Dec 01

Ten measures to protect small and middle business data security(1)

Ensure recoverability of data

To do backup of existing data has been one of the key tasks of every business organization, only stupid administrators will take this kind of things as something superfluous. However, according to our experience, many enterprises don’t adopt extra measures to regularly check backup content.

Data disaster prevention mechanism

One reason why small and middle enterprises always suffer loss is the lack of forward-looking. Most of small and middle enterprises never make up adequate precautions for fires, floods and other natural disasters. Here what I must emphasize is that it’s necessary for all enterprises to store backup data in separate locations that is far from infrastructure.

Judge enterprise tolerance to data loss

Although in theory, it’s certainly more scientific to do full backup for all data. However, from the actual operations, all the information is often not necessary to be strictly protected. Companies should first determine themselves what type of data or which level of data loss can be tolerable. After a thorough understanding of their situation, we can begin modifying the backup system, letting data that is not needed disappears from backup list.

Estimate how long the daily data persists after losing data support

How long does your business persist when the enterprise doesn’t access specific data? Making sure this point can help enterprise determine how to make up restore time object (RTO). At the same time, it can help you easier establish suitable data maintenance system and hardware architectures。

Ensure that the backup system is secure and complies with regulations

The backup copy should be placed in specific location, the entire process must strictly follow relevant management system. Under possible circumstances, try to use data encryption technology to protect enterprise business information.

Oct 27

JPMorgan confirmed releasing 8.3 million users information, hackers want data rather than money

In early September, the JPMorgan data leak even was found; FBI and NSA were both involved in the investigation. At that time, according to Bloomberg reports, data leak occurred in early August, hacker used 0day vulnerability in bank website to launch attacks, FBI considered this is an attack launched by a national hacker organization according to the complexity of the attack.

CISO is a “temporary” worker

In HomeDepot event, we noted that HomeDepot hired a security manager with criminal record; and in this JPMorgan data leak event, the “temporary worker” – its chief information security officer (CISO) is deeply associated with this event.

When hacker invaded the network of JPMorgan, the CISO of JPMorgan – Greg Rattray just took office, he even wasn’t familiar with his parking space; before coming to JPMorgan Rattray assumed the Air Force Information Warfare commander, and before Rattray taking office, JPMorgan former CSIO Anthony Belfiore had resigned earlier this year, during the period, Anish Bhimani served concurrently as CSIO.

Data is more valuable than money

It’s reported that hackers found vulnerabilities in JPMorgan bank computer software and exploited them, attacking over 90 servers, but the survey showed that hackers are more interested in personal information than money. Although bank account password and other crucial information didn’t leak, but just like the impacts caused by other large-scale personal information leak events, users of JPMorgan now are facing the threats of spear phishing and social engineering attacks, for hackers mastered detailed private data of a enormous number of users.

Chief Technology Officer of RedSeal Ph.D. Mik Lioyd believes that in JPMorgan data leak event, hackers were busy stealing users’ information and even had no time to steal money, which indicates that today’s cybercrime group fancy the value of users’ data (user data exchange market and underground processing industry chain have been matured). Just like the army commander is more emphasized on Battlefield intelligence than weaponry.

Difficult to remedy

Relevant officials involved in the investigation said JP Morgan need to take at least several months to ferret out thousands of software applications and confer with technology providers about authorization contract. New York pointed out that this would give hackers a long time window through which they can further attack JPMorgan internal system undetected vulnerabilities.

JPMorgan data leak event also sent by far the most serious security warning to global enterprises: although the most high-edged security response technology and processes are inadequate to deal with automatic coordinated attacks. Enterprises need to do automatic analysis on entire end to end network access path and use security tools to timely detect any wrong configuration and anomalies caused by network complexity.

JPMorgan said they would continue to focus on detection and financial fraud events related to this data leak event, and if customers could timely detect and inform account unauthorized transaction, JPMorgan would bear the loss of customers.

