I don’t know how you spend your weekends, but I seem to need to use the downtime to clean up my email folders. While going through the many security email newsletters I subscribe to, an ad for some sort of blocking device caught my eye with a fairly bold statement:

See how new technology can block Facebook and MySpace once and for all!

There is something vaguely “English as a second language” about the ad, but no matter. What got my attention about this claim was the notion that this message might actually appeal to information security professionals with money who don’t reside in the Peoples Republic of China. Is this really a compelling product feature in 2008 or did I stumble upon an industry wannabe who is going to fail miserably? (more…)

Sophisticated Web 2.0 technology is powering new classes of malware and popular rogue applications that are regularly bypassing corporate firewall defenses.

Join industry experts Nir Zuk, CTO of Palo Alto Networks and Joel Scambray, author of the Hacking Exposed book series, as they discuss the latest threats, analyze how Web 2.0 technology traverses secure perimeters and explain how firewalls must evolve to address these issues. This interactive webcast is moderated by Jim Reavis, former Executive Director of the Information Systems Security Association.

For more information and to register, go here.

The live date is June 11 at 1pm EDT, it will be archived for on-demand broadcast.

By Jim Reavis

I am just posting some quick thoughts on our first two Firewall 2.0 Focus Groups, I will have more to say later:

• Everyone agrees that the firewall as currently constituted is providing minimal value. Everyone has built a ton of “helpers” around it that are doing most of the security work.
• By and large, there is no visibility into what is leaving the network tunnelled in Port 80. We need reporting that explains what applications are really being used, and by whom.
• Once an internal PC is “owned”, that outbound Port 80 is possibly an “outside-in” attack, so it isn’t just DLP we are worried about.
• We need to move from Port/IP Address rules to True Application/User (authenticated/identified/located) rules. Eons ago Ports were supposed to represent applications, but that train left the station a long time ago.
• Virtualization. We are building the new mainframe, and applications will be communicating through the virtual backplane, so whatever firewall enhancements we make need to secure the backplane, because we can’t force communications out of the virtual mainframe to be managed by network security devices.

There are several other recommendations I will document later. A few well meaning people have made some postings that this focus group idea isn’t worthwhile and we need to focus on OWASP and securing applications. Guys, I get the importance of that, I did a ton of work for SPI Dynamics for 5 years. However, it isn’t an either/or proposition. Securing apps is crucial, but what about the SSL session from accounting to Bulgaria? Don’t we at least want to try to understand how badly we are owned? It is about layered defenses and I think giving our network ingress/egress points 20/20 vision is worth at least attempting. No, it’s not just a network problem, but it is a big part of the problem.

(Note: we have our first two event dates and locations

March 25th: Chicago

April 1st: Seattle)

By Jim Reavis

This is an open letter to the best and the brightest network security architects to help me on a project to help design the ultimate next generation firewall. Firewall 2.0 to deal with Web 2.0. I am organizing half-day collaboration sessions in several cities and will also organize an online forum once we have completed our initial face-to-face meetings.

The problems we are trying to address are familiar. Firewalls today tend to be blind to the bulk of threats tunneled inside of port 80. Enterprise data leakage is ignored for the most part. Network security architects are required to deploy a variety of security point solutions that do not communicate and integrate well with each other. If the payload is encrypted, forget about it. Meanwhile, technical innovations are bringing new devices and applications into enterprises at a breakneck speed (iPhone anyone?), without regard for security vetting. The problem is getting worse, and we need some out-of-the-box thinking to find the solutions.

Our goal is to get some of the best minds together to collaborate for a few hours hours and talk about key issues that the next generation firewall must address. We hope to brainstorm a few innovative ideas and create a permanent “birds of a feather” group that can discuss these issues on a regular basis together and online.

The events are by invitation only. If you live and breathe network security, please drop me a line.