Outside the Safe Zone
Businesses around the world are being bombarded with sophisticated threats against their data and communications networks every day.
As enterprises invest heavily in fortifying their IT infrastructures and enforcing comprehensive and constantly upgraded security policies against malicious code attacks, another home-grown threat – the mobile workforce – is opening the floodgates to compromised enterprise data and corporate network contamination.
Though mobile working offers gains in commercial and operational value, enterprise security policies often stifle the effectiveness and productivity of mobile workforce devices.
Here we examine why best of breed softwares, in isolation, are not able to provide the mobile workforce and their laptops with the same high level security afforded to office based workers.
Two lines of defence in a protected corporate environment
Currently organisations anticipate, detect, and prevent threats from laptops attacks via a layered approach.
This is coupled with centralized, uncompromising IT policy which overrides an individual’s control over his/her own laptop.
As IT departments prioritise corporate IT governance, their primary method of effectively enforcing organizational security policies is by controlling all networking components.
When connecting to the Internet from within the corporate network, laptop users are protected by two lines of defence:
A comprehensive set of IT security appliances running secured and hardened Operating Systems, and security software including firewalls, Intrusion Prevention/Detection System, antivirus, antispyware, antispam, and content filtering, all of which are completely controlled by the respective corporate IT organization.
Personal firewall and antivirus software installed on the user’s laptop and controlled by the user.
In addition, when laptops are within the protective corporate environment, the organization’s IT department can exercise full and consistent control over (and visibility of) any device, which is a critical operational consideration. This means the IT team can:
consistently update respective laptops with data, policies, etc.
monitor the entire network effectively vis-?-vis the status of all network components.
Outside the safe zone
Once a laptop starts ‘roaming’ outside the enterprise governed network, the 2-line defence system no longer applies, as the laptop is essentially no longer protected by the corporate security appliances layer, and is exclusively dependent on the security software installed on the local operating system.
The roaming laptop is exposed to potential threats from nearby wireless and wireline devices (in hotels, business lounges, airports, WiFi at Internet Cafes, etc.).
These threats signify a danger far beyond the scope of the individual laptop, as intrusive code may proceed to use the laptop as a platform for breaching corporate security, once the laptop had returned to its base, and is connected to the network.
Relying solely on the best of breed software on the laptop is flawed due to:
Operating System Inherent Vulnerabilities – by definition, security software running on Windows is subject to inherent Windows vulnerabilities, effectively exposing personal firewall and antivirus applications to malicious content attacks.
Unknown Threats – the security software can only defend against known threats. By the time these threats are added to the knowledge base, it may be too late.
Immediate Damage – malicious content executes directly on the platform to be protected, rather than on a security appliance designed to filter the content and serve as a buffer.
Managing Security Level – making sure all the computers have installed the latest security updates and enforcing a unified security policy can be very difficult. When the computers themselves are at the frontline, these security weaknesses can be disastrous to the entire network. In other words, it’s “all or nothingâ€, either the entire network is secured or nothing is secured.
Consequently, many organizations adopt tough security policies prohibiting most wireless networking options (significantly limiting user productivity and remote computing freedom), or imposing strict, costly and difficult to enforce cleansing procedures for laptops that return from the “fieldâ€.
Best of breed software made mobile
A growing number of CSOs have decided to place computers behind a robust security gateway, usually a dedicated security appliance, to counteract the current weaknesses in laptop security.
Unlike PCs, these appliances are equipped with hardened operating systems that do not have security holes, “back-doorsâ€, or unsecured layers. They are designed with a single purpose, to provide security.
The fact that these security appliances are hardware-based and not software-based provides the following advantages:
Cannot be uninstalled – security attacks often start by targeting the security software, and trying to uninstall it or to stop its activity.
Software-based security solutions, as any software program includes an uninstall option that can be targeted.
In contrast, appliance-based security cannot be uninstalled as it is hard coded into the hardware.
Non-writable memory – hardware-based solutions manage the memory in a restricted and controlled manner. Security appliances can prohibit access to its memory, providing greater protection against attacks on the security mechanism.
The use of hardware allows the combination of a comprehensive set of security solutions in a single device.
Hardware also allows the combination of best-of-breed enterprise-class solutions with proprietary developments working on both the lower and higher levels (e.g. packet and network level, application level etc.).
In addition, the well known tension between users and IT managers over their computing freedom can be overcome via hardware.
On one hand, users want to have complete freedom when using their computers, while on the other hand, IT managers try to enforce security policies (e.g. banning the use of P2P software).
