Barrier1 Securing Live Video Conference
The need for network security is now going beyond just the Data world. Both Video and Voice are now becoming more widely used and open. With Video education, IPTV, Web Conferencing entering into the mainstream, these IP based services will have to secured just like data. At first the unfortunate cases of a IP Video feed gets interrupted with a 2 min. viewing of porn. The next will be viruses that are inserted as 1 of the video frames or some form of a Denial of Service attack that cuts out the video stream altogether.
Barrier1 has been securing Video and VOIP for over 3 yrs. In fact we have customers using 1 Barrier1 device to secure both Data and IPVideo at the same time.
Posted in 
Barrier1 and Kneber/Zeus Botnet
Kneber Botnet
Zeus Botnet Origins
Kneber recently infected more than 70,000 computers worldwide. To top it off, it infested large organization that claim to have use the latest and greatest. Some of the company’s reported to have been hit are Juniper Networks, Amazon Elastic Computing Cloud, and even the Swiss Phone company Telia Sonera.
Kneber is a spin off of the Zeus Botnet. They are prime examples of a truly blended thereat. These bots strategically gather information by operating underneath multiple thresholds that would expose them. They gather pieces of information slowly and in short bursts as not to trip one of the 1,000 of filters. Then they take the gathered information and send this information slowly back to their controller and wait for the specific command that launches the attack. The attack itself flies under the radar screen of the filters. Then add a little social engineering as to drive individuals to a web site where a virus is sitting in waiting in the hidden fields.
First, reconnaissance mission is to detect HKey_Current_Usr, Hket_local machine.software then Hkey_Local_machine\registry path. One it receives a kill command it overwrites virtual memory of windows with zero’s. At that point the OS in inoperable. Then when the information is gathered a kill command can be sent.
Part of this Botnet attack includes tricking individuals to a web site. In some of the phising scams an email claiming to be from Facebook arrives in your email. They ask you to do something. Something could be going to a certain web site, update your account, etc. Once you arrive at the site a virus that has been laying on the web site in a hidden field is downloaded to your PC.
Barrier1 has stopped this Botnet but it does take inspection of all 7 layers of the OSI. That means a full proxy based Web Application firewall. The second component needed is Intelligence. By gathering information about the various reconnaissance activities, Barrier1 learns from the various inspection points. Intelligence or network behavioral analysis along with the compete inspection points is the only way these botnets will be stopped.
Barrier1
Mpls., Minn.
2-10
So, you think you are Secure by Using the Cloud? Think again.
Those of you thinking of moving to a Cloud solution should be asking some very thoughtful questions. Even then you are not as secure as you think you are. Just as those on Google’s Gmail and others have found out.
When you move to a cloud you are now putting your digital information at the hands of someone else. Here are the issues;
• That digital data is stored on a shared server with many others.
• If they have virtualized what security measures have been taken.
• What does the hosting company really manage?
• What happens if there is a breach?
• What is really managed?
In years of IT, the concept of managed services, cloud computing, or other names given to allowing a 3rd party to manage a portion of your process or digital data, hasn’t changed. I believe it is more of a tech support issue, responsibility, and heavy on the liability based business.
Let’s look at another option that blends the best of both worlds.
• Locate a network security appliance on the edge of your network.
• Have the manufacture set alerts and log reports to be automatically sent to you. There are a number of ways this can be done.
• In the service component with the manufacture, have then accessible for personalized service.
• Have the manufacture assist in root cause and work rounds.
That is Barrier1
Barrier1 Stops Crimeware
Barrier1 Stops Crimeware
In a recent SC Magazine dated article the term “Crimeware” was discussed. In short it is another way to look at an older term known as “Blended Threats” and the driving force of criminal attacks “Money”.
In order to stop these attacks one can not just look at each technology independently nor can you rely on just a list based approach. The only way to stop these attacks is to look at all 7 OSI layers in total and add intelligence.
Here are the areas that SC Magazine addressed. Barrier1 performs all of these functions.
Anti-Virus
- Must be able inspect for virus, Spyware, malware
- Must look at Internet based and client based
Patching
- Patching is a component however, it only stops the known
- One must have the ability to identify and stop the unknown
Malvertising
- One should have the ability to block browser plug-ins. They are known sources of security holes
- Identify and block scripts from running
DLP
- Identify and look for data leaving and entering your network
Proper Log Monitoring
- One must have the ability to utilize Log information as more than just a collection method.
- One must go above and beyond just assigning someone to monitor the logs. This must be automated to block. By the time an individual reviews the logs it is too late
Mandatory Access Control
- One must be aware of who is on your network.
Make sure policies are in place and reviewed
Barrier1 Stops Crimeware
In a recent SC Magazine dated article the term “Crimeware” was discussed. In short it is another way to look at an older term known as “Blended Threats” and the driving force of criminal attacks “Money”.
In order to stop these attacks one can not just look at each technology independently nor can you rely on just a list based approach. The only way to stop these attacks is to look at all 7 OSI layers in total and add intelligence.
Here are the areas that SC Magazine addressed. Barrier1 performs all of these functions.
Anti-Virus
- Must be able inspect for virus, Spyware, malware
- Must look at Internet based and client based
Patching
- Patching is a component however, it only stops the known
- One must have the ability to identify and stop the unknown
Malvertising
- One should have the ability to block browser plug-ins. They are known sources of security holes
- Identify and block scripts from running
DLP
- Identify and look for data leaving and entering your network
Proper Log Monitoring
- One must have the ability to utilize Log information as more than just a collection method.
- One must go above and beyond just assigning someone to monitor the logs. This must be automated to block. By the time an individual reviews the logs it is too late
Mandatory Access Control
- One must be aware of who is on your network.
- Make sure policies are in place and reviewed
Barrier1 Provides on board Network Analyzers to Identify and Trouble Shoot Root Cause
Network Trouble Shooting with Barrier1 Brings Fast and Accurate Results
When it comes to maintaining performance and speed in today’s networks, visibility to both the inside of your network and the carrier is crucial. All play a role in delivering quality service. Each party must provide honest troubleshooting and share the results. Telco’s and ISP’s must be up front with their customers.
Barrier1 has included network sniffers for that reason. Barrier1 customers, with the help Barrier1 tech support, can find the root cause, Thus eliminating the finger pointing. This speeds up the discovery process and is what the customer is really asking for. After all, they just want to find the problem and then fix it.
Over the years, Barrier1 has identified issues that were originally thought to be the firewall but in fact turnout to be the upstream ISP or Telco. Barrier1 has identified such issues as bad DSL modems, faulty switches, faulty interfaces on the T-1 muxes, Telco or ISP routing issues, and even hijacked IP address from an ISP. In all of these cases without the help of on board network sniffers, finding root cause would have taken days and would have added to the frustration levels.
PCI Compliance
PCI Compliance
The later part of 2009 PCI Security Stands Council issued a set of new guidelines. This version 1.2.1 does bring clarity to a couple of previous gray areas.
The gray area for compliance was using a 3rd party for payment processing. Of course 3rd parties were subject to standards. The question was if the organization performing the work or service and accepting payment via credit would be exempt. It now clearly states that “ALL SYSTEMS COMPONENTS, SYSTEM COMPONENTS ARE DEFINED AS ANY NETWORK COMPONENT, SERVER, OR APPLICATION THAT IS INCLUDED IN OR CONNECTED TO THE CARDHOLDER DATA ENVIRONMENT. THE CARDHOLDER DATA ENVIRONMENT IS THAT PARTO OF THE NETWORK THAT POSSESSES CARDHOLDER DATA OR SENSITIVE AUTHENTICATION DATA. NETWORK COMPONENTS INCLUDED BUT ARE NOT LIMITED TO FIREWALLS, SWITCHES, ROUTERS, WIRELESS ACCESS POINTS, NETWORK APPLIANCES, AND OTHER SECURITY APPLIANCES. PCI COMPLIANC ALSO IS REQUIRED IF THE PAN NUMBER TRANSITS ANY PART OF THE NETWORK.
Barrier1 with its comprehensive inspection including Web Application Firewall is PCI compliant. In additional steps, Barrier1 includes 1 complete network vulnerability assessment with yearly licensing and support renewals.
Barrier1 saves between 30% – 150% in both Acquisition and Operational Cost
Barrier1, Intelligent Threat Management solution, not only brings the most comprehensive, accurate, fastest, and extensive Technology Roadmap in network security, but brings SIGNIFICANT savings. Recently Barrier1 compared solutions from a vast number of network security vendors. The results were significant. Investigation included purchasing the product or service, installation, training, and on going technical support. In every case examined, Barrier1 was able to deliver significant savings and these savings are recognized immediately. Yet, at the same time, Barrier1 delivers greater effectiveness than any other vendor in the market.
Barrier1 savings are realized on the following:
Firewall
IDS/IDP
Anti Spam
Anti Virus
Web Content Filter
Web Application Firewall
DNS
DHCP
Edge Router
NAC (Network Access Control)
DLP ( Data Leak Prevention)
NBA (Network Behavior Analysis)
Barrier1 Stops Bredolab Trojan
Barrier1 Stops Bredolab Trojan
Bredolab Trojan is dangerous in that it works secretly in the background. If the machine is not protected with security tools, Bredolab may be able to make quite a mess without raising any suspicions. It delivers various malwares on a computer. Bredolab isn’t capable of corrupting files or stealing information but the programs it installs may cause multiple damage.
