December 18, 2014

In Brief: GFI LanGuard 2012 SR1 released

(LiveHacking.Com) –  GFI has released the latest version of its LanGuard product suite. By acting as a virtual security consultant it combines three key activities into one software solution: patch management, vulnerability assessment and network auditing. This means that LanGuard has the potential to reduce costs as well as help secure your network. It can also be of use in asset inventory, change management, risk analysis and proving compliance.

New in 2012 SR1 is the addition of patch management capabilities for Mac OSX systems as well as traditional Windows systems. Also the new version has better compliance reporting and can create reports for a variety of standards including the Health Insurance Portability and Accountability Act (HIPAA) and the Payment Card Industry Digital Security Standard (PCI-DSS).

You can download a 30 day free trial from here.

3 Reasons Why Your Organization Needs a Network Scanner

A network scanner is a somewhat vague term. While it is easy to answer questions such as “what does a patch manager do?”, the same cannot be said of a network scanner. The main reason for this is that a network scanner, unlike a patch manager, is not designed to perform a single function. In general, a network scanner can perform a series of different tasks and checks to ensure that your network is secure against all known vulnerabilities as well as to make sure that it is configured in a secure way.

GFI LanGuard 2012 Dashboard

This is all well and good, but at the end of the day, why do you need a network scanner?

1. To ensure your software is configured securely:

An administrator’s life can be quite demanding at times. It is not enough for an administrator to make sure that any software deployed on the network works as it should but s/he also needs to make sure that this software is configured securely in a way that makes it quite hard for others to exploit.

I cannot stress enough this point. Consider a mail server, for example, that allows relaying from any source. Such a mail server would be seen as working correctly. Any person on your network would be able to send and receive emails without any issues. In fact, in terms of functionality there are no issues.

However, a mail server which relays messages from any source is prone to be discovered by spammers and it is quite likely that they will exploit it to run massive spam campaigns through it. This will lead to a severely degraded performance as your bandwidth would be flooded with spam. Moreover, such activity could get the organization into trouble, your server blacklisted internationally and your company labelled a spammer. This is why a securely configured server is a must.

2. Ensuring there are no unnecessary services or applications:

Every service or application that runs on a system is a potential security risk. One can never be absolutely sure that a service or application is not exploitable. The solution is to avoid running unnecessary services or applications and to do so you have to identify what these are.

While one can manually do a software inventory periodically, using a good network scanner will allow the administrator to do so accurately on a daily basis and be a lot more proactive.

3. Removing unused user accounts and open shares:

User accounts that are no longer required should be deleted at once. They can easily be exploited by their former owners when they leave the company especially if they were fired or they left on bad terms and hold a grudge against the organization.

Deleting accounts as soon as people leave the company is a good practice but is not always enough. Employees with a grudge might have created new user accounts on a number of systems, even more so nowadays when you can deploy virtual machines so easily. Apart from sending out alerts when new user accounts are created, a network scanner can be set to notify the administrator when an account has not been used for a long period of time.

Open shares are also common vectors used to spread malware. A good network scanner can periodically look for such unauthorized shares saving administrators from having to do lengthy inventories in order to maintain network integrity.

There are other reasons why you should be using a network scanner. For instance, to identify vulnerabilities that are hard to find manually. You can regularly monitor the network, automatically carry out audits that otherwise would take ages to complete manually.

What is important is that issues are discovered today and not in a month’s time or when something goes wrong. That is the difference between a safe network and one at risk of being exploited and compromised.

Editor Note: This guest post was provided by Emmanuel Carabott on behalf of GFI Software Ltd. GFI is a leading software developer that provides a single source for network administrators to address their network security, content security and messaging needs. Read more on the importance of using a network scanner.

Disclaimer: All product and company names herein may be trademarks of their respective owners.

The Top Nine Best Practices for Network Scanning

(LiveHacking.Com) — Systems admins and security personnel looking to get the most out of their network scanners want to make sure they are using their tools in the right way. Follow these nine best practices for network scanning, and you’ll get the best bang for your buck out of your network scanner.

1. Update regularly

Generating general network reports

Generating general network reports (Source: gfi.com)

A network scanner helps you to find when your systems are out of date, and with new vulnerabilities discovered regularly, it is critical that you update your scanner each time you go to use it. Either set up a process to check for updates daily, or run the update process each time you go to perform a scan.

