CVE-2017-20180 (libzerocoin)

Read Time:25 Second

A vulnerability classified as critical has been found in Zerocoin libzerocoin. Affected is the function CoinSpend::CoinSpend of the file CoinSpend.cpp of the component Proof Handler. The manipulation leads to insufficient verification of data authenticity. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The name of the patch is ce103a09ec079d0a0ed95475992348bed6e860de. It is recommended to apply a patch to fix this issue. VDB-222318 is the identifier assigned to this vulnerability.

Read More

What is firewall optimization?

Read Time:6 Minute, 1 Second

Firewall optimization (also known as firewall analysis) is the process of analyzing and adjusting the configuration and policy set of a firewall to improve performance and security. This process involves reviewing and corelating log data and device configurations, identifying potential vulnerabilities and weaknesses, and providing recommendations for remediation. Performing these processes is complex, which is why tools like firewall analyzers are useful. They offer automation, visualization, and alerting to provide recommendations that can be used to reduce the risk of attack.

What is the business impact of firewall optimization?

Firewall optimization is important because it can help organizations improve their overall security, performance, and compliance, while also reducing costs and improving decision-making. This can ultimately contribute to better overall business performance. Firewall optimization can have a positive impact on a business’s overall network security and performance.

Some of the key benefits include:

Improved security: Analyze configurations and log data to identify potential vulnerabilities and threats in the network and provide recommendations for remediation. This can help to reduce the risk of successful cyber-attacks and data breaches.
Better performance: Improve overall network performance by identifying and addressing bottlenecks and inefficiencies in the firewall configuration. This can result in faster network speeds, more reliable connectivity, and better overall performance.
Compliance: Comply with relevant regulations and standards, such as PCI DSS and HIPAA, by providing regular compliance reports and identifying potential compliance issues.
Cost savings: By identifying and addressing inefficiencies and bottlenecks in the firewall configuration, firewall optimization can also help reduce costs associated with network maintenance and troubleshooting.
Improved decision-making: Have a better understanding of the network security posture and the capabilities of the firewall. This allows organizations to make more informed decisions about their security strategy, and to better allocate resources for security initiatives.

How is firewall optimization different from firewall management?

Firewall optimization uses software tools like a firewall analyzer to find weaknesses and vulnerabilities in network attached devices. The inspection includes analyzing configurations and log data from security devices, such as firewalls, intrusion detection systems (IDS), and intrusion prevention systems (IPS).

The primary features of a firewall optimization include:

Log analysis: Review log data to understand utilization trends over time and recommend ways to enhance the performance of the firewall without compromising security.
Configuration analysis and compliance reporting: Review running configurations of firewall devices regularly and include features for generating reports that show compliance with relevant regulations and standards, such as PCI DSS and HIPAA.
Security analytics: Analytics capabilities allow users to visualize and analyze data from firewalls. This can help to identify trends and patterns that may indicate potential security threats.
Alerting: Alerting features that notify users when potential threats or vulnerabilities are detected.
Integration with other tools: Some firewall analyzers can be integrated with other security tools, such as vulnerability scanners or intrusion detection systems, to provide a more comprehensive view of an organization’s security posture.
Multi-vendor support: Firewall analyzers can support multiple firewall platforms. This can be useful when migrating from one firewall platform to another, to help clean the ruleset of any vulnerabilities and test configurations prior to deployment.

A firewall management platform, on the other hand, is a comprehensive tool that helps organizations to manage, configure, and monitor their firewalls. It includes features like firewall policy management, threat detection and management, asset discovery, and security analytics. The primary features of a firewall management platform include:

Policy management: Allows users to create and manage firewall policies, which define the rules for allowing or blocking network traffic.
Asset discovery: Discover and inventory assets on a network, including servers, workstations, and other network attached devices.
Security analytics: Analytics capabilities that allow users to visualize and analyze data from firewalls. This can help to identify trends and patterns that may indicate potential security threats.
Monitoring: Monitor network traffic and alerting users when potential threats or vulnerabilities are detected.
Integration with other tools: In addition to firewall analyzers, some firewall management platforms can be integrated with other security tools, such as a Security Incident and Event Manager (SIEM) to provide a more comprehensive view of an organization’s security posture.

One of the main differences between firewall optimization and the firewall management platform is the scope of their capabilities. Firewall optimization is focused on the performance and configuration of the firewall, by analyzing the running configuration and log data from firewalls, even in environments with multiple vendor firewalls.

Another difference is the level of control on a device that the tools provide. A firewall analyzer provides insights, recommendations, application traffic flows, and may even have device configuration and management capabilities. A firewall management platform, on the other hand, provides granular control over firewalls, including the ability to create and manage firewall policies and to monitor network traffic.

