http://www.watchguard.com//tips-resources/radio-free-security.asp en-us Copyright© 2007-2013 WatchGuard Technologies, Inc. You may copy and distribute this article freely in any medium as long as you copy and distribute the entire article without change and preserve this copyright statement and notice. Network security discussion from WatchGuard Technologies WatchGuard LiveSecurity Service Every IT professional could use more knowledge about network security, but who has time to study? Grab some knowledge on the go with Radio Free Security, the network security podcast produced by WatchGuard LiveSecurity Service reporters. Every IT professional could use more knowledge about network security, but who has time to study? Grab some knowledge on the go with Radio Free Security, the network security podcast produced by WatchGuard LiveSecurity Service reporters. no WatchGuard LiveSecurity Editor radiofreesecurity@watchguard.com http://feeds.feedburner.com/RadioFreeSecurity An explanation of memory faults that attackers can exploit The inaugural episode of Radio Free Security! LiveSecurity Editor-in-Chief Scott Pinzon interviews network security analyst Corey Nachreiner about emerging threats from January. Covered: Flaws in Cisco IOS; the misnaming of the Storm Worm; and the Month of Apple Bugs. In the Foundations segment, former penetration tester Steve Fallin explains in layman's terms what a buffer overflow is, then suggests some defenses against buffer overflow exploits. http://www.watchguard.com/archive/files/rfs/rfs0107.mp3 01 Jan 2007 25:27 buffer overflow, apple bugs, storm worm, livesecurity, network security Terms such as "stateful packet filter" and "security proxy" explained LiveSecurity Editor-in-Chief Scott Pinzon, CISSP, interviews network security analyst Corey Nachreiner about threats emerging from February. Covered: drive-by pharming, Distributed Denial of Service attacks, and Microsoft Office zero-day vulnerabilities. In the Feedback segment, a listener learns how to get more robust SMTP reports from the Firebox X 1000. In the Foundations segment, Steve Fallin, Director of Rapid Response, explains the terms "packet filter," "stateful packet filter," "proxy," and other firewall buzzwords. http://www.watchguard.com/archive/files/rfs/rfs0207.mp3 26 Feb 2007 36:09 firewall buzzword, firewall, stateful packet filter, security proxy, livesecurity, network security Security experts explain using layered defenses to "gang-tackle" spyware Corey Nachreiner discusses the odd backstory behind last month's gargantuan patch of 45 vulnerabilities in Apple's OS X. In the Feedback segment, Scott Pinzon highlights upcoming free security training videos, and listeners question advice from the previous episode. In the final segment, Steve Fallin outlines WatchGuard's four-point plan for stopping spyware. http://www.watchguard.com/archive/files/rfs/rfs0307.mp3 02 Mar 2007 34:46 spyware, security training, livesecurity, network security A network administrator explains how to derive useful meaning from high-tech marketing fluff Veteran network administrator Steve Fallin decodes the strange dialect of marketing copy, then gives practical tips on how to get the right technology product on the first try. Corey Nachreiner, CISSP, examines the disturbing rise of zero-day security flaws in popular software. WatchGuard Product Manager Tim Helming provides an overview of cool new features and enhancements in the latest versions of WatchGuard appliance software. http://www.watchguard.com/archive/files/rfs/rfs0407.mp3 01 Apr 2007 42:00 fireware, security flaws, marketing, livesecurity A network security analyst explains bot nets, including new Russian innovations in bot net command centers. Also: IT Fantasy Help Desk. Corey Nachreiner, CISSP, reports on his findings after purposely letting bot nets infect his test network. Veteran technologists discuss security tactics and tips, including: reduced user rights and privileges; egress filtering; strategies for what to log; blocking unwanted outbound traffic using a DNS proxy, and more. Also: answers to questions from Firebox users, and IT Fantasy Help Desk. http://www.watchguard.com/archive/files/rfs/rfs0507.mp3 30 May 2007 48:47 bot net, dns proxy, it help desk, livesecurity, network security Hacker activities in Estonia, Italy, Czechoslovakia, and the US; ten great web sites for monitoring network security events. Also: SYN Flood, the cologne for IT professionals. Network security professionals discuss the persistent Distributed Denial of Service attack that plagued Estonia for over two months, and the sudden attack on 10,000 Italian web sites. Corey Nachreiner, CISSP, explains Mpack, a dangerous new tool bot masters will love. Veteran network administrator Steve Fallin shares his favorite 10 web sites for keeping up with emerging threats. Also: answers to questions from listeners, more IT Fantasy Help Desk, and SYN