One of my many roles as a founder and CTO is to meet with customers and talk about their network security issues. These visits are not only informative, they can be humorous as well. For example, a recent visit to a large, fortune 500 company, they told me that one of our firewall competitors explained that Stateful inspection would evolve to include application visibility and control. As one of the original engineers working on Stateful inspection, I found this statement extremely humorous. Read more…
Nir Zuk
application control, firewall
There is a somewhat erroneous assumption that the web provides anonymity – in particular when someone is posting a comment on an article. And then there is the old saying that knowledge is power. The challenge some people face is what to do with it. Read more…
Matt
application control, application usage & risk report, firewall
A recent survey suggests that more than 50% of the companies are blocking social networking. I read that and asked myself do they really believe that? I ask because our analysis of application traffic on more than 200 companies around the world proves otherwise. We found 27 different social networking applications across 95% of the participating organizations. Read more…
Matt
application usage & risk report
The Application and Threat Research Team has done a great job of provide insight into what the Mariposa threat as well as how to quickly analyze their networks to see if Mariposa is present via the WireShark plugin. Based on the applications that Mariposa uses to spread itself exactly how exposed are we? To gain some perspective on the levels of exposure, I took a look at our traffic analysis database and found that more than 85% of the organizations have at least one of the Mariposa spreaders. Read more…
Matt
file sharing, mariposa, p2p, threat prevention
Now more than ever, business and security teams need to align their business priorities. Case in point, highlighted by two recent articles on social networking use in the business world. The first article, published in eWeek UK, states that most CIOs are blocking (or trying to block) social networking sites.
http://www.eweekeurope.co.uk/news/cios-frown-on-social-networking-at-work-2007 http://community.zdnet.co.uk/blog/0,1000000567,10014107o-114626b,00.htm https://www.mckinseyquarterly.com/home.aspx http://www.aiim.org/ Read more…
Matt
application control, firewall
Often we talk about how destination port is not an accurate classification for controlling network traffic. At this point, hopefully that is obvious. Everyone knows that just about anything can get out of an enterprise network via port 80 or 443. Lately I have had several discussions with customers curious about protocol validation and ensuring that only “valid” traffic is being allowed. Being “valid” has become a mostly useless concept. How do you control traffic on 80 and 443? You put in a proxy, right? Hmm. That is useful if you want to make sure non-HTTP applications do not take advantage of a firewall policy that allows 80 and 443 out of the network. However, it is clearly not that simple – and it is not just HTTP that is the issue.
Read more…
Mike
application control, circumvention, data leakage
Mafia Wars. FarmVille. YoVille. PetSociety. Hot or Not. Texas Hold ‘Em.
Many of you will have played, or seen updates from your friends on the above games – they represent some of the most popular applications on Facebook. Some of my friends talk about “lost weekends” with various Facebook games, where they get so involved in online play, hours or days go by without pause – and as a result, my news feed is peppered with evidence of their progress in this month’s hottest game.
Read more…
Chris King
application control, social networking
Microsoft has announced an out-of-band release for a vulnerability (CVE-2009-3103) in the SMB2 protocol which exposes Windows Server 2008 and Windows Vista users to possible remote code execution attacks. It does not appear that Windows 2000 and Windows XP are affected because they do not have the vulnerable SMB2 driver. The vulnerability is labeled as critical and there is publically available exploit code. The vulnerability is an index error in the SMB2 protocol implementation in srv2.sys, which allows remote attackers to either cause a denial of service attack or execute remote code on a vulnerable system through an ampersand (&) character in a Process ID High header field in a NEGOTIATE PROTOCOL REQUEST packet. This triggers an attempted dereference of an out-of-bounds memory location.
There is no Microsoft patch available for the vulnerability, and it is recommended that Palo Alto Networks customers with vulnerable Microsoft devices upgrade to content version 142. For more information about the Microsoft advisory on the vulnerability, check out the link below.
http://www.microsoft.com/technet/security/advisory/975497.mspx
Alfred
microsoft, zero-day
We often use the term evasive as a means of describing how an application can bypass a traditional stateful inspection firewall. “Applications use tactics such as port hopping, non-standard ports, SSL encryption and emulation to evade the firewall.” While wholly accurate, the term carries negative connotations, implying the application is behaving badly. In reality, the application developers are using these techniques primarily for purposes of improving user accessibility. Read more…
Matt
application control, firewall, threat prevention
This Mashable news article talks about how companies are blocking social networking sites. I would call this an exercise in futility. I say this because users will find a way. Social networking, along with IM, Twitter and streaming music have become part of many employees’ daily fabric. When companies try to block these applications, several things will happen, all of which may be worse the allowing access to these applications. Read more…
Matt
application control, firewall, social networking