Network Security

Solera Networks has proclaimed its partnership with Sourcefire, Inc in June 16, 2010. It is recalled that this company is among the leading network forensics products and services company, and now, they can integrate the award-winning network forensics technology openly into Sourcefire’s event analysis. Through this, the Sourcefire’s packet analysis functionality is finally developed to comprise full session capture, providing detailed forensics for whatever security event.

The partnership becomes very effective for shifting incident response to some security event, while also providing full detail in the interest of understanding the circumstances before and after the security event.
According to Steve Shillingford, president and CEO of Solera Networks, Sourcefire is well-known in intrusion detection and prevention. He said that today’s organizations rely on Sourcefire technology to defend their critical assets. He also added that the combination of high-speed active network forensics with their platform turns out to another valuable tool in their arsenal to combat ever-changing and non-stop attacks. Network forensics and instant replay can agree on the complete source and range of any security event in the quickest possible time. This seems like a surveillance or DVR.

Sourcefire IPS vulnerability and anomaly-based inspection methods make the perfect combination to analyze network traffic and avoid threats, which can ruin the network. Solera Networks forensics appliances work to capture, index, record and replay all traffic, even on the fastest modern 10Gb networks.

The users of Sourcefire see parts or slices of network traffic surrounding a security alert. Such slices are set according to source/destination port, time, protocol, and many other parameters. The Solera DeepSee Forensics Suite rebuilds and delivers complete record and monitoring of anything crossing the network, counting artifacts (emails, files, malware, etc.) contained in the traffic. The combined solution keeps away known threats.

Martin Roesch, founder and CTO of Sourcefire said relates that threats are becoming more sophisticated and targeted, so he suggested a powerful advantage is gained in being able to see the full content of every attack on your network.

Network forensics from Solera Networks complements Sourcefire’s IPS and RNA products by showing everything that led up to and the best ways to prevent an attack. Having the authentic record of every network packet, consumers can understand the nature of the attacker so as to anticipate future attack attempts.

With the playback of traffic surrounding any security alert, the historical network record is allowed to authenticate updated signature files. Solera DS appliances have an exact replica of an organization’s network traffic, letting analysts to replay and review old traffic to a recently updated Sourcefire IPS, then, they can validate the latest incremental protection delivered by Sourcefire’s Vulnerability Research Team (VRT).

Coolcat Inc. is now tied with Digitiliti’s DigiLIBE(TM) Virtual Corporate Library, a provider of wide-ranging solution for managing, controlling and accessing unstructured data. This company is among the leaders in content and network security for government and the private sector.

Experts surely know Coolcat as the one that carries out restricted hacking exercises and access testing against wired and wireless networks and application environments. Programs uncover openings and malicious data that were thought to be secure. Coolcat put such high priority placed on information security, and government and enterprise clients, hence, the company does not give in to data protection and archive systems that do not meet very high standards.

Seth Oxhandler, Coolcat’s proud CEO, said that DigiLIBE is a smart replacement for a wide array of information management products, with their own intrinsic vulnerabilities, and that a single architecture incorporates data storage, archiving, backup, compliance and more so as to sustain the requirements for data security and access. Oxhandler and the company looks forward to going the distance with DigiLIBE in the next years of partnership.

“We’ve been impressed so far with Digitiliti’s approach to ‘content in context,’ meaning information is an asset to be leveraged rather than an expense to be managed,” said Oxhandler. “This tracks with the kinds of services we provide to our customers, which is all about helping them operate as efficiently and intelligently as possible.” He added.

Coolcat has established an enduring base for using the industry’s best tools for their managed services clients, this is why Ken Peters, Executive Vice President of Digitiliti, shows how happy he is to have the best system in managing their own data. He said, “Despite Coolcat’s position in the industry, they are not unlike other DigiLIBE users facing problems of data growth, data proliferation, and out-of-control email.”
DigiLibe are into solving basic problems connected with managing, controlling and quickly accessing unstructured data. This simple yet integrated Virtual Corporate Library (VCL) system with policy-based applications are designed to guard, direct and store data securely from its point of origin to final destination. Information is addressed to grow crossways all points of the organization counting office files, images, email, offsite, and archives.

The solitary architecture of DigiLibe includes three simple components, which are the information director, archive information store, and client agents. The number of disparate IT products needed, the complexity and costs involved with managing and supporting information growth are all reduced through such archigtecture.

The dollars should have been a great question to most people today, so the question remains, how high would the revenue be? According to records, the annual revenues increase 20 to 45 percent for the recent years and the data grows year after year. Their customer knowledge base therefore lets Coolcat influence DigiLIBE to capture and supply the operational intelligence.