You can’t stop focusing on the security of your account information and other private information stored in your service providers as well as on your own computer. Information and data leak issues occur in anytime anywhere, timely and comprehensive data and file protection is necessary and imperative.

Sep 09

Strife openly and secretly behind data encryption

In the information age, the U.S. National Security Council (NSA) almost becomes popular in the whole Internet. Not because they are credited with maintaining American security but because they rip off information, which makes them become enemy of users who strike to maintain network and freedom of network information security.

NSA has the world’s leading IT and personnel, meanwhile they are supported by U.S. government, which make them unscrupulous in the information world and the Internet.

According to “New York Times” online edition reports, a few years ago, the United States National Security Agency (hereinafter referred to as” NSA “) had implanted back door system into a International encryption technology that allows the United States federal to breach any data that was protected by this encryption technology.

There were reports that in 2006 the National Bureau of Standards and Technology helped develop an international encryption technology to assist countries and all walks of life to prevent their computer systems were hacked. But another United States federal agency — NSA—had stealthily implanted a backdoor system into the technology without many users knowing it, so that federal agents can decipher any data encrypted by this technology.

According to the documents leaked by former NSA contractor Edward Snowden, NSA has attempted to infiltrate each set of encryption systems, and often try to use the easiest means to achieve this goal. As modern encryption technology is extremely difficult to decipher, even with powerful supercomputers of the institution, it often failed to decipher. Therefore, NSA prefers to cooperate with major software developers and encryption technology licensors to secretly gain access permission to the system.

According to the news from “New York Times”, “The Guardian” and news site ProPublica, NSA can now access the code that’s originally used to protect commercial banking system, trade secrets, medical records and e-mail and Internet chat. Sometimes, NSA has forced some companies to give them access permissions.

These backdoors and particular access permissions are another evidence of the United States intelligence community’s ultra vires. Today, more and more businesses and individuals store most secret data on the cloud storage service, hence they need to be assured that their data is secure, but this relationship is mostly based on trust. Once users know the encryption system is sabotage, they will shake their confidence in these systems, which may have adverse impact on business activities.

People were originally thought that individuals, businesses and government agencies’ privacy in the general communications will be protected, but the fact that NSA implanted backdoor backdoor system might make such illusions shattered.

NSA tends to assure the U.S. government that they would decipher the communication or data that is suspected of illegal individuals or businesses. But weakening citizens’ ability of using encryption technology is obvious a practice of ultra vires.

New Jersey Democratic Congressman Rush Holt has proposed a bill, banning the government requiring software developers to implant backdoor in encryption software system. Outsiders believe that the bill should receive the unanimous support of the U.S. Congress. At the same time, a number of Internet companies including Google and Facebook are developing a new encryption system that is difficult for NSA to penetrate. These companies attempt to show an attitude that they are not secret partner of intelligence agency.

Aug 25

Top 10 Security Issues Revealed in 2014 Blackhat Conference (2)

6. Insecure family router

In-Q-Tel’s CISO (Chief Information Security Officer) Dan Geer said in hacker conference that the home router was most likely to be invaded. These routers could be easily found through a network scan, which usually contained the default login information, and most people never thought of upgrading their router firmware to the latest version. Perhaps in 2014 family network security will be a hotspot for hacker attack.

7. NAS with numerous loopholes

Storage devices connected to the network even have more loopholes. A security analyst at an Independent Security Evaluators agency Jacob Holcomn said the topic at this year’s hacker conference theme is NAS network storage.

He said there’s no one device that he cannot get, at least half of the device he could intrude without authentication. Through invading NAV devices, attackers could hijack other devices’ traffic on the same network, using the sniffing technology similar to ARP. “Jacob Holcomb said in a hacker conference.

More alarming is that, loopholes Jacob Holcomb showed in hacker conference had been submitted to the NAS manufacturers, but these loopholes had not been fixed yet. And the NAS patches usually take a few months to reach users.

