Hackin9

InfoSec News

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Oracle Java SE CVE-2012-0547 Remote Java Runtime Environment Weakness
 
Oracle Java Runtime Environment CVE-2012-1682 Remote Code Execution Vulnerability
 
Adobe Photoshop CVE-2012-0275 Remote Buffer Overflow Vulnerability
 
Mozilla Firefox/SeaMonkey CVE-2012-3976 Address Bar Spoofing Vulnerability
 
OpenStack Keystone Token Expiration Multiple Security Bypass Vulnerabilities
 
Mozilla Firefox/Thunderbird/Seamonkey CVE-2012-1971 Multiple Memory Corruption Vulnerabilities
 
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-3968 Remote Code Execution Vulnerability
 
Mozilla Firefox/Thunderbird/Seamonkey CVE-2012-1970 Multiple Memory Corruption Vulnerabilities
 
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-3956 Use-After-Free Memory Corruption Vulnerability
 
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-1976 Use-After-Free Memory Corruption Vulnerability
 
Hewlett-Packard released two beta versions of its open source webOS on Friday: one for developers that runs on the Ubuntu Linux desktop, and one for the "OpenEmbedded" development environment, intended to help developers port webOS to new devices.
 
 
Drupal Chaos Tool Suite Module Local File Include Vulnerability
 
phpMyAdmin CVE-2012-4219 'show_config_errors.php' Full Path Information Disclosure Vulnerability
 
phpMyAdmin Multiple HTML Injection Vulnerabilities
 
Bojan's last couple of diaries on Analyzing Network Traffic Part 1 and Part 2, got me to thinking about all the knowledge required as well as the work and effort that intrusion analysts go through to protect the networks they monitor. Often times, this knowledge and skill is gained on off duty hours because this world is more than just a job. So, how do you demonstrate to management the value of your intrusion detection program and your analysts? One of the toughest barriers to breach is taking data from the technical side and presenting it in a meaningful way to the management side. In this specific instance, I wanted to focus on translating to management the value of Intrusion Detection and the analysts. I have heard it said more than once We have a firewall and IDS, they will alert us when something happens or We have a tool that can monitor our network, we don't need all these people do we? and one of my favorites We have Antivirus, isn't that enough? In today's tough economic times, one of the first things that usually gets cut in the budget is security. The tools generally stay in place, but the number of people required to manage and monitor them drops. The goal to to make management know and understand the value of your intrusion detection program so they realize they can't afford to lose the service you provide.
Generally, the role performed by the analysts is usually only brought to light when there is an incident. Day after day goes by without a major issue and the analysts are out of sight and out of mind. That often includes holidays when everyone else is off but the analyst is still working to protect the network. There are many ways that you can bring to light what your analysts are doing. Metrics are always to first thing that comes to mind, but sometimes its difficult to measure what an analyst does in a way that means something to management. There are also many positions on whether these numbers should be tangible or theoretical. I think its more than metrics, but metrics have their place as well. No matter how you approach this, you have to show value added to your company/organization's mission by making sure management understands that your group exists and the role it performs. Here are some thoughts:

Have a one page newsletter highlighting your group and its accomplishments as well as what its working on. (Does management know that you had a block put in place for a significant threat until a patch was issued which means your network did not suffer any impact?) I have found that management likes to brag about things like this when others are suffering the effects from it. It also makes them appreciate your efforts.
Highlight each of your analysts and their success by having a Catch of the Week/month writeup and include their photo.
Keep them informed of current and emerging threats (in easy to understand non-technical terms) Alot of times they have no idea such a threat was possible or exists.
Provide them metrics of the number of alerts that occur during each shift and approximately how long it takes to look at them. This being tracked by the number of analysts on a shift will show the residual, if any, of what did not get looked at in a timely fashion. Management needs to understand the risk and agree that they are willing to accept the risk.
How many many blocks (firewall, email, web, etc.) were put in place to protect the network? That shows management a proactive stance.
Keep management informed of the costs being incurred by other companies who have to clean up after being compromised. Do not imply that it won't happen on your network. It will, its just a matter of time. But the cost is much less if early detection occurs. Skilled analysts to key to early detection.

These are just a few ideas and you will have to tailor this to what means something to your management. Solicit their feedback and ask them if there is something more/less they would like to see. Start with something for them to look at, they usually do not know what to ask you for because they don't understand this world. The bottom line is to make sure management knows your team exists and the efforts that your team is putting forth to protect the network. If you have ideas or things that worked for you, please let us know.
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Pixel Addict's Arms Cartel Global, for the iPhone and iPod touch, is as massive multiplayer online game that may test your patience.
 
Hackers are distributing rogue email notifications about changes in Microsoft's Services Agreement to trick people into visiting malicious pages that use a recently circulated Java exploit to infect their computers with malware.
 
Xfig 'u_bound.c' Remote Denial Of Service Vulnerability
 
Bacula MySQL Password Information Disclosure Vulnerability
 
Bacula CVE-2008-5373 Symlink Attack Local Privilege Escalation Vulnerability
 
It is now possible for HTML5 applications to upload files to Amazon's S3 service thanks to the company enabling much requested CORS functionality


 
GIMP 'fit' File Format Denial of Service Vulnerability
 
Adobe Photoshop CVE-2012-4170 Remote Buffer Overflow Vulnerability
 
Secure Locate Local Information Disclosure Vulnerability
 
Shortly after a major win against Samsung in a federal court in California, Apple added products including versions of the Samsung Galaxy S III in an amended patent infringement complaint before the court in a separate patent case against Samsung.
 
Amazon is adding a Cross-Origin Resource Sharing capability to its S3 Simple Storage Service, allowing developers to more easily build web applications that access data stored in the company's cloud.
 
Engineers working on communications technology were paid the highest in the profession last year, according to new IEEE-USA survey data.
 
Barracuda SSL VPN 680 Multiple Cross Site Scripting Vulnerabilities
 
Engineers working on communications technology were paid the highest in the profession last year, according to new IEEE-USA survey data.
 
Microsoft's new tool for finding network cards that sniff traffic, bypassing ASLR with help from MS-Help, Kaspersky chases the Wiper phantom, and a format string vulnerability


 
Hackers are using remote maintenance tool NetWire as a trojan. NetWire can be used to monitor computers running Windows, Mac OS X, Linux and Solaris. Anti-virus software companies have responded by identifying the program as malware


 
A researcher has managed to disable the protective sandbox of the recently released Java version 7 Update 7 using security holes


 
Internet Storm Center Infocon Status