For everyone’s information, it is not true that Linux is somehow resistant to malicious attacks. A vast collection of Linux systems may, in fact, be forfeited. Nevertheless, the Trojan is available in a download that should have no bearing on Linux in a business setting.

A thread from Unreal IRCd Forums exclaims that this is very embarrassing to discover that the Unreal 3.2.8.1.tar.gz file on their mirrors has been replaced with a version with a backdoor (trojan) in it. It is said there that the backdoor allows a person to perform any command with the privileges of the user running the ircd. The backdoor runs regardless of any user restrictions, even when you have a passworded server or hub that doesn’t allow any users in.

This post was dated November 2009 and it seems that nobody has noticed it until now.
Technically speaking, Unreal IRC refers to the Internet relay chat platform. It can be safe to assume that there is a pretty good number of Linux systems out there compromised by a backdoor Trojan. None of those systems should be present in business because of possible company identity theft.

At the end of the UnrealIRCd Forums post, they said that they did not check the files on all mirrors regularly and did not sign releases through PGP/GPG. This is a lesson for everybody, because files should be checked regularly and sign releases through PGP/GPG always.

With the poor security provided by Linux, anyone can be confident and set aside the checking and assuring that the software is not compromised. Linux makes up approximately less than two percent of the overall OS market, making it to be an unattractive target for attackers. This means that Linux owners are almost defenseless from attacks. Nonetheless, Linux experts know that the operating system is not bulletproof.
Linux and its accompanying tools and applications have hundreds of vulnerabilities. Linux OS however is hard to exploit vulnerability. Its open source vulnerabilities are fixed in hours rather than months.

To conclude, Linux is not resistant to attack. Linux systems in a business environment should not be running Unreal, though Unreal is not the only compromised software available.

Though Linux does not have major threats compared to Windows systems, it can’t be ignored that there are still threats to avoid. Even if such threats would not be exploited through a quickly-spreading worm, they can still lead to problems to systems. If you are using Linux, always check and make sure that your system is not compromised by a backdoor Trojan.

As more people get chances to work from home and connect to systems remotely, network security is becoming an important issue for enterprises.

The best approach to avoid unimportant risks as of one expert is that education of end-user though the right software can help mitigate the risk.

The technical director of Panda Security who is Luis Corrons explained that programs have the greater tendency to be infected with viruses and awful software in places where security education is less prioritizes.

He also added that the first thing is to try to avoid infections, by which nowadays is almost impossible.
Most malware is installed in security walls with corresponding task so it is really necessary to apply security in all your computers. The user’s training and education should be the main thing. Those are words from Mr. Corron after Panda Security issued a release telling that it had closed one of the largest botnets ever seen.

Software experts highlight about 25 universal bugs exploited by hackers.
Some of the software programming errors are responsible for virtually every major type of cyber attack, starting from the recent intrusions at Google, down to the disruptions and infringes of network security at private utilities and government agencies. This is according to a report published by two non-profit technology research organizations.

SANS (SysAdmin, Audit, Network, Security) Institute and Mitre are two sources of the information, wherein the identified 25 frequent coding errors putting mission critical systems at risk are enabling security bugs, cyber spying and cyber crime. Security analysts took action at a variety of organizations including the National Security Agency and the US Department of Homeland Security’s National Cyber Security Division.

The most common programming errors leading to security breaches are cross-site scripting flaws, SQL injection errors, and buffer overflow vulnerabilities.

SQL injection and Cross-site scripting are among the security weaknesses in 2010. This is what the researchers found out and even when a software package is not running on the web, there is a posibility that it has a web-based management interface or HTML-based output formats and that allow cross-site scripting. For data-rich software applications, SQL injection will give way to stealing the keys.

The other top vulnerabilities identified by the study were weak access control, cross site request counterfeit flaws, overly permissive default settings, and authentication mechanisms, a shortage in encryption support.

The researchers have divided the Top 25 risky software errors into three high-level categories named: porous defenses, risky resource management and insecure interaction between Components.

The “porous defenses”, weaknesses related to defensive techniques are often misused, abused, or just disregarded. On the other hand, the “risky resource management errors” category commonly occurs when software does not properly manage the creation, transfer, usage, or destruction of important system resources.
Insecure interaction between components includes many ways in which data is sent and received between separate components, processes, programs, modules, threads, or systems.