2. Scan early, often, and on a schedule
Using a network scanner should be a regular part of your systems security and maintenance. You should scan early in the deployment of any new system, and scan your entire network on a regular basis, not just when someone reads about a new vulnerability. By the time a new vulnerability makes it into the press, the bad guys already know about and are attempting to exploit it.

3. Scan new systems before they go into production
You want to make sure a system is fully up-to-date before it goes into production, so you can patch it as necessary. Once it is in production change control will apply.

4. Scan everything
Scanning a subset of systems may be quicker, but scanning your entire IP range makes sure you catch everything, including those rogue systems that someone deployed outside of your normal processes.

5. Scan internally
Whether the threat is a malicious user, a worm, or just someone with too much curiosity, don’t assume your firewalls will protect your internal systems. Scan everything you have internally to make sure all systems are up-to-date.

6. Scan externally
Attackers are scanning your external networks regularly. See what they see by scanning your systems from an external network so you know exactly what is accessible to the rest of the world.

7. Check those deltas
When you perform regular scans, you can see what changes over time. Investigate any deltas between one scan and the next to confirm that any changes were appropriate and authorized.

8. Share the results
Too many companies keep the security scans a closely guarded secret. I don’t suggest you publish the results on your website, but make sure that all the admins are aware that you are scanning, see what you find, and know where their systems stand.

9. Remediate what the scanner finds
Using your network scanner to find vulnerabilities is only half the task; you must remediate what the scanner finds. Make sure that senior management understands the results of the scan, and makes remediation a priority.

Follow these nine best practices for network scanning to get the best use of your network scanner. Don’t underestimate the importance of that first step. New vulnerabilities are discovered regularly, and checking your systems with an outdated scanner is as bad as running with outdated virus definitions. The sense of false confidence can lead to disaster. Maintain your network scanner like the fine tool it is, and you’ll get years of great use out of it, helping maintain secure and updated systems.

Editor Note: This guest post was provided by Casper Manes on behalf of GFI Software Ltd. GFI is a leading software developer that provides a single source for network administrators to address their network security, content security and messaging needs. Read more on the importance of using a network scanner.

Disclaimer: All product and company names herein may be trademarks of their respective owners.

4 Key Features of Good Endpoint Security Software

(Live-Hacking.Com) – Data leakage occurs when data that should have never left the physical confines of your company’s brick and mortar walls does, and control of that data is lost. One of the main reasons why this could happen is because companies lack endpoint protection. When a user copies data to their smartphone (think contacts, critical documents that they wish to

GFI EndPointSecurity™ console

GFI EndPointSecurity™ console

review while mobile, email attachments, etc), or to a USB flash drive, your company is primed for a data leak. Endpoint protection is designed to prevent that from ever happening in the first place. Sure, you can remotely wipe smartphones, at least the ones that are compatible with your company’s policies, and you can protect data on portable media with encryption, but both of those depend in part on the end user. Whether that person is intentionally malicious, apathetic, or simply ignorant, it is entirely possible to transfer data to unprotected media, unless you prevent it in the first place through endpoint security.

There are programs on the Internet today that can turn portable media players into mass storage devices capable of automatically seeking out and downloading key data to their storage. Search for podslurping to see just how creative these applications are, and don’t forget the users with DVD/CD burners in their machines that can burn a disk with gigabytes of data. Unless they have encrypted that data, it can be read by anyone who happens to come across that disk. Some companies have gone as far as to epoxy the USB connection on machines to prevent the physical attachment of external media, but this has several problems. They won’t be able to turn such damaged hardware back in at the end of a lease; any residual value after the useful life will be greatly decreased, there are lots of legitimate uses for USB that will be prevented by this, and it is not a full solution. Search on bluesnarfing to see how users can exploit Bluetooth connections to further transfer data. Instead of ruining your hardware, implement endpoint security to protect your data.

So how can endpoint security help a company to prevent data leakage? Here are the four most important features to look for in good endpoint protection software:

  1. Agent based enforcement: Endpoint protection software should use easy to deploy, tamperproof agents which can be rolled out to users, and once on their system, be locked down so even local admins cannot disable them.
  2. Easy, central management: Good endpoint protection software should support rapid policy creation through an easy to understand wizard, that can be deployed granularly with Active Directory Group Policy, and that has the flexibility to support business needs.
  3. Information at your fingertips
  4. Real-time centralized monitoring and alerts are just the starting point for endpoint protection’s information components. Look for centralized logging and reporting, that can generate on demand and scheduled reports.
  5. Flexibility:The one thing you can count on is that no matter what you set up, you will need exceptions. Whether you need to provide temporary access, allow systems admins or security personnel to bypass restrictions, or implement white-lists and blacklists, look for an endpoint protection that is not going to lock you down so tightly that it breaks business processes.

