Counterpane Internet Security, Inc. Helps Customer's Resolve the SANS Top 20 Vulnerability Exploits.Business Editors and High Tech Writers CUPERTINO, Calif.--(BUSINESS WIRE)--Oct. 23, 2001 Counterpane's Managed Security Monitoring (MSM MSM - Micronetics Standard MUMPS ) service directly attacks non-existent or incomplete logging processes Counterpane Internet Security ''This article or section is being rewritten at Internet security is the process of protecting data and privacy of devices connected to internet from information robbery, hacking, malware infection and unwanted software. , Inc., developer and leading provider of Managed Security Monitoring (MSM), today announced its MSM service provides significant minimization of vulnerabilities caused by incomplete or non-existent logging on customer's enterprise-wide network information security systems. SANS, the System Administration and Network Security Institute recently announced the release of their newly revamped consensus security vulnerabilities list. The SANS document lists the 20 most frequently exploited misconfiguration and software vulnerabilities on the Internet. SANS' Vulnerability "G6" is about logging, and speaks directly to Counterpane's MSM service. MSM also assists in reducing the risks introduced by a number of the other SANS Top 20 vulnerabilities. Based on input from a multitude of security experts and enterprise system administrators, including contributions from Counterpane, the SANS document lists the 20 most frequently exploited misconfiguration and software vulnerabilities on the Internet. The report, including documentation on how to decide whether or not a customer's information system is vulnerable and how to mitigate the risk, is available at: http://66.129.1.101/top20.htm "Changing system configurations and validating software patches, especially in today's complex network and applications environments, is a time-consuming process. This is one of the reasons why so many people who "know better" don't always update their system," says Bruce Schneier, co-founder and Chief Technology Officer for Counterpane Internet Security, Inc. "But real-time monitoring can improve your security substantially by allowing you to let Counterpane notify you immediately when attackers look for these problems." Fixing every computer vulnerability is impossible. Even installing every available security patch A fix to a program that eliminates a vulnerability exploited by malicious hackers. See vulnerability and patch. is unreasonable to expect. Realizing this, last year SANS issued their "Top 10" list of security vulnerabilities. "If you can't fix everything," they suggested, "at least fix these. If you plan on fixing everything, fix these first." "Prioritizing vulnerabilities is important, and I am pleased that SANS recently updated their list. The `Top 20' includes generic problems for system administrators, like incomplete logging and leaving unnecessary services running, as well as specific bugs in Windows and UNIX UNIX Operating system for digital computers, developed by Ken Thompson of Bell Laboratories in 1969. It was initially designed for a single user (the name was a pun on the earlier operating system Multics). software," says Tina Bird, Security Architect for Counterpane. "I urge system administrators to use the list to prioritize their security activities." "In order to detect anything, you have to read the system logs in real time, 24 hours a day and seven days a week. Read them once a week, and you'll find out what the hackers did. Read them consistently, and you'll find out what the hacker IS DOING," advises Schneier. "Real-time monitoring is what Counterpane does, and this is why so many companies use us as an integral part of their security." If you're already a Counterpane monitoring customer, you can immediately protect yourself from some of these vulnerabilities by increasing the number of devices being monitored by Counterpane. In addition to the firewalls, routers, and intrusion detection systems This article is about the computing term. For other uses, see Burglar alarm. An intrusion detection system (IDS) generally detects unwanted manipulations of computer systems, mainly through the Internet. that you already monitor through Counterpane, you should consider adding authentication systems The combination of authentication server and authenticator, which may be separate devices or both reside in the same unit such as an access point or network access server. The authentication server contains a database of user names, passwords and policies, and the authenticator physically (RADIUS, TACACS (Terminal Access Controller Access Control System) An access control protocol used to authenticate a user logging into the network. TACACS is a simple username/password system. , or SecurID servers; Windows domain controllers), enterprise backup servers, Windows domain controllers, and network monitoring The term network monitoring describes the use of a system that constantly monitors a computer network for slow or failing systems and that notifies the network administrator in case of outages via email, pager or other alarms. servers to your monitoring infrastructure, by pointing their log data to the Counterpane Sentry. The more you monitor, the better job you do at catching intruders. If you've deployed intrusion detection systems and anti-virus code, be sure that your detection signatures are up to date and tuned to your environment. If you've written custom signatures for your IDS, informing Counterpane about them (via the Secure Operations Center The facility or location on an installation, base, or facility used by the commander to command, control, and coordinate all crisis activities. See also base defense operations center; command center. or your Technical Services Representative) will enable Counterpane to monitor them more effectively. Counterpane recommends: If your organization depends on default installations of operating systems Operating systems can be categorized by technology, ownership, licensing, working state, usage, and by many other characteristics. In practice, many of these groupings may overlap. (especially any of the Windows variants, Solaris, Linux, and Cisco IOS Cisco IOS (originally Internetwork Operating System) is the software used on the vast majority of Cisco Systems routers and all current Cisco network switches. IOS is a package of routing, switching, internetworking and telecommunications functions tightly integrated with a ), and on popular but frequently misconfigured applications like sendmail and BIND, verify your logging configuration even before you work on removing the vulnerabilities. In addition to the firewalls, routers, and intrusion detection systems that you already monitor through Counterpane, consider adding: -- authentication systems, (RADIUS, TACACS, or SecurID servers; Windows domain controllers) -- enterprise backup servers, -- Windows domain controllers, and -- network monitoring servers to your monitoring infrastructure, by pointing their log data to the Counterpane Sentry. Disclaimer: This information is provided for informational purposes and without warranty. Counterpane recommends consulting your security policy when responding to this or any security related event. Counterpane also recommends testing any vendor recommended countermeasures That form of military science that, by the employment of devices and/or techniques, has as its objective the impairment of the operational effectiveness of enemy activity. See also electronic warfare. prior to their deployment in a production environment.
