| In This Issue |
 Tech Talk News & Articles Reader Q&A Announcements Etcetera |
| Tech Talk |
Practical File-Format Protection
One of the most common ways to breach a network these days is an attack that utilizes a file-format vulnerability. These can come in many forms, but based on installation base size, attackers typically leverage applications such as Microsoft Office, Windows Media Player, Adobe Reader, as well as a slew of other Windows-based applications. A smart attacker can even leverage the vulnerability to spawn a “legitimate” document to be opened after a vulnerability is exploited, thereby avoiding raised suspicions on the part of the victim. With a powerful file-format vulnerability, an attacker can break through the outer shell of the network security and gain a toe-hold into the network.
Although this topic has been discussed thoroughly, and many vendors (including eEye) have software solutions to protect from such issues, there are still some very practical and simple mitigation tactics that can be put into place in order to lessen the likelihood of a successful attack:
Alert all users of the importance of only opening attachments from trusted sources or websites. We know you hear about this every time there’s a file-format vulnerability, but this is truly the most important part of protection. eEye regularly performs penetration testing against a multitude of different customers, but the common denominator of enticing users into opening attachments seems to remain throughout all of the engagements.
Enable e-mail scanner to scan all attachments prior to delivery into user mailboxes. Yet again, a no brainer. However, an administrator should not just take a vendor’s word that it fully scans attachments, but should test this themselves. For instance, restricting HTML attachments over e-mail would be able to protect from a subset of ActiveX issues and is easily testable.
Disable “easy” attack vectors for reliable opening. Attackers are looking for the highest likelihood of a victim opening a document. Simple things like resume files to HR departments or tax information to finance departments. These are very basic methods, however they are avoidable. For instance, creating a website for the submission of plan-text resumes and alerting your HR department that they should not open any attachments from outside parties can be quite effective.
Standard IT security. Of course, keeping a solid AV/HIPS along with a fully patched network will always help the mitigation of these types of attacks and should never be underestimated. Many people try to make this problem over complicated, but the most basic protection mechanisms will thwart nearly all of the non-targeted attacks eEye Research sees in the wild.
In the case that you think you’re witnessing a breach related to a file format, eEye Research can assist you. Simply email the potentially suspicious sample inside of a password-protect zip file (password – ‘infected’) to malware@eEye.com and we will be able to get you some more information regarding the sample you received.
Source: Andre Derek Protas, Director of Research and Preview Services |
| News & Articles |
The following articles represent the opinions of their respective authors. They do not necessarily represent the opinions of eEye Digital Security.
SC Magazine: Security Blink Professional
"SC Magazine reviews eEye's Blink endpoint security product as being feature-rich and able to replace many other pieces of software." Full Article SC Magazine: Group Test- Vulnerability Assessment
"SC Magazine reviews the eEye Retina Security Management Appliance as a Best Buy providing solid performance, good value and a venerable pedigree." Full Article Blink 4.0 Video Review
"David Strom performs a video reviews eEye's Blink Professional 4.0" Full Article View All Media Coverage
"eEye and its security solutions have been covered by numerous press and media associations" Full Article |
| Reader Q&A |
Q: I think my network has been breached, what should I do?
A: The first thing to do is to hire a consulting group that is familiar with intrusion and incident response. If this is a good attacker, the simple tools used by an administrator will be no good at identifying the true threat. If the group has identified the possibility of customer personal identifiable information (PII) being released, you should immediately alert your customers and engage a lawyer to help you through the process. These types of incidents are hardly a joke, and should be taken very seriously in the beginning rather than digging your head in the sand (as many IT departments unfortunately do).
Have a question you would like answered? Send it to versa@eEye.com, and win an eEye t-shirt if we select your question for an upcoming newsletter. |
| Announcements |
eEye Unveils New Partner Program to Offer Growth Opportunities for Security Resellers
Pre-sales support, training, lead referral program, tech support hotline, incentives and discount opportunities define the new eEye Partner Program Full Article eEye Retina Network Security Scanner Passes NSS Labs’ PCI Suitability Testing
Retina is able to support 16 of 16 direct PCI DSS Requirements in NSS Labs PCI Suitability Testing Full Article eEye Receives top Rating and Earns ‘Best Buy’ Title in Security Product Shoot-Out
SC Magazine awardes Retina Security Management Appliance 5-star award for Vulnerability Assessment Group Test Full Article eEye To Offer 25% Discount Channel Conversion Incentive to Entice Symantec Partners
eEye to offer a 25% discount to former Symantec resellers who join the eEye Partner Program or change a Symantec renewal opportunity into an eEye purchase Full Article |
| Etcetera |
Stay Up-to-Date with eEye Research
eEye Research has seen some staggering results from the recent influx in Blink Personal/Neighborhood Watch users. This data is offering eEye Research a distinct insight into host-based vulnerability and attack trends to offer enhanced protection into Blink. Keep an eye on the eEye Research Portal http://research.eeye.com/ for future projects that have arisen because of the mass use of Blink Personal including Neighborhood Watch reports and attack trends. More Vulnerability Expert Forums
The monthly Vulnerability Expert Forum focuses on recently announced critical vulnerabilities - from Microsoft and other software vendors. eEye's Internet security experts will describe the actions necessary to protect your systems from the threats that target these vulnerabilities. More |
HOW TO SUBSCRIBE
To subscribe to this and other eEye newsletters, please visit: http://www.eeye.com/html/resources/newsletters/subscribe.html FEEDBACK
The eEye newsletter staff welcomes any comments, questions or suggestions from our readers. We hope that you will not hesitate to contact us with any feedback you may have. Send all feedback to versa@eeye.com. DISCLAIMER
The information within this newsletter may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties with regard to this information. In no event shall the author be liable for any damages whatsoever arising out of or in connection with the use or spread of this information. Any use of this information is at the user's own risk. NOTICE
Permission is hereby granted for the redistribution of this newsletter electronically. It is not to be edited in any way without the express consent of eEye. If you wish to reprint the whole or any part of this newsletter in any other medium excluding electronic medium, please email versa@eeye.com for permission. |
