Archive for the ‘network security’ Category

Advanced Breach Protection Demystified – Untold Truths On Security Beyond AV

March 28th, 2019
Doing business in today's connected world means dealing with a continually evolving threat landscape. With potential losses due to downtime following a breach, plus valuable client and proprietary information at risk, most organizations realize they cannot afford to be complacent. This puts extra onus on security IT teams, who are continuously left scrambling, looking for the best way to

Posted in antivirus, business security, cyber security software, cyber security tools, cyber security webinar, Enterprise Security, network security, webinar | Comments (0)

Cynet is offering unhappy competitors’ customers a refund for the time remaining on existing contracts

March 12th, 2019
Cynet goes head-to-head with CrowdStrike, DarkTrace, Cylance, Carbon Black & Symantec, offering their unhappy customers a refund for the time remaining on their existing contracts. Cynet, the automated threat discovery and mitigation platform was built to address the advanced threats that AV and Firewalls cannot stop. Today, Cynet announced that any organization currently deploying an

Posted in edr solutions, endpoint network security, endpoint security, network security, network security software, SIEM Software | Comments (0)

Google Launches Backstory — A New Cyber Security Tool for Businesses

March 5th, 2019
Google's one-year-old cybersecurity venture Chronicle today announced its first commercial product, called Backstory, a cloud-based enterprise-level threat analytics platform that has been designed to help companies quickly investigate incidents, pinpoint vulnerabilities and hunt for potential threats. Network infrastructures at most enterprises regularly generate enormous amounts of network

Posted in Backstory threat analytics, Chronicle, cyber security software, cybersecurity, Enterprise Security, Google Backstory, Google Cloud, network security, SIEM Software | Comments (0)

Learn How XDR Can Take Breach Protection Beyond Endpoint Security

February 19th, 2019
How do you know whether an attacker has infiltrated your network? Can you really rely on an Endpoint Detection and Response (EDR) solution to be your go-to technology for identifying security breaches? Endpoint detection and response (EDR) platform has been an important technology to detect cybersecurity incidents, but it provides only the view of endpoints, just a portion of the big picture.

Posted in Corporate security, cyber security webinar, edr solutions, endpoint detection, Enterprise Security, network security, webinar, xdr solutions | Comments (0)

Researchers Release Tool That Finds Vulnerable Robots on the Internet

January 28th, 2019
A team at a robot cybersecurity startup has released a free, open-source tool for information security professionals to help them easily 'footprint' and detect unprotected robots, not only connected to the Internet, but also to the industrial environments where they operate. Dubbed "Aztarna," the framework has been developed by Alias Robotics, a Spanish cybersecurity firm focused on robots and

Posted in Aztarna, cyber security, cyber security tools, hacking robots, hacking tools, iot devices, network security, port scanning tools, Robot hacking, Robotics | Comments (0)

IPS as a Service Blocks WannaCry Spread Across the WAN

August 14th, 2017

One of the most devastating aspects of the recent WannaCry ransomware attack was its self-propagating capability exploiting a vulnerability in the file access protocol, SMB v1.

Most enterprises defences are externally-facing, focused on stopping incoming email and web attacks. But, once attackers gain a foothold inside the network through malware, there are very few security controls that

Posted in Cato Networks, firewall, intrusion prevention system, network security, Network Security Services, network security tool, ransomware, smb vulnerability, WannaCryptor | Comments (0)

What is the hype around Firewall as a Service?

July 10th, 2017

Admit it. Who would not want their firewall maintenance grunt work to go away?

For more than 20 years, companies either managed their edge firewall appliances or had service providers rack-and-stack appliances in their data centers and did it for them.

This was called a managed firewall — an appliance wrapped with a managed service, often from a carrier or managed security service provider

Posted in best firewall software, firewall, firewall as a service, Firewall Security, network security, network security manager, network security tool, secure firewall | Comments (0)

Online Training for Cisco CCNA, CCNP Certification Exams

June 12th, 2017

As governments and enterprises migrate toward controller-based architectures, the role of a core network engineer are evolving and more important than ever.

There is a growing number of jobs in Networking, but if you lack behind, you need to pass some certification exams to enter into this industry and get a significant boost in your IT career.

If you are looking forward to making career

Posted in CCNA, CCNP, cisco certification, Cisco Certified Network Associate, Cisco Certified Network Professional, network administrators, network security | Comments (0)

Vulnerable OpenSSL Handshake Renegotiation Can Trigger Denial of Service

May 9th, 2017

OpenSSL, the popular general-purpose cryptographic library that implements SSL/TLS protocols for web authentication, has recently suffered from several vulnerabilities. We have written about “CVE-2017-3731: Truncated Packets Can Cause Denial of Service in OpenSSL” and “SSL Death Alert (CVE-2016-8610) Can Cause Denial of Service to OpenSSL Servers” among others. Today we examine the high-severity bug CVE-2017-3733, the Encrypt-Then-MAC renegotiation crash that can cause a denial of service.

Before SSL/TLS encrypts data, it runs the Handshake and ChangeCipherSpec protocols.

During the Handshake phase, the client and server decide which encryption algorithms to use. Once the negotiation is done, the client and the server send each other a ChangedCipherSpec message, after which the traffic is encrypted with the negotiated algorithms.

Encrypted data is sent in one of two ways along with the message authentication code (MAC) in SSL/TLS.

  1. MAC-then-encrypt: This method calculates the MAC of the plain text, concatenates it with the plain text, and runs the encryption algorithm over it.
  2. Encrypt-then-MAC: The cipher-text is generated by encrypting the plaintext and then appending a MAC of the encrypted plaintext.

If the ClientHello message does not contain an Encrypt-Then-Mac extension, then the default is MAC-then-encrypt mode. If ClientHello has an Encrypt-Then-Mac extension, the server will compute the MAC after encrypting the data.

If the client or server wish to change the algorithms used for encryption, they can renegotiate the Cipher_Suites that they have already agreed upon. This can occur any time during data transfer by initiating a new Handshake, which takes place over an existing SSL connection.

Triggering the vulnerability

OpenSSL offers this explanation:

“During a renegotiation handshake if the Encrypt-Then-Mac extension is negotiated where it was not in the original handshake (or vice-versa) then this can cause OpenSSL to crash (dependent on ciphersuite). Both clients and servers are affected.”

Say the client starts a TLS handshake with the server using the default MAC-then-encrypt mode. If the client later renegotiates with the Encrypt-then-MAC extension enabled and sends encrypted data in that mode before the ChangeCipherSpec message, the server will crash, causing a denial of service.

When the client triggers this vulnerability, the server crashes at the ssl3_get_record function, in the ssl3_record.c file:

The crash occurs at line no. 352, when checking to see if mac_size is less than EVP_MAX_MD_SIZE (64 bytes):

The if statement preceding the assertion checks whether the Encypt-then-MAC flag is set in the server. The macro in the if condition:

The flag TLS1_FLAGS_ECRYPT_THEN_MAC is already set when the ClientHello packet is sent with the Encrypt-then-MAC extension at the time of renegotiation. So the control will go inside the if condition. But because the ChangeCipherSpec message has not yet passed to the server, it does not know it must use Encrypt-then-MAC.

Putting a break point at line no. 352 and checking the mac_size variable shows us the value 0xffffffff, which is greater than EVP_MAX_MD_SIZE (64). Thus the assertion fails and the server crashes.

Let’s go to the code and find how the mac_size variable gets the value 0xffffffff. The EVP_MD_CTX_size function calculates the mac_size.

It returns -1 when the message digest value is null. 0xffffffff is the two’s complement of -1. This means “s->read_hash” returns null as the server tries to calculate the hash using the MAC-then-encrypt mode.

Users of McAfee products are protected from this attack by signature 0x45c09700. All administrators should update OpenSSL to the latest version.

 

Thanks to Hardik Shah for helping me with this post.

 

 

 

 

The post Vulnerable OpenSSL Handshake Renegotiation Can Trigger Denial of Service appeared first on McAfee Blogs.

Posted in computer security, McAfee Labs, network security, Vulnerability | Comments (0)

Firewalls: Still Your First Line of Defense

April 21st, 2017

The term “firewall” has been used since early computing days to describe a kind of electronic bouncer that keeps threats from entering your network. But it would be a mistake to think that this fundamental network security measure is now old school. With the recent boom in internet-connected devices,  firewalls are more important than ever.

Firewalls work by examining and filtering all the information coming in through your internet connection. They represent an important first line of defense because they can stop a malicious program, or attacker, from gaining access to your network and information before any potential damage is done.

Firewalls come in two forms: either as a software program that you install on your computer, or as part of a piece of hardware, like a router, that monitors access to all of the devices with which it connects. In an ideal situation, you would have both.

Software firewalls are important because they allow you to keep your computer protected even if you take it to another physical place, like your office. Plus, software firewalls can be customized to block unsafe applications, setup safe printer sharing, and other options.

That said, a hardware firewall is also necessary if you have a number of computers and devices in one location. A hardware firewall allows you to filter access to all of these devices from one piece of equipment. You will just need to consult your manual to configure it correctly and adjust a few settings.

Hardware firewalls provide essential security for the Internet of Things (IoT), like smart thermostats and smart light bulbs. This is because these new devices often come with weak security features, leaving your network vulnerable if the devices aren’t secured by a firewall.

Take, for instance, the large-scale attack in late 2016 that took down many popular websites. The attackers used thousands of infected webcams, smart fridges, DVRs and other IoT devices to flood the websites with traffic. The devices used in the attack were consumer devices, like yours, left unprotected.

The simple truth is that the more connected we become, the more vulnerable we are to security threats, making the smart use of firewalls even more important.

Here are a few tips to make sure that you stay protected:

  • Secure your computers with a software firewall, like the one included in the McAfee LiveSafe ™ service. In addition to firewall protection, McAfee LiveSafe™ gives you the extra advantage of providing antivirus and threat protection for all your devices, including smartphones and tablets.
  • Use the hardware firewall that is built into your home router or gateway. Consult the manual that came with your router, or do a quick online search to find steps to walk you through the setup.
  • Know that each new internet-connected device you bring into your home is a potential avenue of attack. Make sure to reset any default passwords, and keep those devices current with the latest manufacturer updates.

Looking for more mobile security tips and trends? Be sure to follow @McAfee Home on Twitter, and like us on Facebook.

The post Firewalls: Still Your First Line of Defense appeared first on McAfee Blogs.

Posted in Consumer Threat Notices, Internet of things, network security, next generation firewall | Comments (0)