Home » Tag: fortinet

Fortinet Advocates Healthcare Organizations to Consider Their Data Security Strategy in Today’s Dangerous Cyberspace

Several key highlights from Fortinet on the current state of healthcare data security in todays’ world

  • There are no existing standards for Asia to address data privacy of electronically protected health information and medical records.
  • Medical records are also prone to attacks at the network level, via the web, email and directly at the databases. In fact, threats can enter the healthcare organization’s network from various points of entry.
  • The HIPAA and Health Information Technology for Economic and Clinical Health Act (HITECH) enacted in the West are key standards for Asian region to emulate in order to address data privacy of electronically protected health information and medical records

Press Release

Fortinet Advocates Healthcare Organizations to Consider Their Data Security Strategy in Today’s Dangerous Cyberspace

MALAYSIA, 18 October, 2010 — Fortinet’s security experts have singled out Asia as the highest risk geography in the world today, compared to the Americas and European region. It is therefore imperative that Malaysia’s health industry takes on a more orderly way to communicate medical information, as globalization causes patients medical data to travel seamlessly across the world for professional and personal reasons.

“There are no existing standards for Asia to address data privacy of electronically protected health information and medical records,” said George Chang, Regional Director for Fortinet Southeast Asia & Hong Kong. “Security as an all-encompassing mindset for IT and business decision makers is still in its early stage, and verticals such as government and healthcare still has room to standardize practices, especially in Asia.”

He pointed out that the medical tourism industry in Malaysia can be seen as as huge potential sector with fast growth and increasing profit. Many international patients come from neighbouring Asian countries with less developed medical infrastructure. However, a patient may go from one hospital to another, but their medical data might not follow.

What’s more alarming is that medical records are also prone to attacks at the network level, via the web, email and directly at the databases. In fact, threats can enter the healthcare organization’s network from various points of entry. Just like country border security, it is essential to consider every possible entry points so that every form of attack can be thwarted. Other privacy concerns surrounding electronic medical records (EMR) include hacking incidents to alter patients’ data or destruct clinical systems, misuse of health information records by authorized users, long term data management concerns and government intrusion on private healthcare matters.

As it is with the state of security in cyberspace, there is no foolproof solution or a 100% secure plan, similar to the state of human health. However, the evolution of IT communication systems has opened the door for business, technology and medical professionals to create a better platform provided there is secure technology in place.

The HIPAA and Health Information Technology for Economic and Clinical Health Act (HITECH) enacted in the West are key standards for Asian region to emulate in order to address data privacy of electronically protected health information and medical records. Compliance requires the implementation of technical policies and controls over systems managing such information, allowing access to only people or software, which has been granted access rights. Today, Hong Kong Hospital Authority (HA) is leveraging the HIPAA as a guidepost to ensure personal data privacy for the healthcare industry.

As the threats in cyberspace are borderless and non-specific in nature, consolidated network security systems also known as Unified Threat Management (UTM) devices represent a solid solution to a dynamic and complex challenge for all verticals including the healthcare industry today.

“Fortinet is well positioned to help key players in the healthcare industry understand how they can pull together a proven, cost-performance effective and industry leading solution. Therefore, Fortinet advocates that healthcare organizations in the region and particularly Malaysia consider implementing a complete IT security strategy, while embracing the HIPAA compliance act,” said Chang.

Admin 20 October 2010 internet tool No Comments

Five Easy Steps To iPhone Security

secure iphone4 Five Easy Steps To iPhone Security

With iPhone 4 frenzy continue to last until the next couple of weeks here in Malaysia as well as other countries, do not taking  lightly about the possible threat that could harm your iPhone and it’s user. If the iPhone is meant for your kids, it’s a good idea to start thinking of securing your loves one from anything that could possibly hurt them. Fortinet FortiGuard Labs has released short but useful article that will be a basis to get started with. Read on.

Five Easy Steps to iPhone Security!

Apple’s latest shiny new iPhone 4 gadgets may have taken the world by storm but in the same vein, such mobile devices are now becoming a key target for cybercriminals and mobile spyware.

Why? Well, your trusty iPhone contains your closely guarded personal information, including photographs, contact database, possibly your credit card details, banking information, email exchanges, personal address, etc. It also connects you to tens if not hundreds of Internet applications that make your life easier. So now, imagine all this information falling into unscrupulous hands, a psychotic stalker, or becoming public information overnight!

This is exactly what a mobile spyware can do once it has entrenched itself in your iPhone. This insidious, crafty malware can secretly tap your phone calls, record and transfer SMS/MMS/e-mail messages, locate you geographically, listen to your surroundings, take pictures, downloads contacts, log activity… or steal your online banking credentials like the infamous Eeki worm did.

So, even if it has not been affected yet, do not underestimate the potential vulnerability of your iPhone. Taking care of your iPhone security is very much like taking care of your child.
Education plays an important role!

Follow these essential security tips to protect your iPhone and its data:

1. Would you let your child answer a stranger?

No. So, do not open unknown SMS or MMS on your iPhone.

2. Just before buying your child a new game, wouldn’t you check if it’s suitable for his/her age or if other parents consider it as an interesting game?

You probably try to. The same applies to your phone: gather as much information as possible before downloading an unknown application (search for comments and reviews from other users,
scan for online against viruses etc).

3. Do you inoculate your child against polio?

Then, you might consider installing an anti-virus on your mobile phone, or at least check anti-virus reports regularly.

4. Imagine a highly dangerous virus was circulating in your child’s school. Wouldn’t you keep him/her away, until any risks have disappeared?

Similarly, do not connect your iPhone to an infected computer and run anti-virus software on your PC or laptop to make sure it is malware-free before connecting your iPhone for synchronization.

5. When your child is harmed, wouldn’t you report it to some official authority (school,police, medical doctor)?

Do the same with your phone. Do not fear to report suspicious activities to your operator, your bank, consumer groups, anti-virus companies or in worse cases to the nearby police station. The
more we are aware, the more we can all fight against criminality.

Admin 28 September 2010 security , , , , , , , No Comments

Fortinet August Threat Landscape Report Shows Return of Ransomware and Rise of ‘Do-it-Yourself’ Botnets

fortinet Fortinet August Threat Landscape Report Shows Return of Ransomware and Rise of ‘Do it Yourself’ Botnets

August report from Fortinet highlight couple of threat as follow

  • Fortinet August Threat Landscape Report shows ransomware variant TotalSecurity with its biggest comeback since March. TotalSecurity loader (W32/FakeAlert.LU) will connect to a single server and request a single file, but the code changes on an hourly basis in order to avoid detection.
  • In addition to ransomware, another highly detected infection this month is Zeus/ZBot, a do-it-yourself botnet kit that provides a malware creator all of the tools required to build and administer a botnet.
  • One other notable attack this month is the recent Windows Help Center vulnerability, which was propelled to the front position in Fortinet’s top 10 attack list.

Press Release

Fortinet August Threat Landscape Report Shows Return of Ransomware and Rise of ‘Do-it-Yourself’ Botnets

TotalSecurity Adopts Polymorphic Server Technique to Boost Reach

MALAYSIA, 3 September, 2010 - Fortinet – a leading network security provider and a worldwide leader of unified threat management (UTM) solutions – today announced its August 2010 Threat Landscape report, which showed ransomware variant TotalSecurity with its biggest comeback since March. Ransomware is malware that locks out applications and data from a user’s PC and then demands ransom for restored access, and TotalSecurity loader (W32/FakeAlert.LU) was the no. 1 malware detected this month by Fortinet’s FortiGuard Labs.

“One indicator we observed this month was that the Ransomware application had gone server-side polymorphic, which means that the loader will connect to a single server and request a single file, but the code changes on an hourly basis in order to avoid detection,” said Derek Manky, project manager, cyber security and threat research, Fortinet. “This is a technique typically seen with botnets, such as Waledac, and has been picked up by the developers of TotalSecurity. This is another example of how relying purely on antivirus is not a silver-bullet approach to protecting systems from infection.”

