Welcome to the Proxy Update, your source of news and information on Proxies and their role in network security.

Wednesday, March 30, 2011

Employee leaks are most significant data threat

McAfee has a new survey out that found the most significant threat to businesses is data that is leaked accidentally or intentionally by employees. In addition to that the survey also found that companies were reluctant to report data breaches because of the impact to their reputation, and 1 in 10 said they would not report a breach unless legally required to (like in California).

The threat from data leakage is one that's been around for a while, but is probably even more prevalent now that the web is such a ubiquitous tool in most organizations. Many employees don't think twice about using the web as part of their day to day operations.

The question is how does an organization protect themselves from this threat while still providing access to the web. The answer of course is the web proxy. It serves the important purpose of protecting web surfers from malware coming in from the web, but it can also be used to monitor outbound data to the web, to help prevent accidental or intentional data leakage through the web. Many DLP vendors integrate with the proxy through ICAP, so there's no reason you can't have an easy to deploy DLP solution in your network today.

Tuesday, March 29, 2011

McAfee's Website Full of Security Holes

The TechEYE.net is reporting that McAfee's corporate website is riddled with vulnerabilities. It must be a bit of an embarassment for McAfee and new owner Intel, that the YGN Ethical Hacker Group reported the McAfee website is full of security mistakes that could lead to cross-site scripting and other attacks. These holes were reported to McAfee last month.

From the TechEYE.net article:

In addition to cross-site scripting, YGN discovered numerous information disclosure holes with the site including seeing an internal hostname and finding 18 source code disclosures.
The bit of the site that could be used for XC scripting attack hosted some of McAfee's files for downloading software.
If only there were some software which could scan a site to detect such errors.
McAfee peddles a McAfee Secure service to enterprises to make sure their their customer-facing websites are secure. McAfee Secure scans a website daily for "thousands of hacker vulnerabilities and if a site gets McAfee's "high standard of security," then users of McAfee anti-malware products see a "McAfee Secure" label in their browsers.
The security product claims to test for personal information access, links to dangerous sites, phishing, and other embedded malicious dangers that a website might unknowingly be hosting.


Apparently problems with security on McAfee's website aren't new.

Actually McAfee's website is regularly found to be lacking in security. In 2008 it was found to be suffering from cross-site scripting (XSS) errors by security outfit XSSed.
In 2009, white-hat hacker going by Methodman published proof-of-concept attacks against websites kc.mcafee.com and mcafeerebates.com and in April 2010, the McAfee.com community forums were defaced via an XC scripting attack.


One certainly hopes McAfee puts more security in their product than they do in their website.

Monday, March 28, 2011

Why Isn't Endpoint Security Enough?

Just this week someone posed the question on Yahoo Answers, of whether endpoint security was really enough, and why was a web security proxy even needed. It's surprising to me how many people still think that end-point security is enough in this day and age. With web attacks being the primary vehicle for malware and spyware today, you'd think more IT administrators would want to proactive about their defenses against threats from the web.

While end-point security is one layer of security for web threats, it shouldn't be the only layer of defense. Why not? Well, the answer is rather simple, would you trust your end-user to do the right thing? What I mean by that is, do you trust your end-users to make sure their end-point security is up to date, has the latest patches, and downloads the latest definitions regularly. On top of that are you sure your end-users haven't found a way to disable their end-point security, because they found it annoyingly slow, blocked sites they wanted to visit or some other seemingly benign reason?

If you think your end-users are well-behaved, then I'm sure you're in the minority. For the rest of us, the web security proxy, adds another layer of defense for the paranoid IT administrator. It also provides some additional security layers that aren't typically found in end-point security software options. Some proxy vendors offer real time category ratings, cloud based information sharing of the latest threats, as well as the ability to scan all downloads for malware and spyware.

Many even let you pick the vendor whose anti-virus and anti-malware software your going to run on the proxy, enabling the IT administrator to select a different vendor than the one used on the end-point security client. This makes sure you've really got an added layer of defense so that when one vendor misses malware, you've at least got the chance the other vendor will catch it.

All these are good reasons to have secure web proxy, even when you've got end-point security.

Friday, March 25, 2011

Microsoft pays Nortel $7.5 million for IPv4 addresses

In a Network World article today it was announced that Microsoft offered to pay Nortel $7.5 million for 666,624 legacy IPv4 addresses. The sale is pending approval by U.S. Bankruptcy Court for the District of Delaware as part of Nortel's Chapter 11 bankruptcy.

It may just be the start of things to come as we've run out of IPv4 address space as previously mentioned in this blog. If you haven't started your migration to IPv6, its definitely time to start the investigation.

This sale is reportedly the first publicly disclosed large-scale sale of IPv4 addresses since ICANN announced they had run out of address blocks. If the court approves the sale on April 26, these 666K-plus addresses will selling for $11.25 per address. Network World estimates that's more than the going rate for to register a .com domain name, which these days can be had for as little as $7.50.

