SSL-VPN bieten zahlreiche Vorteile
Benutzer erwarten heute, dass sie ständig Zugriff auf Unternehmens- und persönliche Daten haben, auch wenn sie unterwegs sind. Eine rasant wachsende Vielfalt von Mobilgeräten ermöglicht diesen Zugr…
L’ECC AU SERVICE DE L’OPTIMISATION DE VOTRE VPN SSL
Les utilisateurs exigent désormais de pouvoir accéder à leurs données sur les terminaux mobiles les plus divers, tant dans la sphère privée que professionnelle. Face à cette nouvelle donne, l’importance de la sécurité n’a d’égale que sa complexité.
Or, la solution réside au cœur même de l’environnement de travail des entreprises. Et dans un contexte d’évolution constante des nouvelles technologies, il est important de toujours conserver un coup d’avance.
Les réseaux privés virtuels (Virtual Private Network, VPN) constituent actuellement un moyen répandu de sécuriser les communications Internet de manière simple. Élément fondamental des systèmes distribués, les VPN permettent la création de tunnels sécurisés pour la transmission cryptée de données vers des sites ou hôtes distants. Objectif : préserver la sécurité et l’intégrité de ces données lors de leur transit sur Internet. En ce sens, les VPN permettent à vos collaborateurs mobiles d’accéder à vos ressources réseaux stratégiques via une connexion cryptée et sécurisée.
Or, cette pratique soulève plusieurs questions importantes : quel type de VPN utiliser ? Et comment conjuguer simplicité et sécurité ? La réponse passe le plus souvent par les VPN SSL (Secure Sockets Layer), des VPN compatibles avec tous les navigateurs Web standard, sans installation de logiciel client spécifique sur l’ordinateur de l’utilisateur. Un VPN SSL se compose d’un ou plusieurs équipements VPN auxquels l’utilisateur se connecte à l’aide de son navigateur Web. Pour crypter les échanges entre le navigateur et l’équipement VPN, le dispositif fait appel au protocole SSL – voire au TLS (Transport Layer Security).
Les avantages du VPN SSL : polyvalence, configuration facile et contrôle renforcé pour un large éventail d’utilisateurs et de terminaux, y compris mobiles. Dernier atout, et non des moindres, ce dispositif reste particulièrement abordable.
Pionnier de la sécurisation des connexions et communications sur les réseaux, Symantec a parcouru un long chemin En ce sens, Symantec n’a de cesse d’actualiser sa gamme Website Security Solutions (WSS), un ensemble complet de solutions innovantes destinées à répondre aux besoins croissants de sécurité et de performance des entreprises en ligne. Ses principaux objectifs : offrir une protection optimale aux entreprises, respecter les exigences de conformité, contribuer à l’amélioration des performances et réduire les coûts globaux d’infrastructure.
Symantec vient également d’annoncer la sortie des premiers certificats SSL multi-algorithmes, dotés de nouvelles options de cryptage ECC (Elliptic Curve Cryptography) et DSA (Digital Signature Algorithm). Nous comptons ainsi renforcer la protection de vos écosystèmes, avec à la clé une hausse de votre cote de confiance sur le Net. En 2013, ces options seront disponibles pour tous les clients, nouveaux comme existants. Ainsi, sur la base des pratiques informatiques actuelles, les clés ECC de 256 bits seront 10 000 fois plus complexes à décoder que les clés RSA de 2 048 bits. En d’autres termes, un certificat Symantec ECC offre le même niveau de sécurité qu’un certificat RSA de 3 072 bits. Mieux encore, un serveur avec un certificat ECC améliore considérablement les performances serveurs en chargement, dans la mesure où ils peuvent traiter plus de requêtes en moins de temps, sans oublier leur plus grande évolutivité dans plusieurs cas de figures :
Comme toujours, notre objectif reste d’offrir des solutions d’une grande fiabilité, à votre entreprise comme à vos clients. C’est pourquoi nous innovons sans cesse afin de vous proposer les meilleures solutions de sécurité en ligne du marché.
SSL VPNs – DELIVERING VIP VALUE
With heavier demands for access to corporate and personal information – especially when ‘on-the-go’, via a proliferation of mobile devices – staying safe has never been more challenging or crucial.
Coping with this is something that organisations have to manage in their working environments. As new technology evolves, the challenge is to stay ahead of the game
Virtual Private Networks (VPNs) have become a common and easy way to secure communications over the internet. VPN services are a fundamental part of distributed systems, enabling the creation of secure data tunnels to remote sites or hosts. VPNs use cryptography to scramble data, so that it’s unreadable during its journey across the internet, protecting data security and integrity. Deploying VPNs allows businesses to deliver secure, encrypted connectivity for a workforce on the move, which needs access to critical corporate network resources.
These issues must be considered: What kind of VPN to use? How do you ensure the greatest payback, in terms of simplicity and security? Most common are SSL VPNs (Secure Sockets Layer Virtual Private Networks). It is a form of VPN that can be used with any standard web browser and does not require the installation of specialised client software on the end user’s computer. An SSL VPN consists of one or more VPN devices to which the user connects by using his web browser, with the traffic operating between the browser and SSL VPN device encrypted with the SSL or Transport Layer Security (TLS) protocol.
What an SSL VPN offers is versatility, a low-hassle set up and tight control for a range of users on a variety of computers, who may be accessing resources from any number of locations. Finally, it is attainable for a modest investment.
Symantec has been in the business of securing connection and communication from the beginning, providing solutions that have evolved powerfully over time. In timely fashion, Symantec has unveiled new updates to its Website Security Solutions (WSS) portfolio that have innovative and comprehensive capabilities built in to help meet the ever-expanding security and performance needs for connected businesses. Essentially, the Symantec WSS strategy focuses on bringing maximum protection to companies, meeting compliance requirements, helping to improve performance, and reducing overall infrastructure costs.
Symantec has also just announced the first available multi-algorithm SSL certificates, with new ECC (Elliptic Curve Cryptography) and DSA (Digital Signature Algorithm) options to help further protect your ecosystems and strengthen the foundations of trust online. These algorithm options will be available for all new and existing customers in 2013. The Symantec 256-bit ECC keys are 10,000 times harder to break than an RSA 2048-bit key based on industry computation methods. Symantec ECC certificates offer the equivalent security of a 3072-bit RSA certificate whilst at the same time offering significant improvements in server performance at load, as a server with an ECC-based certificate is able to handle more requests faster and scales well to handle:
The end goal, as always, is to deliver solutions that both your business and clients can rely on, which is why we are constantly moving forward to deliver the best possible website security solutions.
For more information about how SSL certificates work visit our ‘SSL explained’ infographic
eCommerce is growing worldwide, and according to recent estimates from eMarketer online sales hit USD1 trillion in 2012 – which represented a year on year growth of over 21%. And what does this mean for Australia? The numbers for AU are equally a…
Contributor: Avhdoot Patil
Phishers have recently gained a lot of interest in football. Various phishing attacks using football were observed in 2012. Phishers have already shown their interest in the 2014 FIFA World Cup, football celebrities, and football clubs. Scam for LIONEL MESSI Fans and Scam for FC Barcelona are good examples of phishers using football celebrities and football clubs. Fraudsters understand that choosing celebrities with a huge fan base offers the largest amount of targets which could increase their chances of harvesting user credentials. In April 2013, the trend continued with phishers using the same strategy. The phishing sites were in French on a free web hosting site.
The phishing sites prompted users to enter their Facebook login credentials on pages designed to highlight Lionel Messi, FC Barcelona, or Cristiano Ronaldo. The phishing pages contained images of Lionel Messi, FC Barcelona, or Cristiano Ronaldo and tried to create the false impression that they were the official Facebook page for either Messi, FC Barcelona, or Ronaldo. Some of the fake sites were titled, “first social networking site in the world”. Users were prompted to enter their Facebook login credentials in order to connect to the Facebook page. After a user’s login credentials have been entered, users are redirected to a legitimate Lionel Messi, FC Barcelona, or Cristiano Ronaldo community page to create the illusion of a valid login. If users fell victim to the phishing site by entering their login credentials, phishers would have successfully stolen their information for identity theft purposes.
Figure 1. Fake Facebook phishing page featuring Lionel Messi
Figure 2. Fake Facebook phishing page featuring FC Barcelona
Figure 3. Fake Facebook phishing page featuring Cristiano Ronaldo
Internet users are advised to follow best practices to avoid phishing attacks:
In my last blog, I talked about how the 2012 Internet Security Threat Report points out the vulnerabilities common for small- and medium-sized businesses, and because of their mistakes for the larger enterprises that do business with them. So let’s talk about some good practices to address these risks.
