Wild Animals World: Security

Showing posts with label Security. Show all posts

Monday, July 4, 2011

McAfee releases Android end point security solution

(galaxy s,samsung galaxy s,samsung tab,galaxy tab,samsung galaxy tab,samsung android,android,samsung galaxy s2,galaxy s2,samsung galaxy 2,nokia,nokia mobiles,samsung mobiles,mobiles in india,sony mobiles,nokia mobile,sony ericsson,sony ericsson mobiles,nokia india,samsung mobile)
McAfee have announced McAfee Mobile Security software, available for both smartphones and tablets, which according to a recent press release provides a comprehensive mobile security solution by combining three leading McAfee mobile security products: WaveSecure, VirusScan Mobile and SiteAdvisor® for Android.(galaxy s,samsung galaxy s,samsung tab,galaxy tab,samsung galaxy tab,samsung android,android,samsung galaxy s2,galaxy s2,samsung galaxy 2,nokia,nokia mobiles,samsung mobiles,mobiles in india,sony mobiles,nokia mobile,sony ericsson,sony ericsson mobiles,nokia india,samsung mobile)

With McAfee Mobile Security, consumers can now access the following features and functionality in a single download:
Backup and restore data to help protect sensitive information and irreplaceable photos. Even if the device is missing, it can be backed up before it is wiped clean of information.Protection against misuse (such as excessive phone charges) as well as safeguarding personal data with remote locking capabilitiesAn audible alarm to help users find the device or disrupt a thief, and send a pop-up notification with instructions for returning the deviceRemotely remove data from a lost or stolen device via the McAfee Web portal, mobile Web portal or via a SMS message from a buddy device24/7 real-time anti-malware protection against viruses, worms and spyware, Trojan horses and battery-sapping malwareProtection from malicious Web sites, phishing, identity theft, and credit card fraud when shopping online. SiteAdvisor software for Android provides color-coded site ratings right next to the search results, allowing Android users to confidently browse and search the mobile Web.Management of mobile device protection allows consumers to quickly execute needed security tasks, backup, locate, wipe, etc. via the McAfee Web portal and simple device interfaceAll backed by McAfee Labs with its 24/7 global presence and dedicated team of threat researchers
android mobile security

The WaveSecure Tablet Edition offers Android users with WiFi the ability to find their missing device with alarm and location tracking, prevent misuse with remote lock and wipe and preserve important memories and personal data with remote backup, even from a lost or misplaced device.
Not unlike the Apple ‘Find My iPhone’ app, Android users can also trigger an audible alarm to help them find the device or disrupt a thief, and send a brief SMS message with instructions for returning it.
“With device growth eclipsing PCs, consumers need tools to not only protect their personal information, but also to provide safeguards for business data should they decide to use that device for work,” said Todd Gebhart, executive vice president and general manager of consumer, small business and mobile, McAfee.
“It’s far too easy to leave a mobile device in a cab or at the airport, which can mean lost photos, contacts and other important content. Also, the threats to mobile devices are in many ways the same as in the online world. Beyond device loss or theft, users can be hacked, infected or phished on a mobile device just as easily as they can online.”
Both applications offer a trial period, McAfee Mobile Security is then available for an annual subscription fee of $29.95.

View the original article here

Mobile Security Update - AnyConnect released to the Android market

Galaxy S model GT-I9000 (Gingerbread Maintenance Release)Galaxy S model SC-02B (Gingerbread Maintenance Release)Galaxy S II model GT-I9100Galaxy S II model SC-02C
AnyConnect is also supported on Tab 7 running Android 2.3.3+ or Galaxy Tab 8.9 running Android 3.0+.
Android images must be official carrier or Samsung provided versions, and not home-brew or third-party builds of Android.
Cisco AnyConnect provides reliable and easy-to-deploy encrypted network connectivity from Samsung Android devices by delivering persistent corporate access for users on the go. This includes native application access to business email, a virtual desktop session, or most other Android applications.
Through the use of Datagram Transport Layer Security (DTLS), TCP-based applications and latency-sensitive traffic (such as voice over IP [VoIP]) are provided an optimised communication path to corporate resources.
Further details from the Android marketplace as below
FEATURES:
Automatically adapts its tunnelling to the most efficient method based on network constraints, using TLS and DTLSDTLS provides an optimised connection for TCP-based application access and latency-sensitive traffic, such as VoIP trafficNetwork roaming capability allows connectivity to resume seamlessly after IP address change, loss of connectivity, or device standbyWide Range of Authentication Options: RADIUS, RSA SecurID, Active Directory/Kerberos, Digital Certificates, LDAP, or multifactor authenticationSupports certificate deployment using AnyConnect integrated SCEP and the certificate import URI handlerPolicies can be configured locally, and automatically updated from the security gatewayAccess to internal IPv4 network resourcesAdministrator-controlled split / full tunnelling network access policy
Feedback has been mixed, with a number of Android users unhappy that only a small number of Android devices are compatible with the software. Users who have devices which are not specifically listed above will need to wait until the next release of AnyConnect in the Android market place. Further information is available at the Cisco website

