NGSSoftware news

Blocking Traffic by Country on Production Networks

NGS — Mon, 21 Jul 2008 05:50:52 +0000

NGSSoftware’s Tim Mullen has posted a new article at Security Focus.

“Here is some more detailed information on the use of country-by-country data sets in firewall configurations, where it may be appropriate, and methods by which one may use the sets to create traffic reports. While the methods listed and tools available are created specifically for ISA, the concept can be applied to any product that supports the necessary data elements”

Read the full article at Security Focus.

Guide to VOIP Security

NGS — Mon, 14 Jul 2008 05:50:00 +0000

“”The problem lies not in VOIP technology but in its implementation”, says Barrie Dempster, a senior security consultant for Next Generation Security Software. “If you apply traditional network security logic to VOIP you can make it as secure as any other protocol,” he says.”

Read the full article at PC World (Aus).

Ghosts of Java Haunt Users

NGS — Fri, 11 Jul 2008 08:30:27 +0000

John Heasman, Vice-President of Research at NGSSoftware, discusses his Java security work with Brian Krebs of the Washington Post Security Fix blog.

Read the full article at WashingtonPost.com

SC AWARDS EUROPE 2008: Winners announced

NGS — Wed, 23 Apr 2008 14:15:04 +0000

“The accolade for Best Security Company went to UK based NGSSoftware. A beaming David Litchfield, the managing director, accepted the award from Lumension’s Andrew Clarke. ”

Read the full article at SC Magazine.

NGSSoftware’s Press Release.

David LeBlanc’s 15 Most Influential Security People

NGS — Tue, 18 Mar 2008 06:42:59 +0000

“Same thing for SQL – used to be a security mess, now it’s really solid – and thanks to NGS for helping”

Read the full article at David LeBlanc’s Web Log.

How to combat the Sans Institute’s top 10 security threats

NGS — Mon, 14 Jan 2008 13:58:59 +0000

Read the latest article from NGSSoftware’s Tim Mullen at ComputerWeekly.com.

“If one were to go back through the archives of the Sans Institute’s Top Threats lists, some of which I have contributed to, one would find the range of threats and vulnerabilities shifting and changing through the years along with the ever-changing security landscape itself - writes Timothy Mullen, vice-president of consulting services at NGSSoftware.”

Survey finds thousands of database servers open to attack

NGS — Wed, 14 Nov 2007 10:32:33 +0000

“Litchfield said. “Whilst it’s not possible to say how many of these systems are engaged in a commercial function, with just under half a million servers accessible there is clearly potential for external hackers and criminals to gain access to these systems and to sensitive information.”"

Read the full article at SearchSecurity.com.

Thousands of Unprotected Databases Litter the Internet

NGS — Wed, 14 Nov 2007 10:26:10 +0000

“The findings represent a “significant risk,” according to David Litchfield, the security researcher who authored the report. “With just under half a million servers accessible, there is clearly potential for external hackers and criminals to gain access to these systems and to sensitive information,” he said. ”

Read the full article at eWeek.com.

Half Million Database Servers Lack Firewall Security

NGS — Wed, 14 Nov 2007 10:23:07 +0000

“Litchfield took a look at just over 1 million randomly generated Internet Protocol [IP] addresses, checking them to see if he could access them on the IP ports reserved for Microsoft SQL Server or Oracle’s database. The results? He found 157 SQL servers and 53 Oracle servers. Litchfield then relied on known estimates of the number of systems on the Internet to arrive at his conclusion: “There are approximately 368,000 Microsoft SQl Servers… and about 124,000 Oracle database servers directly accessible on the Internet,” he wrote in his report, due to be made public next week.”

Read the full article at PCWorld.com.

Black Hat 2007: New database forensics tool could aid data breach cases

NGS — Fri, 03 Aug 2007 08:07:02 +0000

“A new database forensics tool being developed by database security guru David Litchfield could help data breach investigators build evidence against attackers.

itchfield, managing director at UK-based NGS (Next Generation Security) Software Ltd. plans to release the Forensic Examiners Database Scalpel. The new tool is designed for Oracle database management systems and automates the process of sifting through mountains of system metadata to discover the cause and extent of a data security breach.”

Read the full article at SearchSecurity.com.