Researchers say that it seems as if software is all about the data, where it is set into the database, then pulled from it, massaged into information, and sent elsewhere for fun and profit. If attackers influence the SQL that you use to communicate with your database, then in short, all your fun and profit belongs to them. If you use SQL queries in security controls like authentication, attackers could alter the logic of those queries to bypass security. They modify the queries to corrupt, steal, or simply hack and change your underlying data. They can get data one byte at a time if they have to, and they really know what they are doing, most of the times, it pleases them.

Most of the time, software becomes the bridge between an outsider on the network and the internals of an operating system. Researchers say that as you are invoking another program on the operating system, while allowing untrusted inputs to be fed into the command string generated for executing that program, you will give way to attackers by executing their own commands instead of yours.

To eliminate the prominent programming errors, all users and experts need to unite to destroy the evil agenda of the cyber criminals. There should be no persistent threat from competing nation states. What a life we have if the internet will be hackers-free.

Fortinet® announced last February 22 that Kendra Krause, vice president of channel sales at Fortinet, was recognized as the 2010 Channel Chief by Everything Channel’s CRN. Channel Chiefs lead in creating effective channel programs for solution providers. Fortinet® (NASDAQ: FTNT) is a market-leading network security provider and a topnotch company for unified threat management (UTM) solutions.

Fortinet consistently defends, promotes and executes effective channel partner programs and strategies. Also recognized a CRN Top Woman in the Channel in 2008 and 2009, Krause has been part of Fortinet in July 2007. From then, shehas driven the creation of an industry-leading FortiPartner™ channel program. No doubt, she deserves high recognition for her achievements.

Kraise said that it is a tremendous honor to be named a CRN Channel Chiefand that receiving such recognition further validates Fortinet’s commitment to, and investment in, the FortiPartner program the past year, regardless of the tumultuous economy. She said that they will surely continue to help their partners create opportunities beyond just selling products but also innovative services and recurring sales opportunities this year.

The Channel Chiefs were chosen by Everything Channel for the eight consecutive years, as based on criteria including policy and program innovations made during the past year. They achieve the recognition because of the amount of revenue their company generates through partners, their readiness to speak out publicly on behalf of the channel, and the long years of dedication to channel activities.

Kelley Damore, VP, Editorial Director, Everything Channel, said his gratitude towards the prestigious honors that their company has received. Top channel executives constantly ensure that the Channel’s voice is heard when strategic decisions are being made and persistently, we nurture mutually profitable relationships.

A suspicious software program has been discovered to infect the computers of more than 2,500 corporations around the globe. This is according to NetWitness, a reputable computer network security firm.

Two Chinese Schools were said to got connected to Online Attacks in February 19, 2010. The spyware, or botnet, was said to command the operating systems of both residential and corporate computing systems. The botnets are used by hackers for a a wide array of prohibited online activities, including sending spams and stealing digital documents, and also pilfering passwords from infected computers. Such hackers usually install the so-called keystroke loggers to capture personal information.

The recent virus, nonetheless, was modest compared with the other known botnets. A system known as Conficker in 2008, for example, infected as many as 15 million computers at its peak and continues to contaminate more than seven million systems today.

We can only hear about Botnet attacks seasonally. Currently Shadowserver, an organization that tracks botnet activity, yield to 5,900 separate botnets.

Quite a few computer security experts raise a dispute relating to the company’s assertion that the botnet was a novel discovery. Such type of infection is well known to the computer security research community and is regularly tracked by a monitoring system, identifying more than 1,300 botnets of this design.

NetWitness say that it had discovered the program last month while the company was installing monitoring systems. The company labelled it as Kneber botnet, relating to a username that linked the infected systems.

The goal of the virus is to gather login credentials to social networking sites, online financial systems, and e-mail systems. From then, it will transmit that information to the system’s controllers.

As the investigation goes on, it has been determined that the botnet has compromised both commercial and government systems, including 68,000 corporate login credentials. Access to online banking accounts, e-mail systems, social network credentials were hacked along with more than 2,000 digital security certificates. This is also set along with significant identity thefts.

“Cyber criminal elements, like the Kneber crew, quietly and diligently target and compromise thousands of government and commercial organizations across the globe.”

“These large-scale compromises of enterprise networks have reached epidemic levels,” said Amit Yoran, chief executive of NetWitness and former director of the National Cyber Security Division of the Department of Homeland Security.

The company based in Herndon, Va., say that the new botnet made sophisticated use of a well-known Trojan Horse, which is a backdoor entryway to attack. This is what has been identified as ZeuS before.

“Many security analysts tend to classify ZeuS solely as a Trojan that steals banking information,” Alex Cox said. Cox is the principal analyst at NetWitness who investigates on Kneber botnet.