First and most important is education. Employees need to understand what the company rules are on how to be secure, and understand each of their individual roles in the process. In turn, the roles and responsibilities need to support good security policies including separation of duties, access controls, and the idea of ‘least privilege’. For anyone new to the concept, least privilege is illustrated most simply that a temporary secretary shouldn’t have access to the same databases at the same level of information sharing as the head of HR. People need information, but they only need data required for them to function in their everyday duties. Consumers and customers also need to be trained on the many vectors of attack, including social media, links, and the possibility of malware in attachments via email. Buyers are also increasingly looking for indications of security like the green URL bar for Extended Validation certificates, the padlock, HTTPS:// and trust marks. Have a good security policy, then follow up by telling everyone what it is and how you are protecting their data.
Second is doing business securely. While true that a small business may not be able to defend against the newest zero-day attack, or even be able to spell APT, it is the old attacks that are still the bulk of the vulnerability. Communication and data flowing in and out of a network needs to be encrypted. If the company creates apps or proprietary code to distribute, the code should be signed with a digital shrink-wrap to assure end users that it wasn’t tampered with en route. The PCI’s eCommerce Guide recommends SSL to secure your payment information, and recommends EV wherever possible for transactions.
Third is to protect your customers, your partners, and your employees by securing your websites. Review the results of all the malware scans and vulnerability assessments of your website that can be conducted by third parties. Symantec enabled malware scanning and vulnerability assessments as part of our SSL certificates, because we believe strongly that it’s a basic security measure for any organization securing their website. Make sure your security policy includes deadlines for patching critical vulnerabilities.
The online security ecosystem is doing its part to code a better internet: Protocols are constantly under revision to remove vulnerabilities as they are found. Browsers have enabled the green bar to show where a company chose a higher level of SSL authentication for their identity, and they display warnings when content is served up insecurely on an encrypted page. Social media sites are leading some of the way toward an always on SSL approach, where the connection is encrypted from user log on through the entire site experience. App stores are joining the always on movement for SSL too.
The Threat Report doesn’t paint a bleak picture. More people are living and doing business online, and the world of eCommerce is growing annually. But the attackers are getting smarter, and no one can afford to say, “It’ll never happen to MY Company.” Because that’s exactly what the bad guys want you to think. Lock your doors.
Symantec has observed an increase in spam messages containing .pw top-level domain (TLD) URLs. While it was originally a country code top-level domain for Palau, it is now available to the general public through Directi, who branded it as “Professional Web”.
Figure 1. .pw TLD URL spam message increase
Looking back at the last 90 days, .pw ranked #16 on our TLD distribution list:
Figure 2. TLD distribution list – last 90 days
However, the .pw URL jumps to the fourth spot when looking at the last 7 days:
Figure 3. TLD distribution list – last 7 days
Examining messages found in the Global Intelligence Network, Symantec researchers have found that the vast majority of spam messages containing .pw URLs are hit-and-run (also known as snowshoe) spam.
These are the top ten subject lines from .pw URL spam over the last two days:
Figure 4. .pw URL spam message example
Symantec will continue to monitor this trend and create additional filters to target these attacks. In addition, Symantec also advises enterprises and consumers to adopt the best practices found in the Symantec Intelligence Report.
Join Symantec Security Response experts Kevin Haley and Paul Wood on Twitter (using the #ISTR hashtag) on Tuesday, April 30, at 9 a.m. PT / 12 p.m. ET to chat about the key trends highlighted in Symantec’s recently released Internet Security Thre…
Recently, I discovered a back door Trojan horse program that does not work on Microsoft Windows XP. I would like to present some of the details of this threat, especially as the malware author encoded a special trick into the functionality of the Trojan. The trick appears to have been designed to allow the threat be used in targeted attacks.
In this threat, the author uses the fseek function, which is unusual as it is normally used to process data. For example, if the program reads 100 bytes of data from the top of the file, the fseek function process is used to move the 100 bytes.
Figure 1. The fseek code trick used by the malware
However, in the case of this Trojan, there are three functions that continue in a loop:
Usually, code reads or writes data after the fseek function, but in this case this process does not happen. It is also strange that such a function is written in a loop.
Looking at the code in greater detail, the fseek function works with a NULL pointer as a file handle. This means that there is no file to control. Because the fseek function controls a non-existent file, the threat crashes when it is executed on Microsoft Windows XP.
Figure 2. The threat crashes when it runs on Microsoft Windows XP
If the file is executed on Microsoft Windows Vista or later, it works fine. So what is the difference between Microsoft Windows XP and later versions of Windows?
