April 23, 2012

Popular Network Equipment and Vulnerability Statistics

According to analytical agencies, Cisco Systems is a manufacturer of the most popular switching and routing equipment for medium-sized and large-scale enterprises (about 64% of the global market). HP Networking holds the second place (approximately 9%). Then follow Alcatel-Lucent (3%), Juniper Networks and Brocade (each 2.3%), Huawei (1.8%) and other manufacturers less outstanding in comparison with the giants but still holding together almost 17.6% of the market.

There is a specific situation in Russia. Besides the products of the abovementioned manufacturers, Nortel and Allied Telesis switches are widely spread in this country. Moreover, devices of such manufacturers as D-Link and NetGear offering equipment to small and medium-sized enterprises are quite frequent. Brocade is still a rare bird in the territory of Russia.

April 16, 2012

Trendy APT — Struggling with Carelessness

Companies can be divided into two categories: those that know they've been compromised and those that still have no idea.

The term APT (Advanced Persistent Threat) was introduced by the US air forces in 2006 to describe a new type of attacks. For the first time they attempted to analyze an attack that had been conducted, make conclusions, and resist the new threat. APT is neither a sophisticated exploit nor a new-fashioned Trojan. APT is an attack paradigm.

Its general principles are well known. For instance, social engineering provokes users to open a link or an attached file; or exploitation of vulnerabilities is used to access the system under attack. Why is the APT so scary? Let's try to sort it out.

April 11, 2012

Introduction to XCCDF

XCCDF (The Extensible Configuration Checklist Description Format) is a specification language based on XML for description of security configuration checklists and other similar documents. XCCDF is one of the languages of Security Content Automation Protocol (SCAP) and an important instrument for specialists engaged in automation of information security processes. This language, for instance, is used to describe configuration requirements for the USA federal agencies’ and their contractors’ workstations (FDCC/USGCB program).

This article considers the way of describing security configuration checklists in the XCCDF language in terms of USGCB content for RedHat Enterprise Linux.