised that the editors were really surprised by how easy it is to break into a system. None of them could have imagined, how easy it could be to find powerful tools from the Internet and how easy it is to use them. Sure, we should keep in mind that someone has gone through great trouble making the tools first. Nevertheless, the point remains. The journalists also understood how important it is to have an up-to-date and modern intrusion prevention system in place.  When we protected the target systems with  our SGIPS, the hacks turned out to be unsuccessful. Without the IPS,  the target systems were completely owned.

The event generated some coverage as well, please see the links below. (Articles in Finnish)

YLE: Hakkerointi onnistuu kaikilta
mesiksen mietteet: Hakkerilabra opettaa pomoille tietoturvamokia
Tietokone: Hakkerilabra opettaa pahimmat tietoturvamokat
Helsingin Sanomat: Mustahuppuinen hakkeri ja salaiset reseptit (for subscribers only)

written by Olli-Pekka Niemi - 726 views \\ tags: demo, IPS, Security

Global economy downturn put new pressure on some security solutions weaknesses in term of high cost of ownership/administration, low manageability, clumsy incident management processes and cumbersome configuration procedures.

This happens when the whole security solution (or part of it) is conceived thoughtlessly or with a patchy attitude (oh, I have this issue/new need, let’s fix it).

Security has been, still is and will always be a process and everything related to that should never be an afterthought, especially if this has impact on resources and budget.

When undersized groups of people need to manage consistently security of a corporate information flow, the accent is less on watching and more on consciousness… less on surveillance and more on knowing what’s going on… less on monitoring and more, much more on awareness.

Monitoring is ability to watch a dashboard and see, for instance, that an attack is in progress or that a firewall node of a cluster in xyz location is in error state.

Security Awareness is about being conscious of the complete situation in the lesser time possible, and knowledgeable of the most efficient countermeasures to mitigate the risks while ensuring that damage possibilities or data loss/thief is nullified.

Continue reading »

written by RoarinPenguin - 376 views \\ tags: awareness, secure information flow, Security, security governance

Hi all!

As you might have read, BBC Click has done some investigative journalism by “acquiring” (buying?) a botnet consisting some 22 000 computers and used it to create DDoS and email attacks. This was done just for testing how easy it would be….

Surprise surprise, it really is easy. But it certainly is not ethical and it might be illegal even in Britain, as I’ve stated in the followed stories by SC Magazine and infosecurity. I know for sure it’s illegal in Finland, for several reasons. BBC’s story raised awareness towards network security but is strongly overshadowed by the illegal/unethical means in it.

So how could’ve BBC done this ethically and/or lawfully? I can’t find a way:

Continue reading »

written by Olli-Pekka Niemi - 817 views \\ tags: Security

I’ve been there, back home now, just want to share some thoughts with you.

First, VMware CEO Paul Maritz talked about the vCloud and officially announced the new name for the upcoming VI4: vSphere.

Second, they announced lots of cool’n’sexy things, making people feeling like they’re Back to the Future (like they did last year).

Third, for first time they started speaking seriously about security by stating the concern that security in virtualization projects should and must not be an afterthought.

IMHO, security was bit of left aside last year, when VMware started a foggy VMSafe initiative just to generate hype but with no real focus on it, leaving people with some psychological doubts in starting serious virtual datacenter projects.

As said in a previous post, customers so far have mainly consolidated servers without going really in datacenter virtualization, mainly fearing that one way or another the virtual networking infrastructure could be seriously compromised, hacked or exploited.
We have seen this concern even this year, when people visiting our booth was asking what they could do to implement virtualization security in a) a fashion they know and b) in a manageable way.
Especially considering that since

• virtual datacenter does not happen in a day or two and
• complete virtualization is hard to achieve,

networks are likely to be “hybrid” (physical and virtualized) for a while…

They have been pleased in seeing the pragmatic approach of Stonesoft concerning virtualization security:

• today, you can immediately implement security as part of your virtualization project, transposing “traditional network segmentation” model into virtualized environment with StoneGate Firewall and IPS Virtual Appliances
• Stonesoft is actively following virtualized security evolution (like VMSafe initiative) to eventually leverage technological benefits it might generate
• today we deliver smooth and consistent unified management of both physical and virtualized security engines, thanks to the power of SMC (StoneGate Management Center), minimizing cost of administration and impact on resources

What about you? Been at VMWorld? Concerned about virtualization security? What do you think of our approach? We’d like to hear from you…

written by RoarinPenguin - 696 views \\ tags: Security, Virtualization, vmworld 2009

In my experience, virtualization projects I’ve seen so far are mainly consolidating multiple servers before running on different machine onto a cluster of servers forming a hypervisor, mainly for cost/maintenance/power savings.
Those pioneers who went really “into” virtualization are virtualizing network segments also, taking advantage of rock solid technologies like VMware VMotion and Distributed Resource Scheduler to implement the so-called Virtual Datacenter at full.
In these interesting technological projects, one should not forget the important role of network security, and many are positive with Stonesoft approach since it allows “transposing” a traditional network security model in virtualized world.
What is your opinion?
Have you faced already virtualization projects in your company?
Which technologies did you consider for secure your virtual information flow?
Any hint/recommendation to share with the community?

Please use the comments to share your thoughts…

written by RoarinPenguin - 594 views \\ tags: Security, Surveys, Virtualization