• January 16 – Cyber attacks on the Tel Aviv Stock Exchange, major banks and Ministry of Foreign Affairs
• January 18 – Cyber attacks on major financial institutions
• January 24 – Operation MEGAUPLOAD, Anonymous group revenge attacks against Justice Department, FBI, White House, CBS.com and others.

What we learn from this new wave of attacks:

• DDoS attacks go mainstream for activists;
• Your organization is likely a target only because you are affiliated with national identity, the copyright industry or a brand;
• There is no advanced notice prior to launching attacks;

Content Security’s web application firewall solutions and managed service are industry-leading answers that allow you to protect your online business against emerging cyber attacks.

Our solutions are currently being used to secure major eCommerce sites, financial services and government agencies against cyber attacks.

At their peak, the botnet made 15,000 connections per second, equivalent to 69 million packets or 45 Gbit/s of traffic to the target company’s platform. While the attack did make the top ten list of largest attacks via botnets, it was far from the biggest attack ever which peaked at 100 Gbps in 2010. Security technicians said that this was the largest collection of randomised GET, SYN, ICMP, UDP and DNS floods launched in a single campaign. Such attacks have become increasingly common and protection against such attacks is a crucial part of an organisations network security.

Content Security offers a full range of web application firewalls and other solutions that work as an anti-DoS for your organisation. Our protection solutions are also offered as a managed service. Contact us today and let us help you secure your organisation from such attacks!

Endpoint Security works on a client/server model where a central command server hosts the application needed to process the information being transmitted via devices where the client application is installed. When a client sends information to the command server and attempts to log on to the network, the server validates and scans the device to make sure it abides by the corporate policies before giving network access.

The most basic forms of endpoint security are personal firewalls and anti-virus security software which are installed on client systems and updated via a central server. As technologies become more advanced, attackers are constantly finding new ways to break into systems. Malware has become a real threat and endpoint security has not included anti-spyware and malware applications.

Every organisation needs the highest level comprehensive endpoint security which provides antivirus/antispyware and proactive network threat protection. Content Security’s End Point & Gateway security service takes care of the organisations endpoint security from the most sophisticated attacks by comparing e-mail, file and web threat intelligence.

Content Security can secure your endpoints from the most sophisticated attacks by comparing e-mail, file and web threat intelligence. Take a Content Security Malware Assessment today to find your weaknesses and points of exposure to malware infection.

Having said that, how exactly does that happen? Are the tests results in front of you enough to give you what you need? We don’t think so. I think the results need to be analysed and understood to get the most out of them.

Here’s a list of things you can and should do with your results.

DO NOT PANIC!

Think of penetration tests as a preemptive strike rather than retaliation. The test is used to identify weaknesses before they cause any trouble. Don’t think of a penetration test as a blunt tool but as a learning instrument. It is common for the management to go into shock with the findings of the pentest, not realising that the trouble spots were found before a malicious user could exploit it. A penetration test will identify weak spots and plug those holes so it is extremely important to learn the lessons these tests teach us and proactively implement them throughout the network.

Test me once, good for me, Test me twice or more, even better

Penetration testing best practices tells us that regular assessment of a network’s security through automatic and manual testing helps identify holes that may have been created over time.  Think of a network as a living organism that is changing day on day by the interactions it has with others. Though quarterly tests are an excellent idea, a more continuous testing cycle is recommended because it simply makes more sense. Look at the results, compare them to your previous tests and so on and so forth to make sure you have not missed anything.

Have a remediation plan and execute it!

Once you’ve got the results in your hands, you know where the faults are and it is time to fix those faults so no one can take advantage of them. Go through the report thoroughly and see what needs to be fixed. There is no such thing as lesser priority when it comes to security. It doesn’t take long for a “low priority” security threat to turn into “high priority” issue very quickly.  An example could be an FTP service that should not be running but is left running because it was deemed a low risk.

Closing meeting

The results will give you an idea of where your network lacks and what you can do to secure it further but it won’t tell you why a tester used an exploit and tested a particular service and what was going through their mind when he did it. This meeting will get you inside the mind of the tester and help you understand what exactly the tester was going for. This meeting will also define the “what now” part of the discussion and outline action steps.

Content Security’s penetration testing services include a thorough inspection of your organisation’s networks and our security experts simulate how hackers would attack, and identify network and infrastructure vulnerabilities. We have provided penetration testing and IT security services to more than 40 councils across New South Wales and Victoria with references available upon request. Our staff comprises of security experts with experience in corporate, banking and finance, nonprofit and technology R&D.

Don’t incur the cost of an IT security incident; secure your organisation’s IT infrastructure with us. Contact us today!

Most businesses have a website and that is the best place to start your search. When testing networks for vulnerabilities, information is power. A simple yet effective online tool is http://www.netcraft.com/ , this service examines the network and returns a wealth of information like the Network block, what operating system is running on the network, what the uptime is and even hosting history for the website.

