I’ve updated the Catagories archive so that rather than consisting of one long page for each catagory, the page will be break up each catagories by month. Not sure if that will be more search engine friendly or not. But it was somethign to try.
Archive for March 2007
Webroot State of Internet Security
Webroot has posted the Q107 State of Internet Security.
So much for the self defending network
Bail out now if you don’t want spoilers from this weeks 24….
In this weeks 24, Nadia’s computer is compromised from visiting a website belonging to an insurgant. Inexplicably there is also a hardware device found in her computer.
CTU had previously been protected by Cisco’s self-defending network.
Reconnex data protection
I ran across a product called Reconnex today. Their marketing director wrote an article on the Top 10 Steps for Privacy Data Protection for the ISSA Journal. I thought the article was interesting and addressed threats that we need to consider at work. As a result I checked out their website.
Basically they search through data at rest and determine what data needs protecting. Then they also watch the movement of that data as it leaves the network. If there is a data breach, you can use this to determine what was lost.
I would say right now that most companies do not know where the important data is, nor could they notice if it was being emailed to a competitor.
There was just news this week where Oracle sued SAP for hacking. In that instance they noticed that user IDs were being used to access the support knowledgebase and download everything. The userIDs belonged to companies that had just switched to SAP. The downloads came from SAP IP addresses. I don’t know that this product would have helped with that, but it does illustrate that data is our most important asset and most of us wouldn’t have even noticed that type of attack unless it caused a resource issue causing closer investigation.
Reconnex was part of a SANS webinar in January.
There was also a review in December’s Information Security Mag. Its not exactly a glowing review. Its good to hear from those who have evaled it.
16 Percent of Companies Aren’t Concerned about Spyware
http://www.networkworld.com/columnists/2007/032607edit.html
In a recent study about spyware by Nemertes Research, Senior Vice President Andreas Antonopoulos was surprised to find that 16% of the companies examined were not concerned about the threat.
The article notes that the reason for this isn’t lack of computer security spending at the companies in question. Nor is it because the companies are small. Frustratingly the article doesn’t explore further why this is the case. Perhaps its in the study, but since that study is cited but not linked we are left to speculate.
Perhaps the companies are not concerned because they’ve solved the problem.
Eugene Kaspersky believe that spyware should be addressed by antivirus vendors, not a separate product. Perhaps these companies feel their antivirus is good enough.
Perhaps they use HIPS and feel that prevents the spyware from being installed in the first place.
Perhaps uses aren’t given local administrator right.
Perhaps they just have bigger concerns.
At our company we’ve used an anti-spyware product ever since enterprise ready anti-spyware became available.
What Time is it? (Game Time) What time is it? (Game Time)
Hmm, this would have been a good title for for DST related post. Instead I’m writing about March Madness.
As a new administrator of our web filter I now get to hear about all the user requests related to things that do not work. On Thursday, I was approached by a colleague who showed me an email where a user reported they could not log into WTNT AM’s streaming audio. My colleague was incredulous that someone a) would be wasting company bandwidth (yea I know) and b) would have the boldness to complain about it. I was amazed because I had listed to that radio station that very morning. I know it works.
It turns out the user was trying to listen to the ACC basketball tourney. The radio station does not hold the right to broadcast this over the web so they don’t stream it. Hence the user’s problems. When I was listening, it switched over to music (a different licensing issue) but apparently they also disabled new logins for the duration.
No Comment
Comments and Trackbacks are temporarily offline, sorry.
Strange services on the firewall
The UNIX administrator asked me to scan his systems that are withing the scope of our Certification and Accreditation package. We have an auditor coming in next week to check our progress toward obtaining “authority to operate” and he wanted to make sure his systems were clean.
I found that our recently upgraded firewall now had several ports in the 37,xxx range that would act as a proxy. So basically, I could point my browser’s proxy settings to the firewall on those ports and it would let me out without the usual security filtering. A bit more scanning revealed that these services were enabled on other Solaris 10 servers, not just the firewall.
I hadn’t uncovered this before because my vulnerability scanner doesn’t scan all 65k TCP ports. I only uncovered it because one one server, these services operated on different ports that were scanned.
So once again, I’m not happy with how my vulnerability scanner has operated. But more importantly we’re left with the lesson that we need to run scans before systems move into production.
lsof isn’t a default part of Solaris so the Unix guys are still investigating what is providing those services. I left it to them to track it down since I had a few other things to do.
