Mobile Device Management (MDM) (4) - Core Function Features (Demo with AirWatch Cloud SaaS Version)

AirWatch can be offered as Cloud/SaaS and In-Premises. Let's play with it cloud provisioning model.

IT Administration log in the web based administration page on cloud. Air Watch has several datacentre globally. An new user account namely "amicewong" is setup. Adminstrator could choose to alert "amicewong" by SMS or by email. Let's choose SMS.

The end-user (amicewong) receive an SMS with an URL. End-user trigger the link. Browser on the smartphone (a Samsung Galaxy SIII / Android in this case) connects to the specified link. First time setup and phone enrollment start.

However, the enrollment process seems never end. It is supposed some issue happen.

As the administrator, I try to chat with AirWatch online support (to test their support response at the same time :)). I was told that AirWatch client app is required to be installed before enrollment.

On the "Play Store" of Google, the AirWatch MDM Agent is found, download and installed. Then assigned URL and pin from SMS is input for enrollment.

Installation and Enrollment is done.

Once the phone is encrollment, administrator can track the phone status including, model, version, compliance (rooted or not), location, application installed on the phone, etc.

Operation logs on the phone.

Administrator could keep track of existing application on the phone, as well as assigning application that need to be installed on each phone. Administrator can  also blocked and uninstalled unauthorized apps on the enrolled phones.

 Lets' say the enterprise require end-user to install a "push up" app.

Once assigned, end-user would receive an alert on the phone. End-user simply click and download from the Play Store. Installation starts.
 AirWatch has also development application, like Secure Locker, Secure Browser. The Secure Browser allow enterprise to keep track and control of the website that end user (could) visit on the smart phone.

(Secure Browser are sold with additional cost)

Administrator can also distribute necessary documents to enrolled phone. For confidential document, administrator can configure as "view online" only, without having the confidential document to be stored on the phone.

Mobile Device Management (MDM) - (3) Selection Critieria

Six Main Selection Criterias for MDM. (Gartner)

 

The first 3 are common must-have functions feature:

(1) Provisioning

(2) Policy Enforcement

(3) Administration Reporting

 

The following 3 differentiate different MDM Solutions

(4) Containerization

(5) Mobile Application Management

(6) Enterprise Contect Management



Cisco Security Good "Oldies"

Forgive me for sharing a little bit old documents here. Indeed they are not too old - published in 3-4 year ago. But people in IT usually treat documents released more than 6 months are "old".

In my opinion, if an "old" document is still referred by key vendors/parties, I would treasure the document's high value, and its importance. Also, some concrete standpoints are always true in IT arena.. Eg. 7 layers, Virus is always bad, Firewall is always good for your health, etc...

Please find the following documents from Cisco that I recommend. They are good oldies.  :D


Enterprise Internet Edge Design Guide
http://www.cisco.com/en/US/docs/solutions/Enterprise/Security/IE_DG.pdf

IPSec VPN WAN Design Overview
http://www.cisco.com/en/US/docs/solutions/Enterprise/WAN_and_MAN/IPSec_Over.pdf

All reference:
Cisco - Design Zone Security
http://www.cisco.com/en/US/netsol/ns744/networking_solutions_program_home.html

Mobile Device Management (MDM) - (1) Gartner Magic Quadrant

The major purposes of mobile device management solution focus on "management" and little "security" riding the native feature of mobile. (The most securiy-related feature of a MDM is Remote Wipe as I could think of :P )

To further protect mobile phone asway from malware, spyware and virus. Please refer to Mobile Data Protection solution, in additional to and MDM.

Below is the Gartner Magic Quadrant of Mobile Device Management and Mobile Data Protection.

Among those MDM solution, AirWatch can be offered as a cloud service.

Mobile Device Management (MDM) - (2) Air Watch (Cloud or In-Premise)

AirWatch (http://www.air-watch.com/) mobile device management (MDM) solution could be deployed in either SaaS and also In-Premises.

