Check Point Experience 2011: Roadmap

network

Check Point Experience 2011: RoadmapBy Contributor, Thursday, 8th September, 2011
With customers and resellers from all over New Zealand and Australia in attendance, Check Point took the opportunity to outline a few of the initiatives the company will be implementing in the next few months.

1.
New operating system

Dorit Dor, Check Point senior VP of product, told delegates on the first day of the event that Check Point will be unifying its two operating systems, SecurePlatform and IPSO, into a single OS called Gaia.

Dor says Gaia will combine the best of both current platforms, as well as supporting the full portfolio of Check Point products and software modules, or ‘blades’. The new OS will also have a more simple User Interface (UI), offering search functions and the ability to customise the view to prioritise tools that are used more frequently.

2.
Mobile security


With more and more employees wanting to work on their own mobile devices, mobile security is possibly the biggest security challenge businesses face today.

Gary Gardiner, Check Point security engineer, says Check Point has been concentrating a lot of effort on its mobile access blade. The tool now offers a two-tier authentication process, so when users enter their login details, they are then sent a text message with a specific code they must enter before being granted access. Users are also paired with their devices, so employees can’t swap devices or claim another user has accessed their phone or tablet.

In addition, Check Point also offers a remote wipe tool, for cases where the user’s device is lost or stolen.

The CheckPoint Mobile app is currently available for iPhone and iPad, with an Android app to come shortly.

The company is also upgrading its USB-based security tool, Abra, designed to create a ‘sandbox’ environment so employees on the go can securely use devices in public spaces like internet cafes. The tool is to be rebranded as the Check Point Go.

3.
Document security

Check Point’s ANZ data protection & Endpoint manager, Gareth Cox, says the company is looking to introduce a new document security blade in the next year, based on technology acquired with the purchase of Liquid Machines in June 2010.

The new blade will allow document creators to designate each document’s security level, choosing whether other users will be able to edit, print or just read each file. Users will also be able to terminate access to a document remotely, useful in cases where the user only wants to grant access for a limited time.

The blade is currently in advanced testing, and should reach general availability in early 2012.

4.
Cloud security

It wouldn’t be an IT conference without someone mentioning the cloud, and Dor says this is definitely an area in which Check Point plans to work in the future, with work is currently underway in partnership with Amazon’s cloud division, Amazon Web Services.

network

Check Point Experience 2011: Security EvangelismBy Contributor, Thursday, 8th September, 2011
The running theme of the Check Point Experience 2011 conference was that no security system can protect a business from human error. No matter what your technology, it relies on employees using it correctly.

Social Engineering

Check Point’s Security Evangelist, Tomer Teller, explained to delegates how hackers, appreciating this fact, have in the last few years started using social engineering to access the computers of low-level employees and thus bypass business security software.

Initial contact can be as simple as going through a company’s rubbish looking for unshredded documents, which may display employees’ names, phone numbers and email addresses. From these, hackers can investigate employees’ profiles on social networking sites like Facebook and LinkedIn, and begin to build up a map of who regularly communicates what with whom.

At this point, Teller says, hackers may also attempt to learn which operating systems the company uses, by looking at which systems their IT job ads request experience in, or even taking a peek at the receptionist’s computer to check which icons show up on his or her taskbar.

Once the hacker has selected a target, he or she must get control of his or her computer. This is done via malware known as Remote Access Tool (RAT). These RATs can be introduced through email, by sending the victim messages either with infected attachments or with URL links which take the victim to a site that then infects the user’s computer (known as a ‘drive-by download’). Most people know to simply delete unidentified emails, but the hacker can disguise the email as an internal message very easily thanks to the research done earlier; or, they may disguise the email as a message from a common site like Facebook or Amazon.

With the RAT in place, Teller says, the hacker can use the victim’s computer to repeat the process upwards through the organisation, until he or she reaches an employee high enough to communicate plausibly with the CEO, CTO or other high-ranking executive.

"You can’t rely on technological protection,” Teller says.

"Companies need to think beyond compliance, and invest in education and security awareness.

"You need to think like a criminal in order to stop a criminal.”

How to take over a nuclear plant


Teller also delivered a talk discussing his experiences investigating a malware attack known as Stuxnet. This was a virus found in the Bushehr nuclear plant in Iran last year, which Teller studied for nine months to understand how its creators infiltrated such a high-security facility.

The goal of Stuxnet was to infiltrate the plant’s Programmable Logic Computer (PLC), the device responsible for controlling the operation of the facility.

As the PLC did not run on a recognised operating system, the Stuxnet hackers opted to infiltrate an operating computer called a Field PG. There was no way to access this computer directly, so the hackers had to create a virus which would spread itself throughout the Bushehr network.

Teller says although the hackers may have broken into a contractor’s home and infected his or her computer, counting on that computer later being connected to the Bushehr network, they may also have used simple USB drives, bribing an employee to plug one in, or simply throwing a few over the fence and waiting for an unwitting employee to plug one in to identify it.

Teller then demonstrated to the audience how, from here, the virus designers could have made simple modifications to tools like Shortcut and Autorun to make sure the virus was spread around other computers. It could even have been updated and possibly set in motion over the internet, Teller says.

Once it was spread to the Field PG, Stuxnet began altering the commands being sent to the PLC, all the while relaying messages to users that the system was running as normal.

In the end, one fifth of the facility’s centrifuges were damaged before Stuxnet was discovered, Teller says.

The source of the virus is still unknown.

network