Tuesday, February 27, 2007

use Dynamic security to fortify network security

Six Ways to Mitigate Risk From Wireless Home Workers

Mary Brandel   

 February 26, 2007 (Computerworld) -- Here are some tips from research firm Gartner for ensuring that home workers’ wireless networks won’t harm the corporate network or expose sensitive company information.

Turn off the service set identifier broadcast on all internal, nonpublic, nonguest access points. When this feature is off, the access point won’t advertise its presence and will foil casual attempts to catalog access points.

Migrate to WPA2-compatible wireless LAN network interface cards (NIC), wireless drivers, supplicants and access points on all new purchases. Require the current best standard, WPA2, on all new WLAN equipment. Devices with non-Windows operating systems, especially smaller handheld devices, may need to use a third-party WPA2 supplicant.

Install a personal firewall in every laptop with a wireless NIC. Wi-Fi capabilities open up another attack path against laptops, particularly when they are used in public hot spots. The personal firewall built into Windows XP has minimal capabilities but is better than nothing.

Keep WLAN card drivers up to date. Vulnerabilities have already been discovered in some WLAN card network interface drivers that can cause exposure down to Layer 2 in the network stack.

Turn off peer-to-peer/ad hoc networking. All WLAN cards can link to other client systems without involving an access point, thereby losing all protection brought by strong authentication. Permanently disable this feature in registry settings.

Don’t allow wireless and wired NICs to be active at the same time on a client system. When a client device is connected to a wired LAN, malicious software could use the wireless network for eavesdropping and network bridging.

Having said all that, one can simply use Dynamic security to fortify network security.



Dynamic security usage would have prevented the intrusion altogether

TJX Data Breach Worse Than Initially Reported

Occurred earlier, reached further than first thought

Jaikumar Vijayan   

 February 26, 2007 (Computerworld) --

The massive data breach disclosed last month by The TJX Companies Inc. was far worse than first reported, the company said last week.

An ongoing internal investigation into the breach has shown that intruders gained access to TJX’s systems in July 2005, almost a full year earlier than first thought.

The investigation has also found that card transaction data from TJX-owned stores in the U.K and Ireland were affected by the intrusion, the company acknowledged. Previously, TJX had said only that it was “concerned” that the breach may have extended to those countries.

“We are dedicating substantial resources to investigating and evaluating the intrusion,” TJX CEO Carol Meyrowitz said in a statement. More than 50 experts from IBM and General Dynamics Corp., hired by TJX to shore up security in the wake of the breach, are investigating the incident, Meyrowitz said.

TJX, owner of retail chains TJ Maxx, Marshalls and Bob’s Stores, last month revealed that someone had illegally accessed a payment system and made off with card data belonging to customers in the U.S., Canada and Puerto Rico and possibly in the U.K. and Ireland. At the time, the company said the breach had occurred in May 2006.

TJX hasn’t disclosed how many shoppers may have been affected by the breach. Some analysts believe the number could be in the millions.

Avivah Litan, an analyst at Gartner Inc., said the latest update by TJX could mean that officials are getting closer to finding the perpetrators.

“I think they have pinpointed [the intruders] to a large degree and may have found files indicating that 2005 [card] data was stolen,” she said.

TJX’s latest disclosure is not all that surprising and points to a broad lack of internal data controls at many large companies, security analysts said.

“When it comes right down to it, very few companies have effective controls to monitor internal systems closely and follow the movement of data” on their networks, said Alex Bakman, CEO of Ecora Software Corp., a Portsmouth, N.H.-based maker of compliance software. Therefore, such breaches can go unnoticed for a long time, he said.

“The underlying problem is that companies are treating security as a ‘nice to have’ as opposed to a ‘must have,’” Bakman said.

“TJX is just the tip of the iceberg. I think we are going to see many more” such disclosures, he added. “It’s going to get a lot uglier before it gets any better.”

Joel Rosen, CEO of security vendor Tizor Systems Inc. in Maynard, Mass., said, “Many companies that relied on traditional security are just coming to terms with the fact that beefing up existing systems is not the answer.”

The fallout from the breach has been widespread as U.S. and Canadian banks and credit unions have been forced to block and reissue thousands of cards. The New Hampshire Bankers Association has estimated that 20% to 30% of New England residents may have been affected by the breach.



Dynamic Security helps fighting the insider's problem

Insiders: The Improvised Explosive Devices of Corporate Networks

Ben Rothke   

 February 26, 2007 (Computerworld) -- Reading about improvised explosive devices (IED) in Military & Aerospace Electronics got me thinking about information security. According to Annie Turner’s article, although the U.S. is spending hundreds of billions of dollars on the Iraq war, it is losing soldiers left and right to IEDs that cost a few bucks.

IEDs are typically detonated by simple electronic devices like cell phones or garage door openers. They can be jammed, but locating those low-power signals among a lot of noise is difficult — and they usually aren’t found before it’s too late.

How do IEDs relate to information security? Companies spend billions of dollars on secure hardware and software to protect their networks from sophisticated hackers who try to break in with state-of-the-art tools. But those efforts have no effect on the IED of the corporate world: the trusted insider. If your network is breached by a typical hacker, the effects will likely be a basic port-scanning exercise or a denial-of-service attack.

But insiders have no need to bypass the physical and digital perimeter controls you have in place, and they have enough knowledge of the corporate and network topology to gain quick access to terabytes of corporate data.

What can you do to mitigate the risks of insider threats? The following five steps are a start. They must be executed within the framework of a formal program to deal with risk and the insider threat.

Get real about the danger. Most managers deride the very idea that their insiders would do malicious things on their networks. Ofcourse, those same managers padlock supply closets to protect precious stocks of pencils, paper and printer toner. So why don’t they lock the digital closets as well?

A great place to get a realistic understanding of the scope of the threat posed by insiders is at the CERT Insider Threat Research page (www.cert.org/insider_threat), which offers a lot of valuable information on the subject.

Naturally, you can’t forget that insiders are the people who keep your organization going. The vast majority of insiders are loyal and trustworthy. Unfortunately, all it takes is one bad apple to do a lot of damage. Controlling those bad apples is what this is allabout.

Know your network. Far too many organizations have no idea what their networks look like or even what assets are on them. In such a climate, insiders can carry out attacks using network paths that management knows nothing about.

If you don’t know where your network starts or stops, then you can’t protect it.

Perform periodic enterprisewide risk assessments. They’ll ensure that you are worrying about the right things.

Monitor. Do you know what your users are doing on the network? Do you know which users have had what kinds of disciplinary problems? Talk to HR.

Control. All operating systems have significant levels of access control capabilities. But if those controls are not activated, then users will walk all over the network. You paid for the software, and it is imperative to use these and other controls to restrict access and accounts.

Insider abuse of digital assets is a reality. Denying it is like denying gravity. Organizations must understand the threats and have a plan to deal with them. If they don’t, their corporate data will be pilfered by insiders.

Ben Rothke, CISSP, is a senior security consultant at International Network Services and the author of Computer Security: 20 Things Every Employee Should Know (McGraw-Hill, 2006). You can contact him at ben.rothke@ins.com.


Made4biz Security Translating real-world security knowhow into state of the art security systems.
Made4biz Security

Turn on Sound for Demos:
Bill Gates Demo (Location-based)
Elvis Demo (Location/Context-based)
Clint Eastwood Demo (Temporal-based)

Powered by Blogger

Subscribe to
Posts [Atom]

Technorati Profile

RSS Syndication

Made4Biz Security Inc