Flood, the cologne for IT professionals. Hosted by Scott Pinzon, CISSP. http://www.watchguard.com/archive/files/rfs/rfs0607.mp3 30 Jun 2007 58:00 top 10 security, hacker activities, syn flood cologne, mpack, fantasy helpdesk Special Black Hat Edition. How DNS fast flux techniques enable criminals to keep sites untraceable; from Black Hat 2005, Dan Kaminsky, Johnny Long, Tim Mullen, and others debate cyberterrorist plans. Dave Piscitello, a fellow of the ICANN Security and Stability Committee, explains how criminals use DNS fast flux techniques to make illegal web sites difficult to trace and shut down. Then, in a session recorded at Black Hat 2005, network security leaders debate whether cyberterrorists could actually shut down US infrastructure. Participants include Bryan Cunningham (Deputy Legal Adviser to Condoleezza Rice), Jim Harrison, Dan Kaminsky, Johnny Long, Tim Mullen, and from Sensepost, Roelof Temmingh and Jaco van Graan. Hosted by Scott Pinzon, CISSP. http://www.watchguard.com/archive/files/rfs/rfs0707.mp3 27 Jul 2007 57:25 black hat, cyberterrorists, dave piscitello, icann, fast flux Black Hat Roundup. Gadi Evron's report on the Estonian cyber-riot; David Thiel on attack vectors in "harmless" media files; enhancements found in new Firebox firmware. Our recap of Black Hat 2007 includes a report by network security analyst Corey Nachreiner on the Estonian cyber-riot, including what techniques worked for the attackers and what worked for the defenders. Steve Fallin interviews David Thiel, a researcher who has found numerous attack vectors in media files and media players formerly regarded as "harmless." WatchGuard product managers report on enhancements found in Firebox X Edge version 8.6, and Fireware 9.1. In the Listener Feedback section, senior trainers answer questions about how attackers intercept email; what to log and what not to log; sources of online security training, and more. Hosted by Scott Pinzon, CISSP. http://www.watchguard.com/archive/files/rfs/rfs0807.mp3 04 Aug 2007 67:00 cyber-riot, black hat, david thiel Security Awareness Month Edition. Gary Hinson, CEO of Isect Ltd., explains how to start effective security awareness training in your organization. Rob Graham, CEO of Errata Security, details an invisible attack called "sidejacking." Gary Hinson, CEO of Isect Ltd. In New Zealand, explains how to transform your organization so that all network users have a "security aware culture." Three short "Closetful of Clutter" segments explain how to get a free firewall, a free security book from Syngress, and a free video showing how botnets work. Concluding the Black Hat report, Rob Graham, CEO of Errata Security, explains "sidejacking," an attack easily implemented at wireless hot spots. Hosted by Scott Pinzon, CISSP. http://www.watchguard.com/archive/files/rfs/rfs0907.mp3 01 Sep 2007 61:00 cyber-riot, black hat, david thiel Corey Nachreiner explains new P2P botnet threats. Johnny Long, professional hacker, shines a new light on social engineering. Dave Piscitello, President of Core Competence, defends aggressive filtering techniques. Corey Nachreiner, CISSP, details the evolution of the Storm botnet from low threat to state-of-the-art malware. Google hacker Johnny Long explains the concept behind his latest book, No-Tech Hacking. Steve Fallin, Director of WatchGuard's Rapid Response Team, debates SMTP egress filtering with Dave Piscitello, ICANN Fellow. Dave describes overlooked proxying techniques for Firebox X Core and Peak models. Hosted by Scott Pinzon, CISSP. http://www.watchguard.com/archive/files/rfs/rfs1007.mp3 01 Oct 2007 50:33 botnet, hacking, p2p, johnny long, malware A UK security pro reports on HMRC's losing data about all UK children. Steve Fallin shows off his holiday modifications to the Tip-O-Matic. Chris Squier debunks TV depictions of computer forensics. Corey Nachreiner, CISSP, interviews UK security pro Steve Huddleston about Her Majesty's Revenue and Customs losing two disks containing PII for 25 million UK citizens. Steve Fallin, Director of WatchGuard's Rapid Response Team, shows off his holiday modifications to the Tip-O-Matic, a machine that dispenses security advice stamped on ping pong balls. Roving correspondent Chris Squier, CISSP, debunks TV depictions of computer forensics. Hosted by Scott Pinzon, CISSP. http://www.watchguard.com/archive/files/rfs/rfs1107.mp3 30 Nov 2007 37:12 UK security, tip-o-matic, chris Squier, computer forensics Scott Pinzon and Corey Nachreiner make six predictions about network security in 2008. Engineer Christopher Smith offers tips on using an HTTP proxy. Chris Squire offers a mock lament for overly-successful hackers. Scott Pinzon, CISSP, and Corey Nachreiner, CISSP, predict six developments in network security during 2008, covering topics such as international cyberwarfare, IPv6 adoption, OS X security, botnet trends, and more. Christopher Smith, WatchGuard Sales