This is a fair simple and quick way to gather some information about the network, going deep into the belly of the beast, a network survey is another information gathering process that gives the testers information on how many hosts on the target network are reachable. The expected results that should be obtained from a network surveying consists of domain names, server names, Internet service provider information, IP addresses of hosts as well as a network map. A network survey will also help us to determine the domain registry information for the servers.

The tool used for network survey is Nmap which is an essential tool for any tester. Below is a snapshot of the Nmap Windows GUI and Linux console.

Nmap Linux Command Line Interface

Nmap Windows Interface

Once a network survey is complete, a port scan is the next order of business which gives the tester information about which closed or open ports are running on the network. There are about 65,000 possible TCP and UDP ports which can be scanned by information gather tools.

Information gathering can be done via tools and even social engineering. Employees may give out information without knowing who they are giving it to.

However, Penetration Testing isn’t a walk in the park; when it comes to penetration testing training, there is no industry standard definition on what it means to be a penetration tester. There is no prescribed course syllabus that one has to go through. Penetration testing is a constantly evolving field that requires practical experience and quick thinking. These skills cannot be honed or tested through a multiple choice examination.

On top of having to decide how you will learn penetration testing, there is the risk of making the wrong choice. Penetration testing courses are diverse and different, focusing on different areas. Very often, once you have committed to a course and you’ll have to stick to it or just drop out without completing it.

Content Security’s Penetration Testing Training, delivered in the form of a workshop, will allow you to learn everything there is to know about penetration testing, from the use of network reconnaissance tools, to the writing of custom zero-day buffer overflow exploits. We will design the workshop based on your current skill set as well as specific objectives that you need to fulfill.

The goal of this course is to help you master a repeatable, documentable penetration testing methodology that can be used in an ethical penetration testing or hacking situation. This penetration testing training course has a significant Return on Investment, you walk out the door with hacking skills that are highly in demand.

Contact us today and gain these invaluable skills that will benefit not only you but your organisation and clients.

The company said the intrusion took place last weekend and resulted in the defacement of Steam’s forums and the breach of a database containing user names, email addresses, purchase history, billing addresses along with credit card numbers and passwords but that information was encrypted.

Valve issued a statement ”We do not have evidence that encrypted credit card numbers or personally identifying information was taken by the intruders, or that the protection on credit card numbers or passwords was cracked.“

This was not the first time a gaming service has been attacked, a while ago Sony’s Playstation Network was attacked by hackers from LulzSec and other networks like Sega and Nintendo have been attacked as well.

Content Security offers a full range of web application firewalls and other solutions that can protect hackers from gaining access to your public-facing applications and reduce the likelihood of data theft. Our protection solutions are also offered as a managed service. Contact us today and let us help you secure your organisation from such attacks!

Some best practices that help in getting the most of out of PenTest’s are:

Test from multiple locations

Approach the target from multiple locations across the network. This helps in identifying systems and resources other than the target system and testing those angles as well.

Maintain an audit history

Before any major operation, the doctor wants to have a look at your past medical history to see what’s been done before and whether anything he is going to do will affect you. Similarly, an audit history helps the penetration tester can see the cause and effect so past vulnerabilities can be reexamined.

Recurring tests

Regular assessment of a network’s security through automatic and manual testing helps identify security vulnerabilities that may have been created over time because of additional hardware being added or new applications being deployed. A regular scheduled of tests keeps the network secure and compliant. Scheduled tests allow the management to constantly evaluate the effectiveness of controls and save costs which would otherwise be incurred due to a breach in security.

However, a Fair Warning:

Penetration Testing isn’t a walk in the park; when it comes to penetration testing training, there is no industry standard definition on what it means to be a penetration tester. There is no prescribed course syllabus that one has to go through. Penetration testing is a constantly evolving field that requires practical experience and quick thinking. These skills cannot be honed or tested through a multiple choice examination.

On top of having to decide how you will learn penetration testing, there is the risk of making the wrong choice. Penetration testing courses are diverse and different, focusing on different areas. Very often, once you have committed to a course and you’ll have to stick to it or just drop out without completing it.

Content Security’s Penetration Testing Training, delivered in the form of a workshop, will allow you to learn everything there is to know about penetration testing, from the use of network reconnaissance tools, to the writing of custom zero-day buffer overflow exploits. We will design the workshop based on your current skill set as well as specific objectives that you need to fulfill.

The goal of this course is to help you master a repeatable, documentable penetration testing methodology that can be used in an ethical penetration testing or hacking situation. This penetration testing training course has a significant Return on Investment, you walk out the door with hacking skills that are highly in demand.

Contact us today and gain these invaluable skills that will benefit not only you but your organisation and clients.

He brags about it to his other network admin friends on how secure his network but he is only partially correct. He’s forgotten a very key aspect when it comes to securing a system, the human element. Did he forget about the people who use his network everyday with their laptops, smartphones, tablets etc.? What about the attacks from those people?

More often than not, the weakest link in a network’s security is the user and is the most susceptible to a social engineering attack. Social engineering is the art of manipulating people into performing acts or revealing confidential information. Most users are untrained in detecting a social engineering attack and they won’t know what they’ve done is wrong.

