6 C
Wednesday, November 22, 2017
Home Tags Network Security

Tag: Network Security

Barry Mattacott, marketing director at security specialist Wick Hill Group, looks at the security risks of linking more and more smart devices to our networks.

Are we just creating ever more vulnerable endpoints in today’s world of the Internet of Things?Back in the good old days, we nailed the front door up tight with a firewall and we knew, that with good security on our gateway, our network was safe from the nasties of the outside world.

But those pesky kids in their bedrooms, not to mention state sponsored cybercriminals, worked out that they could circumnavigate our state-of- the-art firewall by looking for a way in at the opposite end of our network - the endpoint. Barry Mattacott, marketing director Wick Hill So now we all agree that securing the endpoint is essential, but just where is it and what does it look like?Since those early days, there has been a massive proliferation of endpoints and security issues have grown alongside them. You can't go anywhere or do anything without risking an infection. A recent survey found that almost two thirds of USB sticks that were lost/found on public transport were infected with malware.
I guess this raises several issues.

Definitely, don't plug any old USB stick you find into your computer - that's how Stuxnet got its start in life after all.

The survey also begs the question, of why so many of these USB sticks are infected.

Could it be that people are deliberately infecting USBs and "losing" them? Infected USBs can today be considered a fairly traditional attack vector, along with code attached to downloaded files and drive-bys leaping out of infected websites to get you.

The security industry has made a pile of cash developing products to protect us and it's all fairly much in hand. But now we have a game changer because endpoints aren’t the same as they were.

Firstly, we had the revolution that was the mobile endpoint. Mobile phones and tablets are now huge players on our networks.

They have effectively put network endpoints in our pockets and allowed us to take them down the pub and lose them. The technology to protect them has been available for some time, but the adoption has been woefully slow. You would have thought US Federal Agencies would be right on top of it, but a 2015 survey found 61 percent of agencies do not apply their network security policies to mobile devices! So what does the future hold for the endpoint? Without doubt, the Internet of Things (IoT) means they are going to be everywhere! Network attached security systems that give you video pictures of your front door and allow callers to leave recorded messages, are essentially connecting your door bell to your main processor (home PC). Your Hive controlled heating system is connecting you to the Internet. Despite these being serious systems, many have arrived on our networks and in our homes with gaping holes in their security.

British Gas took a thrashing in the national press when their control system was found to be a burglar's dream, easily allowing access to the heating schedule, which could tell them if the owner was at home, or even if they were away for an extended period of time. Even cars have become endpoints. Until recently they were fairly much self-contained. Yes, they communicated with the Internet and manufacturers’ control networks and as such they were hackable. We saw hackers demonstrate that they could take control of a Jeep and run it off the road.

This triggered a recall of 1.4 million cars by Chrysler in order to patch the operating system.

But they were somebody else's problem in that they didn't communicate with your network, so were not one of your endpoints. But car manufacturers, including Ford, are developing on-board systems to allow you to carry out vital activities like turning on your smart kettle whilst on the road.

This requires them to connect via the Internet to your own network. On the one hand, that kettle might be ever so smart in that it carries significantly more processing power than the 64 Kb memory operating at 0.043 MHz in the Apollo guidance system that put man on the moon. On the other hand, it's not smart enough to be fully secured against man-in-the-middle attacks that will allow a hacker to penetrate your network.

And once they are in, will they be able to access your car sitting in the driveway and steal it? It doesn't really matter how secure Ford makes your car, if your kettle is going to leave the door open. Why? Why is it that the Internet of Things is so woefully behind the curve regarding security?To start with, your average kettle manufacturer doesn't have a great pedigree in network security.

They might make an awesomely efficient kettle but in the current climate they will find it difficult to find and employ a suitable security expert.

They are also in a rush.

They have just come up with the world saving idea of adding internet connectivity to your kettle, so obviously they are in a huge rush to get it to market before everyone else thinks of it and beats them to it.

And of course, functionality will always beat security. No one wants to go through multi-factor authentication every time they want a cup of tea. So what can you do about it? Purchase (and attach to your network) with care. When it comes to the Internet of Things, you are putting your trust in the hands of others.

There is little that you personally can do to ensure that your TV, kettle, car, fridge, etc., etc. is secure. One piece of advice is to look out for names that you feel you can trust with security. Manufacturers are starting to come up with solutions for these gaping security holes.

Gemalto, for example, is emerging as a front runner in the field of IoT security.

They have hardware modules, platforms and service solutions that allow you to connect and protect any machine-to-machine or electronic consumer device.

They are currently working with all sorts of OEMs, mobile network operators and industrial manufacturers in various markets. http://www.gemalto.com/iot Barracuda Networks felt the need to bring out a brand new range of products designed to protect the Internet of Things and Machine to Machine connectivity.

Their S Series currently includes Barracuda NextGen Firewall Secure Connector 1 (SC1) and the Barracuda NextGen Secure Access Concentrator (SAC).

These two appliances will make it a lot easier and infinitely more secure for enterprises to benefit from and roll-out largescale deployments of devices like Automated Teller Machines (ATMs), point-of-sale kiosks, wind power stations and networked industrial machines in remote locations. https://www.barracuda.com/products/nextgenfirewall-s Another well-known name in security, Kaspersky Lab, is making a move in the automotive space and is currently in talks with most of the world’s car manufacturers, particularly around the area of securing self-driving cars.

They are looking to secure not only the industrial controls of the production process but also the connected car. Kaspersky Lab is coming at this from a great place as they are already involved in protecting Ferrari.

Aside from the usual endpoint protection they also integrate with existing complex infrastructure, including industrial technologies and mobile devices.
In future, if your car is protected by Kaspersky, then you can probably be pretty sure your kettle can’t steal it! http://www.techworld.com/news/startups/kaspersky-looks-secure-self-driving-cars-factories-theyre-made-in-3615206/ You can also do some research on good old Google.

