Home Tags Lightweight Directory Access Protocol (LDAP)

Tag: Lightweight Directory Access Protocol (LDAP)

DDoS attacks abusing exposed LDAP servers on the rise

Each DDoS (distributed denial-of-service) attack seem to be larger than the last, and recent advisories from Akamai and Ixia indicate that attackers are stepping up their game.

As attackers expand their arsenal of reflection methods to target CLDAP ...

New Breed of DDoS Attack On the Rise

Akamai Networks since October has detected and mitigated at least 50 DDoS attacks using Connectionless LDAP.

DDoS attacks in Q4 2016

2016 was the year of Distributed Denial of Service (DDoS) with major disruptions in terms of technology, attack scale and impact on our daily life.
In fact, the year ended with massive DDoS attacks unseen before, leveraging Mirai botnet technology.

Amazon Cloud Directory shakes up databases

Nobody thinks of directory services like LDAP or Active Directory as fonts of innovation. But to Amazon, they are a starting point for building something new.A new public offering from Amazon called Cloud Directory aims to take the ho-hum idea behind a directory service—a hierarchical database—and endow it with features that make it useful to a far wider range of applications.[ Docker, Amazon, TensorFlow, Windows 10, and more: See InfoWorld's 2017 Technology of the Year Award winners. | Cut to the key news in technology trends and IT breakthroughs with the InfoWorld Daily newsletter, our summary of the top tech happenings. ]Move fast, change things—just don’t break them Cloud Directory is essentially a hierarchical database designed to allow the data stored inside to be seen via multiple hierarchies.

Amazon cites as an example a company org chart that can be navigated in multiple ways, such as by geography or reporting structure.To read this article in full or to leave a comment, please click here

