 | | |
| | |
|
Spaces home  Microsoft Malaysia Secur...PhotosProfileFriendsBlog |  Tools   |
|
|
August 01 Deep Packet Inspection: Big Brother Technology for ISP's
These 'big brother' or 'eavesdropping' technology has long been use by the military of the United States. Notoriously known as Echelon, a remnant of the Cold War is now still being operated. From Wikipedia:
On the civilian side, same technology have been deployed in the US or other countries to sniff packets in real time ~ big brother. Michael Kassner wrote a very interesting article on Deep Packet Inspection and its potential abused by government through ISP's. User's privacy is at stake here.
So what is DPI? DPI is next-generation technology that’s capable of inspecting every byte of every packet that passes through the DPI device, that means packet headers, types of applications, and actual packet content. Up until now, this wasn’t possible with IDS/IPS systems or stateful firewalls. The difference being, DPI has the ability to inspect traffic at layers 2 through 7, hence the “deep” in DPI. A simple analogy would be that of snail mail. IDS/IPS firewalls would be the mail sorters who just read the letter’s address, knowing nothing about the letter’s content. Inspecting Internet traffic from layers 2 through 7 would correspond to the person who actually reads the letter and understands the contents. To recap, DPI allows people controlling the device to know everything, including the payload of each packet in the data stream. For example, if an unencrypted e-mail is scanned, the actual body of the e-mail can be reassembled and read. Nate Anderson wrote an excellent Ars Technica article “Deep Packet Inspection Meets Net Neutrality, CALEA.” The following quote appears in that article:
Mr. Anderson also explains what happens at layer 7:
What makes DPI all the more impressive is that the packet analysis happens in real time, with data stream throughput approaching 20-30 Gb. See where I’m going with this? With no loss of throughput, ISPs are able to insert these devices directly in their data streams, forcing all traffic to pass through the devices. Procera, Narus, and Ellacoya are front-runners in development of this technology, having placed equipment throughout the world. DPI’s potential uses DPI technology is unique in that as of now it’s the only way to accomplish certain governmental security directives. DPI also has the potential to do a great deal of good. For example, DDoS attacks are virtually impossible to thwart. Conceivably if DPI were in place and configured correctly it would detect the DDoS packets and filter them out. Some more potential uses are listed below:
The above applications have the potential to give users a better Internet experience. Yet it wouldn’t take much mission creep to create major privacy concerns. I would feel remiss if I didn’t point them out and help everyone understand the ramifications. Possible misuses of DPI DPI is another innovative technology that has ISPs arguing with privacy advocates. ISPs and DPI developers are adamant that the technology is benign and will create a better Internet experience. However, privacy groups have two major concerns: little or no oversight and the potential for losing still more individual privacy. Many experts find the following uses of DPI to be especially troubling:
Final thoughts This is a very complex subject, having the potential to change everyone’s view of the Internet. An optimist would say that DPI will help enhance the experience, even producing ads that are relevant to each individual user. Whereas a pessimist would say it’s “big brother” technology that only benefits ISPs. I don’t think anyone is sure how the Internet will look when the dust settles about DPI, but it should be interesting. I hope that I was able to increase awareness of how ISPs using a DPI device can intercept, read, and interpret every one of your Internet-destined packets. An ulterior motive for explaining DPI is that in my next article I’d like to discuss behavioral targeting, a very controversial technology that uses DPI. I also want to discuss what, if any, options are available to prevent DPI from scanning your Internet traffic. July 28 The Last Lecture: Professor Randy PauschGod takes away the good ones first, so living will take note and learn from them. Last Friday,25th of July 2008, the renowned and respected Prof Dr Randy Pausch passed away after a long battle with pancreatic cancer.He was 47. He is survived by his wife and children Dylan, Logan, and Chloe. His contribution, not only to Carnegie Mellon University, but the world showed his dedication in teaching others and the value of humanity. He was the founder of Alice program, an animated educational system for high school and college students.
Rest in Peace. July 22 Microsoft: Forget iPhone; we're still No. 2 in businessThe big(ger) dog gets growly
July 21, 2008 (Computerworld) Companies -- lots of them -- are still buying Windows Mobile smart phones, and Microsoft Corp. doesn't want to let iPhone mania make them forget. During Microsoft's most recent fiscal year, 325 enterprises purchased at least 500 Windows Mobile phones, with many buying many more, said Scott Rockfeld, group products manager for the mobile communications business at Microsoft, in a Friday interview. "From the armed forces to the U.S. Court System, people are not just trying Windows Mobile, they are buying them," Rockfeld said, in apparent reference to a statement by Apple Inc. CEO Steve Jobs last month that 35% of Fortune 500 companies were beta-testing the iPhone.
