Note : This is a guest post by a fellow blogger.

The proliferation of the internet has knocked down barriers around the world.  Someone in New York City can do business with someone in Tokyo without ever seeing their face or hearing their voice through the internet.  With all the possibilities available on the web there are also dangers lurking out there as well.  It’s important that you protect yourself when you’re doing anything on the internet. 

People are out there that steal other people’s identities through internet fraud.  While we’re not trying to scare you with these thoughts it’s important that you take the proper steps to protect yourself.  Here are a few tips for you to consider when you’re surfing the net:

1. Be careful with attachments.  Under no circumstances should you open an attachment from an unknown sender.  Viruses can be hidden in attachments and when you open them up the virus will infect your computer.  Even when opening attachments from people you do know it’s wise to run it through anti-virus software before opening it up.
2. Protect your passwords.  It’s important that you vary your passwords for you various online accounts.  Unsavory characters prey on people that use standard passwords.  It’s imperative that you keep these passwords secret and it’s also a good idea to change them to something new periodically.
3. Install anti-virus software on your computer.  Viruses pop up everyday and can basically ruin your computer.  It’s vital that you stay on top of your anti-virus software.  Make sure you run all the updates that are offered at least once a week to protect your system.
4. Set up a firewall on your computer.  Firewall restricts access to your system and is important if you have a cable modem or use DSL to get online.  Installing firewall onto your computer will disallow anyone unauthorized to gain access to your computer.
5. Log off when you’re not going to be using the computer.  Your system is most vulnerable when you’re connected to the internet so make sure you log off when you’re not going to be using your system.
6. Make sure you have plenty of back ups.  Make copies of your work so if your system fails you can have the back ups.  This is something you should do at least once a week.  Do this at work and at home to make sure you are covered in the event that your computer is stolen or corrupted.

This article is contributed by Heather Johnson, who regularly writes on Comcast deals. She invites your questions and writing job opportunities at her personal email address: heatherjohnson2323 at gmail dot com.

Share This

If you enjoyed this post, make sure you subscribe to my RSS feed!

They say the success rate of the Network Operations or Security Engineers is measured by how much they are invisible to the rest of the organization.

Business processes rely on the services provided by the network infrastructure and these services rely on network traffic. Since the network traffic is the informational blood stream of an organization, monitoring this traffic plays a crucial role in sustaining the business processes and operations.

Maintaining the availability and security of today’s enterprise networks is a process which never ends and in order to manage this process effectively, one needs the right set of tools. The biggest challenge in real-time traffic monitoring is the volatility of traffic. Many times following a security incident I wished I had a network traffic capture to answer a very simple problem: What happened in my network?

Real-time sniffers offer comprehensive traffic analysis and one can deploy complex architectures of sniffers because they are so effective. Provided one crucial condition: that somebody actually is watching the sniffer logs and takes appropriate actions.

This is where the sponsors of this post, Solera Networks brilliantly fill the gap. The Solera Networks DS series Packet Capture Appliance is a high performance system designed to provide deep-packet capture and stream-to-storage for 100 percent of network traffic.

My main criteria in evaluating a deep-packet capture system are (in no particular order):

•  Scalability
•  Impact on existing infrastructure
•  Easy to use management interface
•  Rapid access to data
•  Business benefits

Scalability
In order to cope with different volumes of traffic, Solera Networks provides many appliance models which suit most of the topologies and deployment scenarios of today’s networks.

The range of appliances varies from CALEA Appliance: 1U / 1Gbps Capture rate / 1TB storage up to 3U / 10Gbps capture rate / 16 TB storage capacity which is the DS 5100 high-end deep-packet capture appliance.

Impact on existing infrastructure
The impact of deploying Solera Networks appliances is minimal because one can deploy the product in many non-intrusive ways:

• Attached to a SPAN (or mirrored) port off of a router.
• "in-line" IP-less deployment, even via an optical splitter for splicing into a fiber network.
• "hub mode" if you don’t have a switched network so that all traffic is visible for capturing.

Besides the appliance presentation, you can use Solera Networks Virtual Appliance which can be deployed on any server platform supported by VMware.

Management Interface
To ensure maximum portability, the Solera Networks solutions are managed using a Web-based Control Center which allows the administrator to fully manage all components:

• Start / Stop, virtual replay of captured data
• Applying powerful filters to incoming traffic before capture or to outgoing traffic when replaying traffic.
• System monitoring trough graphical and numerical status of key system metrics
• Complete user management

Rapid access to data
Ok, so you’ve got tons of captured network traffic but what is the value delivered to the organization? Solera Networks offers DeepSee , a revolutionary traffic analysis tool which enables the users to rapidly locates network "flows" that are meaningful for IT and business users. A flow is a set of data packets that were sent during a TCP session such as web browsing, SMTP, POP3, etc. DeepSee enables the users to extract and index "artifacts" such as files, IM dialogue, VoIP call, and VPN sessions. These features are extremely valuable when doing any forensic investigations.

