Webremix Articles

IGI airport yet to get perimeter intrusion detection system

Sun, 29 Aug 2010 06:57:38 GMT

The Indira Gandhi International Airport here may boast of a new world-class terminal, but it is yet to get an electronic surveillance mechanism to make it more secure.

FAA Computers Are Vulnerable to Cyberattack

Thu, 19 Aug 2010 14:36:04 GMT

Federal Aviation Administration computer systems remain vulnerable to cyber attacks despite improvements at a number of key radar facilities in the past year, according to a new U.S. government review.

The Department of Transportation's inspector general said while the FAA has taken steps to install more sophisticated systems to detect cyber intrusions in some air traffic control facilities, most sites have not been upgraded. And there is no timetable yet to complete the project, the IG said.

FAA spokeswoman Laura Brown said the agency is working on a timetable and will notify the IG with that information soon. The FAA also said that upgrades to critical air traffic control systems have taken precedence over the intrusion detection improvements at a number of facilities.

Without the detection abilities, the FAA cannot effectively monitor air traffic control for possible cyber attacks or take action to stop them, the inspector general said in a letter obtained by The Associated Press.

The findings echo broad U.S. government worries about gaps in critical U.S. computer systems and networks that leave them vulnerable to cyber attacks by criminals, terrorists or nation states.

U.S. networks are persistently probed and attacked by hackers and criminals looking to steal money or information, get access to classified documents or military technologies, or disrupt networks that control vital utilities and services.

Last year, a government audit found that air traffic control systems were vulnerable to cyber attacks, and that some support systems had been breached, allowing hackers access to personnel records and network servers.

The computer systems used to control air traffic are often in the same building as ones used for administrative functions, but they are not connected.

Cyber experts repeatedly warn, however, that in some cases software glitches and other gaps can be exploited by hackers to move between computer systems at critical infrastructure facilities.

In the report...

Juniper Networks Protects Customers From New Microsoft Vulnerabilities Disclosed Today

Tue, 10 Aug 2010 20:00:50 GMT

JNPR ) today confirmed its Intrusion Detection and Prevention (IDP) security systems and Integrated Security Gateway (ISG) firewall/virtual private network (VPN) systems with IDP offer protection for ...

Who will trust open source security from the government

Wed, 21 Jul 2010 12:47:54 GMT

The Open Information Security Foundation, headed by Mark Jonkman of Emerging Threats and Victor Julien of the Vuurmuur firewall project, are offering an intrusion detection and prevention engine with multi-threading automatic protocol detection for a wide variety of protocols.

Juniper Networks Protects Customers From New Microsoft Vulnerabilities Disclosed Today

Tue, 13 Jul 2010 20:40:01 GMT

RandomStorm Adds Log Management to Integrated Network Security Management and Compliance Platform

Tue, 29 Jun 2010 10:31:29 GMT

StormAgent is based on industry standard, open source intrusion detection technology and has been designed to monitor access and changes to system and application log files across the entire corporate infrastructure, alerting network managers whenever unauthorised activity is detected.

Marketwatch: Threats Create Opportunities

Tue, 22 Jun 2010 04:00:00 GMT

A decade ago, a company looking to secure its computer systems would have purchased antivirus software, a firewall, and perhaps an intrusion detection system. Today, the growing variety of attacks has given rise to nearly 70 different security niches, including markets for firewalls that specifically protect Web-based applications and for systems that prevent data loss across an enterprise. Meanwhile, each submarket is getting increasingly complex. In 2009 one of the biggest security companies, Symantec, generated 2.9 million separate signatures, or digital patterns associated with malicious software--an increase of 71 percent over the previous year.

Altor Testing Cloud Security

Sat, 12 Jun 2010 16:15:00 GMT

Altor Networks, the three-year-old start-up with the patent-pending hypervisor-based security for virtual data centers and clouds, is beta testing the next iteration of its purpose-built virtual server security product. It expects to release Altor 4.0, code named Duvel, in early Q3. Altor started out with a stateful high-performance firewall and on-board intrusion detection and has added complete 360 degree virtual network visibility and monitoring, automated security and compliance assessment and reporting. It argues that security and compliance concerns are holding back virtualization and has moved to address the safety of the traffic between VMs.

Intrusion detection system at Delhi airport stuck

Tue, 01 Jun 2010 19:06:02 GMT

The installation of the perimeter intrusion detection system (PIDS), which is armed with thermal-imaging cameras, video-recorders and radars to detect movement of individuals and vehicles at the airport, has been delayed because of last-minute chan-ges in the original project.

Juniper Networks Protects Customers From New Microsoft Vulnerabilities Disclosed Today

Tue, 11 May 2010 18:49:33 GMT

Thirty-Five Antivirus Programs Share Common Hole (PC Magazine)

Mon, 10 May 2010 10:06:40 GMT

PC Magazine - A security firm has discovered a new attack technique that could allow a program to bypass the host intrusion detection and certain other protections provided by common Windows security software. The report lists 35 security products on which they tested it; it worked on all of them.

Amazon Opens Virtual Private Cloud in Europe

Wed, 05 May 2010 12:30:00 GMT

Amazon has taken its Virtual Private Cloud (VPC) to Europe. Customers can now seamlessly connect their IT infrastructure via an encrypted IPsec Virtual Private Network (VPN) connection to Amazon resources in the European Union, keeping their data in the EU and lowering latency. Until Tuesday VPC, a bridge between a company’s existing IT infrastructure and a set of isolated Amazon compute resources in the Amazon cloud, was only available in the US. With VPC customers can use their existing management capabilities such as security services, firewalls and intrusion detection systems on their Amazon resources.

Securing the Public Cloud

Tue, 27 Apr 2010 17:41:32 GMT

Security is paramount when it comes to enterprise data in public clouds. Encryption, intrusion detection and ID management all need to be part of the evaluation and deployment processes.

HP Declares War on Cisco with a Faster Data Center

Mon, 19 Apr 2010 18:50:05 GMT

Just months after its 3Com acquisition, Hewlett-Packard made an announcement Monday aimed at Cisco Systems. HP said its new Cisco-free internal data center is seeing faster information throughput and lower energy consumption running entirely on HP networking equipment.

Located in Houston, the new data center is one of six internal facilities running HP's worldwide business operations. The new center includes 34 3Com core routing devices, more than 300 HP ProCurve switches, and four TippingPoint intrusion-detection and protection devices.

"This networking technology provides a true competitive choice in a space that has needed more choices for almost two decades," said Randy Mott, executive vice president and chief information officer at HP. "These new products, along with HP's Converged Infrastructure portfolio, are something every CIO should be taking advantage of."

Assaulting Cisco

Mott's comments are a direct assault on Cisco. The new HP Networking portfolio, which integrates 3Com's portfolio, paves the way for twice the port and capacity density and a 50 percent reduction in power consumption from previous solutions. Using an architecture built on open standards, HP said its global IT organization worked with HP Networking teams to redesign the architecture with new products.

"We're not locked into proprietary protocols that many in the IT industry are familiar with, and this gives us more flexibility to change as our business grows," said Ken Gray, vice president of infrastructure at HP. "We're Cisco-free in this data center and have a plan to extend this freedom across all of our internal IT data centers next year."

Gray's war-like comment -- and its validity -- may concern Cisco. Zeus Kerravala, a vice president at the Yankee Group, said 3Com's data portfolio is strong and the majority of the lineup has been built out over the past couple of years with a differentiating philosophy of openness.

"While a lot of the...

Product How-to: Use multicore flow processing to boost network router/security appliance throughput

Fri, 02 Apr 2010 10:22:16 GMT

In many network and security appliances, the need for regular expression matching is an essential requirement, specifically for deep packet inspection applications such as intrusion detection and prevention systems , content firewalls, virus scanning, data loss prevention , and lawful intercept applications.

Anti-intrusion system for Delhi international airport next month

Mon, 08 Mar 2010 13:01:31 GMT

The mechanism known as the Perimeter Intrusion Detection System (PIDS) will be deployed by mid-April this year along the 37 km of the airport periphery.

Homeland Chief Outlines U.S. Cybersecurity Strategy

Thu, 04 Mar 2010 19:15:31 GMT

U.S. Department of Homeland Security Secretary Janet Napolitano outlined the steps DHS is taking to secure cyberspace at the RSA Conference 2010 in San Francisco on Wednesday. The former governor of Arizona also called upon experts and the public to contribute ideas to improve the nation's cybersecurity.

"All Americans have an important role to play in securing our computer systems and cyber networks," Napolitano said. "We are challenging our nation's best and brightest to utilize their expertise and creativity to devise new ways to engage the public in the shared responsibility of safeguarding our cyber resources and information."

Boosting Infrastructure Security

In her keynote address, Napolitano stressed DHS's dedication to recruiting and retaining the cybersecurity employees needed to confront terrorist and criminal threats. Moreover, she emphasized the department's commitment to supporting innovations such as EINSTEIN -- an intrusion detection program originally developed by US-CERT, the department's computer emergency readiness team.

"In the past year we've deployed the second phase of EINSTEIN to 11 federal agencies, and we will be growing to 21 this year," Napolitano noted. "And now we are testing the technology for the third phase of EINSTEIN," which will give DHS "the ability to detect malicious activity and disable attempted intrusions before harm is done to our critical systems."

Ensuring U.S. government continuity as well as private-sector services and information -- even as it protects privacy -- are among the important tasks DHS now faces, Napolitano said. To meet these challenges, DHS has developed "a national cybersecurity incident response plan in full collaboration with the private sector" that will be tested during an exercise in September.

What's more, DHS efforts continue to focus on "providing the ability to bounce back even more quickly should a large-scale attack -- or really an attack of any size -- occur," Napolitano said. To this end,...

Comprehensive National Cybersecurity Initiative

Thu, 04 Mar 2010 18:55:46 GMT

On Tuesday, the White House published an unclassified summary of its Comprehensive National Cybersecurity Initiative (CNCI). Howard Schmidt made the announcement at the RSA Conference. These are the 12 initiatives in the plan: Initiative #1. Manage the Federal Enterprise Network as a single network enterprise with Trusted Internet. Initiative #2. Deploy an intrusion detection system of sensors across the Federal...

