Jon's Network

Network Security News, Analysis and Ephemera

Jon's Network - Jon at Bar View (Oregon Coast), 2004

Bradford Networks

January 29th, 2014

  • Safe Onboarding – Allow users to self-register their devices securely, reducing the burden on IT Staff
  • Device Profiling – Identifies and classifies every device on the network providing greater visibility
  • Endpoint Compliance – Ensure every device is safe enough to join the network reducing risk
  • Network Automation – Dynamically provision network access based policies that leverage user, device, and location
  • Security Automation – Capture and automatically execute complex investigative workflows that are time consuming and error prone
  • Rapid Threat Response – Automatically remove a compromised, problematic, or risky device in real-time to minimize threat response time

Link: Bradford Networks

Filed under: IT Vendor Directory · Network Access Control (NAC)

Information Systems Security Assessment Framework (ISSAF)

July 18th, 2013

I’ve just stumbled across a security assessment framework that looks promising. It was developed by the Open Information Systems Security Group, or OISSG.

The objectives of the framework are:

  • To act as an end-to-end reference document for security assessment
  • To standardize the Information System Security Assessment process
  • To set the minimal level of acceptable process
  • To provide a baseline on which an assessment can (or should) be performed
  • To asses safeguards deployed against unauthorized access

Download here(pdf)

Filed under: Frameworks

NBC Web Site Compromise

February 24th, 2013

Dissecting NBC’s Exploits and Malware Serving Web Site Compromise Good analysis on the NBC website compromise which caused drive-by-downloads for any visitors with vulnerable browsers.

Filed under: Security

Managing Mobile Privacy Diagram

February 24th, 2013

Managing Mobile Privacy Diagram – Trend Micro

My first thought was that it was far too complicated, but it’s useful. Look for the thumbs-up icons and to see their recommendations.

Filed under: around the web girl

What is a Requirement?

February 20th, 2013

Well-stated requirements exhibit the following attributes:

  • The requirement is Necessary
  • The requirement is Verifiable
  • The requirement is Attainable

Requirements are concise and unambiguous. Good requirements are solution-neutral. Requirements are consistent (non-contradictory).

from MIT Systems Engineering Slides

Filed under: Systems Engineering

Cyber Ghost Busters: The APT Manifestation

November 6th, 2012

Webcast: Cyber Ghost Busters: The APT Manifestation

Guest Speaker: Dr. Eric Cole, Founder, Secure Anchor Consulting and SANS Fellow

An invisible man creeping around your network, who you gonna call? What are you gonna do?

Contrary to what is read in the media, there is no such thing as an undetectable, unstoppable attack. Even stealthy, ghost-like attacks are visible if you know where to look. Cyber ghost-buster Dr. Eric Cole, will provide you the instructions to build your own defensible, “proton pack” network that can not only minimize the number of manifestations, but also more rapidly detect them.

Learning Objectives:

1.) Characteristics of the APT ghost – what it is and what it is not. 2.) How to build a defensible, “proton pack” network security infrastructure 3.) How to use predictive threat intelligence to minimize manifestations 4.) Effective metrics and continuous monitoring to minimize ghostly destruction

CLICK HERE TO REGISTER

All attendees will receive a Promotional Code for 30% off and free shipping when ordering Dr. Cole’s new book “Advanced Persistent Threat” from Elsevier.com

Earn (1) CPE Group A credit for the CISSP and SSCP: This event meets the criteria for a Continuing Professional Education (CPE) activity for the Information Security and Risk Management domain.

Sponsored by Core Security and Digital Scepter

Filed under: Webcast

Six Pitfalls to Avoid with Enterprise Cloud Deployment

October 15th, 2012

Some good things to think about when considering cloud services for your business.

Filed under: Cloud

Digital Scepter and Palo Alto Networks Sponsor CETPA 2012

October 15th, 2012

Murrieta, CA (PRESS RELEASE) October 15, 2012 – With an ongoing commitment to helping school districts improve their perimeter security systems and web filtering, network security integrator Digital Scepter announced today its sponsorship of the California Educational Technology Professionals Association (CETPA) 2012 conference. In a partnership with next-generation firewall protection experts Palo Alto Networks (PAN), Digital Scepter will attend the event on October 18th in Monterey, CA, to share its services with the educational sector.