My opinion, the Iphone is a fun phone, still a toy for the kids. Big boys still prefers Windows Mobile smart phones. Storm Worm - wrecking havoc across the planet
The Storm worm (not to be confused with W32/Storm.worm) was first discovered on 17th of January 2007. It was named by the finish company F-Secure and it is a trojan malware that infects Microsoft operating system. It spreads via email, with these headings: When an attachment is opened, the malware installs the wincom32 service, and injects a payload, passing on packets to destinations encoded within the malware itself. According to Symantec, it may also download and run the Trojan.Abwiz.F trojan, and the W32.Mixor.Q@mm worm.[10] The Trojan piggybacks on the spam with names such as "postcard.exe" and "Flash Postcard.exe," with more changes from the original wave as the attack mutates.[9] Some of the known names for the attachments include:[10]
July 13 Microsoft Security Assessment Tool for Governments (MSATg)The Microsoft Security Assessment Tool 3.75G (g for government version) is a revised version of the Microsoft Security Assessment Tool (MSAT) developed by Microsoft’s Trustworthy Computing Group. MSAT is comprehensive toolset to help security organizations within governments become more aware of the evolving security threat landscape that could impact their organizations. The tool employs a holistic approach to measuring security postures by covering topics across people, process, and technology. Findings are coupled with prescriptive guidance and recommended mitigation efforts, including links to more information for additional industry guidance. These resources can help maintain awareness of specific tools and methods changing the security posture of the IT environment. The new Microsoft Security Assessment Tool conducts an assessments focused on 4 primary areas: • Infrastructure Security • Application Security • Security Operations • People, Process, Policy After completing each Assessment, a detailed report of the results is available to review. The questions identified in the survey portion of the tool and the associated answers are derived from commonly accepted best practices around security, both general and specific. The questions and the recommendations that the tool offers are based on standards such as ISO 17799 and NIST-800.x, as well as recommendations and prescriptive guidance from Microsoft’s Trustworthy Computing Group and additional security resources valued in the industry. The MSAT v3.75g is now be available to SCP Participants. The “g” version will remove the feature that allows for uploading and sharing the results with Microsoft and comparing those with other companies. This version will have the added ability to compile results on a user agency’s own servers and compare results between departments. Also as a part of this version, we provide instructions on developing a standard baseline and how this standard baseline can be distributed to other agencies to conduct an assessment comparison. The MSAT 3.75G version is now available in the following languages: Canadian French, French, German, Russian, Italian, Spanish (Latin America), Spanish (Spain), Portuguese (Portugal), Portuguese (Brazil), Chinese (Simple), Chinese (Mandarin), Japanese, Swedish, Norwegian, Danish, English (US), and English (UK.) Microsoft Security Tuesday/Wednesday
Summaries for these new bulletins may be found at the following pages:
http://www.microsoft.com/technet/security/bulletin/MS08-jul.mspx
Microsoft Windows Malicious Software Removal Tool
Microsoft is releasing an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Server Update Services (WSUS), Windows Update (WU) and the Download Center. Note that this tool will NOT be distributed using Software Update Services (SUS). Information on the Microsoft Windows Malicious Software Removal Tool can be located here: http://go.microsoft.com/fwlink/?LinkId=40573
High-Priority Non-Security Updates
High priority non-security updates Microsoft releases to be available on Microsoft Update (MU), Windows Update (WU) or Windows Server Update Services (WSUS) will be detailed in the following KB Article: http://support.microsoft.com/?id=894199 July 08 Microsoft Security Taxonomy 2.0From a counterpart's blog..Microsoft Italia....Feliciano Intini has effortlessly compiled Microsoft security web sites. . Microsoft Security Experts Blogs (in alphabetic order): Cyril Voisin [UPD-08-04] David LeBlanc [UPD-08-04] Kimmo Bergius [UPD-08-04] · (BK) Writing Secure Code 2nd Ed · (BK) 19 Deadly Sins of Software Security · (BK) The Security Development Lifecycle · (BK) Writing Secure Code for Windows Vista Roger Halbheer [UPD-08-04] Urs P. Küderli [UPD-08-04] · (BK) Understanding Windows CardSpace [UPD-08-03] Vladimir Mamykin [UPD-08-04] 0.0 Microsoft Strategy & Initiatives 0.1 Security & Privacy 0.1.1 Trustworthy Computing (TwC) 0.1.1.1 End to End Trust 0.2 Interoperability 0.2.1 Interoperability Principles