Engineer, explains what specific settings do to enhance security when using the Firebox's HTTP proxy. Roving correspondent Chris Squire, CISSP, offers "sympathy for the devil" in his lament about how hard the hacker's life has become. http://www.watchguard.com/archive/files/rfs/rfs1207.mp3 02 Dec 2007 44:23 http proxy, botnet trends, cyberwarfare, os x security New from Radio Free Security: A special podcast that's exclusively about using the Firebox. Shorter, sweeter, and secure-er. In this first episode, tech support experts Nathan Buff and Kyle Porter give you fine tuning tips for remote authentication. Product managers Tim Helming and Tom Fischer preview of Fireware Version 10, launching soon. And we answer your cards and letters. How is that possible, in a premiere episode? Listen and find out! http://www.watchguard.com/archive/files/rfs/rfsfs0108.mp3 14 Jan 2008 25:40 firebox special, remote authentication, fireware Segments include: A mysterious attack that made 10,000 legit sites spread malware; advice on complying with regulations and legislation; forensics expert Dave Kleiman's tips on following an intrusion. A mysterious attack placed trojans on over 10,000 legitimate web sites, causing them to distribute malware to their customers. How was it done? Corey Nachreiner, CISSP, reports. Chris Squier, CISSP, gives practical advice on how to make sure your network complies with every regulation, legislation, and industry standard relevant to your organization. Digital forensics expert Dave Kleiman (CCE, ISSAP, MCSE, MVP) provides tips on how to "follow an intrusion across your Windows network," using low-cost and no-cost tools. Hosted by Scott Pinzon, CISSP. http://www.watchguard.com/archive/files/rfs/rfs0208.mp3 01 Feb 2008 41:24 malware, forensics, compliance Radio Free Security's new podcast that's all about using the WatchGuard Firebox. All Firebox, all the time! In this episode, sales engineer Pete Adams describes several features of System Manager that show you exactly what's happening on your network. Training experts Nathan Buff and Kyle Porter talk about the new Mobile VPN client designed to work with Vista. And we read your emails from our Listener Mailbag! http://www.watchguard.com/archive/files/rfs/rfsFS0208.mp3 14 Feb 2008 28:20 firebox special, watchguard firebox, system manager Safety expert Linda Criddle tells how businesses can stay safe online. Scott Pinzon and Corey Nachreiner discuss new trends in bots. Lisa Phifer of Core Competence and Diana Kelley of Security Curve help wifi users avoid "evil twin" attacks. Online safety consultant and "white hat stalker" Linda Criddle of Look Both Ways describes how predators can grab information you thought was private. Scott Pinzon, CISSP, and Corey Nachreiner, CISSP, discuss alarming new trends in bots, including the "MayDay" botnet. Wireless network experts Lisa Phifer of Core Competence and Diana Kelley of Security Curve explain "evil twin" attacks - wireless access points that appear to be perfectly legitimate - and tell wifi users how to avoid them. http://www.watchguard.com/archive/files/rfs/rfs0308.mp3 27 Mar 2008 40:52 internet safety, watchguard Radio Free Security's "Firebox Special" focuses exclusively on how to use WatchGuard products and services. In this episode, we introduce a brand-new appliance, the WatchGuard SSL VPN. Training expert Kyle Porter explains Single Sign-On authentication, a new feature in Version 10. Sales engineer Pete Adams describes how System Manager can be used when you have many different Fireboxes on your network. And we announce the winner of our Listener Mailbag contest! http://www.watchguard.com/archive/files/rfs/rfsfs0308.mp3 14 Mar 2008 40:52 firebox special, ssl vpn, watchguard In a special episode dedicated to network security beginners, experts list the best books, conferences, and habits for teaching yourself security. A Very Special Episode: Welcome Newbies! This month's program is dedicated to new IT personnel who want to learn network security, but have almost no money or time. Fred Avolio, one of the inventors of the commercial firewall, recommends indispensable must-reads, the best conferences, forums to sign up for, and more. A mock quiz show, "The Network Security Beginner's Path of Truth," reveals basic principles of security. Mark Spivey, CISSP, explains how to get hands-on experience as a hacker, without hurting yourself or others. Answers to listener email questions leads to controversy about whether it's worthwhile to educate end-users on security. Hosted by Scott Pinzon, CISSP. http://www.watchguard.com/archive/files/rfs/rfs0408.mp3 02 Apr 2008 51:15 network security, fred avolio, firewall, mark spivey, watchguard Radio Free Security: Firebox Special focuses exclusively on how to use WatchGuard products and services. This month, we tackle one big topic: Helping you navigate the LiveSecurity web site. What are the key