8. Network management procedure

Do you remember Carrier IQ that develops smart phone hidden tracking program and the chaos caused by it? In fact the original intention of this phone app was just monitoring the phone flow, and it’s just a network performance diagnose tool. However, phones that install this diagnostic tool are vulnerable to attacks. Just like Mathew Solnik and Marc Blanchou from said in hacker conference, this vulnerability could be used to execute remote code, and bypass the local protection mechanism of operating system.

The researchers said that about 70% to 90% of mobile phones sold worldwide were equipped with device management program. Some other devices, such as notebook computers, wireless devices and networking equipment hotspots, etc., were facing risks from the “Open Mobile Alliance Device Management Protocol” (OMA-DM) contained loopholes.

9. Cheap picklock

Qualsy company’s researchers Silvio Cesare demonstrated how to use cheap and easy to get components to patchwork a tool, and then use it to get a car with smart system.

Cesare said this tool can be used to open the car door, and opened the trunk. But it takes implementers 2 hours to stay in the vicinity of the car, so now the car thieves still not abandon the rowbar and turn to computers.

10. Invade Hotel

The loophole mentioned by Security consultant Jesus Molina in hacker conference is more practical. Molina had lived in five-star hotels St. Regis Shenzhen, China Shenzhen, at that time Molina cracked iPad app “ digital butler” the hotel offered for customers through reverse engineering and used protocol vulnerabilities in KNX / IP router successfully control the hall way lights. In addition to lighting, television, temperature, music in room, and even the window-blinds in more than 200 rooms in the hotel were all in control. More exaggerated, the hacker who controlled all of this even had no need stay in China.

If you need more information about individual data protection and enterprise file management, you can visit Kakasoft.

Jun 30

Best Defense is Equal to Attack

Speaking of BYOD, the best defense is attack, namely, making strategies in advance to achieve your desired results and to avoid potential risks.

BYOD (Bring Your Own Device) has stirred all walks of business processes. Some companies are fully enjoying the convenience brought by BYOD, yet some companies shy away from them. On the bright side, BYOD can potentially help companies save operating costs, help employees maintain a happy mood and improve office efficiency. But on the other hand, BYOD may also bring a series of problems and pitfalls in the various aspects of security, compatibility and so on. But through some planning and education, most of these problems and pitfalls can be avoided. We can have a look at the troubles brought by BYOD and corresponding resolutions to these problems.

Data leakage: Companies sensitive data leakage is always one of most concerned problems for companies. Employees bringing their own devices to company makes enterprise more worried. Employees may lose their smart phone or tablet; for these devices can easily be eyeing by thief. When the devices containing companies’ sensitive data get lost, the data may fall into wrong hands. One way to avoid this situation is to use file password protection program to lock sensitive data with password, and the other way is to use a remote deletion policy, namely when the employee’s mobile device is stolen, company can remotely delete the sensitive data on the remote device.

Password Leak: just like we usually carry several keys, employees’ mobile devices will store various passwords that are used to log in company’s network and applications. These passwords may exist in mobile applications, or may also be stored directly in the mobile device’s memory. Enterprises must establish a strategy to ensure that companies’ passwords won’t be stored in cache or any application in mobile device. An alternative strategy is that if employees want to save the password on the mobile device business (even login information), they need to use information/password saving application to properly encrypt them.

Productivity decline: When employees start BYOD, they will spend a lot of time on social network, chatting with friends or do other things unrelated to work. How to solve this problem? Since many devices are connected to operator’s mobile communication network, in which case the employees feel that their equipment is not bound by corporate policy. In order to avoid this situation, you should require employees’ mobile devices switch into WiFi network provided by the enterprise when entering company. 

Insufficient bandwidth: Many companies have been concerned about this problem. Most companies believe that the enterprise network bandwidth demands will be dropped after the use of BYOD, which is a big mistake. One of the advantages of BYOD is that employees also can use the mobile operator’s network networking to work when going out, but when they returned to the office, they are likely to connect desktop and their mobile devices to the corporate network, thereby increasing the burden on the enterprise network access bandwidth. Therefore, companies need to ensure that their network access bandwidth has sufficient load-bearing capacity.

