Oct 7 2009 6:38PM GMT
Posted by: Troy Tate
IT,
information technology,
professional,
career,
network analysis,
service level,
support,
information security,
infosec,
trojan,
bot,
botnet,
Security
In America, October is the time when haunting, evil spirits and curses come to mind. Earlier today I posted a blog entry titled Can IT education bring an end to the recession? I used a quote that is attributed to a series of Chinese curses that go in ascending order of severity. After I used it, I pondered on the other two curses and their applicability to IT services.
According to Wikipedia, the three curses are:
- May you live in interesting times.
- May you come to the attention of those in authority (sometimes rendered May the government be aware of you)
- May you find what you are looking for
Continued »
Sep 30 2009 1:36PM GMT
Posted by: Troy Tate
case study,
WAN,
frame relay,
mpls,
vpn,
network management,
industry award,
ipsec,
SSL,
ssl vpn,
information security,
remote access,
Security,
security management
Have you ever wondered if vendor case studies are actually solutions to real life issues or if they are stories about compensated organizations using a particular vendor solution? Well, I am here to tell you that I know of at least one case study that is about an organization addressing real-life issues that was featured in an award winning vendor case study. The organization is the company I work for and the case study is about the challenges we faced with replacing an under-performing legacy Frame Relay network with a more efficient and flexible global solution that delivers high availability, remote access, and integrated security. For the record, no compensation was given for being the subject of this vendor case study.
The case study won the 2009 Best Deployment Scenario - VPN/IPSec/SSL and was featured in the Info Security Products Guide. The winning case study and announcement can be found at Manufacturing Company Achieves Security and Performance Goals with Virtela’s Remote Access Services from the Cloud.
See all 2009 Best Deployment Scenarios and Case Studies. This would be a good time to look at these and see if any of the solutions may meet some of the information security needs of your organization. Consider putting the solutions in your 2010 budgets.
Feel free to leave comments here or contact me through ITKE if you would like more information. Thanks for reading & let’s continue to be good network citizens.
Sep 16 2009 6:41PM GMT
Posted by: Troy Tate
malware,
Google,
search results,
malicious software,
drive-by attack,
browser security,
information security,
software security,
software
Well, that may not be news to you. However, there is a recent trend in malware propagation that uses Google as the portal to deliver payloads to visitors. Unsuspecting users go to Google and search for topics such as Patrick Swayze’s death or the controversy about Serena Williams cursing at the line judge in her recent US Open tennis match. When a user selects one of the Google search results and visits the page, malware is downloaded to the client computer since the referrer is Google. However, if someone were to just visit the page on their own or through another search engine, the website does not serve up malicious software.
For more information see this Register.com article Swayze death exploited to serve up fake anti-virus - I’ve had the crime of my life. Seems like malware is bombarding us from all directions now. You can’t even trust ads on the NY Times these days.
Thanks for reading & let’s continue to be good network citizens!
Sep 16 2009 6:31PM GMT
Posted by: Troy Tate
malware,
malicious software,
ad revenue,
computer network,
network access,
PC,
hardware,
software,
social engineering,
licensing,
permit,
Security,
information security,
browser security,
information security management,
user education
Yesterday Fierce CIO reported that New York Times falls victim to rogue ad. This is a trend that seems to be happening more frequently. Rogue malware ads are appearing in a lot of places these days in areas most people would trust as authoritative and reliable sources of information. It is unknown how much the rogue malware “seller” may have gotten by putting the ad on the NY Times website but they likely made something from unsuspecting users. The NY Times did suffer some amount of loss since they disabled all third party ads until the rogue ad was removed. What would you do if an ad popped up on a trusted website saying your computer was infected? Most IT professionals would disregard the message as their systems SHOULD already be protected. However, how much of the general population is not an IT professional (at least outside of their own home 
)?
What can and should the security industry do to educate users about these social engineering tactics? Should computers be “licensed” or “permitted” to be on the internet to reduce threats to unsuspecting users? That’s a thought for you… what governing body would issue these computer use permits? What would the rate infrastructure be like - based on processor/memory or bandwidth? Where would the permit fees go? Would there be some internet oversight body that uses the fees to have inline malware filters?
Thinking out loud here folks - offer some suggestions. Your input is welcome and appreciated.
Thanks for reading and let’s continue to be good network citizens!
=========================
20090918 Update:
E-Week reports that there is a surge in click fraud. According to the article this is similar to the NY Times advertisement malware threat discussed above. I fear this trend will only get worse. What is a legitimate advertiser or web services organization to do?
Sep 14 2009 1:49PM GMT
Posted by: Troy Tate
Microsoft,
information security,
vulnerability,
risk management,
patches,
tcp-ip,
tcp,
tcp/ip,
Windows,
windows 2000,
support,
Microsoft support,
threat,
risk
Last week was the September issue of Microsoft “patch Tuesday”. The September 2009 Microsoft Security Bulletin lists a number of vulnerabilities. Microsoft held the bulletin webcast on Wednesday, September 9, to discuss the vulnerabilities and customer concerns.
One particular bulletin is creating some concerns for Microsoft Windows 2000 users. MS09-048 is a bulletin for a vulnerability to the TCP/IP stack in all current supported versions of Windows. The bulletin describes the vulnerability:
Vulnerabilities in Windows TCP/IP Could Allow Remote Code Execution (967723)
This security update resolves several privately reported vulnerabilities in Transmission Control Protocol/Internet Protocol (TCP/IP) processing. The vulnerabilities could allow remote code execution if an attacker sent specially crafted TCP/IP packets over the network to a computer with a listening service. Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate outside the enterprise perimeter. Best practices recommend that systems that are connected to the Internet have a minimal number of ports exposed.
