iTWire - iTWire - Security iTWire - Technology news, trends, reviews, jobs Tue, 21 Oct 2014 11:31:27 +1100 Joomla! - Open Source Content Management en-gb McAfee improves firewall integration McAfee improves firewall integration

McAfee pitches new version of its Next Generation Firewall stressing the benefits of integration with other security functions.

An updated version of the McAfee Next Generation Firewall features new integrations with the McAfee Security Connected framework for layered protection plus improved workflows and operational efficiencies.

The firewall takes advantage of endpoint information from McAfee ePolicy Orchestrator, reputation intelligence from McAfee Global Threat Intelligence, and realtime protection from McAfee Advanced Threat Defence.

Integration with McAfee Enterprise Security Manager allows continuous monitoring and alerting of compliance status.

{loadposition stephen08}Recent overseas research commissioned by McAfee found 43% of IT decision makers at large companies believe that point security solutions that don't share information can lead to threats going unnoticed, and 46% said siloed security also causes their IT departments to spend too much time manually discovering and remediating threats.

"Cyber security is a major concern for many Australian businesses, and it's our priority to provide simplified yet sophisticated Next Generation Firewall products to ensure their data is secure," said McAfee vice president and worldwide chief technology officer Mike Sentonas.

"McAfee's Security Connected vision and strategy resonates with organisations in Australia. The Next Generation Firewall release further enhances the value to local business by delivering an advanced network protection across the entire enterprise."

Dimension Data group general manager for security Neil Campbell said "Today our customers require network security solutions that can keep pace with the way advanced attacks are now orchestrated, all with minimal complexity and an affordable price tag.

"With its Security Connected framework, McAfee is aiming to address each of these requirements as it brings its entire ecosystem of security technologies together and now incorporates a true next generation firewall."

Image: Purple Slog [CC BY 2.0] via Flickr

]]> (Stephen Withers) Security Thu, 16 Oct 2014 15:43:51 +1100
UPnP failings implicated in DDoS attacks UPnP failings implicated in DDoS attacks

Akamai's Prolexic security operation has warned that home and office devices such as routers and media servers are being co-opted into distributed denial of service (DDoS) attacks.

DDoS attacks typically work either by running malware on large numbers of computers, or by tricking devices into sending floods of traffic to target systems.

Akamai's Prolexic Security Engineering & Response Team (PLXsert) has detected a new attack technique that subverts the UPnP protocols used on a wide range of home and office equipment, including routers, media servers, webcams, smart TVs and printers.

The idea behind UPnP is that it allows networked devices to discover each other and then provide and consume services. For example, a UPnP control point (perhaps an app running on a smartphone) might instruct a UPnP media server (perhaps running on a NAS device) to send a particular video file to a UPnP media renderer (perhaps a smart TV).

{loadposition stephen08}Or a program running on a computer might communicate with a router via UPnP to set up port mappings so that the program is reachable from outside the LAN.

PLXsert first detected DDoDS attacks using UPnP in July, and has been able to replicate this technique in its lab. They have since become more common.

Company officials say 4.1 million of the 11 million Internet-facing UPnP devices in use are potentially vulnerable to being used in this type of reflection DDoS attack.

"The number of UPnP devices that will behave as open reflectors is vast, and many of them are home-based Internet-enabled devices that are difficult to patch," said Akamai security business unit senior vice president and general manager Stuart Scholly.

"Action from firmware, application and hardware vendors must occur in order to mitigate and manage this threat."

Page 2: What to do in the meantime?

While the real fix is to correct the shortcomings in UPnP software and firmware to prevent devices from acting as reflectors, Akamai suggests steps that can be taken to reduce the risk of devices being co-opted. These include blocking WAN-based UPnP requests to devices, and disabling UPnP services on devices where it is not a functional requirement.

And to reduce the risk of succumbing to this type of DDoS attack, administrators can block source port 1900 traffic to services that do not use UPnP.

Mr Scholly added "These attacks are an example of how fluid and dynamic the DDoS crime ecosystem can be.

"Malicious actors identify, develop and incorporate new resources and attack vectors into their arsenals.

{loadposition stephen08}"It's predictable that they will develop, refine and monetise these UPnP attack payloads and tools in the near future."

Scripts are circulating that scan ranges of IP addresses for potential target devices, and then to use them to carry out the reflection attacks.

One real-life attack of this kind intercepted by Akamai peaked at 54.35Gbps and 17.85 million packets per second.

Akamai's threat advisory is available here.

]]> (Stephen Withers) Security Thu, 16 Oct 2014 10:24:40 +1100
Webroot BrightCloud joins HP security range Webroot BrightCloud joins HP security range

HP's enterprise security products lineup is being bolstered with the addition of the Webroot BrightCloud IP reputation service.