“We are looking forward to exhibiting at CETPA 2012 with Palo Alto Networks,” says Job Robinson, Director of Digital Scepter. “Public schools have a particular obligation to control web access, monitor network usage, and maintain the highest possible security standards. We believe that a Palo Alto Networks perimeter protection device is the ideal solution. By sponsoring this year’s CETPA, we can be part of the exciting discussion at the event and also show members of the educational community how a Palo Alto Networks firewall could help them.”

CETPA is an annual conference for technology professionals working in the California public school system. This year, the 52nd CETPA conference has the theme “Rethink, Reshape, Redesign,” reflecting the atmosphere of constant re-evaluation that defines educational technology. Outside of the public school system, network security changes rapidly, with new threats and different solutions becoming available. School network administrators and technology consultants must keep on top of the latest developments to protect confidential data, in addition to the well-being and online safety of students. Unfortunately, many school networks continue to use outdated perimeter security systems that do not offer adequate monitoring and control to mitigate the latest threats.

Firewall protection is the first line of defense against most network threats,” says Robinson. “But traditional firewalls do not offer the granular control technology professionals require. Many people simply do not know the level of control a more advanced firewall could offer, but we have helped numerous school districts to implement the latest technology. At CETPA 2012, we are happy to discuss the specific network security requirements of schools, and explain how a Palo Alto Networks next-generation firewall could help.”

Technology has an increasingly crucial role in the work of K-12 school districts. Across single- and multi-site networks, teachers and administrators routinely share registration data, conduct e-learning, and compile private reports. In addition, students are encouraged to take advantage of the Internet for research, reading, and further learning. Although technology has transformed education for the better, it is important that schools can enforce access policies, monitor usage, and maintain network integrity. Traditional firewalls can only control network access based on port numbers. A Palo Alto Networks next-generation firewall can identify, monitor, and control specific applications and individual users, and even analyze the content of data transferred into or out of the network. At CETPA 2012, Digital Scepter will meet new professionals from the public school system who may be interested in improving their perimeter protection.

“In 2009, we met the Sonoma County Office of Education (SCOE) at CETPA,” says Robinson. “Since then, we have implemented Palo Alto Networks devices for SCOE with impressive results. This year, we are sponsoring this important annual event and also looking forward to meeting more people in the K-12 school system who may be interested in Palo Alto Networks firewalls. We encourage everyone to stop by our booth to learn what we can do to make their network more secure.”

With existing clients in the educational sector and proven experience implementing Palo Alto Networks devices in K-12 school districts, Digital Scepter is an excellent choice for schools looking to improve their network security.

Digital Scepter will be in booth #711 at CETPA 2012 in Monterey, CA on October 18, 2012.

Customers interested in learning more about Digital Scepter and Palo Alto Networks next-generation firewalls are encouraged to visit www.digitalscepter.com for more details.

About Digital Scepter

Founded in 2007, Digital Scepter is a leading California-based value added reseller (VAR) of network security systems, including next-generation firewall protection, web security systems, and intrusion prevention systems (IPS). Digital Scepter has extensive and authoritative understanding of the many threats facing businesses and institutions that connect to the Internet, and offers a range of services designed to identify security concerns and implement robust, dependable solutions. This is achieved through services such as an Application Visibility Report and penetration testing, after which a suitable solution can be designed and implemented. Solutions include products from leading vendors such as Palo Alto Networks, Core Security, Tanium, and Trend Micro.

Filed under: Palo Alto Networks

nCircle

September 19th, 2012

nCircle’s industry-leading vulnerability management solution gathers comprehensive endpoint and network intelligence and applies advanced analytics to identify and prioritize the vulnerabilities that pose the most risk to critical systems. The result is actionable data that enables IT security teams to focus on the tasks that will most quickly and effectively reduce overall network risk with the fewest possible resources. (Link: nCircle)

Filed under: IT Vendor Directory · Vulnerability Management

Tenable

September 19th, 2012

Nessus features high-speed discovery, configuration auditing, asset profiling, sensitive data discovery, patch management integration, and vulnerability analysis of your security posture. Nessus scanners may be distributed throughout an entire enterprise, inside DMZs, and across physically separate networks. (Link: Tenable)

Filed under: IT Vendor Directory · Vulnerability Management

Core Security

September 19th, 2012

CORE Insight is a solution to unify and streamline network, endpoint and web vulnerability management initiatives enterprise-wide. An automated, end-to-end vulnerability management platform, Insight aggregates vulnerability data from every corner of your organization and adds predictive security intelligence to identify critical exposures and reveal business risks. Insight offers connectors for importing, validating and correlating results from any combination of network and web scanners. (Link: Core Security)

