Buried in the latest version of the Gartner Magic Quadrant for Secure Web Gateway that was issued this past May, was information about Microsoft's Forefront TMG product.
Essentially Microsoft, has discontinued full updates to the Forefront TMG product, and has placed it into sustaining mode. For that reason Gartner chose not to evaluate Microsoft Forefront TMG and did not put it in the Magic Quadrant.
This is good news for the other vendors in this market space, but bad news for customers who use Microsoft's product for their secure web gateway. With the constantly evolving threat landscape it's important for the secure web gateway product to evolve and keep up with the latest in technology. If you're at all security conscious, and you use Microsoft, it may be time to start investigating other options.
Welcome to the Proxy Update, your source of news and information on Proxies and their role in network security.
Thursday, July 28, 2011
Wednesday, July 27, 2011
Shapeshifter Trojan
CRN is reporting on a new virus spread through Facebook, that disables the user's anti-virus program and then pretends to be the anti-virus program. It recognizes anti-malware programs from 16 different vendors, including McAfee, Symantec and BitDefender.
This new virus is spread using old tricks, specifically the "fake codec" method. Users are encouraged to click and watch a video using hijacked facebook accounts that offer up a video. When they try to watch the video, they're told they don't have the right "video codec" to watch it, and they can install it by clicking a link. Instead of installing the codec, (in this case a fake Adobe Flash Player) they get the new virus. Once installed, the user helps spreads the malware, but posting on their own facebook account more links to the malware.
In this particular case, the fake video actually has the facebook user's name embedded in the title to make it seem even more real to any unsuspecting victims.
This latest socially engineered attack is a good reminder as to why organizations need to have a secure web gateway or web proxy in place to protect users from malware, and to have policies around social networking sites, even the possibility of having a "read-only" Facebook policy.
This new virus is spread using old tricks, specifically the "fake codec" method. Users are encouraged to click and watch a video using hijacked facebook accounts that offer up a video. When they try to watch the video, they're told they don't have the right "video codec" to watch it, and they can install it by clicking a link. Instead of installing the codec, (in this case a fake Adobe Flash Player) they get the new virus. Once installed, the user helps spreads the malware, but posting on their own facebook account more links to the malware.
In this particular case, the fake video actually has the facebook user's name embedded in the title to make it seem even more real to any unsuspecting victims.
This latest socially engineered attack is a good reminder as to why organizations need to have a secure web gateway or web proxy in place to protect users from malware, and to have policies around social networking sites, even the possibility of having a "read-only" Facebook policy.
Multi-language support
Many proxy vendors that support URL filtering also have the ability to rate the webpages that aren't in URL category database in real-time. They do this using automated programs that scan the web pages and categorize them based on the content of the website. Part of this is being able to recognize the words, tags, and tokens used on the website. That means the real-time categorization engine has to understand different languages if you have sites that world-wide. Foreign language support is probably not as wide-spread as you'd expect it to be with proxy vendors, so you should ask your vendor what languages they support in their real-time engine.
Some even have languages that aren't necessarily commonplace. For example, Blue Coat reports support for Klingon, as well as a made up language they call "Pornovian", basically common terms found on porn sites, for them to more easily rate a site as a pornography site.
Some vendors also report language support in both real-time engines as well as background rating engines (those engines used when the page doesn't have any obvious markers that would allow it to be rated in real-time). In most cases, the background rating engine will have more language support than the real-time engine.
So if your organization is truly multi-national or global, make sure your proxy vendor is as well.
Some even have languages that aren't necessarily commonplace. For example, Blue Coat reports support for Klingon, as well as a made up language they call "Pornovian", basically common terms found on porn sites, for them to more easily rate a site as a pornography site.
Some vendors also report language support in both real-time engines as well as background rating engines (those engines used when the page doesn't have any obvious markers that would allow it to be rated in real-time). In most cases, the background rating engine will have more language support than the real-time engine.
So if your organization is truly multi-national or global, make sure your proxy vendor is as well.
Tuesday, July 26, 2011
Black Hat Show
With the summer lull continuing, there's a show coming to Vegas for those security conscious IT admins. From July 30 to August 4, the Black Hat Technical Security Conference will be in Las Vegas. If you're looking for something to do, or just need a break, this is the show to be at if you're involved in security.
Tuesday, July 5, 2011
License Limits
As most IT buyers know, software purchases usually come with licensed limits. It's no different with secure web gateways and web proxies. Typically the anti-malware and URL filtering licenses are licensed by the number of users in the organization. For most of these platforms, they determine the number of users by counting IP addresses or unique user logins. After the license limit has been reached, each vendor's products may behave a little differently.
Some vendors will send out nag notices, letting you know you've reached your license limit, others will reduce their functionality (maybe block malware), but not content by policy, and still others, just stop blocking altogether for those users over the license limit.
Depending on what type of organization you work for any of those could be acceptable, but for certain organizations, (like schools), to stop blocking altogether might not be an acceptable risk, especially when there might be complaining parents. So make sure your software does what you want it to do if you reach a licensed limit. (Also make sure it isn't a way for users to get around your corporate policy - I heard rumors that some students at a school generated a program to use up DHCP IP addresses to reach the license limit on their filtering software, so the "overage" IP addresses could browse freely).
Some vendors will send out nag notices, letting you know you've reached your license limit, others will reduce their functionality (maybe block malware), but not content by policy, and still others, just stop blocking altogether for those users over the license limit.
Depending on what type of organization you work for any of those could be acceptable, but for certain organizations, (like schools), to stop blocking altogether might not be an acceptable risk, especially when there might be complaining parents. So make sure your software does what you want it to do if you reach a licensed limit. (Also make sure it isn't a way for users to get around your corporate policy - I heard rumors that some students at a school generated a program to use up DHCP IP addresses to reach the license limit on their filtering software, so the "overage" IP addresses could browse freely).
Subscribe to:
Posts (Atom)