Network Security

The new licensing model decreases the entry prices for Unified Threat Management for as low as 50%, which has enabled partners to do successfully in a more service-oriented market.

Astaro Corporation (www.astaro.com ), among the leading European UTM vendor today, has announced that its new licensing model for the Astaro Security Gateway will give give way to new means to deploy UnifiedThreat Management solutions. With such new model, customers have freedom of choice among various dedicated applications that are made supplementary to their favored platform. Astaro releases further applications before the first quarter ends.

At the back of Astaro’s new licensing model, there is the idea that the Astaro Security Gateway stands as the central platform in any organization’s network. Such platform is where customers can add the necessary security applications. Under the new licensing, such platform can be deployed in three ways:

• Astaro Security Gateway hardware appliances, accessible in seven sizes
• Astaro Security Gateway Virtual appliance, specialized in VMware Ready®
• Astaro Security Gateway Software appliance, installed on various hardware

“This new strategy not only goes in line with the modern market’s preference for investing in services rather than buying infrastructure hardware components, it will also help our partner community better solve their customers’ needs,” said Jan Hichert, Astaro CEO “By providing partners with a business model that meets the market’s preferences we are setting up our partners for success today as well as in the future.”

Shoring up the concept, Astaro created the software and virtual base appliance for free- also referred to as the Essential-Firewall-edition. There is also the lower hardware prices by over 50% so customers can now connect additional security applications to the base platform on a subscription basis.

These are Astaro Security Applications are available today:

• Web Security – Spyware Protection, HTTPS Scanning, URL Filtering, User Reporting Antivirus Scanning, IM/P2P Filtering and the likes.
• Mail Security – Email Encryption, Anti Spam, Antivirus Scanning,
• Network Security – DoS Protection, Intrusion Prevention, Firewall, Branch Office VPN, Bandwidth Control, Directory Authentication, IPSec Remote Access, SSL Remote Access, Native Windows Remote Access and more.
The new model supports Astaro’s future product strategy as well. The vendor will release further applications later this year. The applications for mail archiving and for the management of wireless security are the ones expected to come first. Such applications will be released publicly in March, along with the CeBIT in Hannover, Germany, and the RSA in San Francisco, USA.

With the use of an alternative DNS provider like OpenDNS or Google’s Public DNS, you can increase security and improve performance at the same time. It will be worth it to compare your alternatives.
The Domain Name System (DNS) is the one we use and depend on, however, we do not really pay much attention to it. If you have some time investigating alternatives, you could really enhance your network’s presentation and security.
Before knowing how to do this, let us have a brief explanation about DNS. You can think of what a phone book does. It allows you to check someone’s phone number by browsing through the name of the entries. The DNS works similar for computers. For instance, if you type in “google.com”, it will translate that name into a sequence of four numbers, called IP address, which functions just like the phone number does. Checking this case, google.com’s number is set as 74.125.95.104.
The overall Internet infrastructure contains a series of master phone books, also called DNS root servers, found at strategic places ‘round the world and upheld by a collection of public, semi-public, and private providers. Talking to each other on a regular basis, they make sure that new domains are always in synch.
Just imagine, if someone wants to “destroy” one of the entries, or misdirect the Internet traffic to a phony domain, the right amount of subterfuge should be used. The same is what happened in 2008 when an Internet provider in Pakistan was able to block the access to all YouTube visitors when they banned the site to all Pakistanis.
Make the call
Different from phone numbers, once you are done setting up your network, you don’t normally give your DNS settings any additional thought. If you have a cable or DSL modem, you can hook it up and it mechanically gets its DNS settings from the cable or phone company’s DNS servers, that way, the IP address becomes unknown to you unless you take the time to check it. In case you run a large enterprise network, naturally you have your own internal DNS server to provide such service.
You can see a lot of alternative providers like OpenDNS and Google’s Public DNS. Why choose an alternative provider? First reason: because of better browsing performance and better security, which give protection from known phishing and malware-infected domains.
Assessing which of the alternative DNS providers give your users better performance is complicated. Many will depend on how you are connected to the ISP assigned to you, also their location, and your destination across the Internet.
Before picking an alternative DNS provider, a Java program can be used to test the speed of your own DNS vs Google and OpenDNS. Here are some sites you can visit for more details: The Browser Mob Blog (learning more about the Java tool); TechSutra or Habitually Good (getting information about OpenDNS vs. Google comparisons).
Change up
Changing your DNS settings for your PC or for your overall network, normally at your DHCP server or cable modem or router, you can check out any of the alternative providers that offer their services free. Some like OpenDNS, offer a lot more than just the mapping of IP addresses.
These are some instructions for changing the DNS settings. These instructions to implementing the change should not take you more than a couple of minutes.
• Google Public DNS
• OpenDNS
Only few other pleasant things about using the alternative providers can be found today. First thing is your choice to block objectionable domains, this can help you to protect yourself from possible lawsuits over workplace harassment claims.
Google and OpenDNS both spend time blocking known exploit domains, this means you have a better chance of being protected from hackers.
For your information, you can get better DNS service, since these providers have servers that will return the domains evidently quicker than the ones for the general Internet. For more advantage, common typos in domains are caught, hence if you are a type who commits several mistakes in typing URLs into your browser, Google and OpenDNS can frequently direct you to the place you prefer to be in.
Alternative lifestyle
The alternative DNS’s are like the first step in securing DNS resources. For more information, a good place to start is with Paul Vixie’s 2008 blog post. Vixie is one of the original Wise Men of the Internet. He has been involved in authoring numerous RFPs (Requests for Proposals) and protocols. He and others are part of a considerable attempt happening to create a new series of safe DNS protocol extensions and products to support these extensions.

