ICSA Labs Security Testing Blog

Dip in ICSA Labs’ Spam May be Due to Rustock Takedown

Several media outlets are reporting that the massive Rustock botnet, considered by many to be one of the world’s largest generators of spam, was taken down Wednesday, March 16 just before 11 AM EDT (3 PM GMT), resulting in a significant spam decrease.  

Confused about new Texas Law, Title 10, Section 2059.060? Read the law itself.

The state of Texas recently had a law go into effect (on Dec. 1, 2010) that impacts the security product testing industry, including ICSA Labs.  The law has attracted a significant amount of attention, some of which is inaccurate. 

The law—and the administrative code that provides rules on implementation—includes a section that clearly and succinctly defines terms.  I encourage you to read the law yourselves, quotations and links provided below. 

Maybe the initial discoveries were just the tip of an iceberg

Stonesoft published a press release today (available here) citing another 124 advanced evasion techniques (AETs).  The company again delivered the packet captures for each of the AETs that they uncovered to CERT-FI.  Additionally, ICSA Labs also has one of our senior technical analysts examining them.

Whether Evasions Are Old or New Is Beside the Point

Influenced by the infectious Christmas spirit, I recently wrote a blog entry posted on the antievasion.com website.  The blog entry attempts to put an end to the debate about whether or not Stonesoft

IPv4 Addresses Depleting Faster Than I Thought

In October, I was interviewed and said that there were about 5 percent of IPv4 addresses left and 234 days left until the IPv4 addresses were used up (TechNewsWorld, “Get Ready to Kiss IPv4 Goodbye: Q&A With ICSA Labs' Guy Snyder”).  The 5 percent was fact, according to the Internet Assigned Numbers Authority (IANA), and the 234 was an educated guess based on previous use of addresses. 

Papers Just Released on Advanced Evasion Techniques

In a recent blog entry, I referred to the impending release by Stonesoft of a white paper that would shed more light on the topic of Advanced Evasion Techniques (AETs).  Stonesoft recently released this white paper, which I co-authored.  The paper published on Stonesoft’s antievasion.com website is entitled, “

How to Select a Network Firewall

So you are looking to update or change out your existing firewall. Or perhaps you are purchasing a new firewall to supplement your existing security program. Or you are considering a new firewall based on the new functionality you have heard or read about. 

The obvious question is – “How do I decide what to get?” 

Announcing the VERIS Community Application

In March 2010, the Verizon RISK team released the VERIS framework, used to collect and classify the data in Verizon's well-known Data Breach Investigation Report (DBIR) series.  The hope is that the public release of VERIS would facilitate even wider participation in the effort and yield more data.

Our Product is Great! It’s 93 Percent Effective! Buy Our Product!

A product developer proudly sent out an e-mail blast to all of their friends and family stating that their product had done well in a recent third-party network IPS test. The developer was excited that the product had better than 93 percent coverage protection during the test. Ninety-three percent may be great for a high school exam, but for a product designed to protect enterprises from attacks, the product may not be doing very well if 7 percent of relevant enterprise vulnerabilities go unprotected.

How to Select an IPSec Gateway

Maybe your business is expanding. Perhaps the organization has compliance requirements it is trying to fulfill. It is possible that you have decided to tighten the security in your business sector. Or you could be just upgrading current equipment. Whatever the reason for selecting IPsec gateway solutions, you have many choices. In addition to all the choices, you probably have a lot of questions. Sure you can ask the vendor these questions.