StoneBlog.stonesoft.com

StoneBlog has been sleeping for few days now, and I’d like to revitalize it with this post about a real risk I was chatting about few minutes ago with a friend.

We have talked in past posts about one splendid feature of our legendary StoneGate Management Center: geolocation.

This is undoubtedly a very useful tool for security administrator, to perform monitoring tasks and to act like “human correlation tools”; that is, to use the ability of our brain of looking to visual information and have intuitions about events with a logic that is not definable in rules. No IT tool can help in this, or at least it would help but also it would be prone to too many errors and false positives/negatives.

If geolocation is very useful for IT Security tools, I have serious doubt it is a good idea when applied to people and activities of people. For instance, think to the option offered by several smartphones to interact with social sites to geolocalize  a person and offer information about where he is, where he has been, what he’s doing right now and even offer a map about the area where the person is.

Sure it is nice to show to friends that we are always on, always connected, always on the Net and always reachable, but imagine how these information could be potentially used to study an attack, or to plan a robbery, or to violate people properties, etc.

It’s not (anymore only) about privacy, it’s more about security… right?

I’m interested in understanding your comments about this topic, to continue to simplify… security.

written by RoarinPenguin - 825 views \\ tags: geolocation, Security

It seems the U.S. Congress is finally gaining an understanding of how cybersecurity should be managed. Maybe someone told them security is a process and they finally understood. At any rate, it’s welcome news that the recent cybersecurity reforms passed. While the original FISMA was well-intentioned, it was clear that it wasn’t helping security in any meaningful way. Often our customers and prospects were spending more time worried about generating large binders full of paperwork and less time on monitoring and examining events on the network.

It’s good to read news reports that departments and agencies like NASA and the U.S. State Department have recognized the value of real time, continuous monitoring and rapid threat mitigation instead, and are pushing for more of the Fed to move in that direction. Stonesoft’s own recommendations are along those lines.

Security truly is a process at the end of the day and any tools that facilitate that process should be considered. Geographic mapping of events in real time, effortless log data management and forensics analysis, visualization of events in both physical and virtual environments and all wrapped up in a centralized management center is the way to go. Of course, our own StoneGate solution is designed this way too.

Do you think the new direction of the Fed is good or bad? Stop by Booth 33 at <a href="Black Hat 2010 this week in Las Vegas and discuss it with us. We’d love to hear from you! Or come learn more about network security. Simplified.

written by markb - 1,217 views \\ tags: cybersecurity, information assurance, legislation, Security

If you’re headed to Black Hat 2010 this year as we are, be sure to follow our security tips to avoid placement on the Wall of Sheep. Our third security tip post is actually a collection of some miscellaneous things. Join us at Booth 33 to learn more about these tips, try your hand at Hack The Lab, and see what other things are going on at Stonesoft and the new StoneGate 5.2 release.

As many YouTube videos demonstrate, you never know when someone may be watching. A good thing to keep in mind at Black Hat as well, particularly when you are using a laptop or other mobile device. Be mindful of the fact that hackers may be watching your screen and your fingers as you type. From this they can capture information off your screen and capture your logins and passwords for use later on. Often this hack is accomplished by using a video camera on a cell phone or by pretending to take a picture of a nearby attraction. So keep your fingers covered as much as possible, and be prepared to change your passwords often. If you can avoid using your laptop or smartphone in open areas, do so and reserve the work for after you return to your hotel room or other private location.

Black Hat has also been famous in the use of social engineering and ATM hacks. There’s a presentation on ATMs at this year’s conference. Be sure to avoid any stand-alone or third party ATMs within the casinos, or any ATM that is not at a bank branch office. These stand alone ATMs can be cheap copies, or purchased off eBay or other sites, and reconfigured to capture your account data, while providing no money.

Just one more quick review: turn off wireless and Bluetooth on all devices whenever possible. Avoid wireless if at all possible, and use a 3G cellular modem instead. Be careful typing in passwords, and also what you work on while in open areas. Don’t trust ATMs or storage devices of any kind. Keep your mobile devices up to date with the latest software updates and patches, and use encryption and firewalls whenever and wherever possible.

Remember to enjoy the conference and have a great time knowing you won’t be joining others on the Wall of Sheep!

written by markb - 1,647 views \\ tags: conferences, hacking, passwords, Security

If you’re headed to Black Hat like we are, there’s more to security than being cautious about the networks you connect to. Data at rest can also be a concern, both for the data on your devices as well as the data you may receive while there. Here’s our second security tip, to deal with the protection of that data.

The X-Files principle of Trust No One holds true in this case as well. We all love schwag, whether it’s simple things like stress balls, to more advanced things like iPad giveaways. In between everyone loves to pick up those USB sticks, which can be plain and simple or disguised as cute animals. But be careful, those animals can turn on you. In general, for a safer computing experience at Black Hat, do not trust any storage device handed to you by others. Whether it’s a USB drive or CD, or anything else (even that iPod you just won), they can contain viruses, Trojans or malware of any form. Even the ones that look professional can be dangerous. At best it’s good to discard them; if not at least scan them on a separate, up-to-date, sacrificial system first.

Second, if you are bringing a laptop, install and verify the operation of full-disk encryption software. Use AES-256 bit encryption or better. If the hard drive has a hardware encryption option as some external ones do, use that instead. And while you’re at the conference, be sure to power off or hibernate your laptop whenever it isn’t in use to maximize the effect of the encryption software. Free disk encryption programs exist, and modern Windows and OS X systems include encryption technologies built-in.

To learn more about computing safely, to try your hand at Hack The Lab, and to learn about Stonesoft’s award-winning network security solutions, be sure to stop by Booth 33!

written by markb - 1,135 views \\ tags: conferences, encryption, Security, stonegate, stonesoft

Black Hat 2010 is coming up soon, and Stonesoft will be there. Join us at Booth 33 to learn more about our solutions, see demos in action, and try your hand in Hack The Lab.

