[metaslider id=2951] … Read More
Archives for June 2015
Snare Agents Advisory – Agent Denial of Service
New agents released on June 30th please see release notes available at the client login page
A vulnerability exists in some versions of the Snare Agents, which can be triggered to terminate the Snare service. The exploit attempts to overflow an input buffer in the remote management interface, and can be performed by an unauthenticated user using a custom crafted URL.
This vulnerability does not allow the attacker to gain privileged access, but it does affect the operation of the agent.
This affects the following the Snare Enterprise products:
– Snare Enterprise Agent for Windows
– Snare Enterprise Agent for MSSQL
– Snare Enterprise Epilog for Windows
– Snare Enterprise Epilog for Unix
– Snare Enterprise Agent for OSX
– Snare OpenSource Agents
– Disabling the remote control interface (GUI) will block this issue. Note that disabling the remote control interface will also disable the ability of the agent management console, to manage the affected agent.
– Appropriate network firewall controls, will limit the sources from which this exploit can be triggered.
– Some Unix operating systems can detect the attack as a potential SYN flood and block the source system.
The following versions of Snare Enterprise agents, and all versions prior to these versions, should be considered vulnerable to this issue:
– Snare Enterprise Agent for Windows v4.2.12
– Snare Enterprise Agent for MSSQL v1.3.4
– Snare Enterprise Epilog for Windows v1.7.12
– Snare Enterprise Epilog for Unix v1.5.5
– Snare Enterprise Agent for OSX v1.1.3
All versions of the listed OpenSource/SnareLite agents, and prior versions, should be considered vulnerable to this issue:
– Snare OpenSource Agent for Windows v18.104.22.168
– Snare OpenSource Epilog for Windows v1.6.0
– Snare OpenSource Epilog for Unix v1.5.0
The following versions of the Snare Enterprise agents have been patched, and are no longer vulnerable to this issue:
– Snare Enterprise Agent for Windows v4.3.0
– Snare Enterprise Agent for MSSQL v1.4.0
– Snare Enterprise Epilog for Windows v1.8.0
– Snare Enterprise Epilog for Unix v1.5.6
– Snare Enterprise Agent for OSX v1.1.4
For users who are running the OpenSource/SnareLite agents, it is recommended that the remote control interface be disabled. There is no schedule for fixes to the OpenSource/SnareLite agents at this time.
Cyber Security – Putting into Perspective
The news is full of stories of large well respected organizations (Target, Home Depot, Sony) and government agencies being victims of cyber crimes. Reporters than make statements like – well if these organizations can be victims, what does that mean to the small/midsized organizations.
So the truth is that no one is safe from cyber threats, to the cyber criminals organizations are just numbers (IP Addresses) and they are looking for those that have a weakness that can be exploited.
The challenge is to eliminate the weaknesses to the best of your ability. As I was writing this, I am reminded of the story of the Three Little Pigs and the Big Bad Wolf – funny how security can relate to a fable written in 1886. We all know the story – the first pig builds his house out of straw, which, unfortunately for the pig was not the best idea. The second pig builds his house out of sticks – again the news is not great for the pig. The third pig, takes his time and builds his house out of bricks, the wolf discovers that he cannot blow down the house, and has to revert to other tactics to get into the house. ( Denial of Service ).
He then attempts to trick the pig out of the house by asking to meet him at various places ( social engineering ), but the pig outsmarts him every time. Ultimately the wolf attempts to come down the chimney, where the pig captures the wolf.
In a very rudimentary way – this is how security works, first take your time and ensure that you have strong “perimeter defense” (an enterprise class firewall) , ensure that you have visibility on your “perimeter” so that you can see who is trying to get in, make sure that if they do get in that there is a way to limit their effectiveness be it antimalware (to quarantine viruses, malware, ransomware),or network access control (to stop data exfiltration).
Looking at these large, global entities, and putting into the perspective of the three little pigs – if the pig built an apartment complex, there are numerous ways to get in (windows/balconies), and even with an alarm, you are running from floor to floor to capture the wolf.
For those that of us that are not Target, Home Depot, etc, there are ways to protect yourself, as well as to attempt to identify who the cyber criminal is. I invite you to contact us to discuss your concerns, email at email@example.com or call at 866-431-8972.
Sophos Total Protect versus Full Guard
One of the items that we get asked often is what is the difference between the Sophos Total Protect and the Sophos Full Guard, both provide the next generation in Unified Threat Management, but there is a difference.
The Sophos Total Protect is specifically for those organizations that are purchasing Sophos appliance for the first time, or want to migrate from a software installation to the applianced product. Total protect includes the appliance, the five security subscriptions and 24 x 7 support (premium support), and a very competitive price point.
Full Guard is what you would be renewing if your purchased Total Protect previously or if you are purchasing the software only version of the Sophos UTM.
In addition to the Total Protect and Full Guard, Sophos has added in new packages:
Total Protect Plus – available for the software only, SG appliances and the XG appliances, so what does the plus refer to – it is the Sandstorm security subscription to detect suspicious payloads containing threats, malware and unwanted applications.
For the XG series only – Sophos offers the EnterpriseProtect, which bundles Network, Web and Enhanced Support
The security subscriptions included in both are Network Protection, Email Protection, Web Protection, Wireless Protection and Web Server Protection.
If you have any questions, please contact us at 866-431-8972 or firstname.lastname@example.org
The first 24 hours
While reading an ebook on PCI DSS from SC Magazine, there was a side bar that had steps to be taken within the first 24 hours after identifying a breach, by Matt Malone, CTO and founder of Assero Security.
- Record the date and time when the breach was discovered, as well as the current date and time when response efforts begin, i.e., when someone on the response team is alerted to the breach.
- Alert and activate everyone on the response team, including external resources, to begin executing a preparedness plan.
- Secure the premises around the area where the data breach occurred to help preserve evidence.
- Stop additional data loss. Take affected machines offline but do not turn them off or start probing into the computer until your forensic team arrives.
- Document everything known thus far about the breach: Who discovered it? Who reported it? To whom was it reported? Who else knows about it? What type of breach occurred? What was stolen? How was it stolen? What systems are affected? What devices are missing? etc.
- Interview those involved in discovering the breach and anyone else who may know about it. Document your investigation.
- Review protocols regarding disseminating information about the breach for everyone involved in this early stage.
- Assess priorities and risks based on what you know about the breach.
- Bring in your forensic firm to begin an in-depth investigation.
- Notify law enforcement, if needed, after consulting with legal counsel and upper management.
It is important to remember that for the most part Cyber Criminals are not specifically targeting large organizations, they merely see an IP address.
Contact us to find out more.
Sophos SG Series UTM announced as Winner of Best UTM Solution in 2015 SC Awards
Sophos SG Series UTM solution fought off competition from Fortinet, Check Point and Barracuda at the SC Magazine Awards 2015
OXFORD, UK – 10th June, 2015 – Sophos is pleased to announce that its Sophos SG Series UTM appliances were recognised by a panel representing the audience of SC Magazine, as the winning solution in the Best UTM Solution category at the 2015 SC Magazine Awards Europe 2015. The announcement was made Tuesday, 2nd June, 2015 at the awards presentation held at The Ballroom,Grosvenor House on Park Lane, London.
“We are delighted that our SG Series UTM came out on top at the SC Magazine Awards. Winning this award is a real honor and just shows that the features and models we have been adding to our SG series, such as the new integrated wireless models, are making Sophos a real leader in the UTM Firewall market” said Chris Weeds, Director, Product Marketing, Sophos. “Our network security product team are rightly proud of this achievement, but credit also goes to our partners and customers, whose input and feedback helps us to continue to build great products.“
Sophos’ SG Series UTM was also recently awarded five stars by PC Pro Magazine, and added to their A-List.
Each year, hundreds of products are entered in the EXCELLENCE AWARDS: THREAT SOLUTIONS categories. Each product is judged by a panel representing a cross-section of SC Magazine readership, which is comprised of large, medium and small enterprises from all major vertical markets including financial services, healthcare, government, retail, education and other sectors. Entrants are narrowed down to a select group of finalists before undergoing a rigorous final judging process to determine the winner in each category.
Quote from Tony Morbin, Editor in Chief, SC Magazine UK
“It’s more important than ever to recognise the tireless efforts of the men and women across the globe who work to combat these threats and provide cyber-security. Sophos’ SG Series UTM is a significant achievement and one that shows Sophos’ dedication to innovation and protecting against the ever-changing threat landscape,” said Tony Morbin, Editor in Chief, SC Magazine.