Thursday, November 19, 2015

Safe Harbor News

Safe Harbor Sunk

The ruling last month by the European Court of Justice held the US-EU Safe Harbor program as invalid. Should you be concerned? Maybe, but probably not.


If someone from Europe visits your Website and provides their name and email, don't panic. It doesn't mean you're subject to whatever potential sanctions this ECJ ruling may initiate. The criterium is not whether you have trade with citizens in the EU, but rather that you are operational in Europe, in the sense that you have subsidiaries or offices in the EU. It is European citizens who have to abide by EU Law, not US based companies and individuals.
On October 6, 2015, the European Court of Justice issued a judgment declaring as “invalid” the European Commission’s Decision 2000/520/EC of 26 July 2000 “on the adequacy of the protection provided by the safe harbour privacy principles and related frequently asked questions issued by the US Department of Commerce.”

In the current rapidly changing environment, the Department of Commerce will continue to administer the Safe Harbor program, including processing submissions for self-certification to the Safe Harbor Framework. If you have questions, please contact the European Commission, the appropriate European national data protection authority, or legal counsel.
So where is this all going? When will the citizens of Europe be free to work with US companies again? Well, if the above Commerce Department Website notice is any indication, the answers to those questions appear to be completely unknown.

Monday, May 18, 2015

HyperFive Security Panel

A View from Above

The HyperFive Security Panel provides an in-depth view into network usage and network security for assigned subnets. Basic network security includes protocol-enforcing firewalls, intrusion prevention, network behavior analytics, advanced persistent threat detection, dynamic reputation analysis, gateway anti-virus and distributed denial of service protection. Sign in to learn more.

Wednesday, November 5, 2014

The Easy Button for SSL Management

IIS Crypto is a free tool that gives administrators the ability to enable or disable protocols, ciphers, hashes and key exchange algorithms on Windows Server 2003, 2008 and 2012. It also lets you reorder SSL/TLS cipher suites offered by IIS, implement best practices with a single click and test your website.

Nartac Software - IIS Crypto


Qualys SSL Labs - SSL Server Test

The SSL server test is an online service that enables you to inspect the configuration of any public SSL web server.

Wednesday, October 29, 2014

SSL 3.0 Protocol Vulnerability and POODLE Attack


All systems and applications utilizing the Secure Socket Layer (SSL) 3.0 with cipher-block chaining (CBC) mode ciphers may be vulnerable. However, the POODLE (Padding Oracle On Downgraded Legacy Encryption) attack demonstrates this vulnerability using web browsers and web servers, which is one of the most likely exploitation scenarios. This affects most current browsers and websites, but also includes any software that either references a vulnerable SSL/TLS library (OpenSSL) or implements the SSL/TLS protocol suite itself. By exploiting this vulnerability in a likely web-based scenario, an attacker can gain access to sensitive data passed within the encrypted web session, such as passwords, cookies and other authentication tokens that can then be used to gain more complete access to a website.

We highly recommend disabling SSL 3.0 as well as SSL 2.0 if applicable.


To disable SSL 2.0/3.0 in IIS 6 or IIS 7:


1. Click Start, click Run, type regedit, and then click OK.
2. In Registry Editor, locate the following registry key/folder:
HKey_Local_Machine\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols
3. Right-click on the SSL 2.0 folder and select New and then click Key. Name the new folder Server.
4. Inside the Server folder, click the Edit menu, select New, and click DWORD (32-bit) Value.
5. Enter Enabled as the name and hit Enter.
6. Ensure that it shows 0x00000000 (0) under the Data column (it should by default). If it doesn't, right-click and select Modify and enter 0 as the Value data.
7. Now to disable SSL 3.0, right-click on the SSL 3.0 folder and select New and then click Key. Name the new folder Server.
8. Inside the Server folder, click the Edit menu, select New, and click DWORD (32-bit) Value.
9. Enter Enabled as the name and hit Enter.
10. Ensure that it shows 0x00000000 (0) under the Data column (it should by default). If it doesn't, right-click and select Modify and enter 0 as the Value data.
11. Restart the computer.


This process is the same for IIS 6 (Windows Server 2003) machines. The server folder under SSL 2.0/SSL 3.0 will already be created so you will only need to create a new DWORD value under it and name it Enabled.


To disable SSL 3.0 in IIS 8 (Windows Server 2012):


1. In the Search menu type regedit.exe
2. Right-click on regedit.exe and click Run as Administrator
3. In the registry editor go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\
4. In the navigation tree, right-click on Protocols, and in the pop-up menu, click New > Key. Name the key SSL 3.0.
5. In the navigation tree, right-click on the new SSL 3.0 key that you just created, and in the pop-up menu, click New > Key. Name the key Client.
6. In the navigation tree, right-click on the new SSL 3.0 key again, and in the pop-up menu, click New > Key. Name the key Server.
7. n the navigation tree, under SSL 3.0, right-click on Client, and in the pop-up menu, click New > DWORD (32-bit) Value. Name the value DisabledByDefault.
8. In the navigation tree, under SSL 3.0, select Client and then, in the right pane, double-click the DisabledByDefault DWORD value.
9. In the Edit DWORD (32-bit) Value window, in the Value Data box change the value to 1 and then, click OK.
10. In the navigation tree, under SSL 3.0, right-click on Server, and in the pop-up menu, click New > DWORD (32-bit) Value. Name the value Enabled.
11. In the navigation tree, under SSL 3.0, select Server and then, in the right pane, double-click the Enabled DWORD value.
12. In the Edit DWORD (32-bit) Value window, in the Value Data box leave the value at 0 and then, click OK.
13. Restart your Windows server.

Once you have disabled the protocols, you may test your server at www.poodlescan.com.

Friday, August 29, 2014

Where Threats Live


During the course of a day we sideline lots of bad guys. Some countries are more active than others, and not in a good way. Sign into the Dashboard to see the Top Threats to your server and the countries where they live.

CN84,27273.99%
US3,6963.24%
RU3,5843.15%
UA3,3922.98%
FR2,9922.63%
CA2,0321.78%
KR1,8081.59%
CZ1,5521.36%
HK1,2801.12%
BG1,0880.96%
TH1,0400.91%
RO9600.84%
JP9280.81%
TW8480.74%
TR7520.66%
NL5760.51%
VN5280.46%
DE3200.28%
CH2720.24%
BR1920.17%
BY1280.11%
EC1280.11%
AL1120.1%
AE960.08%
GB960.08%
PL960.08%
SE800.07%
MD800.07%
IN800.07%
IL640.06%
EU480.04%
IR480.04%
ID480.04%
A1480.04%
BZ480.04%
PH480.04%
SA480.04%
SG320.03%
PA320.03%
MT320.03%
MU320.03%
AT320.03%
IT320.03%
ME160.01%
MN160.01%
IE160.01%
GH160.01%
ES160.01%
CO160.01%
AU160.01%