Even though the bulletin here describes it as potential remote code execution, the webcast focused more on the denial of service threat due to this vulnerability. Unfortunately, Microsoft has chosen to not issue a patch for Windows 2000, even though Windows 2000 is a supported version of Windows with regards to patches and security fixes. ComputerWorld gives a good amount of detail in the article: Microsoft: Patching Windows 2000 ‘infeasible’ Dark Reading published Microsoft, Cisco Issue Defenses For TCP Denial-Of-Service Attack and The Register published Microsoft, Cisco issue patches for newfangled DoS exploit.
I know that there is a reasonable population of Windows 2000 machines in operation at my organization. So, this choice by Microsoft to not issue a patch for this vulnerability raises some concerns. Fortunately the vulnerable population is not publicly exposed and does not have mobile users. The layered defenses we have in place should help mitigate the risks to our environment. However, the risk is still there and the threat needs to be addressed. What other vulnerability will come out that Microsoft chooses not to address in a supported operating system? Are you facing the same situation in your environment? How large is the risk to your environment? What are you doing to address these threats? Why are you doing what you are doing? Share your thoughts with other ITKE readers.
Thanks for reading & let’s continue to be good network citizens.
Aug 28 2009 4:21PM GMT
Posted by: Troy Tate
malware,
bootkit,
rootkit,
antivirus,
threats,
vulnerabilities,
research,
blackhat,
hacker,
least user authority,
least user privilege,
Database,
Development,
information security,
infosec,
education
The media archives have now been posted on the BlackHat website from the BlackHat technical conference held in July 2009. This is the place to go if you want to see some of the latest information security research and the threats that are REAL and may become real someday. I posted a previous blog entry on the presentation about the Bootkit - rootkit - malware bypasses disk encryption!
Some of the presentation titles:
I Just Found 10 Million SSN’s
Sniff Keystrokes With Lasers/Voltmeters
Side Channel Attacks Using Optical Sampling of Mechanical Energy and Power Line Leakage
Anti-Forensics: The Rootkit Connection
Reversing and Exploiting an AppleĀ® Firmware Update
The Language of Trust: Exploiting Trust Relationships in Active Content
Mo’ Money Mo’ Problems: Making A LOT More Money on the Web the Black Hat Way
The Conficker Mystery
These are just some of the titles available in the BlackHat 2009 Technical Conference media library. Check it out even if you are a web developer or an IT professional who manages desktops or networks or staff members who perform these tasks. You need to know what you are up against and possible methods to fight the threats.
Thanks for reading & lets continue to be good network citizens!
Aug 24 2009 8:33PM GMT
Posted by: Troy Tate
malware,
bot,
command and control,
malware research,
information security,
threat,
vulnerability
If you haven’t recently kept up to date on the malware front, a recent article at DarkReading may come as a surprise to you. ALERT: Malware has become intelligent!
Rare Malware A Hint Of Threats To Come shows that malware has come a long way and has gained some significant intelligence to avoid detection. The article mentions that some attacks are more directed than broad. These attacks go at specific organizations and even specific data at those organizations. Once the data is collected, the malware can clean up after itself and disappear.
Other “intelligent” behavior seen by researchers includes command and control systems that can determine if a device is actually an owned bot or a researcher imitating a bot. In these types of cases, the command and control system can actually blacklist the researcher’s network range so it cannot intrude on the malware environment.
Quite intriguing stuff and this is what is really happening today! You should be familiar with this stuff if you manage a computer network and are responsible for security. Remember in secURITy - U R IT (you are IT).
Thanks for reading & let’s continue to be good network citizens!
Jul 24 2009 6:03PM GMT
Posted by: Troy Tate
wireshark,
ethereal,
network analysis,
bot,
data capture,
tutorial,
education,
Laura Chappell,
information security,
packet analysis,
packet capture,
network security,
Security
My favorite Bitgirl (Laura Chappell) is at it again in this 15 minute presentation. She came across a host on a network that appears to be infected with some bot application. Take a few minutes and watch and learn! Maybe you will see something you can use or better understand some odd behavior on your local network.
Analyze a BOT infected host using Wireshark Tutorial
Beware - there is a trick question in the presentation. Think hard… you probably know the right answer!
Thanks for reading & let’s continue to be good network citizens.
Jul 20 2009 7:22PM GMT
Posted by: Troy Tate
OWASP,
application development,
web application development,
web security,
application security,
cross-site scripting,
training,
information security,
internet security
If you do manage websites, then you should know about the Open Web Application Security Project (OWASP). This group is working to make web application security issues visible so organizations can make intelligent decisions about how to address the risks.
There is a great series of very short (5 minute) presentations from OWASP about web vulnerabilities. One of the most interesting is about cross site scripting (XSS) vulnerabilities. This is a huge issue and web application developers need to understand this threat and how to address it. Take a few minutes and watch the series. Maybe you will pick up something you never knew about web vulnerabilities and be able to better explain risks of certain applications to your organization.
These presentations are also focused on discussing the Consensus Audit Guidelines (CAG) and how they apply to application and service development.
Thanks for reading & let’s continue to be good network citizens!
