Cyber security tools tend to pile up. Here’s how to rationalize them

Cyber security tools tend to pile up. Here’s how to rationalize them

Although vendor-written, this contributed piece does not advocate a position that is particular to the author’s employer and has been edited and approved by Network World editors.It’s a cliché, but “change is the only constant.”  Every company periodically reviews and makes changes to their applications, processes and solutions they use to conduct business. And nowhere is this rationalization more important than in the ever-shifting and increasingly perilous arena of cyber security.Companies often begin the security rationalization process after accumulating a portfolio of tools over the years (i.e. penetration testers, web-application, and code scanners) or through mergers and acquisitions or shifting business strategies.To read this article in full or to leave a comment, please click here

Juniper Introduces Software-Defined Secure Networks, Integrating Threat Detection & Adaptive Policy Control for Network Wide Enforcement

Traditional perimeter-based approaches to security are not enough to protect against increasingly sophisticated attacks that engineer their way into internal networks. Juniper introduces software-defined secure networks, a new model that integrates adaptive policy detection and enforcement into the entire network.

CTB-Locker ransomware hits over 100 websites

A new malicious program that encrypts files on Web servers has affected at least 100 websites over the past few weeks, signaling a new trend in ransomware development.The program, which is written in PHP, is called CTB-Locker, a name also used by one of the most widespread ransomware programs for Windows computers. It's not clear though if there's a relationship between this new Web-based ransomware and the Windows version.Once installed on a Web server, the program replaces the site's index.php and creates a directory called Crypt that contains additional PHP files. It starts to encrypt all the files in the server's Web directory when it receives a specifically crafted request from an attacker.To read this article in full or to leave a comment, please click here

Glitch in Hive smart thermostat sends temperatures soaring to nearly 90 degrees

You may have seen movies which feature some evil house that is out to get the occupants, but those usually aren’t smart homes. In real life if you use connected devices to make your home “smart,” then you might expect potential security flaws, but you don’t expect those IoT devices to act like they are possessed and to negatively control your house on their own.While you don’t want to freeze in the winter, there’s a big difference between being toasty in your home and being roasted alive. Yet some British Gas customers who have adopted Hive smart thermostats were at the mercy of the devices which sent temperatures soaring to nearly 90 degrees Fahrenheit (89.6). After the Hive thermostat, which has an app that works as the “remote control,” completely glitched out, some users took to Twitter to express their displeasure.To read this article in full or to leave a comment, please click here

Worth Reading: Busting DNS Myths

Considering that much of the publicity around DNS is made by vendors trying to differentiate their solutions, there are many misconceptions out there that guide people into making poor investment in their infrastructure. –via circleid

Continue reading

UC Berkeley makes third data breach disclosure in past 15 months

UC Berkeley on Friday revealed that it has alerted 80,000 current and former faculty, staff, students and vendors in the wake of a late December "criminal cyberattack" that could have compromised Social Security and bank account numbers. We're not talking an epic breach possibly affecting millions of people as did last year's Anthem and Ashley Madison compromises. But the revelation still must be unsettling for an institution that prides itself on cutting-edge cybersecurity research. UC Berkeley was among several big-name schools to receive millions from the Hewlett Foundation for cybersecurity policy research, and the school last year established the Center for Long-Term Cybersecurity.To read this article in full or to leave a comment, please click here

Gigamon brings big data analytics to security

The IT security environment has changed significantly over the past decade. Ten years ago, network security was certainly challenging but straightforward. Most organizations had a single network ingress/egress entry point and protected it with a high performance firewall. Today, the environment is completely different. Technologies like Internet of Things, cloud computing, software defined networking, BYOD and mobility have made IT much more complicated than ever before. The increase in IT complexity means more attack surfaces and more entry points that need to be protected. IT is now facing an asymmetric challenge where the security team must protect dozens or even hundreds of entry points where hackers merely have to find one way in. Putting a firewall at every possible entry point, which includes branch offices, wireless access points, consumer devices and IoT endpoints would be prohibitively expensive and complicated to manage.To read this article in full or to leave a comment, please click here

Simplifying WAN Complexity With Active Monitoring

In today's WAN, network administrators need to complement traditional SNMP-based tools with active monitoring. NetBeez lets administrators constantly monitor end-to-end connectivity and performance for every site.

The post Simplifying WAN Complexity With Active Monitoring appeared first on Packet Pushers.

Simplifying WAN Complexity With Active Monitoring

In today's WAN, network administrators need to complement traditional SNMP-based tools with active monitoring. NetBeez lets administrators constantly monitor end-to-end connectivity and performance for every site.

The post Simplifying WAN Complexity With Active Monitoring appeared first on Packet Pushers.