Thinking about stuffing a EZCast Streamer in your TV’s USB port? A quick check online will find a recent report from Check Point which revealed that the wi-fi network the EZCast sets up, can easily be breached, allowing the attacker access to your main network, where they can wreak havoc or steal confidential data.
So don't be in a rush to buy.

And check it out before you do. http://blog.checkpoint.com/wp-content/uploads/2015/12/EZCast_Report_Check_Point.pdf One important thing to check is whether the firmware on the product you are buying can be updated. Users of SimpliSafe wireless home alarm systems recently found out that the system is stupidly easy to hack with basic sniffing equipment, allowing its PIN to be grabbed from 30 metres away.

But to really rub salt into the wounds, the hardware apparently cannot be patched or updated to overcome the vulnerability, which leaves owners with no choice but to junk their system. http://thehackernews.com/2016/02/hack-home-security-alarm.html So what’s the best tactic if you don’t want to fall victim to security weaknesses in your clever consumer devices, intelligent cars and machine-to-machine equipment which makeup the Internet of Things? The best advice would be to try and resist the frivolous items like kettles and door bells and stick to things made by reputable manufacturers, preferably ones that have some sort of pedigree in networking. ENDS About the authorBarry Mattacott is marketing director of Wick Hill Group, which is based in Woking, Surrey and Hamburg Germany. Wick Hill Group is part of Rigby Private Equity (RPE), a subsidiary of Rigby Group Investments, an independent company within Rigby Group plc.
Specialist distributor Zycko is also part of RPE, and in co-operation with Zycko, Wick Hill can offer a pan-European service which provides a common proposition and consistent delivery for vendor and reseller partners covering 13 countries. Users of products sourced through Wick Hill include most of the Times Top 1000 companies, in addition to many non-commercial organisations, government departments and SMEs across all business sectors.

Through its channel partners, the company has delivered IT solutions to more than a million users world-wide. Wick Hill currently has offices in Woking, Surrey, with sister offices in Hamburg. ENDS For further press information, please contact Annabelle Brown on 01326 318212, email pr@wickhill.com, Wick Hill https://www.wickhill.com or www.twitter.com/wickhill.

For pic of Barry Mattacott please go to https://www.wickhill.com/company/press/pictures or contact Annabelle Brown.
Updated nss packages that fix one security issue are now available forRed Hat Enterprise Linux 5.Red Hat Product Security has rated this update as having Critical securityimpact.

A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available from the CVE link in theReferences section. Network Security Services (NSS) is a set of libraries designed to supportthe cross-platform development of security-enabled client and serverapplications.A heap-based buffer overflow flaw was found in the way NSS parsed certainASN.1 structures.

An attacker could use this flaw to create a speciallycrafted certificate which, when parsed by NSS, could cause it to crash, orexecute arbitrary code, using the permissions of the user running anapplication compiled against the NSS library. (CVE-2016-1950)Red Hat would like to thank the Mozilla project for reporting this issue.Upstream acknowledges Francis Gabriel as the original reporter.All nss users are advised to upgrade to these updated packages, whichcontain a backported patch to correct this issue.