By using a security appliance, IT managers solve the conflict between the user’s desire for computing freedom and the IT manager’s desire to control and enforce security policies.
With software, policy is part of the laptop or computer, whereas through an appliance security policy can be enforced outside the laptop and the user has complete freedom inside the safe computing environment.
In conclusion, to provide corporate level security for laptops operating outside the safe office environment, CSOs should consider layered security architecture on a hardware appliance.
A dedicated appliance can hold all of the best of breed security softwares, and is able to re-introduce the two lines of defense enjoyed by office based PCs.
By introducing a security gateway, should security be breached, the damage stops at the gateway.
Risks Of Desktop Software – 1
This is the second in a series of articles highlighting reasons why we need a new model for anti-virus and security solutions.
Reason #2: the Desktop Security Software Risks
The risks of placing software on the desktop are such that I will be breaking this article into two parts.
Fundamentally we think of having software on our desktops as a good thing. I love downloading or installing new packages and seeing what new creative things people do to the user interface or what they do to make certain aspects of my life easier or more fun.
But there are problems inherent with software that resides on the desktop, especially security software. All developers will know what I mean. First and foremost, desktop software can be reverse engineered. What’s that mean? Have you ever inadvertently double-clicked on a file and had garbage show up or seen something that looks similar to this?
The old hex dump. Programmers will know it well. We actually spend a good deal of time trying to read this stuff. Basically, if there are programs that can (and do) turn instructions like the following
If UserBirthDate < “01/01/1960†then
IsReallyOld = “Yes
Else
IsReallyOld = “Noâ€
End If
into something like the picture above, then the reverse is true: people have developed software that can take that gobbeldy-gook in the picture above and turn it somewhat into the if-statement I wrote out. The reversing software won’t know that I had an item called UserBirthDate, but it will know I was testing for a value of January 1, 1960 and it will be able to say that based on that value I set another item to Yes or No.
So now we install our fool-proof anti-virus software on our desktop (or our firewall for that matter). Well, so too can a virus author. And that virus author or hacker will also have gotten a copy of the latest reverse-engineering software from his local hacking site. He now goes upon his task of reverse-engineering the software and then trying to decipher the results. It’s not easy but it can be done. Unfortunately, vendors know this and understand this as an acceptable risk.
The problem here is that your security software is at risk. If your vendor codes an error, the virus author can and will detect it. For example, if your vendor should exclude a file from scanning, it’s possible the virus author will figure out which file (or type of file) that is and bury his code there. If the vendor excludes files from scanning or heuristics, it’s possible that virus author will figure out a way to corrupt that file.
That being said, there are other risks. As we have said, once software is on the desktop it affords virus authors an opportunity to reverse-engineer security software. The knowledge that reverse-engineering provides is invaluable to a virus author when building his next software attack. Third, virus authors can learn where the anti-virus vendors put there software and put the links to their software (directory folders, registry entries, etc.). This too is invaluable information. In fact, in some ways it teaches people intent on writing malicious software clues as to how to infiltrate the computers’ operating system, where registry entries need to be made to force software to be loaded every time a computer is started, etc.
This information is generally available all over the web and in manuals for operating systems, especially manuals on such subjects as the Windows Registry. But having the software teach you where things belong to be effective is powerful knowledge.
Lastly, and perhaps most significantly, is the issue of forebearance. The anti-virus vendors usually know more about the potential exploits inherent in programs than virus authors but they are bound by the fact that should they try to prevent them before the exploits occur, they could be branded as irresponsible for teaching virus authors about these very exploits.
For example, when Microsoft first released the macro capabilities of Word, anti-virus vendors immediately realized the potential for danger in macros, but they were handcuffed. If they released software that disabled macros before the first macro virus was ever released, they would signal to virus authors the inherent destructive powers of macros. They chose instead to wait, handcuffed by the limitations of desktop software.
Until the Internet there really has been no better medium for delivering virus solutions than desktop software. It was relatively inexpensive to deploy (either market the software and sell it in stores or provide free downloads on bulletin boards and web sites). It is, however, expensive to keep updated in terms of time and effort, even with automated update systems.
The Internet caused several things to happen: by becoming a powerful medium for sharing files, whole families of viruses disappeared practically overnight (boot sector viruses, for example); by becoming the option of choice for sharing files, it was easier to infect a single file and have thousands download it.
A better solution is to place the security software in an offsite appliance of its own making. All Internet, intranet, networking connections flow through the appliance.
Selling off the shelf hardware appliances with built-in security software is better than a desktop software solution but it still suffers –to a lesser extent- from the pratfalls that desktop software falls prey to.
