Read Time:6 Second
FEDORA-FLATPAK-2023-76df0d02a2
Packages in this update:
firefox-stable-3820230620083427.1
Update description:
Update to 114.0.2
Daily Archives: June 20, 2023
Next-Generation Firewalls: A comprehensive guide for network security modernization
Read Time:6 Minute, 14 Second
The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article.
The terms computer security, information security and cybersecurity were practically non-existent in the 1980s, but believe it or not, firewalls have existed in some form since that time. Over the years, the traditional firewall has transformed to meet the demands of the modern workplace and adapt to an evolving threat landscape.
Next-Generation Firewalls (NGFWs), free from legacy technology constraints, take advantage of significant advancements in computational power, memory, and storage. NGFWs boast critical security features such as intrusion prevention, VPN, anti-virus, and encrypted web traffic inspection. This not only helps protect against malicious content but also aligns seamlessly with contemporary networking topologies like Software-Defined Wide Area Networks (SD-WAN) and zero-trust architectures.
But what sets NGFWs apart from traditional firewalls? How do you know what features to look for and why should you invest in an NGFW? And finally, what do you do if you don’t have the security resources to devote to managing firewalls?
In today’s crowded security marketplace, numerous firewall solutions are marketed as NGFWs. Without clear industry consensus on the definition of a next-gen firewall, it’s incumbent upon organizations to assess features and gauge if the solution aligns with their business needs.
What makes next-generation firewalls a compelling choice for network modernization?
NGFWs offer several advantages over traditional firewalls. Key among these are comprehensive application visibility and control, the ability to distinguish between dangerous and safe applications, and capabilities for preventing malware from penetrating a network.
Here are several crucial ways an NGFW bolsters an organization’s cybersecurity posture.
Protecting the Network from Viruses and Trojans: NGFW’s application awareness analyzes header information and the payload against established application signatures to validate the application’s integrity and permission for use. With so many apps and services required for employees to do their jobs, this is crucial for allowing users to download applications from the internet.
Adaptability to the hybrid workplace: Even before the pandemic, businesses have been rapidly embracing hybrid work models, with teams working from everywhere, using a myriad of devices. This shift towards decentralized operations requires a significant effort towards adaptability and flexibility. NGFW’s robust security functionality can be invaluable in a hybrid work environment where the network perimeter is blurred and traditional security measures may fall short. NGFWs are also designed to seamlessly integrate with modern network architectures such as software-defined wide area networks (SD-WAN) and cloud services, allowing businesses to maintain robust security protocols as they transition between on-premises, cloud, and hybrid work setups.
Preventing Known Productivity Distractors: With robust application control, organizations can manage which applications are run, which features are accessed, and which applications are prioritized for bandwidth. For example, social media or SaaS applications can be selectively enabled or disabled based on job function.
Application Awareness: One of the fundamental enhancements NGFWs offer over traditional firewalls is application awareness. This feature allows NGFWs to identify and control applications — regardless of network port and protocol. This helps prevent unauthorized access and provides greater visibility and context into network activity. By recognizing application-specific characteristics and behaviors, NGFWs can effectively control access, provide prioritization, and offer bandwidth allocation for specific applications, enhancing both network performance and security.
User-based Policies: User-based policies are another crucial NGFW functionality. Unlike traditional firewalls that enforce policies based on IP addresses, NGFWs align policies with specific users or groups. This ability to connect users with their applications and related network activities enables more precise control and more contextual reporting, which can be invaluable for both security and compliance.
Intrusion Prevention System (IPS): Integrated into NGFWs is an Intrusion Prevention System (IPS) that actively identifies and blocks potential threats. The IPS scans traffic for cyber attack patterns or signatures in real-time and takes action to prevent these threats from infiltrating the network. This is a significant upgrade from traditional firewalls, which required a separate IPS solution.
Deep Packet Inspection (DPI): DPI is a form of computer network packet filtering that inspects the data portion (and possibly also the header) of a packet as it passes an inspection point. This is critical in the identification, categorization, or blocking of packets with malicious data. NGFWs employ DPI to scrutinize both inbound and outbound traffic, providing protection against a broad range of cyber threats — from malware to data exfiltration.
Leveraging External Security Sources: NGFWs facilitate the use of external security data, including directory-based policies, white lists, and black lists, saving time and resources.
By incorporating these advanced features, NGFWs offer far more granular control and visibility into network traffic than traditional firewalls. They empower organizations to better understand and manage the intricacies of modern network security, allowing for a stronger security posture and efficient use of resources.
Why should you invest in a next-generation firewall?
Firewalls primarily serve to protect against undesirable or malicious network traffic. But as threats evolve and detection becomes increasingly challenging, enterprise network security must advance to address the threat difficulty level.