RHBA-2017:0072-1: freeradius bug fix update

Updated freeradius packages that fix one bug are now available for Red HatEnterprise Linux 7. FreeRADIUS is a high-performance and highly configurable free RemoteAuthentication Dial In User Service (RADIUS) server, designed to allowcentralized authentication and authorization for a network.This update fixes the following bug:* Previously, the FreeRADIUS server exported symbols that were conflicting withsymbols defined in the libltdl library. When the FreeRADIUS server tried to opena connection to the MSSQL server using the rlm_sql_odbc interface and UnixODBCwas configured to use the FreeTDS library, the connection failed with thefollowing error message:"undefined symbol: get_vtable"This update renames the conflicting symbols. As a result, connections to MSSQLservers no longer fail in the described situation. (BZ#1394787)Users of freeradius are advised to upgrade to these updated packages, which fixthis bug. Red Hat Enterprise Linux Server (v. 7) SRPMS: freeradius-3.0.4-7.el7_3.src.rpm     MD5: 5e96632852397a55278fe7ad2409a29fSHA-256: 59509a3a66c6f70128580d87a3bf62c2f0d6d0ab85091993db83577756c2e27b   PPC: freeradius-3.0.4-7.el7_3.ppc64.rpm     MD5: aaa2f1fe524aef8201e3772c173e2a34SHA-256: 0b688cafd42eeaa14d54e1e7f9546645d544ee475e9daadd1e02712abeeebcc0 freeradius-debuginfo-3.0.4-7.el7_3.ppc.rpm     MD5: af8723c15c2bfdacd412806d4ed706dcSHA-256: 858a8955723f9166bbeeda8612a57c56bdb7f8ab7634b37a434436ce50b3176b freeradius-debuginfo-3.0.4-7.el7_3.ppc64.rpm     MD5: ccbbe1acbcc2f8d6ed89e1163a794e9bSHA-256: 51c4b41197d27cebb8d1ba4f37e4786ba7230eca75cbac931339646213e4cfc1 freeradius-devel-3.0.4-7.el7_3.ppc.rpm     MD5: 5711896014d5f0c4e3d4e3401efef6d3SHA-256: 4a1d7c00c22fca5e4b9e3d1e6c6d45792665729be9092b97384ca2215123864e freeradius-devel-3.0.4-7.el7_3.ppc64.rpm     MD5: b34c5265db6b567b8afb1cd48f03f64aSHA-256: e73f1521821ba950dd37cf2770486d332f7559207d3085b8b2d607d27d8592eb freeradius-doc-3.0.4-7.el7_3.ppc64.rpm     MD5: 3f37c3cdbb151bbc7dc67ab48d61e1a4SHA-256: 42c405e19145b88da6463a637b319abbbb29a6e1ec28044f7358a068d1371119 freeradius-krb5-3.0.4-7.el7_3.ppc64.rpm     MD5: eec5c37d9a0ce12b10bbb2f05e9df053SHA-256: 924feb65d3def899c43fb9e87eeb88d56bee385cf7c4dd4dbd7a4f5ddcd28a3b freeradius-ldap-3.0.4-7.el7_3.ppc64.rpm     MD5: 665c19ec33d00d18ee8b687c7a6dea4eSHA-256: cc745bc192933d19251695b3d2256f9e429852306ed95ad4937121bca2d2571e freeradius-mysql-3.0.4-7.el7_3.ppc64.rpm     MD5: 9b2d94a819845f7bd16886e7bc0bf8ccSHA-256: ccb9084b9946b7f0d8cadeb206c8badeae04ac95dfcffd2058ee1ece636c337c freeradius-perl-3.0.4-7.el7_3.ppc64.rpm     MD5: 2b0026f1992724a1377c724df6c120d5SHA-256: 9451a7592fa6c72e56a1996e682fe30b4d075eed3eb573f865313af961ab25e9 freeradius-postgresql-3.0.4-7.el7_3.ppc64.rpm     MD5: 9c91489ddc979db2c0e40b243785fc1eSHA-256: 22587e4769f76e26e6cca92216cb2d6459dfd82c90b916dcbe2b89764f7bee1e freeradius-python-3.0.4-7.el7_3.ppc64.rpm     MD5: 8c027857f0dbe9bdcaabbb6de55e46b5SHA-256: 7f6c1699bb3db9a8fb9a44abf400949513444590a44ba338e9325c1000f7ad6f freeradius-sqlite-3.0.4-7.el7_3.ppc64.rpm     MD5: 73effd27c782ceaf261899457e274c6cSHA-256: 474a9099296e5bf94c27fb964daa30508d9f76c94155d47c1c3870d7e364a3d9 freeradius-unixODBC-3.0.4-7.el7_3.ppc64.rpm     MD5: f0877c023811b0f7fcc9a546445e70e3SHA-256: 701b77c5ec0e64fa197be7d20c011ef79a6bad990c2fb6fb09aa99a70b341124 freeradius-utils-3.0.4-7.el7_3.ppc64.rpm     MD5: 094f5cc85a92eaa7bac692a3e1fd0217SHA-256: c5ea975b4cc148c42d9ae3b00c0caa006afd3eab0f43a0813246401860240776   PPC64LE: freeradius-3.0.4-7.el7_3.ppc64le.rpm     MD5: 5e0b1aa1289ffd43554db6275836c90bSHA-256: 07488616dfb9a8264cfc987103540d2dd5dfcc4abef53a2dc0f23c7e8f639bed freeradius-debuginfo-3.0.4-7.el7_3.ppc64le.rpm     MD5: 7e8a996e8d2efdd7c8383a3609c9da14SHA-256: b6652380de08e05cb23871b6c196e6aaf5758f0e6a03569f7d21b9cc0a930158 freeradius-devel-3.0.4-7.el7_3.ppc64le.rpm     MD5: f2bde27a58cb26df2a3564570e7f9d72SHA-256: 9d5ec51588136c246ac1bbd59786a0b08f906f37db5dcab0e699feeb5b1f662c freeradius-doc-3.0.4-7.el7_3.ppc64le.rpm     MD5: 5ee5af5e721f4413b181f8bfec827f55SHA-256: 11355cb8f27d55198bb1ca9428464696d538ab0cb0c1e6d51e8fe3d49fbe1b13 freeradius-krb5-3.0.4-7.el7_3.ppc64le.rpm     MD5: 7dd0647b8e3ed9eefd25e0df23db3d0eSHA-256: 9d5f61c648cc9b03dbfefa812a7154e2f85977e02400a45a0701dcb5811691ea freeradius-ldap-3.0.4-7.el7_3.ppc64le.rpm     MD5: 5df80476f533797412b8ef8eac7fe692SHA-256: 84e2443b283cdbffdbe4235cab0c1ae92c9764381db43d010805954e3c2c780a freeradius-mysql-3.0.4-7.el7_3.ppc64le.rpm     MD5: 56b856e3e0e8094641ed6897b11ed69cSHA-256: 86b7b33b399241b27023ff7c202b47fb50aa11b29169b7196d90341dcab0582e freeradius-perl-3.0.4-7.el7_3.ppc64le.rpm     MD5: 435d2f14683a8f51aecc804915fd9942SHA-256: 9bb3cac21d49fb7c715debd28159db6cb7ea1007b1f1f6772586f05f4593c541 freeradius-postgresql-3.0.4-7.el7_3.ppc64le.rpm     MD5: a71ffb8ed42f59e433a2082431f2fe4aSHA-256: 2deebc15e1bf41f9e6cd8da602d167992078e7276dc6a57deca23e15310f57f3 freeradius-python-3.0.4-7.el7_3.ppc64le.rpm     MD5: 089e0d939a2c6ff7599cd8e40b312fd2SHA-256: bf87ab72234ed742862c845adf378c03b35457cc6cdfaafb8451b1aa42cd0a96 freeradius-sqlite-3.0.4-7.el7_3.ppc64le.rpm     MD5: 59276f0ebe8cec373522d9b8872a6ca5SHA-256: 48ad2db3a6fb377ea34fd1b134038e55ebe2bab56103d552fa9844d43ae57bf5 freeradius-unixODBC-3.0.4-7.el7_3.ppc64le.rpm     MD5: f341c876508f64042ff9362a8677bd7bSHA-256: 67279b74e6698fcc2c5fa374c376fbfc2d11481a4bf6c989980fb4d7f98cea3f freeradius-utils-3.0.4-7.el7_3.ppc64le.rpm     MD5: 02d68a6b80678a76c9bcc57605be1e92SHA-256: e7df4369f9d61f3070299cb38581633084f9cc4e5ad4bd6974693443c0177892   s390x: freeradius-3.0.4-7.el7_3.s390x.rpm     MD5: 52bae7512435f85815620a39b6a23d0cSHA-256: c7ac534e0457ab9a36d1caff3c087868c3d4fd342c21ca434ce8665108fca58d freeradius-debuginfo-3.0.4-7.el7_3.s390.rpm     MD5: dc5025ddebe7a513846b3e0462f8603cSHA-256: e5474d9dde2ab8477c154b5399dc78d9aaaf4585b5a6d2938a0d2ae2b9a93fe1 freeradius-debuginfo-3.0.4-7.el7_3.s390x.rpm     MD5: 53e7b991142eab1a164767974d75caf3SHA-256: 1997c44040831b5b284f218ae485264ed52c822f86b07ca087028d6757514b48 freeradius-devel-3.0.4-7.el7_3.s390.rpm     MD5: fe3fbd2d654bfc1b128e68a06f069553SHA-256: 0db215de1770b8208649656b01983cb0d1521907b791a3e85bd5ea4383f37303 freeradius-devel-3.0.4-7.el7_3.s390x.rpm     MD5: 25698d6d169d6f82be0c8aa190efbfa2SHA-256: f58348d68c3203f84c6f6e85f68568d8081cb7a227eac2dc110436ded1cf1d7f freeradius-doc-3.0.4-7.el7_3.s390x.rpm     MD5: 39997fd4ccfde71b7717f18c41903697SHA-256: 2a8d8c80d4bb858276abf3cbf1af0995d34103c4d18cf8f55a7b80fe35badb06 freeradius-krb5-3.0.4-7.el7_3.s390x.rpm     MD5: ff536e3183408bc8a4ca37bd778ea3e4SHA-256: 5074472cdce0cfaedfaf24e5cea1ec565c1aadc693cca11ff10ac2b02c8e7469 freeradius-ldap-3.0.4-7.el7_3.s390x.rpm     MD5: 0f3aef5fb8d1ec941df5e6e18fcf6b57SHA-256: 3e03e2fbddfba25cc8432dbb363756aa513f749f1366786e92b495e92571896d freeradius-mysql-3.0.4-7.el7_3.s390x.rpm     MD5: 257cf4050b4681014e9ad1ede2c87d34SHA-256: f4e068f6e8df09d9d531cf814c82dedd661d1bea447c78d97f48260566eaeb90 freeradius-perl-3.0.4-7.el7_3.s390x.rpm     MD5: 28f0f21be0e8bed2047899eefaff1775SHA-256: d03d3ec074f3babe3c7f3763330a8879e170b8b0b596c9302932a8bf53d8aab4 freeradius-postgresql-3.0.4-7.el7_3.s390x.rpm     MD5: 065ad49d500e22359039caf24bc018ceSHA-256: cc1e6be66254c7fee8856510b0ca3a3b95f05ac008298b6acabf7b9e93cc9210 freeradius-python-3.0.4-7.el7_3.s390x.rpm     MD5: 69f69efd265f4f43f2015262f9516f26SHA-256: b6cc0eb3ff8674e0b01834641bb70fb5daa11878f5088e0e3691a7d361a83fba freeradius-sqlite-3.0.4-7.el7_3.s390x.rpm     MD5: db9ce18d2a37b07f2882d5ac8a2c588eSHA-256: dd731a73e9374a74d8ff687ec9b97e2ae7da3240da11d061a8b0f3cb0a9a0b99 freeradius-unixODBC-3.0.4-7.el7_3.s390x.rpm     MD5: 4f1f259eebf9416466e1475cccb489e3SHA-256: f8b779092fab55a4998e9f5d2b3770794e0a1802eff155f70f390e769a30d57a freeradius-utils-3.0.4-7.el7_3.s390x.rpm     MD5: 0a592741e5dde60ae6af76025702f4a8SHA-256: 188580afdbde07c0ed96dce567469265839cb40aeccb765e7bf33368d06c8be2   x86_64: freeradius-3.0.4-7.el7_3.x86_64.rpm     MD5: 324cd05f4175873056337301f5db3f3cSHA-256: 927a28600dfae5f3e469397e86c4cb1d07f8aff07c61485e723c865a1ba3d28a freeradius-debuginfo-3.0.4-7.el7_3.i686.rpm     MD5: 793281bdb20ce03387f32d67064467f8SHA-256: 91b7bb6fa4db6a526999075cefa33e6ec926f250ac9018dffe31322711bb513b freeradius-debuginfo-3.0.4-7.el7_3.x86_64.rpm     MD5: b066afb30956a2d756d1dada28987ca3SHA-256: c27eecb51018235c2953922d92b74fe179b564d69ac724a0af1914250b04475f freeradius-devel-3.0.4-7.el7_3.i686.rpm     MD5: 5b287335d4ffd19370f94de6e46c5c08SHA-256: 6f1113ce0bdd687ce87b031a53f7a51323ee88ccd9d0fe4fa60607143b1506b8 freeradius-devel-3.0.4-7.el7_3.x86_64.rpm     MD5: a012dea189d9cd4a934af530ba72cebeSHA-256: 62bf24ca618b1570c4a542260beb765cf831a8710d913b4cfee1b23b294862db freeradius-doc-3.0.4-7.el7_3.x86_64.rpm     MD5: 7de564b3f0a1c0746459b0d76f4c8196SHA-256: 8c46cbf09bf6a8c7c259c7a671018b40e8fee8fc72fe179dce3d6230666b7695 freeradius-krb5-3.0.4-7.el7_3.x86_64.rpm     MD5: 02b8e1aba5226b78631f8a25eab07594SHA-256: 5a380b1b428df3e9be595910d134026ccfc521d0983477ee3c1d2f9cae60aaa9 freeradius-ldap-3.0.4-7.el7_3.x86_64.rpm     MD5: 4bf09d747577ce1dda88437b17c086eeSHA-256: 8da7c2c2f7406a0cf23a396a50b29af8793d3055681017158fa290ae24280761 freeradius-mysql-3.0.4-7.el7_3.x86_64.rpm     MD5: caf7093d2d0709de3ec9f21a4858b114SHA-256: 7617d687aa3d7b57bf0fc5ad713783431568366de91c7ca7047b2c633d0305ef freeradius-perl-3.0.4-7.el7_3.x86_64.rpm     MD5: 0fd95f2575032c3583b225234ef06b1cSHA-256: 57fe0f68e18003307aa6ea14ec31175e3d71ed98f74e827d6a8569ce73816b01 freeradius-postgresql-3.0.4-7.el7_3.x86_64.rpm     MD5: 7ae05ec955cc1e33ac1b413250eafe15SHA-256: d60bce13100991ada442e837354a4991d7f37d4490f196a786057d6247ceaca2 freeradius-python-3.0.4-7.el7_3.x86_64.rpm     MD5: d65447e7d8d2b01847e10ecb89410dc1SHA-256: bbc0a3e3311b6799c952ae5161724af957025a0e15cdf815d16e104f24092c79 freeradius-sqlite-3.0.4-7.el7_3.x86_64.rpm     MD5: 3cbec77f072cc1b2217fd3a90e80a073SHA-256: 95250b415e278dbd7e4dd180d3139d188ac5ce5701f8fd4a28b2ba0ae381b7af freeradius-unixODBC-3.0.4-7.el7_3.x86_64.rpm     MD5: f35bb9c0457b1e07a55445c2c8f0a664SHA-256: ba5f154ce7cafd8e4074e644c73d27e2c669504bb394bcb38e490458dcc4789f freeradius-utils-3.0.4-7.el7_3.x86_64.rpm     MD5: a92a44d1daa697c379a8964dfd593983SHA-256: 945e3cdd8d9ed66857f7982c2a58a627ff607e0c4f4c926a316fcef6395f5074   Red Hat Enterprise Linux Server TUS (v. 7.3) SRPMS: freeradius-3.0.4-7.el7_3.src.rpm     MD5: 5e96632852397a55278fe7ad2409a29fSHA-256: 59509a3a66c6f70128580d87a3bf62c2f0d6d0ab85091993db83577756c2e27b   x86_64: freeradius-3.0.4-7.el7_3.x86_64.rpm     MD5: 324cd05f4175873056337301f5db3f3cSHA-256: 927a28600dfae5f3e469397e86c4cb1d07f8aff07c61485e723c865a1ba3d28a freeradius-debuginfo-3.0.4-7.el7_3.i686.rpm     MD5: 793281bdb20ce03387f32d67064467f8SHA-256: 91b7bb6fa4db6a526999075cefa33e6ec926f250ac9018dffe31322711bb513b freeradius-debuginfo-3.0.4-7.el7_3.x86_64.rpm     MD5: b066afb30956a2d756d1dada28987ca3SHA-256: c27eecb51018235c2953922d92b74fe179b564d69ac724a0af1914250b04475f freeradius-devel-3.0.4-7.el7_3.i686.rpm     MD5: 5b287335d4ffd19370f94de6e46c5c08SHA-256: 6f1113ce0bdd687ce87b031a53f7a51323ee88ccd9d0fe4fa60607143b1506b8 freeradius-devel-3.0.4-7.el7_3.x86_64.rpm     MD5: a012dea189d9cd4a934af530ba72cebeSHA-256: 62bf24ca618b1570c4a542260beb765cf831a8710d913b4cfee1b23b294862db freeradius-doc-3.0.4-7.el7_3.x86_64.rpm     MD5: 7de564b3f0a1c0746459b0d76f4c8196SHA-256: 8c46cbf09bf6a8c7c259c7a671018b40e8fee8fc72fe179dce3d6230666b7695 freeradius-krb5-3.0.4-7.el7_3.x86_64.rpm     MD5: 02b8e1aba5226b78631f8a25eab07594SHA-256: 5a380b1b428df3e9be595910d134026ccfc521d0983477ee3c1d2f9cae60aaa9 freeradius-ldap-3.0.4-7.el7_3.x86_64.rpm     MD5: 4bf09d747577ce1dda88437b17c086eeSHA-256: 8da7c2c2f7406a0cf23a396a50b29af8793d3055681017158fa290ae24280761 freeradius-mysql-3.0.4-7.el7_3.x86_64.rpm     MD5: caf7093d2d0709de3ec9f21a4858b114SHA-256: 7617d687aa3d7b57bf0fc5ad713783431568366de91c7ca7047b2c633d0305ef freeradius-perl-3.0.4-7.el7_3.x86_64.rpm     MD5: 0fd95f2575032c3583b225234ef06b1cSHA-256: 57fe0f68e18003307aa6ea14ec31175e3d71ed98f74e827d6a8569ce73816b01 freeradius-postgresql-3.0.4-7.el7_3.x86_64.rpm     MD5: 7ae05ec955cc1e33ac1b413250eafe15SHA-256: d60bce13100991ada442e837354a4991d7f37d4490f196a786057d6247ceaca2 freeradius-python-3.0.4-7.el7_3.x86_64.rpm     MD5: d65447e7d8d2b01847e10ecb89410dc1SHA-256: bbc0a3e3311b6799c952ae5161724af957025a0e15cdf815d16e104f24092c79 freeradius-sqlite-3.0.4-7.el7_3.x86_64.rpm     MD5: 3cbec77f072cc1b2217fd3a90e80a073SHA-256: 95250b415e278dbd7e4dd180d3139d188ac5ce5701f8fd4a28b2ba0ae381b7af freeradius-unixODBC-3.0.4-7.el7_3.x86_64.rpm     MD5: f35bb9c0457b1e07a55445c2c8f0a664SHA-256: ba5f154ce7cafd8e4074e644c73d27e2c669504bb394bcb38e490458dcc4789f freeradius-utils-3.0.4-7.el7_3.x86_64.rpm     MD5: a92a44d1daa697c379a8964dfd593983SHA-256: 945e3cdd8d9ed66857f7982c2a58a627ff607e0c4f4c926a316fcef6395f5074   Red Hat Enterprise Linux Workstation (v. 7) SRPMS: freeradius-3.0.4-7.el7_3.src.rpm     MD5: 5e96632852397a55278fe7ad2409a29fSHA-256: 59509a3a66c6f70128580d87a3bf62c2f0d6d0ab85091993db83577756c2e27b   x86_64: freeradius-3.0.4-7.el7_3.x86_64.rpm     MD5: 324cd05f4175873056337301f5db3f3cSHA-256: 927a28600dfae5f3e469397e86c4cb1d07f8aff07c61485e723c865a1ba3d28a freeradius-debuginfo-3.0.4-7.el7_3.i686.rpm     MD5: 793281bdb20ce03387f32d67064467f8SHA-256: 91b7bb6fa4db6a526999075cefa33e6ec926f250ac9018dffe31322711bb513b freeradius-debuginfo-3.0.4-7.el7_3.x86_64.rpm     MD5: b066afb30956a2d756d1dada28987ca3SHA-256: c27eecb51018235c2953922d92b74fe179b564d69ac724a0af1914250b04475f freeradius-devel-3.0.4-7.el7_3.i686.rpm     MD5: 5b287335d4ffd19370f94de6e46c5c08SHA-256: 6f1113ce0bdd687ce87b031a53f7a51323ee88ccd9d0fe4fa60607143b1506b8 freeradius-devel-3.0.4-7.el7_3.x86_64.rpm     MD5: a012dea189d9cd4a934af530ba72cebeSHA-256: 62bf24ca618b1570c4a542260beb765cf831a8710d913b4cfee1b23b294862db freeradius-doc-3.0.4-7.el7_3.x86_64.rpm     MD5: 7de564b3f0a1c0746459b0d76f4c8196SHA-256: 8c46cbf09bf6a8c7c259c7a671018b40e8fee8fc72fe179dce3d6230666b7695 freeradius-krb5-3.0.4-7.el7_3.x86_64.rpm     MD5: 02b8e1aba5226b78631f8a25eab07594SHA-256: 5a380b1b428df3e9be595910d134026ccfc521d0983477ee3c1d2f9cae60aaa9 freeradius-ldap-3.0.4-7.el7_3.x86_64.rpm     MD5: 4bf09d747577ce1dda88437b17c086eeSHA-256: 8da7c2c2f7406a0cf23a396a50b29af8793d3055681017158fa290ae24280761 freeradius-mysql-3.0.4-7.el7_3.x86_64.rpm     MD5: caf7093d2d0709de3ec9f21a4858b114SHA-256: 7617d687aa3d7b57bf0fc5ad713783431568366de91c7ca7047b2c633d0305ef freeradius-perl-3.0.4-7.el7_3.x86_64.rpm     MD5: 0fd95f2575032c3583b225234ef06b1cSHA-256: 57fe0f68e18003307aa6ea14ec31175e3d71ed98f74e827d6a8569ce73816b01 freeradius-postgresql-3.0.4-7.el7_3.x86_64.rpm     MD5: 7ae05ec955cc1e33ac1b413250eafe15SHA-256: d60bce13100991ada442e837354a4991d7f37d4490f196a786057d6247ceaca2 freeradius-python-3.0.4-7.el7_3.x86_64.rpm     MD5: d65447e7d8d2b01847e10ecb89410dc1SHA-256: bbc0a3e3311b6799c952ae5161724af957025a0e15cdf815d16e104f24092c79 freeradius-sqlite-3.0.4-7.el7_3.x86_64.rpm     MD5: 3cbec77f072cc1b2217fd3a90e80a073SHA-256: 95250b415e278dbd7e4dd180d3139d188ac5ce5701f8fd4a28b2ba0ae381b7af freeradius-unixODBC-3.0.4-7.el7_3.x86_64.rpm     MD5: f35bb9c0457b1e07a55445c2c8f0a664SHA-256: ba5f154ce7cafd8e4074e644c73d27e2c669504bb394bcb38e490458dcc4789f freeradius-utils-3.0.4-7.el7_3.x86_64.rpm     MD5: a92a44d1daa697c379a8964dfd593983SHA-256: 945e3cdd8d9ed66857f7982c2a58a627ff607e0c4f4c926a316fcef6395f5074   (The unlinked packages above are only available from the Red Hat Network) These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:

Trump’s cyber-guru Giuliani runs ancient ‘easily hackable website’

Stunned security experts tear strips off president-elect pick hours after announcementUS president-elect Donald Trump's freshly minted cyber-tsar Rudy Giuliani runs a website with a content management system years out of date and potentially utterly hackable. Former New York City mayor and Donald loyalist Giuliani was today unveiled by Trump's transition team as the future president's cybersecurity adviser – meaning Giuliani will play a crucial role in the defense of America's computer infrastructure. Giulianisecurity.com, the website for the ex-mayor's eponymous infosec consultancy firm, is powered by a roughly five-year-old build of Joomla! that is packed with vulnerabilities.
Some of those bugs can be potentially exploited by miscreants using basic SQL injection techniques to compromise the server. This seemingly insecure system also has a surprising number of network ports open – from MySQL and anonymous LDAP to a very out-of-date OpenSSH 4.7 that was released in 2007. Security gurus are right now tearing strips off Trump's cyber-wizard pick.

Top hacker Dan Tentler was first to point out the severely out-of-date Joomla! install. "It speaks volumes," Tentler told The Register, referring to Giuliani's computer security credentials, or lack of, and fitness for the top post. "Seventy-year-old luddite autocrats who often brag about not using technology are somehow put in charge of technology: it's like setting our country on fire and giving every extranational hacker a roman candle – or, rather, not setting on fire, but dousing in gasoline." Content management system developer Michael Fienen also pulled no punches: It gets worse. "Giuliani is running a version of PHP that was released in 2013, and a version of Joomla that was released around 2012," said Ty Miller, a director at Sydney-based infosec biz Threat Intelligence. "Using the version information, within minutes we were able to identify a combined list of 41 publicly known vulnerabilities and 19 publicly available exploits.

Depending upon the configuration of the website, these exploits may or may not work, but is an indication that Giuliani's security needs to be taken up a level." Found on /r/sysadmin, presented without comment. pic.twitter.com/UmWe7tHURv — Ryan Castellucci (@ryancdotorg) January 12, 2017 The most surprising fact in all of this is that the Giuliani Security website hasn't ALREADY been hacked.

They might as well put out a sign. — Michael Fienen (@fienen) January 12, 2017 Another computer security expert, speaking to The Register on condition of anonymity, analyzed Giuliani's website for us. Our guru, based in Australia, said that while the pending cyber-tsar is likely to have outsourced management of his online base, the fact that the mayor-turned-cyber-expert didn't check for lax security on his own website is not going to instill any confidence. We have reproduced our contact's assessment in full on the next page. ® 'Someone should be taken to task for this' Well, talking nuts and bolts: that website is hosted with a hosting provider.
It looks like it has its own IP address based on having a single DNS PTR object (reverse address to the name giulianisecurity.com) which means its unlikely to be in use by other organisations (except maybe his own... who knows.) That IP address is allocated out of a block of addresses registered to Japanese giant NTT but these could also be provided to NTT’s customers such as web developers/hosting providers etc. Without actively poking at the site – which I’m terrified to do, frankly – it may be shared hosting, may be a VPS, or may be a physically separate dedicated hosting solution.
I’m betting it’s a cheap VPS-based ‘dedicated’ solution. My experience with this kind of hosting means that a nice attack vector is identifying the hosting provider and trying to get allocated a similar hosting solution in the adjacent IP address space, getting root on it (or having it if it’s a VPS) and then using ‘layer 2’ fun and games to redirect the victim site’s traffic to the attacker.

This still works amazingly well and is why smart people try to do things like statically publish layer-2 addresses for layer 3 IP gateways (although this is only so effective, really). For the giulianisecurity.com domain they seem to use Microsoft Office 365 for his email. Not a bad choice.

Email security sucks and, unless you know what you’re doing/are a glutton for punishment or are generally my kind of tinfoilhat wearer (hey, friends), it’s best to leave email security to someone reasonably credible. I also note they use a large trademark monitor company – MarkMonitor.com – for the DNS service provider for the domain name giulianisecurity.com. Which is hilarious.

Because, yeah, you’d want to intrude trademark-wise on this guy’s name because it’s such a valuable brand. Like Trump’s, you know? The reality is someone else makes these choices for him for his business.
It’s not like he’s there, updating his ancient and known vulnerable Joomla content management system himself (he’d get props from me if that were the case :) Anyone truly trying to protect your brand would avoid putting a giant red flag like an unpatched CMS in a commodity hosting environment out there. Whether it’s Giuliani’s company’s responsibility or an outsourced provider’s (very likely) the ‘having ancient Joomla’ in place is a pretty bad look.
Someone should be taken to task a bit for this.

And if you’re a security and safety company with an understanding of information security threats you’d have threat management programs in place to identify and improve your controls. For example, if you were undertaking actual security testing of your site I’d wager anyone in infosec – or in IT generally really – would’ve noticed the ancient CMS and its default install remnants using the crappiest, free-est tools out there.
So respectfully, Rudy, get someone to patch your shit and seek out some kind of specialist advice. Snarky comments aside – it really comes down to this greater concern: there’s literally millions of people in infosec who would be better cyber security advisors than Giuliani or whomever his technical advisors are that he’d call on for advice. So I’d ask – again respectfully – that the president elect cast a slightly wider net than he has to receive ‘cyber’ security advice.

As much as most people in infosec are a bunch of opinionated jerks (oh, and we are) we’re all here to help. Just ask a professional.

First sign in knowing one? It’s the person who doesn’t use the word ‘cyber’ to prefix everything they say.

RHBA-2017:0034-1: 389-ds-base security, bug fix, and enhancement update

An update for 389-ds-base is now available for Red Hat Enterprise Linux 6.Red Hat Product Security has rated this update as having a security impact ofModerate.

A Common Vulnerability Scoring System (CVSS) base score, which gives adetailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. 389 Directory Server is an LDAP version 3 (LDAPv3) compliant server.

The basepackages include the Lightweight Directory Access Protocol (LDAP) server andcommand-line utilities for server administration.This update fixes the following bug:* Previously, the referential integrity plug-in performed add, modify, anddelete operations more slowly than necessary.

