All-over-IP Expo 2013: Expertise in 5 Olympics Games, 70 Airports, 250 Safe City Installations to Be Delivered by IndigoVision

/0 Comments/in /by

All-over-IP Expo 2013 expands its comprehensive Video Surveillance portfolio with a new name – IndigoVision, a world’s leading manufacturer of IP video security solutions from the UK.

 

“The Russian market has great potential. Lots security installations in Russia could have a greater value if designed with IndigoVision solutions”, says Alexey Vikoultsev, Business Development Manager at IndigoVision.

 

“Airports, railways, oil and gas, mining, traffic, cities, police, banking, sports are just part of IndigoVision security expertise. We expect a growing demand for our experience and technology in Russia.”

 

Over the past 10 years, IndigoVision has been driving sales in Russia through channel partners which realised a number of successful projects. With business expansion due to increasing overall customer base, IndigoVision opened an office in Moscow so that now the company can provide fast and reliable local support to their partners and customers. IndigoVision has chosen All-over-IP Expo 2013 to be the first professional show in Russia where the company will introduce its solutions directly.

 

Alexey Vikoultsev, IndigoVision

“All-over-IP Expo is a special event that attracts a record number of pre-qualified security professionals. All-over-IP audience figures grow year on year.

 

IndigoVision, founded in 1994, has pioneered the IP video security market with numerous market firsts and is recognized within the industry as a thought leader. So it was an natural decision to get inroduced to a wider audience of Russian customers at All-over-IP Expo.

 

We believe our expertise in 5 Olympics games, 70 airports and over 250 Safe City installations, and best-of-breed IP technology will create much excitement among All-over-IP visitors. We are looking to generate high quality leads to boost our local sales as well as increase exposure and presence in Russia.”

 

6th Annual International ALL-OVER-IP EXPO 2013 is Russia’s No. 1 networking event for global IT, Surveillance and Security vendors and key local customers. All-over-IP brings together major global and Russian brands to ensure the best marketplace for the latest technology and innovation, and to lead customers to the Next Big Thing.

Primary Sponsor of All-over-IP Expo 2013: ITV | AxxonSoft – a leading software developer that combines IP-based physical security management, intelligent video surveillance, and an enterprise-wide platform.

 

Companies interested in exhibiting should contact Alla Aldushina at aldushina@groteck.ru

For keynote speaking opportunities please contact Olga Fedoseeva at fedoseeva@groteck.ru

 

6th Annual International ALL-OVER-IP EXPO 2013

November 20–21, 2013

Russia, Moscow, Sokolniki Expo

www.all-over-ip.ru

InfoSecurity Russia 2013: At the edge of trend. Line of Cryptography

/0 Comments/in /by

Cryptography has become one of the hottest topics in computer science. This has also enchanced the interest in secret function evaluation, private information retrieval or searchable encryption in general.

As the goal of the InfoSecurity Russia 2013 is to bring together the leading professionals, researchers and practitioners in the area of computer security the exhibition organizers couldn’t stay away from the subject of cryptography and invited Richard Moulds the strategy vice-president of Thales e-Security to discuss and share the latest findings in the field of cryptography and to exchange ideas that address real-world problems with practical solutions.

During InfoSecurity Russia 2013 Richard Moulds will present his report with the overview of the results of his eight-year study of global trends in the cryptography using, from laptops to databases, web sites, and cloud solutions. This report will be dedicated to the so-called “line of cryptography”, in which various organizations resolve the problem of information security, focusing on compliance and increase operational flexibility through consistent development. The visitors will be able to analyse the current situation in their companies and to determine the benefits and direction of «the line of cryptography».

InfoSecurity Russia’2013 will raise and extend this debate, highlighting both the practical issues involved and specific solutions to them. Our extended business program includes such sectors as:

ASC Protection,

Clouds.Data Storage

Personal Data

IT Infrastructure

Threating 2014

Foresight 2020

Demo Area:Testing Firewalls

Data Forensics

Fraud

Secure your participation in the Infosecurity Russia’2013 by the booth and/or seminar time-slot reservation at int@groteck.ru to provide full potential of your service and products.