By deploying endpoint security, you are taking reasonable steps to prevent data leakage and protecting your company’s data and that of your customers. Endpoint protection makes good business sense in today’s environment where a data leakage can cost a company millions in reporting and monitoring, and cause irreparable damage to a company’s reputation.

Editor Note: This guest post was provided by Casper Manes on behalf of GFI Software Ltd. GFI is a leading software developer that provides a single source for network administrators to address their network security, content security and messaging needs. Learn more on how to make the best out of endpoint security.

Disclaimer: All product and company names herein may be trademarks of their respective owners.

5 Ways to Create the Right Patch Management Policy

While patch management is, conceptually, a straightforward task, its correct implementation is not always that simple. One might be tempted to simply deploy patches on a need to basis without giving it much thought; however, in order for patch management to be fully effective, the right patch management policy is required, as without it patch management could become the threat you’re actually trying to prevent.5 Ways to Create the Right Patch Management Policy

So what makes the right patch management policy?

1. Inventory

Without knowing which software or systems need patching, no proper patch management process can exist. While this might seem obvious, it’s a step often overlooked in a company’s patch management policy. An inventory is also required when testing environments are created – an essential item in any patch management policy. Inventories can be done manually, however it’s wise to either have scripts that automate the process to a degree, or use a network scanner to do the job.

2. Monitoring

Every patch management policy needs a process that can identify which patches are missing or outdated, and this can be achieved by either monitoring vendor sites or using patch management detection software.

3. Testing

Once an administrator determines and downloads the patches needed on the network, it is essential that they are tested before they are deployed to make sure that that they are working well across all systems. Test environments that perfectly mimic the actual environments that the patches will be deployed on are needed. A blueprint for such environments ought to be prepared during the inventory step. As time goes by it’s important to keep the test environments in line with the actual environments. This can be done by comparing inventories or through the use of software which can notify the administrator when environments change.

4. Deployment and Verification

This is another pitfall. For many, their patch management process does not include verification but just deployment; however, the right patch management policy requires both. If the deployment fails for any reason, especially if the whole process of deployment is unattended, it can easily happen that the failure goes unnoticed thus giving the administrator a false sense of security. To avoid this, ensure that there is a way to determine the patch level of each machine and confirm that all the patches deployed were successful.

5. Disaster Recovery

No matter how many precautions are taken and how many tests are run, there is no guarantee that a patch deployment will not cause issues. Computer software is complex and it is impossible to test all possible combinations, especially when you factor hardware and chipsets in. Therefore, it is essential that a patch management policy includes a section on disaster recovery, so, should things go wrong, an administrator will be able to quickly recover the network to a working state.

Without the right patch management policy in place, patch management can indirectly be a security risk since the patch deployment itself can cause issues and possibly downtime. Once designed, the patch management policy will require a little extra effort; however, this is a much more favourable option than the effort spent trying to fix a broken environment, not to mention the loss of productivity.

Editor Note: This guest post was provided by Casper Manes on behalf of GFI Software Ltd. GFI is a leading software developer that provides a single source for network administrators to address their network security, content security and messaging needs. Learn more about creating the right patch management policy.

Disclaimer: All product and company names herein may be trademarks of their respective owners.

Why Do We Need Patch Management?

(LiveHacking.Com) – Patch management is a key function for anyone working in IT and is responsible for the network. There are various reasons why patch management is so important and how, if neglected, can lead to service disruptions or give cyber criminals access to the network where they can steal data or cause serious damage.

Computers work by running software that performs different operations. Operating systems, for example, are a list of instructions which the computer runs one after the other in order to do a task that the vendor intended.

From time to time, vendors will see the need to update their products to improve performance or to address some security issue and patch management is the process that makes changes to a program as per vendor’s specifications.

Why Would a Vendor want to update their software?

GFI LanGuard shows missing updates

GFI LanGuard shows missing updates

The primary reason is that the software contains errors. Errors in coding or more specifically in the logic flow of a program can lead to a malicious attacker exploiting the logic to make the program perform in a way that the vendor never intended it to. This could cause either a service disruption or, even worse, allow an attacker to manipulate the program so that it runs the code the attacker wants and, in so doing, giving him or her control over the system.

