By definition, every day is “historic”, but there are clearly some events that will be remembered through the annals of history more than others. Today is the inauguration of the 44th President of the United States; and boy is it a day filled with history. It’s also a day filled with a big honking data breach.
In tonight’s episode we talk about what the new administration revealed about their technology policy agenda. We also discuss worms on military systems in the UK, the security metrics of laughter, and disclosure gone bad. Again. Through all this Rich comes a little unhinged in a series of rants that cover the First Amendment, goths, and New Zealand strip clubs. Martin makes a bad submarine joke.
Secunia Research 20/01/2009
- Trend Micro Network Security Component Vulnerabilities -
======================================================================
Table of Contents
Affected Software....................................................1
Severity.............................................................2
Vendor's Description of Software.....................................3
Description of Vulnerability.........................................4
Solution.............................................................5
Time Table...........................................................6
Credits..............................................................7
References...........................................................8
About Secunia........................................................9
Verification........................................................10
======================================================================
1) Affected Software
* Trend Micro Internet Security 2007
* Trend Micro Internet Security 2008 17.0.1224
* Trend Micro OfficeScan 8.0 SP1 Patch 1
NOTE: Other versions may also be affected.
======================================================================
2) Severity
Rating: Less critical
Impact: Denial of Service
Privilege Escalation
Where: Local system
======================================================================
3) Vendor's Description of Software
"Trend Micro Internet Security provides smart, up-to-date protection
for your home network against present and future threats without
slowing down your PC.".
Product Link:
http://us.trendmicro.com/us/products/personal/internet-security/
======================================================================
4) Description of Vulnerability
Secunia Research has discovered vulnerabilities in Trend Micro Network
Security Component (NSC) modules as bundled with various products.
These can be exploited by malicious, local users to cause a DoS
(Denial of Service) or potentially gain escalated privileges.
1) Input validation errors exist in the firewall service (TmPfw.exe)
within the "ApiThread()" function when processing packets sent to the
service (by default port 40000/TCP). These can be exploited to cause
heap-based buffer overflows via specially crafted packets containing a
small value in a size field.
Successful exploitation may allow execution of arbitrary code with
SYSTEM privileges.
2) Input validation errors exist in the firewall service (TmPfw.exe)
within the "ApiThread()" function when processing packets sent to the
service (by default port 40000/TCP). These can be exploited to crash
the service via specially crafted packets containing an overly large
value in a size field.
======================================================================
5) Solution
Apply patch for OfficeScan 8.0 SP1 Patch 1.
A fix for Trend Micro Internet Security should be available shortly.
======================================================================
6) Time Table
17/10/2008 - Vendor notified.
18/10/2008 - Vendor response.
14/12/2008 - Vendor provides hotfix for testing.
19/12/2008 - Vendor informed that hotfix fixes vulnerabilities.
18/01/2009 - Vendor issues fix for OfficeScan 8.0 SP1 Patch 1.
20/01/2009 - Public disclosure.
======================================================================
7) Credits
Discovered by Carsten Eiram, Secunia Research.
======================================================================
8) References
The Common Vulnerabilities and Exposures (CVE) project has assigned
the following CVE identifiers:
* CVE-2008-3864 (DoS via large size value)
* CVE-2008-3865 (buffer overflow)
Trend Micro:
http://www.trendmicro.com/ftp/documentation/readme/
OSCE8.0_SP1_Patch1_CriticalPatch_3191_Readme.txt
======================================================================
9) About Secunia
Secunia offers vulnerability management solutions to corporate
customers with verified and reliable vulnerability intelligence
relevant to their specific system configuration:
http://secunia.com/advisories/business_solutions/
Secunia also provides a publicly accessible and comprehensive advisory
database as a service to the security community and private
individuals, who are interested in or concerned about IT-security.