How does firewall optimization work?

Firewall optimization uses a firewall analyzer tool to provide visibility into the security posture of a network by identifying potential threats and vulnerabilities, and by providing recommendations for remediation.

The process of firewall analysis typically involves the following steps:

Data collection: The firewall analyzer collects log data and device configurations from the security devices on the network. This data may include information on network traffic, firewall rules, and security events.
Data analysis: The firewall analyzer then analyzes the collected data to identify potential vulnerabilities and threats in the network. This may include identifying open ports, misconfigured firewall rules, or unusual network traffic patterns.
Reporting and visualization: The firewall analyzer generates reports and visualizations that provide a detailed overview of the network’s security posture. These reports may include information on compliance with relevant regulations and standards, as well as recommendations for remediation.
Alerting: The firewall analyzer may also include alerting features that notify security teams when potential threats or vulnerabilities are detected.

Some firewall analyzers can also be integrated with other security tools, such as vulnerability scanners or intrusion detection systems, to provide a more comprehensive view of an organization’s security posture.

Firewall optimization best practices

It is not uncommon for organizations to question if both a firewall analyzer and firewall management platform are necessary for improved network security. Firewall analyzers provide a strategic and operational view of the network security environment across multiple vendors. This contrasts with the firewall management platform’s operational and tactical capabilities which are vendor specific.

In addition, firewall analyzers can provide value for non-operational roles in an organization, such as auditors. Auditors can collect the information they need without having to access the firewall management platform directly or involve the operations teams who administer the platform.

Conclusion

Overall, firewall optimization using firewall analyzer tools and firewall management platforms are important for the network’s health and security. While they serve different purposes, they also complement each other with their unique capabilities. Organizations that need visibility into the performance of the network along with recommendations for improving the firewall security should consider a firewall optimization strategy that incorporates both capabilities.

AT&T Cybersecurity Consulting has more than 20 years of experience increasing network security and performance using its firewall optimization programs. Learn more about the benefits and best practices of implementing a firewall optimization strategy that incorporates both firewall analyzer tools and firewall management platforms. Contact us today to get started.

Read More

Tracking device technology: A double-edged sword for CISOs

Read Time:37 Second

The transportation industry has doubled down in the area of fleet tracking in recent years, which has come with great benefits and not a few security headaches. On the consumer side, we’ve spoken of Apple’s AirTag and how it has been used to find personal items of import — and also its potential to be abused by the nefarious to track and trace individuals. Now we see that Google is jumping into the fray, with the soon-to-be-released tracking device in development apparently codenamed “Grogu” (after the Baby Yoda character in the “Star Wars” spinoff “The Mandalorian”). The astute cybersecurity leader is no doubt thinking: “This is a CISO nightmare.”

To read this article in full, please click here

Read More

CVE-2015-10093 (mark_user_as_spammer)

Read Time:27 Second

A vulnerability was found in Mark User as Spammer Plugin 1.0.0/1.0.1. It has been declared as problematic. Affected by this vulnerability is the function user_row_actions of the file plugin/plugin.php. The manipulation of the argument url leads to cross site scripting. The attack can be launched remotely. Upgrading to version 1.0.2 is able to address this issue. The name of the patch is e7059727274d2767c240c55c02c163eaa4ba6c62. It is recommended to upgrade the affected component. The identifier VDB-222325 was assigned to this vulnerability.

Read More

CVE-2015-10092 (qtranslate_slug)

Read Time:26 Second

A vulnerability was found in Qtranslate Slug Plugin up to 1.1.16. It has been classified as problematic. Affected is the function add_slug_meta_box of the file includes/class-qtranslate-slug.php. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 1.1.17 is able to address this issue. The name of the patch is 74b3932696f9868e14563e51b7d0bb68c53bf5e4. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-222324.

Read More

CVE-2015-10091

Read Time:27 Second

A vulnerability has been found in ByWater Solutions bywater-koha-xslt and classified as critical. This vulnerability affects the function StringSearch of the file admin/systempreferences.pl. The manipulation of the argument name leads to sql injection. The attack can be initiated remotely. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The name of the patch is 9513b93c828dfbc4413f9e0df63647401aaf4e58. It is recommended to apply a patch to fix this issue. VDB-222322 is the identifier assigned to this vulnerability.

Read More

CVE-2015-10090

Read Time:23 Second

A vulnerability, which was classified as problematic, has been found in Landing Pages Plugin up to 1.8.7. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. The attack may be launched remotely. Upgrading to version 1.8.8 is able to address this issue. The name of the patch is c8e22c1340c11fedfb0a0a67ea690421bdb62b94. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-222320.

Read More