When:

Where: Omni Parker House Hotel – 60 School St Boston, MA 02108

Check In: 9:30am the event begins at 10:00am and will run until 1:00pm

Join us on December 17th at the Omni Parker House for the Government IT Security & Services Intelligence Event. Learn how more than 10,000 organizations, including hundreds of federal, state & local government agencies, use Splunk software to mitigate cybersecurity risk, prevent fraud, improve service performance, and reduce cost. There will be two different breakout sessions throughout the day:

Session One: Enterprise Security Session “Breach Management at Government-Scale” This discussion will show how Splunk can be used to scope and manage a breach in a structured and organized manner.
Session Two: IT Services Intelligence Session “Driving Government Efficiency and Ensuring Availability through IT Services Intelligence” The premise of this discussion will be to show how applying Splunk can give your organization get real-time and historical insights into the health of your physical, virtual, application, server, networking, storage components and services while driving increased efficiency across your enterprise infrastructure.

If you are interested in attending please CLICK HERE for information and to register. If you have any questions please contact rntmarketing@rutter-net.com!

Organizations are now beginning to understand the true impact of data breaches, malware, identity theft and the loss of critical intellectual property. Understanding the impact that these security threats is only half the battle, the other half is that organizations need to be prepared to face these challenges head on. The need for strong polices, procedures and technical controls which were often put in place to adhere to regulatory compliance and business requirements have become a critical piece of any IT strategy.

In order to be successful in implementing strong security controls, organizations must have a willingness to approach security from multiple strategic directions that extend beyond traditional venues of the datacenter and perimeter security.

Rutter Network Technologies is committed to helping its customers review, develop and extend security across the entire organization by working together to gain a deep understanding of the unique challenges and requirements of each organization. In conjunction with our customers, we will develop actionable polices, procedures and controls to ensure that these requirements are met and allow for the natural organic growth of any organization.

Our security practice is prepared to assist with any of the following areas:
• Pre and Post audit assessment and review
• Compliance review and policy development
• Incident response plan development
• Incident handling on demand
• Security architecture and strategy technical planning
• Ongoing process review

Rutter Security Technology Manager – Steve Baker will be speaking at the conference on Wednesday May 27^th at 10:00am. The topic will be ‘Evolution of Threat’.

If you would be interested in attending this conference please contact rntmarketing@rutter-net.com for more information regarding passes and scheduling!

Attendees will also be allowed participate in a hands-on lab to replicate the benchmark testing as well as use open-source tools to create their own malware variants to put Check Point’s Threat Emulation to the test! To register for the Unknown 300 Roadshow please Click Here.

On September 24, 2014, a vulnerability in the Bash shell was publicly announced. The vulnerability is related to the way in which shell functions are passed though environment variables. The vulnerability may allow an attacker to inject commands into a Bash shell, depending on how the shell is invoked. The Bash shell may be invoked by a number of processes including, but not limited to, telnet, SSH, DHCP, and scripts hosted on web servers.

All versions of GNU Bash starting with version 1.14 are affected by this vulnerability and the specific impact is determined by the characteristics of the process using the Bash shell. In the worst case, an unauthenticated remote attacker would be able to execute commands on an affected server. However, in most cases involving Cisco products, exploitation of the vulnerability results in an authenticated attacker having the ability to execute commands for which they are not authorized.

Who is affected by this?

VMWare
VMWare ESXi is not vulnerable.
http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2090740

Cisco UCS
Fixes will be available in the following upcoming releases:
3.0(1d) ==> ETA week of 10/13
2.2(3b) ==> released 10/9
2.2(2e) ==> ETA week of 10/13
2.2(1f) ==> ETA week of 10/13
2.1(3f) ==> ETA will be announced shortly
2.0(5g) ==> ETA will be announced shortly

The main Cisco link for all products is:

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140926-bash

Trend Micro
The Deep Security Virtual appliances (DSVAs) are currently vulnerable, with no patch available yet. I spoke with support and when the new DSVA is available, you should get a notification from your Deep Security Manager. There are no automated notifications available at this time, but I will be watching this link for updates
http://esupport.trendmicro.com/solution/en-us/1105233.aspx

Deep Security:

Fixed in 9.0 SP1 Patch 4

EMC/Brocade

Brocade:
Fixes should be posted this week (10/13)