For the update to takeeffect, all applications linked to the nss library must be restarted, orthe system rebooted. Before applying this update, make sure all previously released erratarelevant to your system have been applied.For details on how to apply this update, refer to:https://access.redhat.com/articles/11258RHEL Desktop Workstation (v. 5 client) SRPMS: nss-3.19.1-4.el5_11.src.rpm     MD5: 544778df37f1d2d9ce9e11098bc3b210SHA-256: e2ed10921358fe438dc597b79575e0288375277682c1f794f616d118703cec72   IA-32: nss-debuginfo-3.19.1-4.el5_11.i386.rpm     MD5: d8f4b1ead7c0738185923b7485a9f4f1SHA-256: e1dca4fae0064ec73069503185f570703b50abe5d1186e83465d84fbc0ad01dd nss-devel-3.19.1-4.el5_11.i386.rpm     MD5: e9ac998fc83624b5e42b8ef508c70db4SHA-256: 7d77d7819b16fc71965ed86ca7e10f6be48c5997a13512fb8d77f56d3bf13b74 nss-pkcs11-devel-3.19.1-4.el5_11.i386.rpm     MD5: 472d167a003745770ca3d0b7c7109ed4SHA-256: 333a39e4714a367ac8f46a26c3adb6981b8e54b09b4a241c43a84c0a2a8195fd   x86_64: nss-debuginfo-3.19.1-4.el5_11.i386.rpm     MD5: d8f4b1ead7c0738185923b7485a9f4f1SHA-256: e1dca4fae0064ec73069503185f570703b50abe5d1186e83465d84fbc0ad01dd nss-debuginfo-3.19.1-4.el5_11.x86_64.rpm     MD5: 45061cba17fae1dfe581a415d44773bfSHA-256: 72a6d9440442e9e6765d9f22877b72a83bfa00dcfe9a704b50e565f69795d1d3 nss-devel-3.19.1-4.el5_11.i386.rpm     MD5: e9ac998fc83624b5e42b8ef508c70db4SHA-256: 7d77d7819b16fc71965ed86ca7e10f6be48c5997a13512fb8d77f56d3bf13b74 nss-devel-3.19.1-4.el5_11.x86_64.rpm     MD5: 4d831042af7dfa6e80ad6bf9579cd4efSHA-256: 65ddd0935783f0ac00c61fd3e13d7fb6509f01d3afa423c7dbfdb4c3aabc4281 nss-pkcs11-devel-3.19.1-4.el5_11.i386.rpm     MD5: 472d167a003745770ca3d0b7c7109ed4SHA-256: 333a39e4714a367ac8f46a26c3adb6981b8e54b09b4a241c43a84c0a2a8195fd nss-pkcs11-devel-3.19.1-4.el5_11.x86_64.rpm     MD5: c1a2ac387761f45260de137e35545280SHA-256: fb02c20684a651c675e5b81fcba40487e1c8e6cfdcb90d261888347980b9bef9   Red Hat Enterprise Linux (v. 5 server) SRPMS: nss-3.19.1-4.el5_11.src.rpm     MD5: 544778df37f1d2d9ce9e11098bc3b210SHA-256: e2ed10921358fe438dc597b79575e0288375277682c1f794f616d118703cec72   IA-32: nss-3.19.1-4.el5_11.i386.rpm     MD5: 83ca14029531b9d549bb8df9f5aac525SHA-256: 450dd70148a25759d516bb7f9ee6864a8038221cd23cffa78dd4c97a6fcaf5b2 nss-debuginfo-3.19.1-4.el5_11.i386.rpm     MD5: d8f4b1ead7c0738185923b7485a9f4f1SHA-256: e1dca4fae0064ec73069503185f570703b50abe5d1186e83465d84fbc0ad01dd nss-devel-3.19.1-4.el5_11.i386.rpm     MD5: e9ac998fc83624b5e42b8ef508c70db4SHA-256: 7d77d7819b16fc71965ed86ca7e10f6be48c5997a13512fb8d77f56d3bf13b74 nss-pkcs11-devel-3.19.1-4.el5_11.i386.rpm     MD5: 472d167a003745770ca3d0b7c7109ed4SHA-256: 333a39e4714a367ac8f46a26c3adb6981b8e54b09b4a241c43a84c0a2a8195fd nss-tools-3.19.1-4.el5_11.i386.rpm     MD5: 4dc8eec54f5690c46382ff359057ab2aSHA-256: 8fe0677dc573438c67b08a066581839480190c417fd42f45b426bf9a35a27693   IA-64: nss-3.19.1-4.el5_11.i386.rpm     MD5: 83ca14029531b9d549bb8df9f5aac525SHA-256: 450dd70148a25759d516bb7f9ee6864a8038221cd23cffa78dd4c97a6fcaf5b2 nss-3.19.1-4.el5_11.ia64.rpm     MD5: a35672e89acaa20191c2a1d75da4cf71SHA-256: 27ea8e9c557bd3ec8ee5c1f44c9c73a44e55887d83216f6b529c6cb78c95fdd7 nss-debuginfo-3.19.1-4.el5_11.i386.rpm     MD5: d8f4b1ead7c0738185923b7485a9f4f1SHA-256: e1dca4fae0064ec73069503185f570703b50abe5d1186e83465d84fbc0ad01dd nss-debuginfo-3.19.1-4.el5_11.ia64.rpm     MD5: ac3a0adacec8c1952bc40e06d3435bdfSHA-256: 192132ea5cc4e1ba95fdd88208fbf20b0f9b55bbbfe86e749f060a9c30b83c3f nss-devel-3.19.1-4.el5_11.ia64.rpm     MD5: b002cc06061fe42fa347d0c058ea4811SHA-256: 6a9a2d5772f1ed63cbd4c26a5614ece8fe687840ca3da17d1fb114864085852c nss-pkcs11-devel-3.19.1-4.el5_11.ia64.rpm     MD5: 2a10e4e1437184cd437d1a43b5501d0cSHA-256: 47c9c10468f87486ecda09fde342a1a5279d2fddc83d20fb090ac8bfa73c82a6 nss-tools-3.19.1-4.el5_11.ia64.rpm     MD5: 12b8332fe8ac7dc222bb58d44e3708cdSHA-256: 501dba43ca3c730875eb36dfaadebed45504d76fd1a7ca08b7f8a52127d2c097   PPC: nss-3.19.1-4.el5_11.ppc.rpm     MD5: 5f7cba235a6dfda6d50ca13db34ce18dSHA-256: b25d4537c0b393d46ec963030f6fc920e062f70a38dc63ff575a7fc875dd03cf nss-3.19.1-4.el5_11.ppc64.rpm     MD5: f4e685a10dfcf8347dad8d1a2a644933SHA-256: d037cd5df70a5548f0f6fb385e0cdfaa45c1a08ba0c3377c0e39461925b08d68 nss-debuginfo-3.19.1-4.el5_11.ppc.rpm     MD5: 63f5dcca54604214dc325f4b611ab278SHA-256: 3232b8e8c0ca0442031caf6ee5cfc59b164ddbae71ea0647877d8e000a20dc93 nss-debuginfo-3.19.1-4.el5_11.ppc64.rpm     MD5: 202e7f031d0f9c208146a3122d6e2254SHA-256: a935fa28c0fe4abd58ee34124089aa04c36f83032b86ca2425b03773b0e412e0 nss-devel-3.19.1-4.el5_11.ppc.rpm     MD5: baf4fc80ff841213fd3a7c3a67960cdcSHA-256: f34e24e14ba59f3d4c6cfe02155fe10bbb4ad62a8d41e356477a22ef35f84238 nss-devel-3.19.1-4.el5_11.ppc64.rpm     MD5: 914d98205a78f05982fc15b82f5eaf73SHA-256: f25ab7119e9df59585263f5fabc8ca336d592d16ef2e742ad0cbcf9b83a4ae6f nss-pkcs11-devel-3.19.1-4.el5_11.ppc.rpm     MD5: 