http://secunia.com/advisories/
Secunia believes that it is important to support the community and to
do active vulnerability research in order to aid improving the
security and reliability of software in general:
http://secunia.com/secunia_research/
Secunia regularly hires new skilled team members. Check the URL below
to see currently vacant positions:
http://secunia.com/corporate/jobs/
Secunia offers a FREE mailing list called Secunia Security Advisories:
http://secunia.com/advisories/mailing_lists/
======================================================================
10) Verification
Please verify this advisory by visiting the Secunia website:
http://secunia.com/secunia_research/2008-42/
Complete list of vulnerability reports published by Secunia Research:
http://secunia.com/secunia_research/
======================================================================
Source: www.securityfocus.com
Introduction
In every organization or even a home that has a network, security is one of the important issue. Having a strong network security means you have decreased a success chance of hackers or malicious people that try to break into your network. Hence, reduce the loss of damage from them. I’m using the word ‘decrease’ mean that there is no way to completely secure the network without any threat and risk. It is a challenge task for network administrators to harden the network to be secure as possible.
One way to enhance network security, you can implement Network Access Control (NAC) or Network Admission Control. This will allow only certain devices such as PC, laptop, PDA, etc. to access the network’s resources. Thus, limiting the potential damage from emerging security threats and risks. In this post, I’ll talk about a feature on Cisco’s products which is “Port Security”. Port Security is a feature on Cisco’s products that help you to protect unauthorized access to the network by restrict MAC Addresses that can be connected to interface on the switch. So only defined MAC Addresses can have accessed to the network. If a user attempts to connect a new device (E.g, laptop) on the port which has already enabled port security and the port has reach the maximum allow MAC Addresses, the device won’t have access to the network until an administrator changes the configuration on the swtich.
The features of Port Security are
* Restrict only specified MAC Addresses on a certain port. Devices that have other MAC Addresses can’t connect to the network.
* Restrict a number of MAC Addresses on a certain port. The port inserts MAC Address dynamically to the configuration when a new device has plugged in until it reach the maximum allowed MAC Addresses.
* Set aging time and type for secure MAC Addresses. This feature, remove and add PCs on a secure port without manually deleting the existing secure MAC addresses while still limiting the number of secure addresses on a port.
* Enable/Disable to send a SNMP Trap if there is any violation detected.
To configure a port security,
* A secure port cannot be a trunk port.
* A secure port cannot be a destination port for Switch Port Analyzer (SPAN).
* A secure port cannot belong to an EtherChannel port-channel interface.
* A secure port cannot be an 802.1X port. If you try to enable 802.1X on a secure port, an error message appears, and 802.1X is not enabled. If you try to change an 802.1X-enabled port to a secure port, an error message appears, and the security settings are not changed.
* A secure port and static MAC address configuration are mutually exclusive.
Secure MAC Addresses
Types of secure MAC Addresses
1. Static secure MAC addresses. These are manually configured by using the switchport port-security mac-address mac-address interface configuration command, stored in the address table, and added to the switch running configuration.
2. Dynamic secure MAC addresses. These are dynamically configured, stored only in the address table, and removed when the switch restarts.
3. Sticky secure MAC addresses. These can be dynamically learned or manually configured, stored in the address table, and added to the running configuration. If these addresses are saved in the configuration file, when the switch restarts, the interface does not need to dynamically reconfigure them.
You can configure an interface to convert the dynamic MAC addresses to sticky secure MAC addresses and to add them to the running configuration by enabling sticky learning. After you’ve enabled sticky learning, the interface converts all the dynamic secure MAC addresses, including those that were dynamically learned before sticky learning was enabled, to sticky secure MAC addresses. All sticky secure MAC addresses are added to the running configuration.
The sticky secure MAC addresses do not automatically become part of the configuration file, which is the startup configuration used each time the switch restarts. If you save the sticky secure MAC addresses in the configuration file, when the switch restarts, the interface does not need to relearn these addresses. If you do not save the sticky secure addresses, they are lost.
If sticky learning is disabled, the sticky secure MAC addresses are converted to dynamic secure addresses and are removed from the running configuration.
