Realtime Community | Messaging and Web Security | Digital Library

Configuration Management and Security

Fri, 09 Mar 2007 17:50:28 -0500

ARTICLE >> Information security is commonly described through the adage “as strong as the weakest link”—and too often the weakest link is in systems configurations. Regardless of all the time and money poured into anti-malware, intrusion prevention, content filtering, and all the other measures we deploy, if configuration is not controlled, our networks and systems will be vulnerable. Configuration management is one of the areas of information security that often falls on systems managers and network administrators. Many of the security-oriented tasks are also applicable to good systems management practices; this fact just adds weight to the notion that good systems management is good security. Much has been written about effective configuration management practices and comprehensive best practices are readily available. Rather than delve into the details of these broad frameworks, this article will focus on several basic functions and areas that are critical to leveraging the benefits of configuration management to improve security.

Web Services Security

Mon, 26 Feb 2007 21:49:06 -0500

ARTICLE >> Web services are an established method for building distributed and federated applications. Using Web services protocols, developers can provide access to application functions by publishing the interface to the service using the Web Services Definition Language (WSDL), providing data in XML structures, and transmitting data between applications using the Simple Object Access Protocol (SOAP). Service consumers can discover Web services that have been registered using the Universal description, discovery, and integration (UDDI) protocol. As with any application, questions of authentication, authorization, and trust must be addressed in the Web services architecture.

Web Application Testing

Mon, 26 Feb 2007 21:44:24 -0500

ARTICLE >> Testing is an important part of any software development methodology, but testing security features is essential for Web applications. Those who come from a software development background are familiar with functional testing: start with required functions, formulate test plans, and define test cases for each feature. Ideally, these steps are automated in a regression test that is run routinely to make sure you do not lose ground as you correct errors. Just as important, and more important if you have to answer to auditors, is testing a key non-functional requirement—security.

Vulnerability Scanning 101

Mon, 26 Feb 2007 21:40:10 -0500

ARTICLE >> Vulnerability scanners have come a long way. When tools like SATAN first came out, there was a lot of discussion about the wisdom of having vulnerability scanners. After all, these were tools for hackers to employ to attempt an attack on your network and servers. Proponents of the tools argued that it was better to learn about your vulnerabilities with a tool rather than through an attack. The debate about the relative value of vulnerability scanners is essentially over—they are useful tools for network and systems administrators in spite of the fact that they could be used for malicious purposes.

Physical and Digital Security Convergence

Fri, 16 Feb 2007 19:28:40 -0500

ARTICLE >> Security management entails a number of dimensions, including logical security over information in whatever form it takes; electronic security over networks, servers, and other devices that store, manage, and transmit information; and physical security, which addresses the protection of persons and property. Not surprisingly, logical and electronic security are tightly coupled. Information residing on a server is dependent on the access controls and other security measures of the server. Encryption can protect data when it is transmitted across insecure channels, such as the Internet, but it can also provide additional protection against information theft. For example, the use of full disk encryption can reduce the chance of information theft when a mobile device is lost or stolen.

Email Authentication

Fri, 09 Feb 2007 17:42:19 -0500

ARTICLE >> Spam and phishing continue to plague email systems. Estimates of the amount of spam clogging the email infrastructure reach as high as 75 to 80 percent of all email messages. Techniques such as blocking lists, content filters, and reputation filters all help to identify spam and phishing lures. The problem of unwanted email is so challenging that no single technique will work in all cases, and the effectiveness of techniques will vary. Part of the problem is that spammers are quick to adapt to new blocking technologies. Blocking based on content is not the only option, though.

IT Audits: What to Expect

Mon, 29 Jan 2007 18:05:56 -0500

ARTICLE >> The section of the Sarbanes-Oxley Act (SOX) known as SOX 404 has gotten much attention from IT management. This is not a passing fad; there will not be any regulatory equivalent of a dot com bust—compliance with SOX 404 is here to stay in some form or another. In fact, even if SOX 404 is changed, as many have argued for, other regulatory schemes are in place that influence how IT does its job. With these regulations come requirements for verification—and that means auditing.

Host Intrusion Detection and Prevention

Thu, 18 Jan 2007 19:15:00 -0500

ARTICLE >> In the defense-in-depth security framework, host intrusion prevention systems (IPSs) are one of the last lines of defense. Host IPSs reside on the devices that they protect. These systems use a combination of signature- and behavior-based analysis to detect attacks and mitigate the impact of those attacks.

