Recently in MSSP Category

Not so long ago, I remember that talking about information security management brought a lot of eyebrowse up, something of a black art, kind of like UNIX Administration.
But in today's world, Cyber Security has gotten enough attention recently from the White House, Congress, Military, and Law Enforcement not only in the U.S. but across the globe that discussing the need for Cyber Security and Information Security Management in the public and private sectors is no longer considered a foreign topic or a dark black art. The discussion of Risk Management and Information Security Management are now an interwoven fabric within IT Frameworks for COBIT and ITIL.

At the NJTC meeting yesterday at the Forsgate Country Club, we had a diverse number of parties interested in our solutions to support their Information Security Management Program - from Audit and Financial executives to IT Management. Our solutions will provide a means to help IT and Data Owners identify the threats, and risks to their business processes in these times of round-the-clock international electronic business transactions. Situational awareness of today's highly complex distributed IT Service environments is no longer simply a nice to have but a necessity to survival of digital business transactions against a world of distributed Botnets and pre-zero day vulnerabilities.

I would like to thank the NJTC for giving us the ability to reach out to so many different businesses operating in across the State of New Jersey and those that stopped by to simply hear what our solutions have to offer to their Business Services.

This document covers the People's Liberation Army conceptual framework for delivering "integrated Network Electronic Warfare". This includes Space and Satellite warfare and EMP attacks. The document also points out the the U.S. Military NIPRET are a high priority of attack. The article mentions that organizations are still not doing enough to use analyzer tools like SIEM products. While the article sites that SIEM products may rely on signature based solutions, nFX One products correlate events beyond IDS/IPS based signature events from a number of disparate Operating Systems, Netflows, and other host and network security devices to alert on abnormal behavior and provides built-in Incident Response Management work flow and integratrion with ITIL uCMDB processes.

The document provides a graphic on the "Timeline of Significant Chinese Related Cyber Events 1999-Present, including pointers to the very public GhostNet cyber espionage events as well as information on the National University of Defense Technology (NUDT)."

Reference:
US-China Economic and Security Review Commission Report on the Capability of the People's Republic of China to Conduct Cyber Warefare and Computer Network Exploitation
National University of Defense Technology

If you're finding that protecting your organization's network and data is becoming increasingly challenging, you may want to consider outsourcing your security. Managed Security Service Providers (MSSPs) can offer a cost effective alternative to trying to manage the security yourself. There are four primary reasons to consider using a MSSP:

1) MSSPs have the security expertise that many companies lack. MSSPs can provide guidance on what types of defenses you need and how those defenses should be deployed. Not only are they security experts, but in may cases they can also provide assistance with any regulatory mandate that you may be trying to comply with.

2) MSSPs can be less expensive than trying to bring all your security needs in-house. MSSPs achieve economies of scale that smaller organizations simply cannot reach.

3) MSSPs offer 24/7 monitoring of your network.

4) In the event there is some type of security incident, the MSSP can provide forensic help determining how the attack happened, what was compromised and how to avoid being attacked in the future.

So if your company's security is keeping you up nights, consider using an MSSP and let them be the ones losing sleep. That's what they're good at.

Georgia Tech Information Security Center Hosted the Global DNS Security, Stability, Resiliency Symposium. " The first of its kind to bring together cross-functional stake holders to address DNS Risk.

DNS ( DOMAIN NAME SERVICES ) is the glue that binds internet resolution, so when a user types in the browser https://www.isc.org/solutions this naming convention magically works without the user have to maintain ip addresses.

Last summer, Dan Kaminsky's DNS Vulnerability really started to point out the weaknesses in the system.

The DNS Symposium points out some major flaws in domain registration, DNS Security Usability ( DNSSEC ).

The Symposium has posted some solutions and possible actors:

The creation of a DNS CERT - An organization devoted to security and resiliency of DNS act as a clearing house for DNS. Capacity Building Programs. Training and Testing, Information exchange, Raising Stakeholder Awareness.

There were concerns about the scability of IPV6 DNSSEC, and IDN's.

Kolkman, Olaf - NLNetLabs
"A Perspective on Categorizing Problems"
Supporting Material: http://www.nlnetlabs.nl/downloads/publications/se-consult.pdf

DNS is certainly the target for "INFO WARS" and Social E Protest"
The people that maintain this vast infrastructure in the public and private sector don't believe enough is being done to protect this global resource and there is a global controversy about who should be the top authority on strategic leadership ( ICANN )

Cisco Security recommends changing the default behavior of the IOS CA to use SHA-1 hashing instead of the default MD5 hashing for certificates. Although the ASA CA may not be vulnerable to attacks as is the IOS CA, Cisco still recognizes the weakness in MD5 and plans to change the default behavior for the generation of end Certificates.
Cisco Security Response: MD5 Hashes May Allow for Certificate Spoofing

Verisign has stated that it fixed their CA's and even their Rapid SSL CA from using MD5. Versign's Blog on MD5 attacks as you can see from the comments users are concerned about the certificates online that were generated with a MD5 Hash.

MD5 considered harmful today in this publication released in Berlin on Dec. 31st 2008 by Alexander Sotirov, Arjen Lenstra, Dave Molnar, Dag Arne Osvik, Benne de Wegner. Their attack takes advantage of what was a theoretical scenario known as MD5 Collisions which is a weakness in the cryptology of the hash function.
attack.bmp They recommend stronger encryption offered by SHA1 and SHA2 to help prevent a Rogue CA server from being from being the authority of trust.

There maybe other concerns besides just the browser and the web server such as code signing certificates or emai certificates.