Archive for 'intrusion prevention'


 Powered by Max Banner Ads 

Intrusion Prevention Cabling

As a follow up on my previous post on cabling an IPS I have attached an example that I have seen successful.This example is specific to a Mcafee M2750 device and assumes interfaces that are hard set. Note that the actual firewall and LAN switch are using Straight cables and not cross-over. The only cross-over is placed between the Fail-open kit and the IPS.

Sourcefire released iPhone App

Sourcefire has released an iPhone application.  It has the widely recognized snort Pig as the icon. You can view the latest rule sets, top malware threats and the latest news from the VRT team. This a must have for the mobile security geeks.  You can download the app from iTunes at the below link.

http://itunes.apple.com/us/artist/sourcefire-inc/id331567916

Obsolescence of traditional defenses

I attended a lunch and learn event hosted by Bayside Solutions and presented by Paul Henry. Bayside Solutions provides these monthly lunch and learn events and they are top notch. They are unique in that they are not sales events but focus on providing relevant information on issues within Information Security. Paul Henry is extremely knowledgeable and well known in the security industry.

The discussion was on how traditional port based protections are not longer enough. This is spot on and not necessarily new but it a great point that needs to be reinforced. With the advent of Web 2.0 it is no longer necessary for an attacker to penetrate your firewall. They only need to wait for you to visit a compromised website.  Since very few companies block outbound HTTP or HTTPS it is virtually impossible to prevent these attacks. The only way to prevent these attacks is to use more protocol based defenses. An example, would be Intrusion Prevention. I see malicious IRC traffic being blocked on a daily basis that is not using standard IRC ports.  Also many applications such as Instant Messaging clients will attempt to use different ports to find a way out of the network. When vendors develop products to bypass filters it is officially game over!

This doesn’t mean we eliminate our traditional firewalls but more is needed to provide true defense in depth protection. As Paul mentioned defense must be moved closer to the endpoint. Good old fashioned patch and system management would reduce these attacks but this is much harder to do than buying a new appliance to put on the network. :-)

October Microsoft Updates

IBM/ISS
MS Bulletin
Coverage
Coverage Date
MS09-050
XPU 29.091
9/11/2009
MS09-051
XPU 29.091
9/11/2009
MS09-052
XPU 29.1
10/13/2009
MS09-053
XPU 29.1
Multiple Signatures and dates
MS09-054
XPU 29.1
Multiple Signatures and dates
MS09-055
XPU 29.1
Multiple Signatures and dates
MS09-056
XPU 29.08
8/11/2009
MS09-057
XPU 29.1
10/13/2009
MS09-058
Scanner Only
10/13/2009
MS09-059
MS09-060
Scanner Only
10/13/2009
MS09-061
XPU 29.09
9/8/2009
MS09-062
XPU 29.09
Multiple Signatures
Cisco
MS Bulletin
Coverage
Coverage Date
MS09-050
S438,S441
Multiple Dates
MS09-051
S441
10/13/2009
MS09-052
S441
10/13/2009
MS09-053
S441,S430
Multiple Dates
MS09-054
S441
10/13/2009
MS09-055
MS09-056
S441
10/13/2009
MS09-057
S441
10/13/2009
MS09-058
MS09-059
MS09-060
S422
8/4/2009
MS09-061
S441
10/13/2009
MS09-062
S441
10/13/2009

Mcaffe and IBM Comparison

IBM
Device
GX4004
GX5008
GX5108
GX5208 Read the rest of this entry