Friday, March 19th, 2010 at
As a follow up on my previous post on cabling an IPS I have attached an example that I have seen successful.This example is specific to a Mcafee M2750 device and assumes interfaces that are hard set. Note that the actual firewall and LAN switch are using Straight cables and not cross-over. The only cross-over is placed between the Fail-open kit and the IPS.
Friday, October 30th, 2009 at
Sourcefire has released an iPhone application. It has the widely recognized snort Pig as the icon. You can view the latest rule sets, top malware threats and the latest news from the VRT team. This a must have for the mobile security geeks. You can download the app from iTunes at the below link.
Thursday, October 29th, 2009 at
I attended a lunch and learn event hosted by Bayside Solutions and presented by Paul Henry. Bayside Solutions provides these monthly lunch and learn events and they are top notch. They are unique in that they are not sales events but focus on providing relevant information on issues within Information Security. Paul Henry is extremely knowledgeable and well known in the security industry.
The discussion was on how traditional port based protections are not longer enough. This is spot on and not necessarily new but it a great point that needs to be reinforced. With the advent of Web 2.0 it is no longer necessary for an attacker to penetrate your firewall. They only need to wait for you to visit a compromised website. Since very few companies block outbound HTTP or HTTPS it is virtually impossible to prevent these attacks. The only way to prevent these attacks is to use more protocol based defenses. An example, would be Intrusion Prevention. I see malicious IRC traffic being blocked on a daily basis that is not using standard IRC ports. Also many applications such as Instant Messaging clients will attempt to use different ports to find a way out of the network. When vendors develop products to bypass filters it is officially game over!
This doesn’t mean we eliminate our traditional firewalls but more is needed to provide true defense in depth protection. As Paul mentioned defense must be moved closer to the endpoint. Good old fashioned patch and system management would reduce these attacks but this is much harder to do than buying a new appliance to put on the network.