IT Answers » IDS/IPS management

New Snort certification from Sourcefire — Beneficial or not?

SearchSecurityEditor — Wed, 20 Jul 2005 12:58:10 +0000

Hi folks,

I’m the editor of SearchSecurity.com, and I’m writing an article on Sourcefire’s new certification program. They’re offering certs on both Snort and Sourcefire products. I’m curious to know how these will be received by the user community — particularly the Snort cert. I know there’s a learning curve for the technology. Do you think the cert will help identify those that are Snort proficient, or will it be viewed as another vendor-provided paper cert? Is it a cert you would consider for yourself or your employees?

If you’re interested in talking personally, don’t hesitate to drop me an e-mail: cferraro@techtarget.com.

Thank you,
Crystal Ferraro
Editor, SearchSecurity.com

IM Blocking and URL Filtering

EngineerIT — Thu, 07 Jul 2005 03:18:13 +0000

We have Pix515E which is gateway to Internet.
We also got IWSS Proxy(Trend Micro) along with URL filtering module.
Domain users get directed to IWSS proxy (GPO settings) and restrictions about URL filterings can be imposed as per company’s policy.
Those users who are not on the domain, they can not get GPO settings and they do not get IWSS as there proxy. Hence they can browse any site they want.
My question is how to restrict the browsing for those users who are not on the domain.
Is it possible to redirect all HTTP traffic to IWSS to check before it is out?
Or is there any other way to solve this issue?

2nd MAJOR problem is: blocking MSN messanger and Yahoo messanger in the company’s network….
If we are blocking one particualr port, it still works…
MSN messenger to be blocked for domain users and for other users who are not on the domain.

Data vs. perimeter vs. network security

RobynLorusso23 — Wed, 04 May 2005 16:36:33 +0000

A short time ago, author Wes Noonan wrote some tips for SearchWindowsSecurity.com about deperimeterization. He explained how security is always pitted against business needs, and perimeters have become porous because businesses require traffic from SMTP, HTTP or VPNs to pass through the firewall. He then offered techniques for keeping data safe in spite of the activity at your perimeter.

I realize you have a variety of options when it comes to choosing a Windows line of defense, but I’m trying to get a sense of how many people actually lock down Windows at the data level. Do you invest most of your protection efforts at the data, perimeter or network level? What measures do you take to keep your Windows data secure even if the perimeter is compromised? Do you have data protection plans or products in place?

Another issue is that networks and applications are often treated as separate entities that never interact. This may be because they have different people maintaining them, unique security policies, etc. Is this the case in your shop?

I’m collecting this information for possible technical tips or a trends article on SearchWindowsSecurity.com.

Thanks for your time and attention. I hope to hear from you soon.

Best regards,
Robyn Lorusso
Editor
SearchWindowsSecurity.com

http://searchwindowssecurity.techtarget.com/

Is Windows security an afterthought?

RobynLorusso23 — Tue, 19 Apr 2005 15:00:40 +0000

As the editor of SearchWindowsSecurity.com, I often speak with users about their Windows security responsibilities. One senior systems analyst in particular sent me an interesting note recently… To give you some background, he’s in charge of configuring and administering desktop systems (primarily Win2000 and XP)for a large company, and he developed many of the security policies and procedures in place for those desktops. However, even with those seemingly important tasks on his plate, he said he took over Windows security only because no one else had.

He specifically said: “I ended up taking over the security functions because no one else was looking after them. I’ve learned a lot (enough to know there’s so much more to learn), earned my CISSP and started specializing in MS Windows security. I never really set out to do that though.”

Does this sound familiar to you? Were you recently or temporarily assigned Windows security responsibilities because they weren’t being handled? Did you choose to take over Windows security on your own? How long have you been working at it, or plan to?

Any feedback is appreciated. I will include comments in a story for SearchWindowsSecurity.com. I’m just trying to get a sense of how people got into the Windows security field, how long they’ve been in charge of securing Windows systems and if they plan to stay there.

You may contact me publicly or privately. Thanks for your time and attention!

Best regards,
Robyn Lorusso
Editor
SearchWindowsSecurity.com

http://searchwindowssecurity.techtarget.com/

Found Trojan.ByteVerify on my computer

jwise410 — Mon, 18 Apr 2005 10:20:17 +0000

Hi All,

Symantec recently discovered Trojan.ByteVerify on my computer. I run system checks weekly and am always cautious about the e-mails I open, the web sites I go to and what I click on, so I was pretty surprised to find I had a Trojan. It was quarantined and removed, but I’m worried about what it may have done and how I got it. Does anyone know anything about this Trojan? Where it comes from, what it does to your system, etc? Thanks!

Internet Explorer vs. Firefox

LMullen — Fri, 15 Apr 2005 14:14:31 +0000

New Discussion Post by

I’ve been hacked — I think….

LMullen — Mon, 11 Apr 2005 09:52:01 +0000

I’m an IT administrator with a little over 500 end users, running Windows 2000 and XP. One of our users is experiencing a problem with her Internet connection suddenly dropping for no apparent reason. When she restarts her computer, everything works fine for awhile, but then the connection drops again. The funny thing is, she’s noticed that her AOL Instant Messenger service still works even when she can’t access her e-mail. We’ve already run Netstat and noticed that more unknown open connections are being used to certain ports. This particular user has a laptop and works from home frequently, so we’re not sure all updates have been installed.
Has her computer been hacked? If so, what can I do initially to contain the damage, and what steps can I take to prevent such occurrences in the future?

How did I get a virus on my computer?

jwise410 — Wed, 06 Apr 2005 18:07:21 +0000

Do you hear that question or something similar too often? We’re taking an informal survery on SearchSecurity.com to find out what the most common security-related user questions are. Results will be compiled into a question and answer tip that you will be able to post or handout to your users.

What are the top 5 most common questions asked by your users?

Jenny Wiseman
Associate Editor, SearchSecurity.com

Security Forensics with Niksun or CA or Sandstorm

Jclarkfl — Tue, 01 Mar 2005 09:28:13 +0000

Does any have experience recording and tracking traffic with playback using any of these venders.

I am looking for the best solution to provide Forensics on my network.

Niksun or CA or Sandstorm

Also on a side not I am lookign for a product to do secure email delivery.

Please let me know if anyone has any exp. with the questions below too.

I am currently searching for the best application or service to provide end to end security for delivering encrypted emails from one company to another accross the Internet. I need the solutions to provide Smime, PGP, TLS, SSL, etc.

My goal is to some how have the app or user decide if the email needs to be encrypted, then apply a cert which can be maintained. The email then sent to the recpt. who then decryptes the message using either of these options. I hope that the gateway can negotiation which type to use with the other gateway/exchange server.

If the negotiation fails then just send an email with a link back to an SSL web server so the email is still encrypted. This needs to work for all companys including people with hotmail, yahoo, etc. accounts.

I am currently looking at:
sigaba
Tumbleweed
Iron Mail
Hushmail
utimaco

In this exact order

Does anyone have experience with these products or trying to secure the company external email?