View the original article here

Sunday, July 3, 2011

Security vendors step up IPv6 certifications

(galaxy s,samsung galaxy s,samsung tab,galaxy tab,samsung galaxy tab,samsung android,android,samsung galaxy s2,galaxy s2,samsung galaxy 2,nokia,nokia mobiles,samsung mobiles,mobiles in india,sony mobiles,nokia mobile,sony ericsson,sony ericsson mobiles,nokia india,samsung mobile)
Vendors have known for some years that IPv6 certification would be a market requirement for their products and a number of governments have published transitional strategies for their agencies and suppliers.
As early as 2007 the Australian government released ‘A Strategy for the Implementation of IPv6 in Australian Government Agencies’ outlining a timeline for IPv6 adoption which was subsequently updated in 2009.
The current requirement states agencies must have their IPv6 ready hardware and software in place by end 2011, and have all systems IPv6-enabled by end of 2012.(galaxy s,samsung galaxy s,samsung tab,galaxy tab,samsung galaxy tab,samsung android,android,samsung galaxy s2,galaxy s2,samsung galaxy 2,nokia,nokia mobiles,samsung mobiles,mobiles in india,sony mobiles,nokia mobile,sony ericsson,sony ericsson mobiles,nokia india,samsung mobile)

However, the document is less specific about exactly what IPv6 certification requires, or even what ‘IPv6-enabled’ might actually mean to Australian Federal Government networks and agencies. Is being able to ping6 key router infrastructure enough? What does “agencies will be ready to securely send and receive IPv6 packets of information” mean in a practical sense? From where to where?
Do all applications need to be tested on an IPv6 network or is it enough to implement dual-stack IPv4/IPv6 networks leaving all applications on IPv4?
Security is even muddier.
“Agencies should ensure that that IPv6 related security threats and risks are considered as part of the regular Threat and Risk Assessments of their networks. Elements of many of these tasks are ongoing, but their planning and commencement should be undertaken by end-December 2009.” Some may assume this requires the implementation of RA Guard software and a significant investment in end point dual-stack monitoring.
What about any security implications of running a dual-stack network? Should the default IPv6 state of most modern operating systems be altered from on to off?
The good news is that testing vendors are attempting to help companies test and monitor IPv6 networks and applications, even when those applications are in the cloud.
California based company Mu Dynamics offers a comprehensive suite of automated testing solutions and test content aimed at testing and validating IPv4 and IPv6 products and services for conformance, security and resiliency. Essentially the Mu Dynamics’ offering is a testing solution which enables network equipment manufacturers, service providers and government agencies to automate their pre-certification testing and leverage the same tests as government-sanctioned certification labs in IPv4 and IPv6 environments.
Compuware Corporation have also released the industry’s first free IPv6 Website Performance Comparison testing tool which allows organisations to compare the speed of their IPv4 and IPv6 enabled web applications. Enterprises who move applications into the cloud to take advantage of an IPv6 cloud enabled service can now test any impact of an IPv6 environment on their applications.
In the US, the National Institute of Standards and Technology (NIST) have been more specific on what IPv6-compliance means. Released as a draft 2007, Version 1 of the USGv6 Profile was published in July 2008 following industry and government consultation. Shortly afterwards the USGv6 Testing Program was developed and, following a number of drafts, became operational in November 2009.
The USGv6 Profile is lengthy and technical document, making self certification for vendors and customers very time consuming. It lists 12 functional categories for IPv6 capability and defines a number of profiles which include Host, Router (both internal and external facing) and Network Protection Device (which include IPS and firewalls). Functional categories are broken into multiple requirements.
Testing labs to the rescue.
ICSA Labs, an independent division of Verizon Business with offices in Pennsylvania, provides independent 3rd party product assurance for end users and enterprises. ICSA Labs has provided vendor-neutral testing and certification for hundreds of security products and solutions for many of the world's top security product developers and service providers.
ICSA Labs provides services in three areas:
• Consortium Operations, Security Product Testing, and Certification Programs
• Custom Testing Services
• Accredited Government Testing Services
One of the initial companies to provide security products for ICSA Labs testing was IPS vendor Sourcefire. A bold move which has proven successful, Sourcefire has recently announced the completion of testing with ICSA Labs of the Sourcefire 3D® System, successfully satisfying U.S. federal government IPv6 test requirements (USGv6).
“ICSA Labs’ validation that we meet the USGv6 requirements ahead of the federal government’s move to IPv6 in 2012 demonstrates Sourcefire’s commitment to our customers and to meeting their changing security needs,” said Marc Solomon, Senior Vice President of Marketing at Sourcefire. “This independent confirmation of our IPv6 support is especially important now that the pool of available IPv4 addresses is fully allocated and nearly depleted.”
The Sourcefire 3D® System is one of the first IT security solutions verified by ICSA Labs to meet the US federal government’s requirements for hosts on an IPv6 network.
“The goal of the federal government’s IPv6 test program is to ensure interoperability among all IT and networking components used to build, maintain and secure the IT infrastructure of federal agencies,” said Brian Monkman, Perimeter Security Programs Manager at ICSA Labs. “As one of the first IT security vendors to participate in our testing, Sourcefire customers will benefit from the company’s ongoing commitment to security IPv6.”

View the original article here

Top five themes from Gartner Security Summit 2011

(galaxy s,samsung galaxy s,samsung tab,galaxy tab,samsung galaxy tab,samsung android,android,samsung galaxy s2,galaxy s2,samsung galaxy 2,nokia,nokia mobiles,samsung mobiles,mobiles in india,sony mobiles,nokia mobile,sony ericsson,sony ericsson mobiles,nokia india,samsung mobile)
Eric B. Parizo, Senior Site Editor
I had the opportunity once again this year to attend the Gartner Security & Risk Management Summit, and it always serves as a fascinating barometer of what’s top of mind for information security professionals. I wanted to briefly highlight my list of the top five issues that seemed to resonate during keynotes, sessions and while informally chatting with attendees.(galaxy s,samsung galaxy s,samsung tab,galaxy tab,samsung galaxy tab,samsung android,android,samsung galaxy s2,galaxy s2,samsung galaxy 2,nokia,nokia mobiles,samsung mobiles,mobiles in india,sony mobiles,nokia mobile,sony ericsson,sony ericsson mobiles,nokia india,samsung mobile)

5. Dodd-Frank Act compliance: As I wrote about this week, the Dodd-Frank regulations could be a major new compliance headache for many organizations, especially those that haven’t been paying close attention. A number of the law’s mandates, interestingly enough, may in some cases discourage employees from coming forward to report fraud. What may be more disconcerting is that the government is still in the process of writing the rules that will govern Dodd-Frank corporate compliance, meaning nobody really knows how onerous it will be.
4. Mobile devices & consumerizaton: Ignored for far too long, employee-owned mobile devices have always been a security problem waiting to happen. These smartphones – and now tablets too – have been rife with sensitive corporate data for a long time, but they were either overlooked as a security risk, or seen as too challenging to rein in. Now enterprises are beginning to understand the risk these devices pose, but it remains to be seen whether emerging device management technology, data-access restrictions, user security policy, or all of the above will be the answer. It’s a topic that seemed to leave more than a few infosec pros scratching their heads (if you’re one of them, be sure to check out Marcia Savage’s great feature, IT consumerization drives new security thinking, from the June 2011 edition of Information Security magazine).
3. Cloud computing reality check: The cloud computing hype has been off the charts for a couple years, but for the first time I started to sense more confidence among information security pros. Why? They now understand the vast majority of today’s enterprise cloud computing is Software as a Service, and not the more complex platform or infrastructure variations that surrender a lot more control to third-party providers. That realization buys security teams some time to not only reassess the cloud computing services in use today and ensure they’re secure, but also to develop a more comprehensive cloud computing security policy so when organizations want to double down on more advanced cloud computing technologies, security teams can be willing partners, not obstructionists.
2. APT & wave of attacks: It started with news of the RSA SecurID breach earlier this year, but since then it seems there’s been a surge in high-profile and advanced attacks unlike anything we’ve ever seen, including Sony, Lockheed Martin, Citigroup, Sega, the UK NHS and the U.S. Senate. It’s a who’s who of the most prominent organizations in the world, and yet they’ve been seemingly powerless to protect their most important data. The two most common reactions I heard this week were, “Yeah, that’s scary stuff,” and, “I’m glad it didn’t happen to my organization.” But this is the age of the advanced persistent threat (APT), which means it’s increasingly likely your data is being stolen right now and you have no idea it’s happening. I heard a lot about APT this week, much of it off the record unfortunately, but what can safely be said is that criminal networks are now commonly penetrating organizational defenses and exfiltrating large amounts of data over a long period of time using complex techniques that even veteran infosec experts find stunning. Marketing hype aside, the APT threat is real, and until the U.S. decides to point the finger squarely at the Chinese government as the driving force behind many of these attacks, you’re pretty much on your own.
1. Risk management: What’s the common theme tying all these issues together? For most enterprise security groups, it’s simply not possible to muster the technology, time and resources to fully mitigate each of these risks. I was struck this week at how the compilation of all these issues has reignited interest in the often-ignored, yet crucially important discipline of enterprise risk management, namely figuring out how to determine which specific threats pose the greatest risk to an organization and then using that information to create an organizational risk profile. The difficult reality of being an information security pro is that not all problems can be solved, especially not all at once, and with security budgets unlikely to get a significant boost anytime soon, investing precious resources in the right place has become a make-or-break proposition.
I know many security pros have focused on risk management for a long time, but to hear a number of attendees verbally acknowledge the importance of formalizing their risk management strategies was fascinating and inspiring. It’s been a tough year so far for security, with one big breach, vulnerability or attack after the next, but seeing so many optimistic security pros at Gartner Security Summit 2011 ready to tackle what’s next made me feel very good about the small role we play in helping you do your best.
About the author:
Eric B. Parizo is senior site editor of TechTarget's Security Media Group. His rants can be heard each month on SearchSecurity.com's Security Squad podcast.

View the original article here