DOCSLIB.ORG

Cyberpro November 20, 2008

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

Volume 1, Edition 14 CyberPro November 20, 2008 Keeping Cyberspace Professionals Informed Officers The articles and information appearing herein are intended for President educational purposes to promote discussion in the public interest and to Larry K. McKee, Jr. keep subscribers who are involved in the development of Cyber-related concepts and initiatives informed on items of common interest. The Senior Analyst newsletter and the information contained therein are not intended to Jim Ed Crouch provide a competitive advantage for any commercial firm. Any ------------------------------ misuse or unauthorized use of the newsletter and its contents will result CyberPro Research in removal from the distribution list and/or possible administrative, civil, Analyst and/or criminal action. Kathryn Stephens The views, opinions, and/or findings and recommendations contained in this summary are those of the authors and should not be construed as an official position, policy, or decision of the United States Government, CyberPro Archive U.S. Department of Defense, or National Security Cyberspace Institute. To subscribe or unsubscribe to this newsletter click here CyberPro News Subscription. Please contact Larry McKee , ph. (757) 871-3578, regarding CyberPro subscription, sponsorship, and/or advertisement. All rights reserved. CyberPro may not be published, broadcast, rewritten or redistributed without prior NSCI consent. 110 Royal Aberdeen Smithfield, VA 23430 ph. (757) 871 - 3578 CyberPro National Security Cyberspace Institute P a g e | 1 Volume 1, Edition 14 CyberPro November 20, 2008 Keeping Cyberspace Professionals Informed TABLE OF CONTENTS Table of Contents .................................................................................................................. 2 Cyberspace – Big Picture ........................................................................................................ 4 Cyber defense, not cyberattacks, top priority ........................................................................................... 4 The Dark Art of Cyberwar ......................................................................................................................... 4 Cyberspace Invaders ................................................................................................................................ 5 Industry group calls for cybersecurity partnership .................................................................................... 5 Are agencies buying counterfeit technology? ........................................................................................... 5 ISP cut off from Internet after security concerns ...................................................................................... 5 ICANN to terminate notorious registrar’s credentials after all .................................................................. 6 Major data breaches predicted as firms cut IT spending .......................................................................... 6 Traditional security isn't enough for SOA ................................................................................................. 6 An IT-based economic recovery plan ....................................................................................................... 6 Response to Marcus Ranum HITB Cyberwar Talk................................................................................... 7 Cyberspace – President-Elect Obama ..................................................................................... 7 Danger Room Debrief: Time to Reboot Cyber Security, Mr. President-Elect .......................................... 7 Coviello: Better times ahead for government IT security .......................................................................... 7 Obama’s CTO: It’s Not About The Money ................................................................................................ 8 Can We Secure Government Networks? Yes, We Can, Theoretically ..................................................... 8 Obama Urged to Take Immediate Cyber-security Steps .......................................................................... 8 Report: Obama, McCain campaign computers were hacked by 'foreign entity' ....................................... 8 Cyber attacks on McCain and Obama teams ‘came from China’ ............................................................. 9 Cyberspace – Department of Defense (DoD) .......................................................................... 9 DoD draws lessons from cyber attacks against Georgia .......................................................................... 9 Space CO foresees smooth move to cyberspace .................................................................................. 10 After banning YouTube, military launches TroopTube ........................................................................... 10 Cyberspace – Department of Homeland Security (DHS) ........................................................ 10 Security Predictions: Two Views on the Department of Homeland Security .......................................... 10 DHS seeks input on revised infrastructure protection plan .................................................................... 11 IG: Sensitive information at airport at risk ............................................................................................... 11 Cyberspace Research ........................................................................................................... 11 ScanSafe Reveals Top 5 Industries Most At Risk Of Web-Based Malware .......................................... 11 Cybersecurity is focus of new University of Texas start-up incubator .................................................... 12 110 Royal Aberdeen Smithfield, VA 23430 ph. (757) 871 - 3578 CyberPro National Security Cyberspace Institute P a g e | 2 Volume 1, Edition 14 CyberPro November 20, 2008 Keeping Cyberspace Professionals Informed Researchers Find Flaws In Microsoft VoIP Apps ................................................................................... 12 Study: Critical infrastructure often under cyberattack ............................................................................. 13 Cracking Open Internet Hardware .......................................................................................................... 13 Cyberspace Hacks, Tactics, and Defense ............................................................................... 13 Hacker Army Infiltrating U.S. .................................................................................................................. 13 Chinese hack into White House network ................................................................................................ 13 EXCLUSIVE: Cyber-Hackers Break Into IMF Computer System ........................................................... 14 Three British hospitals hit with malware attack ....................................................................................... 14 CSI: Hacking Bluetooth 2.1 Passwords .................................................................................................. 14 New 'Stealth' Technology Secures Data On Shared Networks .............................................................. 15 Swedish router gives McColo botnets hope ........................................................................................... 15 Spam drop could boost Trojan attacks ................................................................................................... 15 Russian spy in Nato could have passed on missile defence and cyber-war secrets ............................. 15 Host of Internet Spam Groups Is Cut Off ................................................................................................ 16 The patch paradox .................................................................................................................................. 16 Relentless Web Attack Hard To Kill ........................................................................................................ 16 Don't Blame TCP/IP ................................................................................................................................ 16 FBI probes data theft blackmail scheme ................................................................................................ 17 Hackers make crack in Android defences .............................................................................................. 17 Once thought safe, WPA Wi-Fi encryption is cracked ............................................................................ 17 Hackers leverage Obama win for massive malware campaign .............................................................. 17 Cyberspace - Legal ............................................................................................................... 18 Fines likely for data breaches ................................................................................................................. 18 Keystroke spies put on notice by US court ............................................................................................. 18 Legal Risk of Cyber Outage .................................................................................................................... 18 US Navy hacker avoids Romanian jail ................................................................................................... 18 Pakistan
Recommended publications
  • IDC Marketscape: Worldwide Web Security 2016 Vendor Assessment