Business benefits
There are many business drivers to deploy deep-packet capture technology depending on the organization’s business area. If your business must adhere to strict regulations on lawful data intercept, then Solera Networks offers the special CALEA (Communications Assistance for Law Enforcement Act) appliance. This appliance delivers a powerful, yet simple CALEA compliance solution with full communications monitoring and detail logging.

One of the first Network Security benefits of deploying Solera Networks devices has to do with internal threat and data leakage. Sometimes the impact of an insider attack is so devastating that it can’t even be accurately measured and it’s always easier to prevent than to cure. Having access to all the volatile network traffic allows the HR and Security investigators to identify suspicious activity and take appropriate actions before a malicious user impacts the organization.

The Network Management benefits of using a deep-packet capture device such as Solera Networks reside in the diagnosis value of these tools. Detecting traffic anomalies and under-performance network services enables the system engineers to align the IT objectives to the overall business objectives.

Conclusion
Solera Networks DS series Packet Capture Appliances fill the gap between the value of instant traffic analysis (high-performance sniffers) and the reliability of long term traffic storage enabling you to replicate the instantaneous traffic analysis at any given moment in past or present.

Share This

If you enjoyed this post, make sure you subscribe to my RSS feed!

If you run your blog on  WordPress 2.5.1 or higher , you might be interested in a new security plugin called WordPress Exploit Scanner . I find it very easy to use an also very useful because it has already detected a malicious comment on my blog which was already tagged as spam by Akismet ;  - lucky for me I guess .

From it’s creators:

This WordPress plugin searches the files on your site for a few known strings sometimes used by hackers, and lists them with code fragments taken from the files. It also makes a few checks of the database, looking at the active_plugins blog option, the comments table, and the posts table.

So go and get your WordPress Exploit Scanner plugin for free !

Share This

If you enjoyed this post, make sure you subscribe to my RSS feed!

It’s been a while since I posted on the blog and even though I want to think the opposite, there is no acceptable explanation for it .

But I’m coming back by showing the most recent "work" I’ve done in the security arena. A few days ago I gave a presentation about the latest addition to my employer’s portfolio of professional services : Anti-phishing and brand identity.

Apparently Pareto principle applies to anti-phishing and brand identity protection as well: 80% of the tasks take 20% of the time and the rest of 20% of the tasks are done in the remaining 80% long hours.

I’m proud to say we tackle the 20% of the tasks fast. Very fast.

So here is my presentation on "Phishing Exposed, Brands Secured". I made it the same image intensive way like my previous "E-Banking Web Application Security" presentation and I hope you like it

| View | Upload your own

Share This

If you enjoyed this post, make sure you subscribe to my RSS feed!

This must be the new scanners post. Tenable released version 3.2.0 of their popular Nessus vulnerability scanner and eEye enters the arena of web application scanners by releasing Retina Web App Scanner.

Tenable Network Security announced the availability of the new Nessus 3.2.0. This release sure looks promising because it brings quite a few new or improved features. It’s refreshing to see a software release which is not "security-bugs-fixing" driven:

This new major release contains several improvements, including:

• IPv6 support
• Improved control of network bandwidth usage during scanning
• Granular access to control rules to limit users to specific ports and audits
• Improved WMI support
• Full support for the new .nessus file format

The new Retina Web Security Scanner is not exactly a new security tool since it’s a custom version of NT Objectives NTOSpider Web app vulnerability scanner, and is integrated with eEye’s management console, REM.

This release is just a phase of eEye’s plans concerning the Web Scanner. Web security spells big business for eEye which intends to release an appliance-based version of this new scanner, says Morey Haber, vice president of product management at eEye.

Share This

If you enjoyed this post, make sure you subscribe to my RSS feed!

Today ArcSight announced that T-Mobile has chosen ArcSight ESM  for Security Information and Event Management (SIEM) and Imperva SecureSphere Web Application Firewall won Information Security Magazine  "strongest overall offering for application and database security" . Sweet !

1st sweet news :  I’m very happy to hear that ArcSight closed T-Mobile deal because I hope that more and more industry big players will adopt and support ArcSight’s technical innovations. I’m particularly keen to see widespread adoption of Common Event Format (CEF) promoted by Arcsight :

The Common Event Format (CEF) is an open log management standard that improves the interoperability of security-related information from different security and network devices and applications.

When CEF will become de-facto log management standard I’m sure that we will be able to aggregate and correlate events generate by any CEF compliant source.

 2nd sweet news :  I love Imperva’s SecureSphere Web Application and Database Firewall and it’s great to know that Information Security Magazine named it “the strongest overall offering for application and database security”. I still think Imperva is one of the most accurate web security controls and it’s good to see some public recognition for all the hard work!

Share This

If you enjoyed this post, make sure you subscribe to my RSS feed!

When I started this blog, I wanted to offer free insights and reviews of various security tools which could help in mitigating various security risks. I still do, but I realized that technology is not enough. People are still the weakest link in the chain of security custody of information assets.

A few weeks ago I’ve met a UK security consultant who told me the latest cover-your-ass employee excuse for having too many beers at the local pub and losing a PDA or laptop stuffed with valuable information: My laptop was stolen from my desk!

It’s a nice story and it holds most of the time. But there is a very simple way to prevent such incidents and I’m not talking about a beer ban in pubs

I’m talking about CCTV Security Camera and Surveillance Equipment which can be easily deployed as computer hardware DVR Camera Systems or standalone DVR appliances.

Either presented as an exterior wireless camera or hidden wireless camera, a modern CCTV Security System must include highly efficient H.264 video encoding, motion detection, email notification, digital watermark and remote management.

One example of such system is the sponsor of this post, the  DiGiCam DVR 120 FPS system by 123 CCTV Security Camera Surveillance Equipment.

I have not used the system yet but if I would go for building a CCTV Security System I would definitely get in contact with 123 CCTV Security Camera Surveillance Equipment.

Share This

If you enjoyed this post, make sure you subscribe to my RSS feed!

On May 5 2007 I wrote about OpenDNS’ initiative to offer web content filtering for the masses. At that time I thought the service will be offered for a fee, but to my complete surprise, David Uletvitch has decided to turn this project into a community effort.

Hundreds of thousands of websites have been manually tagged by volunteers and the result is given back to the public domain in the form of free web content filtering.

Deploying the system is straight forward:

1.  Use OpenDNS’ servers for DNS resolution
2.  Create a free account
3.  Add a network to the account (Yes, dynamically assigned IP addressed are supported too! )
4.  Pick the web categories you want to filter out - there are more than 30 categories!
5.  Turn on content filtering
6.  All done. Wait 3 minutes and test .

I would definitely recommend this project to anybody looking for a way to control the web access. First thing that comes into mind is keeping kids safe online. However, I’m sure that it’s hard to practice what you preach so if you use this system to protect your child, remember to "turn off" the OpenDNS resolver whenever you want to browse the web .

Nevertheless, a great tool indeed!

Share This

If you enjoyed this post, make sure you subscribe to my RSS feed!

ScanSafe just launched Anywhere+, a very cool web security service which is intended to provide web content security for roaming users.

Well, securing the laptops used by sales or marketing staff  *outside of the company’s premises* has always been a pain in the behind and I’m afraid this will not change overnight.

However, I find ScanSafe’s approach interesting and it might just work this time… but how does it work? Is it a proxy setting? Is it a VPN connection? Is it a browser plugin? I don’t know so I had to find out. I applied for a trial account and I hope I will get to the bottom of this issue soon.

Sure, the marketing presentation looks nice:

And so does the explanatory text:

• Authenticates and directs your external client Web traffic to our scanning infrastructure. 
• Numerous datacenters are located all over the world from Sydney to San Francisco ensuring that your employees are never too far from our in-the-cloud scanning services.
• SSL-encryption of all Web traffic flowing to us improves security over public networks

So, I’m guessing that Anywhere+ alters the browser itself and no matter how you get on Internet, the web requests will be redirected to ScanSafe’s data centers where the response is checked for web malware.

This raises a few questions on the adoption of this technology:

• User’s online privacy could be questioned – Lots of authentication pages don’t use SSL
• If this technology is browser dependant (my money is on Internet Explorer), what would prevent a smart a$$ user to use a different browser such as portable apps…

I wish ScanSafe Anywhere+ best of luck because the service is much needed and it’s distributed architecture looks promising.  And guys, please don’t forget my application for a trial version

UPDATE:

I got an email from Spencer Parker, Director of Product Management at ScanSafe and here are some clarifications:

1. The software works at the protocol level, not application level. This means it works with any application that uses the HTTP or HTTPS protocols. This means if users go ahead and install another browser to bypass corporate proxy settings (which a lot do!) then the Anywhere+ driver still redirects the protocols correctly to the closest ScanSafe scanning tower.

2. We use an SSL tunnel to get all HTTP and HTTPS traffic to the scanning tower. It does this to add an extra level of security to the application (stop people sniffing your traffic at wireless hotspots etc) and for other reasons as well.

I’m still waiting for my trial account

Share This

If you enjoyed this post, make sure you subscribe to my RSS feed!

I’ve found today 2 resources which are connected to good old Google Hacking Database :

1. Googlehacks which is  a dedicated application for Windows / Linux / Mac and allows you to easily run specialized Google queries (a.k.a googledorks). I would say that it’s a "must" inclusion in”Web Hacking for Dummies".
2. Google Hack Honeypot which is a set of PHP scripts used to detect any Google hacking attempts targeting your site. Well, it might me one of your friends using the tool described at #1 above

I find the Google Hacking Honeypot specifically interesting because I think it might be used as an IDS-like PHP class / module to identify who’s pulling some intelligence reports on your website.

Share This

If you enjoyed this post, make sure you subscribe to my RSS feed!