ICSA Labs Blog: IPSec

Understanding the benefits of ICSA Labs certification

Knowing the benefits of certification is important for security product vendors and enterprises to understand.

The first step is to understand what certification is and what it is not.

Why Certify? The Significance of ICSA Labs Certification

When it comes to security, many vendors consider certification of its products by an independent organization an option, not a requirement. However, third party testing is an important element when a company is deciding on technology solutions that are part of its security management program.

Q&A: George Japak of ICSA Labs Offers Advice around NCSA Month

This month marks the 11th anniversary of National Cyber Security Awareness Month (NCSAM) where raising awareness about cybersecurity is a top priority for both the public and private sector.

The Flame Reality & Swiss Cheese Security

Two articles appeared overnight that got me thinking. The first is a Reuter’s piece that says Iran has discovered and preempted a “massive, new cyber attack”. No real details are available, so it might be so, or it might not. It might even just be talking about Flame. http://www.reuters.com/article/2012/06/21/us-iran-cyber-nuclear-idUSBRE85K1EA20120621

When Ages and Revolutions Converge

As this is my first post on ICSA Labs’ blog, I thought I’d take a little bit of time to explain how I currently see the malware world. For those who don’t know me, I’ve been dealing with viruses and assorted malware since 1987, which is about when the first viruses appeared.

What’s the main IPv6 security issue in most networks?

There’s much evidence that World IPv6 Day was a success.  Whether it was or not, hopefully it's prompting people to think about transitioning their networks to IPv6.  So, what's the implication for your network's security?  Well, is IPv6 running in your network?  Are your network security devices configured to inspect IPv6 traffic, or are they even equipped to do so?  If you know the answers to these questions, then you probably don't need to cont

Have we really run out of IPv4 addresses?

There is a top-level worldwide administrator responsible for the overall pool of Internet addresses. This administrator is the Internet Assigned Numbers Authority (IANA), which hands out address blocks in Regional Internet Registries (RIR) – of which there are five.

Verizon Launches 2011 Data Breach Investigation Report – What Does It Mean for You?

On April 19, Verizon issued its much-anticipated 2011 Data Breach Investigations Report (DBIR).  This report has become the seminal report for the security community, and is eagerly awaited for each year. 

Some key takeaways from this year’s report:

Confused about new Texas Law, Title 10, Section 2059.060? Read the law itself.

The state of Texas recently had a law go into effect (on Dec. 1, 2010) that impacts the security product testing industry, including ICSA Labs.  The law has attracted a significant amount of attention, some of which is inaccurate. 

The law—and the administrative code that provides rules on implementation—includes a section that clearly and succinctly defines terms.  I encourage you to read the law yourselves, quotations and links provided below. 

IPv4 Addresses Depleting Faster Than I Thought

In October, I was interviewed and said that there were about 5 percent of IPv4 addresses left and 234 days left until the IPv4 addresses were used up (TechNewsWorld, “Get Ready to Kiss IPv4 Goodbye: Q&A With ICSA Labs' Guy Snyder”).  The 5 percent was fact, according to the Internet Assigned Numbers Authority (IANA), and the 234 was an educated guess based on previous use of addresses.