Network Security

Solera Networks has proclaimed its partnership with Sourcefire, Inc in June 16, 2010. It is recalled that this company is among the leading network forensics products and services company, and now, they can integrate the award-winning network forensics technology openly into Sourcefire’s event analysis. Through this, the Sourcefire’s packet analysis functionality is finally developed to comprise full session capture, providing detailed forensics for whatever security event.

The partnership becomes very effective for shifting incident response to some security event, while also providing full detail in the interest of understanding the circumstances before and after the security event.
According to Steve Shillingford, president and CEO of Solera Networks, Sourcefire is well-known in intrusion detection and prevention. He said that today’s organizations rely on Sourcefire technology to defend their critical assets. He also added that the combination of high-speed active network forensics with their platform turns out to another valuable tool in their arsenal to combat ever-changing and non-stop attacks. Network forensics and instant replay can agree on the complete source and range of any security event in the quickest possible time. This seems like a surveillance or DVR.

Sourcefire IPS vulnerability and anomaly-based inspection methods make the perfect combination to analyze network traffic and avoid threats, which can ruin the network. Solera Networks forensics appliances work to capture, index, record and replay all traffic, even on the fastest modern 10Gb networks.

The users of Sourcefire see parts or slices of network traffic surrounding a security alert. Such slices are set according to source/destination port, time, protocol, and many other parameters. The Solera DeepSee Forensics Suite rebuilds and delivers complete record and monitoring of anything crossing the network, counting artifacts (emails, files, malware, etc.) contained in the traffic. The combined solution keeps away known threats.

Martin Roesch, founder and CTO of Sourcefire said relates that threats are becoming more sophisticated and targeted, so he suggested a powerful advantage is gained in being able to see the full content of every attack on your network.

Network forensics from Solera Networks complements Sourcefire’s IPS and RNA products by showing everything that led up to and the best ways to prevent an attack. Having the authentic record of every network packet, consumers can understand the nature of the attacker so as to anticipate future attack attempts.

With the playback of traffic surrounding any security alert, the historical network record is allowed to authenticate updated signature files. Solera DS appliances have an exact replica of an organization’s network traffic, letting analysts to replay and review old traffic to a recently updated Sourcefire IPS, then, they can validate the latest incremental protection delivered by Sourcefire’s Vulnerability Research Team (VRT).

Coolcat Inc. is now tied with Digitiliti’s DigiLIBE(TM) Virtual Corporate Library, a provider of wide-ranging solution for managing, controlling and accessing unstructured data. This company is among the leaders in content and network security for government and the private sector.

Experts surely know Coolcat as the one that carries out restricted hacking exercises and access testing against wired and wireless networks and application environments. Programs uncover openings and malicious data that were thought to be secure. Coolcat put such high priority placed on information security, and government and enterprise clients, hence, the company does not give in to data protection and archive systems that do not meet very high standards.

Seth Oxhandler, Coolcat’s proud CEO, said that DigiLIBE is a smart replacement for a wide array of information management products, with their own intrinsic vulnerabilities, and that a single architecture incorporates data storage, archiving, backup, compliance and more so as to sustain the requirements for data security and access. Oxhandler and the company looks forward to going the distance with DigiLIBE in the next years of partnership.

“We’ve been impressed so far with Digitiliti’s approach to ‘content in context,’ meaning information is an asset to be leveraged rather than an expense to be managed,” said Oxhandler. “This tracks with the kinds of services we provide to our customers, which is all about helping them operate as efficiently and intelligently as possible.” He added.

Coolcat has established an enduring base for using the industry’s best tools for their managed services clients, this is why Ken Peters, Executive Vice President of Digitiliti, shows how happy he is to have the best system in managing their own data. He said, “Despite Coolcat’s position in the industry, they are not unlike other DigiLIBE users facing problems of data growth, data proliferation, and out-of-control email.”
DigiLibe are into solving basic problems connected with managing, controlling and quickly accessing unstructured data. This simple yet integrated Virtual Corporate Library (VCL) system with policy-based applications are designed to guard, direct and store data securely from its point of origin to final destination. Information is addressed to grow crossways all points of the organization counting office files, images, email, offsite, and archives.

The solitary architecture of DigiLibe includes three simple components, which are the information director, archive information store, and client agents. The number of disparate IT products needed, the complexity and costs involved with managing and supporting information growth are all reduced through such archigtecture.

The dollars should have been a great question to most people today, so the question remains, how high would the revenue be? According to records, the annual revenues increase 20 to 45 percent for the recent years and the data grows year after year. Their customer knowledge base therefore lets Coolcat influence DigiLIBE to capture and supply the operational intelligence.

For everyone’s information, it is not true that Linux is somehow resistant to malicious attacks. A vast collection of Linux systems may, in fact, be forfeited. Nevertheless, the Trojan is available in a download that should have no bearing on Linux in a business setting.

A thread from Unreal IRCd Forums exclaims that this is very embarrassing to discover that the Unreal 3.2.8.1.tar.gz file on their mirrors has been replaced with a version with a backdoor (trojan) in it. It is said there that the backdoor allows a person to perform any command with the privileges of the user running the ircd. The backdoor runs regardless of any user restrictions, even when you have a passworded server or hub that doesn’t allow any users in.

This post was dated November 2009 and it seems that nobody has noticed it until now.
Technically speaking, Unreal IRC refers to the Internet relay chat platform. It can be safe to assume that there is a pretty good number of Linux systems out there compromised by a backdoor Trojan. None of those systems should be present in business because of possible company identity theft.

At the end of the UnrealIRCd Forums post, they said that they did not check the files on all mirrors regularly and did not sign releases through PGP/GPG. This is a lesson for everybody, because files should be checked regularly and sign releases through PGP/GPG always.

With the poor security provided by Linux, anyone can be confident and set aside the checking and assuring that the software is not compromised. Linux makes up approximately less than two percent of the overall OS market, making it to be an unattractive target for attackers. This means that Linux owners are almost defenseless from attacks. Nonetheless, Linux experts know that the operating system is not bulletproof.
Linux and its accompanying tools and applications have hundreds of vulnerabilities. Linux OS however is hard to exploit vulnerability. Its open source vulnerabilities are fixed in hours rather than months.

To conclude, Linux is not resistant to attack. Linux systems in a business environment should not be running Unreal, though Unreal is not the only compromised software available.

Though Linux does not have major threats compared to Windows systems, it can’t be ignored that there are still threats to avoid. Even if such threats would not be exploited through a quickly-spreading worm, they can still lead to problems to systems. If you are using Linux, always check and make sure that your system is not compromised by a backdoor Trojan.