This update fixes the bug andimproves performance of these operations significantly.(BZ#1393007)Users of 389-ds-base are advised to upgrade to these updated packages, which fixthis bug. For details on how to apply this update, which includes the changesdescribed in this advisory, refer to:https://access.redhat.com/articles/11258After installing this update, the 389 server service will be restartedautomatically.Red Hat Enterprise Linux Desktop (v. 6) SRPMS: 389-ds-base-1.2.11.15-85.el6_8.src.rpm     MD5: 2af203e5920650570c143301c4626cc4SHA-256: 65df39f4cfde83db592a69cc163588f7b6d46f3750bbc5d96943196da48a4659   IA-32: 389-ds-base-1.2.11.15-85.el6_8.i686.rpm     MD5: 9e0c793e24156afb384b84d1525fa3a5SHA-256: c7af552eda5af9093dbc744bff38908173090f2724edf695ebf26ce12265b0e1 389-ds-base-debuginfo-1.2.11.15-85.el6_8.i686.rpm     MD5: f69d273751f346604b148ea6d552d50cSHA-256: 5fccf8b0e9de5deae4f0cef4a0d08b84d2c616fa5507a54e67f09a975635b595 389-ds-base-devel-1.2.11.15-85.el6_8.i686.rpm     MD5: 4abbac85f5cae6f8eac2029b16a19592SHA-256: f2a8b61cf02868f37d65bde0ca71dc0563db66ab410c8c9fad99f5ad4c7fa2a0 389-ds-base-libs-1.2.11.15-85.el6_8.i686.rpm     MD5: ae7998cc2cb314a6bfabfead7de7af44SHA-256: 26bade5ca135179b3010100c471b3306335d71c80f29468beb6c9ee08e86bd89   x86_64: 389-ds-base-1.2.11.15-85.el6_8.x86_64.rpm     MD5: 73092f81bf0fe99b00b5b9e4a2508e15SHA-256: 7299834a2d27e72aff88a52ea76feb82ffc82a29e8843bf9bd358401465fffd8 389-ds-base-debuginfo-1.2.11.15-85.el6_8.i686.rpm     MD5: f69d273751f346604b148ea6d552d50cSHA-256: 5fccf8b0e9de5deae4f0cef4a0d08b84d2c616fa5507a54e67f09a975635b595 389-ds-base-debuginfo-1.2.11.15-85.el6_8.x86_64.rpm     MD5: 8d8d6a5abe0fcf184d2ce502f5961bddSHA-256: 012313823ce1ba338ba54d5db3e9f0fb647d2106982a0f113abfdd701691c1ac 389-ds-base-devel-1.2.11.15-85.el6_8.i686.rpm     MD5: 4abbac85f5cae6f8eac2029b16a19592SHA-256: f2a8b61cf02868f37d65bde0ca71dc0563db66ab410c8c9fad99f5ad4c7fa2a0 389-ds-base-devel-1.2.11.15-85.el6_8.x86_64.rpm     MD5: cac59e536461a82274551b540f2aee52SHA-256: 68673eef9399ea8eb0f7d22e270283d732fc9798238d520856f9d75f932b3b55 389-ds-base-libs-1.2.11.15-85.el6_8.i686.rpm     MD5: ae7998cc2cb314a6bfabfead7de7af44SHA-256: 26bade5ca135179b3010100c471b3306335d71c80f29468beb6c9ee08e86bd89 389-ds-base-libs-1.2.11.15-85.el6_8.x86_64.rpm     MD5: e3af3cd147d4941d3766af297188b38cSHA-256: b4c02074daf7e6970be3ca2cf15144baaaae17ff7d353b5d7afcfacb5794fcf3   Red Hat Enterprise Linux HPC Node (v. 6) SRPMS: 389-ds-base-1.2.11.15-85.el6_8.src.rpm     MD5: 2af203e5920650570c143301c4626cc4SHA-256: 65df39f4cfde83db592a69cc163588f7b6d46f3750bbc5d96943196da48a4659   x86_64: 389-ds-base-1.2.11.15-85.el6_8.x86_64.rpm     MD5: 73092f81bf0fe99b00b5b9e4a2508e15SHA-256: 7299834a2d27e72aff88a52ea76feb82ffc82a29e8843bf9bd358401465fffd8 389-ds-base-debuginfo-1.2.11.15-85.el6_8.i686.rpm     MD5: f69d273751f346604b148ea6d552d50cSHA-256: 5fccf8b0e9de5deae4f0cef4a0d08b84d2c616fa5507a54e67f09a975635b595 389-ds-base-debuginfo-1.2.11.15-85.el6_8.x86_64.rpm     MD5: 8d8d6a5abe0fcf184d2ce502f5961bddSHA-256: 012313823ce1ba338ba54d5db3e9f0fb647d2106982a0f113abfdd701691c1ac 389-ds-base-devel-1.2.11.15-85.el6_8.i686.rpm     MD5: 4abbac85f5cae6f8eac2029b16a19592SHA-256: f2a8b61cf02868f37d65bde0ca71dc0563db66ab410c8c9fad99f5ad4c7fa2a0 389-ds-base-devel-1.2.11.15-85.el6_8.x86_64.rpm     MD5: cac59e536461a82274551b540f2aee52SHA-256: 68673eef9399ea8eb0f7d22e270283d732fc9798238d520856f9d75f932b3b55 389-ds-base-libs-1.2.11.15-85.el6_8.i686.rpm     MD5: ae7998cc2cb314a6bfabfead7de7af44SHA-256: 26bade5ca135179b3010100c471b3306335d71c80f29468beb6c9ee08e86bd89 389-ds-base-libs-1.2.11.15-85.el6_8.x86_64.rpm     MD5: e3af3cd147d4941d3766af297188b38cSHA-256: b4c02074daf7e6970be3ca2cf15144baaaae17ff7d353b5d7afcfacb5794fcf3   Red Hat Enterprise Linux Server (v. 6) SRPMS: 389-ds-base-1.2.11.15-85.el6_8.src.rpm     MD5: 2af203e5920650570c143301c4626cc4SHA-256: 65df39f4cfde83db592a69cc163588f7b6d46f3750bbc5d96943196da48a4659   IA-32: 389-ds-base-1.2.11.15-85.el6_8.i686.rpm     MD5: 9e0c793e24156afb384b84d1525fa3a5SHA-256: c7af552eda5af9093dbc744bff38908173090f2724edf695ebf26ce12265b0e1 389-ds-base-debuginfo-1.2.11.15-85.el6_8.i686.rpm     MD5: f69d273751f346604b148ea6d552d50cSHA-256: 5fccf8b0e9de5deae4f0cef4a0d08b84d2c616fa5507a54e67f09a975635b595 389-ds-base-devel-1.2.11.15-85.el6_8.i686.rpm     MD5: 4abbac85f5cae6f8eac2029b16a19592SHA-256: f2a8b61cf02868f37d65bde0ca71dc0563db66ab410c8c9fad99f5ad4c7fa2a0 389-ds-base-libs-1.2.11.15-85.el6_8.i686.rpm     MD5: ae7998cc2cb314a6bfabfead7de7af44SHA-256: 26bade5ca135179b3010100c471b3306335d71c80f29468beb6c9ee08e86bd89   x86_64: 389-ds-base-1.2.11.15-85.el6_8.x86_64.rpm     MD5: 73092f81bf0fe99b00b5b9e4a2508e15SHA-256: 7299834a2d27e72aff88a52ea76feb82ffc82a29e8843bf9bd358401465fffd8 389-ds-base-debuginfo-1.2.11.15-85.el6_8.i686.rpm     MD5: f69d273751f346604b148ea6d552d50cSHA-256: 5fccf8b0e9de5deae4f0cef4a0d08b84d2c616fa5507a54e67f09a975635b595 389-ds-base-debuginfo-1.2.11.15-85.el6_8.x86_64.rpm     MD5: 8d8d6a5abe0fcf184d2ce502f5961bddSHA-256: 012313823ce1ba338ba54d5db3e9f0fb647d2106982a0f113abfdd701691c1ac 389-ds-base-devel-1.2.11.15-85.el6_8.i686.rpm     MD5: 4abbac85f5cae6f8eac2029b16a19592SHA-256: f2a8b61cf02868f37d65bde0ca71dc0563db66ab410c8c9fad99f5ad4c7fa2a0 389-ds-base-devel-1.2.11.15-85.el6_8.x86_64.rpm     MD5: cac59e536461a82274551b540f2aee52SHA-256: 68673eef9399ea8eb0f7d22e270283d732fc9798238d520856f9d75f932b3b55 389-ds-base-libs-1.2.11.15-85.el6_8.i686.rpm     MD5: ae7998cc2cb314a6bfabfead7de7af44SHA-256: 26bade5ca135179b3010100c471b3306335d71c80f29468beb6c9ee08e86bd89 389-ds-base-libs-1.2.11.15-85.el6_8.x86_64.rpm     MD5: e3af3cd147d4941d3766af297188b38cSHA-256: b4c02074daf7e6970be3ca2cf15144baaaae17ff7d353b5d7afcfacb5794fcf3   Red Hat Enterprise Linux Workstation (v. 6) SRPMS: 389-ds-base-1.2.11.15-85.el6_8.src.rpm     MD5: 2af203e5920650570c143301c4626cc4SHA-256: 65df39f4cfde83db592a69cc163588f7b6d46f3750bbc5d96943196da48a4659   IA-32: 389-ds-base-1.2.11.15-85.el6_8.i686.rpm     MD5: 9e0c793e24156afb384b84d1525fa3a5SHA-256: c7af552eda5af9093dbc744bff38908173090f2724edf695ebf26ce12265b0e1 389-ds-base-debuginfo-1.2.11.15-85.el6_8.i686.rpm     MD5: f69d273751f346604b148ea6d552d50cSHA-256: 5fccf8b0e9de5deae4f0cef4a0d08b84d2c616fa5507a54e67f09a975635b595 389-ds-base-devel-1.2.11.15-85.el6_8.i686.rpm     MD5: 4abbac85f5cae6f8eac2029b16a19592SHA-256: f2a8b61cf02868f37d65bde0ca71dc0563db66ab410c8c9fad99f5ad4c7fa2a0 389-ds-base-libs-1.2.11.15-85.el6_8.i686.rpm     MD5: ae7998cc2cb314a6bfabfead7de7af44SHA-256: 26bade5ca135179b3010100c471b3306335d71c80f29468beb6c9ee08e86bd89   x86_64: 389-ds-base-1.2.11.15-85.el6_8.x86_64.rpm     MD5: 73092f81bf0fe99b00b5b9e4a2508e15SHA-256: 7299834a2d27e72aff88a52ea76feb82ffc82a29e8843bf9bd358401465fffd8 389-ds-base-debuginfo-1.2.11.15-85.el6_8.i686.rpm     MD5: f69d273751f346604b148ea6d552d50cSHA-256: 5fccf8b0e9de5deae4f0cef4a0d08b84d2c616fa5507a54e67f09a975635b595 389-ds-base-debuginfo-1.2.11.15-85.el6_8.x86_64.rpm     MD5: 8d8d6a5abe0fcf184d2ce502f5961bddSHA-256: 012313823ce1ba338ba54d5db3e9f0fb647d2106982a0f113abfdd701691c1ac 389-ds-base-devel-1.2.11.15-85.el6_8.i686.rpm     MD5: 4abbac85f5cae6f8eac2029b16a19592SHA-256: f2a8b61cf02868f37d65bde0ca71dc0563db66ab410c8c9fad99f5ad4c7fa2a0 389-ds-base-devel-1.2.11.15-85.el6_8.x86_64.rpm     MD5: cac59e536461a82274551b540f2aee52SHA-256: 68673eef9399ea8eb0f7d22e270283d732fc9798238d520856f9d75f932b3b55 389-ds-base-libs-1.2.11.15-85.el6_8.i686.rpm     MD5: ae7998cc2cb314a6bfabfead7de7af44SHA-256: 26bade5ca135179b3010100c471b3306335d71c80f29468beb6c9ee08e86bd89 389-ds-base-libs-1.2.11.15-85.el6_8.x86_64.rpm     MD5: e3af3cd147d4941d3766af297188b38cSHA-256: b4c02074daf7e6970be3ca2cf15144baaaae17ff7d353b5d7afcfacb5794fcf3   (The unlinked packages above are only available from the Red Hat Network) 1393007 - ds9 backport 47411 - Replace substring search with plain search in referint plugin These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:

DDoS in 2017: Strap yourself in for a bumpy ride

2016 sucked. 2017 won’t be much better, sorry DDoS attacks have been around since at least 2000, and they’re not going away.
In fact, as the number of devices online grows, the volume and velocity of these attacks is also increasing. Whole industries have developed around launching and preventing DDoS campaigns as black hats and white hats battle for dominance, and 2017 promises to be the most dramatic year yet in that conflict. Here are some predictions about what’s likely to happen in the next 12 months. Whale-sized attacks will increase Historically, DDoS attacks have been relatively small: the majority of attacks – 93 per cent – are below 1Gbps in size, so when large attacks do happen, they tend to show up on the radar. We’ve seen some monster attacks in 2016 – most notably the Mirai-based attack on Brian Krebs’ Krebsonsecurity site during September that caused Akamai to withdraw support, and the attack on Dyn in October. These mega-attacks, totalling 100Gbps or more, are likely to increase in both number and size.
In its Q3 State of the Internet security report, Akamai spotted a 138 per cent increase in attacks over 100Gbps. Expect to see more of these, especially as attackers become more devious. New attack techniques applying the Lightweight Directory Access Protocol (LDAP could amplify DDoS attacks by 55 times, which could send already-mounting attack volumes into overdrive. Not only are we likely to see more mega-attacks, but the largest ones will push the envelope in size terms. The IoT will become a bigger factor in DDoS Expect to see the Internet of Things (IoT) play an important part in these attacks. Mirai, which warped DVRs into evil, traffic-spitting monsters, has already wreaked havoc in Liberia and across much of the rest of the web.