The Trojan downloader usually downloads and runs fraudulent security tools, but it may also download keyloggers, adware, web browser toolbars and other malicious applications. Removing Bredolab is a necessary action in order to prevent further infections and keep a computer safe. Bredolab Trojan also changes system files. The following is just a few.
\digeste.dll
\digiwet.dll
\mcenspc.dll
\msansspc.dll
%startup%\asgupd32.exe
%startup%\dfqupd32.exe
%startup%\dmaupd32.exe
%startup%\fmnupd32.exe
%startup%\ihaupd32.exe
%startup%\imiupd32.exe
%startup%\legupd32.exe
As with all blended threats, Win32/Bredolab has mutated over time. At the time of installation when older variants of Win32/Bredolab are executed, they copy themselves to one of the following locations, converting their EXE to a DLL:
\digeste.dll
\digiwet.dll
\mcenspc.dll
\msansspc.dll
The registry is then modified to ensure that the DLL is loaded. For example:
To subkey: HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders
Sets value: “SecurityProviders”
With data: “msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digeste.dll”
Win32/Bredolab contacts a remote host, and receives a response from the master server that contains at least one encrypted binary. Downloaded binaries are decrypted and executed. Win32/Bredolab may use a randomly named file name for downloaded binaries on the local machine. Some variants of Win32/Bredolab may create the following file during execution:
• %appdata%\wiaserva.log
Several variants of Win32/Bredolab have been the focus of various spam mass-mailings. Here is a selection of an e-mail, used in the wild, to distribute Bredolab onto user’s computers:
Example email #1
Subject: Postal Tracking #IARN863188FLP4G
Hello!
We were not able to deliver postal package you sent on the 14th of March in time
because the recipient’s address is not correct.
Please print out the invoice copy attached and collect the package at our office.
Your United Parcel Service of America
Example email #2
Subject: Shipping confirmation for order -08244007
Hello!
Thank you for shopping at our internet shop!
We have successfully received your payment.
Your order has been shipped to your billing address.
You have ordered Samsung GO N310-13G.
You can find your tracking number in attached to the e-mail document.
Please print the label to get your package.
We hope you enjoy your order!
Barrier1 has Virtualized Network Security
Barrier1 has Virtualized Network Security
Barrier1 has brought Virtualization to Network Security. Virtualization is designed to be helpful in making more efficient use of underutilized hardware and yet keeping networks isolated from one another.. The classic case involves a rack of servers each using a fraction of their resources. Once a virtual network is attached to a physical network adapter, it is exposed to the same security risks as that physical network adapter. Virtual machines cannot intercept network packets from the host operating system. Similarly, the host operating system cannot intercept network packets from a virtual machine. This isolation is enforced by the virtual machine network services driver, which determines whether a network packet is routed to the host operating system or to a virtual machine.
Barrier1 Network Security Virtualization brings individual VM protection as well as inter-VM protection. To truly mitigate the risks within the virtual environment, especially those related to inter-VM communication, individual inspection of all 7 OSI layers in near real time is required. Barrier1, along with its “AARE Engine” has an architecture that delivers effective multi-layered defense and self-protection.on a per VPM basis. By enforcing policies at the VM level, integrating network security protection elements that inspect and have knowledge of all aspects of the 7 OSI layers is key to the overall security architecture within VM.
• VM Enforcement of policies and integrating all network security point solutions such as Firewall, IDS, Anti-Spam, Anti Virus, Web Application Firewall, provides granular visibility and control of individual VM as well as inter-VM and network traffic. Enforcing individual or group VM policies stops inter-VM malware propagation more effectively than one-size-fits-all rule bases. Default policies are automatically applied to every new VM, mitigating the risks of VM sprawl.
• Guaranteed VM Isolation between and within trust levels (e.g., production, QA) makes vitalizing mission critical systems and customer data viable. This further boosts the ratio of VMs to host servers, giving enterprises a greater return on their virtualization investments.
• Migrations are achieved by continuous inspection of all network security tools in production as VMs automatically move from host to host.
• Barrier1 monitors & stores all network connections. Thus giving Barrier1 the ability to block attacks and other unauthorized connection attempts from VMs.
Barrier1 identifies flaws in SSL-VPN
Barrier1 identifies flaws in SSL-VPN
SSL-VPN’s have become very popular. However, there are several security flaws beginning to become understood. The use of null characters has been used for exploits for several years. The concept is to insert a string of 0’s in key areas. This has the effect of alerting, changing, or redirecting depending on when and where this technique is used.
In SSL-VPN certificates are used. When a string of 0’s or some other strings are inserted, hackers can re route a user to a site they were not intending to go to. This can also allow access to host computers.
Barrier1 with its ability to inspect all 7 OSI layers and Intelligent Behavior Analysis known as “AARE” inspects for null character insertion from multiple points of inspection. Whether this technique is used in the application code itself, like SSL-VPN, or from a data stream that has been altered, Barrier1 will identify and stoop this technique.