My latest Gartner research: Market Trends: Managed Security Services, Asia/Pacific, 2014

FacebookTwitterLinkedInShare

MSSPs in Asia/Pacific would benefit from engaging regional Asia/Pacific-headquartered corporations that are looking at business consolidation and outward geographic expansion in addition to global enterprises expanding inward into Asia/Pacific. In countries where data privacy/sovereignty …

Gartner clients can access this research by clicking here.


Tags: , , , , , , ,

My latest Gartner Research: Forecast: Information Security, Worldwide, 2012-2018, 2Q14 Update

1 Summary Tables Suitable for Printing 2 Pivot Table for Analysis 3 Data Structure and Definitions 4 Exchange Rates 5 Tips for Using Pivot Tables 1-1 Security Spending by Region, 2012-2018 (Millions of Dollars) 1-2 Security Spending by Segment, 2012-2018 (Millions of Dollars) 2-1 Worldwide …

Gartner clients can access this research by clicking here.


Tags: , , , , ,

My latest Gartner research: Competitive Landscape: Network Forensics Tools

The combination of network performance monitoring, network forensics, surveillance capabilities and network threat detection has become compelling offerings in the network forensics tool (NFT) market. Deep packet inspection (DPI), metadata extraction and file sandbox analysis are compelling …

Gartner client’s can read this research by clicking here.


Tags: , , , , , , ,

Optimized Squid.conf configuration for squid proxy 3.4.4

For those of you tracking my squid proxy tuning, this is my latest transparent configuration for squid.

 

#
#Recommended minimum configuration:
#
always_direct allow all

# Example rule allowing access from your local networks.
# Adapt to list your (internal) IP networks from where browsing
# should be allowed
acl localnet src 192.168.0.0/16
acl localnet src fc00::/7
acl localnet src fe80::/10 # RFC1918 possible internal network
acl Safe_ports port 1-65535 # RFC1918 possible internal network
acl CONNECT method GET POST HEAD CONNECT PUT DELETE # RFC1918 possible internal network
#acl block-fnes urlpath_regex -i .*/fnes/echo # RFC 4193 local private network range
acl noscan dstdomain .symantecliveupdate.com liveupdate.symantec.com psi3.secunia.com update.immunet.com # RFC 4291 link-local (directly plugged) machines

acl video urlpath_regex -i \.(m2a|avi|mov|mpeg|mpa|mpe|mp1|mp2|mp3|mp4|m1s|mp2v|m2v|m2s|wmx|rm|rmvb|3pg|3gpp|omg|ogm|asf|asx|wmv|m3u8|flv|ts)

#
# Recommended minimum Access Permission configuration:
#
# Only allow cachemgr access from localhost

no_cache deny noscan
always_direct allow noscan
always_direct allow video

# Deny requests to certain unsafe ports

# Deny CONNECT to other than secure SSL ports

# We strongly recommend the following be uncommented to protect innocent
# web applications running on the proxy server who think the only
# one who can access services on .localhost. is a local user
#http_access deny to_localhost

#
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
#
#cache_peer 192.168.1.1 parent 8080 0 default no-query no-digest no-netdb-exchange
#never_direct allow all

# Example rule allowing access from your local networks.
# Adapt localnet in the ACL section to list your (internal) IP networks
# from where browsing should be allowed

http_access allow all

# allow localhost always proxy functionality

# And finally deny all other access to this proxy

# Squid normally listens to port 3128
http_port 192.168.2.2:8080 intercept
http_port 192.168.2.2:8081

# We recommend you to use at least the following line.
hierarchy_stoplist cgi-bin ?

# Uncomment and adjust the following to add a disk cache directory.
maximum_object_size 100 MB
store_dir_select_algorithm round-robin
cache_dir aufs /ssd/squid/cache0 87000 32 1024
cache_dir aufs /ssd/squid/cache1 87000 32 1024

# Leave coredumps in the first cache dir
coredump_dir /var/cache/squid

# Add any of your own refresh_pattern entries above these.
# General Rules
refresh_pattern -i \.(jpg|gif|png|webp|jpeg|ico|bmp|tiff|bif|ver|pict|pixel|bs)$ 220000 90% 300000 override-expire ignore-no-store ignore-private ignore-auth refresh-ims
refresh_pattern -i \.(js|css|class|swf|wav|dat|zsci|do|ver|advcs|woff|eps|ttf|svg|svgz|ps|acsm|wma)$ 220000 90% 300000 override-expire ignore-no-store ignore-private ignore-auth refresh-ims
refresh_pattern -i \.(html|htm|crl)$ 220000 90% 259200 override-expire ignore-no-store ignore-private ignore-auth refresh-ims
refresh_pattern -i \.(xml|flow)$ 0 90% 100000
refresh_pattern -i \.(json)$ 1440 90% 5760
refresh_pattern -i ^http:\/\/liveupdate.symantecliveupdate.com.*\(zip)$ 0 0% 0
refresh_pattern -i microsoft.com/.*\.(cab|exe|ms[i|u|f]|asf|wma|dat|zip)$ 220000 80% 259200
refresh_pattern -i windowsupdate.com/.*\.(cab|exe|ms[i|u|f]|asf|wma|dat|zip)$ 220000 80% 259200
refresh_pattern -i windows.com/.*\.(cab|exe|ms[i|u|f]|asf|wma|dat|zip)$ 220000 80% 259200
refresh_pattern -i \.(bin|deb|rpm|drpm|exe|zip|tar|tgz|bz2|ipa|bz|ram|rar|bin|uxx|gz|crl|msi|dll|hz|cab|psf|vidt|apk|wtex|hz|ipsw)$ 220000 90% 500000 override-expire ignore-no-store ignore-private ignore-auth refresh-ims
refresh_pattern -i \.(ppt|pptx|doc|docx|pdf|xls|xlsx|csv|txt)$ 220000 90% 259200 override-expire ignore-no-store ignore-private ignore-auth refresh-ims
refresh_pattern -i ^ftp: 66000 90% 259200
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern -i . 0 90% 259200
log_icp_queries off
icp_port 0
htcp_port 0
snmp_port 3401
acl snmppublic snmp_community public
snmp_access allow snmppublic all
minimum_object_size 0 KB
buffered_logs on
cache_effective_user squid
#header_replace User-Agent Mozilla/5.0 (X11; U;) Gecko/20080221 Firefox/2.0.0.9
vary_ignore_expire on
cache_swap_low 90
cache_swap_high 95
visible_hostname shadow
unique_hostname shadow-DHS
shutdown_lifetime 0 second
request_header_max_size 256 KB
half_closed_clients off
max_filedesc 65535
connect_timeout 10 second
cache_effective_group squid
#access_log /var/log/squid/access.log squid
access_log daemon:/var/log/squid/access.log buffer-size=1MB
client_db off
dns_nameservers 127.0.0.1
#pipeline_prefetch 20
ipcache_size 8192
fqdncache_size 8192
#positive_dns_ttl 72 hours
#negative_dns_ttl 5 minutes
tcp_outgoing_address 192.168.2.2
dns_v4_first on
check_hostnames off
forwarded_for delete
via off
pinger_enable off
cache_mem 2048 MB
maximum_object_size_in_memory 256 KB
memory_cache_mode disk
cache_store_log none
read_ahead_gap 50 MB
reload_into_ims on


