Network Security
News
2013: new technologies pose new risks
Zero-day attacks, outdated vendor patches, malware toolkits spewing out new variants in their thousands, new threat vectors from unprotected and unmanaged mobile devices.
Auscert 2013: Perimeter protection has failed, encryption needs its day in the sun
In a security industry that hasn't changed much in 20 years, SafeNet's Andrew Younger says, it's strange that nothing much has changed in that time – except that we keep failing.
AusCERT 2013: Ashley Deuble: Network Security Monitoring with Security Onion
Although web application attacks have existed for over the last 10 years, simple coding errors, failed input validation and output sanitization continue to exist in web applications that have led to disclosures for many well-known companies. The most prevalent web application attacks are SQL Injection, Cross Site Scripting and OS Command Injection. With an increased number of companies conducting buisness over the Internet, many attackers are taking advantage of lax security and poor coding techniques to exploit web applications for fame, notoriety and financial gain.
Deploying security-analytics-as-a-service to dissect network attacks
Sydney-based start-up Packetloop has gone live with its security-analytics-as-a-service offering. The service came out of private beta earlier this month.
Disable ‘UPnP’ on networked devices now, say researchers
Security researchers are warning businesses and consumers to immediately disable Universal Plug and Play (UPnP) functions on thousands of networked device products after revealing common flaws that can be easily exploited by a remote attacker.
Reviews
Cisco impresses with first crack at next-gen firewall
When we tested next-generation firewalls last May, at least one important security vendor wasn't there: Cisco, because they weren't ready to be tested. Now that the ASA CX next-generation firewall has had a year to mature, we put the product through its paces, using the same methodology as our last NGFW test.
LANDesk Total User Management 9.5 Review
LANDesk’s foray into system, asset and user management is the latest version of its Total User Management suite, which we’ll affectionately call TUM.
Review: WatchGuard XTM2050
What is big, flexible, red and costs more than your average mid-range family sedan? Not a HSV—not quite that much—but this top of the range unified threat management (UTM) device (or in this case, XTM– the X presumably being a variable) is definitely in a high performance category. The XTM2050 from WatchGuard is one of a new breed of security devices that packs punch.
Juniper EX4500 review
Review of the Juniper EX4500 Ethernet switch. They connect desktops to servers in the data centre via a three-tier system of access, aggregation and core Ethernet switches.
Review: Self-Encrypting External Hard Disk Drives
With data becoming more valuable, the need for security also gets greater. Today’s technology and working behaviours both facilitate data being easily transported. Information is far less static due to home working, multiple office sites, low cost USB storage devices and DVDs. With all these portable devices and data being moved from place to place we must be mindful of data backup.
Slideshows
Overview of an ISMS implementation across SCADA and IT networks
Presentation by Russell Clarke and Mark Jones - Directors of RMSEC.
From Anonymous to Hackerazzi: The year in security mischief-making
These days barely a day goes by where there isn’t some sort of network security breach or hack or malfunction of some sort. This year too we had the rise of groups such as Anonymous and Lulz that sought out attention for their activities. Here we take a look at the year in pictures of some of the key security problems that grabbed our attention.
The encryption quiz
The complexity of encryption schemes has been increased dramatically in an attempt to outpace the development of computational tools designed to crack them. Now it's important to devise algorithms that can't be brute forced for trillions of years in the hopes that they will remain secure long enough to be useful before they, too, are broken. Here's a quiz about encryption to see how well you are versed in one of security's most important components. Keep track of your score and check at the end to see how well you stack up.
USB devices: The big hole in network security
Ponemon Institute asked 745 information-technology and security managers whether USB drives were important for business use, and if they were secure. What did the survey find?
Features
2011's biggest security snafus
Perhaps it was an omen of what was to come when the city of San Francisco on New Year's Eve 2010 couldn't get a backup system running in its Emergency Operations Center because no one knew the password.
Security breach
No company wants to be associated with a data breach, but if your systems are compromised the fallout can sometimes be more damaging than the act itself.
NEWS FOCUS: Cyber-espionage attacks threaten corporate data in new unrelenting ways
Stealthy, sometime long-term cyber-espionage attacks to steal sensitive proprietary information -- what some now call "advanced persistent threats" (APT) -- have become a top worry for businesses.
Penetration Testing
This is a real issue, and not just one for the well publicised attacks on major corporations such as Sony, Lockheed, Google, and Citi. It affects every business and organisation, large and small. More worrying still, it is now widely suggested that hackers and espionage organisations are moving away from directly attacking their target company, choosing instead to route their attack through suppliers to their target. Thus, even small and seemingly innocuous “third party” businesses who would not consider themselves as potential targets are now on the front line of this cyber war.
Home Wi-Fi networks the next target for cyber crime: Layer 10
Wi-Fi may be the networking method of choice among apartment blocks cropping up in increased numbers in Australia’s major cities, however increased reliance on wireless internet is resulting in more security risks, according to Layer 10 Consulting.
Opinions
Why its time to upgrade to a next generation firewall
Distributed networks face the ongoing challenge of securing a continually evolving network perimeter. As threats have evolved to exploit the shifting lines of defense, companies have responded by adding additional layers of security. This need for multiple layers of security has placed an enormous strain on IT professionals, increasing their workload through the management of multiple consoles and security devices.
Is your firewall capable of handling the growing demands of your business?
Many organizations are now migrating to Next-Generation Firewall solutions to reduce complexity, consolidate functionality and increase employee productivity. In fact, analysts predict that by the year-end 2014, 60% of new purchases will be Next-Generation Firewalls.
Find out what is driving this phenomenon and you can benefit by these new solutions by attending the Web seminar:
Opinion: Cyber-Security – Stay Smart Online
Australians are increasingly relying on the internet in their everyday lives, from banking and shopping, through to using emails, social networking and blogs to keep in touch with family and friends. They are using a range of devices such as smart phones, tablets, computer game consoles and other devices to go online.
Get exclusive access to CSO, invitation only events, reports & analysis. 
Incident handling is a vast topic, but here are a few tips for you to consider in your incident response. I hope you never have to use them, but the odds are at some point you will and I hope being ready saves you pain (or your job!).
- Have an incident response plan.
- Pre-define your incident response team
- Define your approach: watch and learn or contain and recover.
- Pre-distribute call cards.
- Forensic and incident response data capture.
- Get your users on-side.
- Know how to report crimes and engage law enforcement.
- Practice makes perfect.
Warning: Tips for secure mobile holiday shopping
I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.
