Firewalls can be the star performer in your inventory of security controls. A good firewall not only provides ways to manage user, application, and system behavior, but it also offers multiple avenues for controlling network traffic and can help companies cut back on vendor sprawl.
Yet in order to achieve optimal functionality, organizations must say goodbye to the firewalls of yesterday and welcome the new wave of Next-Generation Firewalls (NGFWs). As Gartner put it, “The firewall market has evolved from simple stateful firewalls to NGFWs, incorporating full stack inspection to support intrusion prevention, application-level inspection, and granular policy control.”
Traditional stateful firewalls are just not as effective as they were in the past due to the increase in intelligent adversaries seeking financial gain over defacement, their lack of specificity for network traffic types, and their inability to control traffic based on other factors, such as geographical region, application, or identity.
NGFWs offer several compelling functional advantages over stateful firewalls that can help organizations overcome these challenges. Continue Reading…
Organizations will face a predictable IT operations and security challenge this year when Microsoft ceases support for Windows XP. Effective April 8, 2014, Microsoft will no longer publish security updates and hotfixes for the operating system.
Recently, Microsoft said it will extend updates for Windows XP security products through July 14, 2015. But even with that extension, organizations aren’t in the clear. Though Microsoft will provide signature updates to Microsoft Security Essentials that will aid in blocking attacks against security vulnerabilities, it will not patch those vulnerabilities or impact those users not using Microsoft Security Essentials. This means that vulnerabilities discovered after the end-of-life will continue to remain despite this increased support window.
This might not seem significant but according to the Common Vulnerabilities and Exposures database published by Mitre, 721 Windows XP vulnerabilities have been identified over the last 13 years. One hundred sixty-six of which are highly exploitable code execution vulnerabilities that have been discovered in the last five years.
So what do you do with legacy systems that have reached their end of life? Here are three simple steps that can help prepare your IT lifecycle.
First you need to identify the scope of the Windows XP desktops and laptops in your IT environment. This step can be as simple as accessing Active Directory or performing an Nmap fingerprint scan on your networks. Support tools, such as help desk systems, the Microsoft System Center Configuration Manager (SCCM), and Windows Server Update Services (WSUS), can also assist in this effort. Organizations should be forewarned that these tools often only provide 90 percent accuracy since legacy laptops and systems might not exist under your domain or are only connected intermittently. Continue Reading…