GROTECK Business Media

International Team

Infosecurity Russia 2013

25-27-th September, Moscow,

Crocus Expo, Pavilion 5

eng.infosecurityrussia.ru

Main Russian events gathering efforts under the banks’ security topic

/0 Comments/in /by

Avangard-Center, organizer of the Ural Forum “Information security of banks” and Groteck Media Company, organizer of the International Forum “Security and Safety Technologies” with the support of the Association of Russian banks, have reached an agreement on the further expansion of cooperation.

Purpose of the agreement – creation of a comfortable environment of business communication between representatives of the financial institutions’ security units and coordination of activities both in terms of deadlines, and in terms of their topics.

Within the framework of reached agreements, there have been clarified the time constraints for Security of financial institutions Conference of the Security and Safety Technologies Forum, as well as the deadlines for conducting the Ural Forum. The Conference of TB Forum will be held on February 12, 2014. The VI Information Security of Banks Forum will commence in Magnitogorsk on February 17, 2014.

Besides, the Avangard-Center and Groteck representatives have expressed their intention to strengthen the mutual information support of the events.

Ural Forum “Information Security of Banks” – is the central business event of the sector of information security of banks and payment systems. It is a unique platform for direct communication, being a place engaging into dialogue the representatives of all state regulators (Bank of Russia, Federal Service for Communications, Information Technologies and Mass Communication Supervision, FSS of Russia, Federal Service for Technical and Export Control), law enforcement bodies, banks and payment systems, business communities and non-profit partnerships, companies – suppliers of information security solutions, specialized media. http://www.ib-bank.ru

International Forum “Security and Safety Technologies” – is the only exhibition in Russia, designed to demonstrate the integrated solutions in the field of protection of facilities, assets, employees, of the backbone enterprises of the Russian economy and state customers.

Within the framework of the Forum the biggest congress in Eastern Europe covering the entire spectrum of security issues and gathering more than 2,500 consumers, government representatives, public organizations, executives and industry professionals from 52 countries, is conducted. www.tbforum.ru

Association of Russian Banks (ARB) – is a non-governmental non-profit organization representing the interests of the Russian banking community. Established in March 1991.

As of December 31, 2012, the Association of Russian Banks had 713 members, including 507 credit institutions.

The Associate Membership Institute established by the Association of Russian Banks in 2011 has contributed to the consolidation of the banking community by allowing the banks belonging to the regional banking association, but having no membership in the ARB, to participate in the Association’s work (except for the right to be elected to the governing bodies). Taking into account the associate members, the Association of Russian Banks had 852 members, including 615 credit institutions.

The ARB’s membership includes 46 banks with a 100% foreign share, and 15 banks with more than a 50% foreign share in the authorized capital, 17 representative offices of foreign banks, as well as the member-companies of the Big Four Audit Firms. www.arb.ru

Bankir.ru acts as a strategic media partner at the TB Forum 2014 in the ‘Banks Security’ Section

Risks of Default Passwords on the Internet – Alert (TA13-175A) – US CERT

/0 Comments/in /by

Systems Affected

Any system using password authentication accessible from the internet may be affected. Critical infrastructure and other important embedded systems, appliances, and devices are of particular concern.

Overview

Attackers can easily identify and access internet-connected systems that use shared default passwords. It is imperative to change default manufacturer passwords and restrict network access to critical and important systems.

Description

What Are Default Passwords?

Factory default software configurations for embedded systems, devices, and appliances often include simple, publicly documented passwords. These systems usually do not provide a full operating system interface for user management, and the default passwords are typically identical (shared) among all systems from a vendor or within product lines. Default passwords are intended for initial testing, installation, and configuration operations, and many vendors recommend changing the default password before deploying the system in a production environment.

What Is the Risk?

Attackers can easily obtain default passwords and identify internet-connected target systems. Passwords can be found in product documentation and compiled lists available on the internet. It is possible to identify exposed systems using search engines like Shodan, and it is feasible to scan the entire IPv4 internet, as demonstrated by such research as

Attempting to log in with blank, default, and common passwords is a widely used attack technique.

