No matter what facet of information security you're in, from being the CISO
down to just installing security patches and keeping up to date, there will
probably be a point where you need to see the details of a hack. Maybe it's
because you need to fingerprint what it does or how it acts on your network.
Maybe it's because you need to be able to reproduce it in a penetration test.
Either way you look at it, sometimes you just need to test something out.
Obviously, this could go one of a few ways. You could execute these hacks on
your network. This could lead to potentially bad outcomes, especially if you
break something. The next option is to try it out on someone else's network
who doesn't know. (Read: ILLEGAL!). The last option, and also the one we use
over here at Hurricane Labs, is a lab environment.
A lab environment is simply going to consist of a bunch of diffe... (more)
Hurricane Labs and Information Security Summit are pleased to announce the
Grand Opening of their new Corporate Training Center located at 4401 Rockside
Road in Independence, Ohio. Featuring state of the art classroom technology,
a large classroom for up to 30 students, 2 breakout rooms and a recording
studio ideal for podcasting, the training center will be used by several
hundred professionals from around the country.
We offer a diverse array of training programs for Chief Security Officers,
Security Managers, Network and Security Architects and Engineers, and other
IT Profess... (more)
By: Steve McMaster
This past weekend, I presented the idea of a self-defending network at Ohio
LinuxFest 2012. The accompanying slides are now available here. So let’s
talk about network security. You’ve got a firewall and a DMZ, you’re all
set, right? Not so fast slugger. We preach a theory called “defense in
depth” here at Hurricane Labs. And that means you need something to defend
you when your firewall admins make a mistake. And something to protect you
when that layer fails. And so on. So what are these other layers? Well one of
them is having a good IDS/IPS system. An IDS/... (more)
Yesterday we started getting floods of malware alerts for machines on many
different networks that we manage going out to a site that was identified a
while ago for MS08-067 type activity. So we did our due diligence and
notified our clients that we were seeing this traffic attempting to leave
their network. As of now the alerts are still coming in.
If you've watched the news at all over the past couple of days you've heard
about the events in Austin, TX involving a plane being intentionally flown
into an IRS building there. Thankfully only the pilot was killed and our
thoughts g... (more)
IPS Updates, Splunk, Check Point and You
How I Learned to Stop Hating the Term “Zero-Day” but Not Really
By: Bill Mathews
Zero Day attacks – you know, the ones that almost EVERY signature in your
IPS claim to protect you against? Yep those guys, nasty little things.
Basically, if IPS vendors are to be believed, those are the things that
don’t have a patch yet and have active exploits against them. You update
your IPS signatures and BOOM protection from zero day! The problem we always
run into, and this is with almost every IPS vendor so I’m not just picking
on Check Point here, is... (more)