“Do-It-Yourself” Botnet Kits

In addition to ransomware, another highly detected infection this month is Zeus/ZBot, a do-it-yourself botnet kit that provides a malware creator all of the tools required to build and administer a botnet. The Zeus tools are primarily designed for stealing banking information, but they can easily be used for other types of data or identity theft. This month, ZBot variants were noted to target U.S. military personnel. A control panel application is used to maintain/update the botnet, and to retrieve/organize recovered information. A configurable builder tool allows the author to create the executables that will be used to infect victim’s computers.


“We continue to monitor for in-the-wild Zeus/ZBot attacks, and due to the kit’s prevalence we continuously release antivirus detection for these when they occur,” Manky said. “Generic detection is also available to try to stay ahead of future variants, while FortiGuard web filtering will also help guard against malicious controller domains.”

One other notable attack this month is the recent Windows Help Center vulnerability, which was propelled to the front position in our top 10 attack list. The attack (CVE-2010-1885) experienced an exceptionally large spike in activity earlier in the month. Exploitation of this attack can be rather potent since the vulnerability is not Web browser-specific.

FortiGuard Labs compiled threat statistics and trends for August based on data collected from FortiGate network security appliances and intelligence systems in production worldwide. Customers who use Fortinet’s FortiGuard Subscription Services should already be protected against the threats outlined in this report.

To read the full August Threat Landscape report which includes the top threat rankings in each category, please visit: http://www.fortiguard.com/report/roundup_august_2010.html. For ongoing threat research, bookmark the FortiGuard Center or add it to your RSS feed. Additional discussion on security technologies and threat analysis can be found at the Fortinet Security Blog at http://blog.fortinet.com. To learn more about FortiGuard Subscription Services, visit http://www.fortinet.com/products/fortiguard.html.

FortiGuard Subscription Services offer broad security solutions including antivirus, intrusion prevention, Web content filtering and anti-spam capabilities. These services help protect against threats on both application and network layers. FortiGuard Services are updated by FortiGuard Labs, which enables Fortinet to deliver a combination of multi-layered security intelligence and zero-day protection from new and emerging threats. For customers with a subscription to FortiGuard, these updates are delivered to all FortiGate, FortiMail and FortiClient products.

Admin 3 September 2010 Promotion , No Comments

Fortinet Expands Web Application Firewall Family with New Appliances for Enterprises, Application Service and Cloud-based Service Providers

fortinet Fortinet Expands Web Application Firewall Family with New Appliances for Enterprises, Application Service and Cloud based Service Providers

Fortinet on early this month has announced the expansion of the web application firewall family with new appliances designed for enterprises, application service and cloud-based service providers, among the key highlights are:

  • Fortinet announced two new appliances for its FortiWeb family of web application firewalls – the FortiWeb-1000C, designed for mid-to-large enterprises, and FortiWeb-3000C, the flagship system for high-end enterprises, application service and cloud-based service providers.
  • Each appliance is equipped with the new FortiWeb 4.0 MR1 firmware that is designed to provide maximum protection for web applications containing sensitive data subject to Payment Card Industry (PCI) guidelines.
  • The FortiWeb-1000C and 3000C appliances are integrated web application and XML firewalls that protect against attacks targeted at web applications and web services infrastructure.

Press Release

Fortinet Expands Web Application Firewall Family with New Appliances for Enterprises, Application Service and Cloud-based Service Providers

FortiWeb-1000C and FortiWeb-3000C Leverage Major New Firmware to Provide Greater

Deployment Flexibility and Significant Security Enhancements

MALAYSIA, 10 August 2010 – Fortinet, a leading network security provider and a worldwide leader of unified threat management (UTM) solutions – today announced two new appliances for its FortiWeb family of web application firewalls – the FortiWeb-1000C, designed for mid-to-large enterprises, and FortiWeb-3000C, the flagship system for high-end enterprises, application service and cloud-based service providers.  Each appliance is equipped with the new FortiWeb 4.0 MR1 firmware that is designed to provide maximum protection for web applications containing sensitive data subject to Payment Card Industry (PCI) guidelines.  The new web application firewalls will also blunt potentially crippling attacks such as SQL injection and cross-site scripting, and help prevent security breaches from exposing highly sensitive data loss such as credit card numbers and personally identifiable information.

