Wednesday, June 29, 2011

The Land of a Thousand Twist-Ties

imageHave you unpacked a children’s toy set, game, doll things or any kid’s play thing that has several pieces recently?  My 5 year old got a big box with a baby doll, her bassinette, bottle, baby food, rattles, and the other accessories any new born and mommy may need to care for the infant.  I’ve this noticed before but trying to take, rather unlatch all the stuff included is a major task.  Every little item was so secured to the inner packaging that it took me several minutes to untie, clip, cut and otherwise unshackle the items from the box.  Everything was locked down with either thick twist-ties or those plastic things with the ‘T’ on both ends – you know the ones where if it’s stuck to the item, you cut one end and shove the other end inside the item, never to seen again.  And just when you think you’ve got them all and ready to pull everything out, there’s always one more hidden one that snags the escape….and the adult’s patience.  This packaging, this method of securing toys sure makes getting to the toys a challenge.  There sometimes comes a point where you just want to rip it right out but you know it’ll damage the toy along with the kid’s excitement watching each accessory painstakingly extricated from the box.  And don’t get me started on those blister wrap packages – it’s like they soldered them closed and you need a chainsaw or a blowtorch just to open it.

Of course, this got me thinking.  These companies go to great lengths to secure the items within the packaging system.  Not only to keep them in place for a nice display but to also keep them from getting lifted in the store.  Each item is locked down from different angles at multiple points.  They are secured to the packaging and each other.  The twist-ties are wrapped in ways that I never thought they could.  The plastic ties are just strong enough to require a scissors or some hardened tool in some cases.  You can’t just snap it with your fingers and if you yank it, it might break, rip or otherwise damage the item it is holding.  It takes time to get to the good stuff.  It’s layered security.

Think about your own home.  People put locks, alarms and guard dogs to protect their house - they invest in layered security - and they feel safe, confident and don't worry about their valuable or sensitive possessions.  But when it comes to protecting data, systems and infrastructure, some might think that maybe one solution in one area will stop an intruder.   It is often difficult to quantify Information Security business value and ‘didn’t get attacked' doesn’t always equate to some monetary savings.  Often it is avoiding things like negative press, breaking customer loyalty/trust, damaging brand reputation, failing regulatory compliance, downtime and so forth.  Security is often thought of as insurance and the business value is not necessarily measured in dollars and cents....until you are exposed.  The real value is avoiding all of the above.  What would be the business value to any of the recent breached companies if they had not been hacked?  The value is keeping the people (users and employees) and business safe.  The value is comfort, confidence and compliance. It’s not that you need multiple twist-ties at every segment of your infrastructure but dated, static devices cannot protect against evolving, dynamic threats.  Protect your systems and your business with solutions that are adaptable, intelligent and provide the secure, strategic point of control for your application delivery infrastructure. 

Security is not only about risk mitigation/management but security is also Peace of Mind.  Knowing that stuff is protected and secure; knowing that the infrastructure will be available and scale; knowing that if something bad does happen, that the proper mechanisms are in place to mitigate the damage.  Plus, intruders will need more than scissors to play with their toys.

ps

Resources:

Technorati Tags: F5, data breach report, threats, Pete Silva, security, malware, technology, layered security, cyber-threat, attacks, risk, web, internet, cybercrime, identity theft, scam, data breach, toys

photo courtesy: http://commentarista.com/

Connect with Peter: Connect with F5:
o_linkedin[1] o_rss[1] o_facebook[1] o_twitter[1]   o_facebook[1] o_twitter[1] o_slideshare[1] o_youtube[1]

Wednesday, June 22, 2011

Cure Your Big App Attack

Not that I really needed to point his out but, security attacks are moving ‘up the stack.’  90% of security investments are focused on network security, yet according to Gartner, 75% of the attacks are focused at the application layer and ‘over 90 percent of security vulnerabilities exist at the application layer, not the network layer.’  SQL Injection and XSS are #1 and #2 reported vulnerabilities and the top two from the OWASP Top 10.  Plus, from Forrester Consulting, the average loss of revenue per hour for a layer 7 DDoS attack is $220,000.  These vulnerabilities are some of the primary routes that are being exploited in many of the recent attacks.

Modern DoS attacks are distributed, diverse and cross the cavity that divides network components from application infrastructure yet many of these attacks are preventable. The problem is that organizations are using outdated network and/or desktop technology to try and protect against sophisticated application security attacks which traditional solutions like network firewalls, IPS or AV systems have little to no visibility or role. It’s like trying to protect a city against a coordinated air attack by digging trenches in the ground. Wrong band-aid for the attack vector. 