And the software wasn’t even very good. Forrester Research predicts that IoT compromises will escalate a notch in 2017, arguing that 500,000 IoT devices will suffer from a single compromise, dwarfing the Heartbleed bug of 2014. The number of connected devices is going to increase greatly over the next few years, IDC estimates.
It’s time for IoT equipment suppliers to sort out their device security, warned Kevin Lonergan, who heads up security research at IDC Canada. “Attackers can easily gain access to these devices via unchanged default passwords and vulnerabilities in outdated firmware,” he said. “This problem is only going to get worse as connectivity is added to traditionally unconnected devices such as home appliances, cars, etc., by vendors who have little experience with creating secure code.” Making consumers change their default configuration before an IoT device will actually work might be a good idea.

The problem is that someone would have to regulate it, because vendors will be loath to do anything that introduces friction and increases customer support costs. DDoS will overshadow ransomware attacks As the volume of DDoS attacks increases, demand for mitigation services will increase exponentially. Nick Galletto, leader of Deloitte’s Canadian Technology Risk practice, believes that DDoS will take over from ransomware as a dominant risk to organizations worldwide. “Even before the recent [mega-]attacks, we saw that many of our clients were experiencing some level of attacks that mostly flooded their network environment,” he said.

The causes were multi-faceted, he said, adding that hacktivism played a part.

Disgruntled employees were also found to have hired DDoS attack services in some cases, Galletto added. Sub-saturating attacks will create a security vector DDoS may take over from ransomware as a cause for concern, but it’s also worth pointing out that one may act as a diversion for the other.

There’s a reason that the lion’s share of attacks operate on a relatively small (sub-saturating) scale: they could be distracting their targets while attackers compromise their systems.

This has happened before.
In 2015, attackers allegedly used a DDoS attack as a smokescreen to pilfer the personal details of 2.4 million customers. Larger DDoS attacks often show up as a network accessibility problem, but companies will increasingly find themselves experiencing them as a security issue.

These "dark DDoS" attacks are typically hard to detect, so companies will need to ensure that they have proper visibility over their network traffic to tease out attacks that could be an attempt to cloak something more insidious. Extortion via DDoS on the rise DDoS attackers are increasingly targeting companies for financial gain.

Expect to see more DDoS threats in which attackers hold companies to ransom, warn experts.

The DDoS mitigation firm Corero surveyed more than 100 IT professionals at the InfoSecurity Europe show in summer 2016, and found that eight in ten people expected their company to be on the sharp end of a DDoS extortion. Perhaps even more worrying is the news that 43 per cent of firms said they’d consider paying such a demand to keep their websites up and running. These extortion attacks come from a variety of sources.

The Amanda Collective was threatening companies as early as March 2016 (although its capabilities have been called into question). DD4BC, which also uses bitcoin as the payment currency for its DDoS blackmail campaigns, has drawn the attention of Interpol. DDoS-for-hire services will gain traction DDoS attack toolkits have been around for years, as have services that will enable you to pay for an attack.

Expect to see more of them. Why? Firstly, because they can be offered incredibly cheaply, and secondly, because there are still huge amounts of money to be made. Often offered as ‘stressors’ – sites used to stress-test targets legitimately – DDoS-for- hire services don’t ask too many questions about whether a ‘tester’ has permission to target a site. Others openly offer DDoS services. Stressors have been spotted in the wild offering these services for $5 an hour.
In spite of the low fees, DDoSas-a-service providers can make a pretty packet. When the British teeanager Adam Mudd was collared for offering such a service in November, he was said have made $385,000 from 1.7 million attacks against 1.7 million addresses. DDoS-for-hire is going to ramp up.

The IoT botnets, combined with an easy money-making opportunity, will bring more of this kind of thing in 2017.
Sceptical? Well, there’s already a 400,000 strong IoT zombie army for rent, using the Mirai malware. Some of these developments are brand new, while others chart future trends from current trajectories. One thing seems likely: if you think that DDoS activity made for a crummy, stressful 2016, then you’d better strap yourself in for the coming year. Sponsored: Want to know more about PAM? Visit The Register's hub

CA Technologies Updates Identity Suite

New release of CA Identity Suite provides pre-configured policy templates to help organizations manage and deploy secure identity services. CA Technologies announced an update to its CA Identity Suite on November 30, providing enterprises with new deployment, integration and security capabilities.

The new CA Identity Suite version 14 release benefits from recent acquisitions made by CA."You need to have a model for how to ensure the appropriate access regardless of where the using is coming from or where the resources are located," Nick Nikols, SVP and Cybersecurity Business CTO at CA Technologies, told eWEEK. "Identity isn't about who you are, it's about what you do."Nikols explained that the CA Identity Suite provides capabilities for access governance as well as enforcement features. He added that a goal of the new release is to simplify access governance with a user interface that is easier for business decision makers to use."We have also simplified how fast the CA Identity Suite can be be deployed," Nikols said. In the past, Nikols noted that prior versions of Identity Suite would often involve the use of professional services with consulting in order to facilitate deployment. Nikols said that now, with the new release, even a high-availability configuration can be deployed rapidly.

At the Gartner IAM (Identity and Access Management) conference on December 1, Nikols said that CA demonstrated on-stage how it was able to deliver a two-server deployment of Identity Suite within eight minutes. Once the identity suite is deployed on servers, there is still a need for policy configuration, which is where another new enhancement comes in. Nikols explained that with the new Identity Suite release, there are now pre-packaged policy configurations for the most common use-cases. Policy configurations can now also be shared within an organization or community."We've turned the roll-out of Identity Suite from being a custom bespoke engagement which was time consuming, to something that can be deployed quickly and operational in short order," Nikols said.Some of the new capabilities in the updated Identity Suite benefit from recent CA Technologies acquisitions.

Among those acquisitions was one on June 8, 2015 of privately-held intelligent identity manager IdMlogic. Nikols said that some of the capabilities in the new release, including the ability to deliver the Identity Suite as a virtual appliance, were gained from IdMlogic.The issue of maintaining a secure identity in a modern distributed enterprise is a non-trivial task.
In addition to Microsoft's Active Directory which is widely used, Nikol noted that there are many identity repositories that are being used including other enterprise Lightweight Directory Access Protocol (LDAP) directories. He added that applications generally maintain their own identity repositories and authorization models."Federation facilitates the single sign on between these environments, but it has done little to simplify the management of all these copies of identities in each of these repositories," Nikols said. "CA Identity Suite is focused on orchestrating the management of all of these copies—making sure that their state is current and accurate, and that the proper entitlement settings are maintained within each of the applications' own authorization models.""This makes it possible to have consistent information as well as authorization behavior established and maintained across these distributed environments," he said.Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com.

Follow him on Twitter @TechJournalist

How Do You Protect Your Perimeter When You’ve Blown it to...

By Ian Kilpatrick, Executive Vice President Cyber-Security, Nuvias Group and Chairman Wick Hill GroupIn 2016, we are subject to near constant headlines detailing the latest big data breach or hacking scandal. Many of us probably think we have a pretty good handle on the different types of security risks that can threaten our businesses.

But the reality may be a little different. The introduction of new technologies, the growth of cloud computing and changing employee working practices have all opened the door to a raft of new security vulnerabilities – often without us realising it. The security perimeter that was once in place no longer exists; Bring your own Device (BYOD), remote working or working across multiple sites, combined with an increasing reliance on cloud-based applications such as Office 365 and Salesforce, and public cloud services like Amazon AWS or Microsoft Azure, have contributed to a de-centralised environment where company data and applications can be freely accessed from almost any device, on any network. Without knowing it, many organisations have repeatedly punched holes into their once-secure perimeter, potentially leaving themselves not only vulnerable but fully open to attack. However, because these changes have happened over time, in some cases several years, many firms have missed, or have under-prioritised the potential risks they face.

This in some instances has led to complacency regarding legacy security systems – if something has always worked, and was secure in the past why mess with it? But of course, this doesn’t take into account the new wave of attacks coming from outside the weakened perimeter. Firewall technologyOne of a number of areas that this applies to is firewall technology, which has had to evolve to counter this next generation of security threats.

The firewall that has done a perfectly good job over the past five years, may not be enough to protect your business in the future. For example, firewalls deployed across a multi-site environment today, should be able to offer extra features such as the ability to optimise and protect business-critical traffic from being swamped by less important network activities.
So, ideally your active firewall should feature product capabilities like compression, data-deduplication or application-based prioritisation and bandwidth guarantees. Meanwhile, businesses are facing an unprecedented wave of ransomware attacks.

These generally come in through email, but you could also have computers “calling home” to the Command & Control (C&C) server to install stealthware. With the right firewall – often described as next generation – in place, these activities can be detected and curbed. In addition to the protection on the perimeter, you can deploy more firewalls internally to create zones. Zone-ing or segmentation makes it harder for malware and attackers to cross network boundaries. Often it makes sense to allow for direct access to cloud applications from each branch office location, effectively moving away from the traditional centralised access approach.

Allowing internet access from branch locations may now mean deploying firewalls at these locations.

The practical challenges here are threefold: Does the deployed, ‘smaller’ firewall device at each branch provide all the security controls needed and is it still affordable? Must-haves would be next-generation firewall features such as app control, user awareness, integrated IPS, the ability to intercept SSL, and advanced threat and malware detection. Can these devices be effectively managed from a central user interface? This is important, because it means that only one security policy needs to be defined and maintained across all the deployed firewalls, even though enforcement now takes place in multiple physical locations. What does the associated operational cost look like? Firewall devices need to be trouble-shot, logs need to be managed, updates applied etc. Next Generation FirewallsAs with all things IT, Next Generation Firewalls (NGFW) are subject to more hype than reality. While many are fully featured, some are overmarketed versions of older technology and despite there being plenty of choice, there can be a blurring around the capabilities and performance on offer. The customer should start by determining their needs, as they differ by organisational type, size, performance requirements, security concerns and of course compliance requirements. While there is a wide variation of prices in NGFW, often they are not matched directly to capability – which is why needs precedes budget considerations. At the risk of creating a boring feature list, some of the elements to consider and prioritise for Next Generation Firewalls include application firewalling (using deep packet inspection), intrusion prevention, encrypted traffic inspection TLS/SSl, website filtering, bandwidth management, and third party identity management integration (LDAP, Radius active directory, etc.) Other features can include antivirus, sandbox filtering, logging and auditing tools, network access control, DDoS protection and of course cloud capabilities. Clearly different organisations will have a divergent range of needs driven by their own size, performance and security requirements. With the significant range of solutions on offer, the challenge can often be selection, particularly with the significant number of new suppliers entering the market with innovative offerings. However, these can often create more cloud than light in this area, plus there’s a real risk that if they have a genuinely innovative solution, they will be acquired by a bigger player. Budget and management capabilities are also key elements in this equation.