Many places offer WiFi connection to their patrons, free with the services or goods offered at the location. However, unless you have made certain that the connection is entirely secure, then you may be putting your precious data at risk. It is simple to log onto the internet at any local fast food restaurant or coffee shop. Despite this, you have to use caution to be sure that you will be assured of your Wireless Security and safety while you are at that location. There are several ways to do this when using wireless networks outside of the home either on your laptop or any other device.

The best way to do this is to only log into wireless networks that have a user name and password, such as is offered occasionally on free networks where you log-on as a guest. This guarantees that the network has at least some significant measures of security. However, finding a location with a log-in of this nature may not always be possible. Another way to assure your safety is to ask the manager or the person in charge of the internet if the system is using a wireless intrusion protection system (WIPS). WIPS is the best way to protect yourself when using a free wireless network from your portable computer, because it blocks out many hackers and other damaging things from getting onto the network easily.

There are also many ways to protect your home WiFi system that people frequently overlook. Lack of security allows hackers to access computers and personal information, so that even while you are safely sitting at home, someone may be stealing from you. Many people use the ÒWEPÓ locking system for their home network or no lock at all. Unfortunately, this is not a good protection system at this point, as using no lock allows your neighbors to use your internet for free and lets anyone who wants to get into and infect your network with spam or spyware or malware. WEP password systems are easily cracked by anyone who really wants to get in, so this standard locking system is really of only little uses.

A better locking system than WEP is WPAv1, wireless protected access. This system provides significantly better security than the average WEP system. It is not perfect, however, it can still be cracked by a dedicated hacker, but with significantly more trouble than cracking a WEP network. All routers that can accommodate WEP can accommodate WPA without any additional hardware, which makes it very attractive to many wireless network owners. If you have a home wireless network and you are not using a locking system or are using WEP, it is highly recommended that you switch to WPA.

The newest and best system for wireless internet security that has come out is 802.11i security. It does require new hardware to use this system, unlike WPA. However, it is considerably more secure. Because it is new, there are fewer programs that can be used to crack the system. If having a safe wireless system is extremely important to you, then purchasing the hardware for 802.11i security may be a very good investment.

Computer communication has gradually evolved to higher bandwidth modes of transmission. In the old days, there was teletype that was succeeded by dial-up modems, some acoustic and some electronic. From a security perspective, modems offered the advantage of calls being traceable via the telephone network. Certainly, authentication and identification could be circumvented via phreaking approaches, including black boxing, silver boxing, or using diverters and other ATM spoofs. But, those techniques were not widely accessible or easily executed. So, there was a certain level of accountability present to all, but the more sophisticated hackers.

With the move to broadband, computer identification relies more upon the IP addressing system and on unique MAC identifiers. This poses the problem that both IP addresses and MAC identifiers are easy to change, or worse, to clone. Spoofing IP addresses is easily accomplished through the use of downloadable applications that can be located on popular search engines. Chaining through proxy servers also is a popular approach, and with the availability of both web-based and application-based proxy servers and proxy searchers, the determined hacker’s identity can be masked by 10 or more layers of misrouting.

Broadband also raises the issue that much more information can be transferred within a much briefer period of time. Before the amount of data that could be stolen was limited by the bandwidth of the dial-up. With transfer rates exceeding the 30 MBps rate on fiber optic now and in the range of 10 MBps on cable modem, the rate of thievery possible today is laughable compared to what was possible before on 110 baud or 300 baud modems. What would have taken weeks to purloin before can now be obtained by the determined hacker within seconds. Perhaps more problematic, it can be propagated to his or her cronies in a similar timeframe so that gigabytes of data could spread to thousand of user within the time it might previously have taken one user to obtain kilobytes of data. The scale is thievery is thereby now faster and more virulent.

With our current communication infrastructure, it also is now possible to launch denial of service attacks that previously were unfathomable with previous communication technologies. Terabytes of data can be launched against target computers to essentially shut them down or disable them as both the bandwidth pipeline and the target computer’s CPU collapse under the pressure. Even single computers can slow target computers with the available bandwidth and a distributed denial of service attack is even more difficult to defend against.

So, it can be said as with most technological advances, we have a double edged sword with our advances in computer communication. While our connectivity and higher speeds has clearly increased our productivity in numerous domains, it also has increased the productivity of hackers and computer criminals. With every technological progression, we must raise our defenses against misuse of that technology. Computer users, computer IT professionals, computer programmers, and law enforcement should all band together to ensure that the gains we have made in telecommunication are not exploited by hackers leading to gains in their pocketbooks.