The Simple Phishing Toolkit includes a site scraper that can clone any Web page — such as a corporate Intranet or Webmail login page — with a single click, and ships with an easy-to-use phishing lure creator.
Read it all at: Phishing Your Employees 101 — Krebs on SecurityCategory Archives: Security
Ssshhhh. Security by obscurity is not practiced here. So don't disturb us, we're being vigilant.
Phishing Your Employees 101
The Simple Phishing Toolkit includes a site scraper that can clone any Web page — such as a corporate Intranet or Webmail login page — with a single click, and ships with an easy-to-use phishing lure creator.
Read it all at: Phishing Your Employees 101 — Krebs on SecuritySSL Breaches & Duqu; What is DCinema Interesting
This is not something to panic about. This is just a topic to learn about. We typically attach our common work machines to the same network as the machines that control projectors and ticket systems. The lesson of StuxNet is that a breach of one is a breach of all. The lesson of the US Department of Defense is that employees must learn the basics of how systems can be infected and how to stop those infections. A simple USB stick allowed an infection that later allowed people to download secure documents from other countries through the US defence department systems.
Now Duqu, which appears to be targetting machine control systems in much more clever ways than Stuxnet and capable of many future variations. Let’s not forget that Digital Cinema Systems are machine control systems. The nature of the infection is to wildly scatter then wait for the new slaves to start chattering back where someone then checks to see what kind of fish has been caught. Then they put a list up on the ‘black hat’ web sites announcing Systems With Access Holes and trade your life for a few hundred dollars.
Here are some of the more recent articles. Make certain that there is someone in your organization who learns to stay on top of these things. Don’t pass it off to an outside group without also having employee training. This is a quality control issue. Put someone in charge.
Good News:
DuquDetector released to forensically detect pest – The H Security: News and Features
Not so good News
How much similar? Remotely Opening Prison Doors Schneier on Security
Cyber Intrusion Blamed for Hardware Failure at Water Utility — Krebs on Security
Stolen government certificate signed malware – The H Security: News and Features
Compromised certificates: Revocations alone are insufficient – The H Security: News and Features
Malware Signed With a Governmental Signing Key – F-Secure Weblog : News from the Lab
Old but relevent news:
Who Else Was Hit by the RSA Attackers?
DCinema Exhibitors and Distributors: Read the above paragraph again. Combine it with the news of a new Stuxnet type of malware bot being uncovered just last week that targets machine control systems. Then, rethink your security. Does your current system match what you would like to have?
Security experts have said that RSA wasn’t the only corporation victimized in the attack, and that dozens of other multinational companies were infiltrated using many of the same tools and Internet infrastructure. But so far, no one has been willing to talk publicly about which other companies may have been hit. Today’s post features a never-before-published list of those victim organizations. The information suggests that more than 760 other organizations had networks that were compromised with some of the same resources used to hit RSA. Almost 20 percent of the current Fortune 100 companies are on this list.
Since the RSA incident was disclosed, lawmakers in the U.S. Congress have taken a renewed interest in so-called “advanced persistent threat” or APT attacks. Some of the industry’s top security experts have been summoned to Capitol Hill to brief lawmakers and staff about the extent of the damage. The information below was shared with congressional staff.
Below is a list of companies whose networks were shown to have been phoning home to some of the same control infrastructure that was used in the attack on RSA. The first victims appear to have begun communicating with the attacker’s control networks as early as November 2010.
A few caveats are in order here. First, many of the network owners listed are Internet service providers, and are likely included because some of their subscribers were hit. Second, it is not clear how many systems in each of these companies or networks were compromised, for how long those intrusions persisted, or whether the attackers successfully stole sensitive information from all of the victims. Finally, some of these organizations (there are several antivirus firms mentioned below) may be represented because they intentionally compromised internal systems in an effort to reverse engineer malware used in these attacks.
Among the more interesting names on the list are Abbott Labs, the Alabama Supercomputer Network, Charles Schwabb & Co., Cisco Systems, eBay, the European Space Agency, Facebook, Freddie Mac, Google, the General Services Administration, the Inter-American Development Bank, IBM, Intel Corp., the Internal Revenue Service (IRS), the Massachusetts Institute of Technology, Motorola Inc., Northrop Grumman, Novell, Perot Systems, PriceWaterhouseCoopers LLP, Research in Motion (RIM) Ltd., Seagate Technology, Thomson Financial, Unisys Corp., USAA, Verisign, VMWare, Wachovia Corp., and Wells Fargo & Co.
At the end of the victim list is a pie chart that shows the geographic distribution of the command and control networks used to coordinate the attacks. The chart indicates that the overwhelming majority of the C&Cs are located in or around Beijing, China.
302-DIRECT-MEDIA-ASN
8e6 Technologies, Inc.
AAPT AAPT Limited
ABBOTT Abbot Labs
ABOVENET-CUSTOMER – Abovenet Communications, Inc
ACCNETWORKS – Advanced Computer Connections
ACEDATACENTERS-AS-1 – Ace Data Centers, Inc.
ACSEAST – ACS Inc.
ACS-INTERNET – Affiliated Computer Services
ACS-INTERNET – Armstrong Cable Services
ADELPHIA-AS – Road Runner HoldCo LLC
Administracion Nacional de Telecomunicaciones
AERO-NET – The Aerospace Corporation
AHP – WYETH-AYERST/AMERICAN HOME PRODUCTS
AIRLOGIC – Digital Magicians, Inc.
AIRTELBROADBAND-AS-AP Bharti Airtel Ltd., Telemedia Services
AIS-WEST – American Internet Services, LLC.
AKADO-STOLITSA-AS _AKADO-Stolitsa_ JSC
ALCANET Corporate ALCANET Access
ALCANET-DE-AS Alcanet International Deutschland GmbH
ALCATEL-NA – Alcanet International NA
ALCHEMYNET – Alchemy Communications, Inc.
Alestra, S. de R.L. de C.V.
ALLIANCE-GATEWAY-AS-AP Alliance Broadband Services Pvt. Ltd.,Alliance Gateway AS,Broadband Services Provider,Kolkata,India
ALMAZAYA Almazaya gateway L.L.C
AMAZON-AES – Amazon.com, Inc.
AMERITECH-AS – AT&T Services, Inc.
AMNET-AU-AP Amnet IT Services Pty Ltd
ANITEX-AS Anitex Autonomus System
AOL-ATDN – AOL Transit Data Network
API-DIGITAL – API Digital Communications Group, LLC
APOLLO-AS LATTELEKOM-APOLLO
APOLLO-GROUP-INC – University of Phoenix
APT-AP AS
ARLINGTONVA – Arlington County Government
ARMENTEL Armenia Telephone Company
AS INFONET
AS3215 France Telecom – Orange
AS3602-RTI – Rogers Cable Communications Inc.
AS4196 – Wells Fargo & Company
AS702 Verizon Business EMEA – Commercial IP service provider in Europe
ASATTCA AT&T Global Network Services – AP
ASC-NET – Alabama Supercomputer Network
ASDANIS DANIS SRL
ASGARR GARR Italian academic and research network
ASIAINFO-AS-AP ASIA INFONET Co.,Ltd./ TRUE INTERNET Co.,Ltd.
ASIANDEVBANK – Asian Development Bank
ASN852 – Telus Advanced Communications
AS-NLAYER – nLayer Communications, Inc.
ASTOUND-CABLE – Wave Broadband, LLC
AT&T Global Network Services – EMEA
AT&T US
ATMAN ATMAN Autonomous System
ATOMNET ATOM SA
ATOS-AS ATOS Origin Infogerance Autonomous System
ATT-INTERNET4 – AT&T Services, Inc.
AUGERE-AS-AP Augere Wireless Broadband Bangladesh Limited
AVAYA AVAYA
AVENUE-AS Physical person-businessman Kuprienko Victor Victorovich
AXAUTSYS ARAX I.S.P.