resources to help LiveSecurity subscribers use our products, and where exactly are they located? Radio Free Security's host Scott Pinzon, CISSP, crosses over to the Firebox Special to give us the scoop on product documentation, broadcast preferences, user forums, support incident reporting, and more. And, in our ever-popular "Listener Mailbag" section, we hear what you think about our shows, and announce another lucky contest winner! http://www.watchguard.com/archive/files/rfs/rfsfs0408.mp3 17 Apr 2008 33:40 livesecurity, firebox special, watchguard IT Security professionals explain the latest attack techniques aimed at web users, and how to avoid being tricked. Corey Nachreiner, CISSP, demystifies the workings of attacks that make legitimate web sites serve malicious software to their customers. Topics explained include SEO poisoning (sometimes called "Google cache corruption"); iFrames; and SQL injection performed against Active Server Pages. Professional hacker Johnny Long shares how his latest book helps feed children in Uganda. And Sandra Takeuchi shares the results of our April poll of listeners, setting the future direction for this podcast. Hosted by Scott Pinzon, CISSP. http://www.watchguard.com/archive/files/rfs/rfs0508.mp3 30 Apr 2008 41:13 livesecurity, iframe attack, seo poisoning, watchguard Radio Free Security's podcast on the WatchGuard Firebox includes a special focus this month on Report Manager. In this month's episode, we take a deep dive into Report Manager, which was completely redesigned in Fireware Version Ten. We'll hear three perspectives on it -- from Product Manager Steve Fallin, Principal Developer Mark Hughes, and Technical Support Rep Greg Gilbraith. Find out why it was changed, and get tips on how to use the new version. Plus, you'll learn about WatchGuard's new localized support for Version Ten. http://www.watchguard.com/archive/files/rfs/rfsfs0508.mp3 15 May 2008 28:00 watchguard, fireware, report manager, livesecurity, localized support Two teenaged hackers stole the domain of one of America's largest ISPs. Learn how to ensure that doesn't happen to you. Corey Nachreiner, CISSP, explains how the newly announced rootkit for Cisco IOS works, and what to do about it. Dave Piscitello of ICANN describes a hack where Comcast lost its domain names temporarily, and suggests preventive measures for any network administrator who manages domains. Hosted by Scott Pinzon, CISSP. http://www.watchguard.com/archive/files/rfs/rfs0608.mp3 05 Jun 2008 35:20 watchguard, fireware, report manager, livesecurity, localized support Radio Free Security's podcast on the WatchGuard Firebox focuses on how our products can help with environmental concerns. In this month's episode, Ian Kilpatrick of England's Wick Hill Group discusses how Europe is setting the pace for technology that is environmentally responsible - and how WatchGuard's UTM products lead the way. Also, Sandra Takeuchi introduces the new task-based Current Help pages on our web site, and technical trainer Matt Sando explains the differences between WatchGuard's two major SSL VPN solutions. http://www.watchguard.com/archive/files/rfs/rfsfs0608.mp3 15 Jun 2008 33:30 green network security, watchguard IT Security professionals review the latest data breaches in the headlines; a master con artist reveals tricks of his trade. In his Security Story of the Month, Corey Nachreiner, CISSP, briefly touches on several topics, including hackers taking over a server related to Citibank; poor disclosure at online catalog company Wards; and an embarrassing hijacking of web sites belonging to IANA and ICANN. In Part 2, Corey explains why everyone should worry about two new Apple OS X Trojans. Jack Wiles, a pioneering physical penetration test team leader, reveals how he successfully broke into company after company, always undetected. Hosted by Scott Pinzon, CISSP. http://www.watchguard.com/archive/files/rfs/rfs0708.mp3 02 Jul 2008 40:29 social networking, jack wiles, data breaches, watchguard IT Security professionals review the latest data breaches in the headlines; a master con artist reveals tricks of his trade. In this month's episode, Radio Free Security's Scott Pinzon and Corey Nachreiner, both CISSPs, analyze the recent news of a potential "DNS cache poisoning" scare. They explain what it is, and how Firebox admins can counteract it. Then, Tech Support Team Lead Ben Brobak discusses the finer points of getting VPN tunnels going, and keeping them alive. Plus, "Crazy Mark" Romano returns with a sales promotion special deal. http://www.watchguard.com/archive/files/rfs/rfsfs0708.mp3 16 Jul 2008 42:30 dns poisoning, firebox special, watchguard Two disgruntled men dominated the security news recently: an IT administrator who cared too much, and a spam king who got what's coming to him. Discuss. Two disgruntled men figured prominently in the news last month. Corey Nachreiner, CISSP, considers