Firewall Archives - IT Security Guru

China's web users fear losing tools to bypass 'Great Firewall'

The Gurus — Mon, 07 Aug 2017 09:12:15 +0000

Enterprising internet users in China fear the tools they use to tunnel through the country’s “Great Firewall” may soon disappear, as Beijing tightens its grip on the web. Tens of millions of people are estimated to use Virtual Private Networks (VPNs) to bypass Chinese internet restrictions — getting access to blocked websites such as Facebook and Twitter. Beijing has for years turned a blind eye to these holes in its Great Firewall, but recent events suggest the virtual tunnels may soon be bricked up. In January China’s Ministry of Industry and Information Technology (MIIT) announced it would be banning the use of unlicensed providers of the services.
View Full Story
ORIGINAL SOURCE: Daily Mail

The post China's web users fear losing tools to bypass 'Great Firewall' appeared first on IT Security Guru.

FireMon Announces Industry’s First Intelligent Cloud Security Management Solution

The Gurus — Fri, 12 May 2017 10:31:00 +0000

FireMon today announced that its market leading Intelligent Security Management, which helps organizations worldwide centrally manage their on-premises firewalls, is available for cloud and native cloud firewalls. From traditional, on-premises or cloud firewalls such as Juniper Networks®, Palo Alto Networks® or Cisco®, to native cloud security controls like Amazon Web Services, regardless of what an enterprise’s security environment looks like, FireMon can manage it.
In its recent State of the Firewall Report, a global benchmarking study of over 400 organizations’ security infrastructures, FireMon found that cloud adoption is now the norm, but some questions still remain about who manages the cloud. For example, 90 percent said they had adopted a cloud solution, but for more than one third of respondents, responsibility for cloud security falls outside of security operations, which adds an extra layer of complexity to security management.
“Cloud environments face many of the same threats as traditional enterprise networks, but due to the vast amount of data stored on cloud servers, cloud services become an even more attractive target for a breach or attack,” said Jody Brazil, co-founder and Chief Product Strategist for FireMon. “What many organizations don’t realize is that while cloud providers typically deploy security controls to protect their own environments, ultimately it is the organization’s responsibility to protect their own data.
“In the process of deploying public and private cloud services, businesses are discovering new challenges in visibility, scalability and control of their hybrid cloud environments that impact their ability to mitigate risk and keep up with business agility and demands.”
FireMon’s Intelligent Security Management platform can help due to its flexibility to allow the same infrastructure-independent, single-pane monitoring and analysis that enables organizations to manage their on-premises security policies to be easily extended to support any hybrid cloud implementation. The platform is built to scale to meet the needs of the environment, no matter how simple or sophisticated. Furthermore, with FireMon’s acquisition of 40Cloud, a Cloud Infrastructure Security Broker, last year, organizations with multiple cloud environments can securely connect them to each other and apply a single security policy across them, rather than reset individual policies for each.
FireMon partners with the industry’s leading firewall vendors including Check Point® Software, Palo Alto Networks, Cisco, Fortinet® and Juniper Networks, and it can manage native, embedded security infrastructure in public and private clouds such as AWS Security Groups and VMWare NSX Distributed Firewalls.

The post FireMon Announces Industry’s First Intelligent Cloud Security Management Solution appeared first on IT Security Guru.

FireMon study confirms security management solutions critical to avoiding data breaches

The Gurus — Thu, 20 Apr 2017 09:16:35 +0000

FireMon, the leader in Intelligent Security Management, today announced results from a survey conducted at the RSA Conference that assessed the views of 350 IT security professionals on the importance of firewalls in the battle to prevent data breaches. The poll found that 72% of respondents agreed that no matter how much money is spent on IT security, it is wasted if the firewalls are not configured properly. A further 52% had experienced a firewall configuration change that opened a potential security breach that caused business downtime.
“We often hear that ‘the firewall is dead’ and an array of security ‘solutions’ have cropped up in this wake, but it is clear from this study that is most definitely not the case,” said Michael Callahan, CMO, FireMon. ”In fact, no matter what security solutions an organisation has in place, it means nothing if the firewalls aren’t managed correctly. The problem is compounded when you think about how many organisations have tens or even hundreds of firewalls as part of their security defences – all of which need to be configured. This creates a gap between the security environment complexity and the resources to manage it where mistakes are likely to occur and risk increases.”
FireMon believes the key to closing this gap is more effective management of security solutions, in a world where the consequences of having an insecure security system can be catastrophic, leaving enterprises vulnerable to an array of cyber threats, such as hackers, data breaches and Trojans, among others. In addition, business downtime or interruption costs can significantly impact trade and income, but the greatest cost can sometimes be reputational. Customers don’t want to be associated with a brand that puts their data at risk, which is why it is so important for security systems to be fully functioning and free from exploits.
“Incorporating robust, intelligent security management can greatly reduce all the complexity that surrounds the IT security infrastructure,” continued Callahan. “It can help identify specific weak points within the firewall and avert any potential breach within a system.”
“Importantly, for the majority of organisations that said they had experienced downtime due to a faulty firewall rule change, FireMon’s state of the art technology allows security managers to “preview” any changes made to the firewall, making it easier to preserve security. Enterprises defences are only as good as the security systems behind it and so integrating a firewall tools should be an important part of any large enterprise’s security arsenal,” he concluded.

The post FireMon study confirms security management solutions critical to avoiding data breaches appeared first on IT Security Guru.

Embedded security a high priority for IoT designers

The Gurus — Wed, 22 Mar 2017 10:06:17 +0000

In early January, the FTC sued D-Link, a manufacturer of home wireless routers and webcams, for failing to adequately secure its devices, which led to several hundred thousand devices being compromised by cyberattacks. One of these botnet attacks resulted in a major DDoS attack on the internet service provider DYN and took down thousands of websites, costing businesses millions of dollars in a single afternoon.
This lawsuit has brought to light several important issues related to the Internet of Things and our ever-increasingly connected world. For starters, with more than 25 billion devices expected to be connected within the next three to five years, the potential attack surface for cybercriminals is growing exponentially. While hackers may not be interested in controlling, say, your household lighting, they are interested in the access that a connected device can provide to higher value targets, like your financial or health data. Not to mention, connected devices, as we saw in the case of D-Link devices, can serve as a conduit for botnets that will attack other targets. The average consumer is unlikely to realize that their home router or security camera is being used in such a way, making them an ideal tool for the bad guys.
Another issue that the D-Link lawsuit has brought to the forefront is the fact that until recently, IoT security has, for the most part, been left up to consumers. While connected devices can be secured at least in some part via passwords and other protocols, many users simply don’t take the steps necessary to adequately protect their devices. In a majority of cases, they don’t even know how to secure their devices. One of the motivating factors for the FTC case, then, is to put more responsibility for security back on to device manufacturers.
With that in mind, embedded security for IoT devices is becoming a bigger priority for device engineers. While there are some challenges in this pursuit, there are also some innovations taking shape that will improve the overall security of the IoT.

What Is Embedded Security?

The idea of embedded operating systems is not a new one. For years, we have had devices that contain microprocessors to carry out specific functions. Because, for the most part, these devices were not connected to the internet, security wasn’t a major concern. The simple fact that devices were standalone – and the obscurity of the operating system itself — made them relatively secure.
Introducing a connection to the internet, though, removes some of that inherent security. Embedded security, then, is the overall term for protecting the software, hardware, and hardware systems in these devices. Essentially, since every point of communication is a potential path for hackers, engineers must consider the entire device and identify all of the attack surfaces in order to keep it secure.

Challenges to Embedded Security

Effective embedded security requires implementing both traditional IT defenses as well as addressing the physical security of the device itself. For example, within the realm of IT, designers must consider:

The use of firewalls
Password management
Protections against malware
Firmware and software updates, how and when updates will be released and communicated
Application segmentation
Encryption and key management

However, in addition to these technical issues, designers must also consider the physical security aspects of the device. For example, could a hacker potentially physically tamper with the device to access sensitive information or reverse engineer the device to spoof or clone a legitimate device? What about key authentication? By using cryptoauthentication, it’s possible to hardware-protect encryption keys, ensuring that hackers do not gain access to sensitive information.
Effectively securing IoT devices requires designers to conduct a thorough threat analysis to determine all of the possible attack points, and then implement security measures to protect against them. Keep in mind that not all hackers are engaged in crimes of opportunity, just trying to attack anything to see what they can accomplish.
It’s very possible that hackers could be engaged in high-level acts of espionage designed to steal intellectual property — or they are simply using an IoT device as a conduit to a larger payoff. Because any scenario is possible, embedded security is no longer a “nice to have,” but is now a “must have.” Relying solely on users to protect their devices is not only dangerous, but potentially costly to your business.

The post Embedded security a high priority for IoT designers appeared first on IT Security Guru.

Adopting a User-Centric Approach to Protect Sensitive Data

The Gurus — Mon, 06 Jun 2016 08:59:55 +0000

The world has changed. With more users accessing data outside the corporate firewall and from mobile devices, businesses can now allow for more flexible work environments. But this increased access has also brought an upsurge in the risk of data breaches and threats from hackers.
Recent high-profile breaches have heightened overall market awareness of security, not just within the CSO community, but among CEOs and boards of directors as well.
Protecting the sensitive data within an organisation’s work systems is no longer just about building an impenetrable network perimeter; it is also about securing users against phishing and social engineering attacks and data breaches, and protecting data in cloud applications and on mobile devices. This requires a contextual, risk-based approach based on user identity, historical patterns of behaviours, and the request itself.
Identity is the new boundary
Before cloud, organisations secured their data within virtual network perimeters protected by firewalls, data loss prevention systems, virtual private networks (VPNs) and intrusion detection/prevention systems. However, as enterprises make the transition towards the cloud, and with IT no longer controlling every application or device that accesses corporate data, managing access is becoming increasingly challenging.
The network perimeter is now a field of constantly changing variables, context and policy, defined by each user, and more specifically, by their identity. It’s up to each organisation to protect those identities in a user-centric way, regardless of the user’s location or the device they are using.
As a result, rather than just focusing on devices and infrastructure, organisations like Gatwick Airport and Peterborough City Council are concentrating on the user. By using contextual data about users, devices, and patterns of behaviour, they can more accurately detect unauthorised attempts to access corporate information, and better mitigate the risk of a security breach.
Passwords are becoming a thing of the past
According to Okta’s latest Businesses @ Work Report, organisations use anywhere between 10 and 16 apps – an increase of about 20 percent in just one year. Because most people use dozens of applications, there’s a natural tendency to reuse passwords across all personal and professional channels, or leave them written on pieces of paper for all to see. “Password fatigue” inherently makes every application less secure, so a stolen Financial Times password might compromise a user’s Salesforce.com or Active Directory account. It also means that users themselves have become a potential threat to organisations’ data security. In fact, according to IBM, insiders are responsible for more than half of data breaches worldwide.
In response, in order to protect themselves against the range of attacks that rely on stealing user credentials, many organisations are adopting multi-factor authentication (MFA). MFA improves security by using single-use, expiring token to exchange authentication and authorisation data between a trusted identity provider and an application. It involves the use of two or more different types of authentication — such as a password plus a temporary key which is sent to a user’s phone, dongle, email address, or app — to secure corporate data and avoid highly targeted social engineering attacks, such as phishing or pretexting. That way, businesses can ensure the right people have the right access to sensitive information, and reduce the risk of unauthorised access.
While traditional forms of MFA have depended on cumbersome hard tokens or easily discoverable security questions, a new generation of MFA technology now enables IT and security teams to take a user-centric approach to application security. Okta’s data reveals that businesses are moving away from the traditional security questions — such as “What’s your mother’s maiden name?” or “What was the name of your first pet?”— as a second form of verification, and choosing more modern forms of MFA to secure their environments, like push authentication, which enables users to verify their identity with a single tap on their mobile device without the need to type a code.
Protecting data with automated provisioning
Organisations around the world have suffered consequences when they don’t properly manage user identities. In addition to MFA, more and more businesses are implementing solutions that provide a simple way for them to protect sensitive information, by giving IT more control over the different applications, access points and user types that will be connected to its cloud systems.
In order to ensure that users have the right amount of access, and that access is given and taken away at the right time, organisations are managing access with single sign-on (SSO) and provisioning. Provisioning enables IT to make real-time updates as employees and contractors come and go, and gives them visibility into users’ behaviour to detect when something is not right. With automated deprovisioning tools, the IT team can deactivate a corporate identity across all enterprise resources within seconds, so that once an employee or freelancer has left the company, crucial data cannot leave with them.
Staying in control of the network
With almost any technology at their fingertips, employees will use whatever they need to get their work done — even if that means using tools or practices that could unintentionally create a security risk for the organisation through a simple error. Therefore, the real security issue that businesses need to address is not how secure the cloud is, but rather how to improve visibility and control across on-prem and cloud systems, while also enabling the business to grow through simplifying user access to cloud and mobile technology.
In order to quickly reduce concerns over visibility of users, devices and applications, organisations must adapt to the ever-changing environment. By implementing a user-centric security strategy based on identity, they can empower users to access any application they need, easily and securely.

The post Adopting a User-Centric Approach to Protect Sensitive Data appeared first on IT Security Guru.

