Offical Blog

Barrier1 is Designed to Avoid Bait-and-Switch Attacks

There is a growing awareness of a vulnerability in AV products that could potentially allow a “bait-and –switch” technicque. The issue is the use of Hooks or DLL. All products require some type of connection or integration to the OS. It is how it is done that can bring a security risk.

Barrier1 was designed to inspect, act (accept/reject), and then pass the packets on accordingly. This process is isolated from various hook into the OS. The second protection is that Barrier1 was designed with multiple security checks that only allows Barrier1 into the DLL or Kernel layers.

Lessons Learned from McAfee

In the past couple of weeks McAfee had the unthinkable happen. They released a false positive update that caused computers to shut down. Let’s learn from this.

Security protection schemes have been heavily dependent on lists. Whether they were blacklist or whitelist they are still based on known events. The pressure of every manufacture to distribute these update list has reached fever levels. Updates are being sent out every few minutes. Yet we continue to get viruses, honest mistakes are being made, and quality suffers. It is a vicious cycle.

In order to meet the objectives of updating in near real time, something in the process has to be accelerated. The emphasis of Testing prior to release is what is suffering. No one can testing every scenario, however, accuracy does require a relative amount of testing.

The only way to stop the unknown and mutated attacks is through an Intelligent Learning System.

Barrier1- The only Intelligent Network Security Appliance that can inspect all 7 OSI layers in near real time.

Barrier1 Brings Network Security to both Data and IP/TV from 1 Appliance

Recently, Mid States k-12 District located in Little Falls Minn., has been securing over 100+ simultaneous IP Video/TV streams of HD as well as there data flow. This is being done on 1 Barrier1 appliance without delay or noticeable jitter.

Network security has been focusing on data for the past 10+ years. However, in the world of IP VOIP as well as IP/TV or IP Video is just as vulnerable. When you take a simplistic view of IP it is just another set of 1 and 0’s arrange slightly different. So, why would one think that VOIP and IP Video/TV would not be as vulnerable?

In order to protect these services from hackers and cyber criminals. Barrier1, utilizes multi core processors and efficient system architecture has been securing all 3 services from 1 appliance for over 3 years.

The need for network security is now going beyond just the Data world. Both Video and Voice are now becoming more widely used and open. With Video education, IPTV, Web Conferencing entering into the mainstream, these IP based services will have to secured just like data. At first the unfortunate cases of a IP Video feed gets interrupted with a 2 min. viewing of porn. The next will be viruses that are inserted as 1 of the video frames or some form of a Denial of Service attack that cuts out the video stream altogether.

Barrier1 has been securing Video and VOIP for over 3 yrs. In fact we have customers using 1 Barrier1 device to secure both Data and IPVideo at the same time.

Kneber Botnet
Zeus Botnet Origins

Kneber recently infected more than 70,000 computers worldwide. To top it off, it infested large organization that claim to have use the latest and greatest. Some of the company’s reported to have been hit are Juniper Networks, Amazon Elastic Computing Cloud, and even the Swiss Phone company Telia Sonera.

Kneber is a spin off of the Zeus Botnet. They are prime examples of a truly blended thereat. These bots strategically gather information by operating underneath multiple thresholds that would expose them. They gather pieces of information slowly and in short bursts as not to trip one of the 1,000 of filters. Then they take the gathered information and send this information slowly back to their controller and wait for the specific command that launches the attack. The attack itself flies under the radar screen of the filters. Then add a little social engineering as to drive individuals to a web site where a virus is sitting in waiting in the hidden fields.

First, reconnaissance mission is to detect HKey_Current_Usr, Hket_local machine.software then Hkey_Local_machine\registry path. One it receives a kill command it overwrites virtual memory of windows with zero’s. At that point the OS in inoperable. Then when the information is gathered a kill command can be sent.

Part of this Botnet attack includes tricking individuals to a web site. In some of the phising scams an email claiming to be from Facebook arrives in your email. They ask you to do something. Something could be going to a certain web site, update your account, etc. Once you arrive at the site a virus that has been laying on the web site in a hidden field is downloaded to your PC.

Barrier1 has stopped this Botnet but it does take inspection of all 7 layers of the OSI. That means a full proxy based Web Application firewall. The second component needed is Intelligence. By gathering information about the various reconnaissance activities, Barrier1 learns from the various inspection points. Intelligence or network behavioral analysis along with the compete inspection points is the only way these botnets will be stopped.

Barrier1
Mpls., Minn.
2-10

Those of you thinking of moving to a Cloud solution should be asking some very thoughtful questions. Even then you are not as secure as you think you are. Just as those on Google’s Gmail and others have found out.

When you move to a cloud you are now putting your digital information at the hands of someone else. Here are the issues;
• That digital data is stored on a shared server with many others.
• If they have virtualized what security measures have been taken.
• What does the hosting company really manage?
• What happens if there is a breach?
• What is really managed?

In years of IT, the concept of managed services, cloud computing, or other names given to allowing a 3rd party to manage a portion of your process or digital data, hasn’t changed. I believe it is more of a tech support issue, responsibility, and heavy on the liability based business.

Let’s look at another option that blends the best of both worlds.
• Locate a network security appliance on the edge of your network.
• Have the manufacture set alerts and log reports to be automatically sent to you. There are a number of ways this can be done.
• In the service component with the manufacture, have then accessible for personalized service.
• Have the manufacture assist in root cause and work rounds.

That is Barrier1

Barrier1 Stops Crimeware

 

In a recent SC Magazine dated  article the term “Crimeware” was discussed. In short it is another way to look at an older term known as “Blended Threats” and the driving force of criminal attacks  “Money”.

 

In order to stop these attacks one can not just look at each technology independently nor can you rely on just a list based approach.  The only way to stop these attacks is to look at all 7 OSI layers in total and add intelligence. 

 

Here are the areas that SC Magazine addressed.  Barrier1 performs all of these functions.

 

Anti-Virus

-         Must be able inspect for virus, Spyware, malware

-         Must look at Internet based and client based

Patching

-         Patching is a component however, it only stops the known

-         One must have the ability to identify and stop the unknown

 

Malvertising

-         One should have the ability to block browser plug-ins.  They are known sources of security holes

-         Identify and block scripts from running

DLP

-         Identify and look for data leaving and entering your network

 

Proper Log Monitoring

-         One must have the ability to utilize Log information as more than just a collection method.

-         One must go above and beyond just assigning someone to monitor the logs. This must be automated to block. By the time an individual reviews the logs it is too late

Mandatory Access Control

-         One must be aware of who is on your network.

Make sure policies are in place and reviewed 

Barrier1 Stops Crimeware

 

In a recent SC Magazine dated  article the term “Crimeware” was discussed. In short it is another way to look at an older term known as “Blended Threats” and the driving force of criminal attacks  “Money”.

 

In order to stop these attacks one can not just look at each technology independently nor can you rely on just a list based approach.  The only way to stop these attacks is to look at all 7 OSI layers in total and add intelligence. 

 

Here are the areas that SC Magazine addressed.  Barrier1 performs all of these functions.

 

Anti-Virus

-         Must be able inspect for virus, Spyware, malware

-         Must look at Internet based and client based

Patching

-         Patching is a component however, it only stops the known

-         One must have the ability to identify and stop the unknown

 

Malvertising

-         One should have the ability to block browser plug-ins.  They are known sources of security holes

-         Identify and block scripts from running

DLP

-         Identify and look for data leaving and entering your network

 

Proper Log Monitoring

-         One must have the ability to utilize Log information as more than just a collection method.

-         One must go above and beyond just assigning someone to monitor the logs. This must be automated to block. By the time an individual reviews the logs it is too late

Mandatory Access Control

-         One must be aware of who is on your network.

-     Make sure policies are in place and reviewed

Network Trouble Shooting with Barrier1 Brings Fast and Accurate Results

When it comes to maintaining performance and speed in today’s networks, visibility to both the inside of your network and the carrier is crucial. All play a role in delivering quality service.  Each party must provide honest troubleshooting and share the  results. Telco’s and ISP’s must be up front with their customers.

Barrier1 has included network sniffers for that reason. Barrier1 customers, with the help Barrier1 tech support, can find the root cause, Thus eliminating the finger pointing.  This speeds up the discovery process and is what the customer is really asking for.  After all, they just want to find the problem and then fix it.

Over the years, Barrier1 has identified issues that were originally thought to be the firewall but in fact turnout to be the upstream ISP or Telco. Barrier1 has identified such issues as bad DSL modems, faulty switches, faulty interfaces on the T-1 muxes, Telco or ISP routing issues, and even hijacked IP address from an ISP. In all of these cases without the help of on board network sniffers, finding root cause would have taken days and would have added to the frustration levels.

PCI Compliance

The later part of 2009 PCI Security Stands Council issued a set of new guidelines. This version 1.2.1 does bring clarity to a couple of previous gray areas.

The gray area for compliance was using a 3rd party for payment processing. Of course 3rd parties were subject to standards. The question was if the organization performing the work or service and accepting payment via credit would be exempt. It now clearly states that “ALL SYSTEMS COMPONENTS, SYSTEM COMPONENTS ARE DEFINED AS ANY NETWORK COMPONENT, SERVER, OR APPLICATION THAT IS INCLUDED IN OR CONNECTED TO THE CARDHOLDER DATA ENVIRONMENT. THE CARDHOLDER DATA ENVIRONMENT IS THAT PARTO OF THE NETWORK THAT POSSESSES CARDHOLDER DATA OR SENSITIVE AUTHENTICATION DATA. NETWORK COMPONENTS INCLUDED BUT ARE NOT LIMITED TO FIREWALLS, SWITCHES, ROUTERS, WIRELESS ACCESS POINTS, NETWORK APPLIANCES, AND OTHER SECURITY APPLIANCES. PCI COMPLIANC ALSO IS REQUIRED IF THE PAN NUMBER TRANSITS ANY PART OF THE NETWORK.

Barrier1 with its comprehensive inspection including Web Application Firewall is PCI compliant. In additional steps, Barrier1 includes 1 complete network vulnerability assessment with yearly licensing and support renewals.

 

Barrier1 saves between 30% – 150% in both Acquisition and Operational Cost

 Barrier1, Intelligent Threat Management solution, not only brings the most comprehensive, accurate, fastest, and extensive Technology Roadmap in network security, but brings SIGNIFICANT savings.  Recently Barrier1 compared solutions from a vast number of network security vendors.  The results were significant. Investigation included purchasing the product or service, installation, training, and on going technical support.  In every case examined, Barrier1 was able to deliver significant savings and these savings are recognized immediately. Yet, at the same time, Barrier1 delivers greater effectiveness than any other vendor in the market.

 Barrier1 savings are realized on the following:

Firewall

IDS/IDP

Anti Spam

Anti Virus

Web Content Filter

Web Application Firewall

DNS

DHCP

Edge Router

NAC  (Network Access Control)

DLP ( Data Leak Prevention)

NBA (Network Behavior Analysis)