what lessons we can learn from engineer Terry Childs, who locked the City of San Francisco out of its own multi-million-dollar fiberWAN network. The CyberCrime Diaries segment answers the question, "Why don't the authorities stop cybercriminals?" by relating the five-year quest to convict spam king Robert Soloway. Hosted by Scott Pinzon, CISSP. http://www.watchguard.com/archive/files/rfs/rfs0808.mp3 01 Aug 2008 40:03 cybercrime, soloway, terry childs, spam, watchguard Radio Free Security's podcast on the WatchGuard Firebox focuses this month on where our products are going in the near future. In this month's episode, VP of Marketing Eric Aarrestad discusses WatchGuard's roadmap in the coming year - the release of XTM, or "Extensible Threat Management" products. Also, Tech Support Team Lead Ben Brobak returns to answer the latest hot-potato questions coming into our Support call center. http://www.watchguard.com/archive/files/rfs/rfsfs0808.mp3 15 Aug 2008 23:55 xtm, firebox special, watchguard Did Best Western Hotels lose eight million customer records to a hacker? IT security professionals discuss the latest breaches and countermeasures. In his Security Story of the Month, Corey Nachreiner, CISSP, describes the compromise of Best Western Hotels in Germany, and why it is not "the greatest cyberheist in history," as the Glasgow Sunday Herald claimed. Mark Waldstein joins the show and discovers the Tip-O-Matic, which dispenses tips on EULAs, backups, and security by obscurity. The world of network security moves so fast that major events happened after we recorded our first two segments at the end of August, so Scott Pinzon finishes with updates from Sept. 8. Hosted by Scott Pinzon, CISSP. http://www.watchguard.com/archive/files/rfs/rfs0908.mp3 09 Sep 2008 32:36 tip-o-matic, cybercrime, watchguard, security tips The Anti-Phishing Workgroup reports on techniques that phishers use to make it harder for authorities to identify and take down scam web sites. Dave Piscitello, Senior Security Technologist for ICANN and a member of the Anti-Phishing Workgroup (APWG), describes how scam artists utilize second-level domain names to make it harder for authorities to take down scam web sites. Mark Waldstein and Scott Pinzon, CISSP, discuss security trends, including a TCP/IP stack vulnerability rumored to potentially take down the Internet. And a new segment called "Geek to Geek" spotlights a barbershop quartet that sings about Star Trek. Hosted by Scott Pinzon, CISSP. http://www.watchguard.com/archive/files/rfs/rfs1008.mp3 06 Oct 2008 35:20 star trek, geeks, phishing, watchguard, security tips Network security topics for small to medium businesses include how unwitting Facebook users were tricked into attacking a web site. WatchGuard trainers answer a network administrator's question about how to lock down a high school's network. Greek researcher Elias Athanasopoulos explains how social networking sites such as Facebook could be easily transformed into "Facebots" that sustain Denial of Service attacks against targets on the Web. WatchGuard introduces a new wireless bridge to help you securely connect to the Internet via 3G. Corey Nachreiner, CISSP, discusses security trends, and in his Security Story of the Month, covers the worst Microsoft vulnerability in two years. Hosted by Scott Pinzon, CISSP. http://www.watchguard.com/archive/files/rfs/rfs1108.mp3 05 Nov 2008 48:16 proxies, content types, facebots, social networking, dos attacks 68 of the largest Internet Service Providers report on security problems; an ex-KGB Major General dishes dirt on bugging the USA. Senior Network Security Analyst Corey Nachreiner, CISSP, details the happy results of Internet Service Providers (ISPs) shutting down McColo.com, but he questions the methods used. Danny McPherson, Vice President and CSO of Arbor Networks, discusses some surprising findings in his annual Worldwide Infrastructure Security Report, which details what the largest Internet data carriers worry about. Oleg Kalugin, former Major General in the Soviet KGB, details how Russia bugged the US Senate, the Foreign Relations Committee, Henry Kissinger, and even Kissinger's fiancee. Hosted by Scott Pinzon, CISSP. http://www.watchguard.com/archive/files/rfs/rfs1208.mp3 02 Dec 2008 48:48 infrastructure security, kgb, isps, spying, security problems A lively discussion on what to expect in 2009 -- and what NOT to expect -- on a wide range of network security issues, including social networking, DNS-SEC, SaaS, IPv6, botnets, and much more. Senior Network Security Analyst Corey Nachreiner, CISSP, and Information Security Analyst Scott Pinzon, CISSP, host their second annual Security Predictions episode. They assess and score the six predictions they made in December 2007 about 2008; issue several predictions of what will NOT happen in 2009; and predict six new trends to anticipate this year. Seth Fogie, a leading mobile