818fad2e71a84adfc38100213c7a45dcSHA-256: 8e0c8f779047f96ed7511e28b159e4dfc4aa2fbd6e3aaf6f6529d7c30afe0b74 nss-pkcs11-devel-3.19.1-4.el5_11.ppc64.rpm     MD5: 5bc98dee078cc79717e2f213d0bfc727SHA-256: 55fe6615b778c780abf646158796a8e4d659205dc2f3bb55b5d58dddedf51450 nss-tools-3.19.1-4.el5_11.ppc.rpm     MD5: 18b786adc652500b133554e106a5d1eaSHA-256: 160ef3d5462c29caaaba55dafdaea301158c696a3671f9195a0683f858b76200   s390x: nss-3.19.1-4.el5_11.s390.rpm     MD5: 6952cec820827c2a220c5dd037bceb68SHA-256: 0c6e38e62e89941560c23c04f2a6bbc1015a484f8859719d323680f1de3574c1 nss-3.19.1-4.el5_11.s390x.rpm     MD5: 791a8d37c6cba0c5a1dfed5b2d05f984SHA-256: 203c91421553c236aa4510142607ad9faa771e3ede0b4ea1f189e21d447feb46 nss-debuginfo-3.19.1-4.el5_11.s390.rpm     MD5: 5a3c7b1fb3d3cd3ca8715ecf68c57c27SHA-256: c72d63adf72c06f88911d929276e94f8e178629a66b01ca12eddfa25df7da77c nss-debuginfo-3.19.1-4.el5_11.s390x.rpm     MD5: bb2633f65366110d759fe4a52c048ae5SHA-256: efd7c0a5246413c2b753a562948d24ca4c30746925281295ef4fbc34cf749f41 nss-devel-3.19.1-4.el5_11.s390.rpm     MD5: 9624cff8b5026550f9d649ea5a64e56fSHA-256: e954423ebfc1da59eaf7323b08824d8eac9757e8944dd6dcbd1546eedd98392a nss-devel-3.19.1-4.el5_11.s390x.rpm     MD5: ee26742a2127da92358babfd40a579e6SHA-256: e6969d38708320399711a4d97829d92643899420cfd11608eafe12437435474e nss-pkcs11-devel-3.19.1-4.el5_11.s390.rpm     MD5: c19938f16265b38c90a1180a6a06d044SHA-256: 73506eaa4e80c3bd63fc77724d5861a7d2c8288d1042057629e5630b6f0f7612 nss-pkcs11-devel-3.19.1-4.el5_11.s390x.rpm     MD5: de2245af4b71574cbaef743c42af6c5fSHA-256: ed427c79215cfc23771c775776ea90e4d10601f069f65e41806f6dabda2caade nss-tools-3.19.1-4.el5_11.s390x.rpm     MD5: 8f3644756fef8157ab0459a4829562b2SHA-256: 7a9873d6f863882a8456341af4ac51c03b4f88586872accb5143c2865f0b2f8a   x86_64: nss-3.19.1-4.el5_11.i386.rpm     MD5: 83ca14029531b9d549bb8df9f5aac525SHA-256: 450dd70148a25759d516bb7f9ee6864a8038221cd23cffa78dd4c97a6fcaf5b2 nss-3.19.1-4.el5_11.x86_64.rpm     MD5: 4976117843e939b48d8944c3d863c2b3SHA-256: 943076eece09883a2319211f72064bb9cbd3ca45ee8f0d754a58e0a91e38ea8b nss-debuginfo-3.19.1-4.el5_11.i386.rpm     MD5: d8f4b1ead7c0738185923b7485a9f4f1SHA-256: e1dca4fae0064ec73069503185f570703b50abe5d1186e83465d84fbc0ad01dd nss-debuginfo-3.19.1-4.el5_11.x86_64.rpm     MD5: 45061cba17fae1dfe581a415d44773bfSHA-256: 72a6d9440442e9e6765d9f22877b72a83bfa00dcfe9a704b50e565f69795d1d3 nss-devel-3.19.1-4.el5_11.i386.rpm     MD5: e9ac998fc83624b5e42b8ef508c70db4SHA-256: 7d77d7819b16fc71965ed86ca7e10f6be48c5997a13512fb8d77f56d3bf13b74 nss-devel-3.19.1-4.el5_11.x86_64.rpm     MD5: 4d831042af7dfa6e80ad6bf9579cd4efSHA-256: 65ddd0935783f0ac00c61fd3e13d7fb6509f01d3afa423c7dbfdb4c3aabc4281 nss-pkcs11-devel-3.19.1-4.el5_11.i386.rpm     MD5: 472d167a003745770ca3d0b7c7109ed4SHA-256: 333a39e4714a367ac8f46a26c3adb6981b8e54b09b4a241c43a84c0a2a8195fd nss-pkcs11-devel-3.19.1-4.el5_11.x86_64.rpm     MD5: c1a2ac387761f45260de137e35545280SHA-256: fb02c20684a651c675e5b81fcba40487e1c8e6cfdcb90d261888347980b9bef9 nss-tools-3.19.1-4.el5_11.x86_64.rpm     MD5: e6937b5083bac59f1f9a23eeeb650f43SHA-256: 8076efffecd7eb91da1bb1115921bfd4b250e599597c1daeb920a9e620fa7550   Red Hat Enterprise Linux Desktop (v. 5 client) SRPMS: nss-3.19.1-4.el5_11.src.rpm     MD5: 544778df37f1d2d9ce9e11098bc3b210SHA-256: e2ed10921358fe438dc597b79575e0288375277682c1f794f616d118703cec72   IA-32: nss-3.19.1-4.el5_11.i386.rpm     MD5: 83ca14029531b9d549bb8df9f5aac525SHA-256: 450dd70148a25759d516bb7f9ee6864a8038221cd23cffa78dd4c97a6fcaf5b2 nss-debuginfo-3.19.1-4.el5_11.i386.rpm     MD5: d8f4b1ead7c0738185923b7485a9f4f1SHA-256: e1dca4fae0064ec73069503185f570703b50abe5d1186e83465d84fbc0ad01dd nss-tools-3.19.1-4.el5_11.i386.rpm     MD5: 4dc8eec54f5690c46382ff359057ab2aSHA-256: 8fe0677dc573438c67b08a066581839480190c417fd42f45b426bf9a35a27693   x86_64: nss-3.19.1-4.el5_11.i386.rpm     MD5: 83ca14029531b9d549bb8df9f5aac525SHA-256: 450dd70148a25759d516bb7f9ee6864a8038221cd23cffa78dd4c97a6fcaf5b2 nss-3.19.1-4.el5_11.x86_64.rpm     MD5: 4976117843e939b48d8944c3d863c2b3SHA-256: 943076eece09883a2319211f72064bb9cbd3ca45ee8f0d754a58e0a91e38ea8b nss-debuginfo-3.19.1-4.el5_11.i386.rpm     MD5: d8f4b1ead7c0738185923b7485a9f4f1SHA-256: e1dca4fae0064ec73069503185f570703b50abe5d1186e83465d84fbc0ad01dd nss-debuginfo-3.19.1-4.el5_11.x86_64.rpm     MD5: 45061cba17fae1dfe581a415d44773bfSHA-256: 72a6d9440442e9e6765d9f22877b72a83bfa00dcfe9a704b50e565f69795d1d3 nss-tools-3.19.1-4.el5_11.x86_64.rpm     MD5: e6937b5083bac59f1f9a23eeeb650f43SHA-256: 8076efffecd7eb91da1bb1115921bfd4b250e599597c1daeb920a9e620fa7550   (The unlinked packages above are only available from the Red Hat Network) 1310509 - CVE-2016-1950 nss: Heap buffer overflow vulnerability in ASN1 certificate parsing (MFSA 2016-35) These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
In data transmission, bandwidths in the Gigabit range call for new IT security solutions.

