Posts Tagged ‘network’

« Older Entries
Newer Entries »

How trustworthy is your digital hardware?

November 11th, 2011
Share

In May 2010, for example, the FBI’s Operation Network Raider seized more than 700 pieces of counterfeit Cisco network hardware and labels with an estimated retail value of more than $143 million. While that scheme was likely conceived for financial gain, designers of integrated circuits, or microchips, also need to protect military, financial, transportation, and other critical digital infrastructure from Trojans inserted by intruders with other criminal or military intentions.
Like the Trojan horses of Greek mythology, cyber Trojans appear to be harmless but instead steal information or harm a system once it is in operation.

Ramesh Karri, professor of electrical and computer engineering at Polytechnic Institute of New York University (NYU-Poly), and researchers from the University of Connecticut have developed new techniques that designers can use to defend against weaknesses in the supply chain, which typically includes an overseas manufacturer and often stretches across the globe.

Their new “design for trust” techniques update the well established “design for manufacturability” and “design for testability” mantras. They were outlined in two IEEE Computer Magazine articles, “Trustworthy Hardware: Trojan Detection and Design-for-Trust Challenges,” and “Trustworthy Hardware: Identifying and Classifying Hardware Trojans.”

“The ‘design for trust’ techniques build on existing design and testing methods,” explains Karri.

One such technique involves ring oscillators, which are sets of odd numbered, inverting logic gates that designers use to ensure an integrated circuit’s reliability. Circuits with ring oscillators produce specific frequencies based on the arrangement of ring oscillators. Trojans alter the original design’s frequencies and alert testers to a compromised circuit.

However, sophisticated criminals could account for the frequency change in their Trojan design and implementation. Karri and his team suggest designers thwart their tactics by creating more variants of ring oscillator arrangements than criminals can keep track of, making it harder for them to implant a Trojan without testers detecting it.

Unlike microbiologists with relatively easy access to sample viruses, Karri and other hardware security researchers cannot study ample real-world Trojans because companies and governments are reluctant to share infected hardware for reasons of intellectual property, national security, or fear of embarrassment.
So Karri and his colleagues turned to the crowd to collect sample Trojans that informed their design-for-trust techniques.

Graduate and undergraduate students from across the country build and detect hardware Trojans for the Embedded Systems Challenge.

Karri and his team analyzed a diverse collection of 58 submissions from the 2008 competition and developed a taxonomy that is helping to standardize metrics for evaluating Trojans.

Crowdsourcing Trojans benefits the team’s research and will help guide future researchers and practitioners, according to Jeyavijayan Rajendran, an NYU-Poly electrical and computer engineering doctoral candidate and co-author.

Rajendran was the 2009 winner of the Embedded Systems Challenge and has been the student leader of the national challenge since then. In the 2010 competition, Rajendran’s 2009-winning defense was successfully attacked.

“I went back and studied the vulnerabilities and developed additional techniques to fix them,” he says. “The Embedded Systems Challenge changed my research process. Now I am not only thinking from a defender’s point of view, but I am also thinking from an attacker’s point of view.”

Trojans from the Embedded Systems Challenge and the design-for-trust techniques are available on TrustHub.org, a site funded by the National Science Foundation (NSF) that was created to encourage community building and knowledge exchange among hardware security researchers and professionals. NYU-Poly is one of four cybersecurity research institutions that founded the site.

Source:http://www.futurity.org/science-technology/how-trustworthy-is-your-digital-hardware/

Comments Off »

Posted in Hardware News

Tags:

Why B2B for Network security is Needed

November 2nd, 2011
Share

The road to network security is a long one for any business, with many pitfalls along the way. Human personalities can make life difficult when personal preferences and personalized use profiles intervene with intelligent technical design of a network use plan. The concept of a motive in planning a uniform use of network devices needs to be underlined and emphasized to the staff.

A system that was secure last year is open to newer and newer threats each week, especially with patches, upgrades, physical device upgrades and IT overhauls. The more things change in computer system safeguarding the more things in device and computer desktop security stay the same. Aligning personal interests to the device security is key to motivating personnel to remembering best practices for network security. The market for B2B products and services along this industry channel therefore remains robust.

Employees must be advised repeatedly that the investment in computer integrity and device security is not the employee’s to control. Policy updates to any intellectual property uses of a computer can lead any employee can accidentally or inflict harm on a network even through the purest of motive. For company employees to value the total product of what they do and the mission of their organization means to value the total entity. Thus demand for B2B network security services for companies of all sizes and shapes exists and grows daily.