malware researcher, guests. The wide-ranging discussion touches on such topics as IPv6, SSL/HTTPS, social networking, botnet innovations, cloud computing, mobile computing, cyber-legislation, cyber riots, DNS SEC, eating crow, and much more. Music by Hardly Art. http://www.watchguard.com/archive/files/rfs/rfs0109.mp3 06 Jan 2009 1:04:29 infrastructure security, kgb, isps, spying, security problems WatchGuard Product Manager Nat Hillary debunks ten of the most common PCI compliance myths In the inaugural 2009 episode of Radio Free Security, Senior Network Security Analyst Corey Nachreiner, CISSP, and WatchGuard Trainer Nathan Buff talk about a huge industry data breach, a fast spreading worm with potential to become a botnet, and a broken cryptographic hash function. Nat Hillary, a Product Manager for WatchGuard, shares the top ten myths about PCI compliance, which may convince you that PCI compliance isn't as herculean a task as you might have feared. (Learn more about PCI at <a href="http://www.watchguard.com/products/industrysolutions/retail.asp">WatchGuard's Retail page</a>). Finally, we open our mailbag to share some of our listeners' security predictions for 2009. Hosted by Corey Nachreiner, CISSP. http://www.watchguard.com/archive/files/rfs/rfs0209.mp3 26 Feb 2009 1:21:13 PCI, Heartland, Conficker, Downadup, MD5, security predictions, livesecurity, network security Can you get ROI on your security expenditures? Listen to find out In this double dose of Radio Free Security, Senior Network Security Analyst Corey Nachreiner, CISSP, and WatchGuard Trainer Nathan Buff talk about two months worth of security stories. Topics include; the latest zero day exploits, security problems plaguing Facebook, the latest Conficker updates, and the BBC's questionable use of a malicious botnet. Also, Gary Spiteri, a Sales Engineer for WatchGuard, shares a talk he heard about whether or not you can get ROI on your security expenditures. He shares some tips that should help you stretch your security budget in these tough economic times. Finally, we open our mailbag to answer WebBlocker questions posed by one of our listeners. Hosted by Corey Nachreiner, CISSP. http://www.watchguard.com/archive/files/rfs/rfs0309.mp3 14 Apr 2009 1:08:10 ROI, conficker, zero day, HTTPS, botnets, social networking, livesecurity, network security A review of WatchGuard's 2011 Security predictions in hindsight Radio Free Security returns after two years radio silence! In this episode, Corey Nachreiner looks back at WatchGuard's 2011 security predictions with Tim Helming and Ben Brobak, to see how well - or how badly - we did. Topics covered include, Cyberwar, APTs, Facebook links, and more. Did we call the year correctly, and what did we learn from the results. Listen and find out. http://www.watchguard.com/archive/files/rfs/rfs0112.mp3 30 Jan 2012 1:10:40 cyberwar, APT, Facebok, VoIP, DLP, livesecurity, network security WatchGuard's security strategist shares his security predictions for this year Last episode we looked back at WatchGuard's 2011 security predictions. Now it's time to look towards the future. Do you know what security threats and trends you should expect this year? If not, join Corey Nachreiner, Ben Brobak, and Tim Helming to find out. We'll cover many topics, from malware on app stores, to power plants with viruses. We'll also try to share a few security tips along the way. So grab a cup of joe, sit back, and enjoy the show. http://www.watchguard.com/archive/files/rfs/rfs0212.mp3 2 Mar 2012 1:11:17 virtualization, cloud security, BYOD, cyberwar, APT, Facebook, livesecurity, network security Learn how to secure and manage the menagerie of mobile devices in your network In this episode, we return to our regular format. During the first segment, Corey interviews guest expert, Dean Colpitts, to discuss practical ways IT administrators can manage and secure Mobile devices. Next up? The return of "The Security Story of the Month". Tim, Richard, and Corey explore three big security stories from the month, and decide which is the most important. Grab a hot beverage, get comfy, and check out this month's show. http://www.watchguard.com/archive/files/rfs/rfs0312.mp3 30 Mar 2012 1:07:13 BYOD, Mobile security, MDM, iOS, Android, WatchGuard, LiveSecurity, network security, Anonymous, LulzSec, RDP, exploits, vulnerabilities, Pwn2Own Exploring the history of virtualization and its security ramifications In this month's Security Spotlight, Corey chats with WatchGuard's Director of Product Management about the history of virtualization and its security ramifications. He also learns about WatchGuard's upcoming virtual security solutions. Next, listen in on the "Security Story of the Month," where Christian, Chris, and Corey talk about cyber legislation, big breaches, and a nasty Mac botnet. So sit down, relax, and enjoy the show. http://www.watchguard.com/archive/files/rfs/rfs0412.mp3 