This applies in particular to traditional unified threat management (UTM) firewalls, which have limited performance.

At this year's CeBIT, the IT security company Rohde & Schwarz Cybersecurity will present an innovative solution that for the first time meets the challenges posed by higher bandwidths: the UTM+ firewall series with an integrated next-generation engine.

The integrated software also comes with high-end features.Munich, March 8, 2016 — The UTM+ firewall series was designed especially for the needs of medium sized businesses.
It is just as powerful as a next-generation firewall (NGFW) due to the integrated single-pass technology. While the efficiency of a traditional UTM appliances ends in the megabit range, UTM+ appliances provide performance in the Gigabit range.

And they offer even more: the UTM+ models are easy-to-use, all-in-one solutions and are significantly less expensive than next-generation firewalls. In addition to single-pass technology, further high-performance next-generation firewall features were integrated into the new UTM+ solution.

These include, for example, security mechanisms such as port-independent SSL decryption for automatic analysis of encrypted data traffic.

The permanent layer 7 scanner ensures complete and continuous analysis of data packets – even after successful validation.

The application control feature allows a fine-grained analysis of network traffic.

The firewall operating system is additionally protected with a highly secure firewall container system. Like all new Rohde & Schwarz Cybersecurity products to be showcased at CeBIT, the UTM+ firewalls follow the innovative approach "security by design", which prevents attacks proactively rather than reactively. Security certificate: made in GermanyAt CeBIT 2016, the Rohde & Schwarz security companies gateprotect, Sirrix, Rohde & Schwarz SIT and ipoque will, for the first time, bundle their broad ranges of technologically leading IT and network security solutions under the umbrella of the new Rohde & Schwarz Cybersecurity GmbH.

The first product of this new big player is the UTM+ V16. The UTM+ V16 is the improved successor model to the successful GP series with V15 software from gateprotect.

The V16 software is not only more powerful, but can be optically recognized as a Rohde & Schwarz product.
Instead of the familiar red, it now comes in the blue and gray Rohde & Schwarz corporate colors. Rohde & Schwarz Cybersecurity, a 100 % subsidiary of the Rohde & Schwarz electronics group, develops and manufactures its products exclusively in Germany.

Customers can therefore rely on the stringent German quality and data protection standards as well as maximum performance for all Rohde & Schwarz Cybersecurity products. Contact:Svenja Borgschulte, Tel.: +49 (0)221 801087 85, Fax: +49 (0)221 801087 77, E-Mail: sb@moeller-pr.de Kontakt für Leser:Christian Reschke, Tel.: +49 (0)30 65884 232, Fax: +49 (0)30 65884 184, E-Mail: christian.reschke@rohde-schwarz.com https://cybersecurity.rohde-schwarz.com/de CeBIT 2016 in Hanover, March 14 to 18 hall 6/booth G16 Rohde & Schwarz CybersecurityThe IT security company Rohde & Schwarz Cybersecurity protects companies and public institutions around the world against espionage and cyberattacks.

The company offers high-end encryption solutions, next-generation firewalls, network traffic analytics and endpoint security software in addition to producing cutting-edge technical solutions for IT and network security.

These “Made in Germany” IT security solutions range from compact all-in-one products to custom solutions for critical infrastructures.

The “security by design” approach, which employs a proactive rather than reactive approach to dealing with cyberattacks, is central to the development of trusted IT solutions.

Around 400 employees work at the current sites in Berlin, Bochum, Darmstadt, Hamburg, Leipzig, Munich and Saarbrücken. R&S® is a registered trademark of Rohde & Schwarz GmbH & Co. KG.All press releases are available online at https://cybersecurity.rohde-schwarz.com/de.Image material can also be downloaded there.
Pirates like those shown here aboard a dhow in waters off western Malaysia in January 2006 were using data stolen from a shipping company's systems to target cargo ships and steal specific crates of valuables in hit-and-run attacks.US Navy When the terms "pirate" and "hacker" are used in the same sentence, usually it's a reference to someone breaking digital rights management on software.

But that wasn't the case in an incident detailed in the recently released Verizon Data Breach Digest report, unveiled this week at the RSA security conference. Verizon's RISK security response team was called in by a global shipping company that had been the victim of high-seas piracy aided by a network intrusion. The shipping company experienced a series of hit-and-run attacks by pirates who, instead of seeking a ransom for the crew and cargo, went after specific shipping containers and made off with high-value cargo. "It became apparent to the shipping company that the pirates had specific knowledge of the contents of each of the shipping crates being moved," the RISK team recounted in the report. "They’d board a vessel, locate by bar code specific sought-after crates containing valuables, steal the contents of that crate—and that crate only—and then depart the vessel without further incident." The targeted nature of the attack made it clear to the shipper that the pirates were somehow getting intelligence directly from their computer systems.

The response team discovered that the company used a "homegrown" Web-based content management system (CMS) to manage bills of lading for their cargo ships.

