File Integrity Monitoring and SIEM - Why Layered Security Is Essential to Combat the APT

Every time the headlines are full of the latest Cyber Crime or malware Scare story such as the Flame virus, the need to review the security standards employed by your organization takes on a new level of urgency.

The 2012 APT (Advanced Persistent Threat)

The Advanced Persistent threat differs from a regular hack or Trojan attack in that it is as the name suggests, advanced in technology and technique, and persistent, in that it is typically a sustained theft of data over many months.

So far the APT has largely been viewed as Government sponsored cyber-espionage in terms of the resources needed to orchestrate such an attack, such as the recent Flame malware which appears to have been a US or Israeli backed espionage initiative against Iran. However you always see the leading edge of technology become the norm a year later, so expect to see APT attacks reach the more mainstream, competitor-backed industrial espionage, and 'hacktivist' groups like Lulzsec and Anonymous adopting similar approaches.

The common vector for these attacks is a targeted spear phishing infiltration of the organization. Using Facebook, LinkedIn or other social media makes identification of targets much easier today, and also what kind of phishing 'bait' is going to be most effective in duping the target into providing the all-important welcoming click on the tasty links or downloads offered.

Phishing is already a well-established tool for Organized Crime gangs who will utilize these same profiled spear phishing techniques to steal data. As an interesting aside regarding organized crimes' usage of 'cybermuscle', it is reported that prices for botnets are plummeting at the moment due to oversupply of available robot networks. If you want to coerce an organization with a threat of disabling their web presence, arm yourself with a global botnet and point it at their site - DDOS attacks are easier than ever to orchestrate.

Something Must Be Done...

To be clear on what we are saying here, it isn't that AV or firewalls are no use, far from it. But the APT style of threat will evade both by design and this is the first fact to acknowledge - like the first step for a recovering alcoholic the first step is to admit you have a problem!

By definition, this kind of attack is the most dangerous because any attack that is smart enough to skip past standard defense measures is definitely going to be one that is backed by a serious intent to damage your organization (note: don't think that APT technology is therefore only an issue for blue chip organizations - that may have been the case but now that the concepts and architecture of the APT is in the mainstream, the wider hacker and hacktivist communities will already have engineered their own interpretations of the APT)

So the second fact to take on board is that there is an 'art' to delivering effective security and that requires a continuous effort to follow process and cross-check that security measures are working effectively.

The good news is that it is possible to automate the cross-checks and vigilance we have identified a need for, and in fact there are already two key technologies designed to detect abnormal occurrences within systems and to verify that security best practices are being operated.

FIM and SIEM - Security Measures Underwritten

File Integrity Monitoring or FIM serves to record any changes to the file system i.e. core operating system files or program components, and the systems' configuration settings i.e. user accounts, password policy, services, installed software, management and monitoring functions, registry keys and registry values, running processes and security policy settings for audit policy settings, user rights assignment and security options. FIM is designed to both verify that a device remains hardened and free of vulnerabilities at all time, and that the filesystem remains free of any malware.
Therefore even if some form of APT malware manages to infiltrate a critical server, well implemented FIM will detect file system changes before any rootkit protective measures that may be employed by the malware can kick in.

Likewise SIEM, or Security Information and Event Management, systems are designed to gather and analyze all system audit trails/event logs and correlate these with other security information to present a true picture of whether anything unusual and potentially security threatening is happening.

It is telling that widely adopted and practiced security standards such as the PCI DSS place these elements at their core as a means of maintaining system security and verifying that key processes like Change Management are being observed.

At the core of any comprehensive security standard is the concept of layered security - firewalling, IPS, AV, patching, hardening, DLP, tokenization, secure application development and data encryption, all governed by documented change control procedures and underpinned by audit trail analysis and file integrity monitoring. Even then with standards like the PCI DSS there is a mandated requirement for Pen Testing and Vulnerability Scanning as further checks and balances that security is being maintained.

Summary

In summary, your security policy should be built around the philosophy that technology helps secure your organizations' data, but that nothing can be taken for granted. Only by practicing continuous surveillance of system activity can you truly maintain data security, very much the essence of the Art of Layered Security.