Cox said that such viewpoint is naïve. When they began to detect the correlation among both the methodology, which were used by the Kneber crew to attack victim machines and the wide variety of data sets harvested, the security teams needed to rethink their entire perspective on advanced threats such as ZeuS.

It has been discovered that about half of the machines infected with the Kneber botnet were previously infected by an earlier botnet known as Waledec.

Years before, once virus protection software in computers updates, you always feel secured. However, with almost all computers interconnected through IP networks, you are not so confident anymore.
Many people think that protection against viruses is very essential, but they don’t realize that it is like the tip of an iceberg. IP network security covers a vast array of measures to guard ranges of threats, internally and externally, and each station needs to set up a security policy so as to protect against them.

Policy on Security

A security policy is a guideline of rules and priorities that upper management has agreed upon as important for keeping the station running. While more and more station’s assets are included in network-connected storage systems, having all that data safe is becomes so important. Developing a security policy is primarily essential in keeping your programs, spots, and financial records secured.
With the upper management signing off on a security policy, more authority to its enforcement is earned, mainly when the security policy stands against a manager who can see no problem with surfing certain sites or downloading doubtful software or employees who whine about network restrictions.

To Start With

The strategy is a channel pointing out what needs protection and what it would mean once those areas were compromised. It also outlines the ways in which these assets can be targeted and what the most vulnerable areas are and how they can be protected. Goals should be set to achieve the desired level of protection.

TV Station- the policy here might cover several areas such are financial records, which include billing and traffic file access, nonlinear edit systems; on-air playout and archive storage; graphic systems; IP network segments carrying the feeds from remote locations; or an IP network that connects the studio to the transmitter. Once any of these systems is lost, and/or network segments as well, they would disrupt the workflow of the station and may probably result in loss of income and trust from creditors, the upper management and worse scenarios will follow. At any angle, the loss of any part of the IT infrastructure that you have will be costly, so you really need to be protected.

A computer system that is infected usually slows down, stop working or even corrupts data. However, how can a network segment is corrupted without it being unplugged? It is common for a spambot program to ruin a computer and send out spam e-mail at a very fast pace, it consequently occupies almost all available bandwidth of the network, thinking to be leading to the Internet. An employee may play as a new first-person shooter game who uses large bandwidth of online graphics, just imagine several employees playing games at the same time. This is among the examples and as everything becomes IP-based, it will be essential to improve communications between machines and systems as well as staying informed of what is happening in your network. It will all start with a security policy.

Storing up the data

Once essential part of a security policy is the commitment to back up all important data and being sure that necessary files are stored over time. Once something fails to function, computers should be replaced, but the date should be carefully backed up. Off-site storage will be thebest cases where your building cannot be accessed like fire or other unmanageable disasters. For large backups, you will need tapes or even Blue-ray Discs, and the transportation of data to a remote storage site is way more complicated. It will not include self-storage facilities where the temperature and humidity are uncontrollable.

Smaller data like weekly billing files and the chief engineer’s files, can be backed up with an online service working in the background and continually updating as files change. Always make sure you keep an off-site record of what online backup systems are in place. You need to know how to access them so make sure you keep the passwords unforgotten and safe. Using local hard drives for automatic backup will be a good, nonetheless, do not depend on them too much because there is the threat for catastrophic loss.

Strategy

The strategy to achieve goals is important; this outlines how you are going to meet the goals that are set out in the security policy. This includes defining the actual layout of the network(s) and how they are interconnected and the responsible entities for adding new users and setting up computers. Some of the most important aspects considered is assigning who is responsible for setting up any routers and other security software.

Since the personnel using the computer network plays a major role in protecting it, you may want your staff to sign an satisfactory use statement that is outlining the need for security practices and the penalties once the station policies are broken. It may include rules like installing any outside programs no matter how helpful they might appear to be and another is connecting any USB drives to the company computers especially those that may contain malware that can damage or spy on the network. Once trend in gaining illegal access to a company’s network is to leave a UBS flash drive with the company’s logo on it in the company parking lot, it will then be picked up by an employee, and when they attempt to open a document on it, a malware program starts up.

Though standard template-style suitable use statements are seen on the Internet, it is best to write your own since you can tailor it to your company’s specific requirements. Once the statement is too broad and complicated, your personnel may not understand it. Clear and simple steps should outline the statement, so it is easy to follow and easy to point out if it is violated.

Follow through

One of the hardest things to do is actually make sure all the policies are being carried out. Like the transmitter readings, a regular inspection of the network and updates to the employees can be good for SOP. Letting your employees know that you are aware of their submission to the rules will let them know that you take network security seriously. Apparently, running regular virus scans and keeping your antivirus software up to date are both important steps that any network administrator should consider. It’s also not a bad idea to have network security awareness reminders even for as regular as yearly.

Physical security

Your network equipment should be always safe as for your network security. Are you keeping the doors to the network closets locked all the time? Do you see front panels of the servers locked as well? Who maintain them and keep the access to such keys?

At one station, a wireless router installed on the second floor to allow wireless Internet access. Once router is set up properly with a unique password to gain access, it seemed like that was all they needed. The engineer discovered that the settings and the network name are not working at all router and it disturbed him for the settings were reset. He tried to set the router again and a week later, the trouble happened. The router had been left in an unlocked storage room on a table, it has turned out that someone who wanted access but don’t have the password had pressed the reset button. A quick search on the Internet has provided factory default password and allowed the person to access the network. It has opened up the entire network to the outside world. In its factory default settings, the router can allow access to users around company network and computers. The engineer moved the wireless router to a room and hid it under a plastic milk carton on the floor. No trouble has ever recorded since then.

This is an example of why physical security is also necessary to protect your network. Asode fro, location, one trouble that you should keep an eye on is is theft. With personnel in the broadcast facility 24/7, you can lose your equipment unexpectedly. Not like professional video equipment, a high-powered computer server could work just as well as a high-powered gaming system.

Cutting it off

Another method in use today is to take any mission-critical data and just cut it off from the Internet, isolating it from the rest of the network. Though it may not be possible in all cases, it will limit the avenues of access for viruses and other malware to reach valuable data and systems. It is another instance that could call for the use of subnets, which will allow parts of a network to have Internet access, and also blocking the same access to other parts.

There are times that a single computer is outfitted with two or more network interface cards, that is, they are connected to more than one network at a time. Though it seems to be isolating the two networks, and it actually links them. Once one side is connected to the Internet, malware can automatically install on that computer and infect others on both networks. Better way is with two computers and a KVM switch that will keep the two networks isolated.

Conclusion

Network security remains a controversial topic for broadcast engineers as broadcasting moves on with an all-IP infrastructure. Maintaining the station will depend on keeping your networks clear and your computers free from malware.

SYNNEX Corporation, the primary company in the field of business course services, opens up its integrated communication services with its sophisticated selling partners in Telecommunications, Data Servicing and Networking, and Voice and Video solutions. Its new Integrated Communications Group (ICG) makes use of a high quality, multi-retailing solution that offers a more incorporated communications to meet the desires of retailers’ costumers. A more redefined service compared to the conventional single retailing services usually offered. SYNNEX ICG gives a valuable, more incorporated communications solution to attain business reliability and develop a more productive service for end costumer.

SYNNEX ICG render top caliber services in seven sectors of communications to build a strong and firm business contacts with its resellers:
–
Still SYNNEX is in pursue of discovering valuable initiatives, like unified communications, in search of giving retailers wide variety of best choice in finding alternative IT services that meets the essence and productivity of businesses today.

Peter Larocque, President of U.S. Distribution at SYNNNEX Corporation, stated that the unified communication will set its boost at the United States over the coming years brought through by its convincing offers that provide advancement to businesses’ vital process and also economy to its end costumer. Delighted with its union to its top tier merchants, they are out to make bond for information, audio and video into a more reliable and incorporated solution.

About Synnex
SYNNEX Corporation, one Fortune 500 corporation, is among the top business process services company. It is servicing resellers and original equipment manufacturers (OEM) in several countries. This company provides services in IT distribution, while supplying chain management. It also contracts assembly and global business services. Synnex is founded in the United States, Japan, China, Canada, the United Kingdom, Mexico, the Philippines. You can find more about SYNNEX at their site: www.synnex.com.

Wise business managers know that implementing sound practices for network security can bring them big time returns through reduced costs, better network reliability, higher productivity, improved customer service, and lesser legal exposure. Applying good security techniques can provide greater peace of mind and more time to execute projects, producing significantly competitive advantages.

A carefully planned investment in network security organizes costs by reducing bandwidth and other IT requirements or investments, trimming down network and desktop maintenance and repairs, and ridding of exposure to legal liability, which can possibly give way to data breaches of pirated or unlawful materials or mere unsuspecting hosting. Better security increases employee productivity by abolishing spam and illicit web surfing. It also give greater network and desktop reliability with faster computers having lessened strain on the internal and external IT staff.

More effective security can provide greater assurances for not experiencing security or data breaches, keeping you from having a bad reputation, crippled relationships with customers and even lost of revenue due to serious litigation and fines. A cursory evaluation of a small-network attack can prove that any business cannot just neglect network security.