The solution is an integrated approach that covers network and application security along with access control. Another dilemma is that security has often been left up to the network gang who may or may not have expertise in and around the transport and application level exploits.  And deploying more network firewalls, AV, or IPS systems is not really the answer. You might just be digging more trenches.  F5 has technologies like BIG-IP ASM, APM, Edge Gateway and LTM that can help mitigate the recent attacks.  Many of our solutions (particularly ASM) have capabilities to prevent DoS, DDoS, Brute Force, Parameter Tampering (and dynamic parameters), Forceful Browsing, Web Scraping, SlowLoris, Access Control, XSS, SQL Injection and the entire OWASP Top 10.  ASM can also be configured to verify the value of web application set parameters isn’t changed during the user’s session along with ensuring a user has accessed the site via a login page.  With those recent attacks, ASM could have blocked or at least alerted site owners of the intrusion. Detecting and alerting on this when it started, even without mitigating would have considerably minimized the business risk.  BIG-IP LTM can protect you from a network perspective with BIG-IP ASM from an application angle. 

It is interesting that these attacks have been around for a while but also shows how hard it is to get protection right, especially when the attacks are blended.  Once a vector is found to deliver, a variety of exploits can be used in quick succession to find one that will work.  Most of these attacks would also have sailed invisibly through an IPS device – no offense to those solutions – they are just not designed to protect the application layer or didn’t have a signature that matched.  A unified application delivery platform with multi-layer visibility is the best way to detect and mitigate multi-layer attacks.

ps

Resources

Technorati Tags: F5, data breach report, threats, Pete Silva, security, malware, technology, phishing, cyber-threat, social engineering, attacks, virus, vulnerability, web, internet, cybercrime, identity theft, scam, data breach, ips

Connect with Peter: Connect with F5:
o_linkedin[1] o_rss[1] o_facebook[1] o_twitter[1]   o_facebook[1] o_twitter[1] o_slideshare[1] o_youtube[1]

Thursday, June 16, 2011

Drive Identity Into Your Network with F5 Access Solutions

This webinar focuses on F5 Access solutions that provide high availability, acceleration and security benefits critical to your organization.  Running time: 55:51

ps

Technorati Tags: F5, interop, Pete Silva, security, business, education, technology, internet, big-ip, VIPRION, vCMP, ixia, performance, ssl tps, testing

Connect with Peter: Connect with F5:
o_linkedin[1] o_rss[1] o_facebook[1] o_twitter[1]   o_facebook[1] o_twitter[1] o_slideshare[1] o_youtube[1]

Tuesday, June 14, 2011

Custom Code for Targeted Attacks

Botnets?  Old school.  Spam?  So yesterday.  Phishing?  Don’t even bother…well, on second thought.  Spaghetti hacking like spaghetti marketing, toss it and see what sticks, is giving way to specific development of code (or stealing other code) to breach a particular entity.  In the past few weeks, giants like Sony, Google, Citibank, Lockheed and others have fallen victim to serious intrusions.  The latest to be added to that list: The IMF – International Monetary Fund.  IMF is an international, intergovernmental organization which oversees the global financial system.  First created to help stabilize the global economic system, they oversee exchange rates and functions to improve the economies of the member countries, which are primarily the 187 members of the UN. 

In this latest intrusion, it has been reported that this might have been the result of ‘spear phishing,’ getting someone to click a malicious but valid looking link to install malware.  The malware however was apparently developed specifically for this attack.  There was also a good amount of exploration prior to the attempt – call it spying.  So once again, while similar to other breaches where unsuspecting human involvement helped trigger the break, this one seems to be using purpose built malware.   As with any of these high-profile attacks, the techniques used to gain unauthorized access are slow to be divulged but insiders have said it was a significant breach with emails and other documents taken in this heist.  While a good portion of the recent attacks are digging for personal information, this certainly looks more like government espionage looking for sensitive information pertaining to nations.  Without directly pointing, many are fingering groups backed by foreign governments in this latest encroachment.  

A year (and longer) ago, most of these types of breaches would be kept under wraps for a while until someone leaked it.  There was a hesitation to report it due to the media coverage and public scrutiny.  Now that many of these attacks are targeting large international organizations with very sophisticated methods there seems to be a little more openness in exposing the invasion.   Hopefully this can lead to more cooperation amongst many different groups/organizations/governments to help defend against these.  Exposing the exposure also informs the general public of the potential dangers even though it might not be happening to them directly.  If an article, blog or other story helps folks be a little more cautious with whatever they are doing online, even preventing someone from simply clicking an email/social media/IM/txt link, then hopefully less people will fall victim.  Since we have Web 2.0 and Infrastructure 2.0, it might be time to adopt Hacking 2.0, except for the fact that Noah Schiffman talks about misuse and all the two-dot-oh-ness, particularly Hacking 2.0 in an article 3 years ago.  He mentions, ‘Security is a process’ and I certainly agree.  Plus I love, ‘If the term Hacking 2.0 is adopted, or even suggested, by anyone, their rights to free speech should be revoked.’  So how about Intrusion 2.0?

ps

Resources:

Technorati Tags: F5, data breach report, threats, Pete Silva, security, malware, technology, phishing, cyber-threat, social engineering, attacks, virus, vulnerability, web, internet, cybercrime, identity theft, scam, data breach, rsa, lockheed, imf

Connect with Peter: Connect with F5:
o_linkedin[1] o_rss[1] o_facebook[1] o_twitter[1]   o_facebook[1] o_twitter[1] o_slideshare[1] o_youtube[1]

Wednesday, June 8, 2011

Audio White Paper - The F5 Dynamic Services Model

Today, agility in both business logic and an organization’s underlying IT infrastructure is imperative to success. Yet traditional IT infrastructures and processes simply are not agile. It is no surprise, then, that CIOs routinely express frustration with the time and effort required to align IT functions to changing business needs.

