Friday, January 28, 2011

Secure Facebook, ooh er

In the same week as Data Privacy Day and the suspected hacking of CEO Mark Zuckerberg's Facebook page, Facebook have added the new option of always-on SSL encryption for users accessing their service.

In a blog post yesterday the social networking giant announced two new security features. “Social authentication” is a new form of user authentication designed to thwart automated attacks, by asking the user to identify photos of their Facebook friends.
Facebook have also added the option of “Secure Browsing” to their Account security settings. When enabled, this causes Facebook to use SSL encrypted connections (HTTPS) rather than plain old HTTP. The changes give protection against various attacks “on the wire”, such as the Firesheep tool seen last year and the more sinister actions of the Tunisian government.

Ostensibly this is good news for us Facebookers, however the situation in the workplace may be less clear. With 4 out of 10 workplaces apparently blocking Facebook, we can assume that a good proportion of the remaining 6 use filtering and monitoring procedures instead. If Facebook access becomes “invisible” through encryption, more of these firms may be forced to bring down the ban hammer on facebook.com.
Or they could try a filter that understands HTTPS, like Guardian? Because it is the 21st century after all.

Thursday, January 27, 2011

Google, autocomplete, filtering - where next?

Google have begun rollout of the second round of autocomplete filters. If you're not familiar with autocomplete, and the filtering... here's the background: Google introduced auto-complete to their "search" box to make life easy for the terminally lazy - for example, when I start typing "web filter" into google, it handily suggests adding "bypass" on the end. I hadn't thought of that. Thanks! The next development was google "instant" - where search results were displayed for your half-completed terms. Soon, autocomplete got filtering - ostensibly to save the blushes of innocent searchers whose half-completed thoughts turned out to match vaguely pornographic terms. "Hot chi" for example will quickly stop autocompleting.

So that's the autocomplete filter - mostly "adult" content under scrutiny... some drug use type phrases. The next addition though is "copyright infringement searches" - now I don't personally see how not completing "torrent" is going to help reduce piracy - joe warez isn't going to sit at his PC and type "tor" and then think "nah, can't be bothered!" and search for "tortelini" instead. No, I don't rightly see the advantage. It stirred up a veritable hornets' nest of "free speechers" though, many of whom were conspicuous by their absence when the first lot of filtering was applied.

What interests me, from a web content filtering point of view, is the choice of terms. If we're going beyond "things that can cause embarrassment" to "things considered harmful by a. moralist" then where's the gambling terms? To my knowledge there isn't one that's filtered. My guess is that online gambling pays too well in google ads to make it worth filtering! On the other hand, powerful lobbying groups love to see torrent searches marginalised.

This has implications for web filtering types like Smoothwall - we have to help fill the gaps, especially in education - between what google is willing to keep out of searches, and what educators deem suitable for their young charges. Fun.

Thursday, January 6, 2011

Internal Threats

Don't just secure your network perimeter, consider that the majority
of attacks are committed by someone with existing access to the
internal network. These are often on hubs or rogue access points so
first things first, enable strict mac access control on your access
switches, you don't need to be using expensive switches as the feature
is often available on the most basic of managed switches. It may seem
tedious to get the mac addresses of every device but you've probably
already got them listed, in dhcp for example or even run an automated
script to scrape the arp cache from your dns server every couple of
minutes for a week.
Have a wireless survey every couple of weeks, it doesn't have to be
done by a pro with mapping software (unless you've got the money to
burn), you could even use a smart phone and take a slow stroll around
your premises, personally I'd use the tools on a live Linux
distribution like backtrack3. If you're really keen on wireless
security, look into kismet, it can be set to detect rogue access
points and even attempt to disrupt their use if discovered!
Sounds a simple one but only make live the network points that you
need to. An active network point in an unused room is perfect for an
intruder to get unsupervised access to your network.
Segment your network, either physically or virtually using vlans.
Having a firewall between your core servers and clients might seem a
little over the top but consider the services that are actually used
by your clients, these are very unlikely to change, at the very least
you could monitor traffic on non-standard/interesting ports, i.e. Who
is connecting via RDP to your domain controllers? Or who is accessing
file shares on your SQL server?