    IDC Marketscape: Worldwide Web Security 2016 Vendor Assessment

    IDC MarketScape IDC MarketScape: Worldwide Web Security 2016 Vendor Assessment Robert Westervelt Elizabeth Corr IDC MARKETSCAPE FIGURE FIGURE 1 IDC MarketScape Worldwide Web Security Vendor Assessment Source: IDC, 2016 Please see the Appendix for detailed methodology, market definition, and scoring criteria. March 2016, IDC #US41000015 IDC OPINION The Web security market is in a state of transition as organizations race to identify and extend control and visibility to a significantly growing mobile workforce. Web security vendors are also adapting to extend visibility and control over software-as-a-service (SaaS)–based services, which can be easily adopted by employees through their mobile devices to support file sharing and collaboration. The rapidly evolving threat landscape is also forcing Web security gateway makers to catch up with more powerful offerings. Criminal attack campaigns target users through Web site drive-by attacks, often from legitimate Web sites, where malicious code scans Web browsers and browser components to exploit Flash and Java vulnerabilities. These risks have led to highly visible threats, including a continued barrage of banking malware. Attacks are increasingly being delivered via hijacked advertising networks, weaponizing legitimate sites where the ads are hosted. Ransomware is also being detected in greater amounts and can spread through a drive-by attack, links shared on social media sites, or through malicious files hosted on popular SaaS services. Organizations are seeking more robust Web security capabilities. Web security deployment models are rapidly changing as organizations address how to enforce security policies on remote workers, branch offices, and mobile devices. The standard on-premises approach is one of three main deployment options available to customers, but SaaS and hybrid deployment models are increasingly being adopted.
  • Blue Coat Systems 2860.Qxp

    Blue Coat Systems 2860.Qxp

    Magic Quadrant for Secure Web Gateway Gartner RAS Core Research Note G00160130, Peter Firstbrook, Lawrence Orans, 11 September 2008 R2860 09172009 Secure Web gateway solutions protect Web-surfing PCs from infection and enforce company policies. Incumbent providers have been slow to respond to changing demands, while new vendors are struggling to get the right product mix and prove their mettle in the demanding enterprise market. WHAT YOU NEED TO KNOW This document was revised on 16 September 2008. For more information, see the Corrections page on gartner.com. • Organizations need to purchase a strategic product that has a road map coinciding with long-term needs – which would mean sacrificing current functionality – or accept a tactical solution that solves current needs and will likely need to be replaced in the midterm to long term. • If URL-filtering reporting is a key requirement, then traditional URL-filtering vendors represent the best choice. • Given that malicious software (malware) filtering is a key requirement, products must offer proactive “zero day” malware detection techniques that do not rely on previous knowledge of the malware, as well as signature-based detection techniques. Products should inspect bidirectional Layer 4 through Layer 7 network traffic across all ports and protocols. • Application control is the least-mature secure Web gateway (SWG) feature. • Large enterprises will have a smaller field of candidates to select from because of scalability and reliability demands. MAGIC QUADRANT Market Overview An SWG is a solution that filters unwanted software/malware from user-initiated Web/Internet traffic and enforces corporate and regulatory policy compliance. To achieve this goal, SWGs must, at a minimum, include URL filtering, malicious-code detection and filtering, and application controls for popular Web-based applications, such as instant messaging (IM) and Skype.
  • Cisco Ironport Email & Web Security

    Cisco Ironport Email & Web Security

    Cisco IronPort Email & Web Security Frédéric HER, CISSP Systems Engineer, Africa Cisco IronPort Solutions [email protected] Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 1 Cisco IronPort Unparalleled Market Leadership IronPort funded in 2000, acquired by Cisco in 2007 IronPort Positioned in the “Leaders” Quadrant in Magic Quadrant Report 20,000+ customers globally 400 million users protected IronPort is positioned as a leading 40% of Fortune 100 player in the messaging security companies appliance market 8 of the 10 largest Service Providers 7 of the 10 largest Banks Named IronPort the market share 99%+ customer renewal leader in the email security appliance rates market 2 The Cisco IronPort Story Application-Specific Security Gateways BLOCK Incoming Threats: Spam, Phishing/Fraud Internet Viruses, Trojans, Worms SensorBase Spyware, Adware (The Common Security Database) Unauthorized Access APPLICATION-SPECIFIC SECURITY GATEWAYS EMAIL WEB Security Gateway Security Gateway MANAGEMENT Appliance 3 Cisco IronPort Email Security Cisco IronPort Email Security Appliance Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 4 Email Challenges Standard Email does not natively offer what is expected Junk Mail Privacy & Control Viruses Regulations 5 Cisco IronPort Consolidates the Network Perimeter For Security, Reliability and Lower Maintenance Before Cisco IronPort After Cisco IronPort Internet Internet Firewall Firewall Encryption Platform DLP MTA Scanner Anti-Spam Anti-Virus
  • Corporate Web Security - Market Quadrant 2016 ∗

    Corporate Web Security - Market Quadrant 2016 ∗

    . The Radicati Group, Inc. Palo Alto, CA 94301 . Phone: (650) 322-8059 . www.radicati.com . THE RADICATI GROUP, INC. Corporate Web Security - Market Quadrant 2016 ∗ ........ An Analysis of the Market for Corporate Web Security Solutions, Revealing Top Players, Trail Blazers, Specialists and Mature Players. May 2016 SM ∗ Radicati Market Quadrant is copyrighted May 2016 by The Radicati Group, Inc. Reproduction in whole or in part is prohibited without expressed written permission of the Radicati Group. Vendors and products depicted in Radicati Market QuadrantsSM should not be considered an endorsement, but rather a measure of The Radicati Group’s opinion, based on product reviews, primary research studies, vendor interviews, historical data, and other metrics. The Radicati Group intends its Market Quadrants to be one of many information sources that readers use to form opinions and make decisions. Radicati Market QuadrantsSM are time sensitive, designed to depict the landscape of a particular market at a given point in time. The Radicati Group disclaims all warranties as to the accuracy or completeness of such information. The Radicati Group shall have no liability for errors, omissions, or inadequacies in the information contained herein or for interpretations thereof. Corporate Web Security - Market Quadrant 2016 TABLE OF CONTENTS RADICATI MARKET QUADRANTS EXPLAINED ............................................................................... 2 MARKET SEGMENTATION – CORPORATE WEB SECURITY ..........................................................