TheHelpdesk.nl

Onderzoek en Technologie

11.14.2006

Met één van onze zusterbedrijven doen wij onderzoek naar de ontwikkeling van nieuwe geavanceerde en toch eenvoudig in te richten beveiligingsconcepten, met name toepasbaar voor het MKB.

Daarnaast zijn bezig met onderzoek naar een nieuwe vorm van data beveiliging.

Wij hopen u hier binnenkort meer over te kunnen berichten.

Bezoek onze nieuws site de NieuwsDesk voor meer artikelen, nieuws, commentaren en achtergronden over tal van zaken zoals veiligheid, ontwikkelingen, technologie, tips en een speciale sectie voor het MKB.

SEO Algorithms (Google)

Wij hebben een pagina met pdf en powerpoint downloads opgenomen met een aantal belangrijke algorithmes van Google (Meer>>)

Force10 switches to open source NetBSD for core switch OS

Flexibility, improved software stability are reasons for Force10's open source operating systemswitch

ByPhil Hochmuth,Network World,02/14/07

10G Ethernet vendor Force10 Networks is changing the operating system on its data center switches to NetBSD, an open source platform, with the aim of improving switch performance for customers.

The switch company has ported its Force10 Operating System (FTOS) from Wind River's VxWorks, a proprietary real-time operating system, to open source NetBSD, in an effort to make its switches more stable and flexible.

Force10 says the modular architecture of NetBSD will make its switch software more stable and easier to manage, especially for users running lots of network services or advanced protocols. The company adds that NetBSD will enable its E-series switches to operate like a Unix server, which runs separate applications and processes on top of a core operating system.

Network services will be easier to turn on and off this way, and new applications for the switch will be easier to develop, says Sachi Sambandan, vice president of engineering at Force10 Networks. Users will be able "to build networks that can expand as new applications are added while maintaining predictable performance," he says.

Network vendors have used Linux and BSD-variant operating systems for years in appliances such as firewalls, small office or home router, and VPN gear. Lately, router vendors have begun to make open source a more central part of their systems. Cisco uses a Linux-based services blade on its Integrated Services Routers and 3Com recently released the Linux-based Open Services Networking blade for its routers.

While 3Com and Cisco run their core operating systems on proprietary code, others companies put open source in the core of their network gear. Extreme Networks' XOS operating system for its BlackDiamond, Summit and Alpine switches is based on a modified version of Linux. Vyatta takes this a step further with its Open Flexible Router, a free, Linux-based router/firewall software product based on the open-source eXtensible Open Router Project stack.

Force10 says NetBSD will add another layer of redundancy and stability on top of its three-tier processor architecture, which uses separate chips to run switching, routing and management tasks, as opposed to combining these processes onto a single chip — and a single point of failure.

"When did open source systems like Linux take off?" says Robert Whiteley, senior analyst with Forrester Research. "When a couple of well-know companies, like IBM and HP, forged relationships with Red Hat and other open source companies." This trend is happening now with networking, he adds.

Onderzoek naar zwaktes in IPS's.

Een bijzonder onderzoek, dat wij bij onze desk research tegenkwamen, is gepubliceerd via NetworkWorld. Het is van eminent belang voor grote(-re) ondernemingen (enterprises) en heeft betrekking op Intrusion Prevention Systems. Om het onderzoek samen te vatten, zeer kort door de bocht gesteld: deze systemen kennen een trade-off tussen veiligheid en performance, waardoor ze NIET altijd VOLLEDIG waterdicht zijn. In een aantal gevallen wordt een "fail open" situatie bereikt, waardoor narigheid kan ontstaan. Een link naar het betreffende artikel: NetWorkWorld-IPS Er is ook een zeer interessante video van ongeveer 18 minuten over de feitelijke tests in het laboratorium, ons inziens een MUST voor alle beveiligers bij grote(-re) bedrijven: IPS-video-Lab-Test. Overigens stemt dit ook tot nadenken over de IPS hard- en software voor kleinere kleinere bedrijven met minder traffic. Zit daar ook deze zwakheid in? Wij zullen kijken of wij met anderen een soortgelijke test kunnen opzetten voor dat soort hardware en software.

UTM

Een interressante ontwikkeling is die van de UTM, de "Unified Threat Management" appliances. Dit samenstel van hardware en software combineert, meer nog dan de huidige appliances, Intrusion Protection, anti-virus, anti-spam, content filtering, e.d. Toch is ook hier enige reserve op zijn plaats, zeker in het licht van het bovenstaande artikel. Men dient te bedenken, dat dit feitelijk ook alleen maar een bescherming aan de buitenkant is, een "perimeter defense system".

Bescherming aan de binnenzijde wordt vrijwel nergens serieus genomen. En wat bij defensie, het openbaar ministerie en andere instanties kan voorkomen, zal ook bij anderen voorkomen. Waarschijnlijk nog vaker. Om maar te zwijgen over kwaadwillige acties, zoals regelrechte diefstal van gegevens bij b.v. bedrijven. Daar moet veel meer aandacht aan worden gegeven. Wij zullen in de nabije toekomst hier extra aandacht aan schenken.

American Company launches anti-botnet service

'Trend Micro announced a new service to help large organizations and Internet service providers (ISPs) fight networks of zombie machines, known as "botnets."

The new service, dubbed InterCloud, was announced Monday and is intended to help organizations fight botnets, fast-changing networks of rogue computers that are used in denial of service (DOS) attacks, spam campaigns, identity theft, and other malicious acts. The new service uses behavioral analysis technology, developed by Trend, and known as Behavioral Analysis Security Engine (BASE) to spot and isolate bot machines on managed networks, according to Paul Moriarty, director of product development for Internet Content Security at Trend.

BASE analyzes application and network infrastructure data, such as DNS queries and Border Gateway Protocol (BGP) routing tables. The engine can spot behavior indicative of bots, such as an abnormal series of DNS queries. The service also uses data from Trend's global network of researchers and customers to provide intelligence on new or evolving bot activity. The company's Bot Identification Team identify and monitor bot activity globally,Trend said.

InterCloud relies, in part, on a new, hardened and revamped DNS server that allows Trend to aggregate suspicious data and report on host systems that may be infected with bot programs, Moriarty said.

"We can take a day's worth of DNS logs and tell them how many spambots or zombies they have. That's a capability that most IPSes lack," he said.

InterCloud customers can remediate infected systems by denying them access to the network, or by quarantining them and pushing out necessary updates or scanning and disinfecting them, said Dave Rand, CTO of Trend's Internet Content Security group.

The InterCloud service includes a Web-based management portal for viewing and reporting on bot activity and managing security policies, Trend said.

Botnets are one of the fastest growing and most dangerous online threats, said Rand. On any day, Trend tracks millions of infected systems that have been joined to one of a number of global bot networks. But bot infections can also jump up, depending on the availability of easy to exploit security holes, such as the recent VML vulnerability in Microsoft's Internet Explorer browser, or the Windows Server Service vulnerability that was disclosed by Microsoft in August.

Trend identified more than 250,000 new bots each day for the two days after an exploit was developed for the Server Service hole, which Microsoft patched with MS06-040. Typically, the company might identify 250,000 new bots over the course of a month, Moriarty said.

Trend researchers are also spotting many more targeted attacks, in which bots are being written for specific purposes, such as culling sensitive information from the targeted network, then forwarding it back to a command and control server, usually in a foreign country. Many of those appear aimed at identity theft, or espionage against the U.S. government or government contractors.

Few enterprise security products can scale to support hundreds of thousands or millions of hosts, which means that ISPs and very large organizations often rely on internal security teams and products to manage security.

However, those company-focused teams lack the broad perspective that companies with global research operations and a global customer base can muster, Moriarty said.

InterCloud, which will be licensed by the seat, will offer ISPs the prospect of turning security into a profit center, by focusing attention on the relatively small number of infected systems, then targeting their owners with software, such at Trend's Web-based HouseCall antivirus scanner, that can clean their system and keep it from becoming reinfected. ISPs could then get a share of any software sales made through that channel, Moriarty said.

Trend Micro will feature InterCloud Security Service and the BASE technology at DEMOfall '06 this week in San Diego.

Bron: INFOWORLD, A.C.

UTM thwarts blended attacks

Unified threat-management appliances provide increased intelligence to detect network threat activity through the correlation and analysis of data from various security engines. This approach provides an alternative to a piecemeal implementation of separate systems.

IDC established this product category, with a minimum feature set that includes a firewall, intrusion detection/prevention system (IDS/IPS) and antivirus capabilities. Many UTM appliances have been expanded to include VPNs, antispam, antispyware and Web content filtering.

Most of these security capabilities operate at the application layer to detect spam, viruses, worms and other sophisticated forms of attack, as well as potentially offensive or unauthorized content. Therefore, every UTM appliance must be able to perform deep packet inspection from Layers 3 through 7. Some threats can span several packets, requiring a multipacket payload-reassembly mechanism to thwart them in real time.

Despite the security integration advantages offered by UTM appliances, their complex packet-processing requirements raise concerns about performance. For this reason, UTM systems should deploy some means of hardware acceleration.

The performance issue has two dimensions: throughput and latency. Hardware acceleration affords improvement in both dimensions, and some UTM systems can achieve a throughput of up to 70Gbps with a total latency of less than 50 msec.

Performance also can be a problem with stand-alone systems. Individually, they can offer satisfactory throughput with sufficiently low latency, but when implemented in a serial fashion, as required by the piecemeal defense-in-depth approach, the latency is cumulative.

Because many enterprise networks now support delay-sensitive applications, such as VoIP, the total latency can quickly exceed the recommendation for these mission-critical applications. UTM solutions help overcome latency issues by reassembling the data once for multiple security features rather than reassembling the content for each security feature individually.

With its integration of multiple security engines into a single appliance, UTM makes it easier for administrators to enforce detailed security policies throughout the enterprise. It also makes it possible to detect blended threats that employ a combination of attacks (such as a mix of viruses, worms, Trojans and denial-of-service attacks) crafted to circumvent a single line of defense.

With UTM solutions, the integrated security engines work together, enabling the system to inspect real-time traffic - whether as packets or entire files - from multiple vantage points. For example, a seemingly harmless e-mail may pass through an antivirus system. But the message may contain an HTML-based attachment that ultimately points to a Trojan. Because a UTM solution can use a combination of antispam, antivirus, antispyware and other security engines, it can detect such blended threats more readily.

The combination of multiple security engines within a UTM solution establishes a new approach for the detection and remediation of blended threats.

James is director of project management for Fortinet. He can be reached at ajames@fortinet.com.

Bron: NetWork World, A.James

Dell and Symantec Have Joined Forces To Deliver A One-Two Punch To Out-Of-Control Email

As businesses grapple with securing and managing their IT infrastructures, the companies today announced Secure Exchange, an end-to-end offering that takes time and complexity out of deploying a secure, reliable Microsoft Exchange environment with extensive archiving capabilities.

Secure Exchange, an industry-first validated offering, is based on the Microsoft Exchange expertise Dell has gained from migrating more than four million Exchange and Active Directory mailboxes. The offering includes a jointly engineered reference architecture with hardware and software, expanded services and sizing tools that provide a step-by-step blueprint to simplify data security, backup, recovery and archiving.

Secure Exchange is made up of Dell PowerEdge servers, PowerVault storage, Dell/EMC storage and Symantec products, including Symantec Mail Security 8200 Series, Symantec Mail Security for Microsoft Exchange, Symantec Enterprise Vault, and Backup Exec. Dell services are tailored for each offering.

“Dell and Symantec are bringing together deeply integrated hardware, software and services solutions to help customers regain control of rapidly growing email environments,” said Brad Anderson, senior vice president, Dell Enterprise Product Group. “Secure Exchange builds on our ability to help customers take the complexity out of deploying mission-critical enterprise applications with the expertise to tailor solutions that meet specific customer needs.”

The need for effective email management is evident with the nearly 84 billion emails being sent daily worldwide in 2006, according to IDC.¹ Today, occurrences of viruses are commonplace and spam accounts for 75-90 percent of an organization’s email.² Additionally, looming regulatory compliance deadlines require email archiving. According to Gartner, Inc., a leading industry analyst firm, 50 percent of medium-sized companies are not putting enough funding behind compliance activities.³

“As email continues to be a critical business application, technology leaders must provide the tools customers need to manage their environment more effectively so that they can concentrate on business growth and customer service,” said Jeremy Burton, group president, Security and Data Management Group, Symantec. “The new offering represents a compelling combination of hardware, software and services that will help customers take control of their email.”

The Secure Exchange reference architecture is a guide for mid-sized customers with 500 to 2,000 users or more who want to deploy secure and available email infrastructures without the work of creating their own. Engineers combined hardware and software to test the interoperability of all components and performance so customers can predictably deploy modular or complete solutions. The knowledge and empirical data from those efforts were applied to the Exchange Advisor, a Dell-designed sizing tool that enables customers to scope configuration and implementation needs for performance or availability.

Dell also expanded assessment, design, implementation and training services to help customers easily deploy Microsoft Exchange and Symantec solutions. Additionally, Dell’s most advanced enterprise support offering, Platinum Plus, as well as Gold Enterprise Support, is available to customers deploying Secure Exchange.

Availability and Pricing

Available in the United States and Europe, the starting list price for a 500-seat modular backup and recovery solution, including hardware, software licenses and services, is approximately $54,678. It includes Dell PowerEdge 1950s, PowerVault 110T and M1000, Microsoft Windows Server 2003, Microsoft Exchange 2003 and Symantec Backup Exec.

Secure Exchange will be sold by Dell and will be supported and sustained by Dell and Symantec. For more information, visit www.dell.com/secure_exchange. Extensive engineering work performed by Dell and Symantec forms the basis of the Symantec Enterprise Messaging Management for Microsoft Exchange Yellow Book, which can be found at www.symantec.com/yellowbooks.

Today's announcement adds to Dell's existing Exchange solutions based on industry-leading messaging and archiving products from EMC. EMC's Centera content-addressed storage system is a highly valued component of Dell's exchange solutions that handles long-term, online archiving of fixed content or unalterable data such as email. For more information, visit www.dell.com/emc.

Bron: Playfuls.com

Artikel over nieuwe google custom search engine

Google customizes search tool to cut through Web noise

By Katie Hafner The New York Times

Published: October 24, 2006

SAN FRANCISCO Google has introduced a tool that allows Web sites and blogs to offer visitors a customized version of its search engine, narrowing down its vast index so the results are more relevant for users.

Called the Google Custom Search Engine, the new product, introduced Monday, lets Web site owners choose which pages they want to include in their index and rank the pages as they like.

Yahoo has introduced a similar product, called Search Builder, but Google says that its service allows more customization.

"We have some features we feel are quite unique," said Marissa Mayer, vice president for search products and user experience. "We allow people to restrict or prioritize search results based on the sites they've chosen."

The new service is free. Web site publishers split the revenue from the text advertisements that Google places on the search results through its AdSense program. Nonprofit organizations, government agencies and educational institutions are not required to include ads.

"The trouble with Google is you do get a lot of noise," said Andrew Frank, a research director in New York with Gartner, a market research firm. "Stuff gets through that isn't really relevant, either intentionally, or there are sometimes ambiguities. This definitely helps improve the relevance and skip the noise."

Frank said that the new service had benefits for Google and its advertisers. "For people in the AdSense network, it's a way to increase inventory," he said, "and for Google it's an extension of reach."

Custom search engines are already up and running on a dozen or so sites. Macworld.com has been using a preliminary version of the product for the last month, customized to cover several Mac-oriented sites owned by Mac Publishing, a unit of International Data Group, or IDG.

Jason Snell, vice president and editorial director at Macworld, said that his site had been paying to use a search program by another company. But users had been unhappy with the results, and "in the last month, we made the decision to drop it like a rock," Snell said.

"We pulled it out and put Google in its place," he said. "There's no barrier to switching to Google because Google already knows about all our pages."

Snell said the customization tool was easy to configure. "I think you'll see a lot of people switch their search engine from whatever it might be to this," he said. "I think people have a comfort zone with Google searches."

To build a customized index, users fill out a few Web-based forms, and are then given the code for a search box that they can cut and paste into their own Web pages.

"I think what's going to drive usage is that it's really easy for users to come up with a search engine in a matter of minutes," Mayer said.

Bron: IHT