Network Monitoring Can Provide Key Clues To Security Problems

Done properly, traffic analysis and log review can help administrators identify threats they might not recognize otherwise

Sep 27, 2010 | 05:03 PM

By John Sawyer, Contributing Writer @ DarkReading



Excerpted from "What's Going On? Monitor Networks to Thwart Intrusions," a new report posted this week on Dark Reading's Security Monitoring Tech Center.]

An alarmed Iran asks for outside help to stop rampaging Stuxnet malworm

Stuxnet Worm Claimed To Be Devastating In Iran                                               |
The Web site debka.com reported 


"Tehran this week secretly appealed to a number of computer security experts in West and East Europe with offers of handsome fees for consultations on ways to exorcize the Stuxnet worm spreading havoc through the computer networks and administrative software of its most important industrial complexes and military command centers. DEBKAfile's intelligence and Iranian sources report Iran turned for outside help after local computer experts failed to remove the destructive virus."


None of the foreign experts has so far come forward because Tehran refuses to provide precise information on the sensitive centers and systems under attack and give the visiting specialists the locations where they would need to work. They were not told whether they would be called on to work outside Tehran or given access to affected sites to study how they function and how the malworm managed to disable them. Iran also refuses to give out data on the changes its engineers have made to imported SCADA (Supervisory Control and Data Acquisition) systems, mostly from Germany.

The impression DEBKAfile sources gained Wednesday, Sept. 29 from talking to European computer experts approached for aid was that the Iranians are getting desperate. Not only have their own attempts to defeat the invading worm failed, but they made matters worse: The malworm became more aggressive and returned to the attack on parts of the systems damaged in the initial attack.

Sounds like they need help in Iran.

UN 'to appoint space ambassador to greet alien visitors'

Last week I flippantly stated that it looked like the UN should soon consider creating an "Intergalactic Intelegence and Security Service (IISS)." Read that post from Sept. 15 below about the Ex-military men who said unknown intruders have monitored and even tampered with American nuclear missiles. Six former U.S. Air Force officers and one former enlisted man will break their silence about these events at the National Press Club and urge the government to publicly confirm their reality.

I had no idea that the UN was reading my blog or was aware of aliens monitoring our nuclear missile sites. 

Check out the article below: "UN 'to appoint space ambassador to greet alien visitors' "

By Heidi Blake
Published: 11:30AM BST 26 Sep 2010

A space ambassador could be appointed by the United Nations to act as the first point of contact for aliens trying to communicate with Earth.

Mazlan Othman, a Malaysian astrophysicist, is set to be tasked with co-ordinating humanity’s response if and when extraterrestrials make contact.

Aliens who landed on earth and asked: “Take me to your leader” would be directed to Mrs Othman.

She will set out the details of her proposed new role at a Royal Society conference in Buckinghamshire next week.  The 58-year-old is expected to tell delegates that the proposal has been prompted by the recent discovery of hundreds of planets orbiting other starts, which is thought to make the discovery of extraterrestrial life more probable than ever before.

Mrs Othman is currently head of the UN’s little known Office for Outer Space Affairs (Unoosa).

In a recent talk to fellow scientists, she said: “The continued search for extraterrestrial communication, by several entities, sustains the hope that some day human kind will received signals from extraterrestrials.

“When we do, we should have in place a coordinated response that takes into account all the sensitivities related to the subject. The UN is a ready-made mechanism for such coordination.”

Professor Richard Crowther, an expert in space law at the UK space agency who leads delegations to the UN, said: “Othman is absolutely the nearest thing we have to a ‘take me to your leader’ person”.

The plan to make Unoosa the co-ordinating body for dealing with alien encounters will be debated by UN scientific advisory committees and should eventually reach the body’s general assembly.

Opinion is divided about how future extraterrestrial visitors should be greeted. Under the Outer Space Treaty on 1967, which Unoosa oversees, UN members agreed to protect Earth against contamination by alien species by “sterilising” them.

Mrs Othman is understood to support a more tolerant approach.

But Professor Stephen Hawking has warned that alien interlopers should be treated with caution.

He said: “I imagine they might exist in massive ships, having used up all the resources from their home planet. The outcome for us would be much as when Christopher Columbus first landed in America, which didn’t turn out very well for the Native Americans.”

U.S. Nuclear Weapons Have Been Compromised by Unidentified Aerial Objects

Looks like the UN may soon create an Intergalactic Intelegence and Securinty Service (IISS):

PR Newswire                          WASHINGTON, Sept. 15

Quoted directly from the Reuters article:Ex-military men say unknown intruders have monitored and even tampered with American nuclear missiles.

Group to call on U.S. Government to reveal the facts.

WASHINGTON, Sept. 15 /PRNewswire-USNewswire/ -- Witness testimony from more than 120 former or retired military personnel points to an ongoing and alarming intervention by unidentified aerial objects at nuclear weapons sites, as recently as 2003. In some cases, several nuclear missiles simultaneously and inexplicably malfunctioned while a disc-shaped object silently hovered nearby. Six former U.S. Air Force officers and one former enlisted man will break their silence about these events at the National Press Club and urge the government to publicly confirm their reality.

For the complete announcement visit the Reuters site at
http://www.reuters.com/article/idUS166901+15-Sep-2010+PRN20100915?pageNumber=1

Bipartisan bill would ramp up anti-piracy enforcement online

By Gautham Nagesh - 09/20/10 02:00 PM ET -  OntheHill Web site

A bipartisan bill unveiled Monday would make it easier for the Justice Department to shut down websites that traffic pirated music, movies and counterfeit goods.

Members of the Senate Judiciary Committee including chairman Patrick Leahy (D-Vt.) and Orrin Hatch (R-Utah) introduced the Combating Online Infringement and Counterfeits Act, which would create an expedited process for DoJ to shut down websites providing pirated materials. 

“Each year, online piracy and the sale of counterfeit goods costs American businesses billions of dollars, and result in hundreds of thousands of lost jobs,” Leahy said in a statement. “Protecting intellectual property is not uniquely a Democratic or Republican priority — it is a bipartisan priority.”

“This much-needed bill will help law enforcement keep pace in shutting down websites that illegally sell copyrighted goods," Kohl said. "By cracking down on online piracy of television shows and movies, we hope this bill will encourage copyright owners to develop innovative and competitive new choices for consumers to watch video over the Internet."

Specifically the bill would authorize Justice to file an in rem civil action against domain names used to traffic infringing material. In order to obtain a preliminary court order against the owner of the domain or website, Justice would have to show the site's "substantial and repeated role in online piracy and counterfeiting."

http://thehill.com/blogs/hillicon-valley/technology/119771-bipartisan-bill-would-ramp-up-anti-piracy-enforcement-online

Stephen Northcutt Offers Advice to Security Pros: Learn Chinese

From the Bank Info Security News Web Site - "Bank Information Security Articles"

Interview on September 14, 2010 - by Upasana Gupta, Contributing Editor

Stephen Northcutt, CEO of SANS Technology Institute, has a piece of advice for up and coming security professionals. "Learn Chinese; you are going to need it." Further, Northcutt advises, "Learn and live by the security axiom: protection is ideal, but detection is a must."

In an exclusive interview on careers in information security, Northcutt shares insights on:

• On how he started his career;
• Opportunities and gaps he sees in our professional training system;
• Advice to today's security practitioners

SANS Technology Institute is a postgraduate level IT Security College, and Northcutt, its CEO, is an acknowledged expert in training and certification. He founded the Global Information Assurance Certification (GIAC) in 1999 to validate the real-world skills of IT security professionals. GIAC provides assurance that a certified individual has practical awareness, knowledge and skills in key areas of computer and network and software security.

Northcutt is author/coauthor of Incident Handling Step-by-Step, Intrusion Signatures and Analysis, Inside Network Perimeter Security 2nd Edition, IT Ethics Handbook, SANS Security Essentials, SANS Security Leadership Essentials and Network Intrusion Detection 3rd edition. He was the original author of the Shadow Intrusion Detection system before accepting the position of Chief for Information Warfare at the Ballistic Missile Defense Organization.

Check out the entire interview at the BankInfoSecurity site

Aanval Version 6 Under Development, Soon to be Released

Loyal Moses, Founder of Tactical FLEX, stated in an interview earlier this week that development of Aanval v6 is progressing quite nicely.  He said the Dev Team plans to have the code done and testing completed in the next couple of weeks. 


Aanval Version 6 is Enterprise:  Once the dev team began designing v6, they decided to totally re-write the front end of the Aanval console. They wanted Aanval v6 to not just be a major release, but to give it an "Enterprise look and feel."  


Many suggestions and ideas from Aanval customers will be included in v6. 


Will post more as I peal back the hood and get the details on Aanval v6.  This code is simply gonna be awesome!  Screen shots will follow.

FCC's White Space Plan Not Exactly WiFi on Steroids ?

Wayne Rash of eWeek Weighs in on the FCC's Plan to approve ......

"The announcement that the Federal Communications Commission was prepared to approve unlicensed digital operations in slices of the frequency spectrum occupied by television guard bands is being greeted eagerly by many, including Google and Microsoft." 

"Ultimately it will probably be a good idea, but it's by no means clear that it will be the panacea to a national broadband solution that some hope it will be.  In fact, there's every possibility that the whole "White Space" excitement is badly overhyped and in the long run will likely lead to more disappointment than broadband growth."

I guess I am one of the ones in remote and rural areas of the USA hoping this results in new options.

For the whole of Rash's comments and insight go to eWeek at http://www.eweek.com/c/a/IT-Infrastructure/FCC-White-Space-Plan-Isnt-Exactly-WiFi-on-Steroids-253860/?kc=EWKNLGOV09152010STR1

Homeland Security Department to Test Iris Scan Technology

The Department of Homeland Security plans to test futuristic iris scan technology that stores digital images of people's eyes in a database. This is considered a quicker alternative to fingerprints. "The department will run a two-week test in October of commercially sold iris scanners at a Border Patrol station in McAllen, Texas, where they will be used on illegal immigrants," said Arun Vemury, program manager at the department's Science and Technology branch.  "The test will help us determine how viable this is for potential (department) use in the future," Vemury said.

Links:   http://www.usatoday.com/tech/news/surveillance/2010-09-13-1Airis13_ST_N.htm

'Super FAST Wi-Fi' = FCC To Open Up Vacant TV Airwaves For Broadband

'Super FAST Wi-Fi' may be available if the FCC works out the final details of proposed new radio spectrum rules. This will open up the so-called 'white spaces' of vacant airwaves between broadcast TV channels for wireless broadband connections. If the FCC approves plan, we will see Wi-Fi with a much longer range and a stronger signal. 


Concerns have been expressed about possible interference with TV signals and wireless microphones. The FCC is scheduled to vote next week on rules which should resolve these issues.

Discuss this story at:  http://mobile.slashdot.org/comments.pl?sid=10/09/13/1417208

Links:   http://skunkpost.com/news.sp?newsId=3171

Google Apps Director of Security Eran Feigenbaum

Catch a brief interview, "Q and A style," with Google Apps Director of Security Eran Feigenbaum by V3.co.uk - formerly vnunet.com at http://www.v3.co.uk/v3/analysis/2246616/q-google-apps-director-security

Addresses several topics including what he sees as the major challenges facing information security bosses today.


Good short read.

2010 Data Breach Investigations Report

This is A study conducted by the Verizon Business RISK team in cooperation with the United States Secret Service. 

(Below is a Quote from this report:)

Executive Summary

In some ways, data breaches have a lot in common with fingerprints. Each is unique and we learn a great deal by analyzing the various patterns, lines, and contours that comprise each one. The main value of fingerprints, however, lies in their ability to identify a particular individual in particular circumstances. In this sense, studying them in bulk offers little additional benefit. On the other hand, the analysis of breaches in aggregate can be of great benefit; the more we study, the more prepared we are to stop them.

Read this report for a look at "Cybercrime Year in Review, 2009" and many other topics.

Security Topics in the News

Information Security issues are making the news this year.  From passwords to hacking and sneaking attacks and other threats, If you are online you've got to be aware to be safe.
 "How to Stop 11 Hidden Security Threats"   PC World
Antivirus software and a firewall alone can't guarantee your safety. Here's how to foil the latest crop of sneaky attacks and nefarious attempts to steal your data.


Are You Worried About ID Theft? Join the Club PC World

Nearly two-thirds of Americans are concerned that information about their bank accounts, credit cards and identity may be stolen from their computers,.............
 .

iTunes Scam: How to Protect Yourself - PC World
In recent weeks, more and more iTunes users have been reporting fraudulent activity on their Apple accounts, reporting hundreds or even thousands of dollars worth of bogus purchases........ The problem, it seems, actually lies with iTunes users.  Go figure!  Be careful with those iTunes Scams.


Snoop Dogg Joins the War on Cybercrime - From the "you have got to be kidding department" of Security Week News - In a somewhat untraditional partnership, Snoop Dogg and Symantec’s Norton want you to show off your lyrical skills on the subject of cybercrime and enter the "Hack is Wack" cybercrime rap contest. The contest, which runs through Sept. 30, 2010, asks participants to create and upload a two-minute rap video at www.HackIsWack.com. 

Creating Secure Passwords You Can Remember -  PC World - Good Solid Advice

Six years ago at the 2004 RSA Security Conference, Microsoft Chairman Bill Gates declared the password dead. He told his audience that the password can't meet the challenge of keeping sensitive information protected, saying "People use the same password on different systems, they write them down and they just don't meet the challenge for anything you really want to secure."  Offers advice on how to create a secure password that you can actually remember in "12345" easy steps.  Good read. 

This Aanval InfoSec Blog sponsored by Tactical FLEX, makers of Aanval the industry's leading web-based gui for snort and syslog intrusion detection and correlation. www.aanval.com Download Aanval for free test drive today.

Bad News for Desk Jockeys, Couch Potatoes and most office workers

The Chicago Tribune recently reported that even if you get plenty of exercize, sitting down all day reduces your lifespan. From the article: 'Even after adjusting for body mass index (BMI) and smoking, the researchers found that women who sit more than 6 hours a day were 37 percent more likely to die than those who sit less than 3 hours; for men, long-sitters were 17 percent more likely to die. 


People who exercise regularly had a lower risk, but still significant, risk of dying. Those who sat a lot and moved less than three and a half hours per day are the most likely to die early: researchers found a 94 percent increased risk for women and 48 percent increase for men, they announced recently in the American Journal of Epidemiology.'"


So time to get up and move around a bit.  Go ahead and give me 15 pushups, if you can. Jump rope or skip to the bath room. 


Be creative, but by all means keep moving!

For the story visit the Chicago Tribune at 

http://www.chicagotribune.com/health/sns-health-healthy-aging-sitting-early-death,0,6105710.story