RSS
Intelligence Sources From Unlikely Places
October 06, 2010 9:30 AM
No matter how hard we try to protect our networks, there is always the chance something will go awry. From hackers breaking into our mail servers to laptops infected with malware, we must watch for issues and get help where we can. Most of us have our traditional tools in place to watch for issues from the desktop to the servers: log analysis tools, IDS, AV reporting, and anything else we can possibly gather information from to help us fight threats and know what has burrowed into our infrastructures. Now content and ISPs are getting into the game for free.
The Case For Outbound Filtering
September 30, 2010 9:00 AM
We filter and block what comes into our networks, but often forget about what goes out. Attackers know this, and their attack plans even rely on it. Malware that has compromised an internal machine is often programmed to connect to a command-and-control system that resides outside the enterprise. And of course, attackers use outbound connections to transmit stolen data to their own repositories.
Know Your Product's Security Capabilities
August 16, 2010 9:00 AM
To build-out enterprises we utilize technologies in all forms. From the routers that shape the network to interrupters that understand the software powering our web servers, third parties have a hand in how secure our enterprise is. It is important when selecting third party technologies that security be kept in mind but we don't always get much of a choice. If we need a desktop operating system, we are pretty limited. If we need a widget for our website, however, we have more options. No matter the technology, ask the questions that matter to you around security. While you may not get all the answers you want, you will at least understand the risk better and be able to make better solutions in the long run.
The Limits Of Intuition
August 05, 2010 5:01 PM
We in IT often rely on gut instinct to make decisions. We pride ourselves on the ability to look at a problem and quickly find a solution. We see a vulnerability, know a nasty exploit exists, and react by telling everyone the vulnerability must be patched. Instict and intuition play a useful role in decision-making, but it's a lot more limited than many people would like to admit, particularly in the realm of security and risk management. It's foolish to think that the complex risks that a corporation faces can be met on intuition alone.
Insecurity On The Go
July 23, 2010 3:01 PM
Thanks to laptops, smartphones, iPads, and other new mobile devices, our enterprises now extend to the local coffee shop, hotels and even cars on the interstate and commuter trains. Organizations let users purchase their own devices and connect them to the enterprise in the name of productivity, but this policy also introduces risks. And IT shops know it. According to a recent InformationWeek Analytics survey on mobile device management (MDM), the number of respondents citing security as the primary reason for deploying MDM jumped by 40 percent between 2008 and 2010. It's up to IT organizations to make sure mobile devices are properly secured. With a little work, you can mitigate the risks these devices introduce.
IDS Best Practices
July 16, 2010 11:54 AM
Intrusion detection systems (IDSs) have a bad reputation. Yes, they can be noisy and generate lots of false positives, both the network- and host-based products. But they are very useful to have at the WAN edge and within your LAN, and you can correct the signal-to-noise ratio through proper tuning and by understanding your environment. In fact, knowing your environment is the foundation of everything we as security professionals do. If we don't understand what data flows between two points or what servers live in which subnets, we can't really know what to protect and how to protect it. When implementing an IDS or its cousin, the intrusion protection system (IPS), the same principle applies. Here are some best practices for implementing these tools that I've learned on the job.
Malware Busters
July 09, 2010 4:59 PM
I've been seeing many organizations struggle with malware lately, so I thought I'd offer a refresher on dealing with malicious software and all the ways it can creep into your organization. Removing malware and rebuilding infected systems eats up IT time and resources (not to mention the potential fallout from any stolen information), so your best bet is to prevent the compromise in the first place. Here's how.
Should You Secure Your LAN Like Your WAN?
July 02, 2010 9:00 AM
Everyone knows organizations should never send sensitive data such as credit card or social security numbers across the Internet unencrypted, but many organizations think traffic inside their firewalls doesn't require as much protection as traffic that goes outside the perimeter. That's not the case. Attacks can be perpetrated by an employee or by an attacker who finds a foothold on the network. Being attacked by a stranger is a problem, but company employees can do just as much--or even more--damage than a non-employee. Twenty percent of breaches were performed by internal staff, according to a data breach investigation report from Verizon. The median number of records compromised by internal attackers was more than twice as large as records stolen by external attackers (100, 000 to 37,847).
Rogue Hunter: How To Track Wild Access Points
June 24, 2010 2:30 PM
Rogue access points (AP) can show up on a network for any number of reasons. A user may set up an AP so he or she can bring a laptop to the break room and still have an Internet connection. A contractor or an internal engineer may set up a wireless router to create a test network and then forget to disable it at the end of the test. People who set up unauthorized APs usually don't mean any harm, but that doesn't make it harmless. If you think attackers aren't looking for wireless connections or can't exploit them, Google the TJX breach. Then start checking your own network. Here are a few suggestions for doing that.
Stupid Firewall Tricks
June 17, 2010 10:30 AM
Firewalls have a bad reputation in many organizations, but it's not always the firewall's fault. Often, organizations use firewalls in places where they aren't really needed. For example, common practice dictates that we should place firewalls with stateful packet inspection enabled in front of Web servers. But does this really make any sense? Why perform stateful packet inspection on a stateless protocol? Why use a firewall in front of Web property when 99 percent of the requests are allowed? This only piles on another device that could fail, another device to add latency, and another device to architect around.
White List Or Black List?
June 10, 2010 9:50 PM
I have spent my week deep in thought on how to secure connections from third-party business partners into my organization. Many of these partners work as an extension of the company, such as outsourced development and operations. These partners have access to source code, business documents, and other sensitive data we would prefer that no one could get to. Data theft is a serious concern, as are other issues, such as a malware infection that hops from a partner's system onto our network.
Best of the Web
VXLAN termination on physical devices
VXLAN is an Experimental IETF draft of protocols to enable the creation of a large overlay, multi-tenant network.
ONF Deadly Serious About OpenFlow-Based SDNs
: OpenFlow is poised to reach over-hyped status, yet there are practical, useful reasons for keeping an eye on Openflow. The biggest cloud players are involved and driving the feature creation.
Practical Introduction to Applied OpenFlow
Get a primer on the Openflow protocol and what it can do for networking.
On Resilience of Spit-Architecture Networks
This research papers investigates the practical issues in split-architecture networks and the placement of the controllers, such as Openflow controllers, in the network.
