Security Acts is a free magazine for professionals in IT Security

Security Acts is the challenge of producing a high-quality magazine for professionals in IT Security, which is made by and issued for the people involved in IT Security. This online magazine is free of charge and will finance itself through adverts.

http://www.securityacts.com

Subscribe to be notified when new issues are released.

(IN)SECURE Magazine

(IN)SECURE Magazine is a free digital magazine published in a PDF format. It features articles written by some of the most prominent security experts. The magazine is released on a bi-monthly basis and averages 25,000 readers per issue.

http://www.net-security.org/insecuremag.php

Kingston, SanDisk and Verbatim all sell quite similar USB Flash drives with AES 256-bit hardware encryption that supposedly meet the highest security standards. This is emphasised by the FIPS 140-2 Level 2 certificate issued by the US National Institute of Standards and Technology (NIST), which validates the USB drives for use with sensitive government data. Security firm SySS, however, has found that despite this it is relatively easy to access the unencrypted data, even without the required password.

The USB drives in question encrypt the stored data via the practically uncrackable AES 256-bit hardware encryption system. Therefore, the main point of attack for accessing the plain text data stored on the drive is the password entry mechanism. When analysing the relevant Windows program, the SySS security experts found a rather blatant flaw that has quite obviously slipped through testers’ nets. During a successful authorisation procedure the program will, irrespective of the password, always send the same character string to the drive after performing various crypto operations – and this is the case for all USB Flash drives of this type.

Cracking the drives is therefore quite simple. The SySS experts wrote a small tool for the active password entry program’s RAM which always made sure that the appropriate string was sent to the drive, irrespective of the password entered and as a result gained immediate access to all the data on the drive. The vulnerable devices include the Kingston DataTraveler BlackBox, the SanDisk Cruzer Enterprise FIPS Edition and the Verbatim Corporate Secure FIPS Edition.

When notified by SySS about this worst case security scenario, the respective vendors responded quite differently. Kingston started a recall of the affected products; SanDisk and Verbatim issued woolly security bulletins about a “potential vulnerability in the access control application” and provided a software update. When asked by heise Security, Verbatim Europe said that none of the affected drives have been sold in Europe – and that none will be shipped before the hole has been closed.

The real question, however, remains unanswered – how could USB Flash drives that exhibit such a serious security hole be given one of the highest certificates for crypto devices? Even more importantly, perhaps – what is the value of a certification that fails to detect such holes?

Source : http://www.h-online.com

I am pleased to inform you that I’ve successfully PASSED the CISA (Certified Information Systems Auditor) Exam with ID: 09591027. As you know that its a Four Hours Proctored Written ANSI Accredited Exam and was held in December 12, 2009.

US Department of Defense (DoD) 8570.01-M “Information Assurance Workforce Improvement Program” manual names ISACA’s Certified Information Systems Auditor (CISA) and Certified Information Security Manager (CISM) certifications among those approved for DoD information assurance (IA) professionals.

For More Details : Visit

The U.S. Department of Commerce’s NIST (National Institute of Standards and Technology) recently released Special Publication 800-53, a report titled “Recommended Security Controls for Federal Information Systems and Organizations.”The 237-page report discusses the latest suggested practices for minimizing network vulnerabilities in government agencies, but its lessons carry over to any business, school, or organization with Internet access. It also discusses compliance with FIPS (Federal Information Processing Standards) 199 and 200 security levels. The report was prepared by the Computer Security Division of NIST’s Information Technology Laboratory.

http://csrc.nist.gov/publications/PubsSPs.html

Build & Maintain A Secure Network

Requirement 1:Install and maintain a firewall configuration to protect cardholder data.

Requirement 2:Do not use vendor-supplied defaults for system passwords and other security parameters.

Protect Cardholder Data

Requirement 3:Protect stored cardholder data.

Requirement 4:Encrypt transmission of cardholder data across open, public networks.

Maintain A Vulnerability Management Program

Requirement 5:Use and regularly update antivirus software.

Requirement 6:Develop and maintain secure systems and applications.

Implement Strong Access Control Measures

Requirement 7:Restrict access to cardholder data by business need-to-know.

Requirement 8:Assign a unique ID to each person with computer access.

Requirement 9:Restrict physical access to cardholder data.