Blue Circle: AW EIS is required if integration of MDM with internal application is required.
Red Circle: AW datacenter (in SaaS model) or AW mandatory module (in In-Premises model)

Green Cirle: User mobile phone

WooYun.org

While hacking activities originated from Chinese are getting more sophiticated, the security awareness in Chinese has been largely increased. WooYun.org (烏雲) is a Chinese forum for vendors and security researchers share and feedback on security vulnerabilities, threats and opinions.

www.wooyun.org

Ethical Hacking -- Proxy Hunter

Proxy Hunter is a proxy application that lets you scan for proxy servers.
Proxy Hunter is also a malware if it is unintentionally installed in your PC.

Proxy Hunter could be an danagerous tools if it is used by Hacker or Botnet, as those found (free) Proxy may be utilized as Zombie and could hide the Hacker away when Hacker lauch a DDoS to his/her target.

The reason to share Proxy Hunter info here is let people know how a Hacker can look for resource launching DDoS attack. We are not aiming at promoting Hacking as a habit.

As Proxy Hunter could be a tools for devils, it is not easy to Google search a valid download link. Here is the portal you could find it

URL: http://download.pchome.net/
filename: proxyht310b.zip

After installation, open it, and YOU MUST read the Warning.

 

Considering the damage that a Proxy Hunter could do, and some PC users may unintentionally installed with a Proxy Hunter, your PC's AV software will not recommend a Proxy Hunter. Click "Allow" only when you are sure what you are doing now.

 

Launch Proxy Hutner. Following the Step-by-Step tutorial : (in Chinese)
URL:  http://www.360doc.com/content/09/1204/12/261866_10342617.shtml

Or this simple tutorial (in English):
http://www.proxysecurity.com/proxy-hunter.php



The searching may need several hours for a Class B.   ......to be continued....

Intrusion Prevention Best Practice - IPS Placement

By deploying IPS, organizations are able to identify, classify, and stop malicious traffic, including worms, spyware / adware, network viruses, and application abuse before they affect business continuity.

Internet Border & DMZ

The most common place to insert IPS is at an organizations' internet border(s) and DMZ(s). The following represents some of the options for placement of an IPS to protect an internet border and DMZ.

IPS Outside of Firewall

This architecture places the IPS outside of the internet firewall.This architecture was one of the first proposed when IPS came to market, but is not very common for today's environments.

Pros:

• Early indication of reconnaissance/scanning activities
• Requires less interfaces to inspect traffic sourced/destined to the DMZ and Internal Network

Cons:

• Destination/Victims addresses will be NATed, causing research to determine which device inside the organization is being attacked. 
• Source/Attacker addresses from the inside of the organization will be NATed causing additional research to track down the source of any malicious traffic coming from the organization.
• Inspection of traffic that will be dropped by the firewall will create excess false positives.
• No visibility of insider traffic destined to dmz

Figure 1 - IPS Placed Outside of the Firewall

IPS Inside of Firewall for DMZ and Internal Network

This architecture places the IPS inside of the internet firewall protecting both the Internal Network and DMZ segments.

Pros:

• Only inspects traffic that the firewall allows into the network. (Minimizing False Positives)
• Events will include real IP addresses and not NATed IPs.
• Differentiate traffic to/from DMZ and Internal Segments.

Cons:

• Requires 2 IPSs or an IPS with enough interfaces to protect both segments.
• Traffic between internal and DMZ will be inspected twice.

Figure 2 - IPS Placed Inside the Firewall

IPS Software or Module in the Firewall

With the growing popularity of Unified Threat Management (UTM), this architecture is becoming extremely common. It places the IPS functionality inside the internet firewall protecting both the Internal Network and DMZ segments without a separate appliance.

Pros:

• No additional appliance required, saving rack space and energy.
• Events will include real IP addresses and not NATed IPs.
• Differentiate traffic to/from DMZ and Internal Segments.

Cons:

• Some manufacturers limit the throughput of integrated IPS (just be sure that the integrated IPS will support the required bandwidth)

Figure 3 - IPS Software or Module in the Firewall

Source: http://www.caysec.com/2010/09/intrusion-prevention-best-practice-ips.html?m=

Firewalls in the Data Center: Main Strategies and Metrics

For those who are involved in "Sizing" a "Next Generation Firewall", I would like to share with you this paper:

Firewalls in the Data Center: Main Strategies and Metrics
Joel Snyder, PhD
Senior Partner, Opus One

Abtract:
Measuring performance in networks has usually involved looking at one number: throughput. Since the first days of switches and routers, organizations have added up the performance they need, compared it to a total on a manufacturer’s data sheet, and used those values to decide whether or not they had the right hardware.

Unfortunately for security and network practitioners, the same basic metric of throughput cannot be used to
evaluate firewall performance. Because a security appliance actively participates in connections from Layer 2 up to Layer 7, you cannot simply look at bits-per-second throughput to predict how a firewall will behave in the data center.

In this document, you will learn key metrics you should use to evaluate firewall performance in the data center and why raw throughput is almost never the most important performance metric to use in your planning. Selecting a firewall does not mean simply picking the fastest firewall, but the one that is designed to handle the rapidly evolving,
network-intensive application environment of the data center.

http://www.cisco.com/en/US/prod/collateral/vpndevc/ps6032/ps6094/ps6120/Opus_One_Layout-928.pdf

"Un-intentional " DDoS Attack - the 40th MISS HONG KONG Beauty Contest

"Un-intentional " DDoS Attack - the 40th MISS HONG KONG Beauty Contest

In the final round of 40th Miss Hong Kong Beauty Contest, the online voting system is down due to over-crowded oublics, who are going to vote for their preferred candidates. As a backup plan, the final results is generated base on score from judges instead. This upsets quite a lot of online voters of the contest.

http://www.singtao.com/yesterday/ent/0827fo01.html

Blue Coat - Positioning of SWG vs FW, UTM, etc

"Who is BlueCoat?" - this is a wonderful powerpoint explaining the why BlueCoat solution (or BlueCoat-kind of solution) is required.

Blue Coat positioning Web Security vs. Next Gen Firewalls, UTMs & IPS :
   https://partners.bluecoat.com (you may need a partner login)

Blue Coat - Secure Web Gateway

Blue Coat Web Threat Report -- published by Broadband-Testing, UK :
   http://www.bluecoat.com/sites/default/files/documents/files/Broadband_Web_Threat_Test_Report.1.pdf

Blue Coat positioning Web Security vs. Next Gen Firewalls, UTMs & IPS :
   https://partners.bluecoat.com (you may need a partner login)

Secure and Manage Skype Usage

Skype Security and Management  Solution - "Actiance Advantage"

Actiance provides a comprehensive approach to managing and securing the use of Skype and other real-time communication applications within the enterprise. Visibility at the gateway is the first step in gaining control over Skype usage. Actiance’s Unified Security Gateway (USG) provides IT with complete visibility
into unauthorized Skype traffic on the network. It is purpose-built for the security of real-time  communications. Once visibility is obtained, Actiance’s Vantage enables the enforcement of Skype usage policies at the client and blocks any malicious URLs coming in over Skype chat sessions. This robust combination allows IT managers to set and enforce policies that ensure Skype traffic on their network is secure and meets compliance requirements.

Datasheet: http://www01.actiance.com/media/12574/Actiance-Datasheet-Skype.pdf
Company Website:  http//www.actiance.com
Actiance Blog: http://blog.actiance.com/

McAfee Network Security Platform (NSP) leads in 2012 Magic Quadrant for Intrusion Prevention System

Gartner just released their 2012 Magic Quadrant for Intrusion Prevention Systems and once again, McAfee Network Security Platform (NSP) leads the pack!  This marks her 7th consecutive placement in the Leaders quadrant for IDS/IPS.  While several factors contributed to our Leadership position, Gartner calls out McAfee’s ‘next-generation network IPS’ capabilities as a driving factor.

 

 

The entire report:

www.mcafee.com/gartner-mq-nips-2012

 

Although keeping things relatively high level, Gartner does make several key statements about McAfee you should be aware of:

• “strong NGIPS capabilities go beyond first-generation IPS”  – no other vendor is singled out with real NGIPS functionality except Sourcefire
• “McAfee was the vendor listed most often in the survey to vendors regarding their greatest IPS competitor” – the fact that other vendors consider McAfee their biggest competitor substantiates our leadership in the market
• “models that range from 100 Mbps to over 80 Gbps throughput”  – this out-paces all other vendors – the next closest competitor (Sourcefire) has half that capacity (40 Gbps), followed by quarter capacity (20 Gbps) from IBM and Stonesoft, with the rest hovering around 10 Mbps

 

Dimension Data: Security questions you should ask your cloud provider

Security questions that you should ask your cloud provider
In order to evaluate the security approach of a cloud provider, enterprises should ask the following questions of their cloud providers:

Network security:
• Do you provide dedicated physical or virtual LANs to your clients?
• How does your data centre architecture contribute to client security?
• Are clients able to define their own authorisation and access control lists?
• How can clients ensure that their networks are secure?

Secure user access:
• How do you provide secure access (SSL-based VPNs) to your clients?
• How do you provide account-based security?
• Do you support role-based access controls?
• Do you support the addition and removal of ACL firewall rules directly in addition to host-level security?
• How do you monitor and report on usage and activities for audit purposes?

Compliance:
• What compliance certifications does your company hold, and how often do you undertake a compliance audit?
• Do you permit clients to audit your security controls?
• How do you address requests for location-specific storage to abide by data sovereignty requirements?
• Can a client’s data be prevented from being moved to a non-compliant location?

Virtual machine security:
• What protocols do you use to secure applications running on a virtual machine?
• How do you secure virtual machines in your cloud?
• How do you isolate one or a logical group of virtual machines from one other?
• Do clients have visibility into their virtual machines and servers running in their cloud and, if so, what monitoring tools do you provide?

Dimension Data Cloud Security : Develope a Secure Cloud Approach

Taking a layered approach to securing the cloud

The solution lies in taking a layered or ‘defense in depth’ approach to enterpriseclass security. An effective hosted cloud service involves much more than migrating sensitive data into an environment, simply
wrapping a virtual perimeter around it and calling it secure. Unfortunately, this is precisely what many public cloud offerings consider ‘security’. Businesses should give thought to how to best secure each layer of the cloud environment, including the infrastructure, operating system, application and network layers. They need an integrated approach that considers networking and security together, in order to provide security for
the overall functionality of the application and data to be migrated to the cloud.

The whitepaper is to be downloadable at http://www.dimensiondata.com/



Cisco ISE (Identity Services Engine)

Cisco Identity Services Engine

http://www.cisco.com/go/ise

Cisco ISE Fundamentals
(Video):

http://www.cisco.com/en/US/prod/collateral/vpndevc/ps5712/ps11637/ps11195/ise_fundamentals.html

Product Specifications

There are three hardware options for the Cisco Identity Services Engine.

Cisco Identity Services Engine Appliance 3315 (Small)

Cisco Identity Services Engine Appliance 3355 (Medium)

Cisco Identity Services Engine Appliance 3395 (Large)

(more...)

http://www.cisco.com/en/US/prod/collateral/vpndevc/ps5712/ps11637/ps11195/data_sheet_c78-656174.html

Installation Guide: (you may need a partner account)

http://www.cisco.com/en/US/docs/security/ise/1.1.1/installation_guide/ise_ig.pdf