According to the MSDN Library for Microsoft Visual Studio 2005 or later, the fseek function is documented as follows:
“If stream is a null pointer, or if origin is not one of allowed values described below, fseek and _fseeki64 invoke the invalid parameter handler, as described in Parameter Validation. If execution is allowed to continue, these functions set errno to EINVAL and return -1.”
However, there is no mention of this in the Microsoft Visual Studio .NET 2003 MSDN Library.
I think the fseek code changed when a file handle with a NULL pointer is passed as a parameter to the function. The malware author used this change intentionally in order to create a program that doesn’t run on Microsoft Windows XP.
Microsoft Windows XP has just under 40% usage share of the operating system market as of March 2013. If a malware author creates a program that doesn’t run on Microsoft Windows XP, valuable opportunities to compromise a large number of computers will be lost. So, why would someone create malware such as this?
One possibility is an attempt to avoid revealing the true behavior of the threat in sandboxes. I submitted a sample file to eight Automated Threat Analysis Systems found on the Internet and none of these systems logged the sample file behavior. I believe the reason for this is that the malicious code is found after the fseek function trick. If the sandboxes used for testing samples ran on Microsoft Windows Vista, or rather any operating system later than Microsoft Windows XP, they may not have logged the malware’s behavior. (Please see this blog for further details regarding how Automated Threat Analysis Systems are used by antivirus companies to analyze malware.)
If malware runs without performing any destructive or disruptive activities in silence, it can continue to compromise computers for a long time, for which the merits to the malware author cannot be overstated.
Back door Trojan horse programs usually check the operating system, CPU clock, and the installed antivirus product, if any. This threat is unusual because it also gathers the following information:
Normally malware authors wouldn’t worry about the battery on the computer. However, the author of this threat evidently has a strong interest in the targeted company.
At the time of writing this blog, Symantec has only received two samples of this threat from large customers and no major infections have been recorded.
From what I can gather from my analysis of this threat, it was used in a targeted attack and the author knew that the targeted company uses Microsoft Windows Vista or later on their computers and hence attempted to infect their network with malware that does not work on Microsoft Windows XP.
If the administrator of the targeted company were to notice suspicious behavior in a suspect file and decide to test it on an Automated Threat Analysis System, it is possible that malicious activity may not be seen at all during the testing and the administrator would be none-the-wiser about the file’s true behavior.
Symantec will continue to monitor malicious code and techniques outlined in this blog. We also recommend that users not run suspicious programs and keep their operating system and antivirus software up to date.
寄稿: Avdhoot Patil
フィッシング詐欺師は、混迷の続くシリア情勢を依然として悪用しています。メッセージは書き換えられていますが、使われているのは定番のフィッシング用テンプレートです。3 月には、以前のフィッシングサイトで確認されたのと同じ、湾岸諸国の組織の Web サイトが偽装されました。ただし、偽装の内容は、シリアの反対運動を支持するものではなく、シリア国民を支援する国連の計画です。フィッシングページはアラビア語で書かれており、サイトは米国のテキサス州ダラスに置かれたサーバーでホストされていました。
つい最近も、フィッシング詐欺師はシリア現政権を糾弾してユーザーを誘導しようとしましたが、今回は特に、バッシャール・アル・アサド大統領が利用されています。シマンテックが確認したフィッシングサイトには、シリア大統領を戦争犯罪人として糾弾することに賛同するよう求めるメッセージが、アラビア語で書かれています。そこに、賛同するか賛同しないかを投票するオプションがあり、投票できるのは 1 回だけという注意書きまでありました。
図 1. バッシャール・アル・アサド大統領の糾弾に賛同するかどうかの投票
賛同するオプションを選択すると、次のページでは、投票を送信して有効票として認識させるために、4 種類の電子メールサービスプロバイダから 1 つを選択するよう求められます。
図 2. 投票するために電子メールサービスプロバイダを選択
いずれかを選択すると、その電子メールサービスプロバイダのログインページに偽装したフィッシングページにリダイレクトされます。ログイン情報を入力すると、フィッシングページから確認ページにリダイレクトされ、投票が正常に処理されたことと、結果が 2013 年 4 月 5 日に発表されることが伝えられます。不幸にも、このフィッシングサイトに騙されたユーザーは、個人情報を盗まれ、なりすまし犯罪に使われてしまいます。
図 3. 投票の確認ページ
フィッシング攻撃を防ぐためにできる限りの対策を講じることを推奨します。
* 日本語版セキュリティレスポンスブログの RSS フィードを購読するには、http://www.symantec.com/connect/ja/item-feeds/blog/2261/feed/all/ja にアクセスしてください。