Barrier1 has introduced clientless security functions for the Apple IPad. In fact we are using these additional feature set on a 4 year old Barrier1 appliance.
A trend in k-12 education is having students receive a portable computer, Laptop or Tablet, to be used 24×7 during the school year. This is known as a 1:1 inititive. Barrier1 can now insure appropriate use by the students of Apple IPad 24×7 regardless of where they are using the device. Along with web content filter, Barrier1 will inspect all traffic for Virus, Malware, Trojans, and etc.
It was recently announced by Cisco that there Web Application Firewall is now end of life. Web Application Firewalls are part of the PCI compliance requirements. It appears that Cisco policy of End of Life is now more about their own bottom line than the customers best interest.
It is time for a change. Barrier1 includes software enhancements as part of the yearly renewal program.
IP space is finally used up. We are now faced with IPv6. Barrier1 has been IPv6 ready for over 5 years.
Today I received a call about Barrier1 replacing a Cisco Edge Router. Sometimes what is an old case study becomes new again. Barrier1 has been doing this for over 3 years.
Recently, a long standing customer had a hardware failure. Barrier1 tech support isolated the root cause to be the power backup unit. The voltage had been out of spec and had caused the outage.
Barrier1 is introducing NAC, network access control. NAC has been around a long time but seems to find its niche in a couple of select vertical markets. However, as the need for Mobility continues and access becomes more automated, we believe that inspection and protection of these devices will need to be an integral part Security Arsenal.
NAC will inspect individual’s devices for Installed and up to date Firewall and AV components and that they are completely patched and up to date with the latest rev. levels. Up until Barrier1 NAC, installation, administration, and over all usability was difficult and time consuming. Barrier1 has automated the entire process.
In 2006 the Global Internet Freedom Consortium (GIFC) was formed with the express purpose of developing software solutions to bypass Internet access controls in countries that repress free speech, access to news and non-censored information (China, Iran, Burma, etc). They have developed very effective and robust tools that, on a daily basis, are allowing millions of people to access the Internet as they see fit and without governmental interference. All of this is very good.
The dilemma occurs when these same tools are used to bypass controls put in place at schools, hospitals, banks, etc. In fact these tools can simply not be stopped by our competitor’s products. Lab testing shows that only 3 of 36 products tested are moderately successful in blocking these tools, and over time the tools modify themselves so what was once a successful protection now no longer works. After all, by US law schools still have to protect children, banks have to avoid theft and hospitals have to protect patient records.
The tools work on 5 levels:
- IP Blocking avoidance
- DNS Redirection avoidance
- Content Filtering avoidance
- Anti-virus/malware/spyware avoidance
- Computer Access Restriction avoidance
In our research at Barrier1 we have determined that there are 3 weaknesses to the way these tools implemented these strategies and that we can effectively block their use now and into the foreseeable future.
The dilemma we face at Barrier1 is:
1. Do we provide our technology to these repressive governments?
Option 1 is what our competitors are doing, but is unacceptable to us since we will have failed through our actions to protect those who cannot protect themselves.
2. Do we not protect our customers in legitimately protecting their organizations?
Option 2 is also unacceptable since we would have failed to protect our customers through inaction.
We have determined to take a third path to resolve our dilemma is to:
- Keep the technical details of our solutions private.
- Make our solution available to only our customers and distribute the software in such a way so it cannot be reverse engineered.
Barrier1 is Designed to Avoid Bait-and-Switch Attacks
There is a growing awareness of a vulnerability in AV products that could potentially allow a “bait-and –switch” technicque. The issue is the use of Hooks or DLL. All products require some type of connection or integration to the OS. It is how it is done that can bring a security risk.
Barrier1 was designed to inspect, act (accept/reject), and then pass the packets on accordingly. This process is isolated from various hook into the OS. The second protection is that Barrier1 was designed with multiple security checks that only allows Barrier1 into the DLL or Kernel layers.
Lessons Learned from McAfee
In the past couple of weeks McAfee had the unthinkable happen. They released a false positive update that caused computers to shut down. Let’s learn from this.
Security protection schemes have been heavily dependent on lists. Whether they were blacklist or whitelist they are still based on known events. The pressure of every manufacture to distribute these update list has reached fever levels. Updates are being sent out every few minutes. Yet we continue to get viruses, honest mistakes are being made, and quality suffers. It is a vicious cycle.
In order to meet the objectives of updating in near real time, something in the process has to be accelerated. The emphasis of Testing prior to release is what is suffering. No one can testing every scenario, however, accuracy does require a relative amount of testing.
The only way to stop the unknown and mutated attacks is through an Intelligent Learning System.
Barrier1- The only Intelligent Network Security Appliance that can inspect all 7 OSI layers in near real time.
Barrier1 Brings Network Security to both Data and IP/TV from 1 Appliance
Recently, Mid States k-12 District located in Little Falls Minn., has been securing over 100+ simultaneous IP Video/TV streams of HD as well as there data flow. This is being done on 1 Barrier1 appliance without delay or noticeable jitter.
Network security has been focusing on data for the past 10+ years. However, in the world of IP VOIP as well as IP/TV or IP Video is just as vulnerable. When you take a simplistic view of IP it is just another set of 1 and 0’s arrange slightly different. So, why would one think that VOIP and IP Video/TV would not be as vulnerable?
In order to protect these services from hackers and cyber criminals. Barrier1, utilizes multi core processors and efficient system architecture has been securing all 3 services from 1 appliance for over 3 years.