Device Management: Many companies are asking how to manage a large number of mobile devices. Because of the many types of equipment, as well as different operators, companies is difficult to centrally manage all mobile devices. But what companies can do is to establish a set of network access control mechanism (NAC), and to control these devices via MAC address for each mobile device.

Over Autonomy: Once a company implemented a BYOD strategy, which’s equivalent to tell employees and users that businesses gives them a very high autonomy. Of course, this autonomy is likely to be abused by employees or network users. Therefore, even if the enterprises implement BYOD, they should let employees know that it doesn’t mean that they can use their own equipment in any activity. If necessary, you can also require employees to sign BYOD agreement confirming that they understand their mobile devices use behaviors in the enterprise are limited.

Jun 16

It’s time for you to abandon TrueCrypt

A series of aftermath of WindowXP end of support is gradually revealing. Currently open source TrueCrypt warn users of the tool’s security vulnerability on SourceForge official site; meanwhile, TrueCrypt also announced the termination of TrueCrypt development.

TrueCrypt warned on the official page with striking red font:

“WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues

This page exists only to help migrate existing data encrypted by TrueCrypt.

The development of TrueCrypt was ended in 5/2014 after Microsoft terminated support of Windows XP. Windows 8/7/Vista and later offer integrated support for encrypted disks and virtual disk images. Such integrated support is also available on other platforms (click here for more information). You should migrate any data encrypted by TrueCrypt to encrypted disks or virtual disk images supported on your platform.”

TrueCrypt’s warning and development suspension caused uproar on social media, since in the past decade, TrueCrypt had always been a very popular cross-platform open-source encryption program, so it’d been first choice for users who had needs of data encryption.

For a long time, TrueCrypt are famous for excellent encryption performance and good safety record, TrueCrypt could create a virtual disk on your hard drive without needing to generate any file, the user can access in accordance with the drive, all files on virtual disk are automatically encrypted, which need password to be accessed. TrueCrypt offers a variety of encryption algorithms, including: AES-256, Blowfish (448-bit key), CAST5, Serpent, Triple DES, and Twofish, other features support FAT32 and NTFS partitions, hide labels, hot start and so on.

In 2009, the Brazilian Federal Police confiscated five hard drives in banker Daniel Dantas’s Rio de Janeiro apartment in the Satyagraha action launched in July 2008. These drives used two types of encryption programs, one of which is TrueCrypt, the other is unknown 256 AES encryption software. After the expert failed to crack the password, the Brazilian government asked the U.S. for help in the beginning of 2009, however, the United States federal police also failed to crack the encryption after one-year attempt, and returned the hard drive. This incident makes TrueCrypt famous.

In 2013, Snowden exposure NSA can decrypt most Internet encryption technology; TrueCrypt supporters raised a lot of money to audit TrueCrypt security. From the first phase of audit results, there has not been found security backdoors.

Johns Hopkins University professor Matthew Green participated in the TrueCrypt security audit, he said TrueCrypt official warning looks really, unlike the hacker’s prank, and he also contacted the TrueCrypt secret private developers, trying to get more details.

Whatever the truth, TrueCrypt users should enhance viligance, TrueCrypt is no longer the indestructible who should begin vigilant, TrueCrypt encryption is no longer the indestructible encryption software. And it’s time for you to consider using other file encryption software as an alternative. There’re many file encryption solutions on Google, you can try and choose most suitable one. If you need file/folder encryption solution for Windows computer, you can try Folder Protector.

May 19

Nine mistakes enterprise often commits after data leakage

In the recent International Association of Privacy Professional (IAPP), a data and privacy protection expert from Data Breach Resolution – Michael Bruemmer lists top nine common mistakes that enterprises commit after data leakage.

When the enterprise leak their data owing to being attacked , if the enterprise fails to handle the problem, the situation will become deteriorate, which may result in secondary attack on enterprise brand and performance and even involve the enterprise into legal troubles.

1. There is no external safety management services company to assist

When the severity of data leakage exceeds the company’s processing ability, it’s better for the enterprise to have the assistance of external security services team, which is called the incident response team, such as Verizon Business, Trustwave or IBM all can provide similar service. This kind of service should be considered when making out business continuity / incident response plan.

2. There’s no external legal counsel

Currently laws and regulations are unable to effectively cover all types of sensitive personal information, hence when serious data leak incidents happen, it’s necessary to commission an external data leak related experienced lawyer unless your company’s legal department well knows all data and privacy related laws.

3. There’s no sole decision maker

Data leakage often involves multiple departments in company, and every department has its head, which always leads to low efficiency in execution. Enterprise must assign a similar CISO position, which can play a planning and coordination role in promoting the overall issue response.

4. A lack of transparent communication mechanism

A lack of transparent communication mechanism will lead to troubles, and wrong communication message will cause wrong actions, which will delay the processing speed of the entire incident and make new confusion.

After the incident response team was established, every staff in this team should be definite and provide a complete contact list for external consultants.

5. There is no communication plan

Another problem in enterprise is a lack of communication plan to communicate with the p[ublick or the media.

Enterprise should prepare a detailed and feasible media communication plan for a data leak incident. Rapid and effective media communication can avoid spreading false reports.

6. Think and plan before things happen

Data leakage incident often needs you to make decision when holding incomplete information or information is changing fast, which is somewhat similar to a hospital emergency room. Enterprise must launch contingency processing flow while data leak incident happens. Waiting to grasp the full information and then taking action will miss the best opportunity.

7. A lack of rehabilitation and correction plan after the event happens

After handling the data leakage incident, enterprise should make out a rehabilitation and correction pan to maintain good communication with consumers and stakeholders, while avoiding this kind of events from happening again. It’s helpful for rebuilding the brand and retrieve trust of customers by sharing your investment in information security technology and services with your customers and investors.

8. Provide customers with no remedy

Consumers should always be the core of intrusion response, which means that companies should notify consumers through channels such as call center to take proper measures to protect personal privacy data after the data leakage incidents happen.

9. There’s no plan to execute

Incident response plan must be constantly updated and corrected, and its implementation needs a complete team to continue to advance.

For more information about data security, you can visit:

May 05

The troubles from BYOD and corresponding solutions

When talking about BYOD, the best defense is attack, that is, through setting stratagem in advance to achieve the expected results and to avoid the potential risks. BYOD (Bring Your Own Device) has stirred all walks of business processes. Some enterprises are fully enjoying the convenience brought about by BYOD, while some enterprises are staying away from it. On the bright side, BYOD can potentially help companies save operating cost, help employees maintain happy moods and improve office efficiency. But on the other side, BYOD may also result in a series of problems and pitfalls in security and compatibility and other aspects. However, through education and planning, most of these problems and pitfalls will be avoided. Now let me show you the troubles result from BYOD and the corresponding solutions to the problems.

Data leakage: company’s sensitive data leakage is always one of the most concerned problems for companies. Employees bring their own devices into the company, which makes the concern of data leakage more serious. Employees may lose their smart phones or tablets, what’s more, these devices easily become targets of thieves. Once the mobile devices with company sensitive data get lost, the data may well fall into wrong hands. To avoid this situation, admin of the business should urge employees to encrypt all files relate to company with password, so the files are still under protection even if the device are stolen or missing.

Password leakage: just like we usually carry several keys, there will be several passwords that can be used to logon enterprise network or service applications on employees mobile devices. These passwords may be stored on mobile applications or directly on the memory of the mobile devices. Enterprise must establish a strategy to ensure the password won’t be stored on cache or applications on the mobile devices. An alternative strategy is to use special password storing application to properly store passwords if employees hope to save enterprise passwords on mobile devices.

