WebProWorld IT Forum |
Strange
network printer behaviour
I'm doing some IT work for a company that has a small network of four workstations
and one server. Two of the workstations are new (one's a month old, and one was
just installed yesterday) running Win XP.
Help
with VPN
I have been asked to setup a VPN for my company. We currently have a 3com router,
a domain controller running Windows 2000 Server and a dsl connection. The computers
that will connect via VPN will all have Windows XP Pro.
Am
I safe?
I have just been attacked by a hacker who has succesfully planted the w32.gael
virus on my system. Here's how it happend. A few days ago, a friend came around
to play some network games.
|
|
 |
Recent
Articles |
Trojans
and Backdoors
The Trojan Horse got its name from the old mythical story about how the Greeks
gave their enemy a huge wooden horse as a gift during the war.
NewsGator
Secures RSS
RSS platform company, NewsGator Technologies announced that it will launch NewsGator
Enterprise Server (NGES) in the third quarter.
IBM:
Security Attacks Up 50%
Criminal-driven security attacks and emails with viruses increased by 50% in the
first half of this year according to a report released by IBM today.
Cisco
Tries To End Spreading of Vulnerability Info
Michael Lynn, a former employee of Internet Security Systems (ISS) quit his job
and exposed a vulnerability on Cisco's router operating system.
Network
Forensics is Affordable for Most Businesses
Regulatory requirements such as Sarbanes Oxley or HIPPA along with cyber crime
have heightened the interest in computer security.
PassMark's
SiteKey - Answering The Wrong Question
In my article "Spear-Phishing - New Angles On An Old Game" (http://www.cafeid.com/ art-spear.shtml),
I wrote about a variation on "traditional" e-mail phishing that has proved to
be more effective than random casting of stink-bait into a vast pool of random
e-mail addresses.
Microsoft
Getting FrontBridge Hookup: Secure Messaging
Microsoft announced yesterday they will acquire FrontBridge Technologies Inc.,
a company that provides managed services for corporate email security, compliance
and availability requirements.
|
|
|
08.22.05
Get
Control Of Endpoint Security
 By
Steve Hanna
While you're on a business trip, you use the hotel or conference room wireless
network to check news and request an upgrade. A hacker exploits a new and un-patched
operating system vulnerability to install a rootkit (a virtually undetectable
infection).
You do a web search and end up on a web site that is malicious or has been invisibly
hacked. The site uses a browser vulnerability to install a keystroke logger, capturing
all your activities including passwords.
A co-worker tells you about a great new stock ticker, weather alert, or other
cool doodad. Download it and try it out. Why not? It's free! But it comes with
a pack of spyware.
Something isn't working right. You ask Larry, the computer "expert" in the next
office. He suggests that you turn off your firewall. That did it. Thanks, Larry!
Of course, now you're totally exposed to attacks…
Multiply these scenarios by hundreds or thousands of users and you have an idea
of the risks malware poses for corporate networks today.
Bringing Infections Back to the Office
Employees can access corporate networks and applications from any place at any
time through a variety of devices and access methods. The network perimeter now
includes endpoints at locations around the world, from branch offices to hotel
rooms.
Hackers and attackers no longer need to penetrate a corporate network's tough
perimeter defenses to spread infections. All they need is to find one poorly protected
endpoint roaming outside the corporate firewall. Attackers can then use this machine
as a software version of "Patient Zero" - an ignition point for the spread of
viruses, worms, spyware, Trojan horses, and other infectious agents into a corporate
network. Infected through insecure hotspots, Internet downloads, or other means,
the user carries his infection back to his corporate network when he reconnects,
typically through a secure, trusted connection. This infection then rapidly spreads
to other vulnerable systems within the corporate network, causing a cascade of
infections.
The security of a system on a corporate network is ultimately up to the user.
Even the best user occasionally skips past corporate security procedures, fails
to maintain his system, or otherwise breaks corporate security policies. These
users may be their corporation's next "Typhoid Mary", unknowing carriers for unseen,
incredibly destructive forces that, once they reconnect to their corporate network,
could bring it and their corporation down.
Integrity Checks for Every Device
Traditional perimeter defenses provide strong access control security based on
user and endpoint identification. However, they are unable to shield a corporate
network from infections accidentally spread by authorized users with infected
endpoints.
Endpoint integrity solutions provide critical additional protection. Before a
system or device (an endpoint) can connect to the corporate network, it must pass
an integrity check verifying that it complies with the company's security policies.
This check occurs before the endpoint is allowed to access the corporate network
or even receive an IP address.
Endpoint integrity solutions provide two benefits for networks:
1. They identify, quarantine, and heal "sick", non-secure endpoints
2. They improve the defenses of healthy, compliant endpoints by ensuring
that endpoints connected to the network always have up-to-date and properly configured
security software
Integrity checks should not be restricted to remote access or other "external"
connections. Employees may bring their infected mobile devices into the network
and connect them through any wall jack or access point. So all network access
points should be protected.
How Endpoint Integrity Works
Endpoint integrity solutions work in a variety of ways but the basics are the
same. When a user attempts to connect to a corporate network, the endpoint integrity
solution checks the integrity of the user's endpoint. Some endpoint integrity
solutions also monitor endpoints after network connection to detect any change
in their security status. The endpoint integrity check typically involves checking
the status of the endpoint's security software (anti-virus, anti-spyware, patch
management, personal firewall, and other security products) against the company's
pre-set security policies for those products. Some endpoint integrity checks are
more extensive, verifying all the hardware on the endpoint to make sure it's valid.
In any case, if the endpoint is found to be compliant with the corporate security
policies the endpoint integrity solution allows the endpoint to access the company's
production network.
However, if the endpoint integrity solution detects a deficiency in the security
software on an endpoint, it can immediately quarantine the endpoint, restricting
it to a secure "quarantine network" until this deficiency is cured. Some companies
skip this quarantine step, simply warning non-compliant users. This avoids employee
inconvenience but reduces the security benefits.
A simple corporate security policy might state that all endpoints must have their
virus definitions updated at least once a week. If a particular endpoint's virus
definitions haven't been updated in two weeks, then the endpoint could be quarantined.
Read
the Rest of the Article.
About the Author:
Steve Hanna, senior engineer for leading network access security solutions provider
Funk Software, helped develop the open endpoint integrity industry standard created
by the Trusted Computing Group’s Trusted Network Connect (TNC) Subgroup.
For more information on endpoint integrity, visit www.Funk.com,
or visit www.TrustedComputingGroup.org |
