pointer

Category Archives: Uncategorized

RSA: The Rising Cyber Security Threats Attacking Your Network

Posted on by .

    The RSA Conference is one of the premier cyber security gatherings in the IT industry. Companies, analysts, and cyber security professionals flood to San Francisco every year to hear talks from the experts, see the latest products on the Expo floor, and socialize at a week of parties. The conference has grown over the years, just as emphasis has increased within IT on cyber security, as Jon Olstik of NetworkWorld points out:

    RSA use to be an oasis from mainstream IT and a place to discuss DLP, web security and key management. It was an under-funded IT step child and the RSA Conference was still centered on bits and bytes. That was then, this is now and cyber security is everywhere!

    But it makes sense. We live in a world where our bank accounts can be hacked by someone thousands of miles away, where companies have data about our personal lives that they can sell to advertisers, and where governments routinely perform cyber espionage. Security and privacy is no longer restricted to a smaller corner of the IT department: it affects everyone.

    So, how can you as an IT or network admin help protect your network from being hacked? Here are a few ways to make sure that you are on top of your network security policy:

    Passwords Attacks and Best Practices
    There are two main ways that passwords are the cause of breaches. First is simply guessing, which is paradoxically becoming more sophisticated. Analysis of the numerous password breaches over the past year show that most people are using passwords which can be guessed easily, including Syrian President Assad’s use of “12345”. However, enforcing more complex passwords isn’t necessarily the answer, since it leads to the classic “sticky note under the keyboard,” or its equivalent in a mobile workforce.

    Detecting password guessing is relatively straightforward: look for repeated login attempts, especially for login failures. While this is usually easiest via server logs, it can work on the wire too by looking for repeated access to the login URL for a web app.

    However, an increasingly common cause of password-related breaching is so-called “spear phishing,” in which an attacker will send an email to a target pretending to be something innocuous, or even something official. A common technique among professional penetration testers is to send an email claiming to be from the company IT department, with a link to a site that requests the user’s username and password. Average success rates for this spear phishing technique are over 30%.

    Stolen passwords can be difficult to detect, but Google recently shared one of their methods: look for logins that happen from different locations. It would be rather unusual for a GeoIP lookup of the login to come from two different continents within minutes of each other!

    Best practice for good passwords is still 2-factor authentication with a hardware token. If it’s cost-effective for Blizzard to use with World of Warcraft, then it is be cost effective for your organization. There are even open source or dual license solutions available.

    Monitoring IT That is in Public Clouds
    The idea of sharing a public utility in general can be scary, especially when IT personnel do not have control over every aspect of the company’s infrastructure. Beyond this concern there are other tactical security concerns that need to be addressed prior to moving to a public cloud, as well as while you are monitoring your cloud service.

    One of the emerging challenges is the push for Single Sign-On (SSO) in cloud-hosted applications. This is a complicated issue, and it’s easy to get lost in the discussion of “if Facebook can do it, why can’t we?” versus “Let’s use OAUTH like Twitter!”. Our recommendation is to start with knowing the scope of the problem, and an excellent resource is a recent series of articles on Securosis.

    From a detection perspective, cloud security is about knowing where the dotted lines are that define what used to be your perimeter. Understand your traffic between your in-house services and your cloud instances, enforce them with firewalls if not VPNs, and audit them frequently.

    Continued Network Monitoring and a Contingency Plan
    Your best technique to combat evolving security threats is vigilance. That doesn’t mean sitting 24×7 watching the network. It means using the tools at your disposal to gain visibility. If you’re using a SIEM to correlate IDS and log data, configure your OmniEngine software probes to send the Expert event log to the SIEM as an additional data source. Not only will it give you an additional data collector (especially if you’re using custom filters), it will also tell you where in the capture to look when you do investigation of events.

    This monitoring of your network 24/7 is a great tool for network forensics. Network forensics works as a contingency plan in case a security breach does occur. It can help you clean up your network to make sure that there are no lingering worms or other suspicious traffic, and it can also help to determine where the hacker breached your network so you can fix any security holes.

    Keep in mind that you’re not just looking at the Top 10. If anything, you’re looking for a node in the long tail that’s relatively quiet, but which suddenly starts sending more traffic, or starts using different protocols than before. If you’ve got a desktop PC that suddenly starts sending probes to other parts of your network, that’s suspicious activity that you should investigate, and that you might not have noticed by relying purely on an IDS.

    Cyber security threats are not going away and they will continue to become more sophisticated over time. It is important to be aware of trends affecting the security industry (both big and small), so you can be versed and prepared to protect your network against both nascent and lingering threats out there.

      3 Easy Ways to Prepare Your Network for the Olympics

      Posted on by .

        With the Olympics approaching, most everyone in IT is having “World Cup Fever” flashbacks, and rightly so. When it comes to high-profile global events like the Olympics or the World Cup – we leave the biggest and best up to sports forums – internet traffic spikes, even if the end user is at work.

        For example, on June 11, 2010 (a workday) Akamai reported that news site traffic started to climb steadily at 6 am ET and peaked six hours later, reaching nearly 12.1 million visitors per minute. Regardless of if people are at or away from the office, they are going to stream news from these sites to make sure they are up-to-speed with the latest events.

        With the Olympic ceremonies this Friday, we wanted to provide some tips to prepare for more internet usage on your wireless and wired system to ensure that there will be no angry users whether they are trying to access work-centric applications or the synchronized swimming events.

        Baseline Your Network
        The only way to know whether you’ve improved your network performance is to start by knowing where it stands now in terms of network demands. Enterprises can get a sense of how their network normally acts by looking at internet connections, WLAN links, WLAN environments and the data center. A network analyzer can help organize this information into a report that can be used to not only solve issues that currently exist, but also to allow the organization to rewind the information back in time to validate performance and bandwidth utilization now versus previously, and predict future growth.

        Prune and Clean WLAN Traffic
        Remove unnecessary traffic. Devices like printers, support stacks and protocols not in use in the environment can be eliminated. Sometimes, protocols that help manage the network, like routing protocols and SNMP can be found needlessly hogging valuable bandwidth. It’s likely that there are no devices on your Wi-Fi network which require SNMP management, routing protocols, or similar network maintenance and management.

        Additionally, you may be able to recover wireless bandwidth by disabling packets between nodes. Many BYOD-class devices use local multicasts to find network services. Blocking connections between Wi-Fi clients will prevent the retransmissions of those packets, thus saving valuable bandwidth.

        Monitoring and Stomping Out Rogue Users
        Since more and more people in your office probably have tablets and cell phones, they might be using these devices rather than office provided devices to stream Olympic events. Trying to maintain these rogue devices is a multi-tier approach, and you should have a practice in place to make sure you are aware of these devices and housing them in the right place so they don’t interfere with your network.

        However, if you don’t have a plan in place like a special Wi-Fi SSID or WPA2, you will have to discover these rogue devices and make sure they do not pose a security threat to your system and are not being the bandwidth hog on your network. Again a network analyzer is good at finding these “unknown” wireless assets on your network.

        If for some reason you are experiencing latency or something else, and the devices that you are monitoring on your computer are not the issue, check to see if it’s mobile users.

        In next week’s article, we are going to cover the Olympics, but instead of looking at it from an office perspective, we’ll be looking at it from a live events perspective. How do you keep a network running smoothly at an event like the Olympics? We’ll discuss how WildPackets did just this with China Mobile during the 2008 Olympic Games. Stay tuned!

          Trends Affecting Network Engineers Today – From Software Designed Networks to Mobile

          Posted on by .

            The IT world is currently in the throes of a huge shift — a seismic shift that the industry historically experiences every five to ten years. Today, the entrance of technologies like mobile, software defined networks, virtualization, and cloud computing have changed the landscape for both the consumer and the enterprise.

            Change is of course inevitable, and welcome, and while all of these technologies have either great potential or are already helping to fuel better productivity within IT, there are many unanticipated challenges cropping up. Below we take a look at some of the challenges these top trends are introducing, and how to adjust so your organization can get the most from these new technologies.

            Software Defined Networks and OpenFlow
            Software defined networks (SDN) and OpenFlow have been touted as enabling technologies that will help decrease the complexities of cloud and virtualization. SDN defines the overall technology, while OpenFlow is a specific example of an SDN, and was created as a programmable network protocol to help manage and direct traffic among switches from an assortment of vendors. Ideally this would provide centralized control and easier network management of potentially cheaper switches without the single-vendor lock-in.

            However, these technologies present potential challenges for network engineers. While the promise of centralized network control sounds good in theory, the migration to OpenFlow requires creating new network-wide policies. It’s likely that we’ll hear about large “failed” OpenFlow deployments, where the amount of effort overwhelms the projected ROI. The challenge for OpenFlow now is to live up to the hype: deliver demonstrable performance improvements without requiring a forklift upgrade of the network core. While it’s exciting that OpenFlow has lots of potential, if it’s too hard to deploy, it will never truly leave the research environment where it was born.

            For more details on the history and use cases of SDN and OpenFlow, check out our blog “Software-Defined Networking and OpenFlow to Infinity and Beyond.”

            Virtualized Networks
            More and more companies are turning to virtualized environments to streamline application deployment, to simplify IT operations and to allow IT organizations to respond faster to changing business demands. With decreasing prices and an increase in administrative tools that make management easier, virtualization is now being adopted even by smaller mid-market organizations.

            But virtualization creates “blind spots” in your network, areas where application traffic cannot be properly monitored with traditional techniques, opening the network up to undetected application performance problems. In a traditional server environment, you would normally span a switch port from a physical Ethernet switch or router and the data would stream across into a network/application performance analysis appliance, providing complete visibility. But in the case of a virtual environment, data comes back through a virtual adapter without actually hitting a physical switch. This creates a blind spot in your appliance and the communication between virtualized applications on the same server is never seen.

            In order to combat this blind spot and successfully perform network analysis in a virtual environment, you must plan ahead. Although there is no big difference in network analysis techniques in a virtual environment, there is in the implementation. Instead of capturing data at the physical layer, you must be prepared with a solution that can collect data at the level of the virtual switches.

            Mobile and Wireless Networks
            In today’s digital age, wireless networks are essential to both businesses and consumers. However, maintaining strong performance and security of wireless networks can be difficult — especially in the era of BYOD (Bring Your Own Device). And keeping up with the pace of technology can also be challenging, with 802.11ac and 802.11ad right around the corner.

            The introduction of wireless-enabled smart phones and tablets has ushered in new challenges for wireless network management, most importantly in the areas of security and performance. Now on top of dealing with the authorized workstations, network admins must account for and secure a whole new set of devices, which are not within their direct control. And when it comes to performance, not only do more devices make for a more congested wireless network, but a powered on, inactive smart phone that is not connected causes at least ten times as much damage to your Wi-Fi network as the same phone when it is connected (see http://www.sniffwifi.com/2012/04/phones-on-wlan.html for all the details).

            You need a full-featured wireless network analysis solution in place and monitoring your network 24×7, searching for unauthorized devices and analyzing overall network conditions, like excessive probe requests/responses that can drag down your overall aggregate WLAN throughput. You also need a solution that will future-proof your investment as 802.11ac and 802.11ad begin to take hold.

            Change is always a mix of good and bad, but with these new technologies come a plethora of new opportunities. In order to stay ahead of the curve it’s important to know how and when to adapt, as well as which tools will help you get there.