Académique Documents
Professionnel Documents
Culture Documents
We talk to Intel about their new Anti Theft Technology and their collaboration with WinMagic
To share or not to share? How to keep your sensitive corporate data secure Websense announce ESG Email Security Gateway completes the unified TRITON platform How to secure your Wi-Fi Best practices for implementing enterprise wireless security
Spring 2011
Introducing SecurityPlus
The leading security magazine
Welcome to the latest edition of Securityplus produced by Uniq Systems and e92plus. Being responsible for the security of your companys data or network is currently one of the toughest positions to be in. End users want full access to networks to perform their jobs, build business relationships and access external information. Opening up a network to external resources results in a number of possible security problems but if you dont, employee productivity can suffer. The articles in this edition look at the conundrum and discuss the options available. For IT security professionals it all comes down to balance and acceptable risk. If after reading this edition you have any questions or you would like additional information please give me a call on 0118 927 2700 or send me an email at sales@uniqsystems.co.uk Anjam Sohail Technical Director Uniq Systems Ltd
Page 2
Meeting the challenge of modern email threats with Websense Email Security
When you examine the challenge that companies are facing when it comes to modern email security, it becomes apparent that the threats and risks associated with email have changed significantly over the last few years.
Inbound Threats Spam Viruses Malicious URLs
SaaS Offload all inbound email processing Maximise resiliency by queuing inbound email in the cloud Reduces network and bandwidth load
89.9% of all unwanted emails contain links to spam sites or malicious websites.
Websense 2010 Threat Report
Outbound
Data leaks Acceptable use Compliance
Websense V-Series Appliance TruEmail DLP Unified Policy Control and Reporting Across Email, Web and Data
Today email security and Web security have converged. In a recent threat report conducted by Websense, over 89% of unwanted email contains an embedded link to a website. Email is typically the lure to a website that delivers the attack and more often than not, the website itself is a legitimate site that has been recently compromised. This makes it nearly impossible for legacy signature and
reputation-based security to provide adequate protection. It also underscores the importance of dynamic Web security intelligence in stopping email security threats. Websense Email Security Gateway is the only email security product anywhere that offers embedded, enterprise-class data loss prevention (DLP) that screens incoming email for blended threats that contain links to malicious websites, invasive script, or other web threats. Use of the extremely
granular policy controls guards against outgoing malicious or accidental data loss. Websense ESG also taps into their hosted email security offering, intercepting all spam and other unwanted email in the cloud, freeing up your servers and preserving bandwidth. Whats more, it is all wrapped up into the single TRITON interface meaning you dont have to worry about the extra expense and complexity of multiple vendors or interfaces.
Page 3
Information Rights
Management ensuring the right people get the right level of access to the appropriate files.
What hackers know that you dont: Cloud security for web 2.0
Many organisations are finding that the weakest link in the security chain is the endpoint device, or more specifically, the end user. Whether it is through carelessness, ignorance, malicious intent or just plain ignoring the rules, end users introduce all sorts of security ills into a business network. However, one of the biggest considerations for network managers today is the need to provide flexibility. Todays workers have come to rely on social networks, websites and electronic messaging to gather the information needed to perform their jobs, build business relationships and access external information. Those necessities create a conundrum for security professionals: on one hand, administrators can limit the access to those resources, but productivity will eventually suffer, while on the other hand, opening up a network to external resources can result in a myriad if security problems. It all comes down to balance and acceptable risk. Simply put, all that typical end users desire is unhindered access to the resources they need to perform their duties. For IT to provide that access, a multitude of security services need to be implemented, all without burdening the end user and still offering the highest level of protection. These requirements are often beyond what can be done with desktop or endpoint-based security products, forcing IT to adopt highly integrated security solutions which are burdensome, expensive and short of fully reliable. Finally, there is an increased administrative burden in the form of security. Most Web 2.0 services allow users to bypass corporate controls and access applications directly, leaving only local (PCbased) security and possibly the corporate firewall between the enduser and the application. The problem worsens when mobile users and remote offices are added to the equation. Simply put, premise-based security solutions cannot scale beyond the corporate edge. One way to address the problem is to use hosted security solutions to protect users from the security problems created by hosted applications. That concept completely changes the dynamic of dealing with security. In practice the user is always protected, regardless of what they are connecting to. Ideally, a fully implemented security cloud solution will handle and control all web traffic between the user and their destination, regardless of the users location and connectivity methods. Barracuda Flex is a cloud-based secure Web gateway that protects users from malware, phishing, identity theft, and other harmful activity online. The service sits between a companys network and the internet to protect the companys users as they conduct business-critical activities on the web. The management is handled through a familiar Barracuda console interface, with infinite scalability to allow your business to grow without necessitating expensive hardware or software upgrades.
Page 5
Simplified Deployment
provides a snapshot to define policies
Page 6
customers or contractors - no need to redistribute hardware tokens after short-term use and you can repurpose user licencing on the fly. expensive hardware tokens.
Enjoy a lower cost, by avoiding Stronger compliance with PCI, Increased employee mobility,
SOX, HIPPA and other regulations. without worrying about keeping the token with you - everyone always has their mobile to hand. you on the leading edge of 2FA. Microsoft infrastructures for reliable operations. expired hardware tokens to send to landfills.
Page 7
We spoke to Glenn Le Vernois, of Intels Services Program Office, about Intels entrance into the security market, their collaboration with WinMagic and the future of data security. Hello Glenn, and thanks for speaking to SecurityPlus. Can you tell us about the Intel AT service, and what it means for your customers? Intel Anti-Theft Technology (Intel AT) can remotely disable a PC should it become lost or stolen. If stolen, a Poison Pill can be sent to the PC over the internet or via 3G text message which immediately disables the system. In addition, the system is required to check-in (rendezvous) with a server on a predetermined interval. Should the system miss a rendezvous, it will assume that its lost or stolen. Intel Anti-Theft Technology utilises a special capability in the Intel chipsets manageability engine, which provides special hardware
Page 8
one management console for all notebooks embedded with Intel AT. WinMagic provides a data protection solution that protects endpoint devices, removable media, sensitive files, applications, residual information (such as temp files), and the operating system from unauthorised access. Through the SecureDoc Enterprise Server (SES), it is possible to disable user access to the data in a nondestructive manner. Even if the user (for example, a terminated employee) still has valid credentials and moves the drive to another machine, the user will not be able to access the data. The solution is flexible to configure, and simple to deploy. The built-in, tamper-resistant security renders a laptop unusable while also blocking access to the valuable information stored on its encrypted hard drive. It also features customisable recovery
messages to encourage the computers safe return. And once returned, its simple to reactivate the laptop without harming the hardware or data. Intel AT is available today in partnership with WinMagic, providing you with a strong anti-theft protection solution for lost or stolen laptops . For more information on the service, or to request a demonstration of the solution, visit our website. You can also find out which laptops are already equipped with Intel AT technology at http://antitheft.intel.com.
1 2 3
To provide organisations with a complete, fully integrated solution WinMagic combines Intel Anti-Theft Technology (Intel AT) with full hard disk & removable media encryption in
Ponemon Institute, Feb 2009 Ponemon Institute, Jan 2009 Processor, May 2006
visit us at www.securityplusonline.co.uk/uniqsystems/intel
Page 9
ways, Personal and Enterprise. WPA/ WPA2 Personal use pre-shared keys with the same key placed into both the access point and the wireless station (e.g. laptop). The key is used to authenticate the station and encrypt its traffic. Unfortunately, WPA/WPA2 Personal is subject to offline dictionary attacks. WPA/WPA2 Enterprise leverages a server-side digital certificate on a RADIUS server. Client-side credentials vary and can include username/password combinations, tokens, or digital certificates. Additionally, WPA2 uses the best-inclass Advanced Encryption Standard (AES) which is currently considered unbreakable. The Wi-Fi security standards are summarised in the table above. Once authenticated into the wireless network, it is best practice to use an integrated stateful firewall to further segment access to network resources. Firewall rules can then be written to allow or deny access based on factors such as IP address, port, service, or time of day. Another important piece of security on Wi-Fi networks is wireless intrusion detection & prevention systems (WIDS/WIPS). These systems scan the air, either via dedicated sensor radios that scan 24 hours a day or by time-slicing. Time-slicing sensor radios also serve wireless stations and so periodically scan off-channel to detect threats to the network, reducing the amount of effective time they have to scan.
In addition to these technical mechanisms, do not overlook the basics. Change default values such as the administrator username and password, SNMP community strings, etc. The following summarises best practices with regards to enterprise wireless security:
Page 10
Tune in for secure remote access! Global Radio authenticate with 2FA
Boasting the number 1, 2 and 3 commercial radio brands in the UK, Global Radio is the model of efficient, brand driven, market leading radio with brands including Heart, Capital FM and Classic FM. Global Radio was looking for an effective, costeffective and user-friendly authentication solution to secure remote access for website content editors working from home updating online content. However, there were a number of additional key requirements: dont have to worry about the distribution, and the authenticators can be managed centrally by the company. However, we had already made security investments previously so it would have been a shame not to use the hardware authenticators as well. DIGIPASS for Mobile is our main solution, as it offers more flexibility and a very soft touch way of deployment and at the same time leaves the company in control of the authenticators. DIGIPASS GO3 and Virtual DIGIPASS are rather used as back-up or emergency solutions, in case there is a problem with an employees mobile phone.
Remote workers using a Virtual DIGIPASS to log in type in their user name and PIN. A text message containing the OTP is immediately sent to their mobile phone. However, the main authenticator to secure remote access for Global Radios home workers became VASCOs DIGIPASS for Mobile. The principle of OTP generation is the same as in hardware authenticators, but in this case the mobile phone becomes the authentication device. DIGIPASS for Mobile software creates the OTP that the user needs instantly and easily. DIGIPASS for Mobile is one of the main reasons we chose VASCO as a strong authentication supplier, says Ross Draper, IP Infrastructure Manager at Global Radio. There are a lot of benefits to using a mobile phone as an authentication device. You dont have to provide your employees with hardware authenticators, when managing many devices can be difficult and costly, as people can lose them or break them. DIGIPASS for Mobile is a budget friendly solution: you
VASCO offers us a costeffective, user-friendly solution...with home workers using DIGIPASS for Mobile, there have not been any incompatibility issues or questions about deployment from end-users. Ross Draper
IP Infrastructure Manager Global Radio
VASCOs authentication solutions also offer an opportunity to further develop the companys security infrastructure. The high scalability of the VASCO IDENTIKEY Server allows Global Radio to easily add more users and applications, and the flexibility of DIGIPASS for Mobile provide a way to use strong authentication for additional purposes in the future - such as for Network Logon or securing web applications.
Page 11
The secret key to your network: Unlocking the value of your log data
Organisations today are deploying a variety of security solutions to counter the ever increasing threat to their email and internet investments. Often, the emergence of new threats spawn solutions by different companies with a niche or a specialty for that specific threat whether it is a guard against viruses, spam, intrusion detection, spyware, data leakage or any of the other segments within the security landscape. This heterogeneous security environment means that there has been a proliferation of log data generated by the various systems or devices. As the number of different log formats increases coupled with the sheer volume of log data, the more difficult it becomes for organisations to turn this data into meaningful business information. Transforming data into information means that you know the who, what, when, where, and how giving you the ability to make informed business decisions. There is no point capturing data if you do not use it to improve aspects of your business. Reducing recreational web browsing, improving network performance, and enhancing security, are just a few outcomes that can be achieved using information from regular log file analysis. However, who has time to review the logs of all the network devices...let alone make sense of them? To achieve these outcomes, it is important for organisations to have a log management process in place with clear policies and procedures and also be equipped with the appropriate tools that can take care of the ongoing monitoring, analysis and reporting of these logs. So, heres a few tips on what can be achieved through effective log reporting. 1. Establish acceptable usage polices - this is the first step towards reducing inappropriate usage before you implement any form of filtering, and essential to ensure the workforce understands what the rules are. Improvements are often seen early on if the staff know the reporting is in place. 2. Establish your reporting requirements, especially to ensure you meet any obligations under any laws or regulations relevant to your industry or geography. Its all important to examine who needs reports - senior and line management would often benefit as well as the IT department. 3. Research your existing capabilities - you may find that many devices produce logs (including proxy servers, firewalls, routers and email servers) that could give you an insight into data loss or remote access activity. 4. Establish log management procedures - its important to establish and maintain the infrastructure and administration for capturing, transmitting, storing and archiving or destroying log data. 5. Establish standard reporting procedures - regular reporting is essential to ensure that initial improvements are maintained. Its also important to store user reports in a secure location to ensure confidentiality is maintained. 6. Assign responsibilities - its essential to identify roles and responsibilities for taking action on events, remembering that responsibility is not only the security administrators domain. 7. Review and adapt to changes because of the metamorphic nature of the security environment it is important to revisit steps 1-7 regularly and fine tune this process to get the maximum value from your network logs. WebSpy are a leading global provider of solutions that provide a transparent view over organisations internet, email and network usage. They enable organisations to protect and maximise their internet investment and enjoy the benefits of a web-enabled environment while reducing costs and minimising organisational risk.