With the addition of the FortiWeb-1000C and FortiWeb-3000C, Fortinet now offers four web application firewall appliances to provide retail and payment, financial services and healthcare customers with a full range of deployment options.  In the case of retail and payment customers, the new FortiWeb products greatly minimize the complexity of complying with PCI Data Security Standard (DSS) section 6.5 and 6.6 as well as California Senate Bill 1386 that address the rampant problems of identity theft and financial fraud.  The FortiWeb-1000C and FortiWeb-3000C also provide robust patient data protection as part of HIPAA compliance for healthcare organizations.

“The need to protect web applications that contain sensitive credit, financial or personal information from increasingly sophisticated attacks and data loss has never been greater,” said Paula Musich, senior analyst, Current Analysis. “The simple fact of the matter is that organizations are deploying web applications and regulated Internet-facing data more broadly than ever.  For hackers and cyber-criminals, that’s like painting a giant bulls-eye on those applications, which gather credit card data and personally identifiable information with minimal protection in place. That’s why putting in place sophisticated web protection and threat management solutions with powerful policy enforcement capabilities should be a standard practice for any organization doing business on the web.”

The FortiWeb-1000C and 3000C appliances are integrated web application and XML firewalls that protect against attacks targeted at web applications and web services infrastructure. Because they provide detailed visibility into an organization’s threat landscape, the FortiWeb application firewalls eliminate the need to manage separate web and threat management tools and consoles. Not only does this streamline security efforts and reduce infrastructure complexity, it drastically reduces the time required to protect regulated data and achieve regulatory compliance.

To preserve optimal web application performance, the FortiWeb application firewalls leverage an intelligent, application-aware load-balancing engine to distribute traffic and route content across multiple web servers. This load balancing increases application performance, improves resource utilization and application stability while reducing service response times.

What’s New in FortiWeb Application Firewalls

The release of FortiWeb 4.0 MR1 provides a series of major enhancements to the new FortiWeb-1000C and FortiWeb-3000C application firewalls, including:

•           Policy wizard and pre-defined policies – allows for one click deployments and eases the process of rules creation greatly

•           Advanced alert tool – makes it easy to sift through hundreds of alerts, identify repetitive attackers using various aggregation fields and quickly understand the nature of attacks.

•           Enhanced Protocol Constraints – enforces policies that ensure any access to the web application is done in accordance with the HTTP RFC standard.

•           Extended signatures and DLP – allows customers to create their own granular signatures and data loss prevention patterns from a FortiWeb graphical user interface for any type of event, in addition to the pre-defined application signatures and data loss prevention rules.

“Customer demand for more powerful web application infrastructure security is soaring due to a combination of evolving attacks, security breaches, regulatory compliance and web defacement incidents,” said Michael Xie, founder, CTO and vice president of engineering at Fortinet.  “At the same time, more content is being delivered via the web, and both cloud providers and large enterprises need robust security solutions that can protect web application infrastructures without affecting application performance. The addition of the FortiWeb-1000C and FortiWeb-3000C appliances to the FortiWeb product family directly addresses this demand. These new platforms can play a pivotal role in helping preserve the security and uninterrupted operation of our customers’ web application infrastructures.”

Availability

The FortiWeb-1000C and FortiWeb-3000C are available now.

Admin 23 August 2010 security , No Comments

Fortinet July Threat Landscape Report Shows Sasfis Botnet Variants Multiplying

fortinet Fortinet July Threat Landscape Report Shows Sasfis Botnet Variants Multiplying

Fortinet has just released July 2010 Threat Landscape report  which showed that 8  Sasfis botnet variants have landed in the company’s top 10 malware listing this period. Among the key highlight in the report are as follow. For complete report, please find the press release at the bottom of this post.

  • Eight Sasfis botnet variants have landed in Fortinet’s top 10 malware listing this period.
  • Earlier this year, the Sasfis botnet was dedicated to downloading and executing software (primarily fake antivirus) on infected systems. This period, Sasfis was observed downloading updated spamming modules
  • This month’s Stuxnet attack, reiterates the importance of quickly patching security holes as fixes become available and having a broad intrusion prevention system (IPS) in place.

Press Release

Fortinet July Threat Landscape Report Shows Sasfis Botnet Variants Multiplying and Focusing on Spam Delivery

Stuxnet Attack Still Under Investigation While Awaiting Microsoft Patch

MALAYSIA, 4 August, 2010 – Fortinet – a leading network security provider and a worldwide leader of unified threat management (UTM) solutions – today announced its July 2010 Threat Landscape report, which showed that eight Sasfis botnet variants have landed in the company’s top 10 malware listing this period. This is an increasingly common occurrence, as developers continue to roll out updated copies of their creations. Earlier this year, the Sasfis botnet was dedicated to downloading and executing software (primarily fake antivirus) on infected systems. This period, Sasfis was observed downloading updated spamming modules. Typical Sasfis spam examples include fake UPS invoices and Facebook photo links.

Spam bots continue to diversify, sending a variety of spam themes on a frequent basis,” said Derek Manky, project manager, cyber security and threat research, Fortinet. “This month we observed various socially engineered emails that came with HTML attachments. These attachments further contained obfuscated javascript which would redirect users to malicious sites. The diversity of these spam campaigns and their targets shows how botnets continue to evolve to serve the needs of their underground customers.”

Stuxnet Attack

This month’s Stuxnet attack (read our FAQ here), reiterates the importance of quickly patching security holes as fixes become available and having a broad intrusion prevention system (IPS) in place. Even with proper patch management, all it takes is one zero-day vulnerability to be exploited (even in low volume) to potentially cause a significant impact. While the Stuxnet attack is still under investigation, the fact that a trojan associated with the exploit was seemingly developed to target industrial control systems underscores this point. This is also a good example of how little interaction is required by the end user to become infected. The Stuxnet exploit attacked a Windows Shell vulnerability (CVE-2010-2568). To launch its attack, a user simply opened a folder.

“We saw a similar attack method with PDF files through JBIG2 image streams and Windows shell extensions back in February 2009 (CVE-2009-0658),where simply browsing a folder could trigger an infection,” Manky continued. “Fortinet detects the vulnerability associated with the Stuxnet attack as ‘MS.Windows.Shell.LNK.Code.Execution,’ and generically detects the exploited ‘.LNK’ payload with antivirus as ‘W32/ShellLink.a!exploit.CVE20102568′. As of writing, there are workarounds but no official patch has been released from Microsoft.”

Windows Help Center Vulnerability Exploited

On June 5, vulnerability within the Windows Help and Support Center that could allow remote code execution was publicly disclosed. Like Stuxnet, this is yet another example of a zero-day vulnerability successfully attacked before a patch is made available. We witnessed attacks on the vulnerability as early as June 11th before Microsoft issued a patch for CVE-2010-1855 on July 13th. The attacks that occurred through Websites were made more potent because they were launched through the HCP protocol handler, which is used by all browsers. In many cases Websites that serve exploits will try to fingerprint browsers and launch attack code tailored to those browsers.

FortiGuard Labs compiled threat statistics and trends for July based on data collected from FortiGate network security appliances and intelligence systems in production worldwide. Customers who use Fortinet’s FortiGuard Subscription Services should already be protected against the threats outlined in this report.

To read the full July Threat Landscape report which includes the top threat rankings in each category, please visit: http://www.fortiguard.com/report/roundup_july_2010.html. For ongoing threat research, bookmark the FortiGuard Center or add it to your RSS feed. Additional discussion on security technologies and threat analysis can be found at the Fortinet Security Blog at http://blog.fortinet.com. To learn more about FortiGuard Subscription Services, visit http://www.fortinet.com/products/fortiguard.html.

FortiGuard Subscription Services offer broad security solutions including antivirus, intrusion prevention, Web content filtering and anti-spam capabilities. These services help protect against threats on both application and network layers. FortiGuard Services are updated by FortiGuard Labs, which enables Fortinet to deliver a combination of multi-layered security intelligence and zero-day protection from new and emerging threats. For customers with a subscription to FortiGuard, these updates are delivered to all FortiGate, FortiMail and FortiClient products.

Admin 4 August 2010 security No Comments
Page 2 of 212