Juniper SRX Tips :: Uniform Security Policy Modification

Often there are instances where we want to affect all security policies configured on an SRX device.  For example, let’s say that we have thousands of policies configured on our firewall, and we want to enable logging for every single policy.  Obviously this would take some time if we were to do this manually on each and every individual policy, so an easier way is desired.

Continue reading “Juniper SRX Tips :: Uniform Security Policy Modification”

ShortestPathFirst Security Articles Now Featured on Infosec Island

I am very pleased to announce that several of my security articles have been published on Infosec Island.  Infosec Island is  an online community focused on the Infosec professional which incorporates elements of community discussion and writings from various security practitioners throughout the industry.  It is truly an honor to have been invited to participate and contribute in this forum alongside many well respected writers and colleagues.

The following articles are now available:

The Misconceptions of Sidejacking with Firesheep

Reality Check: Traditional Perimeter Security is Dead

Man in the Middle (MITM) Attacks Explained 

Several more articles are in the works and in addition I am working on a very special analysis of the XerXes attack tool used in the attacks against Wikileaks which will be released sometime next week.

New Cyberspace Bill Proposed to Combat DDoS and Other Attacks

Responding to the firestorm of attacks being launched against Visa, Mastercard, Paypal, and other major institutions, various members of the US Government continue to press for dramatic legislation that would put the pulse of dealing with Cyberspace policy squarely within the White House.

All of this started with the infamous “Cablegate” incident on November 28th, 2010 when Wikileaks began releasing a large number of private communiqués belonging to members of the US State Department.

A hacktivist known as the Jester launched an application layer attack successfully targeting Wikileaks and bringing it down indefinitely. In addition, Amazon, Visa, Mastercard and several other organizations began to sever relationships with Wikileaks leaving them little options for successfully continuing operations. Retaliation ensued and a group known as Anonymous Operations likewise launched their own DDoS attacks against these companies in retribution for supporting the censorship of Wikileaks. Continue reading “New Cyberspace Bill Proposed to Combat DDoS and Other Attacks”

Man in the Middle (MITM) Attacks Explained: ARP Poisoining

It’s been over 3 weeks since Firesheep was released, and yet still there seem to be so many misconceptions about this particular vulnerability.  The most prevalent of these misconceptions is that HTTP Session Hijacking, also known as “sidejacking” is something which is limited to only wireless networks.  And this belief is not limited to just session hijacking attacks.  Somewhere along the way a myth was propagated that wired switched networks are somehow impervious to attacks like these and other similar types of attacks because of the use of collision domains and the inability of an attacker to have unfettered access to the Layer 2 medium.  As I mentioned in my previous article on the Misconceptions About Sidejacking with Firesheep, attacks like these and others are not relegated to strictly wireless networks, and in fact there are many so-called Man-in-the-Middle (MITM) attacks which can be performed on a switched wired network to compromise the imaginary security of a Layer 2 collision domain.

Continue reading “Man in the Middle (MITM) Attacks Explained: ARP Poisoining”

The Misconceptions of Sidejacking with Firesheep

Unless you’ve been hiding under a rock for the past few days, you are probably well aware of the recent activity around a new Firefox extension developed by a pair of researchers that brings the issue of session hijacking front and center.  The duo behind this extension, Eric Butler and Ian “craSH” Gallagher, developed the software in order to demonstrate the vulnerabilities inherent in many web sites that don’t fully implement encryption.  The browser extension, dubbed “Firesheep“, essentially enables an attacker to grab other people’s credentials and use them to gain access to various web sites.

Continue reading “The Misconceptions of Sidejacking with Firesheep”

Reality Check: Traditional Perimeter Security is Dead!

Recently I came across a marketing event promoted by a network integrator which touted industry leading solutions to assist customers in determining “what was lurking outside their network”, as can be seen in the screenshot below. Please note all references to the company have been removed to protect the not-so-innocent.

lurking

In this day and age, it still surprises me when supposedly network savvy folks are still thinking of network security in terms of a traditional perimeter made up of firewalls or IPS devices. The truth of the matter is that the traditional perimeter vanished quite a few years ago.

Only looking at the perimeter gives the end-user a a false sense of protection. It completely fails to recognize the dangers of mobility in today’s traditional workplace environment. Users roam. They might bring in viruses or other Trojans INSIDE your network where they are free to roam unencumbered. In the worst of these cases, the perimeter is only secured in one direction, giving outbound traffic unfettered access and completely ignoring that data which might be leaked from hosts inside your network destined to hosts outside your network, as might be the case with Keyloggers or other similar types of rogue programs.

Furthermore, in today’s environment composed of virtualized machines, the line gets even blurrier which is why we are starting to see solutions from startup vendors such as Altor Networks. It’s one thing when we are dealing with physical hosts in the traditional sense, but what about the situation when you are dealing with a multitude of virtual machines on the same physical hosts which must talk to each other?

When you take a data-focused approach instead of a technology-focused approach, the problem and its solutions start to make more sense.   The perimeter should be viewed as the demarcation between the data and any I/O fabric providing connectivity between that data and some external entity. This is the domain of things like Data Loss Prevention (DLP), Network Access Control (NAC), and Virtual Hypervisor Firewalls in addition to that of traditional security devices.

trojan-horse

To deal with the realities of today, we must start to think of network security in terms of Hotels vs. Castles. In the Castle model, we have a big wall around our infrastructure. We might have a moat and some alligators, and perhaps we only lower our drawbridge for very special visitors. This model tends to keep a good majority of the enemies at bay, but it completely ignores that which might already be inside your network (think in terms of the Trojan horse as told in Virgil’s epic poem ‘The Aeneid’).

What is more commonly being employed is that of the Hotel Model.  Initially, to gain entrance into the hotel itself, we must check in with the Concierge and get our room key.  Once we have our room key, we have limited access to our own room, and perhaps some shared facilities like the pool or the gym.  In this model, we are unable to enter into a room in which we do not have access.  The key word here is LIMITED access.

An all-inclusive security posture looks at the network from a holistic point of view.  The principles of Defense-in-Depth will make evident the failings of the traditional perimeter model.  The traditional perimeter is dead.  The perimeter is wherever the data is.

CyberWarfare – Defending the Electronic Frontier in the 21st Century and Beyond

During the reign of the Roman Empire, it was said that all roads led to Rome.  While these roads facilitated free-trade and were essential to the expansive growth of the Roman Empire, they also introduced a double-edged sword by creating convenient new avenues that could easily be maneuvered by the Empire’s enemies against its best interests.

It could be said that similar corollaries and conclusions could be drawn to that of the Internet, a project initially developed by the United States through the Advanced Research Projects Agency (ARPA or DARPA) in the late 20th century.  As we continue to move into the 21st century, the Internet is emerging as the new battlefield on the International stage.  As Internet connectivity becomes commoditized and the barrier to entry is further reduced, it becomes easier for potential adversaries of the United States to wield the power of the Internet to launch attacks against the US infrastructure and its National interests, disrupting the flow of information and leaving destruction in its wake.  It is becoming increasingly possible for our adversaries to not only cause extraordinary economic havoc, but also loss of life as critical services such as E911 and other emergency services become more dependent upon the Internet.  At the same time a perfect storm is brewing because the resources currently allocated to preparing ourselves for this advancing threat are stretched to the limit and largely focused on obsolete technologies that are considerably out of date.

On August 10th, 2010, in McLean, VA, a series of panelists will discuss this ever-increasing reality and the potential that wars in the future won’t be fought so much on the traditional battlefield but rather electronically targeting critical components of a national infrastructure.  The panelists will discuss what has been done by the US Government to secure certain core components of our national infrastructure, what remains to be done, and will also serve as a “call to arms” to better secure our national cyber landscape.  The members of this panel have all been intimately involved within the Networking Security industry for many years and are engaged in the implementation of their solutions at the ground level.  Their insights will provide invaluable viewpoints regarding this very real and emerging threat and will provide invaluable experience to the attendees of the presentation.

For more information, please take a look at the Event details at http://cyberwarfare.eventbrite.com/.  This event will be hosted by the Capital Technology Management Hub and will be moderated by Stefan Fouant.