Traditional firewalls filter network traffic based on port number, IP address, or domain in an “all or none” approach. In a bygone era where most attacks targeted network services and components, this level of security sufficed. But nowadays, most exploits are directed towards specific application vulnerabilities.
The emergence of NGFWs address these vulnerabilities, offering superior control over network security.
Ready to Enhance Your Firewall Protection?
Explore our advanced firewall solutions and fortify your network security.
Next-Generation Firewalls vs. UTM and Virtual or Cloud-Based Firewalls
Security discussions often blur the distinctions between NGFWs and Unified Threat Management (UTM) solutions or between appliance, virtual, and cloud-based firewalls (commonly referred to as Firewall-as-a-Service or FWaaS).
NGFWs include IPS and some form of application intelligence. UTMs, however, include these features plus additional technologies such as wireless security, URL filtering, email security, VPNs, and web application firewalls. Given their multi-functional nature, UTMs simplify deployment and management, reduce costs, and enable quick incident response times.
When comparing appliance, virtual, and cloud-based firewalls, we need to examine the form factor or the firewall’s location, not their features. Irrespective of hosting, a firewall with any of the above-discussed technical capabilities can be considered next-generation. Cloud firewalls are typically managed, configured, and updated by a third-party vendor, thereby reducing the managerial burden for the deploying company.
How AT&T can help you leverage NGFWs for network modernization
In a business environment where digital transformation is rapidly reshaping operations, it’s critical that your business deploys robust, adaptive security measures. NGFWs offer multiple layers of defense — securing your hybrid workforce and bolstering your security posture. They provide centralized visibility, reduce risk, and relieve the administrative burden on your tech teams.
Whether you’re building a foundation or upgrading your existing setup, managed firewall services from AT&T Cybersecurity make the transition smooth and efficient. Don’t wait until it’s too late; boost and modernize your network security today and protect your business against tomorrow’s threats
Ready to Deepen Your Knowledge of Firewall Solutions?
Watch our on-demand webinar to discover how the perfect blend of managed firewall, modern access management, and endpoint protection can create a robust and human-centric security solutions.
Security budget hikes are missing the mark, CISOs say
Read Time:34 Second
Misguided expectations on security spend are causing problems for CISOs despite notable budget increases. That’s according to new research from risk and cybersecurity solutions provider BSS, which surveyed 150 security leaders. It found that while most CISOs are experiencing noteworthy increases in security funding, impractical expectations of budget holders are leading to significant amounts being spent on what’s hitting the headlines instead of strategic, business-centric investment in security defenses. This lack of understanding shows that a lot of work needs to be done to ensure that information security receives the attention it deserves, especially in the boardroom, the report said.
USN-6168-2: libx11 vulnerability
Read Time:23 Second
USN-6168-1 fixed a vulnerability in libx11. This update provides
the corresponding update for Ubuntu 14.04 ESM, Ubuntu 16.04 ESM,
and Ubuntu 18.04 ESM.
Original advisory details:
Gregory James Duck discovered that libx11 incorrectly handled certain
Request, Event, or Error IDs. If a user were tricked into connecting to a
malicious X Server, a remote attacker could possibly use this issue to
cause libx11 to crash, resulting in a denial of service.
USN-6179-1: Jettison vulnerability
Read Time:12 Second
It was discovered that Jettison incorrectly handled certain inputs. If a
user or an automated system were tricked into opening a specially crafted
input file, a remote attacker could possibly use this issue to cause a
denial of service.
Digital dumpster diving: Exploring the intricacies of recycle bin forensics
Read Time:5 Minute, 12 Second
The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article.
In the vast realm of digital investigations, there exists a fascinating technique known as recycle bin forensics. Delving into the depths of this captivating field unveils a world where seemingly deleted files can still reveal their secrets, allowing digital detectives to reconstruct user activities and uncover valuable information. So, let’s embark on a journey to demystify recycle bin forensics and understand its role in the realm of cybersecurity.
Recycle bin forensics is a specialized branch of digital forensics that focuses on the retrieval and analysis of deleted files from the recycle bin or trash folder. This intriguing technique holds the potential to unlock a treasure trove of evidence, shedding light on cybercrimes and aiding in the investigation process.
To comprehend the intricacies of recycle bin forensics, it’s essential to grasp how the recycle bin functions.
When you delete a file on your computer, it often finds its way to the recycle bin or trash folder. It’s a convenient feature that allows you to recover accidentally deleted files with a simple click. But did you know that even after you empty the recycle bin, traces of those files may still linger on your system?
Welcome to the fascinating realm of recycle bin forensics, where digital detectives can uncover valuable information and shed light on a user’s activities.