BACOM – Bell Canada
BAHNHOF Bahnhof AB
BALTKOM-AS SIA _Baltkom TV SIA_
BANGLALINK-AS an Orascom Telecom Company, providing GSM service in Bangladesh
BANGLALION-WIMAX-BD Silver Tower (16 & 18th Floor)
BANKINFORM-AS Ukraine
BASEFARM-ASN Basefarm AS. Oslo – Norway
BBIL-AP BHARTI Airtel Ltd.
BBN Bredbaand Nord I/S
BC-CLOUD-SERVICES
BEAMTELE-AS-AP Beam Telecom Pvt Ltd
BEE-AS JSC _VimpelCom_
BELINFONET Belinfonet Autonomus System, Minsk, Belarus
BELLSOUTH-NET-BLK – BellSouth.net Inc.
BELPAK-AS BELPAK
BELWUE Landeshochschulnetz Baden-Wuerttemberg (BelWue)
BENCHMARK-ELECTRONICS – Benchmark Electronics Inc.
BEND-BROADBAND – Bend Cable Communications, LLC
BEZEQ-INTERNATIONAL-AS Bezeqint Internet Backbone
BIGNET-AS-ID Elka Prakarsa Utama, PT
BLUEWIN-AS Swisscom (Schweiz) AG
BM-AS-ID PT. Broadband Multimedia, Tbk
BN-AS Business network j.v.
BNSF-AS – Burlington Northern Sante Fe Railway Corp
BNT-NETWORK-ACCESS – Biz Net Technologies
BORNET Boras Energi Nat AB
BREEZE-NETWORK TOV TRK _Briz_
BSC-CORP – Boston Scientific Corporation
BSKYB-BROADBAND-AS BSkyB Broadband
BSNL-NIB National Internet Backbone
BT BT European Backbone
BT-ITALIA BT Italia S.p.A.
BTN-ASN – Beyond The Network America, Inc.
BTTB-AS-AP Telecom Operator & Internet Service Provider as well
BT-UK-AS BTnet UK Regional network
CABLECOM Cablecom GmbH
CABLE-NET-1 – Cablevision Systems Corp.
CABLEONE – CABLE ONE, INC.
CABLEVISION S.A.
CACHEFLOW-AS – Bluecoat Systems, Inc.
CANET-ASN-4 – Bell Aliant Regional Communications, Inc.
CANTV Servicios, Venezuela
CAPEQUILOG – CapEquiLog
CARAVAN CJSC Caravan-Telecom
CARRIER-NET – Carrier Net
CATCHCOM Ventelo
CCCH-3 – Comcast Cable Communications Holdings, Inc
CDAGOVN – Government Telecommunications and Informatics Services
CDS-AS Cifrovye Dispetcherskie Sistemy
CDT-AS CD-Telematika a.s.
CE-BGPAC – Covenant Eyes, Inc.
CELLCO-PART – Cellco Partnership DBA Verizon Wireless
CENSUSBUREAU – U. S. Bureau of the Census
CERNET-ASN-BLOCK – California Education and Research Federation Network
CERT – Computer Emergency Response Team (CERT) – Coordination Center
CGINET-01 – CGI Inc
CHARLES-SCHWAB – Charles Schwab & Co., Inc.
CHARTER-NET-HKY-NC – Charter Communications
CHINA169-BACKBONE CNCGROUP China169 Backbone
CHINA169-BJ CNCGROUP IP network China169 Beijing Province Network
CHINA169-GZ China Unicom IP network China169 Guangdong province
CHINANET-BACKBONE No.31,Jin-rong Street
CHINANET-IDC-BJ-AP IDC, China Telecommunications Corporation
CHINANET-SH-AP China Telecom (Group)
CIPHERKEY – Cipherkey Exchange Corp.
CISCO-EU-109 Cisco Systems Global ASN – ARIN Assigned
CITEC-AU-AP QLD Government Business (IT)
CITelecom-AS
CITYNET – CityNet
CLARANET-AS ClaraNET
CLIX-NZ TelstraClear Ltd
CMCS – Comcast Cable Communications, Inc.
CMNET-BEIJING-AP China Mobile Communicaitons Corporation
CMNET-GD Guangdong Mobile Communication Co.Ltd.
CMNET-V4SHANDONG-AS-AP Shandong Mobile Communication Company Limited
CNCGROUP-GZ CNCGROUP IP network of GuangZhou region MAN network
CNCGROUP-SH China Unicom Shanghai network
CNIX-AP China Networks Inter-Exchange
CNNIC-DSNET-AP Shanghai Data Solution Co., Ltd.
CNNIC-WASU-AP WASU TV & Communication Holding Co.,Ltd.
CO-2COM-AS 2COM Co ltd.
COGECOWAVE – Cogeco Cable
COGENT Cogent/PSI
COLO4 – Colo4Dallas LP
COLOMBIA TELECOMUNICACIONES S.A. ESP
COLT COLT Technology Services Group Limited
COLUMBUS-NETWORKS – Columbus Networks USA, Inc.
COMCAST-33490 – Comcast Cable Communications, Inc.
COMCAST-33491 – Comcast Cable Communications, Inc.
COMCAST-36732 – Comcast Cable Communications, Inc.
COMCAST-7015 – Comcast Cable Communications Holdings, Inc
COMCAST-7725 – Comcast Cable Communications Holdings, Inc
COMCAST-HOUSTON – Comcast – Houston
COMHEM-SWEDEN Com Hem Sweden
COMNET-TH KSC Commercial Internet Co. Ltd.
Completel Autonomous System in France
COMSAT COLOMBIA
COMSTAR COMSTAR-Direct global network
CORBINA-AS Corbina Telecom
COVAD – Covad Communications Co.
CPMBLUE-AS-BD CPM BLUE ONLINE LTD.Transit AS Internet Service Provider, Dhaka
CRRSTV – CRRS-TV
CSC Computer Management and CSC Denmark
CSC-IGN-AUNZ-AP Computer Sciences Corporation
CSC-IGN-EMEA – Computer Sciences Corporation
CSC-IGN-FTW – Computer Sciences Corporation
CSLOXINFO-AS-AP CS LOXINFO PUBLIC COMPANY LIMITED
CSP-AS CSP
CSUNET-NW – California State University Network
CSXT-AS-1 – CSX Technology
CTIHK-AS-AP City Telecom (H.K.) Ltd.
CTS-MD I.S. Centrul de Telecomunicatii Speciale
CXA-ALL-CCI-22773-RDC – Cox Communications Inc.
CYBERVERSE – Cyberverse, Inc.
CYPRESS-SEMICONDUCTOR – Cypress Semiconductor
CYTA-NETWORK Cyprus Telecommunications Authority
DARLICS-AS Darlics ltd. provides IP transport and Internet
DATAGRUPA SIA _Datagrupa.lv_ Marijas 7 – 412a Riga, LV-1050, LATVIA
DCI-AS DCI Autonomous System
DECHO – Decho Corporation
DFINET DFi Service SA
DHL-AS DHL Systems Inc.
DHSINETNOC – DEPARTMENT OF HOMELAND SECURITY
DIGCOMM Digital communications, LTD
DIGITAL-TELEPORT – Digital Teleport Inc.
DIL-AP DIRECT INTERNET LTD.
DIN-AS TOMSKTELECOM AS
DINAS-AS PE Kuznetsova Viktoria Viktorovna
DINET-AS Digital Network JSC
Diveo do Brasil Telecomunicacoes Ltda
DK-ESS-AS Syd Energi Bredbaand A/S
DMSLABNET – DoD Network Information Center
DNC-AS IM Data Network Communication SRL
DNEO-OSP7 – Comcast Cable Communications, Inc.