One of the problems with BYOD - or company-issued mobile devices, for that matter - is the risk associated with user-installed apps exfiltrating sensitive data.

The Webroot BrightCloud IP reputation service takes advantage of the company's database of more than 11 million mobile apps to detect communication channels that malicious apps use to control or extract sensitive personal or business data.

From the end of this year, HP enterprise security customers will be able to subscribe to the service through HP.

{loadposition stephen08}"Teaming up with an industry leader like HP demonstrates the value of our threat intelligence services to greatly improve efficacy and proactively identify threats," said Webroot's vice president of enterprise and OEM sales Scott Merkle.

"By adding mobile threat IPs to our already industry leading IP reputation services, network security providers like HP can further enhance the detection of threats introduced by BYOD and the multitude of mobile devices connected to the enterprise network."

Image: Purple Sherbet Photography [CC BY 2.0] via Flickr

]]> (Stephen Withers) Security Wed, 15 Oct 2014 18:21:33 +1100
Keep an active eye on Active Directory changes with ADAudit Plus Keep an active eye on Active Directory changes with ADAudit Plus

A new version of ManageEngine's ADAudit Plus provides real-time notifications of critical changes made in Active Directory.

ManageEngine's ADAudit Plus is a real-time, web based Active Directory change reporting system.

The latest version provides administrators with real-time email alerts when critical and unauthorised changes are made to Active Directory.

ManageEngine product manager Balasubramanian Palani said "ADAudit Plus real-time change monitoring and notification is like installing a surveillance camera inside a domain controller and designating an acute observer, who knows well the impact of every change, to man it 24x7.

{loadposition stephen08}"The tool's built-in and configurable alerts fire the moment some critical change is detected, which provides administrators all the head start required to successfully preclude an intrusion or remediate an untoward change."

ADAudit Plus is available in standard (from US$495) and professional (from US$795) professional editions.

The software can be downloaded here and used for 30 days without payment.

]]> (Stephen Withers) Security Wed, 15 Oct 2014 16:56:27 +1100
Licensing issues unlikely to have delayed Apple Bash fix Licensing issues unlikely to have delayed Apple Bash fix

The likelihood that Apple delayed releasing a fix for the recent remotely exploitable vulnerability in Bash due to licensing issues is low, according to the executive director of the Free Software Foundation.

In the wake of the disclosure of the bug and Apple's tardiness in releasing a fix, the website Arstechnica had speculated that this was due to licensing issues: earlier versions of Bash were released under the GPL version 2 while the later versions, including the current one, are under the GPL versions 3 which has much stricter pro-user terms.

While practically all Linux distributions patched the bug within days, Apple, which has dozens of times the resources that free software projects have, took nearly a week to do so.

John Sullivan told iTWire: "I don't think that premise (the one advanced by Arstechnica) is valid, because the Bash maintainer also released patches for older versions of Bash. All Apple would have needed to do is apply them.

{loadposition sam08}He added: "But it is generally correct to say that they would not have been able to take patches to a GPLv3-covered work and distribute them or derivatives of them under GPLv2."

Asked what were the main differences between the two licences that led, for example, to Apple dropping Samba from its operating system, Sullivan responded: "I don't know why Apple made this specific bad decision. I don't have any firsthand evidence that they made it because they object to GPLv3.

"I do know, of course, that Apple aggressively uses DRM to prevent users from modifying the software running on their own devices. GPLv3 protects users from this aggression, and so Apple may be afraid of that. Apple is also a major software patent aggressor, and GPLv3 has stronger protections for users and developers against that as well."

Image: courtesy Pixabay

]]> (Sam Varghese) Security Fri, 10 Oct 2014 11:12:12 +1100
Bash bug: Oracle issues 16 patches, investigating other products Bash bug: Oracle issues 16 patches, investigating other products

Oracle Corporation has issued fixes for vulnerabilities in 16 of its products that are affected by the Shellshock vulnerability in Bash that came to light last month.

The bug was discovered by security researcher Stephane Chazelas on September 24. After it was made public, a number of additional vulnerabilities were found in the terminal application which was created by the GNU Project back in 1980.

According to information at Oracle's website, a further 42 products "are using Bash in at least one version of the product and thus are likely subject to CVE-2014-7169 and that do not have fixes available."

The company said its Global Product Security division had determined that a further 108 products did not include Bash in their initial distribution and therefore should not be vulnerable.

{loadposition sam08}Apart from these, a further 17 products are being investigated to find out if they are in any way vulnerable.

With reference to Oracle Cloud, the company said it was investigating and would continue to provide fixes for affected products and services "as soon as these fixes have been fully tested and determined to provide effective mitigation".

]]> (Sam Varghese) Security Wed, 08 Oct 2014 17:36:54 +1100
Many Cisco products affected by Bash vulnerability Many Cisco products affected by Bash vulnerability

Networking giant Cisco has identified a total of 88 products which it sells that are vulnerable to the Bash bug that was made public on September 24.

The bug was discovered by security researcher Stephane Chazelas. After it was made public, a number of additional vulnerabilities were found in the terminal application which was created by the GNU Project back in 1980.

In its advisory, Cisco said the vulnerability may allow an attacker to inject commands into a Bash shell, depending on how the shell was invoked. "The Bash shell may be invoked by a number of processes including, but not limited to, telnet, SSH, DHCP, and scripts hosted on web servers," it added.

It added that all versions of GNU Bash, starting with version 1.14, were affected and the specific impact was determined by the characteristics of the process using the shell.

{loadposition sam08}"In the worst case, an unauthenticated remote attacker would be able to execute commands on an affected server. However, in most cases involving Cisco products, authentication is required before exploitation could be attempted," the advisory said.

Vulnerable products fall into the categories of: hosted services; video, streaming, telepresence, and transcoding devices; voice and unified communications devices; unified computing; routing and switching - enterprise and service provider; network management and provisioning; network and content security devices; network application, service, and acceleration; Meraki Products; and collaboration and social media.

Cisco said another 120 products had been confirmed not to be vulnerable. A further 113 products were being investigated.

"Cisco is currently investigating its product line to determine which products may be affected and the extent of the impact of the vulnerability on its products. Additional Cisco products will be added as the investigation progresses," the advisory said.

"Customers interested in tracking the progress of any of the following bugs can visit the Cisco Bug Search Tool to view the defect details and optionally select Save Bug and activate the Email Notification feature to receive automatic notifications when the bug is updated."

]]> (Sam Varghese) Security Fri, 03 Oct 2014 16:23:54 +1000
Apple reaction to Bash exploit shows contempt for users Apple reaction to Bash exploit shows contempt for users

COMMENT Of all the technology companies in the world, Apple is easily the biggest in terms of its cash pile. Yet when it comes to security issues, the company appears to be unwilling to invest enough resources to keep its users safe in a timely fashion.

The recent remote exploit in the Bash terminal application that was made public on September 24 affected Apple the most. But the company issued a fix for this - and subsequent vulnerabilities that came to light once people started poking around in the Bash code - only on September 30.

Linux distributions were well ahead of Apple despite the fact that they have not even a tenth of the resources. Even commercial Linux companies like Red Hat and Canonical (the company that owns Ubuntu) are dwarves in comparisons with Apple.

And the most useful patch of the lot, an unofficial one, came from a Red Hat employee - Florian Weimer. Not someone employed by Apple.

{loadposition sam08}It must be noted that despite the fact that practically all Linux distributions include Bash as a terminal application, it is not the default shell on many. This means that the incantation /bin/sh which appears at the top of all shell scripts does not call Bash.

For example, Debian links to dash, Red Hat calls ash, and Ubuntu calls dash. But in the case of Apple, all such scripts explicitly call bash.

Even when Apple came up with its delayed patches, it showed nothing but contempt for its users. The patches were not available via the Software Update mechanism that is present on OS X; no, they had to be downloaded separately. (1, 2, 3) Why? I doubt Apple will tell us.

As one veteran Mac user commented: "If a user happened to visit Apple's Downloads page, they would only see the Mavericks version of the update. To reveal the other two, it's necessary to click on 'Browse by Product', 'Mac OS' and then 'Load more results'."

Additionally, Apple's patches were limited to three OS X versions - 10. 7 (otherwise known as Lion), 10.8 (Mountain Lion), and 10.9 (Mavericks).

And those with earlier versions of OS X? Well, they have to keep running insecure versions of Bash or else pump some money into Apple's bank accounts in some far-flung tax haven and buy a new Apple computer.

It was left to one developer, the man who puts out a Mozilla-based browser for the PowerPC, to make patches available for the older versions of OS X. But it is doubtful that the average Apple user will find it easy to patch his or her system, using what this developer has supplied. You'd have to be at least somewhat comfortable with the command line to apply the patches.

Apple provided no detail about what it was patching. Nothing at all, apart from a terse statement: "This update fixes a security flaw in the bash UNIX shell." Red Hat? They literally did a striptease for the consumer and provided all the information possible. There was information available on Apple's Security-Announce list and a truncated version of that on this page. But the fact that many versions of OS X were vulnerable, apart from those for which official patches were announced, was missing.

Surprisingly, there has been no criticism levelled at Apple for its tardiness and contemptuous attitude. I guess those who regularly cover the beat would be wary of stating the bleeding obvious - their next invitation to MacWorld, with air tickets attached, may not be forthcoming.