1.0 Internet Security 1.1 Identity Metasystem & Windows CardSpace 1.2 Online Services Security 1.2.1 Windows Live Security
2.0 Perimeter & Network Security 2.1 Forefront Edge Security (Internet Access Protection & Secure Remote Access) 2.1.1 Internet Security & Acceleration (ISA) Server 2.1.1.1 Previous versions: ISA 2000, ISA 2004 2.1.1.2 Internet Security & Acceleration (ISA) Server 2006 2.1.1.3 Forefront Threat Management Gateway (TMG) 2.1.2 Internet Application Gateway (IAG) 2.1.2.1 Internet Application Gateway (IAG) 2007 2.1.2.2 Forefront Unified Access Gateway (UAG) 2.2 Network Access Protection (NAP) Solution 2.3 Remote Access, VPN & Quarantine Services 2.3.1 ISA 2006 VPN/QS 2.3.2 Win2003 RAS/IAS/QS 2.3.3 Win2008 NPS 2.4 Wireless Security 2.5 IPSEC, “Server & Domain Isolation” Solution 2.6 Windows Firewall (W3) Windows Firewall TechCenter [UPD-08-04] 3.0 Operating System Security 3.1 Client Operating System Security 3.1.1 Windows 2000 client security 3.1.2 Windows XP security 3.1.3 Windows Vista security 3.2 Server Operating System Security 3.2.1 Windows 2000 Server security 3.2.2 Windows Server 2003 security 3.2.3 Windows Server 2008 security 3.3 Windows Mobile Security 3.4 Server & Desktop Virtualization Security 3.5 Anti-Malware Solutions (for systems) 3.5.1 Windows Defender 3.5.2 Forefront Client Security 3.5.2.1Forefront “Stirling” 3.5.3 Windows Live OneCare 4.0 Application Security 4.1 Application & Platform Core Security 4.2 Client Applications Security 4.2.1 Office Security 4.2.1.1Previous versions: Office 2000, Office XP 4.2.1.2Office 2007 Security 4.2.2 Internet Explorer Security 4.2.2.1Previous versions: IE 6.0 4.2.2.2IE 7.0 Security 4.2.2.3IE 8.0 Security 4.2.3 Instant Messaging Security 4.2.3.1Windows Live Messenger Security 4.2.3.2Office Communicator 2007 Security 4.3 Server Applications Security 4.3.1 Exchange Security 4.3.1.1Previous versions: Exchange 2000, Exchange 2003 Security 4.3.1.2Exchange 2007 Security 4.3.2 SQL Security 4.3.2.1Previous versions: SQL 2000 Security 4.3.2.2SQL 2005 Security 4.3.2.3SQL 2008 Security 4.3.3 IIS Security 4.3.3.1Previous versions: IIS 5.0 Security 4.3.3.2IIS 6.0 Security 4.3.3.3IIS 7.0 Security 4.3.4 Sharepoint Security 4.3.4.1Microsoft Office Sharepoint Server (MOSS) 2007 4.3.5 Unified Communications Solutions 4.3.5.1 Office Communications Server (OCS) 2007 Security 4.3.6 Application Virtualization Security 4.4 Anti-Malware Solutions (for Server applications) 4.4.1 Forefront Server Security 4.4.1.1Microsoft Antigen 4.4.1.2Forefront Security for Exchange (Exchange 2007) 4.4.1.3Forefront Security for Office Communications Server 4.4.1.4Forefront Security for Sharepoint (Office SharePoint Server 2007 and Microsoft Windows SharePoint Services 3.0) 4.4.1.5Forefront “Stirling” 5.0 User Security 5.1 Identity & Access Solutions 5.1.1 Directory Services Security 5.1.2 Identity Lifecycle Manager (ILM) 2007 5.1.3 Active Directory Federation Services (AD FS) 5.1.4 Certificate Services and SmartCard
6.0 Data Security 6.1 Data Encryption solutions 6.1.1 Encrypting File System (EFS) 6.1.1.1Previous versions: EFS in Win2000, WinXP, Win2003 6.1.1.2EFS in Windows Vista & Windows Server 2008 6.1.2 BitLocker 6.2 Policy Enforcement solutions 6.2.1 Rights Management Server (RMS) 6.2.1.1RMS in Windows Server 2003 6.2.1.2RMS in Windows Server 2008 6.3 Privacy Enhancing Technologies (PET) 6.3.1 Privacy Enhancements in Windows XP SP2 6.3.2 Privacy Enhancements in Windows Vista 7.0 Security Foundations – Technology 7.1 Security Update & Compliance Management solutions 7.1.1 Windows Update, Microsoft Update & Automatic Update Agent 7.1.2 WSUS 7.1.3 SMS & System Center Configuration Manager 7.1.3.1 SMS 2003 7.1.3.2 System Center Configuration Manager 2007 7.1.4 Microsoft Baseline Security Analyzer 7.2 Security Monitoring & Auditing Solutions 7.2.1 System Center Operations Manager 2007 7.3 Systems Management Solutions 7.3.1 System Center 7.4 Hardware & Physical Security 7.4.1 Physical Security 7.4.2 Trusted Platform Module (TPM) 8.0 Security Foundation – Processes 8.1 Organizational Security & Policies 8.2 Operational Security & Procedures Cisco, IBM, Intel, Juniper and Microsoft fight cyber terror togetherFive major network hardware, software and services vendors are banding together to improve IT security by promoting faster responses to threats. Industry Consortium for Advancement of Security on the Internet (ICASI) is a nonprofit organization created by Cisco, IBM, Intel , Juniper and Microsoft to address what it calls multi-product security