NNT is a leading provider of PCI DSS and general Security and Compliance solutions. As both a File Integrity Monitoring Software Manufacturer and Security Services Provider, we are firmly focused on helping organisations protect their sensitive data against security threats and network breaches in the most efficient and cost effective manner.
NNT solutions are straightforward to use and offer exceptional value for money, making it easy and affordable for organisations of any size to achieve and retain compliance at all times. Each product has the guidelines of the PCI DSS at its core, which can then be tailored to suit any internal best practice or external compliance initiative.

Use and distribution of this article is subject to our Publisher Guidelines
whereby the original author's information and copyright must be included.

View the original article here

New IT Policy Designed to Promote E-Service Delivery

The forthcoming IT policy of the Kerala government will give stress upon e-services delivery to citizens as one of the focused areas.Principal Secretary (Information Technology) P. H. Kurian told a Central team visiting the State to review implementation of e-governance programmes that a futuristic, integrated service delivery framework had been chalked out by the Kerala State IT Mission. It envisaged a single identity for citizens to log in to a State portal to access the services. A detailed, long-term plan is under preparation now in consultation with all departments, focussing on high volume.The Central team, led by Sathya Narayana, Secretary, Department of Electronics and Information Technology, reviewed the progress of various eGovernance initiatives undertaken by the State, particularly the e-district programme and the State Service Delivery Gateway programme. The team held discussions with the chief secretary and other government secretaries on the integrated e-governance delivery services to be rolled out in the State.An official release said that the team had expressed satisfaction about the progress of various programmes and had explored the possibility of replicating some of the successful e-models of Kerala such as the e-literacy programme, common service centres and e-district programme in other States.

e-district is a State Mission Mode Project under the National e-Governance Plan. It seeks to provide integrated, seamless and online delivery of citizen services at the district-level through automation of work flow, back-end digitisation, integration and process redesign.

This project targeted high volume services delivered at the district-level and to undertake back-end computerisation to enable the delivery of citizen services through Akshaya centres.The state government has implemented the pilot phase of e-district project in Kannur and Palakad and delivery of 23 revenue certificates have been made online. An estimated eight lakh e-applications have been processed during the pilot run and certificates issued in 80 per cent of the cases. The e-district services are proposed to be rolled out to rest of Kerala in a year's time.The State Service Delivery Gateway project was formulated under the National E-governance Plan to fulfil the vision of integrating all services across departments and provide the same through common service centres and State portals.

The eGov magazine enjoys the distinction of being Asia's first magazine on e-Governance. Founded in 2005, the monthly magazine is published in both print and online formats, and is focussed exclusively on the use of Information and Communication Technology (ICT) for bringing efficiency, accountability and transparency to various citizen and business related initiatives of the government.

No other magazine in Asia offers readers such in-depth coverage of new e-Governance models. We cover all aspects of eGovernance - from new technological advances in ICT to the ways in which common citizens benefit when their interactions with government departments are through digital interfaces and the myriad issues involved in implementation of e-Governance initiatives.The eGov magazine's biggest advantage is its ability to carry the views of all the stakeholders in e-Governance domain - policy makers, experts, industry leaders, administrators and the academia. Our experienced team of editors, researchers, and marketers take a 360-degree approach for creating content - breaking news, feature articles and interviews - that can keep our steadily growing global audience well informed on issues of e-Governance. The who's who in the industry disseminate their ideas and innovations through the pages of our magazine.

The eGov magazine enjoys the distinction of being Asia's first magazine on e-Governance. Founded in 2005, the monthly magazine is published in both print and online formats, and is focussed exclusively on the use of Information and Communication Technology (ICT) for bringing efficiency, accountability and transparency to various citizen and business related initiatives of the government.

Use and distribution of this article is subject to our Publisher Guidelines
whereby the original author's information and copyright must be included.

View the original article here

Android OS overtakes Apple; smart phone sales explode

Just in case the ubiquitous iPhone was getting on your last nerve, Google’s Android-based handsets have arrived to knock Apple off its pedestal and make the world safe for other smart phones. According to a report by market analysts Gartner Inc., Android exploded in the second fiscal quarter, leapfrogging right over the iPhone to become the No. 1 seller in America and No. 3 in the world. Nokia and BlackBerry have the largest market shares planetwide.

Sales of smart phones in general rose 50 percent in Q2, and Fortune predicts phones will outsell PCs in short order. CNET details the rise in HTC device sales, and Fast Company takes a look at Motorola’s weak results, despite its Droid phones.

In other smart phone news, India has reached the end of its rope with BlackBerry over monitoring within its borders, PC World is talking about the development of a phone for gamers, and ZDNet is covering the Samsung Epic 4G pre-orders that begin tomorrow.