Programs are quite complex and based on millions of lines of such instructions. It is fair to say that every piece of software contains errors which cause some type of side effect. In many cases, these errors often go unnoticed, however if an error causes a major problem, then a vendor is in a race against time to correct the problem. The longer it takes to correct the errors, the greater the window of opportunity for malicious people exploit the error and target those who are using the software.

What are the risks if a system is unpatched?

Systems that are not regularly patched can experience a number of issues, including:

  • Intrusions – Malicious attackers can gain access to your system and:
    • Turn it into a botnet – your computer is taken over and used to launch attacks on other computers or used to send spam
    • Steal Information and/or install mechanisms to spy on all that happens on that computer and other PCs on your network in the future
    • Create /Install a Backdoor or Rootkit – The attacker might install software allowing him easy access to the computer even if the issue is subsequently patched
    • Hacktivism – The attacker might gain access to your web server in order to change it to display political/activism messages
    • Beachhead – the attacker might use this machine to run further attacks on your network to gain access to more critical/valuable systems
  • Denial of Service – The attacker might use the coding error to crash your system
  • Stability – Coding Errors are a problem not only when someone tries to exploit them but bad code can cause a system to fail on its own if not fixed.
  • Performance – Sometimes a vendor may issue a patch to boost the program’s performance and provide additional value to the customer.

Vendors do not issue patches if it is not essential for their customers. Creating a Patch involves a lot of work for a vendor in terms of development and testing. A robust patch management policy and system can help administrators promptly install patches when a vendor issues them and thereby ensure that systems are up-to-date and error-free.

Editor Note: This guest post was provided by Emmanuel Carabott on behalf of GFI Software Ltd. GFI is a leading software developer that provides a single source for network administrators to address their network security, content security and messaging needs. Read more on patch management.

Disclaimer: All product and company names herein may be trademarks of their respective owners.

 

4 Important Reasons to Use a Vulnerability Scanner

(LiveHacking.Com) — As a network administrator, could you honestly say that you are up-to-date on every new vulnerability which could affect the security of your operating systems and software products on your network? The sheer volume and frequency of this information makes it extremely difficult for a single individual to know it all, and other day-to-day tasks often get in the way. Using a vulnerability scanner can take off some of this responsibility from your shoulders, giving you peace of mind. Here are four reasons why using a vulnerability scanner will make your life easier:

GFI LANguard - Dashboard

GFI LANguard - Dashboard

  1. Good vulnerability scanners make use of highly detailed databases of known vulnerabilities and scan your systems to give you a realistic view of how secure they are. An extraordinary amount of manual checking would be required to stay in control of this without the help of dedicated software.
  2. It is practically impossible to manually keep track of certain small issues, such as individual open ports on a laptop or an antivirus product disabled by a user. Using a vulnerability scanner to alert you to these new security glitches reduces the quantity of manual checking that is otherwise required to ensure they don’t go unnoticed.
  3. Change management can be burdensome for a busy IT team, but if you fail to stay on top of it, it can be difficult to track the cause of new problems on your systems. A good vulnerability scanner maintains a list of significant network changes, and can also alert you to changes you may otherwise have been unaware of – a very useful feature if you have several technicians all capable of making configuration adjustments.
  4. You probably don’t enjoy trying to keep control of the numerous patches that have to be installed on your networked systems. Ranging from large operating system service packs to small patches that seal holes in software utilities, updates cannot be ignored. You can however minimize the late nights in the office and dark weekends in the server room by making use of the patch management facilities that form part of a robust vulnerability scanner solution.

These solutions also lower the risk of forgetting to apply important updates to those machines not instantly visible, such as the laptops hidden in desk drawers. Software auditing features can alert you when a machine appears on the LAN inadequately patched. Without these alerts, a computer runs the risk of being unprotected until is it picked up during your next manual update—not something that will be fun to explain to a chief executive if it results in your system being exploited.

Vulnerability scanners can remove some of the more routine and, let’s face it, sometimes rather dull tasks involved in managing an office network. At the same time, these solutions can help to ensure you meet all of your compliance obligations. Most importantly, they can help you, as an IT professional, to sleep more soundly at night!

Editor note: This guest post was provided by Ben Taylor on behalf of GFI Software Ltd. GFI is a leading software developer that provides a single source for network administrators to address their network security, content security and messaging needs. More information: GFI vulnerability scanner .

Disclaimer: All product and company names herein may be trademarks of their respective owners.