Port Security Options
Violation Mode
1. Protect. Drops packets with unknown source addresses until you remove a sufficient number of secure MAC addresses to drop below the maximum value.
2. Restrict. Drops packets with unknown source addresses until you remove a sufficient number of secure MAC addresses to drop below the maximum value and causes the SecurityViolation counter to increment.
3. Shutdown. Puts the interface into the error-disabled state immediately and sends an SNMP trap notification. You can bring it out of this state by entering the errdisable recovery cause psecure-violation global configuration command, or you can manually re-enable it by entering the shutdown and no shut down interface configuration commands. This is the default mode.
Security Violation Mode Actions
Violation Mode Sends SNMP trap Sends syslog message Violation counter increments Shuts down port
protect No No No No
restrict Yes Yes Yes No
shutdown Yes Yes Yes Yes
Aging
1. Static. Enables aging for statically configured secure addresses on this port.
2. Time. Specifies the aging time for this port. Valid range for aging time is from 0 to 1440 minutes. If the time is equal to 0, aging is disabled for this port.
3. Type. Sets the aging type as absolute or inactivity.
Aging Type
1. Absolute. All the secure addresses on this port ago out exactly after the time (minutes) specified and are removed from the secure address list.
2. Inactivity. The secure addresses on this port ago out only if there is no data traffic from the secure source address for the specified time period.
Now you have understand the basic. Next, I’ll show example configuration to enable port security on a Cisco Switch C2960 Serie. See Secure the Network using Cisco Port Security, Part II: Configuration.
Astaro Security Linux is an award-winning, unique network security solution in an integrated and easy-to-use and manage package. Astaro Security Linux includes a combination of the following security applications
- A Firewall with stateful packet inspection and application proxies guards Internet communications traffic in and out of the organization.
- A Virtual Private Network (VPN) gateway assures secure communications with remote offices, road warriors, and telecommuters.
- Anti-Virus defends computers from both email and web-bourne viruses.
- Intrusion Protection detects and stops hostile probes and application-based attacks.
- Spam Filtering eliminates the productivity drain of opening and deleting unsolicited emails.
- Surf Protection (Content Filtering) and Spyware Protection improve productivity by blocking inappropriate web activities, provide full protection from user tracking threats and violation of privacy.
Network Security Analyst
To monitor and analyze internet traffic for security breaches or denial of services attack, and apply mitigation technique to counter such incidents to ensure timely, secured and resilient delivery of IT services to the customers
Key Accountability Areas
* Measure and establish the network baseline to identify non-conformance activities and trend-analysis and engage counter-measures when necessary.
* Develop and continuously improve the network security infrastructure to support the changing business needs effectively.
* Develop standard operating procedures for network maintenance and monitoring to provide 24x7 network availability.
* Plan, design and implement network Capacity Management to manage resources and predict the need for additional capacity proactively so as to support the growth of the company.
* Analyse and lead the process of incident/problem management by diagnosing the occurrence of incidents/attacks and then rectify the underlying problems.
* To constantly analyse, review and maintain the security baseline required by performing risk and vulnerability and assessment to ensure the balancing of the resources available and the requirement of sufficient security measures for effective protection of our Intellectual property and business continuity.
Other Duties & Responsibilities
* To assess, recommend, lead and implement security controls and modules to ensure sufficient protection of corporate intellectual property and business continuity of customers.
* To conduct security review on all planned new hardware and software to ensure there are no compromises to security standards and procedures.
* Handle customers request, ticketing and follow up.
* 24x7 rotating shift.
Qualifications
* Diploma or Degree
* Network and Security professional certificates like CCIE highly desired.
Job Description:
* Respond, investigate and troubleshoot security device issues raised by manual and automated monitoring systems Implement customer specified security policies on managed devices.
* Ensure customer Service Level Agreements (SLA) are met and any other performance metrics set forth by SOC management.
* Ensure that all trouble and change management tickets are completely documented, accurate, and technically sound.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment