November 2008 Archives

WiMAX - LTE and Cloud Computing

This month ABI Research published that new Combo Chips will be released that will cover both WiMAX and LTE communications many of the service providers will be offering both technologies depending on geographic location.

What is WiMAX? An industry standard also known as 802.16 intended for Broadband Wireless Networks Metropolitan Area Networks. Wireless MANS offer an alternative to DSL, Cable Modems Fiber Optic links an effort to link homes and businesses to core telecommunication networks. Wireless MAN MAC offers full quality of Service (QOS). http://wirelessman.org/docs/02/C80216-02_05.pdf.

3GPP LTE - A new radio interface that can use wide radio channels and delivers extremely high throughput rates. 3GPP Release 8 offers the ability to integrate with non-3GPP networks and optimization for all IP service providers. http://www.3gamericas.org
PDFs/EDGE_HSPA_and_LTE_Broadband_Innovation_Rysavy_Sept_2008.pdf.

While both technologies continue to evolve (or will likely merge by 2013), we could see wireless broadband sustained transfer rates well above 100 mbps.

Padmasree Warrior, CTO of Cisco Systems, envisions a content rich MEDIANET with the ability for full content collaboration. "It's not the device or the network, it is the experience." Users will not be discouraged by download speeds or degraded graphics. Users will now to be able to have My Channel, your personal broadcast channel offering rich multimedia content with family, friends, co-workers and business peers, as well as with those in your immediate surroundings. Padmasree Warrior sites that core infrastructure networks will able to support 10 trillion bits/sec - with no difference in the wireless networks from wired networks for end user experience and no Public and Private IPs -- just the Network. Mobilize '08

With the increase in wireless speeds and the availability of Wireless MAN MAC's, this would accelerate the use and need for multimedia resources in Cloud Computing offerings, virtual computing resources, storage and applications available world wide would enhance world experience of collaboration and the need for language translations of world content data.

The growth of wireless devices continues to explode. Padmasree Warrior states that in comparison to the world population growth where there are 4 new babies born every second, the mobile computing world shows 30 new mobile devices are purchased every second. At least for the immediate future, Ms. Warrior sees this to be a sustained growth rate of wireless technology throughout the world, as the rest of the world catches up to the explosion of the availability of information and the ability of end users to participate not only in a one way viewing of content but the ability to publish and manage content.

There have been warnings about development and local computing resources moving away from the end user into the cloud where end users have less control over local computing resources and the security and privacy of their information is a concern. The Pew Internet Study says that a majority of internet users are already using cloud resources of some form (internet mail and storage), and that most users use these applications for the freedom of being available worldwide, the ease of application use, and the ease of sharing information. However 68% of the users said they would be very concerned if their information was analyzed and used to market their online behavior.

There have been other responses concerning local user application and information security. The majority of users find it increasingly difficult to protect their information and to keep up with the security updates for their Network Operating System and Applications.

The Washington Post published an article this month about Judges urging for a standardization on cell phone tracking policies. Depending on the district you are currently located in with your cell phone or GPS enabled device, there are different policies for tracking your activities.

The International Association of Privacy Professionals and Federal Computer Week have both published articles concerning a paper that was publish by the Constitution Project, calling for Electronic Communications Act to be updated to include safeguards for cloud computing. The publication, "Liberty and Security: Recommendations for the Next Administration and Congress", states that privacy information is on a weaker footing if maintained by service providers then when it resides on the local computer. That there is a number of conflicting judicial decisions regarding this has created uncertainty for service providers and law enforcement.

One thing is for certain -- as our networks continue to expand from a polar or bipolar world and as information becomes more easily accessible and published, the custodians of the data and service providers of applications will continue to be the focus of attacks, worldwide end users will continue to be Phished to gain access to the zeta bytes of access privileges, collaboration neighbors and the access to weave in and out through the various provider networks and customer data.

In closing I just wanted to add a reference to global management of information, and real time event reporting in a high transaction world is eventually managed by a global provider, that is to a James Bond movie called "Tomorrow Never Dies" .

NFL and College Football are in full swing this season. Coaching staffs spend an enormous amount of time building teams and implementing their defensive strategies that have the ability to react on each offensive confrontation. The offense continues to learn the defensive reactions to threats, and the defense continues to show different defensive strategies and alignments. The offense is constantly sending the defense false routes hoping the defense will spend as many resources as possible on a false attack. As the offense continues to progress toward the goal, the defense continues to strengthen their stance. Some of the fieriest battles are fought down in the Red Zone before the goal.

Information defensives should not only have strong perimeters, but as the offense gets closer to the goal line the defenses should get stronger and stronger showing a variety of defensive strategies. The defense should be interwoven into the business process and strategies. Many information defenses rely on strong perimeters but have softer controls near the goal where an attack could have the largest impact. It is key for the defense to work with business and data owners to know where the Red Zones defenses need to make goal line stance to prevent the business goals from being impacted. The defense needs to provide a variety of different looks, and offer their attackers false weaknesses to trigger alerts and trap their intruder into making a mistake. The defense needs to be layered - not having one line of scrimmage but layered lines of scrimmages that are configured differently using different players or defensive configurations. Information defensives have to detect not only outsider threats but insider threats from the outside in and from the inside out.

The problem is the information scrimmage is not played on one field, it is played concurrently on a number of fields throughout the world in a distributed environment 24 hours a day with a super highway running between the playing fields. The perimeter could be distributed in Beijing, Berlin, Dehli, or New York, with data flowing back and forth through multiple service providers. The perimeter is now PDA's on Broadband Networks where requests are sent to message services and relayed from worldwide information stores. Information security managers need to make the defensive strategy integrated with the business goals and processes. Information defensive strategies in business are equally as critical as those defensive strategies integrated in college and professional sports.