]]> (Sam Varghese) Security Fri, 03 Oct 2014 14:13:27 +1000
Enterprise security becoming tougher than ever Enterprise security becoming tougher than ever

Over 90% of CIOs and CTOs believe the job of keeping their enterprise protected is becoming more challenging, according to new research.

Serious boardroom pressure to keep the enterprise secure has jumped almost three-quarters in the last 12 months, making security paramount and a primary consideration over other business initiatives.

The r findings come from an independent survey commissioned by security firm Fortinet of over 1,600 enterprise IT decision makers (ITDMs), largely from 500+ employee organisations around the world.

All respondents were sourced from independent market research company Lightspeed GMI’s online panel.

Among IT decision makers recording the highest boardroom pressure, 55% admitted to abandoning or delaying at least one new business initiative because of IT security concerns.

The increasing frequency and complexity of threats (85%) and the new demands of emerging technology like the Internet of Things (IoT) and biometrics (80%) pose the biggest challenge to ITDMs to keep their organisations secure.

{loadposition dswan}

The majority of ITDMs have been provoked into action by rising data privacy concerns (83 percent) and securing big data initiatives (81 percent); in the majority of cases this means new IT security investment.

The growing awareness of IT security within the boardroom – and its resulting pressure and involvement – was cited as a major contributor to making the IT security job more difficult, with two-thirds rating awareness of senior management as ‘high’ or ‘very high’ today, up from 40% one year prior.

The survey also said t a total of 52% of all ITDMs surveyed have slowed down or cancelled a new application, service or other initiative because of cyber-security fears. The figure is 65% among those reporting a very high level of boardroom pressure and scrutiny around IT security. 

Thankfully the high profile issues surrounding data privacy are provoking action, with 83% of ITDMs planning to change their outlook on IT security strategy in response.

Of these, 46% said they'reinclined to invest more money and resources to address the challenge, with 54% preferring instead to rethink existing strategy.

Meanwhile ‘Big Data’ and data analytics were cited by 81% of respondents as a change driver for IT security strategy, with with 60% of these rethinking their strategy as a result.

Industry sectors with the highest predisposition to invest in IT security were manufacturing/construction (46%) and the public sector (39%).

The research also indicated organisations of greatest size have the greatest tendency to invest.

“With IT security on the boardroom agenda, this and other challenges are clearly adding weight onto the shoulders of senior IT professionals and questioning the ability of some organisations to exploit innovation while remaining secure,” said John Maddison, vice president of marketing products, at Fortinet.

“These organisations must act now to address the impact of the growing threat environment and increased scrutiny on IT security, re-evaluating their goals to ensure they strike the right balance and achieve resilience in the face of cyber threats.

"The good news is that many are positive and feeling well equipped with human and financial resources for the IT security challenges that lie ahead. However, to do so points toward intelligent new strategies and more investment in security technologies.

“It’s a crucial time for ITDMs in Australia, with a greater focus on privacy, data regulations and the impact of emerging technology such as IoT and BYOD/mobility on enterprise security, says James Young, Consulting Systems Engineer for ANZ at Fortinet.

“To protect against the heightened pressures on IT security, organisations need to evaluate the best course of action that will allow them to remain secure and move forward with their business.

"Advanced next generation security products allow organisations to not only provide traditional capabilities for blocking known threats but also include advanced capabilities for detecting and ensuring rapid response for unknown and emerging threats.“

]]> (David Swan) Security Thu, 02 Oct 2014 18:15:21 +1000
Seagate secures surveillance storage Seagate secures surveillance storage

Seagate has released a disk drive designed specifically for storing surveillance video that's sold with a three year 'rescue service plan' for data recovery in the event of damage or data corruption.

Video surveillance has largely gone digital, partly because of the improved image quality but also due to the ease of accessing the required clip plus the opportunities for automated analysis.

While the Seagate Surveillance HDD is the company's seventh-generation surveillance-optimised drive, it is the first to come with optional data recovery services.

Seagate vice president of marketing Scott Horn said "when data loss occurs it's an expense to the customer. Seagate's Surveillance HDD with Rescue services addresses this issue head on and alleviates these concerns."

{loadposition stephen08}While full details of how the service will work in Australia have not been released, Seagate Rescue appears to be an insurance-style arrangement involving a trade-off between a known but comparatively small upfront payment and the risk of an expensive data recovery operation.

Capacities up to 6TB mean one drive can store up to 600 hours of high-definition content, and optional rotational vibration sensors mean reliable operation in enclosures containing up to 16 drives.

Seagate Surveillance HDD is engineered for high write workloads over extended periods of time.

The drives are not yet available in Australia.

]]> (Stephen Withers) Security Wed, 01 Oct 2014 18:02:51 +1000