Security Monitoring

What risks do employees face in a sour global economy? What countries pose a growing threat of kidnapping for ransom? Is Columbia safer than Mexico? Insights from a former FBI hostage negotiator.

Internet security gurus and leading vendors are urging the US federal government to rapidly deploy security and authentication mechanisms at the top level of the DNS hierarchy, which is known as the root zone.

IBM, LexisNexis and the Secret Service are among a group of corporations, government agencies and academic institutions that has formed to study and help solve identity management challenges around cybercrime, terrorism and narcotics trafficking.

Hackers may have hit the Australian Telecommunications User Group (ATUG) Web site, according to Google which has placed security threat warnings across all pages displayed in searches.

Eleven people have been charged or indicted in a massive identity theft and computer fraud scheme involving some of the largest data breaches in recent U.S. history, the U.S. Department of Justice announced Tuesday.

Customers of small Internet Service Providers (ISPs) may be at risk of online fraud, following the industry's lax response to securing against the recently discovered Domain Name System (DNS) cache poisoning flaw.

Visitors to the Association of Tennis Professionals Web site have potentially been infected with spyware after apparent lax security allowed a malicious script to be injected across its pages.

Microsoft and Hewlett-Packard on Tuesday unveiled free tools to help Web developers and site administrators defend against the rapidly growing number of SQL injection attacks that aim to hijack legitimate sites.

Mozilla's big plan on Tuesday to set a world record for downloads with the Firefox 3 browser hit a snag when its Web site would not work properly.

Australia has the highest incidence of cyber crime in the world, according to a global survey of nine countries by software security vendor, AVG.

The Web sites of three of the security industry's best-known companies include security flaws that could be used to launch scams against customers, according to a new report.

The Web site for the Phoenix Mars Mission, NASA's most recent arrival on the Red Planet, was hacked over the weekend by a Turkish crew, according to a defacement database.

A security researcher has developed malicious rootkit software for Cisco Systems' routers, a development that has placed increasing scrutiny on the routers that carry the majority of the Internet's traffic.

A group of US Marines hunker down beside a building, enemy fire coming at them from somewhere up ahead. One soldier reaches into his pack and pulls out a few robots that look like large bugs. The bots fly down the street, sending back images that show where the enemy troops are hiding, how many there are and what weapons they're using.

The troubled radio network used by the Tasmanian Police will finally be upgraded, following a $13 million contract with former operator Ericsson.

As Cyber Monday approaches, research suggests a majority of workers will use their work computer to shop this holiday season. But despite the continued growth in online shopping, employees and business still don't understand the risk.

Despite reports all day long about an assortment of e-voting machine problems in several US states, no massive systemic meltdown occurred.

Tips to thwart DNS cache-poisoning attacks

If you want to know about the latest malicious rootkit, ask security researcher Dino Dai Zovi. He'll tell you all about his proof of concept rootkit called Vitriol that uses virtual machine instructions in Intel processors to hide a rootkit at the virtualization layer.

A recent survey released by security software firm Symantec found 66 per cent of Millennial employees, those born after 1980, admit to using Web 2.0 technologies, such as Facebook and YouTube, while at work. The same poll found younger workers also regularly store corporate data on personal devices, such as PCs and USB drives.

If there is a Holy Grail in the information security industry, it surely is the answer to the question, "How secure is secure enough?"

Remember the old M&M analogy - security is like an M&M candy, hard shell on the outside, soft on the inside. In other words, put up firewalls, built a strong perimeter and you're good to go. Of course, nobody believes that M&M-type security is sufficient in today's world of insider threats, data leakage, mobile workers, thumb drives and sophisticated malware. So, what's the new metaphor? We asked around and came up with a number of interesting and useful ways to think about enterprise security.

To use an Internet-connected computer is to be insecure and place your privacy in danger. Spyware, viruses, Trojans and assorted malware are everywhere on the Net, trying to hop onto your PC and cause damage. Snoopers want to get at your personal information for nefarious purposes, such as identity theft.

