Intrusion Prevention System (IPS) are network security appliances which inspect data and flow of network traffic.   This appliances is configured to detect or prevent malicious activity targeting systems. The assigned reading lists various methods used to circumvent or bypass the different types of intrusion presention systems in the marketplace. The following are very effective methods; Obfuscation, Encryption and tunneling,  Fragmentation and Protocol Violations.  Quite often several of these methods are combined or requeired to circumvent the intrusion presevention system of a target.

In the NEWS:Why Banks Need to Prepare for More Chase-Like Breaches

http://www.databreachtoday.com/interviews/banks-need-to-prepare-for-more-chase-like-breaches-i-2980

Web Services Security – An Overview: 

Web services allow complex applications to present their information in a simpler manner via common processes such as HTTP or HTTPS.  The most common web service vocabularies are SOAP, WSDL and UDDI which enable the communication required to present the information.  This technology provides the next phase of evolution, but does come with challenges and risks.  There are a wide array of attack vectors which unprotected web services are vulnerable to such as,: Reconnaissance, Denial of Service, Integrity Attacks, Firewall Bypassing, Unintended software interactions, and immaturity of the Platform.  Fortunately, several countermeasures have evolved to counter these attacks such as,: Enforce Trust Relationships, Encrypt Transport Links, Engineer Secure Components, Perform Regular Tests on Components, Reconcile WSDL Specs with Actual Operation, Use HTTP Proxy Filters, and Configuration Management.

In the NEWS: http://www.databreachtoday.eu/hackers-claim-fbi-portal-breached-a-8667

A group of hackers claims to have breached an FBI information-sharing portal and gained access to numerous sensitive systems, including records of individuals who have been arrested by U.S. federal agencies as well as tools for sharing information between U.S. federal agencies and partners located both domestically and abroad.

Web Application vulnerabilities are still rampant and companies continue to allow attackers to exploit weaknesses in their websites.   XSS is the most prevalent attack method for the Web app type attack followed closely by SQL injection.  The exploitation of XSS occurs when an attacker exploits poor code in the website where via an input field the attackers code is executed instead to search for XSS vulnerability.   SQL injection occurs when you have some sort of input field the attacker can exploit via commands that test for certain vulnerabilities.    There is a long list of vulnerabilities, but ultimately better coding and vulnerability management mitigate the risk.

In the News: http://www.databreachtoday.com/talktalk-breach-fuels-call-for-tougher-uk-laws-a-8618

The continuing problems with the London based Telecom with their 3rd data breach.

Malware infection is a very common attack vector utilizing various types of malware with common examples being Trojans and Polymorphic malware. Every organization should have a plan in place to handle an injection or infection of their systems to repel the malware attack.  This plan will enable cyber security professional or information security engineers to triage or resolve disruptions to the services being attacked.   SANS has a great guide which provides succinct Incident Handling Processes: preparation, identification, containment, eradication, recovery, and lessons learned.

In the news: http://www.databreachtoday.com/cia-directors-aol-email-account-reportedly-hacked-a-8605

U.S. law enforcement agencies are investigating reports that the personal email account of Director of the Central Intelligence Agency John Brennan was hacked by an American teenager and that personal information for some top U.S. intelligence and national security officials was stolen in the data breach and leaked online.

Packet sniffing is largely an internal threat which must be mitigated.  Packet sniffing is susceptible in both a non-switched and switched network.  Many off the shelf tools today allow insider threats to easily capture information deemed sensitive.  Packet sniffers were intended for “good” use but inevitably have become a tool for malicious activity.  A switched network considered to be more secure is also vulnerable to sniffing with a laptop and implementation of a man in the middle attack.   There are a variety of mitigation steps that can be put in place that are more and less successful, but ultimately encryption is the most viable solution.

In the news: Beware of cash out attacks, banking Trojans via Malvertising and POS Memory-Scraping Malware

http://www.databreachtoday.com/malware-warning-banks-customers-atms-under-fire-a-8551

Reading Summary: Enumeration is a powerful to which allows you to identify valid user accounts or any weak components at a target.    One of the first activities while conducting a penetration test in Unix environments is to perform a user enumeration in order to discover valid usernames.  There are several pieces of information that can be gathered by utilizing services standard tool available in Windows and Unix.  Footprinting is a commonly used practice utilized by hackers to asses a companies capabilities.  Performing reconnaissance on the company is a key tactic in identifying the company’s security weaknesses this can be utilized by the Penn Tester as well to defend against attacks. 

This article centers around the recent outbreak of Malware in the App Store which was targeting applications utilized in Asian countries.

http://www.databreachtoday.com/apple-battles-app-store-malware-outbreak-a-8538#

The importance of vulnerability scanning cannot be minimized.  The attack vectors routinely target systems which are vulnerable from an upgrade, patch or security perspective.   Organizations which have implemented vulnerability scanners such as Nessus provide themselves with some protection for known vulnerabilities and ensuring their configurations are up to date.  The only downside is the vulnerability engines are limited to the vulnerabilities it is aware and has a plug-in for.  This type of solution works best when coupled with firewall and IDS systems to add layers of defense to your organization while proactively protecting your systems.

This weeks article illustrates the risk associated with email specifically in the health care industry.

http://www.databreachtoday.com/sutter-health-incident-illustrates-email-risks-a-8533

The key facts I got from the reading are that public information will always be available as the internet will always be instrumental in finding customers which in turn will always make you vulnerable or a candidate for an attack if you are not properly protected.  Ensuring that your configurations, patches and security are up to date or hardened will go a long way in making attackers choose another target. Simple queries or scans that are within the law can open a window into your environment which gives an attacker the bread crumbs necessary to begin their attack strategy.

In the News:

http://www.databreachtoday.com/hackers-exploit-stolen-firefox-bug-information-a-8525?rf=2015-09-08-edbt&mkt_tok=3RkMMJWWfF9wsRojuq3OZKXonjHpfsX66OgpUa6g38431UFwdcjKPmjr1YYIRct0aPyQAgobGp5I5FEIT7HYRrhpt6cOXA%3D%3D

Hackers exploit stolen Firefox bug information attacker.  Mozilla is warning that at least one year ago, an attacker infiltrated the repository that it uses to log bugs pertaining to its Firefox browser, began stealing information relating to unpatched vulnerabilities in Firefox and other Mozilla products, and actively targeted at least one unpatched flaw in Firefox for a period of at least three weeks. Officials at the free-software community say they have also alerted law enforcement to the theft, and say they have taken steps to improve their internal security practices, to help block such attacks in the future.