WatchGuard erstellt ständig neue Inhalte in der Knowledge Base. Die folgenden Artikel wurden im Januar 2016 hinzugefügt. Um die WatchGuard Knowledge Base zu durchsuchen, verwenden Sie die Technische Suche (Technical Search) im WatchGuard Support Center.

Artikel

• WatchGuard AP200 wireless antenna radiation patterns
• WatchGuard AP300 wireless antenna radiation patterns
• WatchMode
• Mobile VPN with SSL connections fail from Windows XP, Vista, or Mac OS 10.8.x
• Are WatchGuard products affected by the Linux kernel vulnerability (CVE-2016-0728)?
• NETGEAR AC340U modem not working with Firebox

Known Issues (Login auf der WatchGuard Website erforderlich)

• Cannot add additional gateway pair to dynamic VPN in Fireware Web UI
• APT threat detected in POP-3 proxied traffic that is dropped causes all email downloads to fail
• Bonjour traffic cannot pass between Firebox interfaces

Die im 4. Quartal 2015 gestartete Trade-Up Sonder-Promotion „Red for Red“ ist eine der erfolgreichsten Kampagnen in der Firmengeschichte von WatchGuard. Daher soll dieses Angebot auch im 1. Quartal 2016 fortgesetzt werden. Starten Sie mit dem aktuellsten Security-Equipment ins neue Jahr – bezahlt werden müssen dabei nur die Services.

Drahtlose Verbindungen sind populär und in vielen Unternehmen schon Realität. Besonders wichtig sind drahtlose Lösungen, die auch SICHER sind. Denn ohne eine stabile Sicherheit wird drahtlose Konnektivität zum unkalkulierbaren Risiko.

Der AP300 Wireless Access Point von WatchGuard geht am 13.01.2016 an den Start. Seine Leistungsmerkmale erfüllen genau die Anforderungen des Marktes:

• Drastisch erhöhter Schutz: Mit WatchGuard können die Benutzer dafür sorgen, dass sämtlicher Drahtlosverkehr die Ebenen der Sicherheitsprüfung durchläuft – einschließlich AV, IPS, WebBlocker, spamBlocker, App Control, Reputation Enabled Defense, APT Blocker und Data Loss Prevention.

• Visualisierung der Wireless-Aktivität: Drahtlose Netzwerke stellen bei der Sicherheit oft einen blinden Fleck dar. WatchGuard Dimension ist im Standardumfang jeder WatchGuard-Firewall enthalten und bietet cloudbasierte Einblicke in den Netzverkehr – sowohl in Echtzeit wie auch verlaufsbezogen. Dimension beinhaltet AP Dashboards zum Analysieren der Reichweite der kabellosen Lösung. Die Rogue-AP-Erkennung zeigt zudem unautorisierte APs im Netzwerk an.

• Einfache Bereitstellung und Verwaltung: WatchGuard ermöglicht eine deutlich vereinfachte Konfiguration und Verwaltung, indem sowohl das drahtgebundene wie auch das drahtlose Netzwerk in einer zentralen Ansicht gemeinsam verwaltet werden. Zu den verschiedenen Managementoptionen zählen der Windows-basierte WatchGuard System Manager, eine webbasierte Anwenderoberfläche, das cloudbasierte Dimension Command-Tool und CLI.

Unlike cyber criminals, who want to stay under the radar, Hacktivists like to make big splashy messages. The whole point of “cyber” activism is to use technology to get as many people as possible to notice your message, whatever it may be.

Prediction video link: https://youtu.be/EEbqr-2XFRk

Anonymous is a great example of this, with their well-known videos containing a man in a suit wearing a Guy Fawkes mask and speaking with a distorted voice over theatrical music. All of the Anonymous’ “operations” are designed to get noticed. Whether they’re trolling the Church of Scientology, DDoSing credit card providers, defacing websites, or doxing someone they disagree with, the goal is getting attention for their cause. What better way to get attention than to hijack a live TV signal or big event?

While hacktivists are known for their attention-grabbing videos, so far they’ve never taken over live TV or radio, and really gotten their message across to a wider audience. Movies and TV would have us expect “l33t h@x0rs” to take over the airwaves, but so far their strange hacktivist videos have been relegated to YouTube posts anyone can do. Hacking TV broadcasts may sound like sci-fi, but there is precedent. Back in the 80s, a weird, masked man (sound familiar?) took over a few Chicago TV stations for a few minutes at a time. While our TV broadcast have become more protected today, the breach to TV5Monde—a French broadcast network—shows that attackers still have the potential to take over the airwaves.

Next year, I expect cyber attackers to pull off some hack that gets broadcast to the world live. Perhaps they’ll take over a big stadium screen during the Super Bowl or World Cup; they might hijack all of the big TVs in Times Square; or perhaps they pull off the ultimate hacktivist’s dream, and hijack a major TV network’s live broadcast. Whatever it is, expect hacktivists to do something big that televises their revolution to the world live.

Visit our WatchGuard security predictions site

— Corey Nachreiner, CISSP (@SecAdept)

To be honest, wireless security hasn’t changed too much in the last few years. That’s not to say it’s perfectly secure. There are still plenty of folks using legacy WEP encryption standards, and organizations that use WPA2-PSK with a horrible password. There are also many wireless networks that don’t segment clients, so attackers can sniff plenty of private connections by hanging out on public hotspots. Furthermore, many SMB organizations haven’t solved the problem of rogue hotspots or evil twin hotspots. That said, there hasn’t been a huge, industry-wide wireless standard vulnerability in quite awhile.

Prediction video link: https://youtu.be/A4m6D6fqmWA

While we don’t know exactly what it’ll be, we suspect the next big wireless vulnerability will have to do with an “ease-of-use” feature. The Wi-Fi Protected Setup (WPS) standard was a great example of this possibility. WPS was designed to make it easier for new users to join a secure wireless network without having to remember a complex password. Unfortunately, it suffered from a flaw that made it easy for attackers to brute-force a WPS pin and gain access to the wireless network quickly. Unfortunately, usability features can sometimes clash with real security.

Recently, Windows included a new wireless feature called Sense. This feature is intended to allow you to automatically connect to secure wireless networks that your friends or acquaintances have used. While no one has found any issue with this feature yet, this is the type of feature that may introduce new wireless problems. In 2016, expect the next wireless security vulnerability to involve an ease of use feature like Sense.

Visit our WatchGuard security predictions site

— Corey Nachreiner, CISSP (@SecAdept)

When a hacker hijacks a computer, gaining persistence (or making sure his malicious trojan stays on the computer) is easy. The attacker just has to load malware onto the computer’s hard drive and make sure it runs when the computer reboots. However, hijacking the Internet of Things (IoT) is a different story. Many IoT devices don’t have local storage, and are often small embedded systems with low resources. Gaining persistence on these devices is much more difficult and may actually involve modifying the software these devices use to boot, which we call firmware.

Prediction video link: https://www.youtube.com/watch?v=iU63Bhmv6LU

Next year, we expect to see more researchers release proof-of-concept attacks that permanently modify and hijack the firmware of IoT devices. It’s not enough to just find a vulnerability in these devices, but you also have to figure out how to inject malicious code that can stick around. We expect to see vendors start to harden the security of their IoT devices by implementing secure boot mechanisms that makes it more difficult for attackers to modify firmware.

Visit our WatchGuard security predictions site

— Corey Nachreiner, CISSP (@SecAdept)