Today's CISO plays a pivotal role not only in defining technical standards and security policies, but also in assuring customers of the security of their data and validating security controls to regulators. Many are struggling with this transition because they have been given these responsibilities without any real authority or visibility within their organizations. They also need a new set of skills to successfully fulfill their responsibilities.

Vendors of data leakage prevention (DLP) systems claim that customers will avoid integration issues by using packaged tools that encompass all the different elements of the technology, but some early adopters of DLP are already running into serious problems.

Spoofers, spammers and phishers, beware. There's a new gun in town, and some of the Internet's most powerful companies -- including Yahoo, Google, PayPal and AOL -- are brandishing it in the ongoing battle against e-mail fraud.

SIM (security information management) products have become more accepted as critical components within the network security infrastructure. As such, understanding the criteria for selecting SIMs has become more important. Moreover, in a fast-evolving market segment [SIM becomes SEM (security event manager), becomes SI/EM, becomes ...], it's more important to understand the important architectural differences and implementation requirements than the industry acronyms and product names. A wave of consolidation has already begun to hit the SIM market, but the major issues and deployment criteria span brands and individual technologies.

Companies that specialize in helping businesses speed delivery of their applications and Web content are increasingly involving themselves in IT security as the continued proliferation of systems-defense technologies has become a potential roadblock to the performance and quality of the services they already provide.

Drowning in signature libraries and reactive event information that is of little value in locating attacks in progress, network security managers are fed up with signature-based intrusion-detection systems that have been the backbone of network security. Amid an ever-shrinking time gap between vulnerabilities and exploits, signature-matching IDS already has become obsolete, analysts and users say.

Highly distributed organsations run their IT systems on a managed services provider (MSP) model -- supporting numbers of offices dispersed over a geographic area. Mark Scott, president of The Utility Company, says the best model for this combines advanced network monitoring with a franchising system, such as that used by Dunkin' Donuts. His company is an MSP serving a growing population of small companies -- "five-person PR firms, 30-person law offices" -- across North America from its Ottawa, Canada, base.

A jewellery store chain is having much better luck catching burglars in real time, thanks to a little help from the IT side of the house. Loss Prevention Manager Dennis Thomas explains how the company built its high-tech command center from scratch.

McAfee is hunkering down to integrate the security technologies it has bought over the past several months into its varied line of security software and appliances. Two trends in the company's activities are developing parallel products for deployment as software on endpoints and as network-based appliances. This week, for instance, the company is announcing that NAC software can be installed on its IntruShield IPS appliance to give customers the option of enforcing NAC policies in the network, not just on the endpoint. The company is bringing management of these platforms under control of its ePolicy Orchestrator (ePO) in an effort to centralize control of network security. Network World Senior Editor Tim Greene spoke with McAfee CEO Dave DeWalt about these efforts as well as other issues facing the company.

As vice president of learning and development for US-based AlliedBarton Security Services, Rich Cordivari is responsible for the training community in the company. That means he oversees 150 trainers who work locally all over the country to deliver education to AlliedBarton employees. Cordivari, who has been with the company since 2003, discusses his strategy for boosting retention rates with programs that speak to the company's diverse geographic accounts, as well as the different generations now working for AlliedBarton.

What is true enterprise security and how do you get it? Bogus promises by vendors are all too common. In this interview, outspoken security analyst Nick Selby humorously tackles the truth about data leakage products, smartphone protection, hotspot threats and the word "solution." Nick Selby leads The 451 Group's Enterprise Security Practice. Selby also serves as The 451 Group's Director of Research Operations and is on the faculty of the Institute for Applied Network Security.

There has been a long history of attacks on the Domain Name System ranging from brute-force denial-of-service attacks to targeted attacks requiring specialized software. In July 2008 a new DNS cache-poisoning attack was unveiled that is considered especially dangerous because it does not require substantial bandwidth or processor resources nor does it require sophisticated techniques.