Tags: , , , , , , , , , , , , , , ,

Best Practices for Mitigating Advanced Persistent Threats – On Demand Video

My Keynote last year at Ahnlab’s 2013 Security Fair: My presentation title is “Best Practices for Mitigating Advanced Persistent Threats”.

I was completely surprised that this got so many hits. But I guess it is a popular subject.

Broadcast live streaming video on Ustream


Tags: , , , ,

California needs to mandate mens public urinals to be water-free!

Ok, I just got done reading that California is facing even more pressure to save water. The best thing I think the state could do is mandate the replacement of all men’s urinals to the latest waterfree technologies. The stats that I have seen is that each one can save on average 40,000 gallons a year under normal office building use. I can’t imagine why this wouldn’t be something that gets mandated immediately, and NO grandfathering please!

http://news.yahoo.com/californias-catastrophic-drought-just-got-worse-lot-worse-181115468.html


Tags: , , , ,

Got this on FB and thought it was hilarious.

“Dear Tech Support:
Last year I upgraded from Girlfriend 7.0 to Wife 1.0. I soon noticed that the new program began unexpected child processing that took up a lot of space and resources. In addition, Wife 1.0 installed itself into all other programs and now monitors all other system activity. Applications such as Poker Night 10.3, Football 5.0, HuntingAndFishing 7.5, and Racing 3.6. I can’t seem to keep Wife 1.0 in the background while attempting to run my favorite applications. I’m thinking about going back to Girlfriend 7.0, but the uninstall doesn’t work on Wife 1.0. Please help!
Thanks …Troubled User”
——-
REPLY:
“Dear Troubled User:
This is a very common problem. Many people upgrade from Girlfriend 7.0 to Wife 1.0, thinking that it is just a Utilities and Entertainment program. Wife 1.0 is an OPERATING SYSTEM and is designed by its Creator to run EVERYTHING!!! It is also impossible to delete Wife 1.0 and to return to Girlfriend 7.0. It is impossible to uninstall, or purge the program files from the system once installed. You cannot go back to Girlfriend 7.0 because Wife 1.0 is designed not to allow this. Look in your Wife 1.0 manual under Warnings-Alimony-Child Support. I recommend that you keep Wife 1.0 installed and work on improving the configuration. I suggest installing the background application YesDear 99.0 to alleviate software augmentation.
The best course of action is to enter the command C:\APOLOGIZE because ultimately you will have to do this before the system will return to normal anyway.
Wife 1.0 is a great program, but it tends to be very high maintenance. Wife 1.0 comes with several support programs, such as CleanAndSweep 3.0, CookIt 1.5 and DoBills 4.2. However, be very careful how you use these programs. Improper use will cause the system to launch the program NagNag 9.5. Once this happens, the only way to improve the performance of Wife 1.0 is to purchase additional software. I recommend Flowers 2.1 and Diamonds 5.0, but beware because sometimes these applications can be expensive.
WARNING!!! DO NOT, under any circumstances, install SecretaryWithShortSkirt 3.3. This application is not supported by Wife 1.0 and will cause irreversible damage to the operating system. 
WARNING!!! Attempting to install NewGirlFriend 8.8 along with Wife 1.0 will crash the system.
(see Wife 1.0 manual, Apologize, High Maintenance & Secretary with Short Skirt)”


Tags: , , , , , , , , , , , , , , , , , ,

[ISN] How did the RCMP crack BlackBerry’s security?

Forwarded from: security curmudgeon On Fri, 13 Jun 2014, InfoSec News wrote: : http://ottawacitizen.com/technology/internet/how-did-the-rcmp-crack-blackberrys-security : : By Vito Pilieci : ottawacitizen.com : June 12, 2014 : : BlackBerry Ltd. has long held that its BlackBerry devices are among the most : secure in the world, but it turns out the platform isn?t as bulletproof as : many had been led to believe. [..] : PIN-to-PIN messages are encrypted with what is known as Triple Data Encryption : Standard (DES) encryption technology, which is among the best in the world. This sentence can be summed up in a simple Tumblr post. http://tumblr.attrition.org/post/88677268432/amazing-the-difference-you-see-between-two-tabs


Tags: , , , , ,

Advanced Persistent Security