WhatsUp Gold: Daily Network Monitor Blog

Network Monitoring News

Posts Tagged ‘ security ’

By Steve Hess

openssl-logo-300x81As you may already know, there was a recent Security Advisory about new vulnerabilities in OpenSSL released in early June. This specific flaw requires a vulnerable OpenSSL library active on both the client and server ends of the transaction. The flaw allows a savvy attacker to sit between the client and server and turn off encryption, silently exposing information exchanged between those two end points. Technologies that only use OpenSSL to accept web-browser (HTTPS) connections will be vulnerable to this flaw only when the browser is using a vulnerable version of OpenSSL. Chrome for Android is the only major browser that is currently susceptible.

Security is a top priority for Ipswitch and our customers. Since this announcement, the Ipswitch Security Team has been working to determine the impact and issue patch fixes where vulnerabilities were found.

Impacted Ipswitch products include:

  • MOVEit Mobile & Cloud
  • WS_FTP Client & Server
  • MessageWay
  • IMail
  • WhatsUpGold

Through your Customer Portal you’ll be able to access instructions to properly implement the Security Update for impacted versions as available.

As with any security advisory, we understand that our customers may have additional concerns. If you should have any questions or concerns, feel free to reach out to the appropriate technical support team:

Share:
  • Facebook
  • Twitter
  • Digg
  • Tumblr
  • StumbleUpon
  • del.icio.us
  • Yahoo! Buzz
  • Google Bookmarks
  • Reddit

By Steve Hess

By now you’ve likely read the articles about the recent Heartbleed SSL vulnerability uncovered in OpenSSL that has affected vendors and companies that rely on this near-ubiquitous open source security protocol. In basic terms, the vulnerability exposes any exchange that uses the OpenSSL 1.0.1 family of protocols to an attack. Bleed

Security is clearly a top priority for Ipswitch and our customers. From the first alert of this vulnerability, the Ipswitch Security Team moved quickly to determine the impact and will issue patch fixes in any case where we find vulnerability. In those cases, we’ve decided to partner with the security community at-large to implement an industry-best solution. We’ll be issuing security patches to disable the OpenSSL heartbeat and will follow-up in the near future with new versions of the OpenSSL library.

As with any wide reaching story, we understand that our customers may have additional concerns. Please don’t hesitate to reach out to our customer support team.

UPDATE (4/11/14)

Some of Ipswitch’s products were impacted because of our use of OpenSSL, and they include:

  • MOVEit Cloud (has been remediated)
  • MOVEit Mobile for MOVEit File Transfer (DMZ) 8.0
  • WS_FTP Server 7.6
  • WS_FTP Pro 12.4 (Only if accessing a compromised website using SSL)
  • IMail, IMail Secure and IMail Premium versions 12.3 and 12.4

Through your Customer Portal you’ll be able to access instructions to properly implement the Security Update for impacted versions.

Products not impacted by this vulnerability are:

  • WhatsUpGold (WUG) and other WhatsUp tools and network products
  • MOVEit File Transfer (DMZ) when MOVEit Mobile server is not installed
  • MOVEit Central
  • MOVEit Ad Hoc Transfer Plug-in for Outlook
  • MessageWay
  • MOVEit EZ
  • WS_FTP Server versions other than 7.6
  • WS_FTP Pro versions other than 12.4, including WS_FTP LE
  • IMail, IMail Secure and IMail Premium versions other than 12.3 and 12.4

As with any wide reaching story, we understand that our customers may have concerns. We’re here to answer your questions and have developed a list of the ones we’ve heard most frequently on the customer portal.

If you should have any additional questions or concerns, feel free to reach out to the appropriate technical support team:

Share:
  • Facebook
  • Twitter
  • Digg
  • Tumblr
  • StumbleUpon
  • del.icio.us
  • Yahoo! Buzz
  • Google Bookmarks
  • Reddit

By Sarah Meyer

A major southern US city school district with more than 40,000 students reached out to the Ipswitch WhatsUp Gold team for help after a failed attempt to implement another company’s network monitoring software. Increased security concerns were driving the school system to increase investment in building and campus safety precautions. But the monitoring software wasn’t cooperating.

In testing the other company’s software, they found it:

  • Didn’t have the Level 2/3 discovery granularity. This was required to identify and monitor everything from servers to applications, to component-level information in servers. As well as switches and other devices like security cameras.
  • Couldn’t create a complete map of a network of schools stretching across the city. That would make it hard to determine what was new new and what was old so they could upgrade efficiently.
  • Couldn’t identify or monitor many SNMP-addressable devices already in place. Devices like metal detectors and the security cameras. Because it didn’t have MIBs for them in its library of devices.

CaptureddBut each area the IT director found fault with could be remedied with WhatsUp Gold, the director was promised by an Ipswitch sales engineer. “I was told it wouldn’t take more an hour,” she said. Skeptical, but intrigued, the director took the plunge and downloaded the software. Less than an hour later she was pleasantly surprised to have in hand a complete map and a detailed inventory of all the devices making up the city’s widely distributed network of schools.