threats. The companies say ICASI will let vendors and customers work together on global IT security threats and resolve them in a government-neutral way. Last month, a group of countries banded together to create the International Multilateral Partnership Against Cyber Terrorism ( IMPACT), funded by private businesses as well as governments and based in Malaysia. The center is to offer emergency response, training and other resources. “To date there has not been a trusted vendor environment that allows companies to identify, assess, and mitigate multi-product, global security challenges together on the customers' behalf,” the group says in a statement. “ICASI aims to fill this void.” Related Content ICASI will target “global, multivendor cyber threats” to reduce their impact on end users. The group’s statement says these attacks target multiple products or protocols in products, giving them a broader impact. These attacks pose problems not only for end user customers, but also for vendors, the group says. By working together the vendors hope to block this class of threat more quickly and blunt their effects on the security of customer networks. To that end, ICASI will develop efficient and effective practices for responding to these threats. The hope is that with the group creating a forum of trust among members, they will share critical data about specific attacks more readily and thwart them more quickly. ICASI says it wants to set security response standards that it can share with the industry in general. ICASI’s statement says it may work with other firms committed to similar goals, but does not say whether they will be full members. Formation of the group was announced at the FIRST Conference in Vancouver for IT incident-response and security teams. This story appeared on Network World at June 18 Security virtual labs at HELLO SECURE WORLDCheck out the latest (but not so recent) Virtual labs, Videos and more http://www.microsoft.com/click/hellosecureworld/default.mspx I'm not a developer, so XSS really doesn't interest me. Videos are cool, but I've seen better. It's running on Silver Light, so do install it, else you won't be able to access the content. To run the lab, you will also need to install (risky and dangerous) ActiveX. Pop-up blocker must also be disabled.
So, what's in the virtual lab?
There's also links to MS Dev blog,like Steve Riley and Kai Axford. June 06 Security Videos - Securitytube.net
When it comes to Security, nothing beats classroom training. However, if cost is a hurdle, you may want to check out security videos on Securitytube.net. It's a library of security videos presented by h8x0r and security consultants alike. Like Youtube but focuses on security. My personal favorite:
History of Hacking Series Part 1 Tons of Security related videos. Check it out! Data Wiping Tool - Derik's Boot and NukeSo I have discuss extensively on Full Disk Encryption,protecting your data that is residing in storage,be it USB or Hard Disk etc. But what if the data has reach its end-of-life, what do you do with a server or computer that no longer serve its purpose and is to be discarded? Unless the data is encrypted, then it could just be discarded. However, encryption is still considered a 'luxury' or an 'ideal' for many. In my beloved country of mine, Malaysia, there is no Data Privacy Law. For the Financial Institution which is governed by the Bank Negara, in all of the IT Guideline, there is no chapter of 'Data Sanitization. Banks,Insurance companies with old pc may simply sell of their out dated PC's,servers with the hard disk intact without sanitizing the data first. Knowing this, my response was to introduce a policy of 'Data Wiping' to my previous company. I included a chapter in the companies 'Information Security Policy', that required all desktop,server,storage devices to be sanitized prior to decommissioning. The policy I introduced also covered vendors,contractors etc which did business with my company. This also includes sanitizing computers and servers which my company used during our annual Disaster Recovery Test;which is usually conducted at a vendor's premises. The tool I have used before is a no-brainer, simple to use, require no installation and best of all, for a IT Department on tight budget or the curse of having a Scrooge for CIO. Its called Darik (the creator) Boot and Nuke. The name says it all, boot up the desktop,laptop or server you intent to wipe, and nuke (wipe) it. You need to download the iso image, either burn it to a DVD,USB or a 3.5 floppy. The image will be loaded up when the system is boot up and a menu will allow you to choose the format of wiping, either a DoD (US Defense Department, RCMP (Royal Canadian Mounted Police),Guttman etc.
The tool is not only restricted for organization, however individuals who are aware and concern about their privacy. Before you sell that old piece of hard disk on Ebay or Lelong.com.my, be sure the wipe it clean. June 05 Malaysian Prime Minister Official Website Defaced So the goverment finally decided to raise the petrol price for Malaysians. Apart from causing massive traffic jams around the nation, the decision has also drawn protest from the undeground world. The Malaysian's PM Official website has just been defaced. I did save the print screen. Here's the link.
May 26 Feds encrypt 800,000 laptops; 1.2 million to go A proactive move by the US Goverment. Private sector in the US has long mandated the use of FDE for laptops. The US goverment recieved up to 80% discount from FDE vendors for the initiave. My only hope that my local goverment and even local private sector follows this proactive informtion protection effort.
An excerpt from Infoworld:
U.S. government agencies are scrambling to plug one of their biggest security holes: sensitive information -- names, addresses and Social Security numbers, for example -- stored on laptops, handhelds, and thumb drives.
"Sales have been very brisk," says Fred Schobert, CTO for integrated technology services at the General Services Administration's Federal Acquisition Service. "We've been somewhat overwhelmed." The government's fast adoption rate of encryption software comes after numerous headline-grabbing security breaches. Laptop encryption has also been on the rise among corporations, including the likes of EMC and IBM. It's been two years since teens stole a laptop from the home of a U.S. Department of Veterans' Affairs employee's home, putting at risk for identity theft a database of 26.5 million names and Social Security numbers for 26.5 million veterans and military personnel. But this year alone, laptops with personally identifiable information have been stolen from Bolling Air Force Base, a Marine Corps base in Okinawa, Japan and the National Institutes of Health in Bethesda, Md. In all of these cases, data that wasn't encrypted on these laptops could have been used by thieves for identity theft, according to a list of known security breaches compiled by the Privacy Rights Web site. May 18 Server Lost during RenovationI know how easy it is to lose a laptop, that's so common. But how do you lose a server? HSBC stated that the server had 'multiple layers' of security. I'm guessing Full Disk Encryption, Token-Key access etc.  All the more reason to have a 'Defense-in-Depth' appproach to security. While firewall, IPS etc reduces the risk of attacks from network, those controls do little to protect physical treat like server theft. I used to work in a shipping company where not only desktops and laptops were chained to the desk, but servers in server room were 'chained' too. The server room had CCTV and a full time guard was placed to guard the server room,and this was only a shipping company. HSBC lost server with customer data
By Computerworld UK Staff
,
Computerworld UK
, 05/09/2008
HSBC has admitted losing a server containing data on 159,000 customers. The server went missing on 26 April from its Kwun Tong district branch in Hong Kong during renovation work on 26 April. The server held customer names, account numbers, transaction amounts and transaction types, the banking giant confirmed. HSBC said the server is protected by "multiple layers of security" and the risk of data breaches and fraud is "deemed to be low". It also said the server contained no PIN codes or online banking login credentials. The bank said it has reported the incident to the police, the Hong Kong Monetary Authority, and the Hong Kong privacy commissioner. The Hong Kong incident is the latest security foul-up involving HSBC. In April, HSBC admitted it lost an unencrypted disc containing 370,000 customer details in the post. HSBC has also struggled with its Secure e-payments system, with three outages reported this year that left merchants stranded and unable to process payments. All contents copyright 1995-2008 Network World, Inc. |
Michael Kassner has been involved with wireless communications for 40 plus years, starting with amateur radio (K0PBX) and now as a network field engineer and independent wireless consultant. Current certifications include Cisco ESTQ Field Engineer, CWNA, and CWSP.