Hi all,
Dates have been announced for the 4th-annual Dayton Security Summit (Day-Con): October 22 & 23, 2010. October 22 will be the primary speaking day, and October 23 will host the HackSec PacketWars Invitational. Nexum will be a sponsor again this year. Check out the Day-Con site as they update it with information on speakers and abstracts.
Also check out the video summary of Day-Con 2009. Good stuff.
I don’t think we even need to have this discussion, but I’m stuck between feelings of humor and shock that 5 of the top ten passwords contain some combination of “12345.” I thought for sure that “everyone” should know better…right??!!
What: Web Seminar; Title: Do You Cloud? A practical “how-to” strategy for adopting private cloud computing; Date: Wednesday, February 3, 2010; Time: 11:00 a.m. PST/2:00 p.m. EST; Speakers: Nik Rouda (Director, Product Marketing: Riverbed); Rick Villars (Industry Analyst: IDC)
Right now, the topic of “cloud computing” is on everyone’s lips but usually only in vague terms. You don’t need buzz words. You need some practical advice and real life approaches to realizing its benefits. And you also need helpful information on how to tackle servers, networks, storage, consolidation, virtualization, and data protection. So how do you begin to build your private, public or hybrid cloud strategy? How do you avoid making simple mistakes along the way? No problem.
Join Riverbed expert Nik Rouda as he discusses how you can quickly and easily adopt a private cloud computing strategy. There will also be practical examples of current customers who’ve had success with their own cloud initiatives.
Register now for this live webinar. You’ll discover why thousands of customers trust Riverbed to break the cloud performance barrier and bring the world closer.
On Monday, Microsoft published a security advisory to announce a new vulnerability that can allow remote code execution in Internet Explorer versions 6 and 7 on several different platforms. IE 8 and the protected-mode of IE 7 are not affected, and the current recommendation is to upgrade affected browsers to one of these (as there currently is no patch available for the exploit code).
I was pleased to see that my favorite SaaS web security/web filtering offering (Zscaler) was fast (or first) to fix the vulnerability. Their clients are protected without any action on their part.
Nice…and it reinforces the entire notion of outsourcing certain functions to qualified third parties.
More info:
I’ve been doing some follow-up research on the PCI data security standards after meeting with the folks from Aruba Networks this morning. Their multi-vendor approach to wireless management (and rogue detection) sounded pretty cool, so I thought I’d dig in on what the PCI requirements and remedies actually are. (Aruba’s AirWave Management platform)
Shame on me for not knowing (or remembering?) that the language actually states “test for the presence of wireless APs by using a wireless analyzer at least quarterly or deploying a wireless IDS/IPS to identify all wireless devices in use.” (PCI DSS v1.2.1, Section 11.1a,b,c)
Also of interest are sections 12.9.3 and 12.9.5 of the PCI DSS. Both are related to incident response planning. The first specifies that a client designate specific personnel to be available 24×7 to respond to alerts (including those for detection of unauthorized wireless access points). The second dictates: “Verify through observation and review of processes that monitoring and responding to alerts from security systems including detection of unauthorized wireless access points are covered in the Incident Response Plan.”
The PCI Security Standards Council also publishes some supporting documents, which includes a dedicated one for Wireless Security Standards.
That document provided some additional clarifications that I found interesting.
Specifically, from section 2.1:
“Wireless networking is a concern for all organizations that store, process or transmit cardholder data and therefore must adhere to the PCI DSS. Even if an organization that must comply with PCI DSS does not use wireless networking at all, the organization must verify that wireless networking has not been introduced into the CDE over time. Therefore, this CDE is in scope for PCI DSS and this guide, in that the organization must verify and continue to ensure that there are no WLANs attached to the network.
This is because there are validation requirements that extend beyond the known wireless devices and require monitoring of unknown and potentially dangerous rogue devices. A rogue wireless device is an unauthorized wireless device that can allow access to the CDE.
From Section 3 (Applicable Requirements Pertaining to Wireless for All Networks):
Wireless networks can be considered outside of PCI DSS scope if (i) no wireless is deployed or (ii) if wireless has been deployed and segmented away from the CDE. Regardless of whether wireless networks have been deployed, periodic monitoring is needed to keep unauthorized or rogue wireless devices from compromising the security of the CDE. Segmenting wireless networks out of PCI DSS scope requires a firewall between the wireless network and the CDE.
And…a summary of recommendations in section 3.2.1:
A. Use a wireless analyzer or a wireless IDS/IPS to detect unauthorized/rogue wireless devices that could be connected to the CDE at least quarterly at all locations. For large organizations having several CDE locations, a centrally managed wireless IDS/IPS to detect and contain unauthorized/rogue wireless devices is recommended.