Regularly Monitor & Test Networks

Requirement 10:Track and monitor all access to network resources and cardholder data.

Requirement 11: Regularly test security systems and processes.Maintain An Information Security Policy

Requirement 12: Maintain a policy that addresses information security.

SOURCE: PCISECURITYSTANDARDS.ORG

RSA released its SecurID SoftwareToken for the iPhone. The software en-ables an iPhone to be used as an RSASecurID authenticator, providing conve-nient and cost-effective two-factor authentication for enterprise applications and resources. It is designed to generate a one-time password that changes every 60 seconds, enabling secure access to enterprise applications and resources. The application is available free in the AppStore.

Addonics Technologies announced CipherChain, an encryption tool designedto provide protection for technology suchas personal computers, servers, rack-mounted systems, and data storage equip-ment. The AES 256-bit hardware full-disk encryption tool is roughly the size ofa flash drive. To help companies encryptlegacy systems or systems in a heteroge-neous computing environment, Cipher-Chain can operate on any operating sys-tem. CipherChain is designed to be simpleto use, with no software, drivers, or pass-words to deal with. It is designed to workwith any SSD or SATA storage device.

The security market has undergone significant evolution within the past several years, resulting in a wide range of software, devices and management strategies. As the need to centralize becomes increasingly apparent, however, confusion over different product categories has made it difficult to define requirements.

One important element of confusion is in definitions. The acronyms SEM, SIM and SIEM have been used almost interchangeably; yet, there are differences in meaning and the capabilities of products in each classification. One segment of security management that deals with real-time monitoring, correlation of events, notifications and console views is commonly known as Security Event Management (SEM). The second area provides long-term storage, analysis and reporting of log data and is known as Security Information Management (SIM).

SEM provides real-time monitoring and event management to support IT security operations. SEM requires several capabilities: event and data collection, aggregation and correlation in near real time; a dynamic monitoring/security event console for viewing and managing events; and automated response generation for security events.

SIM delivers more historical analysis and reporting for security event data. This requires event and data collection/correlation (but not in real time), an indexed repository for log data and flexible query and reporting capabilities. When SEM and SIM are combined, they become Security Information and Event Management (SIEM).

There are common capabilities shared between SIM and SEM, among them workflow, asset weighting and reporting. To integrate the two there needs to be central management within an overarching solution. Security events gathered from hundreds or thousands of sources need to be filtered to reduce the effort required to manage and prioritize response activities. The analysis and queries must be flexible in order to allow for meaningful query response and views that make the most sense for performing security investigations.

Most products in the security management market have generally tended to fall within either the SIM or SEM areas—though some have claimed to provide both. In order to evaluate the effectiveness of a SIEM product, you must first gain an understanding of what a true SIEM implementation looks like.

SIEM product capabilities include gathering, analyzing and presenting information from network and security devices; identity and access management applications; vulnerability management and policy compliance tools; operating system, database and application logs; and external threat data. A key focus is to monitor and help manage user and service privileges, directory services and other system configuration changes; as well as providing log auditing and review and incident response.

Event correlation is a defining characteristic of SIEM technology. Correlation establishes relationships between log entries or events that are generated by devices, systems or applications based on characteristics such as the source, target, protocol or event type. A major benefit of correlation is that it filters out duplicate and redundant data in order to reduce event noise and allow administrators to address high priority issues immediately with the right information to make informed remediation decisions.

Products either provide rule-based or statistical correlation (for the “low and slow” threats not detected by predefined rules). Rule-based correlation was the method first to market and is the more prevalent approach today. It supports the creation of site- or situation-specific correlation rules. These rules establish the pattern of events, including which events occurred in what time period, in which order and on which systems. They are delivered out-of-the-box by vendors, with some offering the flexibility to modify existing rules or create new ones. Product scalability and deployment flexibility derive from vendor design decisions in the areas of product architecture, data collection techniques, agent design and coding practices.

While the security market has been growing for some time and most corporations have already installed a wide array of security products, early generation security management products do not satisfactorily meet new requirements, such as capturing log information, storing audit results for periods of months or years and performing forensic analysis. Many companies have already made investments in these focused security event monitoring products. With tightening budgets, it is important to ensure that the products already in place can continue to serve their function, with their value actually improved through provision of a next generation management scheme.