Sunday, August 26, 2012

Proactive or reactive: Should that be the question?

Proactive or reactive: Should that be the question?

For a number of years digital forensics has referred to ‘the application of computer investigation and analysis techniques to gather evidence suitable for presentation in a court of law’. While collecting this digital evidence, to be used retrospectively in subsequent litigation, is a valid activity there is growing support for a more proactive proposition.

Organizations need all the help they can get if they’re to adequately fight back against malware proliferation and malicious activity. We’re about to witness a new dawn for digital forensics.

We’re all familiar with the risks our enterprises face from rogue or untrained IT administrators gaining access to the corporate servers and wreaking havoc. This can be anything from accidental and/or unwanted changes and bad IT practices to corporate espionage and malicious revenge attacks.

Monday, August 20, 2012

40% of U.S. government Web sites fail security test

By Carolyn Duffy Marsan
March 15, 2012Network World— Approximately 40% of federal government agencies are out of compliance with a regulation that requires them to deploy an extra layer of authentication on their Web sites to prevent hackers from hijacking Web traffic and redirecting it to bogus sites.
It's been more than two years since federal agencies were required to support DNS Security Extensions (DNSSEC) on their Web sites. However, two recent studies indicate that around 40% of federal Web sites have not yet deployed this Internet security standard.
Laggards on adopting this Internet security standard include the Department of Defense and the Central Intelligence Agency, experts say.
RELATED: Will 2012 be the dawn of DNSSEC?
DNSSEC solves what's called the Kaminsky vulnerability, a fundamental flaw in the DNS that was disclosed in 2008. This flaw makes it possible for hackers to launch cache poisoning attacks, where traffic is redirected from a legitimate Web site to a fake one without the Web site operator or end user knowing.
DNSSEC prevents cache poisoning attacks by allowing Web sites to verify their domain names and corresponding IP addresses using digital signatures and public-key encryption.
It prevents man-in-the-middle attacks as long as every aspect of the DNS hierarchy - including the root zone, top-level domain such as .gov, and individual Web site such as -- support the standard. The DNS root zone and the .gov domain are cryptographically signed, so now it is up to individual federal Web sites to deploy DNSSEC in order to bolster end-to-end security of the government's Web traffic.
Federal agencies were required to support DNSSEC on their Web sites under an Office of Management and Budget mandate issued in August 2008. The deadline for compliance was Dec. 31, 2009.
DNSSEC deployment also is necessary for high marks in agency IT security report cards under the Federal Information Security Management Act or FISMA.
One study, conducted on March 2 by DNS vendor Secure64, indicated that 57% of the 359 federal government Web sites tested had deployed DNSSEC. This study indicated that the other 43% of Web sites had not yet added digital signature technology to their DNS servers.
A similar study, conducted on March 11 by the National Institute of Standards and Technology (NIST), estimated that 59% of federal agencies are running DNSSEC on their Web sites. The NIST study of 1,595 Web sites shows that of the 41% of federal agencies that don't have DNSSEC deployed, 7% appear to be in the process of deploying 

Both sets of results indicate slow adoption of DNSSEC among federal Web sites.
DNSSEC is "not on anyone's radar screen," says Ray Bjorklund, Chief Knowledge Officer at Deltek, a federal IT market research firm. "I remember hearing of it vaguely a couple years ago, but it's not coming up with the agency CIOs that I talk to."
Bjorklund acknowledges that agencies should be taking DNSSEC more seriously given that hactivist-style attacks are on the rise and that U.S. federal agencies are likely targets.
"I don't know whether it's inattention by the government, or the government generally believes that it has enough other security measures in effect that this is not going to cause a problem," Bjorklund says. "But federal CIOs need to understand that government sites can be hijacked. If agencies aren't paying attention to this, they should."
SLIDESHOW: A brief history of hactivism
The Secure64 study does show some improvement in terms of federal DNSSEC deployment. A year ago, the study found that half of federal Web sites hadn't deployed DNSSEC. Now that figure is down to 43%.
"In a year, the needle moved from 50% DNSSEC deployment to 57%," says Mark Beckett, vice president of marketing at Secure64. "It doesn't seem to be going up that fast year over year. I would have hoped for a bigger leap this year."
Among the federal agencies that have made progress on DNSSEC deployment in the last year are the Treasury Department and its subsidiaries, including the Internal Revenue Service. Treasury was signing only one of its subdomains last year but appears to be signing everything - including - today.
While the Department of Homeland Security and the White House have deployed DNSSEC on their Web sites, the Defense Department and the CIA appear not to have adopted this extra information security measure yet.
"I find no evidence of any signing going on at the Defense Department with its .mil domain," Beckett says. "The CIA is still not signed either."
The Secure64 survey showed that while most cabinet-level departments like the Commerce Department, the Justice Department and the Department of Health and Human Services are cryptographically signed, smaller sub-agencies such as the Agency for Toxic Substances and Disease Registry are not.
Beckett says that of the 57% of federal Web sites that have deployed DNSSEC, 81% have established a chain of trust to their parent domain, which is the optimal configuration for the standard. Additionally, of the 81% of federal Web sites that have established a chain of trust, 98% are validating DNSSEC queries, which is another sign of full compliance with the standard.
"When people have problems with DNSSEC, it's usually with the key rollover process which is somewhat complicated," Beckett explained. "You have to allow the right amount of time to pass or else you'll be in a state where the domain doesn't validate."

One development that may prompt federal agencies to give DNSSEC a higher priority in 2012 is a new requirement from NIST that federal agencies must validate DNSSEC queries in their DNS resolution servers. In January, Comcast said it was providing DNSSEC resolution services for its 20 million residential customers.

"NIST recently came out with a new version of one of the FISMA documents. When it is finalized, it will essentially require federal agencies to do the same thing that Comcast is doing: to turn on validation in their cacheing resolvers," Beckett says. "It's a draft now and it has to be finalized, which can take many months. But it's a requirement that's on the horizon."

Read more about wide area network in Network World's Wide Area Network section

5 handvatten om PKIoverheid voor Digipoort en SBR te ontrafelen en 3 veelvoorkomende misvattingen - Financieel Management

5 handvatten om PKIoverheid voor Digipoort en SBR te ontrafelen en 3 veelvoorkomende misvattingen - Financieel Management

Monday, August 13, 2012

SC Webcast: Cleaning malware infections becomes a weekly job, as reality of helpdesk enquiries exposed

SC StaffAugust 13, 2012 Malicious attacks account for a third of IT support tickets, according to a poll in a recent SC Magazine webcast. Of the various threats to contend with, the question posed to the 350-strong audience of the webcast Today's Top 10 Threats Unmasked was which are responsible for the most IT support tickets: malware/virus attacks; changes made by user to configuration settings; system issues with unauthorised applications downloaded; or other? The first accounted for 36 per cent of the response. Bryan Littlefair, group technology security director at Vodafone Group, predicted that this would be the most likely, as if users can make changes, then you are going to have a problem with malware, especially if you allow administrator access on PCs that are infected. Littlefair said: “Malware is always going to stay, we have got anti-virus products out there that are the best of the best, but they are still only 40 per cent effective. You've got polymorphic malware, you've got zero-day attacks and everything to deal with, so that is never going to go away.” Adrian Davis, principal research analyst at ISF, said that he expected that malware/virus attacks or changes made by user to configuration settings was the biggest issue, but he expected ‘system issues with unauthorised applications downloaded' to be a bigger issue in the future. “Everyone can download something from the App Store so I wouldn't be surprised if we started seeing a changed emphasis. One of the things we see helpdesks are not equipped to deal with is the sheer number of platforms that are out there,” he said. Littlefair said that he agreed with what Davis said, as there will be a ‘tilt' where the IT manager loses control of the device. Another poll asked how often malware infections or mis-configurations were being resolved on an employee's PC, to which 69 per cent said this was a weekly occurrence for a small number of computers. Thurstan Johnston, head of engineering at Faronics, who presented during the webcast, said that often it is the same PCs or users that are infected, which makes it easy to identify the weak points, but it is a pain for IT to be constantly updating the same machines. Johnston‘s presentation revealed that whilst 42 per cent of the mailboxes targeted for attack are high-level executives, senior managers and people in R&D, the majority of attacks are being aimed at people without direct access to confidential information who are serving as ‘back doors into even well-protected companies'. Listen to the SC webcast by clicking here.