Productivity decline: when employees begin bringing their own devices, they will spend much working time on the social networks, chatting with friends or behaving other things unrelated to work. How to solve this problem? In order to avoid this situation, all employees’ mobile devices should be connected to WiFi network provided by the enterprise. If employees are aware of the network they are connected now is within the enterprise, they will more beware of the online behaviors and don’t spend too much time on things unrelated to work.

Compatibility issues: BYOD will bring a lot of problems about devices and platforms. You hope company’s IT system and business process will support Android, IOS, OS X, Blackberry, Linux, Windows 8 and other mobile systems; while companies wish to support only one or two kinds of platforms, for the limited platform make the support from company to mobile devices easier.

Device Management: many companies are wondering how to manage a large number of mobile devices. Because of various types of devices and different operators, enterprise can hardly centrally manage all mobile devices. But companies can at least establish a set of network access control mechanism (NAC), such as PacketFence, and to control these devices via MAC address for each mobile device. Of course, this requires that employees agreed the enterprise to record the MAC address of their mobile device. But companies need to realize that it takes much time to manage all devices and activities of these devices.

Virus infection: compared with desktop, the risk of virus infection of mobile phone platforms is relatively less. Therefore, users of mobile devices must install anti-virus software for their devices. The enterprise should designate antivirus products for employees, and regularly remind staffs to upgrade software and virus database.

Compare all devices to human beings, the mobile device is like people in adolescence, and there always be many problems. Enterprise makes use of mobile devices to assist the business; it must face various potential problems. The best solution is to prepare in advance and then resolve the problems quickly and timely when they arise.

Apr 08

Computer Password Cracking Methods Conclusion (1)

The administrator always confront with problems about password forget or password missing, the followings are the collection of some methods of password cracking. Power-on password is the first one we’ll meet, so let’s star from CMOS password cracking.  

1.       CMOS cracking

Even though the types of CMOS are various, their encryption methods are basically the same. The general cracking methods start from “hard” and “soft” aspects.

1) “Hard” remove method

The principle of this method is to process the CMOSRAM on the motherboard with electro discharge treatment, which makes the contents lost owing to lack of normal power supply parameters stored in CMOSRAM lacks normal power supply, and thus to remove CMOS password. Some newspaper or sites make much introduction about how to crack CMOS password, and the operation is very easy. But we will introduce an alternative technique, which is the method that a number of computer users like to use. This method is also simple: open the case, and pull off the hard drive or CD-ROM, floppy drive data cable from the motherboard, and then start the computer, BIOS will report an error during self-test and then automatically enter CMOS, at this time you can reset the BIOS content.

2) “Soft” remove method

Strictly speaking, the “soft” remove method is not as thorough as hard remove method, but it’s also very effective. CMOS password according to need can be divided into common user password and super user level password. The former simply restrict the changes to the BIOS, but it allows to normal start computer and run other software; but the latter completely ban access to a computer and BIOS.

1> crack common user password

First of all, boost a computer with DOS, input debug and then press enter in dos command line, and then use the data of listed methods to remove the CMOS password, restart the computer, the system will tell you the CMOS parameter is missing and require you to reset CMOS parameters. After testing, this is a very effective method.

2> crack the super user password

Here we need to resort to external tools. We choose the most classic BiosPwds, a freeware, which is suitable for computer users who are not familiar with dos.

2.       Crack system password

System password is the password you use to log on the operating system, it provides protection for your computer and protect your computer from unauthorized users’ accesses, so as to ensure computer and confidential data security.

1. Windows98/ME system login password

1> cancel

The easiest way is to enter nothing when logging on the password, directly click on “cancel” to enter the operating system. But this way makes you can only access resources in local computer but can’t access the network resources if your computer is a part of LAN.

2> add users

When you are blocked from the system owing to the password, you may as well add a user for the system, and then log in. Click “Start”->”Settings”->”Control Panel”, and then double click on “user”, open the “User Properties” dialog box. Then, input user name, password and customized settings following the prompts, and then click on “Finish”.

3> delete “PWL” file

Delete the .PWL file under the Windows installation directory and all personal information files under Profiles subdirectory, and then re-boost Windows, the system will pop up a password setting box without user name. You don’t need to input any content, just click on “Ok” and tehn Windows password will be deleted.

4> modify the registry

Run the Registry Editor, open the registry database “HKEY_LOCAL_MACHINE \ Network \ Logon” and change “username” to “0″, then restart the system, which also allows you to remove the password.

2. Crack WindowsNT password

If you have normal user account, there’s a simple way to get NTAdministrator account: first rename the logon.scr under c: \ logon.scr winntsystem32 as logon.old for backup, and tehn rename usrm gr.exe as logon.scr and restart. logon.scr is a loaded program when starting system, after restarting, the computer won’t appear logon password interface, but the user manager, at this time you can add yourself into admin group.

3. Windows2000 password

Use boot disk to boot computer or enter another operating system (eg Windows98), find the folder “X:\DocumentsandSettings\Administrator” (X is the disk where Windows2000 is placed), delete “Cookies” folder under this folder and then restart the computer, so you can quickly logon Windows2000 without password.

The above methods are used by admin to cope with problems of forgetting password or missing password, they shouldn’t be used to break other people’s computer. And the computer users who are afraid other people will invade computers without authority and steal personal information should take extra protection for the confidential and sensitive files and documents, such as using file encryption solution to protect files and folders.

Apr 01

How to avoid failure of network security equipments deployment? (1)

The enterprise network is rapidly developing! Some of the groups began to clean up phone and tablet and refuse the internet connections from coffee shops and train connections (as a WAN link).

The concept of the extended enterprise brings about more and more severe problems to IT security portfolio, because their sensitive data and valuable data frequently flow out of the traditional network boundaries. In order to protect enterprise from the persistent threats of diverse and low-end low-speed adaptability, IT enterprises are deploying various new network security devices: the next generation of firewalls, IDS and IPS devices, security information event management (SIEM) systems and advanced threat detection system. Ideally, these systems will focus on management, following a centralized security policy, as a part of a universal protection strategy.

However, when deploying these devices, some common mistakes in enterprise will seriously affect their ability of universal protection. This article will introduce some problems which should be noted in the planning and deployment of new network security equipment, and how to avoid related problems that may lead to the failure of defense in depth.

A maximum error is assuming that the security device itself is secure. It’s apparently easy to understand, but we must insist on this footing. How secure is the so-called “enhanced” operating system? What’s its latest status? And how secure is hyper stable “Web server”?

Before starting any job, you must create a testing plan to verify all network security devices are really secure. The first is to start from some basic tests: do you timely upgrade, install patches and fix bugs on each device and their supporting network, server and storage infrastructure? In accordance with the currently known vulnerability information clearing-house you must be sure to regularly upgrade and install equipment patch.

Then, turn to aspects that are more difficult to handle: periodically assess potential weaknesses on multiple device configurations. The inappropriate dement sequence of encryption system and application delivery optimization (ADO) will also cause data leakage, even if various devices can operate properly. This process can be carried out in conjunction with penetration test.

For any safety equipment, management/control channel is most prone to have vulnerabilities. Therefore, the most important thing to note is how you need to configure and modify secure devices and who are allowed to carry out these configurations. If you are ready to access the secure system via a Web browser, the security device will run a Web server and allows Web traffic in and out. Are these flows encrypted? Whether it needs to use a standard port? Whether all the devices need to use the same port (so the intruder can easily guess)? Is it accessed by a common network or a separate management network connection? If it belongs to compile the connection, then any host that send traffics through this port may attack this device. If it’s on a managed network, you only need to worry about other devices on the network.

Best scenario is that if you can’t directly access the device, you need to ensure that all configuration changes must use encryption and multi-factor authentication. Moreover, it’s necessary to closely track and control identity information of equipment management to ensure that only authorized users can gain administrative privileges.

For more information about network and computer security information, please visit: