Stopping Both Attackers and Attacks – The Future of Network Security

image1 Stopping Both Attackers and Attacks – The Future of Network Security

The future of security must reach beyond the capability of an appliance. There are too many attack vectors that are continuously changing to detect with a silo solution. It basically comes down to this …. there are only so many signatures that can be checked against as well as behavior algorithms that can be put in place before you must let traffic pass. Odds are, a malicious attacker will eventually bypass detection based on the fact that there are hackers out there with a rack of all the latest vendor IPS, Firewalls, etc. in a lab designed to test how effective a piece of malware is against any enterprise security solution. So in a nutshell, you will only be able to stop the majority of attacks launched against your network. Something will eventually get through. This means detecting and preventing can’t be your only security strategy. Continue reading

VN:F [1.9.22_1171]
Rating: 4.0/5 (1 vote cast)

Comparing ASA Management: Internal vs. External Cisco Prime Security Manager Overview

management Comparing ASA Management: Internal vs. External Cisco Prime Security Manager Overview

Management of security devices is a critical function for maintaining the best performance and being aware of security related events. Cisco has released their second generation of ASA, which includes new management options. This post will cover the new management interface and compare it to the previous options. Continue reading

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

Dont Just Click Any Link – Avoiding Phishing, Social Engineering And Other Attacks

shark Dont Just Click Any Link   Avoiding Phishing, Social Engineering And Other Attacks

I’ve said this many times before … the Internet is full of bad things. Of those bad things, one of the most common threats is Phishing attacks. Wiki defines phishing as “the act of attempting to acquire information such as usernames, passwords, and credit card details (and sometimes, indirectly, money) by masquerading as a trustworthy entity in an electronic communication”. The majority of successful phishing attacks clone popular social networking sources and provide hyperlinks with the hope a target will click the link without questioning the authenticity of the source.

I wrote a post about what to look for regarding fraud email and craiglist sales HERE and 2 example craiglist cons HERE. The concepts are generally the same regarding identifying phishing attackers however in some cases, the attack will be a clone of a real message or website, which makes it very difficult to detect. Best practices is THINK BEFORE YOU CLICK! Here are some examples why this is important. Continue reading

VN:F [1.9.22_1171]
Rating: 4.0/5 (1 vote cast)

VMware Buys AirWatch for $1.54 Billion

This was bound to happen. We saw Zenprise get picked up by Citrix. Many of expected Mobile Iron, Airwatch or Good to be next. William Alden from Dealbook gives us the skinny on the VMware purchased of mobile device security company AirWatch. The original post can be found HERE

bits vmware articleInline VMware Buys AirWatch for $1.54 Billion

Looking to shift its software offerings, VMware has struck a $1.54 billion deal to bolster its mobile technology.

VMware said on Wednesday that it had agreed to buy AirWatch, a start-up based in Atlanta that makes mobile management and security software for businesses. VMware is paying about $1.18 billion in cash and $365 million in installment payments and assumed unvested equity. Continue reading

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

Preserving your privacy and anonymity with Tails

Screen Shot 2014 01 10 at 8.28.22 PM Preserving your privacy and anonymity with Tails

Want to protect your privacy when using the Internet? Well unfortunately that is tough to do these days. Many agencies and governments are investing in network surveillance programs to monitor Internet traffic. Firewalls can offer application visibility packages capable of identifying device and browser type, where people are surfing the Internet and what applications are being accessed. Most websites include tracking cookies that gather data about users accessing their resources. Data obtained about you is used for various things you probably are not aware of and may not approve. This includes selling that data to large marking firms that eventually turns into SPAM and other unwanted contact. A more extreme example of unauthorized surveillance is covered by Jacob Appelbaum’s talk on the US governments Internet spy tools (found HERE). Its eye opening!

Continue reading

VN:F [1.9.22_1171]
Rating: 5.0/5 (1 vote cast)

Visual Investigations of Botnet Command and Control Behavior Infographic

Here is a really cool infographic developed by the director of researcher at Lancope. The original post can be found HERE.

In October, Tom Cross, Lancope’s Director of Research, presented a poster at Visualization for Cyber Security (VizSec) 2013 in Atlanta, GA . The poster included visualizations of the command-and-control channels of nearly two million botnet samples in an effort to help foster a better understanding of how botnets operate, and more effectively differentiate them from legitimate network traffic. The poster was created as a result of data analysis conducted by Lancope’s StealthWatch Labs research team. Continue reading

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

Target: Data Breach Overview

Aamir Lakhani wrote a fantastic article on the recent data breach of Target’s network. If you recently shopped at Target, you really should read this. The original article can be found HERE

target192way 59259122cb5b170fd6847a03201f6d798cc05c30 s6 c30 300x224 Target: Data Breach Overview

Anyone who swiped their credit or debit card between Nov. 27th through Dec. 15th may have had his or her accounts breached. Continue reading

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

How Pickpockets Operate And Methods To Avoid Them

pickpocket1 How Pickpockets Operate And Methods To Avoid Them

Pickpocketing is an old yet popular crime. Reason for this is the return can be as high as a robbing a store without the risk of using weapons or be identified by victims. Pickpockets can operate as a team or individually and typically involve a form of deception to conceal the crime. Most victims won’t realize they have been robbed until the pickpocket is long gone and if caught, the criminals face minimal jail time since lethal threats are not involved. Here is a review of the most common tactics used by pickpockets and methods to avoid becoming a victim. Continue reading

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

Cool Home Network Device – Meraki Z1

MerakiLogo Cool Home Network Device   Meraki Z1

Cisco acquired Meraki, the leader in cloud controlled WiFI, routing and security late 2012. For those that haven’t heard of Meraki, the concept behind the technology is pretty cool. All device configuration and management is handled using a cloud / web accessible GUI. You can configure everything and ship equipment to where it needs to provide network access prior to first powering things on. Once you are ready, all you do is plug in the equipment and it works (IE all configuration is sent to the device via encrypted tunnel from the cloud) . It really is that simple.

Continue reading

VN:F [1.9.22_1171]
Rating: 5.0/5 (2 votes cast)