When firewalls and intrusion detection just aren't
Firewalls alone are not enough to thwart today's more sophisticated range of attacks, while Intrusion Detection Systems detect and record attacks, but do not block them. AV products, properly updated, can help protect against malicious code but are necessarily limited in their scope.
So enterprises and telecoms operators face a security gap which vendors are trying to plug with a fresh breed of security appliances, dubbed Intrusion Prevention Systems (IPS).
Into this arena comes Top Layer Networks, which is extending its line of appliances that guard against Denial of Service attacks to provide in-line protection against a wider range of Internet attacks. Top Layer's high speed ASIC-based appliances have impressed in tests on their effectiveness against DoS attacks so its entry into what is becoming a crowded marketplace is nonetheless significant.
Saturday, November 16, 2002
Wi-Fi Encryption Fix Not Perfect
The biggest security risk for "Wi-Fi" wireless Internet networks is that users sometimes fail to turn on their encryption software.
But even the responsible ones who use the encryption program -- Wired Equivalent Privacy -- aren't immune to malicious attacks.
A growing trend on the streets of Manhattan are WarDrivers who break into wireless networks for fun. A professional hacker or anyone with significant programming knowledge can hack through WEP and even steal data off the network.
"WEP provides a level of security too low for me to take seriously," said Niels Ferguson, a cryptography consultant in Amsterdam who helped come up with an alternative encryption to WEP.
The WEP replacement, Wi-Fi Protected Access, adopts a more rigorous standard for authenticating users in order to eliminate the former's security flaws.
However, WPA comes with its own set of problems: denial of service attacks that can shut down the network and leave people without wireless Internet access.
Ferguson said that all wireless protocols are susceptible to DoS attacks, but WPA "is subject to all of them plus one extra type of DoS attack."
The biggest security risk for "Wi-Fi" wireless Internet networks is that users sometimes fail to turn on their encryption software.
But even the responsible ones who use the encryption program -- Wired Equivalent Privacy -- aren't immune to malicious attacks.
A growing trend on the streets of Manhattan are WarDrivers who break into wireless networks for fun. A professional hacker or anyone with significant programming knowledge can hack through WEP and even steal data off the network.
"WEP provides a level of security too low for me to take seriously," said Niels Ferguson, a cryptography consultant in Amsterdam who helped come up with an alternative encryption to WEP.
The WEP replacement, Wi-Fi Protected Access, adopts a more rigorous standard for authenticating users in order to eliminate the former's security flaws.
However, WPA comes with its own set of problems: denial of service attacks that can shut down the network and leave people without wireless Internet access.
Ferguson said that all wireless protocols are susceptible to DoS attacks, but WPA "is subject to all of them plus one extra type of DoS attack."
The Peon's Guide To Secure System Development
Increasingly incompetent developers are creeping their way into important projects. Considering that most good programmers are pretty bad at security, bad programmers with roles in important projects are guaranteed to doom the world to oblivion. The author feels that a step toward washing himself clean of responsibility is by writing this document. Checking your memcpy() and malloc() calls have been lectured to death. It's not working. The approach used by this document is to instead shame developers into producing better systems. Enjoy.
Increasingly incompetent developers are creeping their way into important projects. Considering that most good programmers are pretty bad at security, bad programmers with roles in important projects are guaranteed to doom the world to oblivion. The author feels that a step toward washing himself clean of responsibility is by writing this document. Checking your memcpy() and malloc() calls have been lectured to death. It's not working. The approach used by this document is to instead shame developers into producing better systems. Enjoy.
Thursday, November 14, 2002
WLAN
Wireless LAN discovery through the use of applications such as NetStumbler, DStumbler, Wellenreiter and others is an increasingly popular technique for network penetration. The discovery of a wireless LAN might be used for seemingly innocuous Internet access, or to be used as a "backdoor" into a network to stage an attack. This paper reviews some of the tactics used in wireless LAN network discovery and attempts to identify some of the fingerprints left by wireless LAN discovery applications, focusing on the MAC and LLC layers. This fingerprint information can then be incorporated into intrusion detection tools capable of analyzing data-link layer traffic.
Wireless LAN discovery through the use of applications such as NetStumbler, DStumbler, Wellenreiter and others is an increasingly popular technique for network penetration. The discovery of a wireless LAN might be used for seemingly innocuous Internet access, or to be used as a "backdoor" into a network to stage an attack. This paper reviews some of the tactics used in wireless LAN network discovery and attempts to identify some of the fingerprints left by wireless LAN discovery applications, focusing on the MAC and LLC layers. This fingerprint information can then be incorporated into intrusion detection tools capable of analyzing data-link layer traffic.
Wednesday, November 13, 2002
SecNet11 -- Secure Wireless Local Area Network
Harris Corporation provides a revolutionary Type 1 encrypted Secure Wireless LAN (SWLAN) solution that allows COMSEC-approved government agencies to rapidly communicate multimedia information (data, voice, and video) in a secure environment.
The system integrates NSA crypto with commercial chipset based 802.11b PCMCIA cards and access points to create a secure wireless LAN.
Harris Corporation provides a revolutionary Type 1 encrypted Secure Wireless LAN (SWLAN) solution that allows COMSEC-approved government agencies to rapidly communicate multimedia information (data, voice, and video) in a secure environment.
The system integrates NSA crypto with commercial chipset based 802.11b PCMCIA cards and access points to create a secure wireless LAN.
Monday, November 11, 2002
Forensic Acquisition Utilities
This is a collection of utilities and libraries intended for forensic or forensic-related investigative use in a modern Microsoft Windows environment. The components in this collection are intended to permit the investigator to sterilize media for forensic duplication, discover where logical volume information is located and to collect the evidence from a running system while at the same time guaranteeing data integrity (e.g. with a cryptographic checksum) and while minimizing changes to the subject system.
This is a collection of utilities and libraries intended for forensic or forensic-related investigative use in a modern Microsoft Windows environment. The components in this collection are intended to permit the investigator to sterilize media for forensic duplication, discover where logical volume information is located and to collect the evidence from a running system while at the same time guaranteeing data integrity (e.g. with a cryptographic checksum) and while minimizing changes to the subject system.
Using the Java Cryptography Extension in WebSphere Studio Application Developer 4.03
This article also provides step-by-step instructions and help with the Java™ Cryptography Extension (JCE), which is a set of packages that provides a framework and implementation for encryption, key generation, key agreement, and Message Authentication Code (MAC) algorithms. JCE also supports secure streams and sealed objects.
This article also provides step-by-step instructions and help with the Java™ Cryptography Extension (JCE), which is a set of packages that provides a framework and implementation for encryption, key generation, key agreement, and Message Authentication Code (MAC) algorithms. JCE also supports secure streams and sealed objects.
Subscribe to:
Posts (Atom)