Filed under: IT Vendor Directory · Vulnerability Management

OpenVAS

September 19th, 2012

The Open Vulnerability Assessment System (OpenVAS) is a framework of several services and tools offering a comprehensive and powerful vulnerability scanning and vulnerability management solution. The actual security scanner is accompanied with a daily updated feed of Network Vulnerability Tests (NVTs), over 25,000 in total (as of May 2012). (Link: OpenVAS)

Filed under: IT Vendor Directory · Vulnerability Management

Critical Watch

September 19th, 2012

FusionVM® by Critical Watch™ enables a sustained, organization-wide process to be driven based on unique business and regulatory requirements. It automates many manual steps in the vulnerability management process and dramatically reduces remediation cycle time. (Link: Critical Watch)

Filed under: IT Vendor Directory · Vulnerability Management

Greenbone

September 19th, 2012

The Greenbone Security Manager (GSM) is a Vulnerability Management Solution that seamlessly and transparently integrates into your Security and GRC strategy, providing Vulnerability Assessment, Vulnerability Intelligence and Threat Management capabilities in the form of a dedicated or virtual appliance. (Link: Greenbone)

Filed under: IT Vendor Directory · Vulnerability Management

Qualys

September 19th, 2012

QualysGuard VM enables small to large organizations to effectively manage their vulnerabilities and maintain control over their network security with centralized reports, verified remedies, and full remediation workflow capabilities with trouble tickets. QualysGuard provides comprehensive reports on vulnerabilities including severity levels, time to fix estimates and impact on business, plus trend analysis on security issues. (Link: Qualys)

Filed under: IT Vendor Directory · Vulnerability Management

Rapid7

September 19th, 2012

Rapid7 Nexpose enables a holistic approach to vulnerability management so that security and network operations teams can make better decisions, faster. Nexpose ensures that you can scan 100% of your infrastructure, accurately understand your real risk exposure, prioritize vulnerabilities quickly and accurately and verify that vulnerabilities have been remediated. (Link: Rapid7)

Filed under: IT Vendor Directory · Vulnerability Management

Security Onion

September 19th, 2012

Security Onion is a Linux distro for IDS (Intrusion Detection) and NSM (Network Security Monitoring). It’s based on Xubuntu 10.04 and contains Snort, Suricata, Sguil, Squert, Snorby, Bro, NetworkMiner, Xplico, and many other security tools. The easy-to-use Setup wizard allows you to build an army of distributed sensors for your enterprise in minutes. (Link: Security Onion)

Filed under: IT Vendor Directory · Network Forensics

Wildpacket Omnipliance Network Recorder

September 19th, 2012

The Omnipliance network recorder makes it easy for organizations of all sizes to deploy at every network location in the enterprise. By installing Omnipliances in data centers and wiring closets, network engineers gain immediate real-time visibility into local and remote network segments without any lengthy or costly network reconfigurations or upgrades. (Link: Wildpacket)

Filed under: IT Vendor Directory · Network Forensics

Solera Networks

September 19th, 2012

Organizations large and small are accepting the inevitable: that breaches will occur. Solera’s advanced security solutions prepare you for advanced targeted attacks by providing answers to the most difficult post-breech questions, including ‘who hacked us?’, ‘how did they do it?’, ‘what data/systems were affected?’, ‘is it over?’ and ‘can we be sure it won’t happen again?’.(Link: Solera Networks)

Filed under: IT Vendor Directory · Network Forensics

Npulse

September 19th, 2012

HammerHead Flow & Packet Capture is a High-speed, multi-terabyte tra?c recording and analysis platform for Network Operations Center (NOC) and Security Operations Center (SOC) environments.  The high-speed, continuous recording solution provides deep, high-fidelity indexed storage of network tra?c for direct analysis or use with other security or monitoring applications. HammerHead delivers an easily-searched, multi-level, deep-time view of network packets, trends and events. (Link: Npulse)

Filed under: IT Vendor Directory · Network Forensics

McAfee Network Security Platform

September 12th, 2012

With Network Security Platform you get a unified network security solution for physical and virtual environments that streamlines security operations and protects your business from the latest network security threats, including malware, zero-day attacks, botnets, denial-of-service attempts, and advanced targeted attacks. It enables you to take control of your network with predictive threat intelligence, application visibility and control, network behavior analysis, and real-time threat awareness. (Link: McAfee Network Security Platform)