It's x's and o's, ones and zeros, check and checkmate.

I had intended this to be my first netForensics security posting, but when I received a call this morning from my EVP thanking me for my uniformed service, I knew my subject had changed.

I can't help but to be reminded of the many men and women that are currently serving in harms way this Veterans Day. For some, it is a day to be thankful that their friend or loved one has returned home from their tour of duty. For others, it means remembering a friend who perished on the battlefield of that far away land in freedoms defense.

For it was at the eleventh hour, on the eleventh day of the eleventh month of 1918, the guns fell silent on the Western front and the slaughter of World War I came to an end.

Veterans Day, originally called Armistice Day, marked the end of the fighting on the Western Front in World War I. In 1954, Congress changed it to Veterans Day to honor all veterans, not just those who had served in the Great War.

So with that, my flag flies high today, for all American Veterans, as they advance peace and extend freedom around the world. God's speed!

This weekend I received this link from a friend of mine who really is kind of scripting guru. I thought that it was interesting enough to pass it forward.

http://www.cyberciti.biz/tips/linux-unix-commands-cheat-sheets.html
http://www.scottklarr.com/topic/115/linux-unix-cheat-sheets---the-ultimate-collection/

In the new edition of PCI 1.2 DSS requirements, WEP Security has been removed from the accepted list of security strategies for wireless communication only devices - only WPA and WPA2 are now accepted. Companies have until June 30, 2010 to replace their wireless communication with 80211i. This week it looks like WPA TKIP will soon join WEP on the list of prohibited wireless security strategies, although the PCI 1.2 Standard recommends stong encryption like AES. Erik Tews and Martin Beck plan on speaking at PacSec conference on how they can crack WPA TKIP in 12 to 15 mins. TKIP, Temporal Key Integrity Protocol, was initially created as a stepping stone for companies with older wireless devices that need to move off WEP security easily without the purchase of new hardware. WPA Message Integrity (MIC) or Michael was never strong because of hardware concerns.

Martin Beck and Eric Tews have published papers: Practical attacks against WEP and WPA.

Glen Fleishman has also written a nice review of the WPA crack.

In the document Practical attacks against WEP and WPA, they say they collect traffic until they get an ARP request or response. Ethernet addresses are not protected by WEP or TKIP, then they use their chopchop attacks to decrypt the unknown plaintxt bytes of the packet.

The Message Integrity (MIC) prevents replay attacks because on 2 failures the MIC is shutdown, there is a 60 second communication penalty and then the keys are renegotiated.

They use 802.11e to send the keystream over different queues and avoid the MIC. This is only successful if the rekey interval is long and chopchop is able to complete the decryption of the packet without rekeying. They state that TKIP is not much different from WEP, and that the same WEP attacks can be used against TKIP.

Glen Fleishman concludes in his article that if TKIP is set to rekey on the AP at a regular interval - not 3600 seconds - say 120 seconds - that it makes the attack harder to accomplish. Choose a long network key 20 characters that are random.

I am sure that most Network Administrators, Security Analysts and Auditors have their old wireless routers and clients updated and have moved to AES-CCMP. There may be those that have client devices, appliances, notebooks, or tablets that use 802.11b and to save money have moved to some firmware upgrades that allows WPA TKIP.
This new release on the exposure of weakness of TKIP will hopefully move the process for modernization of the Wireless environment as a must have.

A few thought's on Microsoft latest Intelligence report. Although the number of reported vulnerabilities apparently has decreased, the number of high severity vulnerabilities has increased. And while there continues to be a decrease in viruses reported, there was an increase in password stealing exploits. One really interesting piece of information is the amount of Trojan downloaders and droppers, which is maybe why worms, backdoors, password stealing, and monitoring software has stayed basically the same or increased. The report also signifies that most of the developing countries fall victim to these vulnerabilities, compared to more advanced economies. Although from other reports that I read, the U.S. and China seem to have higher incidents than the other economic developed powers. China, for example, with the latest MS08-67 RPC exploit seems to have been hit harder then the US or other economic advanced nations.

Last year I heard Dan Geer at the Forrester Security Conference talk about the difficulty of measuring information security events. The fact that you may have gotten 1 alert concerning a download but what did not get reported was the 6 payloads that it left behind that went undetected. For those of us that had to follow up on initial viruses, worms, trojans and other incidents know that there is usually more there then what was discovered during the first cleanup attempt and that the ratio of what is reported compared to what was there was more like 10:1 depending on the incident.

There is an interesting article on the CDC site called "Contagion on the Internet" by Trudy M. Wassenar and Martin J. Blaser. Although written in 2002, this article is still relevant today comparing the similarities of the biological and virtual tiny monsters.

There has been a significant amount of work done recently to combat this recent RPC exploitation on Microsoft Windows Servers and clients. Since the beginning of last month there have been a lot of warnings and information available to mitigate this attack. This week we are seeing a number of increased worms detected that are apparently having an impact in Asia. Symantec is reporting activity on W32.Kernelbot.A and W32.Wecort. SecureIteam had published some sample code, and Don't Stuff Beans Up Your Nose also had a nice article. Microsoft released the patch for this before their normal release time. Due to Windows XP SP2/SP3 and Vista enabled firewalls, the ability to buy personal home firewalls for cable and dsl, and all the lessons learned by Blaster and Slammer, we may have at least for now avoided another worldwide outbreak. Although, I am sure there are still users that put their PC's on the Internet without Firewalls, host-based Firewalls, or Antivirus -- and never patch their systems that bring them into their company's and connect them to wired and wireless networks to share with their co-workers.