Impact

An attacker with knowledge of the password and network access to a system can log in, usually with root or administrative privileges. Further consequences depend on the type and use of the compromised system. Examples of incident activity involving unchanged default passwords include

  • Internet Census 2012 Carna Botnet distributed scanning
  • Fake Emergency Alert System (EAS) warnings about zombies
  • Stuxnet and Siemens SIMATIC WinCC software
  • Kaiten malware and older versions of Microsoft SQL Server
  • SSH access to jailbroken Apple iPhones
  • Cisco router default Telnet and enable passwords
  • SNMP community strings

Solution

Change Default Passwords

Change default passwords as soon as possible and absolutely before deploying the system on an untrusted network such as the internet. Use a sufficiently strong and unique password. See US-CERT Security Tip ST04-002 and Password Security, Protection, and Management for more information on password security.

Use Unique Default Passwords

Vendors can design systems that use unique default passwords. Such passwords may be based on some inherent characteristic of the system, like a MAC address, and the password may be physically printed on the system.

Use Alternative Authentication Mechanisms

When possible, use alternative authentication mechanisms like Kerberos, x.509 certificates, public keys, or multi-factor authentication. Embedded systems may not support these authentication mechanisms and the associated infrastructure.

Force Default Password Changes

Vendors can design systems to require password changes the first time a default password is used. Recent versions of DD-WRT wireless router firmware operate this way.

Restrict Network Access

Restrict network access to trusted hosts and networks. Only allow internet access to required network services, and unless absolutely necessary, do not deploy systems that can be directly accessed from the internet. If remote access is required, consider using VPN, SSH, or other secure access methods and be sure to change default passwords.

Vendors can design systems to only allow default or recovery password use on local interfaces, such as a serial console, or when the system is in maintenance mode and only accessible from a local network.

Identify Affected Products

It is important to identify software and systems that are likely to use default passwords. The following list includes software, systems, and services that commonly use default passwords:

  • Routers, access points, switches, firewalls, and other network equipment
  • Databases
  • Web applications
  • Industrial Control Systems (ICS) systems
  • Other embedded systems and devices
  • Remote terminal interfaces like Telnet and SSH
  • Administrative web interfaces

Running a vulnerability scanner on your network can identify systems and services using default passwords. Freely available scanners include Metasploit and OpenVAS.

References

Revisions

FBI pressures Internet providers to install surveillance software

/0 Comments/in /by

An interesting article from CNET.com:

The U.S. government is quietly pressuring telecommunications providers to install eavesdropping technology deep inside companies’ internal networks to facilitate surveillance efforts.

FBI officials have been sparring with carriers, a process that has on occasion included threats of contempt of court, in a bid to deploy government-provided software capable of intercepting and analyzing entire communications streams. The FBI’s legal position during these discussions is that the software’s real-time interception of metadata is authorized under the Patriot Act.

Attempts by the FBI to install what it internally refers to as “port reader” software, which have not been previously disclosed, were described to CNET in interviews over the last few weeks. One former government official said the software used to be known internally as the “harvesting program.”

Carriers are “extra-cautious” and are resisting installation of the FBI’s port reader software, an industry participant in the discussions said, in part because of the privacy and security risks of unknown surveillance technology operating on an sensitive internal network.

It’s “an interception device by definition,” said the industry participant, who spoke on condition of anonymity because court proceedings are sealed. “If magistrates knew more, they would approve less.” It’s unclear whether any carriers have installed port readers, and at least one is actively opposing the installation.

In a statement from a spokesman, the FBI said it has the legal authority to use alternate methods to collect Internet metadata, including source and destination IP addresses: “In circumstances where a provider is unable to comply with a court order utilizing its own technical solution(s), law enforcement may offer to provide technical assistance to meet the obligation of the court order.”

AT&T, T-Mobile, Verizon, Comcast, and Sprint declined to comment. A government source familiar with the port reader software said it is not used on an industry-wide basis, and only in situations where carriers’ own wiretap compliance technology is insufficient to provide agents with what they are seeking.

For criminal investigations, police are generally required to obtain a wiretap order from a judge to intercept the contents of real-time communication streams, including e-mail bodies, Facebook messages, or streaming video. Similar procedures exist for intelligence investigations under the Foreign Intelligence Surveillance Act, which has received intense scrutiny after Edward Snowden’s disclosures about the National Security Agency’s PRISM database.

There’s a significant exception to both sets of laws: large quantities of metadata can be intercepted in real time through a so-called pen register and trap and trace order with minimal judicial review or oversight. That metadata includes IP addresses, e-mail addresses, identities of Facebook correspondents, Web sites visited, and possibly Internet search terms as well.

Read the rest here.