Filed under: Intrusion Prevention Systems · IT Vendor Directory

Cisco IPS Sensors

September 12th, 2012

Cisco IPS 4200 Series Sensors detect threats to intellectual property and customer data, with modular inspection throughout the network stack; stop sophisticated attackers by detecting behavioral anomalies, evasion and attacks against vulnerabilities; prevent threats using the industry’s most comprehensive set of threat prevention actions; focus response with dynamic threat ratings and detailed logging and provide protection from the latest threats and vulnerabilities. (Link: Cisco IPS Sensors)

Filed under: Intrusion Prevention Systems · IT Vendor Directory

HP TippingPoint

September 12th, 2012

HP TippingPoint’s Next Generation Intrusion Prevention System provides new application level security functionality combined with user awareness and inbound / outbound content inspection capabilities, our scalable NGIPS dynamically protects your applications, network, and data from new and advanced threats. (Link: HP TippingPoint)

Filed under: Intrusion Prevention Systems · IT Vendor Directory

Stonesoft IPS

September 12th, 2012

Stonesoft IPS is a modular, yet powerful tool to secure your internal networks. With Stonesoft IPS you can efficiently detect, identify and stop network traffic abuse and complemented by the Transparent Access Control module you can easily and efficiently add segmentation to your networks, thus considerably reducing the risk of far-reaching infections. (Link: Stonesoft IPS)

Filed under: Intrusion Prevention Systems · IT Vendor Directory

Check Point IPS-1

September 12th, 2012

Check Point IPS-1 is a dedicated intrusion detection system (IDS) and intrusion prevention system (IPS) that helps organizations secure their enterprise network, and protect servers and critical data against known and unknown worms, automated malware, and blended threats. (Link: Check Point IPS-1)

Filed under: Intrusion Prevention Systems · IT Vendor Directory

Enterasys

September 12th, 2012

Enterasys IPS is unique in its ability to gather evidence of an attacker’s activity, remove the attacker’s access to the network, and reconfigure the network to resist the attacker’s penetration technique. Enterasys IPS stops attacks at the source of the threat and can proactively protect against future threats and vulnerabilities. Enterasys IPS offers an extensive range of detection capabilities, host-based and network-based deployment options, a portfolio of IPS appliances, and seamless integration with the Enterasys Secure Networks™ architecture. Enterasys IPS utilizes a state-of-the-art high-performance, multi-threaded architecture with virtual sensor technology that scales to protect even the largest enterprise networks. (Link: Enterasys)

Filed under: Intrusion Prevention Systems · IT Vendor Directory

IBM

September 12th, 2012

IBM Security Network Intrusion Prevention solutions provide comprehensive protection while reducing the cost and complexity associated with deploying and managing point solutions. This includes going beyond traditional network intrusion prevention. (Link: IBM)

Filed under: Intrusion Prevention Systems · IT Vendor Directory

Corero

September 12th, 2012

Corero Network Security delivers the most comprehensive, most effective intrusion prevention available, detecting and blocking both known and unknown attacks without impacting network performance. Corero’s IPS is a transparent, in-line security appliance that provides unmatched intrusion detection capabilities through a unique combination of protocol behavior analysis supplemented by signature-based detection. (Link: Corero)

Filed under: Intrusion Prevention Systems · IT Vendor Directory

Sourcefire

September 12th, 2012

As the pioneer of Next-Generation Intrusion Prevention Systems back in 2003 and now the first to deliver NGIPS with integrated Application Control, Sourcefire bases its NGIPS solutions on the core competencies of contextual awareness and automation—recognized by Gartner as key ingredients of a next-generation network intrusion prevention system.  No other solution offers the visibility, automation, flexibility and scalability to protect today’s rapidly changing environments against increasingly sophisticated threats. (Link: Sourcefire)

Filed under: Intrusion Prevention Systems · IT Vendor Directory

Invincea

September 12th, 2012

Invincea’s breach prevention platform is comprised of an enterprise proven, desktop application for breach prevention and a server appliance for rich forensic intelligence capture and feed. The platform is constructed around four key focus areas critical for meeting today’s security needs: Containment, Detection, Prevention, Intelligence. (Link: Invincea)

Filed under: Advanced Malware Detection · IT Vendor Directory