We needed accurate reporting of web usage and the ability to analyse where our bandwidth was going...WebSpy allowed us to understand exactly that. Codemasters UK
The benefits include the ability for real time monitoring of internet access by staff....since installation we have reduced our internet traffic by 30% which resulted in significant savings and reduced wasted productivity. Mitcham Council
Page 12
Drobo enters the business arena with new business focused storage products
Drobo, makers of the award-winning data storage product, have introduced a new line of sophisticated yet easy-to-use and affordable storage solutions for small and medium businesses. The new Drobo business systems are optimal as primary and secondary storage, as well as departmental file-sharing or offsite backup, and server virtualisation deployments including those using VMware solutions. "VMware recognises the importance of affordable storage alternatives for firms implementing virtualisation as they continue on the path toward IT as a service," explained Parag Patel, vice president, global strategic alliances, VMware. "Like larger organisations, SMBs are looking for ways to improve productivity and lower IT costs. Drobo streamlines VMware-virtualised storage for SMBs by delivering storage that is simple, scalable and automated - all with an affordable price tag. With more than 150,000 customers worldwide, Drobo has been embraced by individual professionals and small businesses globally. The new Drobo business systems up the ante with improved system performance and redundancy, a new business-oriented dashboard and control panel and upgraded business support options - all while maintaining Drobo's breakthrough ease-of-use and the BeyondRAID data protection capabilities that define the Drobo brand. Drobo's new business line also includes performance enhancements, new management software and extended business support and services, in addition to the existing ease of use, affordable capacity and storage features that set Drobo apart from any other storage product on the market. The systems are based on the patented BeyondRAID technology and are certified for VMware, Citrix, Microsoft Exchange and Symantec backup.
Encrypt Stick release the worlds first portable, encrypted private web browser
The long anticipated Digital Privacy Browser has been released by ENC Security Systems - makers of the 'unhackable' Encrypt Stick USB drive software. The Encrypt Stick Private Browser runs from your USB drive and provides unparalleled web surfing privacy as it leaves behind no trace whatsoever on the host computer. Recently publicised issues uncovered in many popular web browsers has brought to light the fact that in Private Mode these browsers still leave a trail of browsing history to be left behind on your computer. The Encrypt Stick Private Browser ensures that even if someone gains access to your computer, they will never know where you have been on the internet. It maintains private bookmarks and a cache to improve performance in an encrypted vault on your USB drive. This allows you to then plug the USB drive into virtually any computer in the world knowing that you and your browsing history are protected. The Encrypt Stick Private Browser is now available as part of the Encrypt Stick USB drive encryption software.
Page 13
Stop Malware and SPAM The VPN traffic is inspected by thorough auto-updating anti-virus, anti-spyware and anti-spam features of the UTM. These features ensure that no viruses, worms, Trojans, key -loggers, spyware and other malware or spam mail sneak through. Prevent Threats and Intrusions The VPN traffic is subjected to an Intrusion Prevention System (IPS) scan. This feature sanctifies the traffic by detecting and eliminating any threats lurking in it. The Identity Aware Firewall You can set firewalls to restrict the number of open ports, what type of packets pass through and which protocols are allowed. The identity driven TFT ensures that the credentials of each user is verified and custom security policies are enforced. Granular Access Policy Cyberoam's Granular Access Policy control feature allows you to provide specific resources to specific employees depending on their professional requirements. This feature is useful in SSL VPN situations when the person can remotely access the LAN resources even from smart hand-held devices or over insecure networks.
Management and Reporting To ensure compliance over VPN, it is crucial to have centralised management that generates comprehensive event reporting, proactive alerts, rapid forensic analyses and complete audit trails. VPNs, whether they use PPTP, L2TP, IPSec or SSL, are appealing to companies of all sizes. Even small businesses find compelling reasons to implement VPNs. Many view VPNs as a competitive advantage, specifically because of their global coverage and the relative ease with which they can be extended to create extranets which in turn can help companies increase the productivity of their workforce by secure connectivity to key network resources. Maintaining network security requires constant vigilance, and maintaining VPN security even more vigilance. Given the growing interest and increasing deployment of VPN, it is vital to scale that interest in terms of security. Possessing a better understanding of VPNs and their security mechanisms empowers companies to extend the borders of their business, without increasing the vulnerability of their information assets.
Page 14
25% of users admitted to turning off their antivirus protection because they thought those programs were slowing down their computers.
Avira Anti-Virus Survey
Page 15
With over 145 million customers, Avira is the fastest growing AntiVirus company in Europe.
Barracuda Networks is the worldwide leader in appliance based Email and Web Security.
Celestix Networks is the premier developer of Microsoft Windows based security appliances.
Cyberoams range of feature-rich UTM appliances are suitable for both small and large businesses.
Drobo delivers enterprise class SAN and File Storage with great reliability and ease of use.
EncryptStick transforms any USB Flash Drive into a Digital Privacy Manager to keep files secure.
Lumension Security provides unified protection and control of endpoints, apps and devices.
Websense is a global leader in integrated Web security, Data security and Email security.
WebSpy analysis and reporting software transforms log file data into manageable information.
WinMagics SecureDoc hard disk encryption secures a laptop or PCs sensitive information.
Xirrus manufacture leading Wi-Fi Array architecture replaces both wireless and wired networks.
tel
fax
email tim@uniqsystems.co.uk
web www.uniqsystems.co.uk