Flaw in CISCO FirePower Firewall allows malware evade detection

The Gurus — Tue, 05 Apr 2016 10:20:09 +0000

Cisco is releasing security updates to fix a critical vulnerability (CVE-2016-1345) that affects one of its newest products, the FirePower firewall. The flaw has been discovered by security researchers at Check Point Security.
According to the security advisory published by Cisco, an attacker can remotely exploit the flaw to allow malware bypass detection measured implemented by the FirePower firewall.
“A vulnerability in the malicious file detection and blocking features of Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass malware detection mechanisms on an affected system.”states the advisory.
Original Source: Security Affairs
View the full story here

The post Flaw in CISCO FirePower Firewall allows malware evade detection appeared first on IT Security Guru.

Firewalls aren’t going anywhere

The Gurus — Wed, 30 Mar 2016 10:47:30 +0000

A new study of nearly 600 IT practitioners by FireMon called the 2016 State of the Firewall Report has shown that while respondents recognise that the firewall needs to evolve, it still remains a central part of today’s security infrastructure. Emerging infrastructure paradigms such as Software Defined Networking (SDN), cloud and micro-segmentation will drive this evolution. In fact, 90 percent of respondents recognised that SDN has impacted or will impact networks, pointing to an important shift in the way they are secured. And over two thirds said that firewalls were critical to securing their cloud services.
Next-Generation Firewalls (NGFWs) represent at least 50 percent of current firewall infrastructure in nearly half of the organisations surveyed compared to 34 percent in 2015. Only 6.7 percent of organisations have no NGFWs.
“We’re seeing small shifts in IT professionals’ perceptions of the firewall as new technologies enter the market,” said Jody Brazil, co-founder and Chief Product Strategy Officer at FireMon. “Adoption of SDN and network virtualisation in general won’t decrease the need for firewalls, but it may open the door to advancements or a new category of network protection. It will be more of a continuous evolution rather than a complete upheaval as so many are quick to claim.”
To learn more about these key findings, download FireMon’s 2016 State of the Firewall Report HERE.

The post Firewalls aren’t going anywhere appeared first on IT Security Guru.

US government's $6bn super firewall doesn't even monitor web traffic

The Gurus — Tue, 02 Feb 2016 10:11:41 +0000

The US government’s firewall, named Einstein, is not as smart as its name would suggest.
A report [PDF] by the General Accounting Office (GAO) into the National Cybersecurity Protection System (NCPS) has concluded that it is only “partially meeting its stated system objectives.” Which is a polite way of saying it sucks.
Among the extraordinary pieces of information to emerge are the fact that the system – which has cost $5.7bn to develop – does not monitor web traffic for malicious content, just email. It can’t uncover malware on a system and it doesn’t monitor cloud services either.

Original Source: The Register
View the full story here

The post US government's $6bn super firewall doesn't even monitor web traffic appeared first on IT Security Guru.

Juniper drops NSA-developed code following new backdoor revelations

The Gurus — Tue, 12 Jan 2016 10:45:36 +0000

Juniper Networks, which last month made the startling announcement its NetScreen line of firewalls contained unauthorized code that can surreptitiously decrypt traffic sent through virtual private networks, said it will remove a National Security Agency-developed function widely suspected of also containing a backdoor for eavesdropping.
The networking company said in a blog post published Friday that it will ship product releases in the next six months that remove the Dual_EC_DRBG random number generator from NetScreen firewalls. Security researchers have known since 2007 that it contains a weakness that gives knowledgeable adversaries the ability to decrypt encrypted communications that rely on the function. Documents provided by former NSA subcontractor Edward Snowden showed the weakness could be exploited by the US spy agency, The New York Times reported in 2013.

Original source: Ars Technica
View the full story here

The post Juniper drops NSA-developed code following new backdoor revelations appeared first on IT Security Guru.

Juniper's VPN security hole is proof that govt backdoors are bonkers

The Gurus — Wed, 23 Dec 2015 09:30:11 +0000

Juniper’s security nightmare gets worse and worse as experts comb the ScreenOS firmware in its old NetScreen firewalls.
Just before the weekend, the networking biz admitted there had been “unauthorized” changes to its software, allowing hackers to commandeer equipment and decrypt VPN traffic.
In response, Rapid7 reverse engineered the code, and found a hardwired password that allows anyone to log into the boxes as an administrator via SSH or Telnet.

Original Source: The Register
View the full story here

The post Juniper's VPN security hole is proof that govt backdoors are bonkers appeared first on IT Security Guru.