FISMA and Messaging Security

Tue, 09 Jan 2007 18:46:22 -0500

ARTICLE >> The Federal Information Security Management Act (FISMA) is a broad set of regulations that addresses the management and control of information resources within the federal government and is applicable to many federal agencies. The high-level objectives of the act include:

Ensuring information is appropriately categorized according to security objectives and the impact of a security breach
Setting standards for minimal security requirements for federal information systems
Selecting and implementing appropriate security controls based on a risk assessment model

Rootkit Challenges

Wed, 20 Dec 2006 14:53:29 -0500

ARTICLE >> Rootkits are one of the threats that can keep security professionals up at night. Viruses and worms are real threats but can be reasonably well controlled. Trojan horses, keyloggers, and other information-stealing programs are growing threats but, if detected, can usually be removed. In fact, the first step in many security countermeasures, such as antivirus solutions, is detecting the presence of malicious and unwanted programs. The role of rootkits is to hide them. Rootkits use a number of techniques to hide themselves and other malicious programs. Rootkits alter the process list so that executing malware does not appear with other running programs. They might alter the information returned by operating system (OS) functions; for example, a function call to get the size of an altered file may return the original size, not the new size after alteration, effectively masking the file tampering. Rootkits can also prevent OS functions from listing files, such as files for a Trojan horse or a program designed to launch a Denial of Service (DoS) attack. Several types of techniques are used to implement rootkits, and each attacks at a different level of the OS.

Content Filtering Technologies

Fri, 15 Dec 2006 14:58:14 -0500

ARTICLE >> Content filtering is a term that is often used to refer to a collection of technologies that can be applied at client, server, and network levels. This article discusses the various types of content-filtering technologies and their uses. The technologies addressed include:

URL blocking
Content scanning
Bayesian filtering
Collaborative filtering

These are complementary and sometimes overlapping technologies, but they are distinct approaches to the problem of blocking unwanted content.

Botnet Threats

Thu, 07 Dec 2006 21:23:16 -0500

ARTICLE >> Cybercrime seems to continue on its evolution toward greater sophistication in techniques. You see it in higher rates of infections of Trojan horses, more targeted phishing attacks (aka spear phishing), and perhaps most disturbingly, the increasingly robust nature of botnets. Bots are tools for taking control of computers, and a collection of computers compromised by bots is known as a botnet. The botnet herder manages the botnet and issues commands directing the operation of the botnet. The herder may or may not be the person who originally created the botnet—it seems cybercriminals are not above stealing botnets from one another (no honor among thieves).

Botnets at Your Service

So what good is a collection of compromised machines? Botnets may be used for:

Conducting distributed denial of service (DDoS) attacks
Distributing spam
Launching phishing attacks
Conducting click fraud
Stealing personal information

Instant Messaging Worms and Other IM Threats

Thu, 30 Nov 2006 23:05:28 -0500

ARTICLE >> As email systems are becoming more difficult to penetrate with viruses and worms, it is not surprising that malware writers are turning to other communication channels to push worms, Trojan horses, and botnet software. Instant messaging (IM) services have become an ideal mechanism for malware developers for the following reasons: - Malware can be spread quickly over IM, especially with users with large numbers of contacts - Users are not necessarily as cautious with IM as they are with email, especially when dealing with a message from an apparent friend or colleague - The activities carried out by malware delivered by IM can be relatively low profile (for example, opening an IRC channel and listening for commands) - Rootkits can be sent along with worms and Trojans to hide the presences of the malware IM communications are relatively short, so it is easier to create a message that appears legitimate in a wide range of circumstances This article will examine some examples of IM worms and related threats, identify general principles of underlying IM threats, and discuss tips for minimizing the impact of these threats.

When Patching Is Not Enough: Zero-Day Threats

Thu, 09 Nov 2006 19:30:06 -0500

ARTICLE >> Zero-day threats were in the press over the past month as previously unknown vulnerabilities were exploited in Microsoft Office products. Zero-day attacks get their name from the fact that there are zero days between the time a vulnerability becomes known to software developers, security researchers, and application users and the time the vulnerability is exploited on fully patched and updated devices. The problem is not limited to Microsoft products, and it would be unwise to assume that using alternative products alleviates the zero-day vulnerability problems. This article will examine zero-day threats from three perspectives:

What kind of zero-day threats have occurred?
What can be done to minimize the problem in the short term?
What are the longer-term challenges to mitigating the risk of zero-day threats?

Essential Policies for Messaging Security

Mon, 23 Oct 2006 12:47:09 -0500

ARTICLE >> Securing a messaging infrastructure is a multi-faceted challenge that begins with balancing functionality and security. It is often said that there is a tradeoff between the usefulness of a system and its level of security. This is not to say that reasonably secured systems are unusable or that feature-rich, user-friendly applications are inherently insecure. It does mean that as networks and applications become more complex, the potential security risks increase. Messaging is a prime example. As email clients began to include improved functionality with features such as macros, malware developers took advantage of those features. Worms can threaten instant messaging (IM). Flaws in Internet phone services, such as buffer overflows, can provide entry points to attackers. In spite of these types of vulnerabilities, the cost/benefit ratio of messaging can be substantially in favor of the benefits, as long as certain protections are in place. A coordinated response to threats to messaging depends on a set of essential policies governing the use and implementation of messaging services.