StoneBlog.stonesoft.com

If you’re headed to Black Hat like we are, there’s more to security than being cautious about the networks you connect to. Data at rest can also be a concern, both for the data on your devices as well as the data you may receive while there. Here’s our second security tip, to deal with the protection of that data.

The X-Files principle of Trust No One holds true in this case as well. We all love schwag, whether it’s simple things like stress balls, to more advanced things like iPad giveaways. In between everyone loves to pick up those USB sticks, which can be plain and simple or disguised as cute animals. But be careful, those animals can turn on you. In general, for a safer computing experience at Black Hat, do not trust any storage device handed to you by others. Whether it’s a USB drive or CD, or anything else (even that iPod you just won), they can contain viruses, Trojans or malware of any form. Even the ones that look professional can be dangerous. At best it’s good to discard them; if not at least scan them on a separate, up-to-date, sacrificial system first.

Second, if you are bringing a laptop, install and verify the operation of full-disk encryption software. Use AES-256 bit encryption or better. If the hard drive has a hardware encryption option as some external ones do, use that instead. And while you’re at the conference, be sure to power off or hibernate your laptop whenever it isn’t in use to maximize the effect of the encryption software. Free disk encryption programs exist, and modern Windows and OS X systems include encryption technologies built-in.

To learn more about computing safely, to try your hand at Hack The Lab, and to learn about Stonesoft’s award-winning network security solutions, be sure to stop by Booth 33!

written by markb - 167 views \\ tags: conferences, encryption, Security, stonegate, stonesoft

It’s just a few weeks away! Stonesoft will be at the Black Hat 2010 conference and expo in Las Vegas, Nevada. If you’re going, join us there at booth 33, and learn about our solutions. We’re also featuring the popular StoneGate Hack The Lab event. Trade in your white hat for a black hat for a period and try your hand at hacking into systems in a lab environment.

In addition to Hack The Lab, we’ll also be featuring the StoneGate IPS component of the powerful, award-winning StoneGate network security solution. You can also register to win the VMware-certified StoneGate virtual firewall or IPS for a year for free!

Stay tuned here as well, as we post our security tips for a safe Black Hat computing event, or follow us on Twitter at @Hack_the_Lab and @Stonesoft_US. Or friend us on Facebook.

written by markb - 255 views \\ tags: Security, security threat, stonegate

Maybe old Benny had authentication in mind when he wrote this (paraphrased) quote.

Surely this is a great truth that we do understand well in Stonesoft, since we always kept focus and attention on usability of our solutions. Our legendary SMC ease of use is a proof of that, and another is SMS based authentication featured by StoneGate SSL VPN.

Recent cloud computing mega trend raised again concerns for authentication tied to access to the cloud, and many blog posts and discussion are undergoing about what are best methods to ensure strong enough, yet easy to achieve and use authentication method.

One time passwords seems to be a good idea, but implementation often made it too complicated because relying on hardware devices, software to install on hardware devices, PIN to remember, etc.

Few years ago, Finland made a nice technological gift to the world with first text message sent from a cell phone to another by a student staging at Nokia, and since then the situation evolved to 4.1 trillion of messages sent in year 2008. This indicates clearly that:

• mobile phones are quite popular
• we always keep them with us (and return home if we leave them there)
• SMS is a widely used technology, no matter which type of mobile phone we have

As stated in a previous post, StoneGate SSL VPN can be used to implement text messaging based authentication with OTP and… my Nokia proves it here below

Network Security. Simplified!

written by RoarinPenguin - 261 views \\ tags: authentication, sms, SSL VPN, stonegate, text messaging

Of course it’s important to follow up-and-coming transformative technologies. If the numbers on the first weekend of Apple iPad pre-orders are remotely close to being correct (~20,000 per hour), it classifies as a transformative device. With WiFi and optional 3G connectivity, it also makes a great platform for both organizational access and administration. Of course, those of us who are Apple fans would be remiss without placing our own order for testing all things StoneGate on this device. After all, StoneGate and Apple are both technologies people love.

We know from the iPhone that the StoneGate WebPortal interface works like a champ already, allowing administrators to view logs and reports, check security policies and more. Since the iPad reportedly uses iPhone OS 3.2, we don’t expect that to be any different. We also don’t expect that the StoneGate SSL VPN will be any different, easily allowing access to Web-based resources through a multitude of authentication technologies via 3G and WiFi networks. Of course, the remaining question is then whether the full StoneGate Management Client will work. At this time it’s speculation, but the answer initially is likely, “No” since – like the iPhone before it – the iPad will likely not support Java.

That said, stay tuned to StoneBlog to find out our first experiences as soon as the post delivers our new test subject; we’ll let you know at least the “unofficial” support of StoneGate on this tool. After all, what better way to achieve…

Network security. Simplified.

written by markb - 709 views \\ tags: administration, iPad, SSL VPN, stonegate, WebPortal

vSphere or VMware ESX 4.0 introduced a number of interesting features, among which the possibility to upgrade your virtual hardware to version 7 from version 4 (that was default in previous ESX 3.x world).

This upgrade, achieved right clicking on the virtual machine in VI Client and select “Upgrade Virtual Hardware”, will inject cool steroids in your virtual machine (but makes it also not backward compatible with VI 3.x anymore).

A positive side effect of such steroids is the ability to increase the number of NICs in your VM as shown below.

Continue reading »

written by RoarinPenguin - 666 views \\ tags: ESX 4, stonegate, virtual appliance, Virtualization, vsphere

Couple of days ago, my Google Alert agent reported me a link to a page titled Windows 7 Stonesoft VPN Client V5 Installation Windows Live.

Bit curious about what this could be, I clicked on it and I found a web album by one of our customers who tried installing our VPN Client 5 on Windows 7.

He was so happy about results, that he decided to post the screenshot on his web album (and he authorized me to republish it here below):

Stonians are everywhere, thanks Jörg!

written by RoarinPenguin - 560 views \\ tags: stonegate, vpn client 5, windows 7

Do you want to try StoneGate in your virtual environment? SVDK is for you!

SVDK stands for StoneGate Virtual Demo Kit and it is a free kit allowing you to setup a simple yet powerful virtual playground, thanks to a set of ready made virtual machines for VMware platforms (ESX/ESXi, VMware Server, Workstation, etc).

The playground network schema is reported below:

It is available now in StoneBlog Community.

Happy testing!

written by RoarinPenguin - 614 views \\ tags: demo, stonegate, svdk, virtual playground

With the help of StoneGate 5.0 administrators can configure HTML user responses that are shown in the end user’s web browser. The idea of HTML user responses is to inform the end-users why hey got banned.

The administrator can customize the HTML user responses for the following cases:

• Connection blacklisted
• Connection refused by access rule
• Connection terminated by inspection rule
• URL not allowed
• Virus found

For each case the administrator can decide whether to:

• Close silently the TCP connection
• Redirect the user to specified URL
• Show customized HTML response

You can for example notify your end-users that their web browser is outdated. You can of course make things as smooth as possible for the end-user and include the link to update the browser in the customized HTML user response.

written by teroja - 720 views \\ tags: 5.0, Features, IPS, SMC, stonegate

StoneGate IPS 5.0 allows you to protect your hosts and servers against attacks that are hidden inside HTTPS. Here are a couple of use cases what you may want to try with the StoneGate 5.0:

Client side protection:

• Detect and block attacks targeting the client Web browsers inside SSL tunnel.
• Protecting workstations and internal networks from malicious web servers.

Server side protection:

• Detect and block attacks targeting the HTTPS server inside SSL tunnel
• Protecting the server being compromised by the unauthorized uses

The HTTPS Inspection feature also provides support for usage of Certificate Revocation List (CRL). That list is updated via SMC.

You can also whitelist the Web sites you don’t want to inspect. There is a new HTTPS inspection policy element where you are supposed to add your users’ bank services etc.

written by teroja - 1,907 views \\ tags: 5.0, Features, IPS, SMC, stonegate

Found this very odd picture in my PC, showing how “extremely flexible” can a StoneGate be:

Picture was related to a test with a hardware vendor we’ve made in 2003, with a prototype that was not in that elegant shape yet.

What about you? Did you ever experienced StoneGate in particular configurations, like many nodes, odd hardware, etc?

Let us know!

written by RoarinPenguin - 561 views \\ tags: extreme, hardware, stonegate