30 April 2012 1:25:00 virtual security, virtualization, vmware, Apple, OS X, Flasback, Global payments, WatchGuard, LiveSecurity, network security, CISPA, exploits, vulnerabilities, worm, botnet Learn how application control can secure networks and control productivity In this month's Security Spotlight, Corey and Peter discuss Application Control; What is it? What can you do with it? And how do you get started? Learn how this powerful new security tool can increase your network visibility and control tenfold. Next, learn about the latest industry news during the "Security Story of the Month." Richard, Chris, and Corey discuss upcoming cyber legislation, paid security patches, and Android drive-by downloads. There's lots to learn, so be sure to listen in. http://www.watchguard.com/archive/files/rfs/rfs0512.mp3 5 May 2012 1:00:00 application control, Adobe, Android, Mobile Malware, certificates, Flame, APT, FBI, Going Dark, WatchGuard, LiveSecurity, network security, exploits, vulnerabilities, worms, botnet WatchGuard analysts examine the Flame worm, and consider the future of nation-state malware. Ben and Corey discuss the Flame worm in this month's Security Spotlight. What does this malware do, how does it spread, and how can you protect yourself from this type of advanced attack. They also discuss the evidence suggesting that Flame is a government sponsered cyber attack, and what that means for the future of network and information security. Also stay tuned for the "Security Story of the Month," where the LiveSecurity team chat about the Linkedin breach, Apple's new security stance, and intellectual property swiping malware. For your latest dose of security news and education, listen to this month's episode. http://www.watchguard.com/archive/files/rfs/rfs0612.mp3 3 July 2012 1:37:05 Flame, Flamer, Skywiper, Autocad, Linkedin, APT, Apple, WatchGuard, LiveSecurity, network security, exploits, vulnerabilities, worms, botnet WatchGuard analysts highlight and discuss the biggest talks from this year's Blackhat and Defcon conferences. In July's Security Spotlight, guest host Ben Brobak interviews Corey Nachreiner about the most interesting briefings he attended at this year's Black hat security conference. They discuss the implications of some of these new threats and share security tips along the way. This episode's "Security Story of the Month" also shares a Blackhat and Defcon theme, with many of the biggest stories coming from these two popular security conferences. A roundtable of WatchGuard experts discuss NFC attacks, router rooting, and a serious problem with MS-CHAPv2 authentication. Tune in to learn all about Blackhat, Defcon, and the most important security news from July. http://www.watchguard.com/archive/files/rfs/rfs0712.mp3 2 August 2012 1:30:09 Blackhat, Defcon, NFC, router hacks, strikeback, cyber security, MS-CHAPv2, PPTP, uplay, WatchGuard, LiveSecurity, network security, exploits, vulnerabilities WatchGuard security experts highlight August's major security incidents and share best practices. August's abbreviated episode includes an exciting Security Story of the Month segment and a trip down memory lane, with the Tip-o-matic 650. In this month's security news recap, Richard Gilmour, Christian Garland, and Corey Nachreiner highlight the most concerning security stories and incidents from August. The segment includes a new advanced persistent threat, some paradigm shifting malware, and a highly critical Java zero day vulnerability that attackers are exploiting in the wild. Be sure to listen for the latest defenses. We also dust off an old Tip-o-matic 650 clip. Listen to past Radio Free Security hosts share a few security best practices that are still relevant today. So grab a seat, get comfortable and click play. http://www.watchguard.com/archive/files/rfs/rfs0812.mp3 5 September 2012 1:15:45 Crisis, VMware, virtual security, Java, zero day, Mat Honan, Gauss, APT, WatchGuard, LiveSecurity, network security, exploits, vulnerabilities Nachreiner interviews a Smart Grid security expert from Alstom Grid about SCADA and ICS security Digital network attacks that can blow up generators, shut down power grids, or damage nuclear facilities seem like the stuff of science fiction. However, we currently live in a world where nation-states launch just such attacks against one another, and may escalate them in the future. In this episode, Nachreiner interviews an industry expert from Alstom Grid about SCADA and ICS systems, and the ramifications of digital attacks against physical infrastructure. Nachreiner also joins two other WatchGuard security experts to identify the Security Story of the Month. They talk about stolen digital certificates, Internet Explorer zero day, and a big network breach, to decide which story has the greatest ramifications for the industry. Join us for another exciting episode of Radio Free