Our first security tip for a safer Black Hat computing experience is about network security. We’re starting with this one since it’s the heart of our StoneGate network security solutions as well. While at Black Hat, try to avoid connecting to any networks, including wired and wireless ones. For wireless networks especially, don’t connect if you can help it, even if the SSID of the network looks trustworthy (for example, it looks like a network operated by the casino…it may not be). If it’s possible to use a cellular modem instead, it is recommended to do so. If you do need a network, remember that any communications can potentially be intercepted, and passwords and logins should not be sent in clear text.

If you do connect, be sure you are using a VPN with strong encryption and that your laptop or mobile device is up-to-date with the latest patches and updates, and that a firewall and virus scanner are installed, updated and operational. If you don’t need it, be sure to turn off wireless and Bluetooth. If the devices you have use a hardware switch to disable these functions, use it instead of the software option. Whenever you are not using the networks, be sure to disconnect and disable the functionality on your device to reduce your risk exposure.

More tips for a safer experience at Black Hat will follow, so stay tuned!

written by markb - 1,126 views \\ tags: conferences, networks, Security, tips

It’s just a few weeks away! Stonesoft will be at the Black Hat 2010 conference and expo in Las Vegas, Nevada. If you’re going, join us there at booth 33, and learn about our solutions. We’re also featuring the popular StoneGate Hack The Lab event. Trade in your white hat for a black hat for a period and try your hand at hacking into systems in a lab environment.

In addition to Hack The Lab, we’ll also be featuring the StoneGate IPS component of the powerful, award-winning StoneGate network security solution. You can also register to win the VMware-certified StoneGate virtual firewall or IPS for a year for free!

Stay tuned here as well, as we post our security tips for a safe Black Hat computing event, or follow us on Twitter at @Hack_the_Lab and @Stonesoft_US. Or friend us on Facebook.

written by markb - 1,615 views \\ tags: Security, security threat, stonegate

IE 6&7 have remote a vulnerability that is being exploited in the wild right now. There are no patches available. If you use StoneGate IPS with strict policy and have update package 293 activated && policy refreshed, you should be safe. If you don’t, you’d want to make sure that the fingerprint situation HTTP_SS-Microsoft-Internet-Explorer-Invalid-Pointer-Reference-CVE-2010-0806 is in your inspection policy with action “Terminate”.

written by Olli-Pekka Niemi - 1,418 views \\ tags: cve, Security, security threat, Vulnerability

Hi all!

As we wrote earlier, last week we offered selected Finnish journalists a rare chance to peek into the mind of an IT criminal. The event, called “Hack the lab” was a total success. After some initial hesitation, a wave of enthusiasm and joy of discovery spreaded among participants. The journalists had the chance to try out different techniques, such as port scanning, password breaking and the use of intrusion tools. We let them do all the work, and just provided some advice and guidance in the background.

Based on the feedback, we realised that the editors were really surprised by how easy it is to break into a system. None of them could have imagined, how easy it could be to find powerful tools from the Internet and how easy it is to use them. Sure, we should keep in mind that someone has gone through great trouble making the tools first. Nevertheless, the point remains. The journalists also understood how important it is to have an up-to-date and modern intrusion prevention system in place.  When we protected the target systems with  our SGIPS, the hacks turned out to be unsuccessful. Without the IPS,  the target systems were completely owned.

The event generated some coverage as well, please see the links below. (Articles in Finnish)

YLE: Hakkerointi onnistuu kaikilta
mesiksen mietteet: Hakkerilabra opettaa pomoille tietoturvamokia
Tietokone: Hakkerilabra opettaa pahimmat tietoturvamokat
Helsingin Sanomat: Mustahuppuinen hakkeri ja salaiset reseptit (for subscribers only)

written by Olli-Pekka Niemi - 2,454 views \\ tags: demo, IPS, Security

Global economy downturn put new pressure on some security solutions weaknesses in term of high cost of ownership/administration, low manageability, clumsy incident management processes and cumbersome configuration procedures.

This happens when the whole security solution (or part of it) is conceived thoughtlessly or with a patchy attitude (oh, I have this issue/new need, let’s fix it).

Security has been, still is and will always be a process and everything related to that should never be an afterthought, especially if this has impact on resources and budget.

When undersized groups of people need to manage consistently security of a corporate information flow, the accent is less on watching and more on consciousness… less on surveillance and more on knowing what’s going on… less on monitoring and more, much more on awareness.

Monitoring is ability to watch a dashboard and see, for instance, that an attack is in progress or that a firewall node of a cluster in xyz location is in error state.

Security Awareness is about being conscious of the complete situation in the lesser time possible, and knowledgeable of the most efficient countermeasures to mitigate the risks while ensuring that damage possibilities or data loss/thief is nullified.

Continue reading »

written by RoarinPenguin - 1,178 views \\ tags: awareness, secure information flow, Security, security governance

Hi all!

As you might have read, BBC Click has done some investigative journalism by “acquiring” (buying?) a botnet consisting some 22 000 computers and used it to create DDoS and email attacks. This was done just for testing how easy it would be….

Surprise surprise, it really is easy. But it certainly is not ethical and it might be illegal even in Britain, as I’ve stated in the followed stories by SC Magazine and infosecurity. I know for sure it’s illegal in Finland, for several reasons. BBC’s story raised awareness towards network security but is strongly overshadowed by the illegal/unethical means in it.

So how could’ve BBC done this ethically and/or lawfully? I can’t find a way:

Continue reading »

written by Olli-Pekka Niemi - 2,371 views \\ tags: Security