DNIC-ASBLK-00721-00726 – DoD Network Information Center
DNIC-ASBLK-27032-27159 – DoD Network Information Center
DOGAN-ONLINE Dogan Iletisim Elektronik Servis Hizmetleri
DOMAINFACTORY domainfactory GmbH
DOMAINTOOLS – DomainTools, LLC
DONTELE-AS Telenet LLC
DOPC-AS
DOPC-AS-NGN
DOPC-AS-US
DREAMHOST-AS – New Dream Network, LLC
DREAMX-AS DREAMLINE CO.
DRWEB-AS Doctor Web Ltd
DSE-VIC-GOV-AS Department of Sustainability & Environment,
DSIJSC-AS DSI Autonomous system
DSLEXTREME – DSL Extreme
DTAG Deutsche Telekom AG
DWL-AS-IN Dishnet Wireless Limited. Broadband Wireless
DYNDNS – Dynamic Network Services, Inc.
EASYDNS EasyDNS Technologies, Inc.
EASYNET Easynet Global Services
EBAY – eBay, Inc
ECI-TELECOM-LTD ECI Telecom-Ltd.
EDGECAST – EdgeCast Networks, Inc.
EIRCOM Eircom
ELISA-AS Elisa Oyj
EMBARQ-WNPK – Embarq Corporation
EMBIT-AS BURTILA & Co. ELECTRON M.BIT SRL
EMC-AS12257 – EMC Corporation
EMCATEL
EMIRATES-INTERNET Emirates Internet
EMOBILE eMobile Ltd.
ENTEL CHILE S.A.
EPM Telecomunicaciones S.A. E.S.P.
EQUANT-ASIA Equant AS for Asian Region covering Japan
EQUINIX-EDMA-ASH-ASN – Equinix, Inc.
ERICSSON-APAC-MY-AS Ericsson Global Services. BUGS N&V APAC
ERX-SINGNET SingNet
ESRI – Environmental Systems Research Institute
ESS-PR-WEBMASTERS – ESS/PR WebMasters
EthioNet-AS
ETISALAT-MISR
ETPI-IDS-AS-AP Eastern Telecoms Phils., Inc.
ETSI Autonomous System
EURONET Online Breedband B.V. Global AS
European Space Agency
EUSKALTEL Euskaltel S.A.
EXCELL-AS Excellmedia
EXIM – Export Import Bank of the U.S
FACEBOOK – Facebook, Inc.
FANNIEMAE – Fannie Mae
FasoNet-AS
FASTMETRICS – Fastmetrics, LLC
FAST-TELCO Fast Telecommunications Company W.L.L.
FASTWEB Fastweb SpA
FAWRI-AS
FDA – Parklawn Computer Center / DIMES HQ
FIBREONE-AS fibre one networks GmbH, Duesseldorf
FITC-AS – FITC – FedEx International Transmission Corporation
FMAC-I-BILLING – Freddie Mac
FMI-NET-AS – Freeport-McMoran Inc.
FORATEC-AS Foratec Communication AS at Sverdlovsk, Tyumen, Perm regions
FORTINET-CANADA – Fortinet Inc.
FPT-AS-AP The Corporation for Financing & Promoting Technology
FRONTIER-AND-CITIZENS – Frontier Communications of America, Inc.
FRONTIER-FRTR – Frontier Communications of America, Inc.
FR-RENATER Reseau National de telecommunications pour la Technologie
FULLRATE Fullrate A/S
FX-PRIMARY-AS FX Networks Limited
GBLX Global Crossing Ltd.
GET-NO GET Norway
GHANATEL-AS
GIGAINFRA Softbank BB Corp.
GLOBAL-SPLK – Sprint International
GLOBE-TELECOM-AS Globe Telecoms
GOLDENLINES-ASN 012 Smile Communications Main Autonomous System
GOLDENTELECOM-UKRAINE Golden Telecom
GOOGLE – Google Inc.
GRAMEENPHONE-AS-AP GrameenPhone Ltd.
GSA-GOV – General Services Administration
GT-BELL – Bell Canada
Gtd Internet S.A.
GYRON ====
H3G-AS H3G S.p.A.
H3GUKNIE Hutchison 3G UK and Ireland Core AS
HANARO-AS Hanaro Telecom Inc.
HATHWAY-NET-AP Hathway IP Over Cable Internet
HETZNER-AS Hetzner Online AG RZ
HHES – HAMILTON HYDRO ELECTRIC SYSTEM
HINET Data Communication Business Group
HKNET-AP HKNet Co. Ltd
HKTIMS-AP PCCW Limited
HNS-DIRECPC – Hughes Network Systems
HOPONE-GLOBAL – HopOne Internet Corporation
HOSTEUROPE-AS AS of Hosteurope Germany / Cologne
HP-INTERNET-AS Hewlett-Packard Company
HTCL-IAS-HK-AP Hutchison Telephone Company Limited
HTIL-TTML-IN-AP Tata Teleservices Maharashtra Ltd
HURRICANE – Hurricane Electric, Inc.
HUTCHISON-AS-AP Hutchison Global Communications
HUTCHVAS-AS Vodafone Essar Ltd., Telecommunication – Value Added Services,
IADB-NETWORKS – The Inter-American Development Bank
IAM-AS
IBM E-business Hosting Delivery
IBMCCH-RTP – IBM
IBMCCH-SBY – IBM
IBMDES-AS – IBM Dallas Engineering & Scientific
IBSNAZ Telecom Italia S.p.a.
IBURST-GH
ICONNECT-BD Planners Tower
IDK-NETWORK CJSC Interdnestrcom AS
IEUNET BT Ireland Backbone
IFX-NW – IFX Communication Ventures, Inc.
IHNET – IHNetworks, LLC
IINET iiNet Limited
IJ-NET – Internet Junction Corp.
ILX-ASN – THOMSON FINANCIAL
IN2CABLE-AP AS Number of In2cable.com (India) Ltd.
INDONET-AS-AP INDO Internet, PT
INDOSATM2-ID INDOSATM2 ASN
INEA-AS INEA S.A.
INET-AS-ID PT. Inet Global Indo
INETCOMM-AS INET LTD
I-NETPARTNER-AS I-NetPartner GmbH ASN
INETTEHNO Inet Tehno
INFINEON-AS Infineon AG
INFINEON-SG 8 Kallang Sector
INFLOW19294 – Inflow Inc.
INFOSPHERE NTT PC Communications, Inc.
INFOSTRADA Infostrada S.p.A.
INIT7 Init7 Global Backbone
INS-AS – AT&T Data Communications Services
Instituto Costarricense de Electricidad y Telecom.
Instituto Tecnol??gico y de Estudios Superiores de Monterrey
INTEGRATELECOM – Integra Telecom, Inc.
INTELSAT Intelsat Global BGP Routing Policy
INTEL-SC-AS – Intel Corporation
INTERNAP-2BLK – Internap Network Services Corporation
INTERNAP-BLK – Internap Network Services Corporation
INTERNAP-BLK – Internap Network Services Corporation
INTERNAP-BLK3 – Internap Network Services Corporation
INTERNAP-BLOCK-4 – Internap Network Services Corporation
INTERNETIA-AS Netia SA
INTERNET-PATH – Internet Path, Inc.
INTERNET-PRO-AS Internet-Pro Ltd
INTEROUTE Interoute Communications Ltd
INTERPHONE-AS Interphone Ltd.
INTERTELECOM Intertelecom
IPASAULE-AS _Interneta Pasaule_ SIA
IPG-AS-AP Philippine Long Distance Telephone Company
IPGOMA – THE INTERPUBLIC GROUP OF COMPANIES, INC.
IPNXng
IPO-EU IP-Only Telecommunication Networks AB
IQUEST-AS – IQuest Internet
IRONPORT-SYSTEMS-INC – Cisco Systems Ironport Division
IRS – Internal Revenue Service
IS
ISC-AS1280 Internet Systems Consortium, Inc.