Even better is to create a service that a 3rd party vendor manages in a secure environment. In such an instance both the software and the hardware are away from the prying eyes of the malicious software authors. This further reduces the opportunity for malicious authors to discover the tricks and techniques employed by the security vendors to protect you.
Best Spam Filter or What Everybody Ought to Know About AntiSpam Software
Spam filters, also called anti-spam software, attempt to separate your legitimate e-mail from spam. Reviews say spam filters vary in their ability to detect and remove spam. More importantly, the products are controversial because they can falsely identify legitimate e-mail as spam (called a false positive). Reviews evaluate the accuracy and effectiveness of spam filters, along with features, ease of use and potential drain on your system resources.
Checked your e-mail lately? If so, you probably had to sift through a nasty pile of spam. Depending on whom you ask, the volume of unwanted junk messages ranges from 75 to 95 percent of all e-mail, much of it generated by so-called botnets–networks of otherwise innocent computers infected with malicious code that allows online miscreants to send spam with little fear of being caught. The epidemic has spawned its own swarm of antispam products, many of which are bundled with antivirus software, content filters, and other tools. Here are six products that will help ease your spam burdens. But be warned: You shouldn’t expect to get rid of spam entirely. It is nothing if not slippery.
BEST FOR KEEPING YOUR COSTS DOWN.
SpamAssassin
What it is: A free spam filter from the Apache Software Foundation, a group that supports Apache’s open-source software.
What’s cool: SpamAssassin runs on virtually all platforms and is relatively easy to upgrade as open-source developers build new features for it. The application’s designers pioneered the wide spectrum approach to spam fighting, which foils spammers by using many overlapping methods to determine whether an e-mail is legitimate.
Drawbacks: Upgrades are easy, but the initial implementation can be tricky. You’ll probably need an open-source-savvy systems administrator to hook up SpamAssassin to your e-mail system. Some users may need to buy a separate server on which to run the program.
BEST FOR EASY SETUP
Barracuda Spam Firewall 300
What it is: A network appliance that fits into your server rack. It comes equipped with 12 different software tools and can protect your entire network.
What’s cool: In addition to spam, Barracuda’s software tools fight viruses, phishing, and spoofing attacks (that’s when spammers send bogus messages from what appear to be real e-mail addresses). Some rivals charge extra for such comprehensive protection. Plus, Barracuda’s program is easy to install, even for nontechies, and doesn’t require you to change your e-mail configuration.
Drawbacks: In a recent survey of antispam products, the tech consultancy Gartner describes Barracuda’s customer service as spotty, suggesting that the service’s growth is outstripping its support department.
Price: $1,999, plus an annual $399 fee for software updates
BEST FOR WAGING WAR ON MULTIPLE FRONTS
Symantec (NASDAQ:SYMC) Mail Security Enterprise Edition
What it is: A suite of computer security tools from the market leader in spam filtering.
What’s cool: This is probably the most accurate spam detection system you will find. Symantec itself claims that the software misidentifies legitimate mail as spam only once out of every one million tries.
Drawbacks: The cost, especially if you want to buy one or more security tools à la carte. If you are starting from scratch, buying a whole suite at a discounted price makes sense. But if your company already operates an antivirus tool or network appliance made by another provider, Symantec is basically trying to compel you to rely entirely on Symantec.
Price: If you buy the whole suite, the cost is $2,030 for 50 users, $2,805 for 100 users, and $13,695 for 1,000 users.
BEST FOR PRESERVING YOUR GOOD NAME
IronPort C100
What it is: A network appliance that blocks spam and foils botnets.
What’s cool: Unlike other filters, IronPort stops spam before it hits your network, limiting the fallout from denial-of-service attacks. And its “reputation rating” system rates all incoming and outgoing e-mail; if your reputation score is falling, it may be a sign that spammers have hijacked your servers. (To check your score, go to www.senderbase.org.)
Drawbacks: If you have fewer than 50 users, this is probably more spam-fighting firepower than you need, unless your business produces large volumes of e-mail. Plus, Gartner says that small businesses may find the product difficult to integrate into their existing infrastructure.
Price: $2,639 for hardware, support, and updates for up to 100 users.
Simply put, an anti-spam program must be a standalone, easy-to-use software supplied with powerful anti-spam filters able to be adjusted by every user for his personal needs. Now with all that said above you can choose the right anti-spam software among all spam filtering programs available on the Internet.