Late Breaking News:
Counterpane Introduces "Counterpane Protected" Service
to Augment Its Popular Managed Security Monitoring
New level of service will assist customers in proactively
addressing the evolving information security threat environment
with a focus on the SANS Top 20 vulnerabilities
See www.counterpane.com/pressrel.html for more information
About Counterpane Counterpane Internet Security, Inc. is the developer and leading provider of Managed Security Monitoring. Established in 1999 by entrepreneurial expert Tom Rowley and security technologist and author Bruce Schneier, Counterpane addresses the critical need for increased levels of security services Security services are state institutions for the provision of intelligence, primarily of a strategic nature, but also including protective security intelligence. Examples include the Security Service (MI5) and the Secret Intelligence Service (MI6) in the United Kingdom, and the . Centered on a network of sophisticated Secure Operations Centers, staffed by expert security analysts, the Company provides 24x7 monitoring, as well as penetration detection and response. Counterpane's Managed Security Monitoring services enable e-business to be conducted safely. The company is funded by Accel Partners, Amerindo Investment Advisors Investment Advisor 1. A person making investment recommendations in return for a flat fee or percentage of assets managed, known as a commission. 2. For mutual fund companies, it is the individual who has the day-to-day responsibility of investing and monitoring the cash and , Inc., Bessemer Venture Partners Bessemer Venture Partners is a private venture capital firm with offices in Silicon Valley, New York, Massachusetts, China, and India. It has backed such companies as Ciena, Flarion, Parametric Technologies, Skype, Staples, VeriSign and Veritas. , Dell, Deutsche Bank Deutsche Bank AG (IPA: /'dɔɪ.tʃə/[1]) (ISIN: DE0005140008, NYSE: DB) (English: German Bank , Goldman Sachs The Goldman Sachs Group, Inc., or simply Goldman Sachs (NYSE: GS) is one of the world's largest global investment banks. Goldman Sachs was founded in 1869, and is headquartered in the Lower Manhattan area of New York City at 85 Broad Street. , and Morgan Stanley  To comply with Wikipedia's , the introduction of this article needs a complete rewrite. Dean Witter Dean Witter may refer to:
Counterpane is a trademark of Counterpane Internet Security, Inc. All other companies, brand names or products are trademarks or registered trademarks of their respective companies.
The SANS Top Twenty Vulnerabilities
Reference: http://66.129.1.101/top20.htm
Vulnerabilities for all operating systems
G1: Default installs of operating systems and applications
G2: Accounts with No Passwords or Weak Passwords
G3: Non-existent or Incomplete Backups
G4: Large number of open ports
G5: Not filtering packets for correct incoming and outgoing addresses
Be sure that your Counterpane Technical Services representative
has up-to-date information on your network topology. Something as
simple as a text list of your internal address ranges will help
us identify internal vs. external traffic through your perimeter
systems, and help us identify spoofing attacks.
G6: Non-existent or incomplete logging
G7: Vulnerable CGI Programs
Vulnerabilities for Microsoft Windows Systems
W1: Unicode Vulnerability (Web Server Folder Traversal)
W2: ISAPI Extension Buffer Overflows
W3: IIS Remote Data Services exploit
W4: NetBIOS: unprotected Windows networking shares
W5: Information leakage via null session connections
W6: Weak hashing in SAM (LM hash)
Vulnerabilities for UNIX Systems
U1: Buffer Overflows in RPC Services
U2: Sendmail Vulnerabilities
U3: BIND Weaknesses
U4: r Commands
U5: LPD (remote print protocol daemon)
U6: sadmind and mountd
U7: Default SNMP Strings
|
|
||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion