Discount Offers

SIA Security Notebook SIA Approved Licensed Security

£5.75
End Date: Sunday Jun-18-2017 12:03:34 BST
Buy It Now for only: £5.75
Buy It Now | Add to watch list

TACTICAL CLASSIC ARMY MENS SHELL JACKET SKI SECURITY POLICE BLACK WATERPROOF

£44.99
End Date: Friday Jun-9-2017 10:49:22 BST
Buy It Now for only: £44.99
Buy It Now | Add to watch list

Personal Self Defence Spray UK's No1 Spray Legal Pepper Spray Clone UK Sale Only

£22.99
End Date: Wednesday Jun-21-2017 10:46:38 BST
Buy It Now for only: £22.99
Buy It Now | Add to watch list

Farb Gel UK Legal Self Defence Spray Personal Security Protection, Legal CS alt

£8.99
End Date: Saturday May-27-2017 12:07:14 BST
Buy It Now for only: £8.99
Buy It Now | Add to watch list
0024236
Visit Today : 1
Visit Yesterday : 1
This Month : 27
This Year : 147
Total Visit : 24236
Hits Today : 712
Total Hits : 2008644
Who's Online : 1

Comms

Security Products – Comms

Police set up shop to offer residents and cyclists security advice

Cyclists are being given to get their bikes security-marked and they will be able to get advice on cybercrime, as well as home and shed security at a pop-up shop in Chesterfield. The Chesterfield Town Centre Safer Neighbourhood Policing Team will be hosting the event between 10am and 2pm, on Thursday, April 27, in the Vicar Lane Shopping Centre. They will be setting up in Unit 4, off Steeplegate – formerly Vision Express – and residents and shoppers will be invited to drop in and speak to officers to find out how they can reduce the risk of becoming a victim of crime. People can also bring their bicycles along for officers to security mark. The event has been set up as part of a series of pop-up crime prevention shops in Chesterfield town centre. PCSO Hayley Grundy of the Chesterfield Town Centre Safer Neighbourhood Policing Team said: Our last event in March was really popular, so we re delighted to offer residents and shoppers the chance to call in and see us again. We ll be offering advice on a wide range of crime prevention issues, from online cyber safety to home, vehicle or shed security.

You can also come along and speak about any concerns or issues with a local officer and cyclists can bring their bikes for security marking ready for the warmer, lighter months.

For more information, or to speak to a member of the Chesterfield Town Centre Safer Neighbourhood Policing Team call 101, or send them a message through the website www.derbyshire.police.uk.

People can also follow the team and their work on Twitter: @ChesterfieldSNT.

Are you undermining your web security by checking on it with the wrong tools?

Your antivirus and network protection efforts may actually be undermining network security, a new paper and subsequent CERT advisory have warned. The issue comes with the use of HTTPS interception middleboxes and network monitoring products . They are extremely common and are used to check that nothing untoward is going on. However, the very method by which these devices skirt the encryption on network traffic through protocols like SSL, and more recently TLS, is opening up the network to man-in-the-middle attacks.

In the paper1 PDF, titled The Security Impact of HTTPS Interception, the researchers tested out a range of the most common TLS interception middleboxes and client-side interception software and found that the vast majority of them introduced security vulnerabilities.

“While for some older clients, proxies increased connection security, these improvements were modest compared to the vulnerabilities introduced: 97 per cent of Firefox, 32 per cent of e-commerce, and 54 per cent of Cloudflare connections that were intercepted became less secure,” it warns, adding: “A large number of these severely broken connections were due to network-based middleboxes rather than client-side security software: 62 per cent of middlebox connections were less secure and an astounding 58 per cent had severe vulnerabilities enabling later interception.”

Of the 12 middleboxes the researchers tested ranging from Checkpoint to Juniper to Sophos just one achieved an “A” grade . Five were given “F” fail grades meaning that they “introduce severe vulnerabilities” and the remaining six got “C” grades . In other words, if you have a middlebox on your network and it’s not the Blue Coat ProxySG 6642, pull it out now. Likewise, of the 20 client-side pieces of software from 12 companies, just two received an “A” grade: Avast’s AV 11 for Windows (not Mac), and Bullguard’s Internet Security 16 . Ten of the 20 received “F” grades; the remaining eight, “C” grades.

How does it happen?

TLS and SSL encrypt comms between a client and server over the internet by creating an identity chain using digital certificates . A trusted third party provides that certificate and it verifies that your connection is to a trusted server. In order to work, therefore, an interception device needs to issue its own trusted certificate to client devices or users would constantly see warnings that their connection was not secure. Browsers and other applications use this certificate to validate encrypted connections but that introduces two problems: first, it is not possible to verify a web server’s certificate; but second, and more importantly, the way that the inspection product communicates with the web server becomes invisible to the user.

In other words, the user can only be sure that their connection to the interception product is legit, but has no idea whether the rest of the communication to the web server, over the internet is secure or has been compromised. And, it turns out, many of those middleboxes and interception software suites do a poor job of security themselves . Many do not properly verify the certificate chain of the server before re-encrypting and forwarding client data . Some do a poor job forwarding certificate-chain verification errors, keeping users in the dark over a possible attack.

In other words: the effort to check that a security system is working undermines the very security it is supposed to be checking . Think of it as someone leaving your front door wide open while they check that the key fits. What’s the solution? According to CERT2, head to the website badssl.com3 to verify whether your inspection product is doing proper verification itself . And of course, check out the SSL paper and make sure you’re not running any of the products it flags as security fails on your network.

Sponsored: M3: Minds Mastering Machines . The ML & AI conference . Register now4

References

  1. ^ paper (jhalderm.com)
  2. ^ According to CERT (www.us-cert.gov)
  3. ^ badssl.com (badssl.com)
  4. ^ M3: Minds Mastering Machines .

    The ML & AI conference .

    Register now (go.theregister.com)

Are you undermining your web security by checking on it with the …

Your antivirus and network protection efforts may actually be undermining network security, a new paper and subsequent CERT advisory have warned. The issue comes with the use of HTTPS interception middleboxes and network monitoring products . They are extremely common and are used to check that nothing untoward is going on. However, the very method by which these devices skirt the encryption on network traffic through protocols like SSL, and more recently TLS, is opening up the network to man-in-the-middle attacks.

In the paper1 PDF, titled The Security Impact of HTTPS Interception, the researchers tested out a range of the most common TLS interception middleboxes and client-side interception software and found that the vast majority of them introduced security vulnerabilities.

“While for some older clients, proxies increased connection security, these improvements were modest compared to the vulnerabilities introduced: 97 per cent of Firefox, 32 per cent of e-commerce, and 54 per cent of Cloudflare connections that were intercepted became less secure,” it warns, adding: “A large number of these severely broken connections were due to network-based middleboxes rather than client-side security software: 62 per cent of middlebox connections were less secure and an astounding 58 per cent had severe vulnerabilities enabling later interception.”

Of the 12 middleboxes the researchers tested ranging from Checkpoint to Juniper to Sophos just one achieved an “A” grade . Five were given “F” fail grades meaning that they “introduce severe vulnerabilities” and the remaining six got “C” grades . In other words, if you have a middlebox on your network and it’s not the Blue Coat ProxySG 6642, pull it out now. Likewise, of the 20 client-side pieces of software from 12 companies, just two received an “A” grade: Avast’s AV 11 for Windows (not Mac), and Bullguard’s Internet Security 16 . Ten of the 20 received “F” grades; the remaining eight, “C” grades.

How does it happen?

TLS and SSL encrypt comms between a client and server over the internet by creating an identity chain using digital certificates . A trusted third party provides that certificate and it verifies that your connection is to a trusted server. In order to work, therefore, an interception device needs to issue its own trusted certificate to client devices or users would constantly see warnings that their connection was not secure. Browsers and other applications use this certificate to validate encrypted connections but that introduces two problems: first, it is not possible to verify a web server’s certificate; but second, and more importantly, the way that the inspection product communicates with the web server becomes invisible to the user.

In other words, the user can only be sure that their connection to the interception product is legit, but has no idea whether the rest of the communication to the web server, over the internet is secure or has been compromised. And, it turns out, many of those middleboxes and interception software suites do a poor job of security themselves . Many do not properly verify the certificate chain of the server before re-encrypting and forwarding client data . Some do a poor job forwarding certificate-chain verification errors, keeping users in the dark over a possible attack.

In other words: the effort to check that a security system is working undermines the very security it is supposed to be checking . Think of it as someone leaving your front door wide open while they check that the key fits. What’s the solution? According to CERT2, head to the website badssl.com3 to verify whether your inspection product is doing proper verification itself . And of course, check out the SSL paper and make sure you’re not running any of the products it flags as security fails on your network.

Sponsored: Continuous lifecycle London 2017 event . DevOps, continuous delivery and containerisation . Register now4

References

  1. ^ paper (jhalderm.com)
  2. ^ According to CERT (www.us-cert.gov)
  3. ^ badssl.com (badssl.com)
  4. ^ Continuous lifecycle London 2017 event .

    DevOps, continuous delivery and containerisation .

    Register now (go.theregister.com)