Anish Shaikh's TechFactor: April 2009

A-Z of security

Wednesday, April 22, 2009

A-Z of security

A is for Antivirus

B is for Botnets

C is for CMA

D is for DDoS

E is for Extradition

F is for Federated identity

G is for Google

H is for Hackers

I is for IM

J is for Jaschan

K is for Kids (Parental Control)

L is for Love Bug

M is for Mircosoft

N is for Neologisms

O is for Orange Book

P is for Passwords

Q is for Questions

R is for Rootkits

S is for Spyware

T is for Two-factor authentication

U is for USB sticks/devices

V is for Virus variants

W is for wi-fi

X is for OS X

Y is for You

Z is for Zero-day

Got this list from silicon.com

National Wireless Security Survey - India

Deloitte released the results of this survey titled, "Wireless Security Survey" along with the Data Security Council of India (DSCI). NASSCOM established the DSCI as a self-regulatory organization (SRO). DSCI has an independent Board of Directors, guided by a Steering Committee with members drawn from leading IT and BPO companies, and from the best IT products companies of the world.

The survey was aimed at assessing the use of security precautions and good practices in wireless environments across the country.

The key findings of the survey of the 35860 wireless networks seen are:

37% appeared to be unprotected i.e. without any encryption.

49% were using low level of protection i.e. Wired Equivalent Privacy (WEP) encryption.

Balance 14% were using the more secure Wi-Fi Protected Access (WPA).

This makes 86 % of the observed wireless networks relatively easy to compromise.

The 12 cities surveyed were categorized into Group I and Group II cities based on size:

Group I - Bengaluru, Chennai, Hyderabad, Kolkata, Mumbai*, National-Capital Region (NCR)**.

Group II - Ahmedabad, Indore, Jaipur, Lucknow, Nagpur, Pune.

Download the Survey Results

vSphere - Cloud OS from vmware

VMware announced on Tuesday its cloud operating system--dubbed vSphere 4--with plans for general availability in the second quarter.

With the effort, VMware is attempting to bridge virtualized data centers--now known as "private clouds"--and growing cloud computing services from the likes of Amazon.com and others. However, this bridging process is a work in progress due to the lack of standards. VMware's big pitch is that vSphere can run your data center and allow you to bridge out when external resources are needed.

In the meantime, VMware has packed these key features into vSphere 4:

• A 30 percent increase in application consolidation ratios.

• Up to 50 percent in storage savings by allowing virtual machines to only use storage as needed.

• Up to 20 percent additional power and cooling savings.

• One more significant feature of vSphere is Fault tolerance.

• vSphere 4 scales better with the ability to pool 32 physical servers with up to 2,048 processor cores, 1,280 virtual machines, 32 terabytes of RAM, 16 petabytes of storage, and 8,000 network ports.

Paper on Analysis of Snort 3 Design and Features

Wednesday, April 15, 2009

SANS has released a paper on Snort 3 regarding the new changes and features like on the live changes, inline mode, IPv6 support and dynamic configuration etc.

The report discusses the new Snort 3 Beta version architecture and take you on a ride with a Live CD screen shots.

You can read the paper at SANS.

Report on Data Breaches by Verizon

Verizon has published report on Data Breaches for 2008.

Key Findings of the 2009 Report

Most data breaches investigated were caused by external sources. Seventy-four percent of breaches resulted from external sources, while 32 percent were linked to business partners. Only 20 percent were caused by insiders, a finding that may be contrary to certain widely held beliefs.
Most breaches resulted from a combination of events rather than a single action. Sixty-four percent of breaches were attributed to hackers who used a combination of methods. In most successful breaches, the attacker exploited some mistake committed by the victim, hacked into the network, and installed malware on a system to collect data.
In 69 percent of cases, the breach was discovered by third parties. The ability to detect a data breach when it occurs remains a huge stumbling block for most organizations. Whether the deficiency lies in technology or process, the result is the same. During the last five years, relatively few victims have discovered their own breaches.
Nearly all records compromised in 2008 were from online assets. Despite widespread concern over desktops, mobile devices, portable media and the like, 99 percent of all breached records were compromised from servers and applications.
Roughly 20 percent of 2008 cases involved more than one breach. Multiple distinct entities or locations were individually compromised as part of a single case, and remarkably, half of the breaches consisted of interrelated incidents often caused by the same individuals.
Being PCI-compliant is critically important. A staggering 81 percent of affected organizations subject to the Payment Card Industry Data Security Standard (PCI-DSS) had been found non-compliant prior to being breached.

The report has been put up very well and I recommend everyone to have a look at it once.

Factors Leading to Insider Threats

Friday, April 3, 2009

I was talking to one of my collegue and the topic of Insider Threats came up and I talked about some of the mediums that assist in Insider Threats and cause security incidents to the company.

So here we go with the list: -

1) Illegal use of USB Storage Media

2) File Sharing, P2P, Rapidshare, etc

3) Downloading of Unauthorised software

4) Installing Remote Access Tools / Screen Sharing Applications. Letmein etc

5) Wifi Points, Adhoc Wifi connections

6) Downloading of Video, Music etc

7) Personal Devices at Work

8) Unauthorised Blogging, Forum / Message Boards, Social Networking Sites

9) Instant Messengers this includes Gmail Chat.

10) Personal Emails

11) Misuse of Business email for forwarding Chain emails, etc

12) Too much non-work related browsing

Anish Shaikh's TechFactor