U.S. Declassifies Part of Secret Cybersecurity Plan

Wed, 03 Mar 2010 06:28:47 GMT

The Obama administration declassified part of the government’s cybersecurity plan Tuesday, publishing parts of it that discuss intrusion detection systems for federal computer networks and the g...

Alert Logic to Present at Cloud Expo April 19-21 in New York City

Fri, 19 Feb 2010 00:45:00 GMT

The emergence of the Infrastructure-as-a-Service (IaaS) and Platform-as-a-Service (PaaS) models are just two of the many inflection points as IT migrates away from the traditional data centers and into the cloud, shifting more control over security from the enterprise to the service provider. How will your security and compliance strategy change when this transformation is complete? Misha Govshteyn is co-founder and responsible for product development and strategy at Alert Logic, a Software-as-a-Service based security solutions provider. In this capacity, Govshteyn regularly consults with service providers and enterprises on securing cloud-based applications. Prior to co-founding Alert Logic, Govshteyn served as a Director of Managed Services for Reliant Energy Communications. In this role, he developed and successfully launched five major product lines including Managed Intrusion Detection services and managed enterprise firewall/VPN products.

Alert Logic to Present at Cloud Expo April 19-21 in New York City

Fri, 19 Feb 2010 00:45:00 GMT

Botnets Found in Government and Business Systems

Thu, 18 Feb 2010 18:51:17 GMT

A new Zeus botnet has been discovered affecting 75,000 systems in 2,500 organizations around the world. Both corporate and government networks have become victims of the severe cyberattack dubbed the Kneber attack, named after the username linked with the attack.

The attack was first discovered in January while a security analyst at Hernon, Va.-based NetWitness was installing a monitoring system for a client. In investigating the discovery, the company found Kneber had compromised 68,000 corporate log-ins; access to various e-mail systems, including Yahoo and Hotmail; access to online banking sites; and access to social-networking sites, including Facebook. All of this was done in a four-week period.

Kneber has been identified as a botnet, where compromised computers run software remotely.

"Systems compromised by this botnet provide the attackers not only user credentials and confidential information, but remote access inside the compromised networks," said Amit Yoran, CEO of NetWitness and former director of the National Cyber Security Division.

Damage Done

The Kneber botnet is not stopped by traditional malware protection or other intrusion-detection systems, and NetWitness analysts fear organizations will not see the damage from this attack until it has already occurred.

More than half the infected machines were also infected with a peer-to-peer botnet dubbed Waledac, a worm that is capable of collecting and forwarding password information. It's also capable of receiving commands from a remote server, including to upgrade malware components or send information from the infected computer.

Used together, the botnets have the potential to enable hackers to collaborate in what NetWitness said may be a "criminal underground."

"On a microlevel, there are new versions of Trojans and viruses that come out all the time and some gain traction while others do not," said Matthew Prince, cocreator of Project Honey Pot, a spam tracking network. "On the macrolevel it is really scary."

Cybercriminal Revolution

The...

Einstein 2: U.S. government's 'enlightening' new cybersecurity weapon

Thu, 11 Feb 2010 12:00:00 GMT

The Department of Homeland Security is detecting new patterns of cyberattacks from foreign adversaries -- some targeted at particular agencies and others aimed at the entire U.S. government -- due to to special-purpose intrusion-detection systems that will be widely deployed in federal networks during 2010.

Juniper Networks Protects Customers From New Microsoft Vulnerabilities Disclosed Today

Tue, 09 Feb 2010 20:06:18 GMT

Amazon’s Virtual Private Cloud Computing Floats into Beta

Wed, 16 Dec 2009 23:45:00 GMT

Amazon Web Services (AWS) sent its enterprise-directed Virtual Private Cloud (VPC) widgetry into full public beta Monday. The thing’s been in limited public beta since the summer and before that it was in private beta. VPC is Amazon’s way of creating hybrid clouds by letting an enterprise connect its existing infrastructure to a set of isolated AWS compute resources via a virtual private network (VPN) – a bog standard encrypted IPsec tunnel – and use its own existing security services, firewalls and intrusion detection systems for the EC2 instances and traffic. Ditto whatever third-party management software it’s using.

Amazon’s Virtual Private Cloud Computing Floats into Beta

Wed, 16 Dec 2009 06:00:00 GMT

The Application Delivery Spell Book

Tue, 24 Nov 2009 17:30:00 GMT

The long, lost application delivery spell compendium has been found! Its once hidden, arcane knowledge is slowly being translated for the good of all web applications. Luckily, you don’t have to be Elminster or Gandalf or to cast this spell over your infrastructure

Detect Invisible (Application) Stalkers

   School of Magic: Abjuration (Protective Spells)

   Components: Somatic (requires gestures), Material (requires physical component)

   Casting Time: special

   Range: Layers 3-7

   Area: global

   Duration: Until discharged

   Saving Throw: Special

   Spell Resistance: No

Invisible (application) stalkers are creatures native to the Internet. They sometimes serve miscreants, corporate spies, and script kiddies, who summon them to perform attacks against specific targets. A summoned invisible stalker undertakes the form of a legitimate application request, pretending to be a real user, and will tirelessly undertake whatever task the caster commands, even if the task sends packets hundreds or thousands of miles away. The creature follows a command until the task is completed and obeys only the caster.

Invisible (application) stalkers operate only at layer 7 and eschew the use of forms commonly recognized as being of evil intent. Thus an invoke firewall log spell will show only multiple requests over time from similar agents, and intrusion detection spells have no effect on the creatures. Only a detect invisible (application) stalker spell can recognize and subsequently dismiss these agents of evil.

This spell inserts into the path of the invisible (application) stalker a wall which cannot be avoided, blocking them or reporting to the caster their proximity, as determined by the caster. The material component for this spell is a web application firewall, which must be placed between the invisible (application) stalker and its intended target. The somatic component requires the caster to complete a series of mouse clicks and keyboard strokes that deploy an application security policy including the ability to prevent web scraping. The casting time for this spell varies based on the complexity of the existing environment, and how many victims are being targeted by the invisible (application) stalkers.

Once completed, the spell will last until the caster discharges it by disabling the policy created by the somatic gestures.

The invisible (application) stalker may attempt a saving throw (Will) to realize it is being blocked. If it makes the save, it may attempt to figure out how the wall is blocking it. It must then make a second Will save or discorporate immediately. If the spell is cast as a reporting only mechanism, there is no saving throw allowed and the invisible (application) stalker will never be aware it has been detected.

THE FIRST STEP IN ANY SOLUTION IS ALWAYS RECOGNIZING THERE IS A PROBLEM
There are a few attacks today that just can’t be detected by applications. Layer 7 DoS can’t be detected from within an application because the code that executes does so in the context of a single request and a DoS implies many requests from many sources. The only way for a developer to detect this attack is to be able to view the single request that is typical of an application in the context of all requests across all instances of the application – even across machines – and that’s simply not possible from within the application.
Similarly, web scraping attacks are nearly impossible for a developer to detect because there is nothing in the request that would indicate anything is out of the ordinary. Nothing. No special code, no special characters, no odd manifestations within the headers or network data. In order for the developer to detect such an attack s/he would need to be able to determine whether the client is manned by a human being or is a script/bot. And no, using User-Agent headers isn’t going to work on this one because miscreants have figured out that too many security devices are able to block their attacks based on that value and thus have learned to circumvent it by scripting real browsers or manipulating the HTTP headers such that their bots/scripts appear to be valid user-driven browsers.

But that’s what a web application firewall (WAF) was designed to do: to watch, to evaluate requests in context, across all instances and all requests. It has the visibility, it has the capability, and it can detect attacks that are not easily if at all detected from within the application. Even if the WAF isn’t blocking the attacks, it can at least tell you they are happening, which is something the developers need to know if they’re going to put in place solutions to prevent them.

“Security manager, ‘J.F. Rice,’ whose name and employer have been disguised for obvious reasons” explains his need to “see” inside connections and understand what is happening in his environment.
We’ve been blind to attacks on our Web sites
I installed a Web application firewall in my company's DMZ to tell us about active attacks that may not be identified by our other devices. I set the device up in monitor mode, though it can be set up to block attacks, because my goal was just to see what was going on. I wanted to know more about what's inside the connections to those Web servers.

What I discovered is that our Web sites are being "scraped" by other companies -- our competitors! Some of the information on our sites is valuable intellectual property. It is provided online, in a restricted manner (passwords and such), to our customers. Such restrictions aren't very difficult to overcome for the Web crawlers that our competitors are using, because webmasters usually don't know much about security. They make a token attempt to put passwords and restrictions on sensitive files, but they often don't do a very good job.

Web application security requires visibility as well as the expected defensive capabilities. A web application firewall can provide both capabilities even though you may not leverage both at the same time or at all. Using a WAF as a mechanism to determine what kind of attacks are being directed at your web applications is just as valuable a proposition as enabling its preventative capabilities.

Either way, knowing is the first step to moving forward on a strategy to address it.



Related blogs & articles:

Innovative Web Protection and Compliance

BIG-IP v10.1 Security [Slideshare Presentation]

Excuse Me But Is That a Gazebo On Your Site?!

Web Application Security at the Edge is More Efficient Than In the Application

I Can Has UR .htaccess File

Automatically Removing Cookies

Clickjacking Protection Using X-FRAME-OPTIONS Available for Firefox

Stop brute force listing of HTTP OPTIONS with network-side scripting

Jedi Mind Tricks: HTTP Request Smuggling

I am in your HTTP headers, attacking your application

Technorati Tags: MacVittie,F5,web application security,security,web 2.0,web scraping,ASM,web application firewall,WAF,D&D,ADSB

read more

The Application Delivery Spell Book

Tue, 24 Nov 2009 17:30:00 GMT

The long, lost application delivery spell compendium has been found! Its once hidden, arcane knowledge is slowly being translated for the good of all web applications. Luckily, you don’t have to be Elminster or Gandalf or to cast this spell over your infrastructure

Detect Invisible (Application) Stalkers

   School of Magic: Abjuration (Protective Spells)

   Components: Somatic (requires gestures), Material (requires physical component)

   Casting Time: special

   Range: Layers 3-7

   Area: global

   Duration: Until discharged

   Saving Throw: Special

   Spell Resistance: No

Invisible (application) stalkers are creatures native to the Internet. They sometimes serve miscreants, corporate spies, and script kiddies, who summon them to perform attacks against specific targets. A summoned invisible stalker undertakes the form of a legitimate application request, pretending to be a real user, and will tirelessly undertake whatever task the caster commands, even if the task sends packets hundreds or thousands of miles away. The creature follows a command until the task is completed and obeys only the caster.

Invisible (application) stalkers operate only at layer 7 and eschew the use of forms commonly recognized as being of evil intent. Thus an invoke firewall log spell will show only multiple requests over time from similar agents, and intrusion detection spells have no effect on the creatures. Only a detect invisible (application) stalker spell can recognize and subsequently dismiss these agents of evil.

This spell inserts into the path of the invisible (application) stalker a wall which cannot be avoided, blocking them or reporting to the caster their proximity, as determined by the caster. The material component for this spell is a web application firewall, which must be placed between the invisible (application) stalker and its intended target. The somatic component requires the caster to complete a series of mouse clicks and keyboard strokes that deploy an application security policy including the ability to prevent web scraping. The casting time for this spell varies based on the complexity of the existing environment, and how many victims are being targeted by the invisible (application) stalkers.

Once completed, the spell will last until the caster discharges it by disabling the policy created by the somatic gestures.

The invisible (application) stalker may attempt a saving throw (Will) to realize it is being blocked. If it makes the save, it may attempt to figure out how the wall is blocking it. It must then make a second Will save or discorporate immediately. If the spell is cast as a reporting only mechanism, there is no saving throw allowed and the invisible (application) stalker will never be aware it has been detected.

THE FIRST STEP IN ANY SOLUTION IS ALWAYS RECOGNIZING THERE IS A PROBLEM
There are a few attacks today that just can’t be detected by applications. Layer 7 DoS can’t be detected from within an application because the code that executes does so in the context of a single request and a DoS implies many requests from many sources. The only way for a developer to detect this attack is to be able to view the single request that is typical of an application in the context of all requests across all instances of the application – even across machines – and that’s simply not possible from within the application.
Similarly, web scraping attacks are nearly impossible for a developer to detect because there is nothing in the request that would indicate anything is out of the ordinary. Nothing. No special code, no special characters, no odd manifestations within the headers or network data. In order for the developer to detect such an attack s/he would need to be able to determine whether the client is manned by a human being or is a script/bot. And no, using User-Agent headers isn’t going to work on this one because miscreants have figured out that too many security devices are able to block their attacks based on that value and thus have learned to circumvent it by scripting real browsers or manipulating the HTTP headers such that their bots/scripts appear to be valid user-driven browsers.

But that’s what a web application firewall (WAF) was designed to do: to watch, to evaluate requests in context, across all instances and all requests. It has the visibility, it has the capability, and it can detect attacks that are not easily if at all detected from within the application. Even if the WAF isn’t blocking the attacks, it can at least tell you they are happening, which is something the developers need to know if they’re going to put in place solutions to prevent them.

“Security manager, ‘J.F. Rice,’ whose name and employer have been disguised for obvious reasons” explains his need to “see” inside connections and understand what is happening in his environment.
We’ve been blind to attacks on our Web sites
I installed a Web application firewall in my company's DMZ to tell us about active attacks that may not be identified by our other devices. I set the device up in monitor mode, though it can be set up to block attacks, because my goal was just to see what was going on. I wanted to know more about what's inside the connections to those Web servers.

What I discovered is that our Web sites are being "scraped" by other companies -- our competitors! Some of the information on our sites is valuable intellectual property. It is provided online, in a restricted manner (passwords and such), to our customers. Such restrictions aren't very difficult to overcome for the Web crawlers that our competitors are using, because webmasters usually don't know much about security. They make a token attempt to put passwords and restrictions on sensitive files, but they often don't do a very good job.

Web application security requires visibility as well as the expected defensive capabilities. A web application firewall can provide both capabilities even though you may not leverage both at the same time or at all. Using a WAF as a mechanism to determine what kind of attacks are being directed at your web applications is just as valuable a proposition as enabling its preventative capabilities.

Either way, knowing is the first step to moving forward on a strategy to address it.



Related blogs & articles:

Innovative Web Protection and Compliance

BIG-IP v10.1 Security [Slideshare Presentation]

Excuse Me But Is That a Gazebo On Your Site?!

Web Application Security at the Edge is More Efficient Than In the Application

I Can Has UR .htaccess File

Automatically Removing Cookies

Clickjacking Protection Using X-FRAME-OPTIONS Available for Firefox

Stop brute force listing of HTTP OPTIONS with network-side scripting

Jedi Mind Tricks: HTTP Request Smuggling

I am in your HTTP headers, attacking your application

Technorati Tags: MacVittie,F5,web application security,security,web 2.0,web scraping,ASM,web application firewall,WAF,D&D,ADSB

read more

Review: HP blade takes a stab at Cisco

Mon, 05 Oct 2009 11:38:47 GMT
HP has an alternative to the many security appliances that combine firewall, intrusion detection and VPN functions: Just put a single blade in the vendor's ProCurve switch and be done with it.

Cloud Security on Ulitzer: Cloud Computing and Self-Service Security

Sat, 03 Oct 2009 18:30:00 GMT
So here’s the rub, if MSSP’s/ISP’s/ASP’s-cum-Cloud operators want to woo mature enterprise customers to use their services, they are leaving money on the table and not fulfilling customer needs by failing to roll out complimentary security capabilities which lessen the compliance and security burdens of their prospective customers. While many provide commoditized solutions such as anti-spam and anti-virus capabilities, more complex (but profoundly important) security services such as DLP (data loss/leakage prevention,) WAF, Intrusion Detection and Prevention (IDP,) XML Security, Application Delivery Controllers, VPN’s, etc. should also be considered for roadmaps by these suppliers.
read more

Cloud Security on Ulitzer: Cloud Computing and Self-Service Security

Sat, 03 Oct 2009 18:30:00 GMT
So here’s the rub, if MSSP’s/ISP’s/ASP’s-cum-Cloud operators want to woo mature enterprise customers to use their services, they are leaving money on the table and not fulfilling customer needs by failing to roll out complimentary security capabilities which lessen the compliance and security burdens of their prospective customers. While many provide commoditized solutions such as anti-spam and anti-virus capabilities, more complex (but profoundly important) security services such as DLP (data loss/leakage prevention,) WAF, Intrusion Detection and Prevention (IDP,) XML Security, Application Delivery Controllers, VPN’s, etc. should also be considered for roadmaps by these suppliers.
read more

Lifecycle of a network security vulnerability

Wed, 16 Sep 2009 04:47:23 GMT

Rating: --- The chapter below walks you through the process of providing network intrusion detection system coverage for a security vulnerability from start to finish, using practical examples and highlighting popular and useful open source tools.

Cloud Computing Best Practices

Sun, 13 Sep 2009 16:15:00 GMT

Some of the key things to think about when putting your application on the cloud are discussed below. Cloud computing is relatively new, and best practice is still being established. However we can learn from earlier technologies and concepts such as utility compute, SaaS, outsourcing and even internal enterprise centre management, as well as from experience with vendors such as Amazon and FlexiScale.

Licensing: If you are using the cloud for spikes or overspill make sure that the products you want to use in the cloud can be used in this way. Certain products restrict their licenses to be used from a cloud perspective. This is especially true of commercial Grid, HPC or DataGrid vendors.

Data transfer costs: When using a provider like Amazon with a detailed cost model, make sure that any data transfers are internal to the provider network rather than external. In the case of Amazon, internal traffic is free but you will be charged for any traffic over the external IP addresses.

Latency: If you have low latency requirements then the Cloud may not be the best environment to achieve this. If you are trying to run an ERP or some such system in the cloud then the latency may be good enough but if you are trying to run a binary or FX Exchange then of course the latency requirements are very different and more stringent. It is essential to make sure you understand the performance requirements of your application and have a clear understanding of what is deemed business critical.

One vendor who has focused on attacking low latency in the cloud is GigaSpaces and so if you require cloud low latency then these are one of the companies you should evaluate. Also for processing distributed data loads there is the map reduce pattern and Hadoop. These type of architectures eliminating the boundaries created by scale-out database based approaches.

State: Check whether your cloud infrastructure providers have persistence. When an application is brought down and then back up all local changes will be wiped and you start with a blank slate. This obviously has ramifications with instances that need to store user or application state. To combat this on their platform Amazon delivered EC2 persistent storage in which data can remain linked to a specific computing instance. You should ensure you understand the state limitations of any Cloud Computing platform that you work with.

Data Regulations: If you are storing data in the cloud you may be breaching data laws depending where your data is stored i.e. which country or continent. To combat this Amazon S3 now supports location constraints, which allow you to specify where in the world to store data for a bucket and provides a new API to retrieve the location constraint for an existing bucket. However if you are using another cloud provider you should check where your data is stored.

Dependencies: Be aware of dependencies of service providers. If service ‘y’ is dependant on ‘x’ then if you subscribe to service ‘y’ and service ‘x’ goes down you lose your service. Always check any dependencies when you are using a cloud service.

Standardisation: A major issue with current cloud computing platforms is that there is no standardisation of the APIs and platform technologies that underpin the services provided. Although this represents a lack of maturity you need to consider how locked in you are when considering a Cloud platform or migrating between cloud computing platforms will be very difficult if not impossible. This may not be an issue if your supplier is IBM and always likely to be IBM, but it will be an issue if you are just dipping your toe in the water and discover that other platforms are better suited to your needs.

Security: Lack of security or apparent lack of security is one of the perceived major drawbacks of working with Cloud platform and Cloud technology. When moving sensitive data about or storing it in public cloud it should be encrypted. And it is important to consider a secure ID mechanism for authentication and authorisation for services. As with normal enterprise infrastructures only open the ports needed and consider installing a host based intrusion detection systems such as OSSEC. The advantage of working with an enterprise Cloud provider, such as IBM or Sun is that many of these security optimisations are already taken care of. See our prior blog entry for securing n-tier and distributed applications on the cloud. Be sure to check out Amazon’s new VPC inititative as well as looking at VPN-Cubed by CohesiveFT if you have to tie together public Clouds with private applications, services or infrastructure. If you need to keep costs down and evaluate free then look at OpenVPN.

Compliance: Regulatory controls mean that certain applications may not be able to deployed in the Cloud. For example the US Patriot Act could have very serious consequences for non-US firms considering U.S. hosted cloud providers. Be aware that often cloud computing platforms are made up of components from a variety of vendors who may themselves provide computing in a variety of legal jurisdictions. Be very aware of the dependencies and ensure you factor this into any operational risk management assessment. See also my prior blog entry on this topic

Quality of service: You will need to ensure that the behaviour and effectiveness of the cloud application that you implement can be measured and tracked both to meet existing or new Service Level agreements. We have discussed previously some of the tools that come with this option built in (GigaSpaces) and other tools that provide functionality that enable you to use this with your Cloud Architecture (RightScale, Scalr etc). Achieving Quality of Service will encompass scaling, reliability, service fluidity, monitoring, management and system performance.

System hardening: Like all enterprise application infrastructures you need to harden the system so that it is secure, robust, and achieves the necessary functional requirements that you need. See my prior blog entry on system hardening for Amazon EC2.

Content adapted from my book “TheSavvyGuideTo HPC, Grid, DataGrid, Virtualisation and Cloud Computing” available on Amazon.

read more

Cloud Computing Best Practices

Sun, 13 Sep 2009 11:15:00 GMT

Some of the key things to think about when putting your application on the cloud are discussed below. Cloud computing is relatively new, and best practice is still being established. However we can learn from earlier technologies and concepts such as utility compute, SaaS, outsourcing and even internal enterprise centre management, as well as from experience with vendors such as Amazon and FlexiScale.

Licensing: If you are using the cloud for spikes or overspill make sure that the products you want to use in the cloud can be used in this way. Certain products restrict their licenses to be used from a cloud perspective. This is especially true of commercial Grid, HPC or DataGrid vendors.

Data transfer costs: When using a provider like Amazon with a detailed cost model, make sure that any data transfers are internal to the provider network rather than external. In the case of Amazon, internal traffic is free but you will be charged for any traffic over the external IP addresses.

Latency: If you have low latency requirements then the Cloud may not be the best environment to achieve this. If you are trying to run an ERP or some such system in the cloud then the latency may be good enough but if you are trying to run a binary or FX Exchange then of course the latency requirements are very different and more stringent. It is essential to make sure you understand the performance requirements of your application and have a clear understanding of what is deemed business critical.

One vendor who has focused on attacking low latency in the cloud is GigaSpaces and so if you require cloud low latency then these are one of the companies you should evaluate. Also for processing distributed data loads there is the map reduce pattern and Hadoop. These type of architectures eliminating the boundaries created by scale-out database based approaches.

State: Check whether your cloud infrastructure providers have persistence. When an application is brought down and then back up all local changes will be wiped and you start with a blank slate. This obviously has ramifications with instances that need to store user or application state. To combat this on their platform Amazon delivered EC2 persistent storage in which data can remain linked to a specific computing instance. You should ensure you understand the state limitations of any Cloud Computing platform that you work with.

Data Regulations: If you are storing data in the cloud you may be breaching data laws depending where your data is stored i.e. which country or continent. To combat this Amazon S3 now supports location constraints, which allow you to specify where in the world to store data for a bucket and provides a new API to retrieve the location constraint for an existing bucket. However if you are using another cloud provider you should check where your data is stored.

Dependencies: Be aware of dependencies of service providers. If service ‘y’ is dependant on ‘x’ then if you subscribe to service ‘y’ and service ‘x’ goes down you lose your service. Always check any dependencies when you are using a cloud service.

Standardisation: A major issue with current cloud computing platforms is that there is no standardisation of the APIs and platform technologies that underpin the services provided. Although this represents a lack of maturity you need to consider how locked in you are when considering a Cloud platform or migrating between cloud computing platforms will be very difficult if not impossible. This may not be an issue if your supplier is IBM and always likely to be IBM, but it will be an issue if you are just dipping your toe in the water and discover that other platforms are better suited to your needs.

Security: Lack of security or apparent lack of security is one of the perceived major drawbacks of working with Cloud platform and Cloud technology. When moving sensitive data about or storing it in public cloud it should be encrypted. And it is important to consider a secure ID mechanism for authentication and authorisation for services. As with normal enterprise infrastructures only open the ports needed and consider installing a host based intrusion detection systems such as OSSEC. The advantage of working with an enterprise Cloud provider, such as IBM or Sun is that many of these security optimisations are already taken care of. See our prior blog entry for securing n-tier and distributed applications on the cloud. Be sure to check out Amazon’s new VPC inititative as well as looking at VPN-Cubed by CohesiveFT if you have to tie together public Clouds with private applications, services or infrastructure. If you need to keep costs down and evaluate free then look at OpenVPN.

Compliance: Regulatory controls mean that certain applications may not be able to deployed in the Cloud. For example the US Patriot Act could have very serious consequences for non-US firms considering U.S. hosted cloud providers. Be aware that often cloud computing platforms are made up of components from a variety of vendors who may themselves provide computing in a variety of legal jurisdictions. Be very aware of the dependencies and ensure you factor this into any operational risk management assessment. See also my prior blog entry on this topic

Quality of service: You will need to ensure that the behaviour and effectiveness of the cloud application that you implement can be measured and tracked both to meet existing or new Service Level agreements. We have discussed previously some of the tools that come with this option built in (GigaSpaces) and other tools that provide functionality that enable you to use this with your Cloud Architecture (RightScale, Scalr etc). Achieving Quality of Service will encompass scaling, reliability, service fluidity, monitoring, management and system performance.