An examination of network traffic to the CMS revealed a Web shell script had been uploaded to the server through a vulnerability in the software.

The shell script backdoor gave attackers remote access to the server, allowing the upload and download of files—in this case, specifically downloading the bills of lading for the company's ships.

The attackers had compromised a number of system passwords in the process as well. However, the attackers made a number of mistakes.

The shell script used straight HTTP rather than taking advantage of the site's SSL encryption—so the contents of the traffic was easily discovered by packet captures. "We were ultimately able to capture every command the threat actors issued, which painted a very clear picture," the RISK team wrote. "These threat actors, while given points for creativity, were clearly not highly skilled.

For instance, we found numerous mistyped commands and observed that (they) constantly struggled to interact with the compromised servers." While they had managed to get initial access to a number of servers, the attackers weren't able to install shell scripts on them because of a network security appliance. Ultimately their activities were limited to the server they had initially gained access through. But their most damning mistake? "The threat actors also showed a lack of concern for their own operational security by failing to use a proxy and connecting directly from their home system," the RISK team noted.

The shipping company shut down the server to fix the vulnerability, and they then blocked the IP address of the pirate's hacker—ending the targeted attacks.
A good cyber-insurance policy can help enterprises weather storms more effectively when a data breach or network security failure has occurred.

Cyber-insurance, now being offered by virtually all the major insurance companies, protects businesses and individual users from Internet-based risks—mainly ones relating to IT infrastructure and access to it. Risks like these are typically excluded from traditional commercial general liability policies, or at least are not specifically defined in traditional insurance products.

Cyber-insurance policies may include first-party coverage against losses such as data destruction, extortion, theft, hacking and denial-of-service attacks.

A policy may feature liability coverage indemnifying companies for losses to others caused by things like errors and omissions, failure to safeguard data or defamation.
In this eWEEK slide show, published with permission from CISO trade publication SecurityCurrent, 10 chief information security officers (CISOs) from various industries share insight on the future of cyber-insurance and tips for success. However, the adoption of cyber-insurance comes with a number of caveats, making it imperative for CISOs to take an active role in procuring policies.
Titan’s Hyperion PCIe card integrated into Xanadata’s Typhon accelerated threat detection solutionRSA SHOW, SAN FRANCISCO Calif., Mar. 1st, 2016 — Titan IC Systems, a pioneer in cyber security and a spin-out out of Queens’ University Belfast’s Centre for Secure Information Technologies (CSIT), today announced is partnering with Xanadata, who design, develop and deploy custom systems that rapidly unlock information in unstructured data. The Titan IC Hyperion platform is a PCI Express product designed for high performance, low latency RegEx processing for content inspection.

The 40Gbps version has been integrated in Typhon, Xanadata’s Accelerated Threat Detection solution (ATD). Noel McKenna, CEO, Titan, said, “This is a really exciting partnership.

The solution means people can rapidly compare network history against today’s best threat intelligence.” He continued, “We’ve successfully addressed the issue of how to analyze very large data logs in an economic and portable solution.” “We’re delighted to be working with Titan.

Together our technologies can analyze months of network data in a few minutes giving users vital information regarding threat actor activity.”, Richard Benson, Xanadata CEO, said. “The joint solution gives an understanding of the level of network compromise, but crucially, it achieves this in a portable form factor meaning customers do not need to send sensitive information to the cloud.” Titan and Xanadata will be demonstrating the solution at RSA (San Francisco, March 1-3) and Security & Policing (Farnborough, UK March 8-10). - ENDS - About Titan IC SystemsTitan IC Systems is a spin-out from the Institute of Electronics, Communications and Information Technology (CSIT) at Queen's University Belfast, focusing on the development of unique technologies for complex regular expression processing in hardware. Titan’s Helios solution is a unique, fully scalable soft IP core bringing hardware accelerated regular expression processing to a FPGA platform.

Titan Hyperion is a PCI Express product designed for high performance, low latency RegEx processing for content inspection at speeds of up to 40Gb/s. Press contactNoel McKennainfo@titanicsystems.com+44 (0)28 9045 3512 About XanadataXanadata are a data analytics solutions provider who develop systems to extract valuable insights from unstructured data up to 10,000 times faster than current solutions, enabling analytics of Tera-bytes of logs in a few minutes.

The Xanadata Typhon cyber security solution gives users unprecedented clarity on exactly which threat actors has connected to a corporate network over the network history, all in a portable form factor that brings the compute to the data neutralizing data security fears. Xanadata have a number of tier 1 customers spanning financial sector, cyber security, defense and enterprise and have engaged at all levels from nation state to small enterprise. Xanadata is the trading name of New Spider Labs ltd. Press contactRichard Benson+44 20 7193 4440info@xanadata.com
Vera, which means "truth" in Latin and is the core of the term "verify," is providing a promising new data- and file-centric security approach. Startup security provider Vera, whose brand of data protection is nothing short of extremely granular, has c...
New top-of-the-range Firebox M4600 and M5600 provide security, speed and flexibility for distributed enterprises24 February 2016 – WatchGuard® Technologies has announced the release of its highest performing Firebox® M4600 and M5600 Unified Threat Management (UTM) appliances. WatchGuard’s M4600/M5600 firewalls offer flexible port modularity and redundant power supplies, making them a perfect fit for organisations with large and often distributed environments that require fast speed, flexibility and reliability. WatchGuard M4600/5600 High performance and functionality combined with affordability make these new appliances ideal for hub-and-spoke infrastructures.

Typically deployed at the corporate headquarters, they serve as the hub appliance, responsible for managing and securing all communications with remote business sites and employees. “Organisations need high performance UTM security solutions with fast speeds to quickly scale and operate seamlessly across their networks,” said Brendan Patterson, director of Product Management at WatchGuard. “They shouldn’t have to sacrifice performance for security – anywhere in their network. Our Fireboxes consolidate critical network and security functions into a single, centrally managed UTM platform that is easy to set up, deploy and manage.” The Firebox M4600/M5600 appliances provide greater port density options that enable IT professionals to add additional network modules with more fibre or copper ports.

Each appliance has two available slots for expansion modules and options for 4x10Gb fibre, 8x1Gb copper, or 8x1Gb fibre. Network modularity empowers IT pros to customise the port configuration to meet their needs, while ensuring the flexibility to adapt the firewall as their network evolves. "With the new WatchGuard Firebox M4600 and M5600 appliances, we can offer our customers enterprise-grade network security and the ability to maintain visibility across their entire network using the fastest, highest performing UTM solution on the market,” said Dave Ashton, sales manager at WatchGuard UK partner Sec-1. “Companies are increasingly distributed with more remote offices and employees on the move or home workers.

The WatchGuard firewalls deliver the protection, performance and flexibility needed to meet all these demands in a single appliance.” Standard with all WatchGuard appliances is access to Dimension, the company's award-winning, actionable threat intelligence platform.

Dimension aggregates data from all WatchGuard appliances across a customer's network and translates that data into visually rich and actionable information. With Dimension, customers can easily see not only what is going on in their network but proactively take steps, faster than ever before, to update their security policies immediately, right from the reporting dashboards, to stop malicious sites, applications and users. Additional ResourcesInteractive Firebox M4600/M5600 Customization Online ToolFirebox M4600/M5600 DatasheetWatchGuard Product MatrixWatchGuard Security Center blog For a technical brief, please click here http://www.watchguard.com/docs/tech/wg_modularity_tb.pdf About WatchGuard Technologies, Inc.WatchGuard® Technologies, Inc. is a global leader of integrated, multi-function business security solutions that intelligently combine industry-standard hardware, best-in-class security features, and policy-based management tools. WatchGuard provides easy-to-use, enterprise-grade protection to hundreds of thousands of businesses worldwide. WatchGuard is headquartered in Seattle, Wash. with offices throughout North America, Europe, Asia Pacific, and Latin America.

To learn more, visit WatchGuard.com. For additional information, promotions and updates, follow WatchGuard on Twitter @WatchGuardTech on Facebook, or on the LinkedIn Company page. WatchGuard is a registered trademark of WatchGuard Technologies, Inc.

All other marks are property of their respective owners. Rowena Case, UK Marketing ManagerWatchGuard Technologies0203 608 9070rowena.case@watchguard.com Peter Rennison / Allie AndrewsPRPR01442 245030pr@prpr.co.uk / allie@prpr.co.uk
The former head of Israel's version of the National Security Agency pushes forward with cyber-security accelerator effort. There are companies that build technologies, and then there are the organizations that actually build companies.

Team8 belongs to...
Imagine this scenario: Men in dressed in sharp-looking suits show up and claim to know details of your business and the kinds of security problems your organization has.

They are Windows networking experts and want to fix those issues that made a breach possible.Except those suits aren't being helpful.
Instead, they are likely from the Poseidon Group, a Brazilian cyber crime outfit that stealthily attacks organizations, steals information, and then manipulates the victims into hiring them to secure the network, said Kaspersky Lab researchers Juan Andres Guerrero-Saade, Santiago Pontiroli, and Dmitry Bestuzhev at the Kaspersy Lab Security Analyst Summit.

The group steals data from infected networks with a customized malware signed with digital certificates and containing a PowerShell agent.Poseidon uses a combination of custom malware and spear phishing in English and Portuguese to steal information.

The "treasure stealer" malware, also known as IGT, comes with a file deletion utility, a PowerShell agent, a SQL data compiler, and information gathering tools for stealing data such as user credentials, group management policies, and system logs.PowerShell lets the attackers execute the commands and to look like normal network activity while poking around.

The malware connects to a command-and-control server and sends information about the infected Windows system such as the operating system version, username, and hostname."By doing this, the attackers actually know what applications and commands they can use without alerting the network administrator during lateral movement and exfiltration," the researchers said.The Poseidon name reflects the fact the espionage group operates "on all domains: land, air, and sea," said Bestuzhev.

Command and control servers have been found inside Internet service providers providing Internet services to ships at sea by hijacking satellites. Other command and control servers have been found inside ISPs providing traditional wireless connections.

The group started hijacking satellites in 2013 to gain anonymity.Windows experts on the prowlThe attackers focused on group management policy and domain rules to get to know the network and use the uncovered information to create the backdoor.

After grabbing the data, the attackers delete the malware from the infected system. Since the malware has a very short life, Poseidon was able to evade detection for a long time. Researchers have found four versions of IGT so far.The attackers used WRI files, which is associated with Microsoft Write, an old text editor found in older versions of Windows.

The use of this obscure file extension was pretty clever, since many organizations specify their email policies to block attachments with extensions such as .exe.
Very few administrators would think to block .WRI, and most antivirus engines won't scan those files by default, the researchers said.The malware was also capable of hooking into older Windows operating systems, as researchers found references to drivers and hotfixes for Windows NT and Windows 95. Some of the targets in Latin America were still using these ancient operating systems, the researchers said.

This should be another reminder why organizations should not be using outdated systems.

Attackers will find unsupported and insecure systems and exploit the security flaws. The attackers are "experts in all things Windows," said Bestuzhev.The group sent highly targeted spear-phishing emails.
In one attack against an energy company in Kazakhstan, the targeted individual was looking to hire someone for a very specialized position, and the attackers sent a message highlighting specific skills relevant to the role. Once the victim opened the attachment, the malware connects to the command and control server to launch the actual data-stealing malware.Poseidon digitally signed its custom malware with rogue certificates. Researchers have found seven rogue certificates, and it appears the attackers sign the certificates with names of companies the target organization is likely to be familiar with.Poseidon's business practicesThe Poseidon Group is the very first commercial boutique cyber-espionage group based out of Brazil.

The fact that the malware executed only on Brazilian Portuguese Windows systems suggests Poseidon is based in Brazil so that attackers have close proximity to the organizations they plan to blackmail.

The command and control servers were also based in Brazil. Linguistics provided another clue to Poseidon's location.

