MY PROFILE | PRIVACY 
Vol. 16, #25 - June 27, 2011 - Issue #834

Security: Mission Impossible?

  1. Editor's Corner    
    • Security: Mission Impossible?
    • Use VoIP? How To Protect Against VoIP Hacks
  2. Admin Toolbox
    • Admin Tools We Think You Shouldn't Be Without:
  3. Webinars & Seminars
    • GFI MailEssentials Complete Appliance Product Demonstration - 6/28
    • Malware Unmasked Webinar, July 20   
    • BriForum 2011: Register today - 7/19-21
    • Free Desktop Virtualization Seminar
  4. Tech Briefing
    • Stopping The Bad Guys From Penetrating In The First Place
    • Voice Phishing Example
    • The Internet Needs Its Own Weather Channel
    • Ponemon Study: Cyber Attacks More Frequent, Severe
  5. Windows Server News
    • Revolutionary Benefits Await Admins: Win8 has Hyper-V Built In!
    • VDI For One, Please! Delivering Remote Desktops To A Select Few
    • How Providers Affect Cloud Application Migration
    • Server Consolidation Planning: Easy On The Memory Overcommit
    • Understanding Active Directory?s Role In The Cloud
  6. Third Party News
    • VIPRE Has Won Another VB 100 Award
    • Independent Test Of Vulnerability Analyzers
  7. WServerNews FAVE Links
    • This Week's Links We Like. Tips, Hints And Fun Stuff.
  8. WServerNews - Product of the Week
    • Free IP Address Tracker from SolarWinds Makes Tracking Easy

Free IP Address Tracker from SolarWinds Makes Tracking Easy

Download SolarWinds FREE desktop tool and get a unified view of your IP address space. IP Address Tracker shows you what IP addresses are in use and which aren?t. It also eliminates manual errors associated with Excel spreadsheets and ensures IP addresses are listed in the right place.

GET FREE TOOL>>>>

Editor's Corner

Security: Mission Impossible?

Paul Venezia over at InfoWorld said the following: "It's getting harder and harder to secure an Internet-connected network. In fact, it's no longer possible. The fact is that, even with the proliferation of computer and network security tools, it's easier than ever to compromise a network. Couple the economic downturn, which has resulted in the layoffs of thousands of skilled IT workers, with willy-nilly implementations of highly public Internet applications and frameworks -- plus the extreme effectiveness of today's hacking tools -- and you have big problems."

Do you agree with him? Or do you feel your networks are hack proof? Read the article and let me know at [email protected]
http://www.wservernews.com/go/1308907364687

Use VoIP? How To Protect Against VoIP Hacks

Last weekend it was quiet and I used the downtime to read 'Hacking Exposed VoIP'. Veeery interesting reading. I'm grabbing one small paragraph to get you the idea.

Tom: "Hey George, how is our new phone system working?"
George: "Well, it was OK, but it went ape this weekend"
Tom: "What happened?"
George: "I don't totally understand it yet, but apparently someone let a virus loose over the weekend. The virus woke up at midnight on Friday. It did something called an INVITE flood, which set up thousands and thousands of 1-900 calls over the weekend. All of our outbound trunks were busy making $1 a minute 1-900 calls."
Tom: "Holy smoke, how much did that cost us?"
George: "We are still not sure, but way more than I make in a year. We are hoping our service provide will pay it, but it does not look promising. I dusted off my resume just in case..."

-- VoIP administrator after an INVITE flood attack.

VoIP is not just one protocol. It's a bunch of things together that allow media (video and audio) to travel from one node to another. In a -very- simplified form, Session Initiation Protocol (SIP) is used to create a link between nodes, and uses other protocols like for instance Realtime Protocol (RTP) to send the packets between nodes. Part of the SIP protocol is the INIVTE request. It is used to initiate a call. If a SIP phone can be tricked into accepting a flood of INVITE requests, it can either cause Denial of Service and/or very high cost.

