Most infosec leaders agree that traditional security methods, on their own, are no longer enough to combat advanced new threats. But what new techniques and strategies are they using? What lessons have they learnt from breaches?
iTnews will provide some answers to these questions in our Spotlight on Cyber Security, coinciding with the Australian Information Security Association’s national conference on 10-12 October.
Boingo uses a similar network aggregation model seen on ISP networks from the likes of iPass and GRIC. But it goes further with its business model, collecting and distributing usage revenues amongst the various network operators whose Wi-Fi hotspots it uses.
The Cloud, a division of Inspired Broadcast Networks, is something of a low profile public Wi-Fi network, preferring to stay in the background as a wholesale wireless network operator.
When the service was launched earlier this year, the company offered access through two options, pay-as-you-use sessions from a variety of outlets, or through third parties, such as BT OpenZone, whose users can now roam seamlessly onto The Cloud's network.
GFI LANguard System Integrity Monitor (SIM) detects whether files have been changed on a Windows 2000/XP system. It identifies exactly which files have been changed, making it easy to restore the system to its original state, although it does not provide any utility for automatic recovery - you have to have secured original copies of these files elsewhere.
The G-Server is the only hardware in this Group Test - all the other products consist of software. It is designed to be installed inline between the DMZ port on your firewall and a public web server. It is completely transparent and requires no changes to any network settings on other network equipment. It has no IP address visible to the outside world, so is undetectable by hackers. Even the MAC addresses of its NICs reflect those of the real web server to make the G-Server even more transparent. Two G-Servers may be configured for high availability.
TOS stands for 'trusted operating system.' It can also be used to protect servers that are providing DNS, as well as file servers, database servers, proxy servers and mail servers. TOS can protect any static files, including whole directories, drives, Windows registries and, of course, web pages.
A complete Tripwire system consists of two components: Tripwire for Servers, which is an agent that must be installed on all servers that are to be protected; and Tripwire Manager, which provides central management for any number of Tripwire for Servers agents. Communications between server agents and management workstation are secured using the secure sockets layer (SSL) protocol.
Applock/Web works for web servers based on Microsoft IIS running on Windows NT/2000. It locks down both operating system and web server application. It auto-discovers which files are associated with web server functions (this may include web content and web scripts) and locks them down. It works within the operating system at the kernel level.
The Symantec Gateway Security product combines firewall, content filtering and intrusion detection in one rack-mounted system that is 1U high. The content filtering includes anti-virus and anti-spam, plus the blocking of inappropriate content and non work-related surfing. The firewall has all the usual features you would expect from a modern firewall: stateful inspection, packet filtering, NAT, IPsec VPN and full inspection application proxies.
Based on a Toshiba Magnia SG20 solution developer kit, this unit runs a special version of Linux created by Astaro. It includes a firewall, VPN, DHCP server, traffic management and content filter. The latter includes web blocking and anti-spam.
The firewall uses stateful packet inspection and includes proxies for HTTP, HTTPS, SMTP, POP3, DNS, IDENT and SOCKS. It has user authentication and offers protection from the most common forms of DoS attacks. Of course, it provides network address translation. In addition it detects port scanning.