Tag: URL

Notes from Secure Computing's Web Gateway Security Workshop

Web Gateway Security

Grant Murphy - Director, Web Gateway Security

Negative security model ( known bad ). Must know about all possible attack vectors. Not possible.

Reference: Metasploit, HD Moore, VoMM.

Positive security model. Intent and reputation model. Something is good because of its known intent and reputation. Real world example. Credit score. If I have a reputation for defaults or late payments then I will get a lower credit score than someone who pays bill on time or in full.

TrustedSource. In Web 1.0 world trust is implied by user. User assumes that content on other end will not be malicious. In Web 2.0 trust can not be guaranteed. Many new vulnerabilities and attacks. Most new web traffic is Web 2.0. Lot of code is executed in the browser (endpoint).

Reputation enhanced URL filtering. What is the reputation of the site that I am on? What is the nature ( intent ) of the content that is returned by the site? Does this site download code ( JavaScript, ActiveX, Java etc. ) that is malicious?

Need engine on URL filter to trap malicious code and clean/drop before content is delivered to end point. Policy driven. Webwasher (proxy/web caching appliance) handles SSL traffic by decrypting/re-encrypting SSL traffic in memory on the fly and blocking invalid certificates or sites based on policy. Privacy issues. Suggested policy is that only reputation challenged sites usign SSL be scanned. Passes EU privacy laws.

Example: Storm Bot
Over 1 million machines infectedWeb based vectorPayload is P2P botnet.

Webwasher is CyberGauard Linux locked down to Common Criteria recommendations.

Q4/2007 - Support for Novell eDirectory.

Q1/2008 - Webwasher 6.7 - Desktop Agent, NTLM for transparent authentication.
Desktop Agent - Allows enforcement of filter policy for remote users. Q1/2008.
Q4/2008 - Web Reporter 7.0 - combined Smart Reporter and Content Reporter. SmartFilter delegated administration. Instant Messaging integration. Protocol based filtering!. Will have similar functionality to IMLogic.

Messaging Security

Brian Schwartzkopf, Systems Engineer Manager

  • Integrates with Active Directory
  • SPAM detection
  • Dynamic HOP count.
  • Pornographic image detection
  • Secure LDAP

2008 Roadmap

  • New Operating System Platform - Move away from Linux kernel to FreeBSD
  • TrustedSource integration
  • IPv6
  • Log standardization and real time reporting (Content Reporter)
  • New web based user interface
  • New end user quarantine - User can add/remove from white-list/blacklist
  • Sophos integration
  • Storage and archived search.
  • Gateway to user S/MIME support

Network Gateway Security (Sidewinder)

Jason Lamar, Director, Network Gateway Security

  • Most firewalls built to control packet routing to expedite throughput. No intelligence around whether inbound connection is wanted.
  • Sidewinder is reputation based firewall. Intelligent inspection of data traffic. Will inspect encrypted traffic ( e.g SSH ) on network and block/drop malicious traffic.
  • Inbound SSH proxy.

NOTE: Getting the idea that TrustedSource is a big deal for Secure Computing.

Submitting a podcast to iTunes

This one is for my friend, Garba Goddess, whose Generation 1.5 podcast is a humourous and thought provoking look at desi immigrants and their first generation children. I suggested to the Goddess that she submit her podcast to iTunes, by far one of the most popular sites for downloading music, movies, and podcast. Of course, having suggested that I then have to show her how. So Goddess here goes:

Firstly, one will need a copy of Apple's iTunes software for your platform. iTunes is available for Windows and OS X. Launch iTunes and click the green "Music Store" icon. This will take you into the cluttered screen of the Apple Music Store.

Off to the left of the Music Store page you will see a link for podcasts. Click that link to access the podcast section of the Apple Music Store.

"Inside the Music Store" panel you will see a link to "Submit a Podcast". Click that link to be taken to the a page where you can enter the URL for your podcast feed.

In this case we will enter the feed for Generation 1.5 which is http://podbazaar.com/rss/126100789566373927.

Click the â??Continueâ?? button and you will be prompted to enter your iTunes account credentials. That security geek speak for login id and password. If you do not have an iTunes account then go ahead and create one.

If this is the first time using iTunes you will be presented with Apple's iTunes agreement. After accepting that you will see a screen with details on your podcast. Unfortunately, Goddess, your podcast is classified as International which iTunes thinks mean non-English. Unless you pick from one of the many non-English subcategories, iTunes will not let you proceed. I chose Australian as a subcategory.

Click "Done" to return to the iTunes Music Store main page

Performancing for Firefox enhancements

BookmarksThe great folks who developed the Performancing for Firefox extension have outdone themselves with the latest release. Two new functions have been added that make Performancing even better for bloggers.

I use the del.icio.us bookmarking site to keep track of links to the cool web site I discover while browsing. Of course being a heavy Firefox user I have an extention for that. Performancing now includes a 'Bookmarks" function that allows the user to bookmark the URL of the currently selected Firefox page to del.icio.us.

Simply provide your del.icio.us login credentials and the Performancing captures the URL of the current page. Sweet!

TechnoratiThe other enhancement of note is under the "Page Tools" tab.This functions provides information from the Technorati weblogs link tracking site about the current Firefox page.

There are some other minor enhancement including the ability to trackback your post to Technorati when published.Settings
I like the new enhancements and look forward to the evolution this fanstatic blogging tool.