Peace of Mind

Now the school district had the information they needed determine what they could keep and what they’d have to replace. This allowed them to enhance student and staff security and control vandalism of school properties. Unlike the other software, WhatsUp Gold allows administrators to add MIBs for devices not already in WhatsUp Gold’s library in just minutes.

Once the first wave of safety improvements was in place, the IT director used WhatsUp Gold to monitor the health of all the network devices. They were able to take action quickly if WhatsUp Gold detected a problem with any device. For instance, one of the high school’s metal detectors went off line late one afternoon. An automated alert and an intuitive trouble-shooting interface allowed the staff to identify the root cause in minutes and reset the system.  

“The major benefits of using WhatsUp Gold include increased peace of mind, a reduced administrative workload and higher device service levels,” the director reports.

Share:
  • Facebook
  • Twitter
  • Digg
  • Tumblr
  • StumbleUpon
  • del.icio.us
  • Yahoo! Buzz
  • Google Bookmarks
  • Reddit

By Rick Gines

As a product manager of an integrated solution suite, it’s interesting to compare and contrast the similarities and differences between traditional systems management (OS deployment, inventory, software delivery, patching, monitoring) and its major trends (security, virtualization, cloud, efficient data centers) with network management (deployment and configuration, backup/restore, monitoring, traffic analysis, Quality of Service) and networking trends (mobile devices, cloud, virtualization, larger networking demands). There are many similarities between these two IT focus areas and I will “blog” about several aspects as I tie-in and compare systems management with network management over the next year. One similarity that is particularly easy to spot and “leaps off the page” for me relates to discovery. In fact, it ALL starts with discovery.

By obtaining a complete and accurate discovery of your networking “stuff,” you will gain immediate benefits. The first premise here is that, until you know what you have (i.e. your stuff), where it is, and how it is connected, you cannot determine the best course of action to improve services, plan for new capacity, uptime, planned outages, or anything for that matter. Performing a regularly scheduled discovery of your devices will provide benefits that trickle into every other aspect of network management, and IT services in general.

The second premise is that the discovery process should be automated. Let’s face it, we live in a day and age where automation can and should be your best friend. Automation allows an IT administrator to remove the mundane and really boring daily tasks from his/her “to-do” list and to focus on things that add value. Back in the late 90’s, while working in IT at a local private liberal arts college, we performed what I call a “clipboard” inventory 2 times a year. The fact was that our manual inventory was inaccurate the moment we left the professor’s office. Add to that the notion that we could only gather some of the most basic inventory details: CPU, RAM, Network card, Add/Remove Programs. The level of detail that can be obtained today in an automated fashion is very complete and can be adapted to gather almost any piece of electronically stored information on a device. Don’t waste any more time doing manual discovery/inventories!

The third premise is that you need a management system that provides “out-of-the-box” reporting and mapping capabilities that easily and intuitively show discovered devices, their attributes, and their connectivity.  The system should allow the flexibility to generate your own custom reports as needed. As a really cool bonus feature, the reports and maps should also dynamically update as new discoveries are performed so that you not only know how your network looks like right now but also easily visualize to how it is performing.

Imagine going from a world of clipboard inventory, 2 times a year, to a fully automated discovery complete with a dynamically updated map of your network. Does it get any better than that? Possibly not, but then again the only constant with technology is change.

As we begin our discussion on how to provide great IT services, I hope you will start to think about, and hopefully act upon, the premise that “it ALL starts with discovery”.

P.S. As a public service announcement, I am providing you with a product link that can dramatically assist with the process of discovery/mapping and meets every requirement I describe above.  Visit WhatsUpGold Network Discovery for more details.

Share:
  • Facebook
  • Twitter
  • Digg
  • Tumblr
  • StumbleUpon
  • del.icio.us
  • Yahoo! Buzz
  • Google Bookmarks
  • Reddit

Data Privacy Day

January 27, 2012 Network Management Comments

By Jessica Kenney

On January 28th, the U.S. and many countries around the world join to celebrate Data Privacy Day. The annual celebration of Data Privacy Day is intended to promote awareness about how information is collected and to educate individuals of all ages about best privacy practices.  In today’s digital world, where we submit a vast amount of personal information on the web, we need to know how to protect our key information and ask the questions ‘Who is collecting this data?’ and ‘What are they doing with it?’

The National Cyber Security Alliance offers many resources for teens and young adults, as well as parents and kids in hopes of raising privacy issues at home, in the classroom, and throughout businesses.  Visit Staysafeonline.org to explore these educational resources and to spread awareness about Data Privacy Day!

Here at Ipswitch, the WhatsUp Gold offers many products, resources, and tools to help protect the infrastructure of your business and to guard against security threats and loss of key information. Learn more about solutions available from WhatsUp Gold.

Enhanced by Zemanta
Share:
  • Facebook
  • Twitter
  • Digg
  • Tumblr
  • StumbleUpon
  • del.icio.us
  • Yahoo! Buzz
  • Google Bookmarks
  • Reddit

By Jessica Kenney

Although WhatsUp Log Management Suite v10 makes log management for security and compliance as painless as possible – we’ve now made it even easier to save time! With the version 10.1 update, there are many new ways to enhance efficiency:

  • In addition to preexisting reports for HIPAA, SOX, etc, there are now new out-of-the-box, point-and-click reporting for FERPA, NERC CIP, and NISPOM
  •  Save time adding Syslog-generating devices to your log monitoring and archiving solutions:
  • More ways to be alerted of a potential breach with new alarms for Cisco IOS events

Learn more about WhatsUp Log Management v10.1 and all it has to offer. 

Try it FREE for 30-days!

Enhanced by Zemanta
Share:
  • Facebook
  • Twitter
  • Digg
  • Tumblr
  • StumbleUpon
  • del.icio.us
  • Yahoo! Buzz
  • Google Bookmarks
  • Reddit

By Lauren Smith

“Compliance & Security for IT Professionals”

  • Date: Tuesday, November 15th
  • Time: 10:00am US EST

Join the WhatsUp Gold team for this exciting webinar to learn what you need to know to keep your compliance and security counterparts off your back! We’ll cover:

  • How to detect and prevent unauthorized access to key enterprise information such as customer credit card data, employee, patient or financial records
  • Compliance regulations like PCI, SOX, FISMA and which ones apply to your business
  • Strategies for making compliance a part of your existing network management practices
  • Key compliance-centric reports you need to generate
  • How to leverage your WhatsUp Gold investment to help you with your security & compliance obligations

Everyone who attends is entered to win an iPad!

Learn more and register today!

Share:
  • Facebook
  • Twitter
  • Digg
  • Tumblr
  • StumbleUpon
  • del.icio.us
  • Yahoo! Buzz
  • Google Bookmarks
  • Reddit

By Lauren Smith

Join the WhatsUp Gold team for this exciting webinar and learn how to achieve IT compliance and security. Alex Coco will discuss:

  • Compliance regulations like PCI, SOX, FISMA and which ones apply to your business
  • Strategies for making compliance a part of your existing network management practices
  • Key compliance-centric reports you need to generate
  • How your investment in WhatsUp Gold and the WhatsUp suite of solutions can be leveraged to help you with your compliance obligations

Make sure to stay until the end of the session – we’ll announce one registrant as the lucky winner of an iPad!

  • Date: November 15, 2011
  • Time: 10:00am – 11:30am US EST

REGISTER NOW!

Share:
  • Facebook
  • Twitter
  • Digg
  • Tumblr
  • StumbleUpon
  • del.icio.us
  • Yahoo! Buzz
  • Google Bookmarks
  • Reddit

By Jessica Kenney

Have you done enough to protect your business against data breaches? Although people assume only large businesses are susceptible to data breaches, research shows that is not always the case.  In fact, attacks on companies with 100 or fewer employees are rising according to Verizon and the secret service.  In 2009, 27% of small businesses were victims, rising to 63% in 2010, which is extremely concerning.  Most data breaches occur when a third party gains access to confidential digitally stored information via weak firewalls or passwords and can result in the loss of anything from bank account information to legal secrets.  To protect against these threats, businesses should be proactive by identifying their weaknesses, strengthening passwords, securing firewalls, properly storing records, and training employees to be watchful and cautious.  If preventative steps are not taken, losses can be substantial and devastating!

Check out this cool infographic on data breaches!  http://networkedblogs.com/nY2xO   

Enhanced by Zemanta
Share:
  • Facebook
  • Twitter
  • Digg
  • Tumblr
  • StumbleUpon
  • del.icio.us
  • Yahoo! Buzz
  • Google Bookmarks
  • Reddit

By Lauren Smith

SANS Network Security 2011 will take place at Caesars Palace in Las Vegas from September 17-26, 2011. SANS Network Security is an annual event which offers network security training, certification, and research on the most important topics in the industry today.

The WhatsUp Gold team will be hosting a lunch and learn presentation:

 “Adding Rich Access Control and Audit Logging to Windows Applications

  • Presented by: Andy Milford – Product Manager, Log Management & Andy Hopper – Senior Software Architect
  • Thursday, September 22nd 12:30pm – 1:15pm US PST
  • Register to attend now! (link to registration)

Our session will cover how applications that target the Windows platform can incorporate the ability to manage highly granular access control and automate audit logging by using the security subsystems in the Windows operating system. Topics covered include discretionary access control lists, system access control lists, the Windows audit log and the Windows Authorization APIs.

Do you have an application that is managing potentially sensitive information? Then you must join us for this exciting lunch and learn presentation!
http://www.sans.org/network-security-2011/vendor.php

Share:
  • Facebook
  • Twitter
  • Digg
  • Tumblr
  • StumbleUpon
  • del.icio.us
  • Yahoo! Buzz
  • Google Bookmarks
  • Reddit