ISKON ISKON INTERNET d.d. za informatiku i telekomunikacije
ISKRATELECOM-AS ISKRATELECOM ZAO
ISP-KIM-NET Kalush Information Network LTD
ISSC-AS – ISSC
ISW – Internet Specialties West Inc.
ITNS ITNS. NET SRL
ITSCOM its communications Inc.
JAWWAL Jawwal will be multihoming with us AS15975 and AS12975
JAZZNET Jazz Telecom S.A.
Jordan Data Communications Company LLC
JUNIPER-NETWORKS – Juniper Networks, Inc.
KABELBW-ASN Kabel Baden-Wuerttemberg GmbH & Co. KG
KAISER-NCAL – Kaiser Foundation Health Plan
KAMOPOWER – KAMO Electric Cooperative, Inc.
KAZTELECOM-AS JSC Kazakhtelecom
KHERSON-TS Kherson Telecommunication Systems Ltd.
KIXS-AS-KR Korea Telecom
K-OPTICOM K-Opticom Corporation
KSNET KSNet
KSNET-AS Kyivstar GSM
KVH KVH Co.,Ltd
LANTELECOM-AS Lan-Telecom AS Number
LATISYS-ASHBURN – Latisys-Ashburn, LLC
LATNETSERVISS-AS LATNET ISP
LDCOMNET NEUF CEGETEL (formerly LDCOM NETWORKS)
LEASEWEB LEASEWEB AS
LEVEL3 Level 3 Communications
LGCNS-AS – LG CNS America Inc.
LGDACOM LG DACOM Corporation
LGH-AS-KR LGHitachi
LGNET-AS-KR LG CNS
LINKdotNET-AS
LINKLINE – LinkLINE Communications, Inc.
LINKNET-ID-AP Linknet ASN
LOQAL-AS Loqal AS
LUCENT-CIO – Lucent Technologies Inc.
LUGANET-AS ARTA Ltd
LVBALTICOM-AS _Balticom_ JSC
LVLT594-598 – Level 3 Communications, Inc.
LYSE-AS Altibox AS
MAGNUS-AS TOV _Magnus Limited_
MANGOTELESERVICE-AS-BD Only private Owned IIG in Bangladesh
MAP Moscow Network Access Point
MASERGY-US Masergy US Autonomous System
MASSCOM – Massillon Cable Communications
MAXIS-AS1-AP Binariang Berhad
MBL-AS-AP Micronet Broadband (Pvt) Ltd.
MCAFEE – McAfee, Inc.
MCAFEE-COM – McAfee, Inc.
MCC OJSC _Moscow Cellular Communications_,
MCI-ASN – MCI
MCT-SYDNEY Macquarie Telecom
MDITNET-AS ITNET (ITPAY SRL)
MEDIASERV-AS Mediaserv
Mega Cable, S.A. de C.V.
MEGAPATH2-US – MegaPath Networks Inc.
METROTEL REDES S.A.
MF-KAVKAZ-AS Caucasus Branch of OJSC MegaFon AS
MF-NWGSM-AS North-West Branch of OJSC MegaFon Network
MFNX MFN – Metromedia Fiber Network
MICRON21-AS-AU-AP Micron21 Melbourne Australia Datacentre. Co-Location Dedicated Servers Web Hosting
MICROSOFT-CORP-AS – Microsoft Corp
MICROSOFT-CORP—MSN-AS-BLOCK – Microsoft Corp
MISD-NET – Macomb Intermediate School District
MIT-GATEWAYS – Massachusetts Institute of Technology
MOLDCELL_AS Moldcell SA Autonomous System
MOLDDATA-AS Administrator of the top level domain .MD,
MOLDTELECOM-AS Moldtelecom Autonomous System
MORENET – University of Missouri – dba the Missouri Research and Education Network (MOREnet)
MOTOROLA – Motorola, Inc.
MOTOROLA-PHX – Motorola, Inc.
MP-ELEKTRONIKA-AS MP ELEKTRONIKA Autonomous System
MPX-AS Microplex PTY LTD
MTNL-AP Mahanagar Telephone Nigam Ltd.
MTS-INDIA-IN 334,Udyog Vihar
MTSNET OJSC _Mobile TeleSystems_ Autonomous System
N9E7X5E3N1I2N4C – Nexen Inc.
NAWALA-AS-ID Asosiasi Warung Internet Indonesia (AWARI)
NAWRAS-AS Omani Qatari Telecommunications Company SAOC
NBLNETWORKS-AS Nebula Oy Autonomous System
NC-FUNB-AS – WACHOVIA CORP
NCNET-AS National Cable Networks
NEOLINK CJSC _ER-Telecom Holding_ Izhevsk branch
NERIM Nerim SAS
NET-ACCESS-CORP – Net Access Corporation
NET-AIG – American International Group (AIG) Data Center, Inc.
NETCOM-AS NetCom as Autonomous system
NETELLIGENT – Netelligent Hosting Services Inc.
NEWCOM-AS NEWCOM mirror object from ARIN
NEWCOM-ASN New Com Telecomunicatii SA
NEWEDGENETS – New Edge Networks
NEWSKIES-NETWORKS SES WORLD SKIES ARIN AS, for routing RIPE space.
NEWTT-IP-AP Wharf T&T Ltd.
NEXTGENTEL NEXTGENTEL Autonomous System
NEXTTELL-VRN-AS LLC NextTell-Voronezh AS Number
NG-AS NextGen Communications SRL
NIANET-AS nianet is a Danish carrier and Internet Service Provider
NO_NAME
NOC – Network Operations Center Inc.
NOKIA Nokia Internet
NOKIA-AS NOKIANET APAC Data Centre network
NOKIANET_DALLAS NOKIANET Dallas office
Nominum Global NameServer network
NOMINUM-SKYE1 – SKYE
NORDLINKS-AS S.C. _NordLinks_ S.R.L.
NORMA-PLUS-AS TOV Norma Plus
NORTHROP-GRUMMAN – Northrop Grumman
NOVELL – Novell, Inc.
NTL Virgin Media Limited
NTT do Brasil Telecomunicaoes Ltda
NTT-COMMUNICATIONS-2914 – NTT America, Inc.
NUMERICABLE NUMERICABLE is a cable network operator in France, offering TV,VOICE and Internet services
NUVOX – NuVox Communications, Inc.
NV-ASN 013 NetVision Ltd.
NYFX-RTR – NYFIX, INC
O1COMM – O1 COMMUNICATIONS
OCN NTT Communications Corporation
OFIDEN – OppenheimerFunds, Inc.
OMD-FNO Orange Moldova Fix Network Autonomous System
OMNITURE ====
OPENDNS – OpenDNS, LLC
ORANGE-BUSINESS-SERVICES-SOUTHEUR Equant Inc.
ORANGE-BUSINESS-SERVICES-UK Orange Business Services (formerly Equant) AS for UK
OSIS-PACOM – Joint Intelligence Center Pacific
OVH OVH
P4NET P4 Sp. z o.o.
PACIFIC-INTERNET-INDIA-ASN Pacific Internet India Pvt. Ltd.
PACIFIC-INTERNET-IX Pacific Internet Ltd
PACNET Pacnet Global Ltd
PAH-INC – GoDaddy.com, Inc.
PAIR-NETWORKS – pair Networks
PALTEL-AS PALTEL Autonomous System
PARTNER-AS Partner Communications Ltd.
PBTL-BD-AS-AP Pacific Bangladesh Telecom Limited.
PDX – PORTLAND INTERNETWORKS
PEER1 – Peer 1 Network Inc.
Pegaso PCS, S.A. de C.V.
PERSNET Korea Telecom Freetel
PI-AU Pacific Internet (Australia) Pty Ltd
PI-HK Pacnet Internet (Hong Kong) Limited
PIXNET-AS – Providers Internet Exchange
PKTELECOM-AS-PK Pakistan Telecom Company Limited
PLUSSERVER-AS PlusServer AG, Germany
POLYCOM – Polycom, Inc.