System hardening: Like all enterprise application infrastructures you need to harden the system so that it is secure, robust, and achieves the necessary functional requirements that you need. See my prior blog entry on system hardening for Amazon EC2.

Content adapted from my book “TheSavvyGuideTo HPC, Grid, DataGrid, Virtualisation and Cloud Computing” available on Amazon.

read more

Cloud Computing Best Practices

Sat, 12 Sep 2009 19:00:00 GMT

Some of the key things to think about when putting your application on the cloud are discussed below. Cloud computing is relatively new, and best practice is still being established. However we can learn from earlier technologies and concepts such as utility compute, SaaS, outsourcing and even internal enterprise centre management, as well as from experience with vendors such as Amazon and FlexiScale.

Licensing: If you are using the cloud for spikes or overspill make sure that the products you want to use in the cloud can be used in this way. Certain products restrict their licenses to be used from a cloud perspective. This is especially true of commercial Grid, HPC or DataGrid vendors.

Data transfer costs: When using a provider like Amazon with a detailed cost model, make sure that any data transfers are internal to the provider network rather than external. In the case of Amazon, internal traffic is free but you will be charged for any traffic over the external IP addresses.

Latency: If you have low latency requirements then the Cloud may not be the best environment to achieve this. If you are trying to run an ERP or some such system in the cloud then the latency may be good enough but if you are trying to run a binary or FX Exchange then of course the latency requirements are very different and more stringent. It is essential to make sure you understand the performance requirements of your application and have a clear understanding of what is deemed business critical.

One vendor who has focused on attacking low latency in the cloud is GigaSpaces and so if you require cloud low latency then these are one of the companies you should evaluate. Also for processing distributed data loads there is the map reduce pattern and Hadoop. These type of architectures eliminating the boundaries created by scale-out database based approaches.

State: Check whether your cloud infrastructure providers have persistence. When an application is brought down and then back up all local changes will be wiped and you start with a blank slate. This obviously has ramifications with instances that need to store user or application state. To combat this on their platform Amazon delivered EC2 persistent storage in which data can remain linked to a specific computing instance. You should ensure you understand the state limitations of any Cloud Computing platform that you work with.

Data Regulations: If you are storing data in the cloud you may be breaching data laws depending where your data is stored i.e. which country or continent. To combat this Amazon S3 now supports location constraints, which allow you to specify where in the world to store data for a bucket and provides a new API to retrieve the location constraint for an existing bucket. However if you are using another cloud provider you should check where your data is stored.

Dependencies: Be aware of dependencies of service providers. If service ‘y’ is dependant on ‘x’ then if you subscribe to service ‘y’ and service ‘x’ goes down you lose your service. Always check any dependencies when you are using a cloud service.

Standardisation: A major issue with current cloud computing platforms is that there is no standardisation of the APIs and platform technologies that underpin the services provided. Although this represents a lack of maturity you need to consider how locked in you are when considering a Cloud platform or migrating between cloud computing platforms will be very difficult if not impossible. This may not be an issue if your supplier is IBM and always likely to be IBM, but it will be an issue if you are just dipping your toe in the water and discover that other platforms are better suited to your needs.

Security: Lack of security or apparent lack of security is one of the perceived major drawbacks of working with Cloud platform and Cloud technology. When moving sensitive data about or storing it in public cloud it should be encrypted. And it is important to consider a secure ID mechanism for authentication and authorisation for services. As with normal enterprise infrastructures only open the ports needed and consider installing a host based intrusion detection systems such as OSSEC. The advantage of working with an enterprise Cloud provider, such as IBM or Sun is that many of these security optimisations are already taken care of. See our prior blog entry for securing n-tier and distributed applications on the cloud. Be sure to check out Amazon’s new VPC inititative as well as looking at VPN-Cubed by CohesiveFT if you have to tie together public Clouds with private applications, services or infrastructure. If you need to keep costs down and evaluate free then look at OpenVPN.

Compliance: Regulatory controls mean that certain applications may not be able to deployed in the Cloud. For example the US Patriot Act could have very serious consequences for non-US firms considering U.S. hosted cloud providers. Be aware that often cloud computing platforms are made up of components from a variety of vendors who may themselves provide computing in a variety of legal jurisdictions. Be very aware of the dependencies and ensure you factor this into any operational risk management assessment. See also my prior blog entry on this topic

Quality of service: You will need to ensure that the behaviour and effectiveness of the cloud application that you implement can be measured and tracked both to meet existing or new Service Level agreements. We have discussed previously some of the tools that come with this option built in (GigaSpaces) and other tools that provide functionality that enable you to use this with your Cloud Architecture (RightScale, Scalr etc). Achieving Quality of Service will encompass scaling, reliability, service fluidity, monitoring, management and system performance.

System hardening: Like all enterprise application infrastructures you need to harden the system so that it is secure, robust, and achieves the necessary functional requirements that you need. See my prior blog entry on system hardening for Amazon EC2.

Content adapted from my book “TheSavvyGuideTo HPC, Grid, DataGrid, Virtualisation and Cloud Computing” available on Amazon.

read more