October 23, 2014

Why Does Your Organization Need Web Security?

(LiveHacking.Com) – Malware is a threat to businesses that is often found addressed in today’s news headlines. The term “malware” encompasses different types of malicious software which could infect your corporate network including viruses, worms, Trojans, spyware, adware, rootkits, crimeware and scareware.

In today’s business environment, most employees are careful when it comes to opening email attachments but are not always as cautious about clicking on links which can lead to a malware infection. With today’s sophisticated malware, the chances of a direct malware infection are high when downloading something from an infected website. Organizations find it extremely difficult to keep up with new malware and other security issues they need to address. Fortunately, businesses can now respond to possible malware threats through the use of internet monitoring software.

Internet monitoring software helps protect against web security threats by monitoring employees’ browsing activity. This software also helps enforce any internet usage policy a business has in place and can even be configured to block websites which employees are not allowed to access during business hours. To be truly effective, however, the internet monitoring software should include other essentials features. When shopping for new web filtering and web security software, keep the following features in mind:

  1. Web filtering should be very granular; meaning access to certain websites can be permitted or blocked based on an employee’s job requirements, the time of day, and the category of website. This will allow for easier administration of the software. Once configured, frequent changes should not be needed.
  2. Internet monitoring software should be able to protect the business from a variety of malware, spyware, and viruses. This is usually done using more than one type or version of virus/spyware engine. At minimum, at least two different types of virus/spyware protection should be included in any internet monitoring software you are considering.
  3. The solution should allow you to monitor and/or block certain downloads when necessary. You should also be able to block specific file types, such as mp3s, video files and zipped files, among others.
  4. Make sure that the web security solution you’re using is able to detect and warn users of possible phishing websites. Basically, this feature should tell the user whether he/she may be accessing known or suspected fake websites instead of the one they think they are actually linking to.
  5. Encrypted traffic should be inspected by internet monitoring software since it is one of the common ways of getting malicious traffic past firewalls and intrusion detection systems.
  6. Monitoring of outbound internet traffic will assist in preventing leakage of sensitive data/information either from an insider (i.e. employee or contractor) or from malicious software that is sending sensitive information to another location.

While this is not an all-encompassing list, it provides you with main features to look for when researching and selecting internet monitoring software to protect your business against any web security threats.

Editor note: This guest post was provided by Sean McCrearyon behalf of GFI Software Ltd. GFI is a leading software developer that provides a single source for network administrators to address their network security, content security and messaging needs. More information: GFI Internet Monitoring Software.

Disclaimer: All product and company names herein may be trademarks of their respective owners.

Stuxnet: The Industrial Sabotage Mystery Deepens

Since its discovery a few months ago, the purpose and intention of the Stuxnet worm has remained shrouded in mystery. This Windows based worm is the first ever malware designed to attack industrial equipment.

Specifically it targets Siemens’ Supervisory Control And Data Acquisition (SCADA) software used to control and monitor industrial processes and has the ability to reprogram Siemens’ Simatic PLCs (programmable logic controllers).

[ad code=6 align=left]

PLCs contain code to control automated industrial systems in manufacturing plants or factories. Programmers use the Siemens’ software from a Windows PC to create code and then upload their code to the PLCs. The Stuxnet worm infects the PCs and then uploads its own code to the PLC.

Since the discovery of Stuxnet, conspiracy theories about its purposes have been rampant and these theories have included nation states, well funded hackers, Israeli spies and Iran’s nuclear program. But Symantec have just revealed (http://www.symantec.com/connect/blogs/stuxnet-breakthrough) that the Stuxnet virus only attacks systems with variable-frequency drives from two specific vendors: Vacon based in Finland and Fararo Paya based in Iran. This is sure to reignite the speculations about its target and origin.

What Stuxnet does is monitor the frequency of these drives and only attacks systems that run between 807Hz and 1210Hz which is very high and only used in particular industrial applications. Stuxnet then modifies the output frequency for a short time to 1410Hz and then to 2Hz and then to 1064Hz and thus effects the operation of the connected motors.

Stuxnet’s requirement for particular frequency converter drives and operating characteristics focuses the number of possible speculated targets to a limited set of possibilities.

If you work with PLCs and variable-frequency drives over 807Hz please contact Live Hacking as soon as possible as you might be able to shed some light on this increasingly mysterious malware.

Rootkit Analysis: TDSS Rootkit

Securelist.com has a great rootkit analysis article about TDSS rootkit. It has been written by Sergey Golovanov and Vyacheslav Rusakov.

The TDSS rootkit first appeared in 2008. Since then, it has become far more widespread than the notorious rootkit Rustock. The rootkit’s malicious payload and the difficulties it presents for analysis are effectively similar to those of the bootkit. The bootkit infect (as its name suggests) infects the boot sector, ensuring that the malicious code is loaded prior to the operating system. TDSS implements the concept of infecting drivers; this means it is loaded and run at the very early stages of the operating system. This greatly complicates the detection of TDSS and makes removing it treatment a serious challenge.

Read the full article here: http://www.securelist.com/en/analysis/204792131/TDSS

Source:[Securelist.com]

Network Box Whitepaper: Guide to Cloud Security

Cloud computing offer some great opportunities in security, particularly in email and web security. It has huge impacts in the cost of business operation and IT infrastructure.

However, it is important to remember that it is difficult to provide complete network security purely from the cloud. Network Box has released a short whitepaper to guide users and professionals in cloud security.

Download Network Box: Guide to Cloud Security here.