B. Enable automatic alerts and containment mechanisms on the wireless IPS to eliminate rogues and unauthorized wireless connections into the CDE.
C. Create an “Incident Response Plan” to physically eliminate rogue devices immediately from the CDE in accordance with PCI DSS requirement 12.9.5.
Let me know your thoughts.
Cisco announced the other day their intent to acquire ScanSafe:
http://newsroom.cisco.com/dlls/2009/corp_102709.html
ScanSafe was sold by Google, Verizon, Sprint and a host of others, and was generally regarded as a good in-the-cloud web filtering service for small businesses. Over the past year or two, I’ve heard some reports of their inability to perform in larger enterprises.
If this Cisco announcement doesn’t validate the space, I don’t know what would. For now, I still like the Zscaler offering for the large enterprise, and expect that Websense will have a stronger offering soon for large companies with their hosted offering. Purewire (acquired by Barricuda) and Secure Computing (now part of McAfee) I don’t know enough about, but seem a bit behind Zscaler in ability to scale.
Let me know your thoughts.
“The Blue Coat ProxySG family of appliances is part of the Application Delivery Network (ADN), an infrastructure that provides complete application visibility, acceleration and security. To support the ADN, ProxySG delivers a scalable proxy platform architecture to secure Web communications and accelerate the delivery of business applications. ProxySG is built on SGOS, a custom, object-based operating system that enables flexible policy control over content, users, applications and protocols.”
Nexum’s Blue Coat WAN Acceleration Administrator (BCWAA) Course is intended for students who want to use new ProxySG features that enable application acceleration. The Blue Coat WAN Acceleration Administrator Course discusses:
Our class also provides hands-on lab exercises that teach students how to configure and use these features. This one-day course is designed on the newly released version of SGOS 5.2.x. Students need practical experience with the ProxySG in the field. Additionally, students should have advanced knowledge of networking, security and authentication. Please contact me now to reserve your spot!
Offered by Nexum, Inc. in association with Blue Coat.
Cincinnati, OH – October, 28th
For more information and registration details, please click here.
Nexum, Inc. is an Authorized Blue Coat Training Center and is one of the largest installers of Blue Coat equipment in the world. Additional upcoming Blue Coat training sessions include Certified Proxy Administrator (BCCPA), Blue Coat Reporter and Blue Coat Director. For a complete list of upcoming Blue Coat training sessions, please click here.
“Applications running across networks can cause a wide variety of problems. Whatever the problem, though, the BIG-IP Product Family can handle it. BIG-IP is the only device in the industry that can do everything. It delivers high availability, improved performance, application security, and access control, all in one unit.”
Nexum’s two-day course gives networking professionals a functional understanding of the F5 BIG-IP LTM® system as it is commonly used. The course covers installation, configuration and management of BIG-IP LTM® systems and redundant pairs. This hands-on course includes lectures, labs and discussions.
Offered by Nexum, Inc. in association with F5 Networks.
Cincinnati, OH – November 17th-18th (Evening courses available)
For more information and registration details (as well as alternate dates and locations), please click here.
Additional upcoming F5 training sessions include Big-IP® LTM Advanced v9.X, FirePass v6.X and BIG-IP® WebAccelerator v9.x. For a complete list of upcoming F5 training sessions, please click here.
Greetings!
We’re hosting a lunch/learning event in Cincinnati on 10/7 at the Chart House Restaurant in Newport, KY. Cricket Liu (author of “DNS & BIND”) will be the keynote speaker, and will be presenting on the topic of “A Look into DNS Best Practice Architectures and How to Secure Your Network.”
Thank you for visiting Strategic Networking: the blog of Strategic Networking and Data Security Specialist, Michael "Frazier" Davidson.
Whether you’re new to data management or an experienced IT administrator, I have the resources and knowledge to promptly deliver fully compliant, user-friendly solutions which will keep your enterprise running smoothly and effectively.
To reach me directly for more information or immediate assistance with your IT needs, please email frazier.davidson@imperva[dot]com or call (513)793-0476.
active sessions, application delivery network, authentication, bandwidth management, Big-IP systems, Blue Coat, CIFS, compliance, Cricket Liu, DNS, F5 Networks, FirePass, firewall, Frazier Davidson, Infoblox, LTM, MAPI network, Nexum, PCI, ProxySG, rulebase, security, services framework, SSL, training, Tufin, web accelerator, SaaS, web filtering, Zscaler, Websense, Cisco, McAfee, access points, AirWave, Aruba Networks, rogue AP, Strategic Networking, wireless,
