New Year's Resolution - Protect your public facing web site

/

You know it’s on your to-do list, that static content web site that’s sitting unprotected out in the cloud somewhere – time to protect that public image with more than a simple access control list?

Incapsula provides every website, regardless of its size, with enterprise-grade website security. Incapsula’s security expertise is based on years of experience from Imperva (Incapsula’s parent company), the leading provider of security solutions for world class enterprise sites. This core security technology has been adapted to a new cloud platform, and optimized to support websites of all sizes. Incapsula enhances security through real-time and centralized collaboration, does not require you to have advanced security expertise in-house and can be setup within minutes. Let NCI show you how easy it is to protect your public image.

And while we’re at it, hopefully you’ve got vulnerability scans and pen tests scheduled for your public facing web site taken care of, but who’s doing vulnerability management on those cloud-based applications? Let NCI handle the daily, weekly and monthly analysis of whether or not your cloud provider is staying on top of the latest security threats by patching these web servers. NCI will perform daily vulnerability scans and keep track of whether patches and updates are completed on a timely basis.

For more information please contact your NCI rep.

Using Aruba's Tunneled-Node to Extend Wireless AAA Policies to the Wire

/

I recently recorded a 10 minute video demonstration of how you can use an Aruba Networks Mobility Access Switch to extend your existing wireless AAA and QoS policies out to the wired access layer.

Now that you’ve watched the video, here is a quick recap of some of the benefits and use cases for tunneled-node.

Benefits (In no specific order):

  • Management - AAA profiles for wired and wireless users are created in a single location.
  • Efficiency – Ideally, you already have strong AAA and QoS policies on the WLAN. Tunneled-Node means you don’t have to recreate the wheel. Instead just reuse the same policies and apply them to wired ports.
  • Security – This is the main driver now isn’t it? Clearly, having users/devices authenticate to receive derived roles matching their requirements is a much better way to go compared to wide open wired access for all.

Limitations:

  • Tunnels – The name kind of spells out the first limitation. Given that all traffic is tunneled to you mobility controller from the switch, you will need to make sure your controller is sized to handle the increased load.
  • Closed Architecture – Currently, this solution requires you to have both an Aruba mobility controller and mobility access switch. Both products function just fine without each other, but tunneled-node functionality requires both.

When is this solution a good fit?

In my opinion, the solution fits well in the following scenarios:

  • Board rooms and public spaces – A single switch could easily increase security in areas that host both employees and guests/contractors/students. Employees get internal access in boardrooms while guests get internet-only access even when plugging into the same port.
  • New WLAN deployments – If your organization is just deploying a new Aruba WLAN, then a mobility access switch could be of great benefit. You’ll need something to provide PoE power to the access points anyway.

I really don’t want this to come across as an Aruba advertisement. There are certainly other solutions on the market today but I think tunneled-node should be given serious consideration for any organization with an already deployed Aruba WLAN.

Daniel

Please feel free to contact us, or leave a comment, if you have questions about how this solution works. Also, the lab I used in the demo was built completely self-contained and portable. So, if you’d like to have a live demo, in-person, we can arrange that as well.

 

 

 

National Capital Security Partners' Forum

/

NCI recently had the opportunity to attend a CASIS ( National Capital Security Partner’s Forum in our Nation’s Capital.  It was extremely well attended by a number of our country’s finest government and private sector security professionals.   The speakers on the panel were terrific, they featured:

  • Doug Dempster – Executive Director of the Centre for Executive Leadership at the Telfer School of Management, University of Ottawa
  • Mivil Deschenes – Chief Security Officer, RioTinto
  • Melissa Hathaway – President of Hathaway Global Securities, LLC
  • Jeffrey Miller – Vice President & Chief Security Officer, National Football League
  • J. David Quilter – Emeritus Faculty, Security Executive Council
  • Julie Myers Wood – President, ICS Consulting

Some terrific points were debated of which I’ll mention a few:

  1. We should treat the Internet as a regulated and policed environment.  25 companies control 90 percent of the internet, why not have the Telco’s opt in to a code of conduct, assume some of the overall responsibility for CyberSecurity  to warn companies that they have been breached. http://en.wikipedia.org/wiki/List_of_mobile_network_operators.
  2. With regards to Security of The “cloud” – think of the cloud like an apartment building - you can share a place but what happens to you if someone has a rodent infestation?  That’s right, you have to fumigate the entire building.
  3. Risk needs to be constantly measured and evaluated.
  4. Cyber security today is the new Cold War – in fact Doug Dempster believes it is even worse than the Cold War.
  5. When evaluating risk, it’s important that it’s dealt with quantitatively and not looked at through one individual’s goggles.
  6. Treat your network like government agencies treat miles of pipelines – secure the high risk points within the network and when something happens – send a team to deal with the incident, remediate it, notify the appropriate impacted parties swiftly and move on.
  7. When and not “if” an incident happens - ensure you communicate openly and  honestly.
  8. Communications between government and private sector is a must going forward.

Last but not least – next time you’re in Ottawa – try the Scallop Ceviche at Navarra Restaurant, to die for.

http://navarrarestaurant.com/

Eugene

 

Pay Attention!

/

Preying on quick decisions…pay attention!

I was travelling recently to our nation’s capital for a security conference (there’ll be another article on this topic) and most of my means of communications was through my mobile device.  I was quickly scanning my emails when the following LinkedIn invitation came through:

Most enterprise organizations have fairly sophisticated email filters today but the odd phishing, malware-link infested message does find its way through. When I receive a suspicious email, I typically look at the telltale signs of a fraudulent email – do I know the sender, who is it being sent to, do I recognize the organization.   As you can see from the screenshot above, all of the basic checks passed.  Our security awareness training teaches people to hover over the links to see where you’re actually connecting to.  However, on a mobile device, it’s not quite as easy - with all our fancy touch screens it’s sometimes difficult to select a hyperlink and browse the final destination.  I was able to determine the final destination of the hyperlink via my handheld but it made me wonder, would other people be so diligent? 

Remember the good old days when some prince in Africa wanted to transfer funds and the email body was written in horrible English and the sender would be some bizarre fellow with a name you’d never heard of.  Today’s email phishing attacks and malware link laden emails are getting quite sophisticated – pay attention…you never know when an email such as this finds itself in your inbox.

Eugene Ng 

 

Child Safety Resources Online

/

The importance of keeping our children safe online cannot be understated. The Internet is an amazing resource that can be used to greatly enhance and expand education and learning efforts. Unfortunately, like most things in life, there are inherent risks that go along with using it. Facebook, Twitter, chat, webcams: all of these technologies can be of great benefit if used safely. All of these can also be potentially dangerous if used improperly and careful thought is not exercised.

Rather than create another website dedicated to online safety, this post is a pointer to some already created resources:

My hope is to have this be a ‘living post’ that gets updated with new resources periodically. If you are aware of more resources that have Twitter feeds please leave a comment and I will add them to our @ncisocial/kidsafe list. Also, please feel free to submit additional URLs via the comments section as well.

The NCI Blogging Robot

(Updated: May 10, 2011)

(Updated: May 02, 2012 with user submitted links from Valley Book Club)