Celerra:
Fixed : https://support.emc.com/kb/193192

DataDomain:
Remediation Plan in Progress

Avamar:
Remediation Plan in progress

Isilon:
Fixed: https://support.emc.com/kb/193304

Recoverpoint:
Remediation Plan in progress

VNXe:
Fixed: https://emc–c.na5.visual.force.com/apex/KB_ESA?id=kA270000000Cejw

VNX1:
Fixed: https://emc–c.na5.visual.force.com/apex/KB_ESA?id=kA270000000CelK&popup=true

VNX2:
Fixed, but additional patch coming to fix future upgrade issue:
https://emc–c.na5.visual.force.com/apex/KB_ESA?id=kA270000000CelP&popup=true

Linux

The following Linux distributions are vulnerable to the exploit, however most already have patches available

• Debian—https://www.debian.org/security/2014/dsa-3032
• Ubuntu—http://www.ubuntu.com/usn/usn-2362-1/
• Red Hat—https://access.redhat.com/articles/1200223*
• CentOS—http://centosnow.blogspot.com/2014/09/critical-bash-updates-for-centos-5.html
• Novell/SUSE— http://support.novell.com/security/cve/CVE-2014-6271.html

Rutter has been providing engineering services and solutions throughout the Commonwealth for over 15 years and is a trusted resource for many government agencies, cities/towns and educational institutions (K-16).  This contract awarded by OSD has begun on July 1, 2014 and will be for a 3 year period.

For more information on this contract and how you and your business may be able to utilize this please contact us at rntmarketing@rutter-net.com!

Rutter will be located at booth #220 for this event, please stop by and say hello! For more information on this event please contact us at rntmarketing@rutter-net.com or Register here. We look forward to seeing you at the 2014 Campus Technology Conference!

As mentioned before, whether or not the ‘cloud’ is secure is a main concern for both consumers and businesses. Putting your information into this cloud where you don’t know where it physically resides, what it consists of, or who is monitoring means it must have more security and issues than just storing it directly on site, right? Wrong, popular to contrary belief the cloud in many instances is even more secure than hosting your information onsite.

Take the cloud services that Rutter provides to our customers as an example. We can provide our customers with some of the most secure, reliable, and cost effective cloud solutions. Whether you want a hybrid model: where you would keep some of your information on premise and some in the cloud, or a fully hosted cloud solution where all your information would be hosted at the Rutter colocation at the Markley Group in downtown Boston…we have you covered!

Interested in more information on how you could have a secure and properly managed cloud solution that is cost effective for your business? Contact rntmarketing@rutter-net.com for more information!

If you are interested in learning more about the  ‘CRN ‘Tech Elite 250’ award that Rutter has recently received please contact rntmarketing@rutter-net.com!

Having a well thought out BC/DR plan today has become an overlooked business necessity and major pain point. Knowing that your data and information is being properly backed up in the event of an accident or disaster is crucial to any IT department. What would happen to your company and your critical data in the event of a disaster such as a fire or flood? Would you lose business-critical information? These unforeseen disasters often leave companies crippled due to data loss.

Did you know, “80% of companies that suffer a major disaster and don’t have any form of contingency planning go into liquidation within 18 months”? Having a plan in place for any unforeseen event is crucial to keeping your business operating smoothly. Without a proper BC/DR plan in place, you may be left with no way to recover information pertinent to maintain day-to-day business operations.

Does your company currently have a BC/DR plan in place? There are many steps that need to be taken to make sure that your data is properly backed up and can be easily recovered. We have come up with a quick questionnaire to help better determine if you are ready for an unanticipated disaster.

• What percentage of your Data are you backing up on a 24-48 hour basis?
• Is your data being backed up at multiple sites (i.e. a colocation)?
• Have you determined that your recovery time objective (RTO), recovery point objective (RPO) and maximum tolerable downtime (MTD) take place in a reasonable amount of time?
• Do you conduct annual or semi-annual assessments to determine that you would in fact be able to recover all of your data in a time frame?
• Can you access your data & critical information from multiple locations?

Rutter has helped develop BC/DR solutions for our customers in fields ranging from government agencies to pharmaceutical companies. We realize that every customer’s environment is different and tailor a solution that is truly unique to that business and their business objectives.  For more information on how Rutter can help you with all your BC/DR needs please contact rntmarketing@rutter-net.com!