How To Get A Free Server – FrugalTech
www.frugalbrothers.com If you haven’t had a chance to check out the VMWare Virtual Appliance Marketplace, then you are in for a treat. You can find free Virtual Machines running server operating systems, many kinds of Linux distributions, and fully configured Application Servers running apps like SugarCRM. These are free for the taking! Distributed by Tubemogul. … anti-spam appliance ibm linux microsoft security server ubuntu virtual-machine vmware web
IronPort Email security and SPAM solutions
Cisco – IronPort commercial on anti-SPAM appliance solutions
Portable Penetrator PP6000 Dell M4400, WEP Cracking, WPA and WPA2 cracking,
Portable Penetrator, WEP Cracking, WPA and WPA2 cracking, vulnerability scanning based on Dell M4400. To get a free security scan please visit www.secpoint.com
Anti-Spam Technology Marks 2009 for Red Condor
Anti-Spam Technology Marks 2009 for Red Condor
Rohnert Park, Calif., December 15, 2009 — For Red Condor, the past year was marked by several advancements in spam-fighting and email archiving technologies, and will be remembered as the year of the blended-threat email.
Read more on Enterprise Security Today
Enterprise Anti-Spam Product Comparison Guide Small / Mid Enterprise Edition
Product Description
TiPS-IT Anti-spam product comparison guide helps IT managers and developers review the range of anti-spam products. TIPS comparison guides outline the features and functionalities of leading vendors of anti-spam products help users decide which solutions are best suited for their needs. An easy-to-use Product Comparison Guide which includes the TIPS Product Category Overview and the TIPS Grid, a normalized, apples-to-apples comparison of over 400 features.
The Product Comparison Grid is available in Microsoft Excel format by sending an email to info@tips-it.com after completing your purchase.
Enterprise Anti-Spam Product Comparison Guide Small / Mid Enterprise Edition
Advice about the most up-to-date advice with reference to computer virus.
When you are trying to find the best information relating to computer virus, you will find it hard separating quality information from ill-equiped computer virus suggestions or help so it’s prudent to know how to qualify the advice you are presented with.
Avocent: Network Security Solution
Provides KVM switching and network connectivity solutions for data centers. Includes desktop, rackmount and wireless KVM connections and extenders.
Here’s a few guidelines which we think you should use when you are searching for information about computer virus. Understand that the guidance we give is only applicable to internet advice about computer virus. We are unable to offer any advice or guidance when you are also conducting research in books or magazines.
INSA: Network Security Services
Reseller of network security products, including firewalls, intrusion detection and prevention devices, anti-virus appliances, and more.
An excellent piece of advice to follow when you’re presented with help and advice regarding a computer virus web is to research who is behind the website. This may show you who owns the site computer virus authorizations The easiest way to reveal who owns the computer virus website is to look on the ‘about’ page or ‘contact’ page.
Any worthwhile website providing information on computer virus, will almost certainly provide an ‘about’ or ‘contact’ page which will record the site owner’s contact details. The details should make known some advice about the owner’s necessary expertise. This means you can conduct an appraisal about the webmaster’s depth of experience, to offer guidance about computer virus.
Anti-spam and Anti-virus Email Filtering System “true Mail Softwareâ€
Truemail System antispam provides the most comprehensive solution to email threats on the market today. Our Antispam software allows you to create an email appliance, real or virtual server for your gateway offering protection from Viruses, Spam, Malware, Phishing and unwanted content. The solution uses best of breed technologies to provide an easily installed, easily managed and highly secure solution for your email.
The following Anti-spam and Antivirus features of True Mail System:-
Connection filtering :-
Â
The configuration and management of IP Block lists, IP Allow lists, IP Block List providers, and IP Allow List providers have been improved by displaying each of these elements in the Exchange Management Console.
Content filtering:-
Truemail System Filter, which uses Microsoft SmartScreen patented machine-learning technology, is the underlying technology of the content filter that evaluates inbound messages and determines the probability of whether the messages are legitimate, fraudulent, or spam.
In addition to scanning message content, Intelligent Message Filter consolidates data that is collected from connection filtering, sender filtering, recipient filtering.
These actions may include the following:
-
Delivery to an Outlook user Inbox or Junk E-mail folder
-
Delivery to the spam quarantine mailbox
-
Rejection of the message and no delivery
-
Acceptance and deletion of the message. The server accepts the message and deletes it instead of forwarding it to the recipient mailbox.
Recipient filtering:-
By using the Truemail System service, you can now replicate recipient data from the enterprise Active Directory into the Exchange Active Directory Application Mode (ADAM) instance on the Edge Transport server role.