Location of Deleted files
C:RECYCLED Win 95/98/Me
C:RECYCLER Win NT/2000/ XP
C:$Recycle.bin Win Vista and later
Metadata file
INFO2(Win 95/98/Me)
C:RECYCLERSID*INFO2 (Win NT/2000/XP) (SID denotes security identifier)
Windows Vista and later
C:Recycle.binSID*$I******(Contains Metadata)
C:Recycle.binSID*$R******(Contents of deleted file)
Both files will be renamed to a random 6-character value. These directories are hidden by default; however, you can access them using command prompt with elevated privileges (Run as administrator) on your windows system using command dir /a.
Recycle bin forensics assumes a critical role in digital investigations, enabling law enforcement agencies, cybersecurity experts, and forensic analysts to piece together the puzzle. By analyzing deleted files, forensic professionals can reconstruct a timeline of events, unearth vital evidence, and recover seemingly lost data, aiding in the pursuit of justice.
Unveiling the secrets hidden within the recycle bin requires specialized tools and techniques. Forensic software empowers investigators to extract deleted files, even after the recycle bin has been emptied. Through careful analysis of file metadata, paths, and content, digital detectives can gain insights into file origins, modifications, and deletions, painting a clearer picture of the user’s activities.
One such utility we will be using is $IPARSE which can be downloaded here.
Steps to find metadata related to a deleted file ($I****** file)
Run command prompt as administrator
cd .. (Twice)
after that use command dir /a and check if you are able to see $RECYCLE.BIN directory
cd $RECYCLE.BIN to go inside the directory and use command dir /a
now you will see multiple entries starting with S in the list of directories.
To check users associated with the SID directories you can use command wmic useraccount get name,sid
It will list all the users associated with SID’s. After that copy any SID by selecting and using ctrl C (as well you can use tab key to autocomplete the SID after typing first few characters of SID).
Now, to move into the SID directory:
cd SID (paste the copied value)
for example, if the SID directory name was S-1-5-32
cd S-1-5-32
after that use command dir /a to list the components of that directory you shall see $I and $R files. In certain cases, only $I****** file will be available.
For illustration purposes, we are using files acquired from other systems.
Now, create a folder and give a path to copy the file. Syntax would be file name “path” ($IABTIOW.doc “D:DesktopTest filesi filesTESTOutput”), you can alternatively use the copy command.
Copy the file/folder name (while inside the said directory) and copy to path (where you wish to copy the said file or folder). The path can be copied by going in folder and clicking the address bar – your file will be copied and the associated software will try to open it, but won’t be able to open (like photos app for png/jpeg files)
Extract and run the $Iparse utility you downloaded. Browse the directory/folder you copied $I files in. Now, browse to the directory where you want to put the result file at and provide a file name.
Click on save. After that, you should be able to see an interface like below:
Then click parse. It will display the file for you if it has successfully parsed it – the output file will be in .tsv format. You can open the .tsv file with notepad or notepad++. Now, you will be able to see details pertaining to the said $I file.
While recycle bin forensics is a powerful tool, it is not without its challenges and limitations. As time progresses and new files are created and deleted, older remnants in the recycle bin may be overwritten, making the recovery of certain deleted files more challenging or even impossible. Additionally, the effectiveness of recycle bin forensics can vary based on the operating system and file system in use, presenting unique obstacles.
To protect sensitive information and thwart potential recovery through recycle bin forensics, implementing secure data deletion practices is vital. Merely emptying the recycle bin offers no guarantee of permanent erasure. Instead, employing specialized file shredding or disk wiping tools can ensure that deleted data is securely overwritten, rendering it irretrievable.
In conclusion, recycle bin forensics is a remarkable field that uncovers the hidden remnants of deleted files, holding the potential to transform investigations. As we navigate the digital landscape, understanding the power of recycle bin forensics reminds us of the importance of safeguarding our digital footprint. Through knowledge, diligence, and secure practices, we can protect our sensitive information and fortify the realm of cybersecurity for the benefit of all.
Why assessing third parties for security risk is still an unsolved problem
Read Time:34 Second
A Forbes article is making the rounds right now about America’s most cyber-secure companies, and I can already see the cybersecurity outrage machine up in arms. Full confession: I haven’t yet read the article, but I’m about to. I’m writing this in two parts: before I read the article, and after I read the article.
Part I: What are the most cyber-secure companies?
If you ask me to list the most cyber-secure companies (what does that even mean?), here is my shortlist, in roughly the order I think of them:
Top tier: Google, Apple, Microsoft, Amazon
#InfosecurityEurope: Netskope Sets Out to Help Enterprises Safely Use ChatGPT
Read Time:6 Second
Netskope’s new solution aims to enable organizations to use generative AI tools without running cybersecurity or data protection risks
A Vulnerability in ShareFile Storage Zones Controller Could Allow for Remote Code Execution
Read Time:25 Second
A vulnerability have been discovered in ShareFile Storage Zones Controller which could allow for remote code execution. Storage Zones Controller extends the ShareFile Software as a Service (SaaS) cloud storage. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.