PQ Show 51 – LightCyber Magna Active Breach Detection – Sponsored
LightCyber Magna Active Breach Detection automatically detects active attackers by identifying the anomalous operational behaviors sourced from compromised hosts in your network. By focusing on actual attack behaviors, and not technical artifacts like signatures, Magna provides accurate breach indicators and eliminates excessive false positives.
Author information
The post PQ Show 51 – LightCyber Magna Active Breach Detection – Sponsored appeared first on Packet Pushers Podcast and was written by Ethan Banks.
How to Enable Dot1x – more complex setup for wired network
How does Internet work - We know what is networking
This one is long. Do not be afraid though, I made it just to give you the fastest way to deploy functional dot1x to your company HQ without reading even more documentation and searching for those little timer default settings. I the article prior to this I showed you how to setup your environment with simple dot1x and make it as simple as possible. I will not repeat again the part about setting up Radius Clients on server side, everything else is here once again just more complex. Now is time for a more complex example that will make your implementation
How to Enable Dot1x authentication for wired clients
How does Internet work - We know what is networking
If your LAN is extending to some places where unauthorised people can just plug in and gain access to your protected network, it’s time to implement some security on your access switch. The best thing to do is to implement IEEE 802.1X port-based authentication which will enable users/machine authentication and prevent unauthorized devices from getting access switch port running when connected. IEEE 802.1X port-based authentication is mostly called simply as dot1x. In this article I will show you how to configure some basic dot1x stuff on switch side. I will also include Windows machine side of configuration as this is something most people presume
Why It’s So Hard To Find Intruders After A Network Penetration
This guest blog post is by Jason Matlof, Executive Vice President, LightCyber. We thank LightCyber for being a sponsor. LightCyber’s Magna Active Breach Detection platform is a behavior-based detection system that integrates network and endpoint context and is designed specifically to find active breaches after a threat actor has already penetrated a network. To hear […]
Author information
The post Why It’s So Hard To Find Intruders After A Network Penetration appeared first on Packet Pushers Podcast and was written by Drew Conry-Murray.
Symantec Does Security Orchestration for NSX, With CIO ‘Pushing’ for ACI
The future of security lies in orchestration, Symantec believes
Intel Security Controller Taps VMware NSX as First Partner
Intel taps NSX over ACI for security controller integration.
Uh, the only reform of domestic surveillance is dismantling it
A lot of smart people are cheering the reforms of domestic surveillance in the USA "FREEDOM" Act. Examples include Timothy Lee, EFF, Julian Sanchez, and Amie Stepanovich. I don't understand why. Domestic surveillance is a violation of our rights. The only acceptable reform is getting rid of it. Anything less is the moral equivalent of forcing muggers to not wear ski masks -- it doesn't actually address the core problem (mugging, in this case).
Bulk collection still happens, and searches still happen. The only thing the act does is move ownership of the metadata databases from the NSA to the phone companies. In no way does the bill reform the idea that, on the pretext of terrorism, law enforcement can still rummage through the records, looking for everyone "two hops" away from a terrorist.
We all know the Patriot Act is used primarily to prosecute the War on Drugs rather than the War on Terror. I see nothing in FREEDOM act that reforms this. We all know the government cloaks its abuses under the secrecy of national security -- and while I see lots in the act that tries to make things more transparent, the act still Continue reading
Understanding TSA Math
At the end of every year, the TSA blogs about the weapons and explosives it prevented from getting on board airplanes. They are trying to brag about all the dangers they've stopped. But the opposite is true, when you do the math, you realize that they are stopping no dangers at all. The TSA stops less than half the bombs that get on board airplanes -- yet airplanes are not falling out of the sky due to the bombs that do get on board. Thus, mathematically, bombs aren't a danger. It therefore doesn't matter if the TSA stops bombs or not.
We know the TSA stops less than 50% of bad stuff from various sources. The first is the government's own tests, such as that described in a recent story where the TSA failed a shockingly 95% of the time.
Another is a statistic reported by the TSA where the number of firearms they stop every year is rapidly increasing. This does not match any other trend in society, such as the number of people carrying firearms. The only reason for such rapid growth is that the TSA gets better every year at detection. That means, historically, the TSA is Continue reading
Understanding Official Repos on Docker Hub
What are Official Repositories? Official Repositories (“Repos”) are a curated set of image repositories that contain content packaged and maintained directly by Docker, our upstream partners, and the broader community. The repository itself contains the same software you can get … ContinuedUlbricht’s judge punished him for political dissent; you should find this outrageous
Silk Road operator Ross Ulbricht was sentenced to life in prison without parole. Maybe this is a fair sentence for selling $200 million in illegal drugs. Or, since all the lawyers I talk to think it's excessive (worse than what even the prosecutors asked for), maybe it's within the normal range of excess in the War on Drugs. I'm not a lawyer, so I can't judge this.But, I'm interested in the comments the judge made justifying her hard sentence. According to Andy Greenberg at WIRED, the judge said:
“The stated purpose [of the Silk Road] was to be beyond the law. In the world you created over time, democracy didn’t exist. ... Silk Road’s birth and presence asserted that its…creator was better than the laws of this country. This is deeply troubling, terribly misguided, and very dangerous.”This is silly on the face of it. The stated purpose of all crime is to "be beyond the law". I mean, when I go above the speed limit in my BMW, my stated purpose is to go beyond the legal limit. I'm not sure I understand the logic here.
I'm being disingenuous, of course, because I do understand. What the Continue reading
Two New Official Repos Added in May
We’re excited to highlight two new Official Repos that we added to Docker Hub in May. These repos are the latest additions to a growing library of curated content maintained by Docker and our partners. Check them out: Cassandra Apache … ContinuedWhy Firewalls Won’t Matter In A Few Years
This presentation from Alex Stamos, CSO of Yahoo during the AppSec conference is explains why firewalls are not part of their security strategy. Firewalls operating at 10G or more are not cost effective. Vertical scaling of performance costs more than the services are worth. At 100G, a firewall has less than 6.7 nanoseconds to “add value” […]
The post Why Firewalls Won’t Matter In A Few Years appeared first on EtherealMind.
Docker Security Tools and Upcoming Webinar
I wanted to follow up on our recent security blog post on May 5th introducing the CIS Benchmark and our Docker white paper. Having the documents is useful, however the ability to easily put these benchmarks into practice is equally … ContinuedFortinet to Buy Meru Networks for $44M
Following HP's purchase of Aruba, Meru finds a new home.
Some notes about Wassenaar
So #wassenaar has infected your timeline for the past several days. I thought I'd explain what the big deal is.What's a Wassenaar?
It's a town in Europe where in 1996 a total of 41 nations agreed to an arms control treaty. The name of the agreement, the Wassenaar Arrangement, comes from the town. The US, Europe, and Russia are part of the agreement. Africa, Middle East, and China are not.
The primary goal of the arrangement is anti-proliferation, stopping uranium enrichment and chemical weapons precursors. Another goal is to control conventional weapons, keeping them out of the hands of regimes that would use them against their own people, or to invade their neighbors.
Historically in cybersec, we've complained that Wassenaar classifies crypto as a munition. This allows the NSA to eavesdrop and decrypt messages in those countries. This does little to stop dictators from getting their hands on strong crypto, but does a lot to prevent dissidents in those countries from encrypting their messages. Perhaps more importantly, it requires us to jump through a lot of bureaucratic hoops to export computer products, because encryption is built-in to virtually everything.
Why has this become important recently?
Last year, Wassenaar Continue reading
EFF and intrusion software regulation
To its credit, the EFF is better than a lot of other privacy groups like the ACLU or Privacy International. It at least acknowledges that regulating "evil" software can have unintended consequences on "good" software, that preventing corrupt governments from buying software also means blocking their dissidents from buying software to protect themselves. An example is this piece from several years ago that says:"First and foremost, we want to make sure we do not leave activists with fewer tools than they already have. Parliament must be mindful of legislation just based on types of technology because broadly written regulations could have a net negative effect on the availability of many general-purpose technologies and could easily harm very people that the regulations are trying to protect."But that does not stop the EFF from proposing such regulations.
In that same piece, the EFF first proposes rules for transparency. This will not stop the bad companies, but will be a burden on the legitimate companies that have no interesting in dealing with corrupt governments anyway. Most of this stuff is sold by small companies, like FinFisher, who focus on the "corrupt regime" market. They would not be embarrassed by transparency -- Continue reading
This is how we get ants
Today's Wassenaar proposal to limit 0days -- and thereby virtually all cybersecurity products -- is partly the result of lobbying by the ACLU and EFF. The principle technologist of the ACLU called 0day sellers "merchants of death". The EFF called for 0day sales to governments to be the center of any policy debate on cybersecurity.
Yet, they deny responsibility for Wassenaar -- because the regulations go too far, and appear to restrict virtually all cybersecurity software and any free-speech on the topic. These groups now back off and claim they never called for 0day restrictions in the first place.
For example, when the EFF said "exploit sales should be key point in cybersecurity debate", nowhere in the article does it explicitly call for a ban on exploit sales. Their focus was on limiting the actions of the NSA in buying exploits, not so much those who would sell the exploits.
This is true, but only technically. There's no conceivable situation where the US Government would unilaterally disarm itself of cyberweapons while allowing everyone else to purchase them. It's also not conceivable that when you've put that much work into calling 0days evil and unethical, that a reasonable Continue reading
Why Security Startup Skyport Systems is Hot
If you want 'security by default,' hardware is the place to be, even in a software-defined world.
Using Check Point Identity Awareness with NAT
Check Point Identity Awareness is problematic in environments that have multiple customers, overlapping private address space, and NAT. It can be done, if you understand the traffic flows, the connections needed, and how to combine several features. Here’s how I did it.
NB: This post is not a full explanation of Check Point Identity Awareness, nor is it a discussion of the product design decisions, good or bad. It assumes that the reader understands what Identity Awareness is, and focuses on how to implement it when you also need to use NAT. It will be pretty dull reading to everyone else.
Background: Typical Check Point Management Flows
A quick reminder of the traditional flows used for Check Point firewall management:
Check Point Management Clients (e.g. SmartDashboard, SmartLog) connect to the management server to configure policies, view logs, etc.
Policies are compiled and pushed from the management server to the firewall(s). Logs are sent from the firewall back to the management server. All good.
Identity Awareness: Additional Connections
Identity Awareness lets you define rules based upon user identities, rather than IP addresses. So you can say “This AD group is allowed to connect directly to the SQL Server.” Much nicer Continue reading
Do We Need NAC and 802.1x?
Another question I got in my Inbox:
What is your opinion on NAC and 802.1x for wired networks? Is there a better way to solve user access control at layer 2? Or is this a poor man's way to avoid network segmentation and internal network firewalls.
Unless you can trust all users (fat chance) or run a network with no access control (unlikely, unless you’re a coffee shop), you need to authenticate the users anyway.
Read more ...