There are a few highly publicised vulnerabilities at the moment which haven't completely been disclosed and which, it is claimed, could threaten the whole Internet as-we-know-it. Only, when the vulnerabilities are finally disclosed, it seems that the whole incident has been somewhat Chicken Little.

In 1999, the Massachusetts state fire marshal issued a cautionary advisory about a new security product: a surveillance camera designed to look like a smoke detector. "This action has created a great concern for us in the fire service," Stephen Coan said. "If this [security cameras as smoke detectors] becomes widely known, we feel that the lives of people will be placed in jeopardy. Out of fear of being watched and the loss of privacy, it is possible that people will begin to cover over smoke detectors, endangering their lives...." Marshal Coan was not alone in his concern: In 2004, New York officials forced local outlets to stop selling the device for many of the same reasons.

The proliferation and popularity of collaborative Web 2.0 sites – there are around 250,000 new registrations to Facebook everyday – has changed the threat landscape and the way businesses need to think about security. Each year, newer technologies and weapons are being unleashed to leave Web users surprised, annoyed and at greater risk.‘Whaling’ or ‘spear phishing’, is one such threat and refers to phishing scams which specifically target high-worth individuals.

The management of information risk has become a significant topic for all organizations, small and large alike. But for the large, multi-divisional organization, it poses the additional challenge of determining how to deploy an information security governance program among what are often disparate business units. Should the policies, procedures, and processes that define the program be developed and managed within a central, corporate body? Or perhaps responsibility would be better placed at the individual unit level? Is there a workable middle-ground?

In the immortal words of the Young Ones "[A] social conscience is like a garden shed. If you try to eat it, it will stick in your throat!". At least that is the lesson that the EU seems to be learning [1] in its efforts to promote greater competition in the technology industry as it tries to implement the use of alternate (to Microsoft) office software and operating systems that adhere to open standards.

Microsoft SQL server hasn't had a public vulnerability announcement since 2004. The SQL Slammer worm struck in 2005, but the hole the worm exploited had been patched six months before. The holes that MS-Blaster and Code Red worm attacked had been patched, too. But back just a few years ago, no one really cared about patching really. We just didn't patch.

Microsoft's US general manager/chief security advisor for its National Security Team thinks like a true security professional: In every bit of good news, Bret Arsenault wonders what bad news could be lurking behind it.

People don't notice change when it's gradual. Sometimes, however, small, incremental changes add up in a way that isn't noticed until a change in degree becomes a change in kind.

Planning to travel? Maybe you want to think twice about bringing your laptop, your mobile phone, or even that iPod. (And if you're of Asian or Middle Eastern descent, that goes double.)

The scientific field of biology has provided many useful metaphors, such as "virus" and "infection," for the study of malware. Many researchers have used biology and evolution science to create innovative defenses against malware, in many ways simulating the functions of biological immunity systems. I find that biological sciences and especially evolution provide some great insights into the behavior of malware, malware creators and malware defenses over longer periods of time. I also see a lot of parallels between the evolution of malware and the evolution of darknets (stealthy peer-to-peer, or P2P, networks).

Enterprise connectivity is exploding, driven by globalization, convergence, virtualization and social computing. As corporate perimeters dissolve, the security focus switches towards application and data-level security solutions. The question to ask is what are the longer-term implications for network security? Will it become redundant or could it grow more powerful? Only one thing seems certain: It will be different from today.

Security is a people problem. OK, you already knew that. But recently the SANS Institute finally recognized it too, in its list of the top 20 Internet security risks of 2007. Topping the chart of new, hard-to-defend-against risks were vulnerabilities in custom Web applications and (drum roll, please) "gullible, busy, accommodating computer users, including executives, IT staff and others with privileged access."

Virtualization introduces new potentials for flexibility and change over and beyond anything the world of network security has ever seen. Unfortunately for a host of large security vendors, most of the typical devices being used to protect physical data centers require a certain level of stability (or inflexibility) in order to promise proper protection.

It begins with a shiver, a vibration almost too faint to be sensed. My attention is pulled from the meeting I'm in by the security problem I know is occurring on our live network.