Security. http://www.watchguard.com/archive/files/rfs/rfs0912.mp3 2 October 2012 1:15:37 SCADA, ICS, Smart Grid, zero day, Stuxnet, cyber attack, APT, WatchGuard, LiveSecurity, network security, exploits, vulnerabilities, Telvent, Alstom Grid, Adobe, digital certificates, breach, HTTPS, CRIME, SPDY Most security breaches are due to one simple problem. Learn what it is and how to fix it. In October's Security Spotlight, Ben Brobak and Corey Nachreiner unveil the secret culprit for most security breaches. More importantly, they discuss firewall policy best practices that will help you avoid such breaches. Also, learn about WatchGuard's new RapidDeploy capability in an interview with Product Manager, Johnni Aguirre. Finally, we discuss cyber espionage accusations, new nation-state sponsored malware, and some major DDoS attacks in this episode's Security Story of the Month segment. We cover a lot in this episode, so sit down, relax, and enjoy the show. http://www.watchguard.com/archive/files/rfs/rfs1012.mp3 1 November 2012 1:49:05 cyber espionage, firewall, security policy, best practices, egress filter, RDP, miniFlame, Huawei, DDoS, cyber security, WatchGuard, LiveSecurity, network security, exploits, vulnerabilities The WatchGuard analyst team reviews our 2012 predictions to see how we did. We're nearing the end of the year, which means it's prediction time. In the first of two special episodes, the Radio Free Security team looks back at our 2012 security forecasts. Did our predictions for the year ring true, or were they epic fails? Join Corey Nachreiner and the co-hosts from the Security Story of the Month to find out. The discussion covers a bevy of topics, including mobile malware, APTs, BYOD, virtualization, location awareness, infrastructure attacks, and much more. Whether you're curious how our predictions did, or you just want to review the most relevant security issues from 2012, this episode is for you... And don't forget to join us next time, when we reveal our 2013 predictions. http://www.watchguard.com/archive/files/rfs/rfs1112.mp3 5 December 2012 1:24:34 2012 security predictions, BYOD, virtualization, APT, HTML 5, Facebook, breaches, SCADA, hardware hacks, cyber security, WatchGuard, LiveSecurity, network security Corey unveils his 2013 security predictions to the RFS analyst team to see what they think. Last episode, we reviewed our 2012 security prediction results. This time we unveil WatchGuard's 2013 security predictions. They cover topics like life-threatening hardware hacks, mobile device pick-pockets, cyber strike-back, zombie browsers, and much more. Whether or not these predictions come true, the episode explores many real infosec trends that everyone, from the smallest consumer to the largest enterprise CSO, will face in 2013. Join us for a glimpse into the future of cyber security. http://www.watchguard.com/archive/files/rfs/rfs1212.mp3 19 December 2012 2:02:56 cyber security, WatchGuard, LiveSecurity, network security, info sec, predictions, digital death, cyber death, virtualization, zombie browser, NFC, android, mobile malware, mobile wallets, vulnerability market, exploits, IPv6, strike-back, android, cyber legislation The LiveSecurity analyst team highlights the major security incidents from January. During this month's Security Story of the Month segment the LiveSecurity analyst team discusses the biggest InfoSec stories from January. Topics include wide-spread Java zero days, a nasty new advanced malware campaign called Red October, some industry-wide Universal Plug and Play vulnerabilities, and much more. Also stay tuned for What's Up With WatchGuard, where WatchGuard's XTM appliance product manager unveils some exciting new security hardware. Settle down, adjust your volume, and enjoy the show. http://www.watchguard.com/archive/files/rfs/rfs0113.mp3 6 February 2013 1:02:14 cyber security, WatchGuard, LiveSecurity, network security, info sec, Red October, Java, zero day, 0day, Radio Free Security, UPnP, H.D. Moore, Metasploit, Aaron Swartz, XTM, 11.7 The LiveSecurity analyst team discusses some of the biggest InfoSec stories from February and March. In our March episode, the LiveSecurity analyst team discusses two months worth of InfoSec news during our Security Story of the Month segment. We cover new weaknesses in a cipher associated with SSL and TLS, more zero day Java exploits, a severe sentence in a cyber security trial, the largest DDoS attack ever seen, and more. We also debut a funny, security-themed Thrift Shop parody song made by WatchGuard employees. So get comfy, adjust your volume, and enjoy the show. http://www.watchguard.com/archive/files/rfs/rfs0313.mp3 4 April 2013 1:08:17 cyber security, WatchGuard, LiveSecurity, network security, info sec, Java, zero day, 0day, Radio Free Security, DDoS, Spamhaus, Cyberbunker, RC4, SSL, BEAST, Mandiant, APT1, China, Weev, cyber legislation, cyber law, honeypot, ICS, SCADA, DNS amplification