Additional information from Network World:

Nortel filed for Chapter 11 on On January 14, 2009. In November, it realized its block of legacy IPv4 addresses might be worth something to its debtors and it hired Addrex, a stealthy broker of IPv4 addresses, to find a buyer. Addrex began shopping around and, in early December, asked eighty potential purchasers if they were interested. Of these, 14 expressed interest and seven actually submitted bids for all or some of the addresses, according to the court documents. Obviously, Microsoft walked with the prize for being the highest bidder.

Interestingly, those in the IP-address-assigning business seem to be busy launching brokering sites so that deals like this one can grow commonplace. The so-called "aftermarket" for IPv4 addresses is expected to heat up in about six months, as large network providers feel the pressure of their dwindling IPv4 address supply, John Curran, president and CEO of the American Registry for Internet Numbers told Government Computer News.


Just a reminder for those of you that don't know where to begin with your IPv6 migration, that there are more tools announced every day to help. Blue Coat, the proxy vendor announced early on their proxy would do IPv4 to IPv6 proxying, and would be a useful migration tool. Brocade announced this week that their switches would do something similar.

So there are tools out there, and no reason not to get started with IPv6

Thursday, March 24, 2011

Update to the site template

If you've been a regular follower of this blog, you'll notice a couple of new updates I've added on the information bar. I've gone ahead and added the google analytics statistics as well as the gadget called "Sociable". The google analytics shows you how popular this blog has been, and the "Sociable" gadget lets you add a favorite post or article directly to your facebook account, tweet the link, or send it to some other favorite social networking site. Hope you enjoy these changes.

Friday, March 18, 2011

Websense puts itself up for sale

News came out on Wednesday that San Diego-based Websense is considering putting itself up for sale. Websense is working with Qatalyst Partners to evaluate whether it should sell.

The Wall Street Journal estimates the company could be worth about $1 billion in a sale. If Websense does manage to sell itself, it will become the latest web security vendor to get acquired. Ironport and Secure Computing, were two other high profile web security companies that were acquired. If Websense joins their ranks, it will leave Blue Coat as the only major player that hasn't been acquired into a much larger company.

Monday, March 14, 2011

What's preventing you from putting in a proxy?

With new headlines almost daily about the rise in web threats, there's really no excuse for not having some protection against malware that comes across from web sites. A proxy or secure web gateway would go a long way in reducing the vulnerability of your organization's web surfers to malicious intent.

So if you're organization doesn't have a proxy or secure web gateway, the question then is why? Is it a cost / budget issue? Do you think the technology is too difficult to implement without a specialist on staff? Are you afraid of the user experience with web browsing after you implement a proxy?

It it's cost, then think about the cost of one serious malware breach spreading across the workstations in your organization. There should be some budget available to prevent that given the overall likelihood of a significant malware event from a web source only continues to increase.

If it's complexity, then you should consider looking at new easier to use products like Blue Coat's ProxyOne platform. Compare it with other appliances on the market and see which one is the easiest to implement. There are definitely more vendors going after the ease of use market than ever before.

Finally, what's the user experience after you put in a proxy. By all accounts you should have better performance, especially if you put in a caching proxy. A caching proxy will cache information from the world wide web so that the end user can fetch it locally if it's been asked for before, improving the overal experience of the user with web browsing. Web caching browsers are also used by many service providers to improve their user's experiences with web browsing.

So what are you waiting for? Go put in the requisition for a secure web gateway or web proxy today.

Wednesday, March 9, 2011

Number of Malware Infected Sites Double

A new Dasient report says that the number of Web sites infected with malware has doubled in the past year. That means there's around 1.2 million Web sites out there infected with malware.

According to Crunchgear, that means it takes about three months of Web surfing for the average person to have a 95 percent chance of running into malware.

All the more reason to keep your secure web gateway/proxy system up-to-date and with a working anti-malware program running at all times. It probably doesn't hurt to have end-user protection on the organizations workstations and laptops as well.

Monday, March 7, 2011

Intel completes acquisition of McAfee

In case you missed the news, Intel Corporation announced the acquisition of McAfee, Inc. is complete as of February 28, 2011

McAfee will continue developing and selling security products and services under its own brand. Intel and McAfee plan to bring the first fruits of their strategic partnership to market later this year, with the intent of tackling security and the pervasive nature of computing threats in an entirely new way.

As a wholly-owned subsidiary of Intel, McAfee reports into Intel's Software and Services Group. The group is managed by Renée James, Intel senior vice president, and general manager. McAfee's president, Dave DeWalt, will report to James.

For those of you that have been following the company once known as Secure Computing (who produced the proxy device also known as the McAfee Secure Web Gateway, that means one more layer of ownership.