POWEREDCOM KDDI CORPORATION
Prima S.A.
PRIMORYE-AS Open Joint Stock Company _Far East Telecommunications Company_
PRINCETON-AS – Princeton University
PROBENETWORKS-AS Probe Networks
PRONET_LV SIA _PRONETS_
PROXAD Free SAS
PS-NETPLEX-AS – Perot Systems
PT KPN Internet Solutions
PTK-CENTERTEL-DSL-AS PTK Centertel Sp. z o.o.
PTLP-CORE – People_s Tel Limited Partnership
PTPRIMENET PT PRIME – Solucoes Empresariais de Telecomunicacoes e Sistemas S.A.
PUBNET1-AS KT
PUSAN-AS-KR Pusan National University
PWC-AS – PriceWaterhouseCoopers, LLP
Q9-AS – Q9 Networks Inc.
Q9-AS-BRAM – Q9 Networks Inc.
QNETCZ QNET CZ s.r.o.
QSC-1 QSC AG
QUALCOMM – Qualcomm, Inc.
QUALCOMM-BLR-AS-AP Qualcomm Inc. Bangalore AS, Developer of CDMA Technology India
QWEST – Qwest Communications Company, LLC
RACKSPACE – Rackspace Hosting
RADIOGRAFICA COSTARRICENSE
RAPID-LINK-AS RAPID LINK SRL
RAYA-AS
RCN-AS – RCN Corporation
RDSNET RCS & RDS S.A.
Rede Nacional de Ensino e Pesquisa
REEDLAN-AS ISP REEDLAN
RELARN RELARN-MSK
RELIANCE-COMMUNICATIONS-IN Reliance Communications Ltd.DAKC MUMBAI
RELIANCEGLOBALCOM – Reliance Globalcom Services, Inc
RENAM RENAM Association
RIML-CORP-AS-3 – Research In Motion Limited
RIPE-NCC-AS RIPE Network Coordination Centre
RISC-SYSTEM – Rockwell Scientific Company
RMH-14 – Rackspace Hosting
RMIFL RM Education PLC – Internet for Learning
ROGERS-CABLE – Rogers Cable Communications Inc.
ROSTELECOM-AS JSC Rostelecom
ROSTOV-TELEGRAF-AS Rostovelectrosviaz_ of Public Joint Stock Company
RTCOMM-AS OJSC RTComm.RU
RTD ROMTELECOM S.A
RUSTAVI2ONLINEAS Caucasus Online LLC
RU-SURNET Uralsvyazinform, Chelyabinsk branch
RWT – RagingWire Telecommunications
SAFELINES The network of ISP Safelines,includes POPs in various cities
SAFENZ-TRANSIT-AS-NZ SafeNZ Networks LTD
SAITIS-NETWORK Saitis Network, N.Desir
SAMSUNGNETWORKS-AS-KR Samsung Networks Inc.
SAN-JUAN-CABLE – San Juan Cable, LLC
SASUSA SunGard Availability Services USA
SAVVIS – Savvis
SBIS-AS – AT&T Internet Services
SCARTEL-AS Scartel Ltd.
SCOTTS-AS – CITY OF SCOTTSBURG
SCRR-10796 – Road Runner HoldCo LLC
SCRR-11426 – Road Runner HoldCo LLC
SCRR-12271 – Road Runner HoldCo LLC
SCV-AS-AP SCV Broadband Access Provider
SDL-20-AS – Smithville Digital, LLC
SEAGATE-USA-MN-1 – Seagate Technology
SEEDNET Digital United Inc.
SELECTNET-AS – SelectNet Internet Services
SERBIA-BROADBAND-AS Serbia BroadBand-Srpske Kablovske mreze d.o.o.
SERVICENET-AP Internet service provision to Western
SGNET-AS-AP Singapore Government Network AS
SHAW – Shaw Communications Inc.
SIBNETWORKS-AS Siberian Networks
SIFY-AS-IN Sify Limited
SIGMANET-NIC LU MII AS
SIKA-AS Sika Informationssysteme AG
SITA SITA
sixtelecoms-as
SKTELECOM-NET-AS SK Telecom., Ltd.
SKYNET-SPB-AS SkyNet Ltd.
SKYVISION SkyVision Network Services
SLTINT-AS-AP Sri Lanka Telecom Internet
SOFTLAYER – SoftLayer Technologies Inc.
SOFTNET-AS-AP Software Technology Parks of India – Bangalore
SOLNET BSE Software GmbH
SONICDUO-AS AS for MegaFon-Moscow
SONOMA – Sonoma Interconnect
SONY-APAC-AP Sony – ASN for Asia Pacific
SOVAM-AS OJSC _Vimpelcom_
SPBMTS-AS Mobile TeleSystems, OJSC, MR North-West
SPCS – Sprint Personal Communications Systems
SPEAKEASY – Speakeasy, Inc.
SPECTRANET FIRST FIBRE BROADBAND NETWORK IN NEW DELHI, INDIA
Sprint US
SPRINTLINK – Sprint
SPRINTLINK-HOSTING – SPRINT, Business Serices Group
SS-NOC-AS – Straitshot Communications, Inc.
STARHUBINTERNET-AS StarHub Internet Exchange
STARNET-AS StarNet Moldova
STATEL-AS Stavropol branch of Southern Telecommunications Company
STEADFAST – Steadfast Networks
STOMI – State of Michigan, DMB-CNOC
STSN-SLC-UT-US – STSN GENERAL HOLDINGS, INC.
SUDDENLINK-COMMUNICATIONS – Suddenlink Communications
SUMTEL-AS-RIPE Summa Telecom
SUNCOMMUNICATIONS-AS JV _Sun Communications_ Autonomous System
SUNRISE Sunrise Communications AG
SUPERNET-PAKISTAN-AS-AP Supernet Limited Transit Autonomous System Number
SURFCONTROL-US-ASN Websense Hosted Security Network
SURFNET-NL SURFnet, The Netherlands
SWEETNET-AS Private entrepreneur Bliznichenko Vitalij Volodumirovich
SWISSCOM Swisscom (Switzerland) Ltd
SWITCH SWITCH, Swiss Education and Research Network
SWKO – SOUTHWEST KANSAS ONLINE
TACHYON-AS-ID PT Remala Abadi
TATA-AS TATA ISP
TATACOMM-AS TATA Communications formerly VSNL is Leading ISP
TATTELECOM-AS Tattelecom.ru/Tattelecom Autonomous System
TC Radio Systems Autonomous System
TCH – TCH Network Services
TDC TDC Data Networks
TDDE-ASN1 Telefonica o2 Germany Autonomous System
TDN Tikona Digital Networks Pvt Ltd.
TEAM-CYMRU – Team Cymru Inc.
TE-AS TE-AS
TELCOMNET TelCom Ltd.
TELCOM-UA-AS _Telecomunikatsiina Companiya_ Ltd
TELE2
Telecom Argentina S.A.
TELECOMMD-AS ICS Networks Solutions SRL
Telecomunicacoes da Bahia S.A.
TELEFONICA CHILE S.A.
Telefonica de Argentina
Telefonica Empresas SA
TELEFONICA-DATA-ESPANA Internet Access Network of TDE
TELEKOM-AS TELEKOM SRBIJA a.d.
TELENERGO EXATEL S.A. Autonomous System
TELENET-AS Autonomous System of Teleset-Servis Ltd.
TELENET-AS Telenet N.V.
TELENOR-NEXTEL Telenor Norge AS
TELESC – Telecomunicacoes de Santa Catarina SA
TELESWEET-AS Telesweet ISP Autonomous System
TELETECH – TeleTech Holdings, Inc
Television Internacional, S.A. de C.V.
TELEZUG WWZ Telekom AG
TELIANET-DENMARK TeliaNet Denmark
TELIANET-SWEDEN TeliaNet Sweden
TELKOMNET-AS2-AP PT Telekomunikasi Indonesia
TELKOMSEL-ASN-ID PT. Telekomunikasi Selular
TELLCOM-AS Tellcom Iletisim Hizmetleri
Telmex Chile Internet S.A.
Telmex Colombia S.A.
TELSTRA Telstra Pty Ltd
TEOLTAB TEO LT AB Autonomous System
TERREMARK Terremark
TFN-TW Taiwan Fixed Network, Telco and Network Service Provider.
TFO-BOSTON – THOMSON FINANCIAL
THEPLANET-AS – ThePlanet.com Internet Services, Inc.
T-HT T-Com Croatia Internet network
TINET-BACKBONE Tinet SpA
TISCALI-UK Tiscali UK
TISNL-BACKBONE Telfort B.V.
TKPSA-AS TKP S.A. is 3S.pl network operator.
TKT-AS JSC TKT
TMIB-BD-AS-AP TM International Bangladesh Ltd. ISP, Gulshan-1,Dhaka-1212
TMN-AS TMN Autonomous System
TMNET-AS-AP TM Net, Internet Service Provider
TM-NETSYS-ASH – TicketMaster
TOMLINE Tomsk telecommunication company Ltd
TOTNET-TH-AS-AP TOT Public Company Limited
TPG-INTERNET-AP TPG Internet Pty Ltd
TPNET Telekomunikacja Polska S.A.
TRANSTEL S.A.
TRAVELERS – Travelers Property Casualty Corp.
TRENDMICRO Global IDC and Backbone of Trend Micro Inc.
TRENDMICRO Trend Micro Inc.
TRUENORTHCOMM – True North Communications
TSF-IP-CORE TeliaSonera Finland IP Network
TSU-SM – Texas State University – San Marcos
TTCLDATA
TTNET Turk Telekomunikasyon Anonim Sirketi
TTSL-MEISISP Tata Teleservices ISP AS
TULIP Tulip Telecom Ltd.
TURKCELL-AS TURKCELL ILETISIM HIZMETLERI A.S.
TVCABO-AS TVCABO Autonomous System
TWTC – tw telecom holdings, inc.
UAEXPRESS EXPRESS Radio Network
UARNET-AS Ukrainian Academic and Research Network
UA-SEECH Seech-Infocom NCC
UA-SMART-AS Broadcasting company _Smart_ Ltd
UCOM UCOM Corp.
UCSB-NET-AS – University of California, Santa Barbara
UCSC – University of California, Santa Cruz
UDMVT-AS OJSC VolgaTelecom branch in Udmurtia Republic AS Number
UECOMM-AU Uecomm Ltd
UKRBIT-NET-AS SPD Bilopol Roman Leonidovich
UKRTELNET JSC UKRTELECOM,
ULTRADNS – Centergate Research, LLC.
UMANITOBA – University of Manitoba
UMC-AS UMC Autonomous System
UMICH-AS-5 – University of Michigan
UMN Ural-TransTeleCom Autonomous System
UNI2-AS France Telecom Espana SA
Uninet S.A. de C.V.
UNINETT UNINETT, The Norwegian University & Research Network
UNISYS-6072 For routing issues, email [email protected]
UNISYS-AP-UI-AS-AP Unisys AsiaPac Intranet Access to Internet
UNISYS-AS-E – Unisys Corporation
Universidad Nacional de Colombia
University de Los Andes
UNL-AS – University of Nebraska-Lincoln
UNSPECIFIED
UPC UPC Broadband
UPITT-AS – University of Pittsburgh
URAN URAN Autonomous system
USAA – USAA
USI Uralsviazinform
UUNET – MCI Communications Services, Inc. d/b/a Verizon Business
UUNET-INT – MCI Communications Services, Inc. d/b/a Verizon Business
VEGA-OD-UA DCS Ltd.
VERISIGN-CORP – VeriSign Infrastructure & Operations
VERSATEL AS for the Trans-European Tele2 IP Transport backbone
VIA-NET-WORKS-AS PSINet Europe / VIA NET.WORKS international AS
VIAPASS-FR VIAPASS SAS
VIDEOTRON – Videotron Telecom Ltee
VIETEL-AS-AP Vietel Corporation
VINAKOM – VINAKOM COMMUNICATIONS
VINS – ViaWest
VIRGINIA-AS – University of Virginia
VITSSEN-SUWON-AS-KR Tbroad Suwon Broadcating Corporati
VMWARENET-1 – VMWare, Inc.
VNET-AS VNET ISP Bratislava, Slovakia, SK
VNPT-AS-VN Vietnam Posts and Telecommunications (VNPT)
VODAFONE_ICELAND Backbone Autonomous System
VODAFONE-IT-ASN Vodafone N.V.
VODANET International IP-Backbone of Vodafone
VOLIA-AS Kyivski Telekomunikatsiyni Merezhi LLC
VOLKSWAGEN Volkswagen AG, Wolfsburg 1
VRIS-AS-BLOCK – Verizon Online LLC
VSI-AS VSI AS
VTX-NETWORK VTX Services SA
VZB-AU-AS Verizon Australia PTY Limited
VZGNI-TRANSIT – Verizon Online LLC
WATEEN-IMS-PK-AS-AP National WiMAX/IMS environment
WAYPORT – AT&T Wi-Fi Services
Webex Communications, Inc.
WEBSENSE Websense, Inc.
WELLSFARGO – Wells Fargo & Company
WESTHOST – WestHost, Inc.
WESTNET-AS-AP Westnet Internet Services
WESTPUB-A – West Publishing Corporation
WICAM-AS WiCAM ISP Cambodia Peering AS
WIDEXS ion-ip B.V.
WINDSTREAM – Windstream Communications Inc
WIRELESSNET-ID-AP WIRELESSNET AS
WITCOM- Wiesbadener Informations – und Telekommunikations GmbH
WN-AS Private enterprise Gorbunov A.A.
WORLDBANK-AS – WORLD BANK
WORLDCALL-AS-LHR Worldcall Broadband Limited
WORLDNET-AS World Net & Services Co., Ltd.
WOW-INTERNET – WideOpenWest Finance LLC
WXC-AS-NZ WorldxChange Communications LTD
WYOMING – wyoming.com
XO-AS15 – XO Communications
XS4ALL-NL XS4ALL
XTRA-AS Telecom XTRA, Auckland, NZ
YAHOO-BANGALORE-AS-AP Yahoo Bangalore Network Monitoring Center
YAHOO-US – Yahoo
ZIGGO Ziggo – tv, internet, telefoon
ZIPNETBD-DKB-AS-AP Zipnet Limited DKB AS number
The following chart maps the location of more than 300 command and control networks that were used in these attacks. 299 of them were located in China.
The geographic location of the more than 300 control networks used in the attacks.
Captcha Spec Knowledge
Google might help, but you might have to know it is SMPTE spec referring to AES. File under: Fun with Security
AES Suffers and Survives
Biclique Cryptanalysis of the Full AES
…
State of the art for attacks on AES. AES with its wide-trail strategy was designed to withstand differential and linear cryptanalyses [15], so pure versions of these techniques have limited applications in attacks. With respect to AES, probably the most powerful single- key recovery methods designed so far are impossible differential cryptanalysis [5, 33] and Square attacks [14,20]. The impossible differential cryptanalysis yielded the first attack on 7-round AES-128 with non-marginal data complexity. The Square attack and its variations such as integral attack and multiset attack resulted in the cryptanalysis of round-reduced AES variants with lowest computational complexity to date, while the first attack on 8-round AES-192 with non-marginal data complexity has appeared only recently [20].
The situation is different in weaker attack models, where the related-key cryptanalysis was applied to the full versions of AES-192 and AES-256 [9], and the rebound attack demon- strated a non-random property in 8-round AES-128 [25,30]. However, there is little evidence so far that carrying over these techniques to the most practical single-secret-key model is feasible.
…
http://research.microsoft.com/en-us/projects/cryptanalysis/aesbc.pdf
An FAQ on a previous (2009) attack: CryptoLUX > FAQ on the attacks
Autopsy of RSA Attack
From the Security Site at ITPRO
By Tom Brewster, 26 Aug 2011 at 15:36
F-Secure believes it has discovered the file and the email which helped crack EMC’s security arm RSA, in what became one of the most famous hacks in history earlier this year.
Timo Hirvonen, an F-Secure analyst, doggedly pursued the XLS file used to hack RSA even after others had given up the chase. Hirvonen created a tool to analyse samples for a Flash object, which was used to exploit the target’s system.
“The new tool located several relevant samples. However, one of them was not an Excel file. It was an Outlook message file (MSG),” an F-Secure blog read.
“When Timo opened it up, he knew he was onto something. The message file turned out to be the original email that was sent to RSA on 3 March, complete with the attachment 2011 Recruitment plan.xls. After five months, we finally had the file. And not only that, we had the original email.”
The email which was sent to a single EMC employee, with two others CC’d in, was made to look like it came from Beyond.com, a career network.
The subject line read “2011 Recruitment plan” and the body copy contained just one line: “I forward this file to you for review. Please open and view it.”
Once the file was opened the Flash object was executed by Excel, using a vulnerability to write code on the victim’s machine and then drop a Poison Ivy backdoor to the system. Excel is then closed automatically and the infection is done.
What we think…
It’s clear the email which duped EMC was pretty simple. Certainly it would be unadvisable to trust an email which contains just a single line.
This only emphasises the need for further education amongst workforces about spear phishing. It seems even workers at security firms aren’t getting the message, which would be laughable if the connotations of the RSA hack weren’t so serious.
Tom Brewster, Senior Staff Writer
“After this, Poison Ivy connects back to it’s server at good.mincesur.com. The domain mincesur.com has been used in similar espionage attacks over an extended period of time,” F-Secure said.
“Once the connection is made, the attacker has full remote access to the infected workstation. Even worse, it has full access to network drives that the user can access. Apparently the attackers were able to leverage this vector further until they gained access to the critical SecurID data they were looking for.”
As F-Secure noted, the attack itself did not appear to be hugely sophisticated, although as the vulnerability was a zero-day there was no way RSA could have protected itself by patching.
“Was this an advanced attack? The email wasn’t advanced. The backdoor they dropped wasn’t advanced. But the exploit was advanced,” F-Secure added.
“And the ultimate target of the attacker was advanced. If somebody hacks a security vendor just to gain access to their customers systems, we’d say the attack is advanced, even if some of the interim steps weren’t very complicated.”
The hackers who went after RSA wanted the company’s SecureID information so they could hit US Government contractors, including Lockheed Martin.
Following the Lockheed attacks, RSA offered token replacement for customers “with concentrated user bases typically focused on protecting intellectual property and corporate networks.”
TDL-4, The New Cool Botnet
Here is the story from IT Pro: Kaspersky warns of “indestructible” TDL-4 botnet.
Remote Access VPN Appliances Buyer’s Guide
To map your requirements to individual product capabilities and features, a VPN features guide can help. For example, see SP 800-113 Guide to SSL VPNs, published by the National Institute of Standards and Technology (NIST). Those seeking VPN appliances that also speak IPsec should also consult the older SP 800-77 Guide to IPsec VPNs. Below is a summary of the VPN features you’ll find covered in these guides.
- Authentication: VPN security is based upon authentication — preferably mutual. SSL VPNs usually support many user authentication methods, including password, smart card, two-factor token, and certificate. Many IPsec VPNs use IKEv2 to support any method conveyed by the Extensible Authentication Protocol (EAP). Choose an appliance that supports your required authentication method(s) and integrates with your user database (e.g., Active Directory). Less common features to look for include single sign-on and roaming without re-authentication.
- Encryption and integrity protection: Secure tunneling protocols like SSL, TLS, DTLS, and IPsec all use cryptography for message encryption, integrity, replay protection, and (sometimes) source authentication. The IPsec Encapsulating Security Protocol (ESP) is applied at Layer 3 to protect the entire IP packet; the others may be applied at Layer 3 or 4. Choose an appliance that satisfies your in-transit data protection policies, including cipher, certification, and interoperability requirements.
- Access controls: Early VPN appliances tunneled all traffic from user to gateway or only traffic destined for private subnets (i.e., split tunneling). With SSL VPNs came increased granularity, including access to specified applications, URLs, or even actions (e.g., file read but not write). This continues to be an area of innovation; look for new features such as policies that transparently adapt for each user, based upon endpoint risk, compliance, or location, and group/role-based access controls.
- Endpoint security controls: Varying access based on risk requires recognizing the endpoint, assessing its health, evaluating its compliance, or a combination thereof. For example, if access is attempted from a managed notebook, a “checker” may verify the endpoint has required OS patches and anti-malware. If access is attempted from a smartphone, these may not be possible — but the VPN can still look for an IT-installed “watermark.” This is another area of rapid innovation, both in OS breadth and depth of controls. For notebooks, consider advanced features such as data vaults. For mobile devices, look for server-side aids like fingerprinting.
- Intrusion prevention: Pre-connect checks are helpful, but may not be enough. To reduce risk, VPNs can grant narrow access to riskier endpoints — or apply ongoing intrusion prevention to stop malware from riding secure tunnels. This is another area of differentiation between VPN products, as vendors scramble to integrate security offerings and drill deeper — especially into port 80 traffic to enforce per-application policies and block malicious activity. Features here run the gamut from mobile security agents to reputation-based web defenses, but beware of a la carte feature licenses that inflate TCO.
- Manageability: This is an important characteristic for any product, but especially for remote access VPNs. Factors like purchase price, maintenance fees, installation effort, policy tuning, and routine maintenance all impact total cost of ownership (TCO), but enterprises with large workforces often cite managing users as their single-highest VPN cost.
- High availability and scalability: Enterprise-class remote access VPN products offer high-availability and scalability options, such as hot-synced active/active load balanced gateways. Look not only at scalability and survivability, but also at licensing. For example, those deploying remote access VPN for disaster planning may want “burstable” or pay-as-you-go licenses.
- Customization: Remote access VPNs often benefit from customization. This can range from organizing resource links on per-user/group portal pages to adding proxy VPN translations for proprietary applications. Especially for small mobile devices, look for aids like auto-display-adaptation and bookmarks to improve usability.
Product roll call
These are just some of the many features and capabilities found in contemporary remote access VPN appliances. Vendors in this market include Cisco Systems, Citrix Systems, Check Point, F5 Networks, Juniper Networks, and SonicWall (to name just a few).
To more fully illustrate this category, EnterpriseNetworkingPlanet will profile several remote access VPN lines, including SonicWall’s Aventail E-Class SRA appliances, Cisco’s ASA 5500 Series appliances, and Juniper’s MAG Series JunOS Pulse Gateways. Stay tuned …
Lisa Phifer owns Core Competence, a consulting firm focused on business use of emerging network and security technologies. With over 25 years in the network industry, Lisa has reviewed, deployed and tested network security products for nearly a decade.
More Military Systems Hacked
Notice – plural, networks of Lockheed Martin. – plural, networks of other US military contractors.
On Friday, Reuters news agency reported that unknown hackers have managed to break into the networks of arms manufacturer Lockheed Martin as well as those of other US military contractors. According to the report, the intruders exploited the information about cryptography specialist RSA’s SecurID products that was seized by hackers during an attack in March. It is currently unclear whether the intruders actually managed to obtain valuable information; however, the fact that all the systems attached to the network are likely to contain documentation relating to weapons systems which are currently in use, or are in development, doesn’t bode well.
When last reported, it was the Defense department itself, and through the Defense Department the hackers broke into military systems all over the world. See: Infected USB caused biggest US military breach ever
The article is short, so we recommend that you read it all. But the highlights are that this is a continuing escalation, using codes from the RSA recent attack.