Given that a firewall often is deployed for considerably more than three years it’s crucial to make the right decision to protect your environment, not only against today’s threats but also those that will be the centre of attacks in the future. Having been around security for more than 40 years, my own suggestion is that the conservative approach of going with a well-established player that can and will continue to invest in threat defences and upgrades is the best route.

There are many organisations that fit this bill, including Barracuda Networks, Check Point and WatchGuard Technologies to name a few.
Subject to the size and potential cost of your deployment, putting one or more suppliers through a full POC (proof of concept) ahead of the decision can be a very effective investment to protect your organisation in a radically changed risk environment from three years ago, and one which will continue to change at potentially an even faster rate. ENDS For further press information, please contact Annabelle Brown on 01326 318212, email pr@nuvias.com. Wick Hill https://www.wickhill.com/ About the authorIan Kilpatrick is EVP (Executive Vice-President) Cyber Security for Nuvias Group and Chairman Wick Hill Group.

A leading and influential figure in the IT channel, Ian has many years’ experience in security and overall responsibility at Nuvias for cyber security strategy. He was a founder member of the award-winning Wick Hill Group in the 1970s and, thanks to his enthusiasm, motivational abilities and drive, led the company through its successful growth and development, to become a leading, international, value-added distributor, focused on security. Wick Hill was acquired by Nuvias in July 2015.
Ian is a thought leader, with a strong vision of the future in IT, focussing on business needs and benefits, rather than just technology. He is a much published author and a regular speaker at IT events. About Nuvias GroupNuvias Group is the pan-EMEA, high value distribution business, which is redefining international, specialist distribution in IT.

The company has created a platform to deliver a consistent, high value, service-led and solution-rich proposition across EMEA.

This allows partner and vendor communities to provide exceptional business support to customers and enables new standards of channel success. The Group today consists of Wick Hill, an award-winning, value-added distributor with a strong specialisation in security; Zycko, an award-winning, specialist EMEA distributor, with a focus on advanced networking; and SIPHON Networks, an award-wining UC solutions and technology integrator for the channel.

All three companies have proven experience at providing innovative technology solutions from world-class vendors, and delivering market growth for vendor partners and customers.

The Group has seventeen regional offices across EMEA, as well as serving additional countries through those offices.

Turnover is in excess of US$ 330 million.

RHSA-2016:2055-1: Important: Red Hat JBoss Enterprise Application Platform 6.4.10 natives update...

Updated packages that provide Red Hat JBoss Enterprise Application Platform6.4.10 natives, fix several bugs, and add various enhancements are now availablefor Red Hat Enterprise Linux 6.Red Hat Product Security has rated this update as having a security impact ofImportant.

A Common Vulnerability Scoring System (CVSS) base score, which givesa detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. Red Hat JBoss Enterprise Application Platform 6 is a platform for Javaapplications based on JBoss Application Server 7.This release includes bug fixes and enhancements, as well as a new release ofOpenSSL that addresses a number of outstanding security flaws.

For furtherinformation, see the knowledge base article linked to in the References section.All users of Red Hat JBoss Enterprise Application Platform 6.4 on Red HatEnterprise Linux 6 are advised to upgrade to these updated packages.

The JBossserver process must be restarted for the update to take effect.Security Fix(es):* A flaw was found in the way OpenSSL encoded certain ASN.1 data structures.

Anattacker could use this flaw to create a specially crafted certificate which,when verified or re-encoded by OpenSSL, could cause it to crash, or executearbitrary code using the permissions of the user running an application compiledagainst the OpenSSL library. (CVE-2016-2108)* Multiple flaws were found in the way httpd parsed HTTP requests and responsesusing chunked transfer encoding.

A remote attacker could use these flaws tocreate a specially crafted request, which httpd would decode differently from anHTTP proxy software in front of it, possibly leading to HTTP request smugglingattacks. (CVE-2015-3183)* A memory leak vulnerability was found in the way OpenSSL parsed PKCS#7 and CMSdata.

A remote attacker could use this flaw to cause an application that parsesPKCS#7 or CMS data from untrusted sources to use an excessive amount of memoryand possibly crash. (CVE-2015-3195)* A flaw was found in the way the TLS protocol composes the Diffie-Hellmanexchange (for both export and non-export grade cipher suites).

An attacker coulduse this flaw to downgrade a DHE connection to use export-grade key sizes, whichcould then be broken by sufficient pre-computation.

This can lead to a passiveman-in-the-middle attack in which the attacker is able to decrypt all traffic.(CVE-2015-4000)* An integer overflow flaw, leading to a buffer overflow, was found in the waythe EVP_EncodeUpdate() function of OpenSSL parsed very large amounts of inputdata.

A remote attacker could use this flaw to crash an application usingOpenSSL or, possibly, execute arbitrary code with the permissions of the userrunning that application. (CVE-2016-2105)* An integer overflow flaw, leading to a buffer overflow, was found in the waythe EVP_EncryptUpdate() function of OpenSSL parsed very large amounts of inputdata.

A remote attacker could use this flaw to crash an application usingOpenSSL or, possibly, execute arbitrary code with the permissions of the userrunning that application. (CVE-2016-2106)* It was discovered that it is possible to remotely Segfault Apache http serverwith a specially crafted string sent to the mod_cluster via service messages(MCMP). (CVE-2016-3110)* A denial of service flaw was found in the way OpenSSL parsed certainASN.1-encoded data from BIO (OpenSSL's I/O abstraction) inputs.

An applicationusing OpenSSL that accepts untrusted ASN.1 BIO input could be forced to allocatean excessive amount of data. (CVE-2016-2109)* It was discovered that specifying configuration with a JVMRoute path longerthan 80 characters will cause segmentation fault leading to a server crash.(CVE-2016-4459)Red Hat would like to thank the OpenSSL project for reporting CVE-2016-2108,CVE-2016-2105, and CVE-2016-2106 and Michal Karm Babacek for reportingCVE-2016-3110.