Device security and online threats to networks via malware, viruses and intrusions are now common knowledge. But the lengths to which a computer sniffer or intruder will go to get into a system via various types of device platforms such as cellphone, smartphone and wireless devices may still surprise even sophisticated computer users. Passing through airports and using business machines on “personal time” can compromise a business machine instantly.

The investment a company makes in its employees awareness of network security via everyday best practices can protect every dollar spent in network security and IT tech. In fact, malicious intruders and device sniffers count n the every day users being “fed up” with safety and conservative computer use habits to break the protocol and be careless. They are waiting with a variety of programmed sniffer technologies and hardware to scan and screen for openings into valuable systems and to allow them to seed harmful programs that can cause damage down the line to companies and individuals.

Ironically, these same employees are disappointed and annoyed when their own retail and institutional commercial credit and business companies and vendors fall short in the security department. Software and technology innovate daily and sadly so do network security threats.

Comments Off »

Posted in Hardware News

Tags:

Palo Alto Networks takes firewalls to next level

October 24th, 2011
Share

For the past 15 years or so, security pros have relied on the trusty firewall and other hardware to keep bad guys from running amok on corporate networks. For the most part, this has meant blocking tainted e-mails and keeping workers away from harmful websites.

The latest wave of Web services, like Skype and Google Docs, has introduced fresh problems. They can transfer files, store data and allow remote computer access in ways that can’t be easily patrolled by the standard sentinels.

Nir Zuk has another option. He’s a veteran of the traditional firewall and security industry who struck out on his own six years ago to create a product for today’s Web. The company he founded, Palo Alto Networks, sells a next-generation firewall that makes modern Web services safe for the workplace and gives companies precise control over how their employees can use them.

“Our customers don’t want to block Facebook,” Zuk said. “They want to use it, but they also want some control.”

As interest in Web-based software has surged, so too have Palo Alto Networks’ sales. The company has hopped from office to bigger office since its birth at Zuk’s Palo Alto house in 2005. This year, the company moved into a giant headquarters in Santa Clara.

A year ago, Palo Alto Networks had 1,000 customers; today it has 4,500, including Qualcomm, the city of Seattle, and eBay. Sales will exceed $200 million this year, according to Zuk, who adds that the company is gearing up for an initial public offering.

Zuk says Palo Alto Networks owes much of its success to modern computing habits, which require more sophistication than what’s provided by traditional security products. Older firewalls are designed to monitor one-way traffic. E-mails and data from websites pour in, and the security products look for suspicious patterns. Yet threats can snake their way through a network in various ways: A worker might go to Facebook, click on a nefarious link, and download a virus. Soon enough, he’s using software from enterprise cloud computing company Salesforce.com to upload those infected sales data files and send them to colleagues.

“Most security groups used to focus on blocking apps like Skype or GoToMyPC but now are often required to allow them to be used,” says John Pescatore, an analyst at the research firm Gartner. “That’s why firewalls needed to evolve.”

Palo Alto Networks gives each Web service its own signature. This means that Palo Alto’s systems know when employees are using Skype or Salesforce.com, and have a general idea of what they’re doing there. Customers can set policies for how an application is used so that, for example, all employees can view Google Docs files, but only some can actually create them.

Keeping track of all the traffic flowing through a corporate network requires a lot of computing horsepower, and part of Palo Alto Networks’ secret sauce is a homegrown chip that chews through data quickly. A Palo Alto Networks system can even peer into encrypted traffic: It’s fast enough to decrypt packets of information, check whether they’re safe, and then pass them on to the employee who requested them, all without much lag.

Norm Fjeldheim, the chief information officer at chipmaker Qualcomm, says the Palo Alto Networks systems he bought replaced not just firewalls but also things such as intrusion detection hardware and other types of security systems. “They are doing the work that was done by multiple things in the past,” Fjeldheim said. “They watch over everything.”

To date, Palo Alto Networks has raised a total of $65 million. In August, Palo Alto Networks lured Mark McLaughlin from his role as CEO of VeriSign to run the young company and prepare it for an IPO.

Venture capital firm Sequoia Capital is one investor.

Said partner Jim Goetz: “I don’t think we’ve ever seen an enterprise technology company grow as quickly.”

Source:http://www.sfgate.com/cgi-bin/article.cgi?f=/c/a/2011/10/22/BULH1LKCDV.DTL

Comments Off »

Posted in Hardware News

Tags:

How to Build Your Own Network-Attached Storage System

October 17th, 2011
Share

With cheap storage readily available, the temptation to build vast libraries of music, movies, photos, and documents is ever present. But when each PC in your home is packed to its aluminum gills with gigabytes upon gigabytes of digital goods, managing all of that data can be a hassle.

Network-attached storage can make wrangling data much easier. Imagine a single machine on your network slinging files to every PC in your home, managing backups, and safeguarding all of your important memories or sensitive data.

Plenty of network-attached storage appliances on the market are ready and able to tackle your storage needs, but buying one can be an expensive option–particularly if you have only a few files that you want to share with a few machines. Things get even more problematic for those users who have terabytes upon terabytes of data: You can expect to pay dearly for a NAS that’s equipped to handle your digital hoard.

Fortunately, building your own NAS is simple. And doing so offers a lot of advantages over forking over your hard-earned cash–build your own, and you can dictate its size, feature set, and storage capacity, and change things on a whim.
Choosing the Software

A wide variety of operating-system options are available for setting up your own NAS. Many popular Linux distributions offer a server-oriented variant, with instructions on getting your file server up and running. But we’re going to keep things simple and go with FreeNAS.

FreeNAS is a popular choice, as it’s fairly easy to configure once all of the hardware is in place. You can download the latest version from the FreeNAS website. Burn the .iso file you download onto a CD or DVD; in Windows 7, just right-click the file and select Burn disc image. For other versions of Windows, you can use the free ImgBurn utility.
Choosing the Hardware

Now that you have a copy of FreeNAS, let’s talk hardware. FreeNAS will run on just about anything, so an old PC you’re not using anymore will work just fine. For optimal performance, you’ll want to have at least 4GB of RAM.

For my FreeNAS build, I pulled a few spare parts together. My NAS centers on a Gigabyte E350N motherboard, equipped with an AMD E-350 processor. I picked this motherboard because it’s small, it draws little power, and it can fit into small spaces, yet it offers four SATA ports for my hard drives. When choosing a system (or building your own), make sure that the motherboard has room to support all of the drives you want to use for storage.

I collected three spare 1TB drives for storage, plus a spare DVD drive to handle the installation. When FreeNAS is installed, it takes over the entire drive you install it on. To keep all of the storage drives available, I also grabbed a 2GB USB key, to host the the operating system.
The Setup: Installing FreeNAS

With the hardware selected and the FreeNAS CD at the ready, it’s time to get started.

Insert the DVD and USB key into the computer you’re setting up as your NAS. Before you start the machine up, be sure that the ethernet cable is plugged into the motherboard. You’ll also want to have another computer that’s connected to your network up and running, as you’ll be using it to connect to and configure the NAS.

Start up the PC and enter the BIOS. The steps to getting into the BIOS will vary depending on your motherboard, but the general rule of thumb is to mash the F2, F7, F8, or Delete key while the PC is booting up–watch the monitor after you’ve pressed the power button, and the instructions will scroll past during the normal startup sequence.

Once you’re in the BIOS, set the machine to boot from the optical drive. The steps will once again vary based on your motherboard model, but you should see a section that lists a Boot Priority order. Once you’ve set that, press F10 to save and exit; the machine will restart, query your optical drive, and then start loading FreeNAS from your CD.

You’ll know that FreeNAS is running when you see a plain blue screen with a list of options. You want to install FreeNAS onto your USB key, so select the very first option. FreeNAS will list arcane drive model numbers, so looking for the capacity of the USB key (in this case, 2GB) should be the easiest approach. Follow the prompts; FreeNAS will warn you that it will delete everything off of the USB key. Click through that message, and then go get a cup of tea while the progress indicator rolls over to 100 percent complete.

Once it’s done, you’ll see a prompt to eject the CD and reboot the machine. When your computer restarts, it should boot FreeNAS from the USB key–if it doesn’t, head back into the BIOS, set the motherboard to boot to the USB key, and restart again.

As FreeNAS is starting up, it will present lots of arcane lines of code, followed by a numbered list and a Web address to connect to. This is normal. That URL is the network address of your new file server. Type that address into a browser on a computer in your home that’s connected to the same network as the NAS, and you’ll reach the FreeNAS configuration screen.

FreeNAS will prompt you for a username and password. The default user name is “admin,” and the default password is “freenas.” You can change the default to whatever you’d like in the FreeNAS options.

The Setup: Building Volumes

[Click to enlarge] How to Build Your Own Network-Attached Storage SystemOnce you’re logged in, the first thing you’ll want to do is create the file system. Click Storage at the top of the menu bar, and then select Create volume. In the window that pops up, select all the drives you want to include, and give the volume a name.

You’ll have two options to choose from: UFS (Unix File System) and ZFS. We’re going with ZFS, as it offers support for numerous features designed for file servers, such as RAID support, snapshots, and file compression.

Depending on the number of drives in your machine, you’ll see a few new options. With three drives, I get a choice between mirror, stripe, and RAID-Z. Mirror duplicates data from one disc across the others, as RAID 1 would. Stripe splits files among the discs in the array, as RAID 0 would. RAID-Z is essentially a software implementation of RAID 5.

So what does all of that mean? With my three 1TB drives, selecting the mirror type gives me 1TB of total storage capacity, but preserves my data across all drives; if one drive fails, I can replace it and keep moving. Stripe gives me 3TB and a very fast response time; lose one drive, though, and all of that data is gone. RAID-Z is a sort of amalgam of the two: It gives me 2TB of space, and if one of the three drives fails, my data can be rebuilt from the remaining pair while I find a replacement.

Because I like to live on the edge, I’m going with the striped option. It isn’t the safest alternative, but I’ll squeeze out every bit of space, and I can always implement a safer, redundant backup solution later on.

Whatever you choose, be aware that any data on the discs will be wiped. Click Add volume, and moments later your file server is almost ready to go.
Sharing Your Files

You have your storage volume in place, so now you can fill it with photos of pets, as well as your legally acquired media.

FreeNAS makes it easy to share files with Linux, Apple, and Windows computers. You can create as many shared folders as you’d like–say, a Windows/Unix/Apple share for your movies and music collection, and an Apple-specific share for your Time Machine backups.

The first step is to enable the CIFS (Common Internet File System) service. Click Services on the left, and then click the button for CIFS. Click the wrench next to the CIFS line to set your workgroup, assign other network and user permissions, or just give your NAS a readily identifiable name. You’ll be typing this name in to access your file server from Windows machines.

On the navigation bar at the left, click the tab conveniently labeled Sharing. I’ll set up a Windows share as an example here, but the instructions for Linux and Apple are fairly similar.

Click Add Windows Share, and give it a name in the window that pops up. Click the drop-down menu next to ‘Path’ to assign your NAS to an address that Windows will be able to find. Select Browsable to Network Clients, as this feature will let you use the Windows Explorer menus to access your NAS as you would any other folder on your PC.

The other options I’ve selected aren’t especially secure. I want this NAS to be readily accessible to everyone, though, and I have a reasonable level of trust in my coworkers.

And we’re done! Just click Start on a Windows machine connected to your network, and in the Run text box. Windows will connect to the NAS, and you can start dropping files in. Feel free to tuck the NAS out of the way. Mine isn’t even connected to a display, as everything we need to do can be handled in a browser on any machine on the network.

Source:http://www.pcworld.com/article/241978/how_to_build_your_own_networkattached_storage_system.html

Comments Off »

Posted in Hardware News

Tags:

Microsoft terminates scammer partnership

September 23rd, 2011
Share

Microsoft has terminated its relationship with one of the members of its partner network after allegations that the party in question was using Microsoft’s name to scare users to hand over credit card details and gain access to their computers.

Graham Cluley wrote on Sophos’ Naked Security blog that India-based Comantra cold-called users in the UK, Australia and Canada under the guise of being a Microsoft representative, claiming that a customer’s computer was infected by viruses. The company did have Gold status as a member of the Microsoft Partner Network, but the status does not convey any ability to act on Microsoft’s behalf.

Cluley explained that the callers would talk users into opening the Event Viewer in Windows, where routine warnings and error messages could be used as “evidence” of an infection. Callers would then convince victims to hand over their credit card details and enable the caller to remotely log in so they could “fix” the problem.

Microsoft said that after an investigation, it had confirmed the allegations, revoked Comantra’s Gold status and terminated its relationship with the company.

“There are no circumstances under which we would ever allow partners or any other organisations to pose as Microsoft. We view matters such as these extremely seriously and take immediate action if such behaviour is brought to our attention and found to be the case,” the company said in a statement.

The scam is a fairly old trick, with many Australians previously stung by fake calls.

Source:http://www.zdnet.com.au/microsoft-terminates-scammer-partnership-339322886.htm

Comments Off »

Posted in Hardware News

Tags:

Researchers blame middlebox hardware on slow mobile network connections

September 20th, 2011
Share

University of Michigan computer science researchers and experts from Microsoft Research say they have discovered mobile network hardware that could be slowing down network connections and potentially exposing customers to security problems.

According to the researchers’ recent report, “An Untold Story of Middleboxes in Cellular Networks,” middleboxes that perform functions such as deep packet inspection, firewalling and intrusion detection caused a 50-percent degradation in performance on one of the four major U.S. operator networks.

They also discovered that some of the network management policies resulted in subscribers’ phones draining faster than typical use, and the researchers found security holes in some international operator networks.
The researchers are putting the blame on the middlebox hardware in the network because it buffers traffic, inspects the packets and reassembles them.
“The behavior and effects of middleboxes in wireless networks is not well understood,” Zhuoqing Morley Mao, professor of computer science at the University of Michigan, told Cnet. “There can be unexpected interaction between devices in the network.”
The researchers tested the network by finding nearly 400 volunteers to download a free app called NetPiculet on their Android smartphones. The app then conducted a number of tests that were anonymously transmitted back to the engineers.

Source:http://www.fiercebroadbandwireless.com/story/researchers-blame-middlebox-hardware-slow-mobile-network-connections/2011-09-19

Comments Off »

Posted in Hardware News

Tags:

Hackers attack another Sony network, post data

June 3rd, 2011
Share

Hackers broke into Sony Corp’s computer networks and accessed the information of more than 1 million customers to show the vulnerability of the electronic giant’s systems in the latest of several security breaches undermining confidence in the company.

LulzSec, a group that claims attacks on U.S. PBS television and Fox.com, said it broke into servers that run Sony Pictures Entertainment websites. It published the names, birth dates, addresses, emails, phone numbers and passwords of thousands of people who had entered contests promoted by Sony.

“From a single injection, we accessed EVERYTHING,” the hacking group said in a statement. “Why do you put such faith in a company that allows itself to become open to these simple attacks?”

The security breach is the latest attack against high-profile firms, including defense contractor Lockheed Martin and Google Inc .

LulzSec’s claims came as Sony executives were trying to reassure U.S. lawmakers at a hearing on data security in Washington about their efforts to safeguard the company’s computer networks, which suffered the biggest security breach in history in April.

Sony has been under fire since hackers accessed personal information on 77 million PlayStation Network and Qriocity accounts, 90 percent of which are users in North America or Europe.

Sony said at the time that credit card information may have been stolen, sparking lawsuits and casting a shadow over its plans to combine content and hardware products via online services. Nobody has claimed responsibility for the April attack.

Sony said it was investigating the breach claimed by LulzSec and declined to elaborate. Sony shares in Tokyo fell 0.3 percent on Friday, in line with the broader market.

Reuters confirmed the authenticity of the data on several contestants that LulzSec said it had published.

CYBER SECURITY

Cyber security is quickly rising up the agenda for global policymakers.

The Australian government said on Friday it will develop a cyber defence strategy and the United States said in a report in May that hostile acts in cyberspace would be treated just like any other threat to the country. [ID:nL3E7H300H][ID:nN3135624]

The hacking attack on Lockheed may have compromised the safety of SecureID tokens made by EMC Corp , while that on Google targeted, among others, senior U.S. government officials’ data. [ID:nN02261322][ID:nN02290419]

“These allegations are very serious,” U.S. Secretary of States Hillary Clinton said of the Google attack, which the Internet giant said appeared to originate in China.

In the latest attack on Sony, the U.S. Federal Trade Commission could choose to review the circumstances leading up to the breach if Sony Pictures Entertainment failed to use proper procedures for protecting the data of its customers.

John Bumgarner, chief technology officer for the U.S. Cyber Consequences Unit, a nonprofit group that monitors Web threats, said he was not surprised that Sony’s systems had again been breached.

“The system was unsecure,” said Bumgarner, who last month warned of a string of security vulnerabilities across Sony’s networks that he had identified.

He said he found vulnerabilities in the Sony Pictures Entertainment network as recently as last weekend.

The first hacking attacks in April prompted Sony to shut down its PlayStation Network and other services for close to a month.

Representatives criticized Sony in the Congressional hearing for waiting several days to notify customers of the breach.

LulzSec has claimed responsibility for several hacks over the past month. It said it defaced the U.S. PBS television network’s websites, and posted data stolen from its servers on Monday to protest a “Front Line” documentary about WikiLeaks.

It has also broken into a Fox.com website and published data about contestants for the upcoming Fox TV talent show, “X Factor.”

LulzSec also said on Thursday it had hacked into Sony BMG Music Entertainment Netherlands and Belgium. It previously disclosed an attack on Sony Music Japan. (Additional reporting by Diane Bartz in Washington, Mayumi Negishi in Tokyo; Editing by Steve Orlofsky, Richard Chang and Muralikumar Anantharaman)

Source:http://www.reuters.com/article/2011/06/03/sony-idUSN028845820110603

Comments Off »

Posted in Hardware News

Tags:

Get Adobe Flash playerPlugin by wpburn.com wordpress themes