New firmware analysis framework finds serious flaws in Netgear and D-Link devices

A team of security researchers has found serious vulnerabilities in over a dozen wireless routers and access points from Netgear and D-Link with the help of an open-source framework that can be used to perform dynamic security analysis on embedded firmware.Called FIRMADYNE, the framework automatically runs Linux-based firmware designed for embedded devices in an emulated environment and then performs a variety of security tests, including checks on known exploits that exist in penetration testing tools.The framework was built by Daming Chen, Maverick Woo and David Brumley from Carnegie Mellon University and Manuel Egele from Boston University. It was released last week as an open source project along with an accompanying research paper.To read this article in full or to leave a comment, please click here

Who You Gonna Call When Your Network’s In Danger?

How to avoid common travel and vacation scams

As usual, winter's been bleak. You're ready to go ... anywhere else. Somewhere warmer, brighter, more fun. And someone else is there waiting and ready to steal your information — and your money — in the process. Travel scams are ripe and ripening as the days grow longer, in some high and very low tech ways. + ALSO ON NETWORK WORLD IRS Scam: 5,000 victims cheated out of $26.5 million since 2013 +"The really staggering message that came through in 2015 was that it was the year attackers spent a lot less time and energy on really sophisticated technology intrusions and instead spent the year exploiting us," says Kevin Epstein, vice president of the Threat Operations Center at Proofpoint. To read this article in full or to leave a comment, please click here

Pica8 scales OpenFlow 1,000x

White box switching company Pica8 this week enhanced its operating system software to overcome limitations in OpenFlow switching. Pica8 is adding Table Type Patterns (TTP) to PicOS so it can scale to 2 million flows with Cavium’s XPliant switch ASIC, and to 256,000 flows with Broadcom’s StrataXGS Tomahawk switch ASIC. This will enable larger data center build-outs, Pica8 says, because typical TCAM flow capacity in the top-of-rack installed base today is between 1,000 and 2,000 flows. +MORE ON NETWORK WORLD: Crossroads for OpenFlow?+To read this article in full or to leave a comment, please click here

A tale of a DNS exploit: CVE-2015-7547

This post was written by Marek Vavruša and Jaime Cochran, who found out they were both independently working on the same glibc vulnerability attack vectors at 3am last Tuesday.

A buffer overflow error in GNU libc DNS stub resolver code was announced last week as CVE-2015-7547. While it doesn't have any nickname yet (last year's Ghost was more catchy), it is potentially disastrous as it affects any platform with recent GNU libc—CPEs, load balancers, servers and personal computers alike. The big question is: how exploitable is it in the real world?

It turns out that the only mitigation that works is patching. Please patch your systems now, then come back and read this blog post to understand why attempting to mitigate this attack by limiting DNS response sizes does not work.

But first, patch!

Man in the middle attack (MitM)

Let's start with the PoC from Google, it uses the first attack vector described in the vulnerability announcement. First, a 2048-byte UDP response forces buffer allocation, then a failure response forces a retry, and finally the last two answers smash the stack.

$ echo "nameserver 127.0.0.1" | sudo tee /etc/resolv.conf
$ sudo python poc. Continue reading

New products of the week 2.29.2016

New products of the weekOur roundup of intriguing new products. Read how to submit an entry to Network World's products of the week slideshow. Savvius VigilKey features: Savvius Vigil is the security industry’s first network appliance capable of intelligently selecting, capturing, and storing months of relevant network data to enable rapid investigation of security incidents. More info.To read this article in full or to leave a comment, please click here

The CWNP: An Overview

Internet2 at 20: Alive and kicking

Nearly 20 years after its launch, Internet2 is quietly humming along on university campuses across the country, doing its R&D work and connecting researchers who might otherwise not be able to share information so readily.To read this article in full or to leave a comment, please click here(Insider Story)

Skyport eases the pain of deploying and securing remote servers

Skyport does one thing, and it does it well. Skyport offers SkySecure Server, a remotely deployable platform for Windows and/or Linux virtual machines in a fortress-like environment. You can rent one for $2,500 per month, or less. Skyport SkySecure Servers solve a major pain point for IT execs looking for control over their remote servers. Skyport provides a hardened server that can be safely deployed to off-premises locations with little to no pre-configuration headaches. It comes pre-built and ready to host and secure either their list or your qualified list of popular host operating systems as VMs. Once deployed it’s largely tamper proof, and its subsequent use is done remotely, securely, with full online-monitoring control. Skyport is as security-paranoid as we are; therefore we liked it, finding only a few foibles.To read this article in full or to leave a comment, please click here(Insider Story)

5G Networks Getting Closer