If you use VoIP equipment from Cisco, Avaya, or even the open source Asterisk code, this book may very well save your job: Hacking Exposed VoIP http://www.wservernews.com/go/1308907503671

Quotes of the Week

"A nation that expects to be ignorant and free... expects what never was and never will be." -- Thomas Jefferson, one of the founding fathers of the United States.

"We had no idea that this would turn into a global and public infrastructure" -- Vint Cerf, one of the founding fathers of the Internet.

"It is easy to dodge our responsibilities, but we cannot dodge the consequences of dodging our responsibilities." -- Josiah Stamp

Warm regards, and thank you for being a WServerNews subscriber. No trees were killed in the sending of this message, but a large number of electrons were terribly inconvenienced. Please tell your friends about us. They can subscribe here:
http://www.wservernews.com/go/1307096257843

Stu Sjouwerman
email me: [email protected]

Admin Toolbox

Admin Tools We Think You Shouldn't Be Without

rDirectory's Community Edition is a pre-configured, easy to use, web-based directory and search engine that downloads in just minutes - and it's absolutely free! http://www.wservernews.com/go/1309165800413

Webinars & Seminars

GFI MailEssentials Complete Appliance Product Demonstration - 6/28

It's time for email security your way. MailEssentials Complete Appliance provides comprehensive security functionality ? combining spam and virus protection, attachment filtering and corporate disclaimers in a robust and easy-to-manage platform.

Key Product Features:

  • Spam/attachment filtering
  • Antivirus protection
  • Message logging & search
  • Simple administration
  • Rapid deployment
  • System compatibility
  • Excellent scalability

Join us for the MailEssentials Complete Appliance product demonstration. Register today!
Note: This product is currently available in the US only.

Date: Tue, Jun 28, 2011.
Location: This is an Internet based event.
Register/More Info: http://www.wservernews.com/go/1308907853578

Malware Unmasked Webinar, July 20

Targeted attacks are moving away from purpose-built platforms (Zeus, SpyEye, Bugat) to general tools (Sunspot) that can be tailored to target specific industries or organizations. Learn how to detect these threats and why they could be a significant concern to your organization. Sign up for the July 20 webinar at:

BriForum 2011: Register today  - 7/19-21

The most advanced, technical, hands-on desktop virtualization event is returning to Chicago this July 19-21. Independent industry experts, led by Brian Madden, share the latest tips and strategies around desktop virtualization, VDI, application virtualization, and Remote Desktop Services. In addition, technical staff from the top solution providers in the space will be in attendance so you can ask all your questions and try out these technologies. Don?t miss out on this unique opportunity to interact with hundreds of your peers from across the globe as well to share best practices and lessons learned.

Register today and save! http://www.wservernews.com/go/1308907955593

Free Desktop Virtualization Seminar

Coming to Atlanta, Detroit, and St Louis this June, and 12 other cities throughout the remainder of the year, independent expert and desktop virtualization guru Brian Madden will update you on where the desktop virtualization market is in 2011, focusing on what?s real and what?s not. Spend just a few hours out of the office to take advantage of a live Q&A, peer networking opportunities and tons of valuable information.

Register today! http://www.wservernews.com/go/1308907971421

Tech Briefing

Stopping The Bad Guys From Penetrating In The First Place

Hackers first footprint your network before they try to hack in. You get get a lot of data by enumerating everything visible via the Internet and Google. But fortunately, you can also harden your network and deny them the data to begin with, to make their job just that much harder. They go for the easy targets, and grab low-hanging fruit first like any other. So here goes:

  • Set firewall rules to restrict the maximum amount of admin services, and also segment users as much as possible by using VLANs on your switches.
  • Always make sure to change default admin passwords and user names. Not having a standard name convention for user names and email addresses works in your advantage here.
  • Completely turn off as many services as you can, as they all could broadcast -something- that a hacker might use.
  • Do your own regular security scans, both inside and outside-in, and do it manual and also automated.

Voice Phishing Example

This is actually an old example, it looks fairly legit, since there is no link in there, but wait, there's more:

----

Dear Customer, We've noticed that you experienced trouble logging into your Online Banking Account.

After three unsuccessful attempts to access your account, your Online Banking Profile has been blocked. This has been done to secure your accounts and to protect your private information. We are committed to make sure that your online transactions are secure. Call this phone number (1-800-XXX-XXXX) to verify your account and identity.

Sincerely,

Bank Of America
Online Customer Service

----

Look what happens when they dial that number though. A rogue interactive voice response (IVR) system kicks in and states: "Welcome to account verification. Please type your 16-digit account number." The phone number was set up through a VoIP provider with a stolen credit card number.

LESSON LEARNED. Never click on a phishing link, and never call the number in the email. Always type the URL in the address bar, or call the number of the bank that you have on the statement.

The Internet Needs Its Own Weather Channel

One of the best things we could do for the Internet is to create an early-warning system (EWS) to warn us against rapidly spreading malware, spam attacks, and the like. Security Guru Roger Grimes has some very good ideas: http://www.wservernews.com/go/1308908203750

Ponemon Study: Cyber Attacks More Frequent, Severe

Cyber attacks are becoming more frequent and severe, and the vast majority of businesses have suffered at least one data breach in the past year, a Ponemon Institute survey says. According to the survey, 77% of respondents say attacks have been more severe or more difficult to prevent over the past 12 to 18 months, while 78% say attacks are more frequent. The survey was sponsored by Juniper Networks.

Only 10% of those who answered the survey say they had no data breaches and 53% say they had one to three. One example: Northrop Grumman constantly under attack by cyber-gangs. More at NetworkWorld: http://www.wservernews.com/go/1308908265812

Windows Server News

Revolutionary Benefits Await Admins: Win8 has Hyper-V Built In!

Admins may think Hyper-V is not important to the desktop, but it could bring huge advantages for Windows management. InfoWorld had the scoop.

"Earlier this week, news leaked that Windows 8 has Hyper-V 3.0 built in. Leaked build 7989 shows it in the Windows Features section, and apparently it comes with enhancements to Hyper-V that will be exciting to see for both the client and server worlds. It seems there's also a new virtual hard drive format (.vhdx) that allows for up to 16TB of data, as opposed to the 2TB limit of .vhd. In addition, four cores are supported, as are hardware acceleration and a host of other items -- kudos to Robert McLaws for taking the screenshots and posting them for our benefit on his blog.

Peter Burzzese listed three main benefits, but there is a lot more in the article which I recommend you read in full.

  1. "With Windows 7, you have to run a Virtual PC (called XP Mode) to run XP legacy apps. With Hyper-V in the picture, you could run XP, Vista, Windows 7, and even Linux apps (for supported Linux OSes) in the same environment -- and perhaps even Windows Phone apps.
  2. One possible scenario is where technologies such as App-V (which is used for application virtualization) and MED-V (Microsoft Enterprise Desktop Virtualization) would combine with Hyper-V 3.0 to provide server-based application delivery and VM management. This would, in turn, allow a safe blending of personal and business apps -- and even of VM "pools" -- for home users, office users, and bring-your-own-PC users alike, as well as increase security by decreasing malware's ability to hop applications.
  3. Third-party PC management tools could take advantage of Hyper-V client systems for easier deployment, update, and repair of PCs. One example of this would be Virtual Computer's NxTop product that uses a Xen-based hypervisor (NxTop Engine) for client deployment and management. Such a tool could easily be made hypervisor-agnostic, so it could manage the Hyper-V client and any other hypervisor-based client, though it seems as if VMware has put its plans for a client-side hypervisor on hold indefinitely."

More: http://www.wservernews.com/go/1308908421562

VDI For One, Please! Delivering Remote Desktops To A Select Few

If you just need virtual desktops for one (or a small handful) of users, there is a lot you can do to provide the same functionality for almost no cost. Discover how simple it is to offer "VDI for one" in this tip:
http://www.wservernews.com/go/1308908467734

How Providers Affect Cloud Application Migration

Migrating applications from one cloud to another isn?t quite as simple as picking up and transitioning. A lot depends on choosing the right provider. Discover some of the benefits and limitations of today?s top cloud providers:
http://www.wservernews.com/go/1308908519015 

Server Consolidation Planning: Easy On The Memory Overcommit

A solid server consolidation strategy can improve virtual machine performance, costs and hardware usage, but don?t let it be your downfall, too. As you begin server consolidation planning, beware of over-consolidating servers, which can stretch resources to their limits and impede disaster recovery:
http://www.wservernews.com/go/1308908567140

Understanding Active Directory?s Role In The Cloud

IT managers are skeptical about using Active Directory in the cloud. Some enterprises are doing it, but how does one make the transition? Learn more in this featured article:
http://www.wservernews.com/go/1308908615062

Third Party News

VIPRE Has Won Another VB 100 Award

The VIPRE Our results were actually excellent in this latest comparative. It had some performance issues with scanning, but this is quite possibly due to the fact that the VB 100 testers put the scanner onto very large tests sets of malware, causing the scanner to get a bit overloaded, and the VIPRE engine team will look at that. VirusBulletin is now split into a "comparative" (the tests themselves) and the regular issue.

I'm taking a short quote from the test, you need a paid subscription on VirusBulletin to get all results. If you are responsible for your organization's security, I could not find a better way to spend some "subscriptions" budget! They are at: 
http://www.wservernews.com/go/1308908744046

Below is a short excerpt from the report (ITW means viruses found "In the wild") GFI/Sunbelt VIPRE Antivirus: Version 4.0.3904, Definitions version 9077

ITW 100.00%
Polymorphic 99.79%
Trojans 96.81%
Worms & bots 98.66%
False positives 0

"VIPRE has become an increasingly regular participant in our tests of late, and seems to be steadily improving after some rocky results a few years back. The install process is very rapid, although it does need a reboot, and applying updates is similarly painless. The interface is emblazoned with a large snake emblem which takes up one corner of the GUI, but is otherwise fairly businesslike and straightforward."

Check VIPRE Enterprise and get an eval copy here: http://www.wservernews.com/go/1308908761671

Independent Test Of Vulnerability Analyzers

NetworkWorld just came out with a bake-off of six market-leading scanners. Joel Snyder started out with: "We all worry that there's some lurking security problem in our servers. We do what we can, patching, following best practices, keeping up-to-date with training and news. But wouldn't it be great to have an automated tool to check our work? That's the promise of vulnerability analyzers: products that detect problems in configuration, applications, and patches.

Used correctly, a vulnerability analyzer can help you stay on top of hundreds or thousands of servers, network devices, and embedded systems. You'll know where to focus your efforts for security remediation, and you'll know that you have a system in place to keep little things from slipping through the cracks and becoming big things.

However, used incorrectly, these analyzers can generate thousands of pages of confusing information, frustrate security and network managers, and end up causing more problems than they solve.

We evaluated six market-leading products for their vulnerability scanner results, reporting features, product manageability, workflow tools, and interoperability with other enterprise products". It's a good article, and he comes up with two tools at the top: Qualys and McAfee. But there are a few lower cost ones that he could have mentioned. Here is the article: http://www.wservernews.com/go/1308908873062

And if you are in the market for a very effective and low cost scanner, you should check out GFI's LanGuard over here, the new 2011 version is out! http://www.wservernews.com/go/1308908884546

WServerNews FAVE Links

This Week's Links We Like. Tips, Hints And Fun Stuff

WServerNews - Product of the Week

Free IP Address Tracker from SolarWinds Makes Tracking Easy

Download SolarWinds FREE desktop tool and get a unified view of your IP address space. IP Address Tracker shows you what IP addresses are in use and which aren?t. It also eliminates manual errors associated with Excel spreadsheets and ensures IP addresses are listed in the right place.

GET FREE TOOL>>>>