All Articles
Inclement Weather Warning
Dear Valued Client,
This message is to assure you of our continued 24/7 support during the potential blizzard (Jonas) that could affect the New York City Metro Area between Friday 1/22/2016 and Sunday 1/24/2016.
Our technicians are onsite and available to give you reliability that is expected from Digital Edge!
Any client using our Geographical Cluster may request to switch their operation to our datacenter in Dallas for additional security. Please contact our support team to do so.
We thank you for your business.
-Digital Edge
First Hypervisor Vulnerability Allowing Guest to Attack
This vulnerability is more historical rather than practical, but it caught attention of the Digital Edge security team as we think it is the first hypervisor vulnerability allowing a guest to attack hypervisor host.
The virtualization idea is that virtual instances should be running in their own jail and would not be able to communicate with other virtual instances or the physical host itself. This isolation technique makes people confident going into the “cloud” as in theory that nobody can break the jail. Your “neighbors” cannot damage you.
If the isolation concept fails, a criminal can purchase a virtual machine “next” to you and hack into your machine. Hypervisor software is doing everything to block visibility from one virtual instance to another or to the physical host.
New vulnerability - CVE-2015-7835 was logged today simply stating:
“The mod_l2_entry function in arch/x86/mm.c in Xen 3.4 through 4.6.x does not properly validate level 2 page table entries, which allows local PV guest administrators to gain privileges via a crafted superpage mapping.”
What this actually means is that a hacker can purchase a VM and get control over its physical host and then over VMs running on that physical host. In our opinion it is the worst bug we have seen.
Please click here for more information.
Digital Edge is committed to providing the highest levels of security within all the IT infrastructure environments under its care. In order to achieve this utmost goal for all of our clients, we continuously maintain vigilance both on the productive side of IT as well as on its destructive side. We thus send out news and security bulletins such as this one from time to time to ensure that our clients are informed and educated on any important developments in IT security and are fully aware of what we are doing to ensure that we and our clients are always at the Cutting and at the Digital Edge of technology.
October 11-17 – troubling week for the security
Digital Edge is committed to providing the highest levels of security within all the IT infrastructure environments under its care. In order to achieve this utmost goal for all of our clients, we continuously maintain vigilance both on the productive side of IT as well as on its destructive side. We thus send out news and security bulletins such as this one from time to time to ensure that our clients are informed and educated on any important developments in IT security and are fully aware of what we are doing to ensure that we and our clients are always at the Cutting and at the Digital Edge of technology.
The week may be over but it was very troubling. There are a few events that attracted our attention so the Digital Edge security team wanted to provide our analysis and some suggestions how to stay secure.
1. Microsoft has released multiple patching addressing very critical security vulnerabilities. They include fixing for holes allowing user computer take over techniques through multiple attack vectors against Microsoft Office, VB and Java scripts, Windows Shell and Kernel itself. All those attacks can be delivered through phishing emails or through tricking users to open infected web sites.
2. At the same time, security agencies are reporting multiple instances of outbreak of Dridex malware outbreak. In short, the malware gets delivered to computers over the same mechanisms mentioned above through vulnerabilities that Microsoft addressed in this week’s patch but the malware concentrates on 3 things:
a. Stealing personal information
b. Stealing banking credentials to be able to transact on the infected user/computer behalf
c. Execute command-and-control (C2C).
Besides that, the infected computer can be employed for spam distribution and distributed denial of service (DDOS) attacks
3. On October 15, 2015, UltraDNS – large DNS service and content delivery provider went down for 90 minutes. Even though UltraDNS claims that the cause of the outage was an “internal issue in a server on East Coast” many security experts suggest that UltraDNS sustained serious DDOS attack.
All Digital Edge managed or co-managed clients will be patched according to individual schedules.
Besides that click here to make sure that you are safe and free of Dridex.
If you feel that you need assistance from the Digital Edge Security team, please contact Danielle Saladis at dsaladis@DIGITALEDGE.NET.
Please click here for more information.
Inclement Weather
Dear Valued Client,
This message is to assure you of our continued 24/7 support during the Hurricane Joaquin affecting the New York City Metro Area between Wednesday 9/30/2015 and Monday 10/4/2015.
Our technicians are onsite and available to give you reliability that is expected from us!
Any client using our Geographical Cluster may request to switch their operation to our datacenter in Dallas for additional security. Please contact our support team to do so.
We thank you for your business.
- Digital Edge
Log Management Compliance - HIPAA - Health Insurance Portability and Accountability Act
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) outlines relevant technical and non-technical security standards to ensure individuals’ ePHI, “electronic protected health information”. Compliance with HIPPA requires information systems to be monitored using SIEM, Security Information and Event Management. The SIEM is a tool that guarantees immediate notification and analysis of conditions influencing the reliability of an organization’s ePHI data through actionable reports and forensic investigation.
Log Management Compliance - FISMA - Federal Information Security Management Act
FISMA requires all federal agencies to document and implement controls for information technology systems that support their operations and assets.
LogIT simplifies FISMA compliance with its fully automated log collection, collecting and recovery across the agency’s entire infrastructure. Providing tools at the fingertip that align the organization’s risk assessment with forensic investigations, reporting, and prioritizing settings. LogIT already automatically achieves the first level of log analysis, by categorizing log data that is identified and stabilized for easy analysis and reporting.
Log Management Compliance - ISO 27001 - International Organization for Standardization
The ISO 27001 standard is a model for establishing, implementing, operating, monitoring, reviewing, maintaining and improving management systems information security (ISMS) within the context of the overall commercial risks of the organization.
ISO language in relevance to log management: "Audit logs must be turned on for security events, user activities and exceptions. They must be kept for a predetermined period of time.". The task of organizing this information can be overwhelming. In addition to the millions of individual log entities that can be generated daily, all IT environments have reporting data logs. Additional recommendations to analyze and report on log data make manual processes or internally prepared solutions are insufficient and expensive for many organizations.
Log Management Compliance - GPG 13 - Good Practice Guide 13
HMG organizations are required to follow Protective Monitoring for HMG ICT Systems, based on Communications-Electronic Security Group’s GPG 13 to gain access to UK GCSX, Government Connect Secure Extranet.
LogIT can simplify GPG 13 audits by giving direct address control obligations mandated. With the option to customize LogIT’s GPG 13 specific compliance module and reporting to your environment, our clients are empowered to build and maintain a secured compliance program. With case management, clients will be able to effortlessly conduct forensic investigations around incident response activity.
Log Management Compliance - SOX - Sarbanes-Oxley Act
SOX requires that all publicly traded companies establish and follow a framework of internal controls that support accountability and integrity of the financial reporting process. A vital part of SOX requirements includes the collection, management, and analysis of log data.
Log Management Compliance - NERC CIP - The North American Electric Reliability Corporation
NERC has its own framework to protect bulk power systems against cybersecurity compromises that could result in operational failures or instability. The NERC CIP v5 further addresses cyber-related risks facing this sector by indorsing organizations to categorize BES, Bulk Electric Systems, into high, medium, and low impact. After being categorized, BES assets can have suitable CIP, Critical Infrastructure Protection, standard applied to address risk.