Network Security

Software experts highlight about 25 universal bugs exploited by hackers.
Some of the software programming errors are responsible for virtually every major type of cyber attack, starting from the recent intrusions at Google, down to the disruptions and infringes of network security at private utilities and government agencies. This is according to a report published by two non-profit technology research organizations.

SANS (SysAdmin, Audit, Network, Security) Institute and Mitre are two sources of the information, wherein the identified 25 frequent coding errors putting mission critical systems at risk are enabling security bugs, cyber spying and cyber crime. Security analysts took action at a variety of organizations including the National Security Agency and the US Department of Homeland Security’s National Cyber Security Division.

The most common programming errors leading to security breaches are cross-site scripting flaws, SQL injection errors, and buffer overflow vulnerabilities.

SQL injection and Cross-site scripting are among the security weaknesses in 2010. This is what the researchers found out and even when a software package is not running on the web, there is a posibility that it has a web-based management interface or HTML-based output formats and that allow cross-site scripting. For data-rich software applications, SQL injection will give way to stealing the keys.

The other top vulnerabilities identified by the study were weak access control, cross site request counterfeit flaws, overly permissive default settings, and authentication mechanisms, a shortage in encryption support.

The researchers have divided the Top 25 risky software errors into three high-level categories named: porous defenses, risky resource management and insecure interaction between Components.

The “porous defenses”, weaknesses related to defensive techniques are often misused, abused, or just disregarded. On the other hand, the “risky resource management errors” category commonly occurs when software does not properly manage the creation, transfer, usage, or destruction of important system resources.
Insecure interaction between components includes many ways in which data is sent and received between separate components, processes, programs, modules, threads, or systems.

Researchers say that it seems as if software is all about the data, where it is set into the database, then pulled from it, massaged into information, and sent elsewhere for fun and profit. If attackers influence the SQL that you use to communicate with your database, then in short, all your fun and profit belongs to them. If you use SQL queries in security controls like authentication, attackers could alter the logic of those queries to bypass security. They modify the queries to corrupt, steal, or simply hack and change your underlying data. They can get data one byte at a time if they have to, and they really know what they are doing, most of the times, it pleases them.

Most of the time, software becomes the bridge between an outsider on the network and the internals of an operating system. Researchers say that as you are invoking another program on the operating system, while allowing untrusted inputs to be fed into the command string generated for executing that program, you will give way to attackers by executing their own commands instead of yours.

To eliminate the prominent programming errors, all users and experts need to unite to destroy the evil agenda of the cyber criminals. There should be no persistent threat from competing nation states. What a life we have if the internet will be hackers-free.

Fortinet® announced last February 22 that Kendra Krause, vice president of channel sales at Fortinet, was recognized as the 2010 Channel Chief by Everything Channel’s CRN. Channel Chiefs lead in creating effective channel programs for solution providers. Fortinet® (NASDAQ: FTNT) is a market-leading network security provider and a topnotch company for unified threat management (UTM) solutions.

Fortinet consistently defends, promotes and executes effective channel partner programs and strategies. Also recognized a CRN Top Woman in the Channel in 2008 and 2009, Krause has been part of Fortinet in July 2007. From then, shehas driven the creation of an industry-leading FortiPartner™ channel program. No doubt, she deserves high recognition for her achievements.

Kraise said that it is a tremendous honor to be named a CRN Channel Chiefand that receiving such recognition further validates Fortinet’s commitment to, and investment in, the FortiPartner program the past year, regardless of the tumultuous economy. She said that they will surely continue to help their partners create opportunities beyond just selling products but also innovative services and recurring sales opportunities this year.

The Channel Chiefs were chosen by Everything Channel for the eight consecutive years, as based on criteria including policy and program innovations made during the past year. They achieve the recognition because of the amount of revenue their company generates through partners, their readiness to speak out publicly on behalf of the channel, and the long years of dedication to channel activities.

Kelley Damore, VP, Editorial Director, Everything Channel, said his gratitude towards the prestigious honors that their company has received. Top channel executives constantly ensure that the Channel’s voice is heard when strategic decisions are being made and persistently, we nurture mutually profitable relationships.

A suspicious software program has been discovered to infect the computers of more than 2,500 corporations around the globe. This is according to NetWitness, a reputable computer network security firm.

Two Chinese Schools were said to got connected to Online Attacks in February 19, 2010. The spyware, or botnet, was said to command the operating systems of both residential and corporate computing systems. The botnets are used by hackers for a a wide array of prohibited online activities, including sending spams and stealing digital documents, and also pilfering passwords from infected computers. Such hackers usually install the so-called keystroke loggers to capture personal information.

The recent virus, nonetheless, was modest compared with the other known botnets. A system known as Conficker in 2008, for example, infected as many as 15 million computers at its peak and continues to contaminate more than seven million systems today.

We can only hear about Botnet attacks seasonally. Currently Shadowserver, an organization that tracks botnet activity, yield to 5,900 separate botnets.

Quite a few computer security experts raise a dispute relating to the company’s assertion that the botnet was a novel discovery. Such type of infection is well known to the computer security research community and is regularly tracked by a monitoring system, identifying more than 1,300 botnets of this design.

NetWitness say that it had discovered the program last month while the company was installing monitoring systems. The company labelled it as Kneber botnet, relating to a username that linked the infected systems.

The goal of the virus is to gather login credentials to social networking sites, online financial systems, and e-mail systems. From then, it will transmit that information to the system’s controllers.

As the investigation goes on, it has been determined that the botnet has compromised both commercial and government systems, including 68,000 corporate login credentials. Access to online banking accounts, e-mail systems, social network credentials were hacked along with more than 2,000 digital security certificates. This is also set along with significant identity thefts.

“Cyber criminal elements, like the Kneber crew, quietly and diligently target and compromise thousands of government and commercial organizations across the globe.”

“These large-scale compromises of enterprise networks have reached epidemic levels,” said Amit Yoran, chief executive of NetWitness and former director of the National Cyber Security Division of the Department of Homeland Security.

The company based in Herndon, Va., say that the new botnet made sophisticated use of a well-known Trojan Horse, which is a backdoor entryway to attack. This is what has been identified as ZeuS before.

“Many security analysts tend to classify ZeuS solely as a Trojan that steals banking information,” Alex Cox said. Cox is the principal analyst at NetWitness who investigates on Kneber botnet.

Cox said that such viewpoint is naïve. When they began to detect the correlation among both the methodology, which were used by the Kneber crew to attack victim machines and the wide variety of data sets harvested, the security teams needed to rethink their entire perspective on advanced threats such as ZeuS.

It has been discovered that about half of the machines infected with the Kneber botnet were previously infected by an earlier botnet known as Waledec.

Years before, once virus protection software in computers updates, you always feel secured. However, with almost all computers interconnected through IP networks, you are not so confident anymore.
Many people think that protection against viruses is very essential, but they don’t realize that it is like the tip of an iceberg. IP network security covers a vast array of measures to guard ranges of threats, internally and externally, and each station needs to set up a security policy so as to protect against them.

Policy on Security

A security policy is a guideline of rules and priorities that upper management has agreed upon as important for keeping the station running. While more and more station’s assets are included in network-connected storage systems, having all that data safe is becomes so important. Developing a security policy is primarily essential in keeping your programs, spots, and financial records secured.
With the upper management signing off on a security policy, more authority to its enforcement is earned, mainly when the security policy stands against a manager who can see no problem with surfing certain sites or downloading doubtful software or employees who whine about network restrictions.

To Start With

The strategy is a channel pointing out what needs protection and what it would mean once those areas were compromised. It also outlines the ways in which these assets can be targeted and what the most vulnerable areas are and how they can be protected. Goals should be set to achieve the desired level of protection.

TV Station- the policy here might cover several areas such are financial records, which include billing and traffic file access, nonlinear edit systems; on-air playout and archive storage; graphic systems; IP network segments carrying the feeds from remote locations; or an IP network that connects the studio to the transmitter. Once any of these systems is lost, and/or network segments as well, they would disrupt the workflow of the station and may probably result in loss of income and trust from creditors, the upper management and worse scenarios will follow. At any angle, the loss of any part of the IT infrastructure that you have will be costly, so you really need to be protected.

A computer system that is infected usually slows down, stop working or even corrupts data. However, how can a network segment is corrupted without it being unplugged? It is common for a spambot program to ruin a computer and send out spam e-mail at a very fast pace, it consequently occupies almost all available bandwidth of the network, thinking to be leading to the Internet. An employee may play as a new first-person shooter game who uses large bandwidth of online graphics, just imagine several employees playing games at the same time. This is among the examples and as everything becomes IP-based, it will be essential to improve communications between machines and systems as well as staying informed of what is happening in your network. It will all start with a security policy.

Storing up the data

Once essential part of a security policy is the commitment to back up all important data and being sure that necessary files are stored over time. Once something fails to function, computers should be replaced, but the date should be carefully backed up. Off-site storage will be thebest cases where your building cannot be accessed like fire or other unmanageable disasters. For large backups, you will need tapes or even Blue-ray Discs, and the transportation of data to a remote storage site is way more complicated. It will not include self-storage facilities where the temperature and humidity are uncontrollable.

Smaller data like weekly billing files and the chief engineer’s files, can be backed up with an online service working in the background and continually updating as files change. Always make sure you keep an off-site record of what online backup systems are in place. You need to know how to access them so make sure you keep the passwords unforgotten and safe. Using local hard drives for automatic backup will be a good, nonetheless, do not depend on them too much because there is the threat for catastrophic loss.

Strategy

The strategy to achieve goals is important; this outlines how you are going to meet the goals that are set out in the security policy. This includes defining the actual layout of the network(s) and how they are interconnected and the responsible entities for adding new users and setting up computers. Some of the most important aspects considered is assigning who is responsible for setting up any routers and other security software.

Since the personnel using the computer network plays a major role in protecting it, you may want your staff to sign an satisfactory use statement that is outlining the need for security practices and the penalties once the station policies are broken. It may include rules like installing any outside programs no matter how helpful they might appear to be and another is connecting any USB drives to the company computers especially those that may contain malware that can damage or spy on the network. Once trend in gaining illegal access to a company’s network is to leave a UBS flash drive with the company’s logo on it in the company parking lot, it will then be picked up by an employee, and when they attempt to open a document on it, a malware program starts up.

Though standard template-style suitable use statements are seen on the Internet, it is best to write your own since you can tailor it to your company’s specific requirements. Once the statement is too broad and complicated, your personnel may not understand it. Clear and simple steps should outline the statement, so it is easy to follow and easy to point out if it is violated.

Follow through

One of the hardest things to do is actually make sure all the policies are being carried out. Like the transmitter readings, a regular inspection of the network and updates to the employees can be good for SOP. Letting your employees know that you are aware of their submission to the rules will let them know that you take network security seriously. Apparently, running regular virus scans and keeping your antivirus software up to date are both important steps that any network administrator should consider. It’s also not a bad idea to have network security awareness reminders even for as regular as yearly.

Physical security

Your network equipment should be always safe as for your network security. Are you keeping the doors to the network closets locked all the time? Do you see front panels of the servers locked as well? Who maintain them and keep the access to such keys?

At one station, a wireless router installed on the second floor to allow wireless Internet access. Once router is set up properly with a unique password to gain access, it seemed like that was all they needed. The engineer discovered that the settings and the network name are not working at all router and it disturbed him for the settings were reset. He tried to set the router again and a week later, the trouble happened. The router had been left in an unlocked storage room on a table, it has turned out that someone who wanted access but don’t have the password had pressed the reset button. A quick search on the Internet has provided factory default password and allowed the person to access the network. It has opened up the entire network to the outside world. In its factory default settings, the router can allow access to users around company network and computers. The engineer moved the wireless router to a room and hid it under a plastic milk carton on the floor. No trouble has ever recorded since then.

This is an example of why physical security is also necessary to protect your network. Asode fro, location, one trouble that you should keep an eye on is is theft. With personnel in the broadcast facility 24/7, you can lose your equipment unexpectedly. Not like professional video equipment, a high-powered computer server could work just as well as a high-powered gaming system.

Cutting it off

Another method in use today is to take any mission-critical data and just cut it off from the Internet, isolating it from the rest of the network. Though it may not be possible in all cases, it will limit the avenues of access for viruses and other malware to reach valuable data and systems. It is another instance that could call for the use of subnets, which will allow parts of a network to have Internet access, and also blocking the same access to other parts.

There are times that a single computer is outfitted with two or more network interface cards, that is, they are connected to more than one network at a time. Though it seems to be isolating the two networks, and it actually links them. Once one side is connected to the Internet, malware can automatically install on that computer and infect others on both networks. Better way is with two computers and a KVM switch that will keep the two networks isolated.

Conclusion

Network security remains a controversial topic for broadcast engineers as broadcasting moves on with an all-IP infrastructure. Maintaining the station will depend on keeping your networks clear and your computers free from malware.

SYNNEX Corporation, the primary company in the field of business course services, opens up its integrated communication services with its sophisticated selling partners in Telecommunications, Data Servicing and Networking, and Voice and Video solutions. Its new Integrated Communications Group (ICG) makes use of a high quality, multi-retailing solution that offers a more incorporated communications to meet the desires of retailers’ costumers. A more redefined service compared to the conventional single retailing services usually offered. SYNNEX ICG gives a valuable, more incorporated communications solution to attain business reliability and develop a more productive service for end costumer.

SYNNEX ICG render top caliber services in seven sectors of communications to build a strong and firm business contacts with its resellers:
–
Still SYNNEX is in pursue of discovering valuable initiatives, like unified communications, in search of giving retailers wide variety of best choice in finding alternative IT services that meets the essence and productivity of businesses today.

Peter Larocque, President of U.S. Distribution at SYNNNEX Corporation, stated that the unified communication will set its boost at the United States over the coming years brought through by its convincing offers that provide advancement to businesses’ vital process and also economy to its end costumer. Delighted with its union to its top tier merchants, they are out to make bond for information, audio and video into a more reliable and incorporated solution.

About Synnex
SYNNEX Corporation, one Fortune 500 corporation, is among the top business process services company. It is servicing resellers and original equipment manufacturers (OEM) in several countries. This company provides services in IT distribution, while supplying chain management. It also contracts assembly and global business services. Synnex is founded in the United States, Japan, China, Canada, the United Kingdom, Mexico, the Philippines. You can find more about SYNNEX at their site: www.synnex.com.

Wise business managers know that implementing sound practices for network security can bring them big time returns through reduced costs, better network reliability, higher productivity, improved customer service, and lesser legal exposure. Applying good security techniques can provide greater peace of mind and more time to execute projects, producing significantly competitive advantages.

A carefully planned investment in network security organizes costs by reducing bandwidth and other IT requirements or investments, trimming down network and desktop maintenance and repairs, and ridding of exposure to legal liability, which can possibly give way to data breaches of pirated or unlawful materials or mere unsuspecting hosting. Better security increases employee productivity by abolishing spam and illicit web surfing. It also give greater network and desktop reliability with faster computers having lessened strain on the internal and external IT staff.

More effective security can provide greater assurances for not experiencing security or data breaches, keeping you from having a bad reputation, crippled relationships with customers and even lost of revenue due to serious litigation and fines. A cursory evaluation of a small-network attack can prove that any business cannot just neglect network security.

The new licensing model decreases the entry prices for Unified Threat Management for as low as 50%, which has enabled partners to do successfully in a more service-oriented market.

Astaro Corporation (www.astaro.com ), among the leading European UTM vendor today, has announced that its new licensing model for the Astaro Security Gateway will give give way to new means to deploy UnifiedThreat Management solutions. With such new model, customers have freedom of choice among various dedicated applications that are made supplementary to their favored platform. Astaro releases further applications before the first quarter ends.

At the back of Astaro’s new licensing model, there is the idea that the Astaro Security Gateway stands as the central platform in any organization’s network. Such platform is where customers can add the necessary security applications. Under the new licensing, such platform can be deployed in three ways:

• Astaro Security Gateway hardware appliances, accessible in seven sizes
• Astaro Security Gateway Virtual appliance, specialized in VMware Ready®
• Astaro Security Gateway Software appliance, installed on various hardware

“This new strategy not only goes in line with the modern market’s preference for investing in services rather than buying infrastructure hardware components, it will also help our partner community better solve their customers’ needs,” said Jan Hichert, Astaro CEO “By providing partners with a business model that meets the market’s preferences we are setting up our partners for success today as well as in the future.”

Shoring up the concept, Astaro created the software and virtual base appliance for free- also referred to as the Essential-Firewall-edition. There is also the lower hardware prices by over 50% so customers can now connect additional security applications to the base platform on a subscription basis.

These are Astaro Security Applications are available today:

• Web Security – Spyware Protection, HTTPS Scanning, URL Filtering, User Reporting Antivirus Scanning, IM/P2P Filtering and the likes.
• Mail Security – Email Encryption, Anti Spam, Antivirus Scanning,
• Network Security – DoS Protection, Intrusion Prevention, Firewall, Branch Office VPN, Bandwidth Control, Directory Authentication, IPSec Remote Access, SSL Remote Access, Native Windows Remote Access and more.
The new model supports Astaro’s future product strategy as well. The vendor will release further applications later this year. The applications for mail archiving and for the management of wireless security are the ones expected to come first. Such applications will be released publicly in March, along with the CeBIT in Hannover, Germany, and the RSA in San Francisco, USA.

With the use of an alternative DNS provider like OpenDNS or Google’s Public DNS, you can increase security and improve performance at the same time. It will be worth it to compare your alternatives.
The Domain Name System (DNS) is the one we use and depend on, however, we do not really pay much attention to it. If you have some time investigating alternatives, you could really enhance your network’s presentation and security.
Before knowing how to do this, let us have a brief explanation about DNS. You can think of what a phone book does. It allows you to check someone’s phone number by browsing through the name of the entries. The DNS works similar for computers. For instance, if you type in “google.com”, it will translate that name into a sequence of four numbers, called IP address, which functions just like the phone number does. Checking this case, google.com’s number is set as 74.125.95.104.
The overall Internet infrastructure contains a series of master phone books, also called DNS root servers, found at strategic places ‘round the world and upheld by a collection of public, semi-public, and private providers. Talking to each other on a regular basis, they make sure that new domains are always in synch.
Just imagine, if someone wants to “destroy” one of the entries, or misdirect the Internet traffic to a phony domain, the right amount of subterfuge should be used. The same is what happened in 2008 when an Internet provider in Pakistan was able to block the access to all YouTube visitors when they banned the site to all Pakistanis.
Make the call
Different from phone numbers, once you are done setting up your network, you don’t normally give your DNS settings any additional thought. If you have a cable or DSL modem, you can hook it up and it mechanically gets its DNS settings from the cable or phone company’s DNS servers, that way, the IP address becomes unknown to you unless you take the time to check it. In case you run a large enterprise network, naturally you have your own internal DNS server to provide such service.
You can see a lot of alternative providers like OpenDNS and Google’s Public DNS. Why choose an alternative provider? First reason: because of better browsing performance and better security, which give protection from known phishing and malware-infected domains.
Assessing which of the alternative DNS providers give your users better performance is complicated. Many will depend on how you are connected to the ISP assigned to you, also their location, and your destination across the Internet.
Before picking an alternative DNS provider, a Java program can be used to test the speed of your own DNS vs Google and OpenDNS. Here are some sites you can visit for more details: The Browser Mob Blog (learning more about the Java tool); TechSutra or Habitually Good (getting information about OpenDNS vs. Google comparisons).
Change up
Changing your DNS settings for your PC or for your overall network, normally at your DHCP server or cable modem or router, you can check out any of the alternative providers that offer their services free. Some like OpenDNS, offer a lot more than just the mapping of IP addresses.
These are some instructions for changing the DNS settings. These instructions to implementing the change should not take you more than a couple of minutes.
• Google Public DNS
• OpenDNS
Only few other pleasant things about using the alternative providers can be found today. First thing is your choice to block objectionable domains, this can help you to protect yourself from possible lawsuits over workplace harassment claims.
Google and OpenDNS both spend time blocking known exploit domains, this means you have a better chance of being protected from hackers.
For your information, you can get better DNS service, since these providers have servers that will return the domains evidently quicker than the ones for the general Internet. For more advantage, common typos in domains are caught, hence if you are a type who commits several mistakes in typing URLs into your browser, Google and OpenDNS can frequently direct you to the place you prefer to be in.
Alternative lifestyle
The alternative DNS’s are like the first step in securing DNS resources. For more information, a good place to start is with Paul Vixie’s 2008 blog post. Vixie is one of the original Wise Men of the Internet. He has been involved in authoring numerous RFPs (Requests for Proposals) and protocols. He and others are part of a considerable attempt happening to create a new series of safe DNS protocol extensions and products to support these extensions.