View the original article here

Internet runs out of IP addresses as devices grow

The spread of Internet use in Asia and the proliferation of Internet-connected phones worldwide are causing the Internet to run out of numerical addresses, which act as “phone numbers” to ensure that surfers reach websites and e-mails find their destination.

The top-level authority that governs such addresses will distribute the last batches on Thursday, two people with knowledge of the situation told The Associated Press. They spoke on condition of anonymity because a formal announcement wasn’t planned until Thursday.

That doesn’t mean consumers will suddenly find websites unreachable, though. And if everything goes according to plan, Internet users won’t even notice.

“It will just be ‘business as usual’ if everyone gets their job done,” said John Curran, CEO of the American Registry for Internet Numbers, or ARIN, one of five regional groups that dole out such addresses. ARIN covers the U.S., Canada and the Caribbean.

The Internet Assigned Numbers Authority, the top-level administrator of the system, has called a press conference in Miami on Thursday. One person said its last five “blocks” of Internet Protocol, or IP, addresses will be distributed then. These blocks, each with 16.8 million addresses, will be distributed to the regional registries. That means the regional groups will have IP addresses to distribute further to Internet service providers, websites and others before running out. Curran expects to deplete his allotment in six to nine months.

The current Internet address system, Internet Protocol version 4, has been in place since the 1980s. It allows for a theoretical maximum of 4.3 billion addresses in use, far beyond what was thought necessary for what was then mainly a network for academic use.

Engineers have known for years that the pool of these IP addresses would one day run out. Websites and service providers have been experimenting with a new technology that allows for many more addresses — an infinite number, for all practical purposes. But many have been slow to do so because of a lack of immediate benefits. The exhaustion of IP addresses at the top level puts pressure on them to move more quickly.

The new system is called Internet Protocol version 6, or IPv6. Curran said only about 2 percent of websites support it. However, many of those are the most-visited sites on the Internet, including Google and Facebook. He expects smaller sites to scramble for IPv6 addresses now.

As Internet service providers run out of IPv4 addresses, they’ll have to give subscribers IPv6 addresses. The challenge lies in connecting them to websites that have only IPv4 addresses. In essence, IPv4 and IPv6 are different “languages.” Several “translation” technologies are available, but they haven’t been tested on a large scale, Curran said. That could lead to problems reaching some websites, or slow surfing.

“We’re estimating how these boxes will work, but we haven’t seen one deployed with tens of thousands of customers on it yet,” Curran said.

The “end game” — the distribution of the last five blocks — was triggered by the distribution of two of the last seven blocks on Tuesday. They went to the Asia Pacific Network Information Centre, the regional registry for East Asia (including India), Australia and the Pacific islands.

Continue Reading Close

View the original article here

After 49 Cows Went Missing From a Farm in Massachusetts, They Were Discovered At An Auction in Pennsylvania

photo via thepapnews.com

Either bandits with a really large vehicle made a clean get away, or UFO’s do exist, and they abducted more than four dozen grazing bovine—either way, police in Dartmouth said tons of cows went missing.

According to SouthCoastToday.com, 49 cows were allegedly stolen from a farm in Dartmouth over the weekend, but locals were saying little about the strange incident.

WCVB later reported the cows were discovered at an auction site in Pennsylvania, and the cows’ owner was on his way down to retrieve them.

Police told SouthCoastToday that sometime between 10 p.m. and midnight on Saturday someone had swiped the animals from a “communal farm” in Dartmouth and they had”a few ideas” as to what happened to the black-and-white spotted creatures.

Police estimated the cows were worth roughly $50,000, according to the report.

Police are investigating.

View the original article here

Jury rules for Apple in landmark tech suit

SAN JOSE, Calif. — After a year of scorched-earth litigation, a jury decided Friday that Samsung ripped off the innovative technology used by Apple to create its revolutionary iPhone and iPad.

The jury ordered Samsung to pay Apple $1.05 billion. An appeal is expected.

Apple Inc. filed its patent infringement lawsuit in April 2011 and engaged legions of the country’s highest-paid patent lawyers to demand $2.5 billion from its top smartphone competitor. Samsung Electronics Co. fired back with its own lawsuit seeking $399 million.

During closing arguments, Apple attorney Harold McElhinny claimed Samsung was having a “crisis of design” after the 2007 launch of the iPhone, and executives with the South Korean company were determined to illegally cash in on the success of the revolutionary device.

