Archive for February, 2010
Barrier1 and Kneber/Zeus Botnet
Kneber Botnet
Zeus Botnet Origins
Kneber recently infected more than 70,000 computers worldwide. To top it off, it infested large organization that claim to have use the latest and greatest. Some of the company’s reported to have been hit are Juniper Networks, Amazon Elastic Computing Cloud, and even the Swiss Phone company Telia Sonera.
Kneber is a spin off of the Zeus Botnet. They are prime examples of a truly blended thereat. These bots strategically gather information by operating underneath multiple thresholds that would expose them. They gather pieces of information slowly and in short bursts as not to trip one of the 1,000 of filters. Then they take the gathered information and send this information slowly back to their controller and wait for the specific command that launches the attack. The attack itself flies under the radar screen of the filters. Then add a little social engineering as to drive individuals to a web site where a virus is sitting in waiting in the hidden fields.
First, reconnaissance mission is to detect HKey_Current_Usr, Hket_local machine.software then Hkey_Local_machine\registry path. One it receives a kill command it overwrites virtual memory of windows with zero’s. At that point the OS in inoperable. Then when the information is gathered a kill command can be sent.
Part of this Botnet attack includes tricking individuals to a web site. In some of the phising scams an email claiming to be from Facebook arrives in your email. They ask you to do something. Something could be going to a certain web site, update your account, etc. Once you arrive at the site a virus that has been laying on the web site in a hidden field is downloaded to your PC.
Barrier1 has stopped this Botnet but it does take inspection of all 7 layers of the OSI. That means a full proxy based Web Application firewall. The second component needed is Intelligence. By gathering information about the various reconnaissance activities, Barrier1 learns from the various inspection points. Intelligence or network behavioral analysis along with the compete inspection points is the only way these botnets will be stopped.
Barrier1
Mpls., Minn.
2-10
Posted in 
So, you think you are Secure by Using the Cloud? Think again.
Those of you thinking of moving to a Cloud solution should be asking some very thoughtful questions. Even then you are not as secure as you think you are. Just as those on Google’s Gmail and others have found out.
When you move to a cloud you are now putting your digital information at the hands of someone else. Here are the issues;
• That digital data is stored on a shared server with many others.
• If they have virtualized what security measures have been taken.
• What does the hosting company really manage?
• What happens if there is a breach?
• What is really managed?
In years of IT, the concept of managed services, cloud computing, or other names given to allowing a 3rd party to manage a portion of your process or digital data, hasn’t changed. I believe it is more of a tech support issue, responsibility, and heavy on the liability based business.
Let’s look at another option that blends the best of both worlds.
• Locate a network security appliance on the edge of your network.
• Have the manufacture set alerts and log reports to be automatically sent to you. There are a number of ways this can be done.
• In the service component with the manufacture, have then accessible for personalized service.
• Have the manufacture assist in root cause and work rounds.
That is Barrier1
Barrier1 Stops Crimeware
Barrier1 Stops Crimeware
In a recent SC Magazine dated article the term “Crimeware” was discussed. In short it is another way to look at an older term known as “Blended Threats” and the driving force of criminal attacks “Money”.
In order to stop these attacks one can not just look at each technology independently nor can you rely on just a list based approach. The only way to stop these attacks is to look at all 7 OSI layers in total and add intelligence.
Here are the areas that SC Magazine addressed. Barrier1 performs all of these functions.
Anti-Virus
- Must be able inspect for virus, Spyware, malware
- Must look at Internet based and client based
Patching
- Patching is a component however, it only stops the known
- One must have the ability to identify and stop the unknown
Malvertising
- One should have the ability to block browser plug-ins. They are known sources of security holes
- Identify and block scripts from running
DLP
- Identify and look for data leaving and entering your network
Proper Log Monitoring
- One must have the ability to utilize Log information as more than just a collection method.
- One must go above and beyond just assigning someone to monitor the logs. This must be automated to block. By the time an individual reviews the logs it is too late
Mandatory Access Control
- One must be aware of who is on your network.
Make sure policies are in place and reviewed
Barrier1 Stops Crimeware
In a recent SC Magazine dated article the term “Crimeware” was discussed. In short it is another way to look at an older term known as “Blended Threats” and the driving force of criminal attacks “Money”.
In order to stop these attacks one can not just look at each technology independently nor can you rely on just a list based approach. The only way to stop these attacks is to look at all 7 OSI layers in total and add intelligence.
Here are the areas that SC Magazine addressed. Barrier1 performs all of these functions.
Anti-Virus
- Must be able inspect for virus, Spyware, malware
- Must look at Internet based and client based
Patching
- Patching is a component however, it only stops the known
- One must have the ability to identify and stop the unknown
Malvertising
- One should have the ability to block browser plug-ins. They are known sources of security holes
- Identify and block scripts from running
DLP
- Identify and look for data leaving and entering your network
Proper Log Monitoring
- One must have the ability to utilize Log information as more than just a collection method.
- One must go above and beyond just assigning someone to monitor the logs. This must be automated to block. By the time an individual reviews the logs it is too late
Mandatory Access Control
- One must be aware of who is on your network.
- Make sure policies are in place and reviewed