The language used in the spear-phishing emails use speech patterns associated with Brazilian Portuguese, not the Portuguese spoken in Portugal, said Bestuzhev.

The Windows commands showed language preferences that helped narrow the area down to northern Brazil.Kaspersky researchers believe Poseidon is a commercial attack crew and not a state-sponsored actor.

The group doesn't care about uncovering specific business secrets, just "treasures," or information the organization would consider important and the criminals can monetize.For organizations who decline the security consulting offer, that's not the last they hear from the group.
If the company being blackmailed doesn't take up Poseidon's offer the first time, the group steals some more data and returns with a new offer at a later date."They wait a year to approach [you] again. 'Look what I found for you: Are you ready to work with me?'" said Bestuzhev.Poseidon also uses the stolen data to further the other side of its business, by using the information in various "shadow, but still legal" activities, said Bestuzhev.Kaspersky Lab researchers believe the group has been in operation since at least 2005 and has targeted at least 35 businesses across the financial, telecommunications, manufacturing, services, energy, and media industries. While victims have been found in the United States, France, Kazakhstan, United Arab Emirates, India, and Russia, Poseidon's primary focus is on Brazil-based organizations, or multi-national entities with operations in Brazil."Their techniques used to design attack components have evolved over the past 10 years," the researchers said. "The differences in various elements have made it difficult for researchers to correlate indicators and assemble the puzzle."
IBM has unveiled its new z13s mainframe, which it claims offers encryption at twice the speed as previous mid-range systems, without compromising performanceThe company, which sold its x86 server business to Lenovo, continues to invest in new designs of its mainframe to handle new compute challenges.
It launched in January last year, the z13, its first new mainframe in almost three years, with a new processor design, faster I/O and the ability to address up to 10TB of memory.

The design of the z13 was focused on real-time encryption and embedded analytics.IBM said the z13s, targeted at mid-size organizations and described as the new entry point for the company's z Systems, has an "updated cryptographic and tamper-resistant hardware-accelerated cryptographic coprocessor cards with faster processors and more memory," allowing clients to process twice as many high-volume, cryptographically-protected transactions as before without compromising performance.The company is also packaging with the mainframe threat monitoring based on behavior analytics and multi-factor authentication at the z/OS operating system level, and has also announced more independent software vendors that have integrated their software applications with the z Systems under IBM's partnership program called "Ready for IBM Security Intelligence."The multi-factor authentication for z/OS, the first time such authentication has been integrated into the OS rather than offered as add-on software, requires privileged users to enter a second form of identification like a PIN or randomly generated token to access the system.The z Systems Cyber Security Analytics offering, being developed by IBM Research, learns user behavior and alerts administrators if it detects unusual patterns on the platform.The ISVs IBM has partnered with are BlackRidge Technology, RSM Partners and Forcepoint, which offer technologies in the area of identity-based network security, application readiness and penetration testing, and endpoint security of devices.Although hybrid clouds offer flexibility to customers, they also present new vulnerabilities as more than half of all attackers come from the inside, IBM said.

To avoid the impact of human error or meddling in operations, IBM said it is integrating its mainframe with its security technologies that address privileged identity management, sensitive data protection and integrated security intelligence.The z13s will come in two models – the N10 and N20, IBM said in its FAQ on the mainframe.

The N10 can be configured with up to 10 configurable cores and up to 1TB of memory, while the N20 can go up up to 20 configurable cores and up to 4TB of memory.IBM plans to make the new z13s available in March this year.

The company did not disclose the pricing of the new mainframe.
As RCS ‘takes off’, carriers turn to AdaptiveMobile to proactively secure services and protect usersDALLAS and DUBLIN, 11 February 2016 – AdaptiveMobile, the world leader in mobile network security, today announced that the Company has signed landmark deals with three Tier-1 carriers in North America to protect their strategic RCS messaging infrastructures. RCS has long been projected to be the future of mobile messaging with the 2015 Global Strategic Business Report projecting “the global market for RCS Services to reach US $4.9 billion by 2020.” Google’s acquisition of Jibe Mobile, a leading provider of RCS services, in September is further evidence of the industry’s efforts to bring RCS to a global audience. The rapid uptake of AdaptiveMobile’s RCS security, which uses restful APIs, enables carriers to proactively deploy features such as “identification, authentication, privacy and security” to retain trust in their networks and gain competitive advantage over proprietary messaging Apps such as WhatsApp and Viber. “After many false dawns, we can say with confidence that RCS has finally arrived, as the operator community realise their vision of a global interoperable messaging standard,” commented Brian Collins, CEO of AdaptiveMobile. He continued: “As the industry moves towards NFV and Telco clouds, open security APIs will be increasingly important – and as the world leader in carrier security, AdaptiveMobile is at the forefront of this security revolution.” For more information about AdaptiveMobile’s mobile threat detection and prevention capabilities please visit the website at www.adaptivemobile.com. ###About AdaptiveMobile:AdaptiveMobile is the world leader in mobile network security protecting over one billion subscribers worldwide and the only mobile security company offering products designed to protect all services on both fixed and mobile networks through in-network and cloud solutions. With deep expertise and a unique focus on network-to-handset security, AdaptiveMobile’s award-winning security solutions provide its customers with advanced threat detection and actionable intelligence, combined with the most comprehensive mobile security products available on the market today. AdaptiveMobile’s sophisticated, revenue-generating, security-as-a-service portfolio empowers consumers and enterprises alike to take greater control of their own security.AdaptiveMobile was founded in 2004 and boasts some of the world’s largest mobile operators as customers and the leading security and telecom equipment vendors as partners. The Company is headquartered in Dublin with offices in North America, Europe, South Africa, Middle East and Asia Pacific. Press contact:ACSCom PR (USA)Anne Coyle, +1 857 222 6363adaptivemobile@acscompr.com AxiCom (UK)James Hayward, +44 (0)20 8392 4050adaptivemobile@axicom.com Source: RealWire