The CVE-2016-4459 issue was discovered by Robert Bost (Red Hat).Upstream acknowledges Huzaifa Sidhpurwala (Red Hat), Hanno Böck, and DavidBenjamin (Google) as the original reporters of CVE-2016-2108; and Guido Vrankenas the original reporter of CVE-2016-2105 and CVE-2016-2106. Before applying this update, back up your existing Red Hat JBoss EnterpriseApplication Platform installation and deployed applications.For details on how to apply this update, which includes the changes described inthis advisory, refer to:https://access.redhat.com/articles/11258For the update to take effect, all services linked to the OpenSSL library mustbe restarted, or the system rebooted.JBoss Enterprise Application Platform 6 EL6 SRPMS: hornetq-native-2.3.25-4.SP11_redhat_1.ep6.el6.src.rpm     MD5: cd62e3452ea727322f407eb7f70197f6SHA-256: 42a0d006acfd4c4a76cb4e4ca1fe43f78f579fda49539cbf7f7a6508f1f22e3d httpd-2.2.26-54.ep6.el6.src.rpm     MD5: eea764698b146f592541c89c33f1750fSHA-256: 500e2f71d7ec5bfdc3a06bc409c1c153295dc9ac19d3cb94b104dd4636492110 jbcs-httpd24-openssl-1.0.2h-4.jbcs.el6.src.rpm     MD5: 963dc03d1a02d317a679000b14fac02aSHA-256: ac5b23430a44667cd0792bb73c6f3c366d4450d6239e7025095bcc72fb165513 mod_cluster-native-1.2.13-3.Final_redhat_2.ep6.el6.src.rpm     MD5: 7398b0838abe76a7fef1ef7978b274beSHA-256: 13f719c9842b1ff8c1bf8a216599ca2e53cb412fec11035cc83ae20e3fe9ade8 mod_jk-1.2.41-2.redhat_4.ep6.el6.src.rpm     MD5: a5e47f6180e7b967b83ed98c2ffc4ec1SHA-256: 7494c511a9af95e50c283d012125f55281f8f9d88361782902189da719d67db7 tomcat-native-1.1.34-5.redhat_1.ep6.el6.src.rpm     MD5: d28d971ae5736394f7fbb125b0e05ed0SHA-256: f36bf2dafa5e715c97cf1a516f944bb4c6f2b98be1199f15b7508191d100b8ad   IA-32: hornetq-native-2.3.25-4.SP11_redhat_1.ep6.el6.i386.rpm     MD5: 390fbfdd259e95b310a73594e6b22883SHA-256: e8056f0ac22b05a5231fd44e89e8a5973977e86fbd36ec965b58b20a5fac49af httpd-2.2.26-54.ep6.el6.i386.rpm     MD5: 2f620897fde7952deda0559fd9f9249dSHA-256: 2ef8cdddf64eee31651657bad31abec8e607dc46b7f4c698351d74a261462d61 httpd-devel-2.2.26-54.ep6.el6.i386.rpm     MD5: b32fe0a48b47ff99c52df86da99d17b3SHA-256: 04722287bb04ab20e50386340906e15279f5acc197ec64adf1ebbc406586e335 httpd-manual-2.2.26-54.ep6.el6.i386.rpm     MD5: acfd1db3e2a03fb7572c761363845758SHA-256: 953df274cb9193c9cab480f8ecd8af48dda6e2d63de6bd4a3dd39e2c0499cd9a httpd-tools-2.2.26-54.ep6.el6.i386.rpm     MD5: 02d0d90b97b00d7d2973040e8e5ed6ecSHA-256: ea1765628eb3e4d08020227c0506b5b3adfa021b31e774f8879af06921b3ecff jbcs-httpd24-1-3.jbcs.el6.noarch.rpm     MD5: 55c3c3b5f68c76fac313b7ca0e184511SHA-256: 4ad48d853b5aa9b54e724c78e144bbde6deeb7a04ae023cf99e7bb04f079f6ff jbcs-httpd24-openssl-1.0.2h-4.jbcs.el6.i686.rpm     MD5: 7f161860ac4557d0d1ac61a8bfe3852aSHA-256: 45b0aad95e6c5e6031e26e36865970c1948cf1a881b0c4e5680468e1a06c49d7 jbcs-httpd24-openssl-devel-1.0.2h-4.jbcs.el6.i686.rpm     MD5: 2b2acec99c551418e47a6fe8223c16bdSHA-256: f5ddc2a4bc86f5ec40f932aceeaf4d87eb1c012a300b4e2ffd11bfd2fecd7ba8 jbcs-httpd24-openssl-libs-1.0.2h-4.jbcs.el6.i686.rpm     MD5: 66978755c0f3ff07731c6e7de5017920SHA-256: ec9f2c353d7f1b3ebbe453ff5eb170304839f6ba4b98d903b1008100e98faa60 jbcs-httpd24-openssl-perl-1.0.2h-4.jbcs.el6.i686.rpm     MD5: 688b86a5500ec07141d70794c6633408SHA-256: e093d1532b16a8ad66a36413fcbfcd0e2b190d555c40308ca70f984cfa35d22d jbcs-httpd24-openssl-static-1.0.2h-4.jbcs.el6.i686.rpm     MD5: fb5353cbf563d1d9c999709f4bcad07aSHA-256: 4e06824b17e7bfe3a69c968517b2573bb38977b93ed1cc6ec3bd9616ab3c4101 jbcs-httpd24-runtime-1-3.jbcs.el6.noarch.rpm     MD5: 26a66efa482cd82904ebdb713607bca3SHA-256: 8ac86a3df21bd84036eaeedcf6a780bc81d36b74924fc05a308cbb3fc0241865 jbossas-hornetq-native-2.3.25-4.SP11_redhat_1.ep6.el6.i386.rpm     MD5: 31a0b89c502622d5c695ee86cbf6bf58SHA-256: 46b530eeeb0ff03aa08296639d1ee62f23668169b17621168f920f2e792ab4ad jbossas-jbossweb-native-1.1.34-5.redhat_1.ep6.el6.i386.rpm     MD5: 8b19d89a9cad62c61439628b5aafa8caSHA-256: a2d3e9e884ef7500c856d4f5a30f563f449375588338a7ae05a5d949492e57f1 mod_cluster-native-1.2.13-3.Final_redhat_2.ep6.el6.i386.rpm     MD5: 0960a08b41ef13c51794bc2b3fcb7056SHA-256: ed043fcb58bce264b360afbd457eddfd9039dab8ff491d8f46ccdf567c6e6caf mod_jk-ap22-1.2.41-2.redhat_4.ep6.el6.i386.rpm     MD5: 18d370e1f246c8202b10be688b6bbe65SHA-256: 00c0f495520cd745811413ba3eb137f5e886c27d711ece911452941c599e0aba mod_ldap-2.2.26-54.ep6.el6.i386.rpm     MD5: b9978abe33bd8fca73a00f1d6053fe2fSHA-256: 4039a3dacde1c77d1d7ba8a6d055af9e4ea86ef25830c81a298e54059a8d531e mod_ssl-2.2.26-54.ep6.el6.i386.rpm     MD5: ad1a0f3f8f4f5203d4171c787f90dcb0SHA-256: 2a5fd27067edc19626604ef553a5490f8a7eba49da369c3043d7a4a7c306779e tomcat-native-1.1.34-5.redhat_1.ep6.el6.i386.rpm     MD5: f5ea8e1260998850436ff0c0d84e63b7SHA-256: d6e7500e9781ff94436a46aec1b0facc37d61429f80bcc9d4696ecfafe7aaac4   PPC: hornetq-native-2.3.25-4.SP11_redhat_1.ep6.el6.ppc64.rpm     MD5: fc027ca74904c221166add5734d45728SHA-256: 46e1fe1e99a7addc91be62ef3ed9aa60106db09341c8308109bd87bb759a0605 httpd-2.2.26-54.ep6.el6.ppc64.rpm     MD5: 730d260c56adef2a83351d94b851951aSHA-256: e88819d657247afd74a1d9569ca4af85a84bc0ad0c341126b2f31541a2d8f6b3 httpd-devel-2.2.26-54.ep6.el6.ppc64.rpm     MD5: 32583d34b85c9d41551e2046bca00e5aSHA-256: 9f53a2587de8302faf309bb1f25b87ae55bb140f6b19772007f39707d148523d httpd-manual-2.2.26-54.ep6.el6.ppc64.rpm     MD5: 9438800d7ad9b096e4d7c65b6000e076SHA-256: 2d64802ded23776cd83f5a9276fd177e9bf1309fb20a951717f9dc7bf9556c20 httpd-tools-2.2.26-54.ep6.el6.ppc64.rpm     MD5: c1145bdd515273bcbbb68a3f6477bf1aSHA-256: 81d95ca8234f7734ae118e0951dad5aa96241c20a880913ff1813f7b7dac6274 jbcs-httpd24-1-3.jbcs.el6.noarch.rpm     MD5: 55c3c3b5f68c76fac313b7ca0e184511SHA-256: 4ad48d853b5aa9b54e724c78e144bbde6deeb7a04ae023cf99e7bb04f079f6ff jbcs-httpd24-openssl-1.0.2h-4.jbcs.el6.ppc64.rpm     MD5: 559f08abb2169ef0c58483df1ece7bdcSHA-256: fb93c148a9e3e636dfe34436b25b07ef4e7ca2630318c2b39eead2892aa34416 jbcs-httpd24-openssl-devel-1.0.2h-4.jbcs.el6.ppc64.rpm     MD5: 748cdd95b14d1ac09c88161d8e09960dSHA-256: 623aa239c016538ee28dd9a48a7997f3affc5e43ec19932fb7f75677f62089f8 jbcs-httpd24-openssl-libs-1.0.2h-4.jbcs.el6.ppc64.rpm     MD5: e549845fda3618e722f457d04ada64b4SHA-256: bfe0e72169d772e7318e6db41a9f4c31f8af72f11cae22ee54da6a393af96c58 jbcs-httpd24-openssl-perl-1.0.2h-4.jbcs.el6.ppc64.rpm     MD5: 4cc3fba1d01725cf022bfc7ed51f95a5SHA-256: 69336af63ea5062c72cfb2f02bc13ec125e89a6e00040837615fa8fac1454aa1 jbcs-httpd24-openssl-static-1.0.2h-4.jbcs.el6.ppc64.rpm     MD5: c3b2e87d6eb03256843f86f78356f6adSHA-256: 7d2bd10540061a83db34359615901bdb39f8a0db1902ba1e6c5baaa5f839394a jbcs-httpd24-runtime-1-3.jbcs.el6.noarch.rpm     MD5: 26a66efa482cd82904ebdb713607bca3SHA-256: 8ac86a3df21bd84036eaeedcf6a780bc81d36b74924fc05a308cbb3fc0241865 jbossas-hornetq-native-2.3.25-4.SP11_redhat_1.ep6.el6.ppc64.rpm     MD5: 25cd16b4ea2f068cc4a10e5465abc468SHA-256: 7d7b1c4d327e31c6f0775bad4cd36c787aca17720d0038943450d2cfc7f2ef83 jbossas-jbossweb-native-1.1.34-5.redhat_1.ep6.el6.ppc64.rpm     MD5: f60065497f75b0306ece04007cefec19SHA-256: 4b21884a73ca27b0871c1171d2dc272de364a32bd6995c03111d2cd788ae475a mod_cluster-native-1.2.13-3.Final_redhat_2.ep6.el6.ppc64.rpm     MD5: c5e6c941aa20046741ee7bd7c3c55332SHA-256: a02e41bb0d4478a6c1e13fba4035dcce6aa3cd513fb06a487c18f983824da16a mod_jk-ap22-1.2.41-2.redhat_4.ep6.el6.ppc64.rpm     MD5: acb73b0b6ac5607b4ec77fe72c76b2ccSHA-256: 3d66976dfafb2d4318bdefc8418c0afbd83dfd6f91e0e57fb96b0f4d64d26387 mod_ldap-2.2.26-54.ep6.el6.ppc64.rpm     MD5: e6ed9807c9b81ebaf6d87baa70e3cb73SHA-256: c91676653409e6e8a06534b7c16ede83858513fc0ed734d4b8bd89a85f568db0 mod_ssl-2.2.26-54.ep6.el6.ppc64.rpm     MD5: 71ce8f549b1c2625d3fc4a7e37ee6a1fSHA-256: 3b6f84a6765ea1593910ff2cab26f675a3b5e905565be813e797b24eabb7f372 tomcat-native-1.1.34-5.redhat_1.ep6.el6.ppc64.rpm     MD5: 2a011488806a7edbca4e7ee3f9c2e083SHA-256: 1df4ed8db1110bbf65192749051d9482c56fa055337f9c0a1117a37018865151   x86_64: hornetq-native-2.3.25-4.SP11_redhat_1.ep6.el6.x86_64.rpm     MD5: aa72f656b66f7a5e91c1635ac65a506cSHA-256: 0d35825de1ca9f8dff9db819a57da22adfd85f3471fef13ffe7db1376a49355d httpd-2.2.26-54.ep6.el6.x86_64.rpm     MD5: 91556faf775acf8a5f130099cb076275SHA-256: 65a1e179b6e455b73a9aa23929f65fda99c2283cf33e0f6cb96f362efd9b2197 httpd-devel-2.2.26-54.ep6.el6.x86_64.rpm     MD5: b00a921577b49c18ea2578e2444b4278SHA-256: 4e5e0e62a3e47307ca75d23e9fb8a97a117163a46d11911e7f926210a86a5a43 httpd-manual-2.2.26-54.ep6.el6.x86_64.rpm     MD5: 456777fc9cfbc7052cab5513cac10c49SHA-256: 8b0470615c47fafc22b9b08eecde0eca9f88371822869e76bbc2935a178a17fa httpd-tools-2.2.26-54.ep6.el6.x86_64.rpm     MD5: b5451282b70f72e3ffb4e850837b83edSHA-256: 4aeb4ecadcca0e06707fd6ef87a629067f353061dd4016c2bbe2115e51f00774 jbcs-httpd24-1-3.jbcs.el6.noarch.rpm     MD5: 55c3c3b5f68c76fac313b7ca0e184511SHA-256: 4ad48d853b5aa9b54e724c78e144bbde6deeb7a04ae023cf99e7bb04f079f6ff jbcs-httpd24-openssl-1.0.2h-4.jbcs.el6.x86_64.rpm     MD5: 411ce2397cddf77a882ddbebcd8a0762SHA-256: 86225769181a6677c8ec92ac74db4281b41e73f0a782cb426867a50b6a0289ac jbcs-httpd24-openssl-devel-1.0.2h-4.jbcs.el6.x86_64.rpm     MD5: a8cdf0f72326e9801671c00af0594d4cSHA-256: 2f558d2b55fa44f8df23471b4d6e2bb67dbf6b05348d2fbe9d414248a93e687d jbcs-httpd24-openssl-libs-1.0.2h-4.jbcs.el6.x86_64.rpm     MD5: 03a954c4787d3ccce6dbb131b922f110SHA-256: 62186db1184d1a37129d44771eeab73630109c5e3fa54f7d2e38e35ad1a98712 jbcs-httpd24-openssl-perl-1.0.2h-4.jbcs.el6.x86_64.rpm     MD5: 7598560deaba3370c3c85f83d6ab980eSHA-256: 588505e83e4e8d4e75d54b7faa1d4e727159d0a98f83b2dad73b6aa2026bb379 jbcs-httpd24-openssl-static-1.0.2h-4.jbcs.el6.x86_64.rpm     MD5: 5f827452f347852789e667798d8964beSHA-256: 744051dbab7f5ad2d3157fdfa904452f51974219f1d66ca4976012e5142a5719 jbcs-httpd24-runtime-1-3.jbcs.el6.noarch.rpm     MD5: 26a66efa482cd82904ebdb713607bca3SHA-256: 8ac86a3df21bd84036eaeedcf6a780bc81d36b74924fc05a308cbb3fc0241865 jbossas-hornetq-native-2.3.25-4.SP11_redhat_1.ep6.el6.x86_64.rpm     MD5: c6857621fd657153131b1d8b91f65261SHA-256: 877874f7e1ffc0924c5fd7d077355532be724b126d9f4b22335087926a91b6df jbossas-jbossweb-native-1.1.34-5.redhat_1.ep6.el6.x86_64.rpm     MD5: 378d0dbe20ca0e8d8df66015922c8691SHA-256: e335c3ea451f7f12d4c7810f9c012f16a0bbb17a485a2e0a6267a2dd0336b594 mod_cluster-native-1.2.13-3.Final_redhat_2.ep6.el6.x86_64.rpm     MD5: 6781a0b7d7c6fbaa720289b367e169ebSHA-256: e67be895b7a3e8f2eec5211052d2dccb6dfd3323ad9884d4abe520b7c881c537 mod_jk-ap22-1.2.41-2.redhat_4.ep6.el6.x86_64.rpm     MD5: cc964b2fbe429f58c8b3016e45ab5bd7SHA-256: edeaf9c06eb7ee6fb752c8d58944fcf8357adbeed7dbf26dc8be786104c45e75 mod_ldap-2.2.26-54.ep6.el6.x86_64.rpm     MD5: 0185716d5ff7efd84767680799e677bfSHA-256: 704e71dc12b7456d610b8de7132ddfd5a472ff5d7b2d98b636da562f41010864 mod_ssl-2.2.26-54.ep6.el6.x86_64.rpm     MD5: 6d218955f6ac6f6bb493467e2b9d6606SHA-256: e345df4f891e8278366a86e5db014d660c8306877aaa3357e9bb6e3af5cab6f4 tomcat-native-1.1.34-5.redhat_1.ep6.el6.x86_64.rpm     MD5: 272492dd826b88ad6bdb5e60d114b42dSHA-256: c66e650acf0a08d8088bec04e59c683358a115185820b1801ca677b7d612f71b   (The unlinked packages above are only available from the Red Hat Network) These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:

Securing Office 365? There’s always more you can do

Don't just accept the defaults and hope for the best Wherever you look there's yet another SME or enterprise migrating to Office 365.

This says a lot for the attractiveness of cloud-based office suites, and perhaps it also says something about the attractiveness of letting someone else look after one's SharePoint and Exchange servers rather than having to fight with their maintenance and upkeep internally. It also says a lot about the security of the platform: if there were any serious concerns there wouldn't be so many people using it (the figure I have to hand cites 60 million business customers as of spring 2016). What this tells us, though, is not that it's the Fort Knox of cloud-based office software: it merely says that it's secure enough for commercial organisations to accept it into their infrastructure.

Any system has scope for improvement, or for the user to layer further security mechanisms on top to make the setup even more attractive.
So what does Office 365 give us, and what can we do to take it further, security-wise? Underlying directory services One of the reasons people tend to trust Office 365 is that it's based on the directory service that everyone knows and is familiar with: Active Directory.

Cloud-based AD integrates with its on-premise peer very straightforwardly, and although in the past one tended to use outward federation (that is, AD was hosted and managed in-house and federated/synchronised to an external AD server) the story is now far more bi-directional, so you can manage the AD setup either internally and externally and it'll sync in either direction. Let's face it, it's difficult to criticise the fundamental security capabilities of a cloud-based AD setup because we've all been using it in-house for years and years. Securing other apps The other benefit you get if you adopt the Enterprise Mobility Suite on top of Office 365 is the ability to bring the user authentication of a variety of apps into a single user database.
Interestingly EMS gives you more than you'd be able to do with an in-house AD setup.
So as well as providing native AD authentication you can point all manner of other stuff at it – ODBC lookups, LDAP queries, Web services and of course other native AD servers.

But more interestingly there's a pile of specific support for a wide range of popular cloud-based apps (Salesforce is the one that's generally cited, so let's not buck the trend) and so you can move away from your plethora of separate user databases and toward a single integrated directory service. Two-factor authentication The problem with centralising your authentication, though, is that the impact of a breach on your central authentication database is far greater than a breach on a single application's own internal user database.
So the first thing you'll probably want to add to your Office 365 setup is two-factor authentication (2FA).

To be fair to Microsoft they do provide a 2FA mechanism of their own, but many of us already use third-party 2FA (RSA's SecurID is probably the best known, though more recently I've used Symantec's VIP offering) and it's understandable to want to stick with what you know.

And without trying to sound disparaging to Microsoft, there's something to be said for picking a different vendor for your 2FA in the interests of putting your eggs in more than one vendor basket. Happily the 2FA vendors are happy to sell you their 365-connectable offerings as they're becoming nicely established and stable. Edge protection We mentioned earlier that managing your own in-house Exchange setup can be something of a chore, and quite frankly who can blame you for wanting to ship it off to the cloud for Microsoft to look after it? I've seen it done more than once, and the relief on the faces of the mail server admins was palpable.

But I also wouldn't blame you for considering persevering with and potentially even expanding some or all of the edge protection you have for inbound email – it's been common for many years to adopt a hosted anti-malware and/or anti-spam offering and to funnel all your inbound email through it on its way to the Exchange server.
So of course Microsoft's mail infrastructure has its own anti-malware mechanisms (and they're very proud of it) but again, by sticking with a third-party offering layered around it you can bring an additional layer of security, visibility and reassurance to yourself and your management. Going in the other direction, Data Leakage Protection (DLP) is also something that you're increasingly likely to need these days, what with the tendency toward accreditations such as PCI-DSS and ISO 27001.

Again there's a selection of DLP tools and policy features with Office 365, but a third-party approach is very much an option. Security monitoring Regardless of whether your installation is on-premise or in the cloud, security monitoring is absolutely critical if you're serious about security.

The market to be in these days is selling Security Information and Event Management (SIEM) software and appliances: storing, collating and analysing log data and the associated response and remediation brings massive benefits, particularly if you're aiming toward some kind of formal security or similar accreditation. Office 365 provides APIs into which SIEM platforms can hook in order to deduce what's occurring in the cloud installation and alert you to potential issues; and as with the likes of DLP and 2FA the vendors of SIEM products are now commonly supporting Office 365 to pretty much the same extent as they support on-premise kit.

Does Office 365 have in-built SIEM? Yes, there are tools that provide you with forensic analysis features and of course there's event logging, but SIEM isn't a core concept for Microsoft and so unless you have a very small setup you'll look to third-party SIEM offerings for the functionality you need, either in a dedicated, targeted SIEM solution from someone like LogRhythm or Splunk or in a multi-function package from the likes of Proofpoint. Backups One of the big differences between the cloud-based world and the on-premise setup is the need for and the implementation of backups.
It's common to decide that the requirement for backups to protect against complete system failure (i.e. disk crashes causing data loss) is much reduced in the cloud thanks to the robust physical implementation of the underlying storage layer.

But remember that physical crashes are just part of the need for backups: the risk of inadvertent deletion of data doesn't go away when you shift the installation into the cloud.

As with some of the other concepts we've mentioned there are built-in tools such as version control and rollback, automatic retention of items in recycle bins, and so on.

But again you're likely to want more, and again you can look to the market as there's a growing selection of options out there. Are we spotting a trend here? We've been talking so far about augmenting Office 365 with security features that don't come as standard, or that do come with the system but are perhaps not so attractive as those of separate products whose developers are more focused on the subject area.

The thing is, though, that aside perhaps from the discussion on backups, little of these supposed shortcomings are unique to Office 365 – they exist in on-premise setups too.

And that makes sense: we're not saying Office 365 is particularly deficient, just that the whole reason all these third party products and services exist is that you can't reasonably expect Microsoft (or any other of your vendors) to have a perfect solution in every specialist field of security as part of its office suite. What do the Office 365 experts think? Aonghus Fraser, CTO at C5 Alliance (), echoes the idea that the service has its own features but they're not the whole story. He notes: “There are a number of areas that should be considered – some are in addition to Office 365 but there are also newer or lesser-known security features or services that can complement that native Office 365 security and cover all bases”. Endpoint security's high on his list. “Whilst there is protection at the server-side for O365 including Exchange and SharePoint Online, it is recommended that a strategy for endpoint protection for devices is implemented.

This can range from leveraging native O365 & Microsoft services such as InTune to ensure that a minimal level of patching and AV is enabled (using Windows Defender) to third party solutions such as Sophos Endpoint which can work on devices and in conjunction with firewalls to detect and isolate compromised devices”. Following up his point about new features that wink into existence, he cites a recently introduced built-in feature: “Advanced Security Management is a new service providing global and security administrators with the facility to detect anomalies in your tenant – alerts for abnormal behaviour, and alerts for activities that might be atypical.

Examples could include logging in from unusual locations, mass download by a single user (suggesting a data leakage risk) or administrative activity from a non-administrative IP address”. The non-technical elements Our original request to Aonghus was for three observations, of which we've just mentioned two; the third is non-technical but absolutely key. He states: “It is essential to ensure that business policies are regularly maintained in line with Office 365 capabilities such as Multi-Factor Authentication and Data Leakage Prevention in order for security to be optimised whilst taking into account employee productivity”. It's key to ensure your business is able to work effectively and in a governed way as you evolve into the cloud world: “An understanding of the implications on users of implementing some security measures is essential to ensure that users are well-informed and do not try to bypass the measures due to lack of understanding or usability or productivity being severely compromised.
If the measures are too draconian users will find a way to circumvent them; business decisions need to align with the security recommendations in order for the right balance to be achieved”. People as a problem Aonghus touched on the issue of ensuring that staff are well informed and don’t try to side-step security measures, but it’s worth remembering that even with a strong staff awareness programme there’s still a risk of inappropriate inactivity.

And you can’t really blame your staff for falling for the occasional phishing attack: some are so sophisticated that even the most aware staff member will be taken in eventually. As Joe Diamond, Director of Cybersecurity Strategy at ProofPoint puts it: “The level of social engineering to craft a convincing lure is what makes phishing so successful. We see this used across attacks that use malware, and those that don’t – such as business email compromise spoofing attacks and phishing for credentials”. Joe continues: “While end user education serves an important role, you cannot rely on it.

Focus on where your users digitally communicate the most – email, social sites, and mobile apps – and put in the protection needed to shield advanced attacks from ever reaching your end users”. As for the complexity of attacks these days: “The attack on customers of National Australia Bank that Proofpoint recently identified is a perfect example of how to the naked eye, the emails and links were virtually indistinguishable from legitimate bank communications.

The email content tricked recipients into entering credentials to verify their account and provide accounts details, before redirecting to the legitimate banking site.

The URL [looked] legitimate, but a letter was swapped with Unicode and encoding in the URL hid suspicious code”. In short Like any system of its kind, Office 365 is sufficiently secure in its basic form but there's always more you can do – either to make it easier to exploit what it inherently does or to add further layers of protection and reporting on top of what you get “out of the box”. You may decide when you move to Office 365 that you can wind down some of the extras you bolted onto your on-premise system simply because technology's moved on and the inherent provision in Office 365 is good, but any cloud email service is fair game for an attacker because a compromise of a single system serves up multiple victims so you're unlikely to want to throw away all the extras that can help you provide a layered security model as you evolve to a cloud setup. Oh, and one more thing: moving to the cloud doesn't make you immune from the long-standing tradition of stereotypical bad practice.

Aonghus gets the last word in this respect: “Accepting the default settings without considering whether, for example, the password expiry policy is appropriate is something that is often left – a 'hope for the best' approach or assumption that Microsoft defaults are right for you is not a good strategy where security is concerned”.

Amen. ®