Intrusion Prevention Summit
January 11, 2010 by theipsguy · Leave a Comment
There is a Intrusion Prevention Summit being hosted by BrightTalk beginning on January 12th. You can register at the below link. There are several interesting topics including, “The Value of IDS/IPS virtualization in Managed Services”, and several other IPS related talks.
http://www.brighttalk.com/summit/intrusionprevention
Added Juniper Visio Stencils and a IPS project plan
December 23, 2009 by theipsguy · Leave a Comment
Merry Christmas everyone!
I have added Juniper IPS Visio stencils to the download section. Also as many of you know managing a large IPS deployment can be a challenging task. I have uploaded a generic project plan that has been used as a starting point many times. I hope it helps, you can also find this in the download section.
Updated TippingPoint Visio Stencils
December 11, 2009 by theipsguy · Leave a Comment
I have updated the TippingPoint Visio stencils. This update included many more shapes and designs. I have combined both stencils into a single file for download.
Cisco releases an Iphone App of its own
December 4, 2009 by theipsguy · Leave a Comment
Cisco has joined Sourcefire in the Iphone App arena. Today I installed their app and it can be found on Itunes at the below link. It allows you to review Cisco Mitigation Bulletins which are helpful if you use Cisco IPS and other products. It also pulls in news feeds on the latest security events and malware outbreaks. The feature I like the best, but I am not sure how useful it will be on an IPhone, it the ability to enter an IP Address or Domain Name and receive its reputation.
http://itunes.apple.com/us/app/cisco-sio-to-go/id338613740?mt=8
There are some funny videos and other information at the site http://csioiphone.com/
Visio stencils for TippingPoint and Sourcefire now available
December 3, 2009 by theipsguy · Leave a Comment
I now have available for download the Sourcefire and Tippingpoint Visio Stencils. You can find them on my download page.
Visio Stencils for Mcafee and IBM/ISS IPS devices now available for download.
November 20, 2009 by theipsguy · Leave a Comment
I now have available for download the Mcaffe and IBM/ISS Visio Stencils. You can find them on my download page. I hope to post more over the next few weeks. If you have some please send them to me.
HP acquires 3Com = HP acquires Tippingpoint
November 13, 2009 by theipsguy · Leave a Comment
HP announced it will acquire 3Com which means it will acquire Tippingpoint. This will give HP a top notch Network Intrusion Prevention system. HP seems to want to be a security vendor with it’s earlier acquisition of the WebInspect products but has not had a lot of success marketing their security solutions so it is unclear how they will handle Tippingpoint. When thinking of security how many think of HP?
It also seems that HP’s primary goal in acquiring 3Com is not the IPS but the networking equipment that 3Com is known for. Tippingpoint was treated very much like a seperate company and it is not clear if this will continue. This is somewhat similar to the IBM acquistion of ISS. IBM’s primary reason for the acquistion was to get the managed services business and HP’s primary goal is likely to get the networking business not the IPS business. If handled well this could pose a serious competition to Cisco’s products and their dominance.
Sourcefire released iPhone App
October 30, 2009 by theipsguy · Leave a Comment
Sourcefire has released an iPhone application. It has the widely recognized snort Pig as the icon. You can view the latest rule sets, top malware threats and the latest news from the VRT team. This a must have for the mobile security geeks. You can download the app from iTunes at the below link.
http://itunes.apple.com/us/artist/sourcefire-inc/id331567916
Obsolescence of traditional defenses
October 29, 2009 by theipsguy · Leave a Comment
I attended a lunch and learn event hosted by Bayside Solutions and presented by Paul Henry. Bayside Solutions provides these monthly lunch and learn events and they are top notch. They are unique in that they are not sales events but focus on providing relevant information on issues within Information Security. Paul Henry is extremely knowledgeable and well known in the security industry.
The discussion was on how traditional port based protections are not longer enough. This is spot on and not necessarily new but it a great point that needs to be reinforced. With the advent of Web 2.0 it is no longer necessary for an attacker to penetrate your firewall. They only need to wait for you to visit a compromised website. Since very few companies block outbound HTTP or HTTPS it is virtually impossible to prevent these attacks. The only way to prevent these attacks is to use more protocol based defenses. An example, would be Intrusion Prevention. I see malicious IRC traffic being blocked on a daily basis that is not using standard IRC ports. Also many applications such as Instant Messaging clients will attempt to use different ports to find a way out of the network. When vendors develop products to bypass filters it is officially game over!
This doesn’t mean we eliminate our traditional firewalls but more is needed to provide true defense in depth protection. As Paul mentioned defense must be moved closer to the endpoint. Good old fashioned patch and system management would reduce these attacks but this is much harder to do than buying a new appliance to put on the network. 
Gumblar is back or never left
October 22, 2009 by theipsguy · Leave a Comment
ISS X-Force has raised the AlertCon to 2 because of increased Gumblar activity. Gumblar has updated the exploits it uses to take advantage of recent Adobe and Microsoft vulnerabilities. Unlike the previous version, the new and improved version hosts the exploits on the compromised web server and infects clients as they visit the website.
Microsoft October Bulletins
http://bit.ly/jg0jh
Adobe Updates
http://bit.ly/49Y6nA
IBM/ISS Signatures to detect Gumblar
http://bit.ly/18avBV