The US Defense Department reportedly told Reuters on Saturday that it was working with Lockheed to determine the scope of the attack. Lockheedconfirmed, in a statement, that it had detected a “significant” attack on its network on 21 May and had reacted “almost immediately” to institute counter measures; it said that its “systems remain secure”. The company is currently investigating the attack but is already claiming that “no customer, program or employee personal data has been compromised”. It is still working to restore employee access to its network.
While military facilities and their suppliers were previously thought to be fully protected against cyber attacks, even their experts now concede that no protection is one hundred per cent safe. SecurID tokens which create one-time passwords (OTPs) every 60 seconds used to be quite an efficient protective mechanism. However, in addition to source code, the hackers who attacked RSA are also believed to have obtained the “seed” components. These seeds would enable hackers to generate valid OTPs for any system.
Therefore, security experts are now assuming that SecurID tokens provide less security, and that the system must be regarded as having been cracked. The only remaining protection is provided by the password that is also required. In its recommendations, RSA has therefore emphasised that users should be particularly wary of phishing attacks.
[Update] IPv6, Security, Future Near
The 27th Chaos Communication Congress – subtitled We Come In Peace had an excellent presentation on IPv6 by Marc Heuse, an expert in the field and creator of several tools to test IPv6 security.
IPv6 is the coming standard for intranets, the internet and most IT/IP interconnect equipment. It is quite different from the IPv4, which is currently in place in all of our network systems. The IPv4 protocols use the typical 4 octet system, e.g. 192.168.1.1 (taking 32 bits), while IPv6 uses 128 bit address of numbers and letters. The comparison is 232 v 3.4 x 1038 – the number is 340 undecillion unique addresses.
Other advantages include autoconfiguration of IP addresses and networking, a hierarchical address structure which reduces operational cost and several Integrated security features.
As Mr. Heuse points out, all major operating systems and most modern routers already support IPv6, but it is turned off. For most intranet installations, IPv4 will probably continue to be sufficient and won’t need to be replaced by IPv6. But as with all new protocols, there are some advantages that might move manufacturers to use the system to uniquely identify equipment for communication security, or other features that are not available with IPv4. Therefore we need to stay abreast of its advantages and potential pitfalls. Especially when one of the current problems being worked out is security weaknesses in tunneling, when using IPv4 and IPv6 together (like that will ever happen!). And though it handles multicasting more securely than with IPv4, that area is also one that has some issues.
The issues with security come from the standard’s original outline being laid out 15 years ago. It dealt with the security problems of the time. Recommended practices have been developed to upgrade the protocol’s implementaion, but there are many, and they aren’t always dealt with the same way by all manufacturers.
Notwithstanding this, IPv6 is being tested this month in a ‘live on the internet’ plug fest fashion. It will be rolled out in the coming months. The Youtube video that follows isn’t for everyone, but it should be for everyone who claims to be a professional in the entertainment technology field of digital cinema, as cinema is by its nature ‘unique addresses’, on the internet and very concerned with security.
This link points to a page that has several slide presentations on the subject:
27C3: Recent advances in IPv6 insecurities
Don’t miss this slide presentation: Recent Advances In IPv6 Insecurities
Side note before the 53 minute video, if you run across any interesting information in this field, or recommendations or comments by the technologists in the d-cinema field about IPv6, please forward it to the editor.
Other articles:
Last of the IPv4 Addresses Allocated
Understand IPv6 Addresses
YouTube – [27C3] (en) Recent advances in IPv6 insecurities
{youtube}c7hq2q4jQYw{/youtube}
Stuxnet and SCADA – New News
New Siemens SCADA Vulnerabilities Kept Secret
SCADA systems — computer systems that control industrial processes — are one of the ways a computer hack can directly affect the real world. Here, the fears multiply. It’s not bad guys deleting your files, or getting your personal information and taking out credit cards in your name; it’s bad guys spewing chemicals into the atmosphere and dumping raw sewage into waterways. It’s Stuxnet: centrifuges spinning out of control and destroying themselves. Never mind how realistic the threat is, it’s scarier.
Last week, a researcher was successfully pressured by the Department of Homeland Security not to disclose details “before Siemens could patch the vulnerabilities.”
Read the entire article and some cogent comments at:
Schneier on Security: New Siemens SCADA Vulnerabilities Kept Secret
Russian Scriptor Targeting Macs?
A new crimeware kit for sale on the criminal underground makes it a simple point-and-click exercise to develop malicious software designed to turn Mac OSX computers into remotely controllable zombie bots. According to the vendor of this kit, it is somewhat interchangeable with existing crimeware kits made to attack Windows-based PCs.
One might point out that these web-injects have supposedly been available for several months but they really haven’t been reported in the wild.
Where to turn if one decides to go for a Mac Anti-Virus system. Being not ready to spend money on a yearly the subscription that many packages charge, here are a few ‘free’ packages.
The Open Source choice is ClamXav. This package is maintained by long time stalwart Mark Allan who would appreciate a donation. The package will handle individual files, whole computers and networks. Comprehensive means large and possibly sometimes slow. But it isn’t pro-active – it only looks when you hit scan.
Another well regarded package Free Antivirus for Mac – Sophos Anti-Virus for Mac Home Edition. Smaller, faster, yet the home version will not cover networks.
PCTools | iAntivirus – This small package actively monitors for Mac malware, but that may be fine. I run PC AV software on my PC partitions.
That’s the end of free. None are bad; all are different, though both free products from commercial companies can be upgraded to pay-for packages.
Articles:
Antivirus Software On Your Mac: Yes or No?: Apple News, Tips and Reviews «
Mac Security: Antivirus | Security | Macworld
PC Tools iAntiVirus 1.0 Antivirus & Security Software Review | Macworld
Best AntiVirus Software Review 2011 | AntiVirus Software Learning Center – TopTenREVIEWS
[Update] Security Lesson – Sony PlayStation Breach
Weeks later, Sony still in trouble: Read Sony yet to fully secure its networks: expert | Reuters
For the past week, rumors about a potential breach of all customer information in the vast online PlayStation world has turned from ‘maybe’ to the worst possible situation. Read the Krebs On Security report for details:
While not directly associated with digital cinema, it shows the extent that hackers are able to cleverly exploit nuances of sophisticated code that even the largest corporations attempt to keep secure. One of the basic rules of encryption is that anyone can create a secure system that they themselves can’t breach.
One of the strengths of Open Source software is that a world community is able to research code to find and fix problems. This is the path that DCI and SMPTE tried to follow, using international standards such as AES and ___ for the packaging, transport and playout, to protect the intellectual property that we are all given to play to our customers.
It appears that the transition from PlayStation 2 to PlayStation 3 allowed some glitches into the code. These were apparently discovered when hackers worked to allow PlayStation 2 users to enter the online system that had cut them off. Code in the PlayStation 3 developers kit provided the tools. Where Sony didn’t use enough outside help to give oversight by “White Hat Hackers”, “Black Hat Hackers filled the gap. Now, only as an after thought post-catastrophe, outside help is being asked to help secure a newly designed system.
This is relevant to the DCienma world as we transfer from Series I to Series II projectors, external to internal media blocks (IMBs to the cognoscente) and maintaining InterOp format deliver while transferring to SMPTE compliant formats and equipment.
The lesson is: Learn more. Pay Attention. The other basic rule of security is Constant Vigilance, which requires a trained staff from top to bottom. That includes corporate executives, local management, chief techs, chief projectionist and each person in the stream who touches a security key.
Good luck to us all. The studio personnel are not the top of this chain. The artists, the producers, the writers and their lawyers are the top of the chain who are trusting us to keep their materials secure. As a professional in the industry, don’t let your name be on the list of defendants in a lawsuit for breach of duty.
Security “Thought Leadership” Exposed