Pretexting is a technique used by social engineers where they create a scenario to engage the target of their scam in a way that would increase the chance the victim will reveal information or perform acts that would enable the attackers to gain access.

Baiting is like a real world Trojan Horse which uses physical media like a DVD-ROM or USB flash drive placed in a location that would make the person finding it curious and add to the legitimacy of the scam. The flash drive could be holding a file with malicious code inside it. With a few clicks, your system has been compromised.

Some notable hackers were said to be excellent social engineers and gained access to information manually rather than spending time trying to crack into systems.

How do you protect yourself?

• First step in protecting yourself is to decide which information is sensitive and should not be shared; employees should be informed about the sensitivity of the information so they are careful
• Employees must be trained to identify a possible social engineering attempt. If the employee thinks that the person’s identity is suspect, they must be trained to politely decline the request
• Employees must be tested by unannounced security drills to make sure they have understood the basics of identifying a social engineering attack. A little precaution can go a long way and save the organization a lot of hassle

Content Security’s team of security experts bring over two decades of information security experience. Our team can work with your organisation to effectively reduce the risk of attack via social engineering through a two-pronged approach. First we work study your organisation’s security posture to evaluate how vulnerable and “socially exposed” it is. The second approach involves working with your organisation’s employees and train them to be vigilant of the information that they publish about themselves online.

Contact us today and let us protect your organisation and digital assets.

And to make matters worst, A new malware called Duqu has been found which exploits a zero-day vulnerability in Windows which allows it to infect systems running Windows and remain undetected. Vikram Thakur, principal security response manager at Symantec says “The installer file is a Microsoft Word document (.doc) that exploits a previously unknown kernel vulnerability that allows code execution,”

The worm is activated by simply opening the word file and installs multiple Duqu binary files. Thakur also said “Until Microsoft patches the zero-day vulnerability, there’s no surefire safeguard against this type of attack. “Unfortunately, no robust workarounds exist at this time other than following best practices, such as avoiding documents from unknown parties and utilizing alternative software.”

The most alarming part was when researchers found that Duqu had the ability to infect and control computers not connected to the internet. If the infected computer does not have access to the internet, the Duqu configuration files recovered from such systems were not configured to connect to the command-and-control (C&C) server but instead use a file-sharing C&C protocol with other compromised computers which did have access to the internet. Duqu is said to be related to the infamous Stuxnet and it is speculated that it has been designed for cyber espionage.

Two C&C servers have been taken down so far, one in India, the other in Belgium but researchers fear that just like the variations in configurations of Duqu, there may be different command servers for each variant.

What malware detection and malware protection do you have installed? How often are they updated? Many organisations run malware tests only and that too infrequently. This can pose a major threat when malware lifetimes can be measured in minutes.

Content Security’s range of anti-malware solutions provide real time protection against the installation of malware software on your organisation’s computers, and in turn, protect you from being attacked and exploited by malicious attackers and hackers. We also offer consulting services, where our security experts determine your organisation’s security posture and how you can not only maintain, but strengthen it. Contact us today and let us secure your organisation’s data assets.

Penetration testing process is knowledge intensive activity and usually extends beyond the complete understanding of the tools being used. We will be talking about a few basic tools that are used by penetration testers.

Port Scanners

Gathering as much information as possible on the target systems or network is the first step for penetration testing. Port Scanning tools are used to gather information about a target from a network location. This is done by probing each of the network ports or services on the target system. Port scanning tools have a multitude of functions to help the tester get as much information as possible and analyse it to meet the requirements of the test.

Vulnerability Scanners

A network-based vulnerability scanner attempts to employ known vulnerabilities on their targeted systems.  This is a vital tool for any penetration tester as they provide necessary resources to scan each and every available service on the target network from a database of known network security vulnerabilities.

This allows the tester to identify common configuration weaknesses and unpatched network server software. Nessus is a well known vulnerability scanners that are used commercially by specialists.

Application Scanners

Application scanners take the concept of vulnerability scanners a step further. These tools scan the target network for common web-based applications and attempt a variety of known attacks on the applications if they are found on the network.

These tools identify the applications that are running on the network and attempt attacks like buffer overrun, SQL injection, cross-site scripting, cookie manipulation etc. It is worth mentioning here that application scanners are not a vital tool for testers as they employ mostly black-hat practices and passing a test by application scanners does not mean that there are no vulnerabilities.

Web Application Assessment Proxy

These only work with web-based applications, it is a useful tool in a penetration testers arsenal . These work by inserting themselves between the tester’s web browser and the web server which then allows the tester to view and manipulate all data passing through the proxy. This helps the tester identify weaknesses in the application and related applications running on the network.

Content Security’s penetration testing services include a thorough inspection of your organisation’s networks and our security experts simulate how hackers would attack, and identify network and infrastructure vulnerabilities. We have provided penetration testing and IT security services to more than 40 councils across New South Wales and Victoria with references available upon request. Our staff comprises of security experts with experience in corporate, banking and finance, nonprofit and technology R&D.

Don’t incur the cost of an IT security incident; secure your organisation’s IT infrastructure with us. Contact us today!