F5 believes a new approach to infrastructure design must emerge—one that enables enterprises to add, remove, grow, and shrink IT services on demand, regardless of location. This new infrastructure must dynamically optimize the interaction between users and resources in the face of rapidly changing conditions. It must allow the IT enterprise to adapt quickly to changing organizational demands for security, data protection, ease of access, market responsiveness, low cost, and high performance. This paper outlines F5’s vision for such an approach, explores its business benefits, defines F5’s architecture for delivery, and outlines a roadmap for implementation.  Running Time: 16:17  Read full white paper here.  And click here for more F5 Audio.


ps

Technorati Tags: F5, integration, data center, Pete Silva, security, business, education, technology, application delivery, data replication, cloud, optimize, dynamic, web, internet, security, hardware, audio, whitepaper, big-ip

Connect with Peter: Connect with F5:
o_linkedin[1] o_rss[1] o_facebook[1] o_twitter[1] o_facebook[1] o_twitter[1] o_slideshare[1] o_youtube[1]

Tuesday, June 7, 2011

Who In The World Are You?

Steven Wright has said, 'It's a small world, but I wouldn't want to paint it.' The world is getting smaller with today's 24/7 global marketplace. Businesses have offices and employees around the world to serve the needs of the organization's global customers. Those users, whether they are in a branch office, home office or mobile need access to critical information. Data like corporate information, customer information, sales information, financial information, product information and any other sources of business material is important to be able to make smart enterprise decisions. Without access to this data, poor decisions are made and the business can suffer.

The recent breaches, especially the intrusions tied to the RSA compromise, has put identity and access management in the spotlight.  Once upon a time, users had to be in the office connected to the network to access corporate applications. IT organizations probably knew the user was since they were sitting at a desk; organizations knew the type of device since it was issued by IT and the business applications were delivered quickly and securely since it was from an internal local area network. Then, users needed access to that same information while they were away from the office and solutions like VPNs and Remote Access quickly gained acceptance. As adoption grew, so did requests for access above and beyond the normal employee. Soon partners, contractors, vendors and other 3rd party ecosystems were given access to corporate resources. Employees and partners from around the globe were connecting from a barrage of networks, carriers and devices. This can be very risky since IT might not know the identity of those users.

imageAnonymous networks allow users to gain access to systems via a User ID and password but they cannot decipher exactly who the user actually is; an employee, guest, contractor, partner and the like. Anonymous networks do have visibility at the IP or MAC address level but that information does not equate to a user's identity. Since these networks are unable to attribute IP to identity, the risk is that information may be available to users who are not authorized to see it. There is also no reporting as to what was accessed or where a specific user has navigated within a system. Unauthorized access to systems is a huge concern for companies, not only pertaining to the disclosure and loss of confidential company data but the potential risks to regulatory compliance and public criticism. It is important that only authenticated users gain admission and that they only access the resources they are authorized to see.  Controlling and managing access to system resources must be based on identity. A user's identity, or their expressed or digitally represented identity can include identifiers like: what you say, what you know, where you are, what you share, who you know, your preferences, your choices, your reputation, your profession or any other combination that is unique to the user. 

Access can mean different things - access to an intranet web application to search for materials, access to MS Exchange for email, access to virtualized Citrix, VMware or Remote Desktop deployments, access to a particular network segment for files and full domain network access as if the user is sitting in the office. The resources themselves can be in multiple locations, corporate headquarters, the data center, at a branch office, in the cloud or a mix of them all.  When users are all over the world, globally distributed access across several data centers can help solve access and availability requirements. Organizations also need their application and access security solution in the strategic point of control, a centralized location at the intersection between the users and their resources to make those intelligent, contextual, identity based decisions on how to handle access requests.

Residing in this important strategic point of control within the network, the BIG-IP Access Policy Manager (APM) for BIG-IP Local Traffic Manager (LTM) along with BIG-IP Edge Gateway (EGW) provide the security, scalability and optimization that's required for unified global access to corporate resources for all types of deployment environments. The ability to converge and consolidate remote users, LAN access and wireless junctions on a single management interface and provide easy-to-manage access policies saves money and frees up valuable IT resources. F5's access solutions secures your infrastructure, creating a place within the network to provide security, scalability, optimization, flexibility, context, resource control, policy management, reporting and availability for all applications.

ps

Resources:

Technorati Tags: psilva, F5, context-aware, infrastructure, IP, security, application security, access control, virtualization, network, application delivery, unified application delivery and data services

Connect with Peter: Connect with F5:
o_linkedin[1] o_rss[1] o_facebook[1] o_twitter[1]   o_facebook[1] o_twitter[1] o_slideshare[1] o_youtube[1]