Samsung’s lawyers countered that it was simply and legally giving consumers what they want: Smart phones with big screens. They said Samsung didn’t violate any of Apple’s patents and further alleged innovations claimed by Apple were actually created by other companies.

Samsung has emerged as one of Apple’s biggest rivals and has overtaken Apple as the leading smartphone maker.

Samsung’s Galaxy line of phones run on Android, a mobile operating system that Google Inc. has given out for free to Samsung and other phone makers.

Samsung conceded that Apple makes great products but said it doesn’t have a monopoly on the design of rectangle phones with rounded corners that it claimed it created.

The trial came after each side filed a blizzard of legal motions and refused advisories by U.S. District Judge Lucy Koh to settle the dispute out of court.

Deliberations by the jury of seven men and two women began Wednesday.

Samsung has sold 22.7 million smartphones and tablets that Apple claimed uses its technology. McElhinny said those devices accounted for $8.16 billion in sales since June 2010.

Apple and Samsung combined account for more than half of global smartphone sales.

As part of its lawsuit, Apple also demanded that Samsung pull its most popular cellphones and computer tablets from the U.S. market.

From the beginning, legal experts and Wall Street analysts viewed Samsung as the underdog in the case. Apple’s headquarters is a mere 10 miles from the courthouse, and jurors were picked from the heart of Silicon Valley where Apple’s late founder Steve Jobs is a revered technological pioneer.

While the legal and technological issues were complex, patent expert Alexander I. Poltorak previously said the case would likely boil down to whether jurors believe Samsung’s products look and feel almost identical to Apple’s iPhone and iPad.

To overcome that challenge at trial, Samsung’s lawyers argued that many of Apple’s claims of innovation were either obvious concepts or ideas stolen from Sony Corp. and others. Experts called that line of argument a high-risk strategy because of Apple’s reputation as an innovator.

Apple’s lawyers argued there is almost no difference between Samsung products and those of Apple, and presented internal Samsung documents they said showed it copied Apple designs. Samsung lawyers insisted that several other companies and inventors had previously developed much of the Apple technology at issue.

The U.S. trial is just the latest skirmish between the two tech giants over product designs. Previous legal battles were fought in Australia, the United Kingdom and Germany.

The U.S. case is one of some 50 lawsuits among myriad telecommunications companies jockeying for position in the burgeoning $219 billion market for smartphones and computer tablets.

A jury has ruled for Apple in its huge smartphone patent infringement case involving Samsung and ordered Samsung to pay $1.5 billion.

The verdict was reached Friday.

In its lawsuit filed last year, Apple Inc. had demanded $2.5 billion while accusing Samsung of ripping off the design technology of iPhones and iPads.

During closing arguments at the trial, Samsung attorney Charles Verhoeven called that demand ridiculous and asked the jury to award Samsung $399 million after claiming Apple used Samsung Electronics Co. technology without proper compensation.

The two companies lead the $219 billion market for smartphones and computer tablets. They are enmeshed in similar lawsuits in the United Kingdom, Germany and Australia.

Continue Reading Close

View the original article here

New Blackberry Torch tries to take a bite out of Apple

Research in Motion, maker of Blackberrys and Blackberry addicts, unveiled its new 9800 Torch model today, complete with new Blackberry 6 operating system, touch screen and fancy slider construction. There was a big press conference scheduled to reveal the shiny new toy, but AT&T (the exclusive carrier of this smart phone) accidentally posted all the information on its site early.

PC Magazine calls the Torch “new and different enough” after a hands-on test. Bloomberg is reporting that this year will also see a RIM tablet device, built to compete with the iPad. The San Francisco Chronicle covers the Blackberry-iPhone competition, and MarketWatch has its eye on Research in Motion’s stock value today.

Adding to the heady storm of news around the Blackberry manufacturer is the discussion of a ban on some of the phones’ functions in the United Arab Emirates, and Reuters is reporting that RIM will allow India to monitor its services and will block 3,000 porn sites that have other countries up in arms. Watch the Blackberry 9800 Torch launch video from Engadget below:

Continue Reading Close

View the original article here

Nokia, Microsoft in pact to take on Apple, Google

Technology titans Nokia and Microsoft are combining forces to make smart phones that might challenge rivals like Apple and Google and revive their own fortunes in a market they have struggled to keep up with.

Nokia Corp., the world’s largest maker of mobile phones, said Friday it plans to use Microsoft Corp.’s Windows Phone software as the main platform for its smart phones in an effort to pull market share away from Apple’s iPhone and Android, Google’s software for phones and tablets.

The move marks a major strategy shift for Nokia, which has previously equipped devices with its own software. Analysts said the deal was a bigger win for Microsoft than Nokia, whose CEO Stephen Elop in a leaked memo this week compared his company to a burning oil platform with “more than one explosion … fueling a blazing fire around us.”

Nokia said the partnership would “deliver an ecosystem with unrivaled global reach and scale.” However, it warned that the new strategy would also bring “significant uncertainties,” and said it expects profit margins to be hit by strong competition from rivals.

Nokia’s share price plunged 9 percent to euro7.43 ($10.11) in afternoon trading in Helsinki.

Elop, a Canadian national, joined Nokia from a senior executive position at Microsoft last year. The first non-Finn to lead Nokia, he is under intense pressure to reverse the company’s market share losses to North American and Asian competitors.

“Nokia is at a critical juncture, where significant change is necessary and inevitable in our journey forward,” Elop said. He added the company was aiming at “regaining our smart phone leadership, reinforcing our mobile device platform and realizing our investments in the future.”

Speaking later to analysts in London, he declined to say when Nokia would introduce a new device running on Windows Phone. But he said Nokia won’t bury its own Symbian operating system or the new Meego platform that it is currently developing.

The Symbian technology is being used in 200 million phones with 150 million more expected on the market, Elop said.

Android surpassed Symbian to become the world’s No. 1 smart phone software in the fourth quarter of last year, according to the Canalys research firm.

Microsoft CEO Steven Ballmer said the partnership would give the team “more innovation, greater global reach and scale.”

“We need to, and we will, collaborate closely on development … so we can really align and drive the future revolution of the mobile phone,” he said.

The key challenge will be to come up with devices of a quality level and hip factor that helps position Windows Phone as an attractive alternative to iPhone or Android.

Windows Phone 7, which was launched last year, still has a lot of catching up to do in terms of both the number of users and the number of “apps” available for the phones.

Nokia said its expertise in developing new software with Microsoft will be “on top of the platform in areas such as imaging, where Nokia is a market leader.” Its map services will be a core part of the new device as will Microsoft’s Bing search engine, Nokia said.

Neil Mawston of London-based Strategy Analytics said Microsoft was the big winner in the partnership, by teaming up with the biggest mobile hardware vendor in the world.

“In terms of expanding their distribution reach, this is a huge win for Microsoft,” he said.

For Nokia the deal leaves uncertainty about what will happen to its current Symbian operating platform. Mawston said he expects it to be phased out within two years and “completely, or at least mostly, replaced by Windows Phone.”

Although Nokia still is the mobile industry’s biggest handset maker, its market share has plummeted from a high of 41 percent in 2008 to 31 percent in the last quarter of 2010.

It has also lost its innovative edge in the fiercely competitive top-end sector and is virtually invisible — with a 3 percent share — in the world’s largest smart phone market, North America.

Apples’ iPhone has set the standard for today’s smart phones and Research In Motion Ltd.’s BlackBerrys have become the favorite of the corporate set. More recently, Google Inc.’s Android software has emerged as the choice for phone makers that want to challenge the iPhone.

“Today, developers, operators and consumers want compelling mobile products, which include not only the device, but the software, services, applications and customer support that make a great experience,” Elop said.

He warned of further layoffs and restructuring, saying Nokia must “improve the speed and nimbleness and agility of the organization … by taking significant steps in how we operate.” He gave no details.

The company said it will announce a new leadership team and organizational structure “with a clear focus on speed, results and accountability.”

Nokia, which claims 1.3 billion daily users of its devices, said it hopes the “broad, strategic partnership” with Microsoft will lead to capturing the next billion users to join the Internet in developing growth markets.

Jyrki Ali-Yrkko, from the Research Institute of the Finnish Economy, described Nokia’s cooperation with Microsoft as “surprising.”

“The strengths will be in Microsoft’s strong position in various corporate solutions and server solutions, but its weakness is that Microsoft perhaps doesn’t have a broad, user-oriented group of developers like those around Android or Apple,” Ali-Yrkko said.

——

Online:

Nokia: http://www.nokia.com

View the original article here