Archive for December, 2009
Barrier1 saves between 30% – 150% in both Acquisition and Operational Cost
Barrier1, Intelligent Threat Management solution, not only brings the most comprehensive, accurate, fastest, and extensive Technology Roadmap in network security, but brings SIGNIFICANT savings. Recently Barrier1 compared solutions from a vast number of network security vendors. The results were significant. Investigation included purchasing the product or service, installation, training, and on going technical support. In every case examined, Barrier1 was able to deliver significant savings and these savings are recognized immediately. Yet, at the same time, Barrier1 delivers greater effectiveness than any other vendor in the market.
Barrier1 savings are realized on the following:
Firewall
IDS/IDP
Anti Spam
Anti Virus
Web Content Filter
Web Application Firewall
DNS
DHCP
Edge Router
NAC (Network Access Control)
DLP ( Data Leak Prevention)
NBA (Network Behavior Analysis)
Posted in 
Barrier1 Stops Bredolab Trojan
Barrier1 Stops Bredolab Trojan
Bredolab Trojan is dangerous in that it works secretly in the background. If the machine is not protected with security tools, Bredolab may be able to make quite a mess without raising any suspicions. It delivers various malwares on a computer. Bredolab isn’t capable of corrupting files or stealing information but the programs it installs may cause multiple damage.
The Trojan downloader usually downloads and runs fraudulent security tools, but it may also download keyloggers, adware, web browser toolbars and other malicious applications. Removing Bredolab is a necessary action in order to prevent further infections and keep a computer safe. Bredolab Trojan also changes system files. The following is just a few.
\digeste.dll
\digiwet.dll
\mcenspc.dll
\msansspc.dll
%startup%\asgupd32.exe
%startup%\dfqupd32.exe
%startup%\dmaupd32.exe
%startup%\fmnupd32.exe
%startup%\ihaupd32.exe
%startup%\imiupd32.exe
%startup%\legupd32.exe
As with all blended threats, Win32/Bredolab has mutated over time. At the time of installation when older variants of Win32/Bredolab are executed, they copy themselves to one of the following locations, converting their EXE to a DLL:
\digeste.dll
\digiwet.dll
\mcenspc.dll
\msansspc.dll
The registry is then modified to ensure that the DLL is loaded. For example:
To subkey: HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders
Sets value: “SecurityProviders”
With data: “msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digeste.dll”
Win32/Bredolab contacts a remote host, and receives a response from the master server that contains at least one encrypted binary. Downloaded binaries are decrypted and executed. Win32/Bredolab may use a randomly named file name for downloaded binaries on the local machine. Some variants of Win32/Bredolab may create the following file during execution:
• %appdata%\wiaserva.log
Several variants of Win32/Bredolab have been the focus of various spam mass-mailings. Here is a selection of an e-mail, used in the wild, to distribute Bredolab onto user’s computers:
Example email #1
Subject: Postal Tracking #IARN863188FLP4G
Hello!
We were not able to deliver postal package you sent on the 14th of March in time
because the recipient’s address is not correct.
Please print out the invoice copy attached and collect the package at our office.
Your United Parcel Service of America
Example email #2
Subject: Shipping confirmation for order -08244007
Hello!
Thank you for shopping at our internet shop!
We have successfully received your payment.
Your order has been shipped to your billing address.
You have ordered Samsung GO N310-13G.
You can find your tracking number in attached to the e-mail document.
Please print the label to get your package.
We hope you enjoy your order!
Barrier1 has Virtualized Network Security
Barrier1 has Virtualized Network Security
Barrier1 has brought Virtualization to Network Security. Virtualization is designed to be helpful in making more efficient use of underutilized hardware and yet keeping networks isolated from one another.. The classic case involves a rack of servers each using a fraction of their resources. Once a virtual network is attached to a physical network adapter, it is exposed to the same security risks as that physical network adapter. Virtual machines cannot intercept network packets from the host operating system. Similarly, the host operating system cannot intercept network packets from a virtual machine. This isolation is enforced by the virtual machine network services driver, which determines whether a network packet is routed to the host operating system or to a virtual machine.
Barrier1 Network Security Virtualization brings individual VM protection as well as inter-VM protection. To truly mitigate the risks within the virtual environment, especially those related to inter-VM communication, individual inspection of all 7 OSI layers in near real time is required. Barrier1, along with its “AARE Engine” has an architecture that delivers effective multi-layered defense and self-protection.on a per VPM basis. By enforcing policies at the VM level, integrating network security protection elements that inspect and have knowledge of all aspects of the 7 OSI layers is key to the overall security architecture within VM.
• VM Enforcement of policies and integrating all network security point solutions such as Firewall, IDS, Anti-Spam, Anti Virus, Web Application Firewall, provides granular visibility and control of individual VM as well as inter-VM and network traffic. Enforcing individual or group VM policies stops inter-VM malware propagation more effectively than one-size-fits-all rule bases. Default policies are automatically applied to every new VM, mitigating the risks of VM sprawl.
• Guaranteed VM Isolation between and within trust levels (e.g., production, QA) makes vitalizing mission critical systems and customer data viable. This further boosts the ratio of VMs to host servers, giving enterprises a greater return on their virtualization investments.
• Migrations are achieved by continuous inspection of all network security tools in production as VMs automatically move from host to host.
• Barrier1 monitors & stores all network connections. Thus giving Barrier1 the ability to block attacks and other unauthorized connection attempts from VMs.