Last year at the RSA security show, Cisco announced the SecureX security strategy. SecureX is designed to help organizations address security from a holistic perspective, rather than a siloed approach, using an integrated framework of innovative new security devices blended with the security-aware network. This approach allows organizations to truly address critical issues like BYOD and the consumerization of network enabled devices, the transition to virtualized data centers and cloud-based computing, the flood of data coming from social media sites and the use of new high-bandwidth services such as video collaboration, and the spread of sophisticated new attacks aimed at your organization’s soft spots. Cisco also announced powerful new tools to increase the reach and efficacy of security. The first was the addition of context awareness to security and network devices to add real granular control over users and devices. We also announced a powerful new policy-based solution, the Cisco Identity Services Engine, which allows organizations for the first time ever to truly take control of security policy creation, deployment, enforcement, and management. Next, we announced the broadening of our Security Intelligence Operations that allows us to fine tune our entire family of security solutions in real-time with actionable data gathered from hundreds of thousands of sensors located across the globe. Cisco SIO is now the largest threat telemetry service in the world. And in the year since that announcement we have continued to deliver innovative new devices and technologies designed to address security issues, from the endpoint, across the edge and branch, and out across the virtualized data center and cloud environments. So this year, at RSA 2012, Cisco will announce our plans to continue to drive innovation and revolutionize security through our SecureX strategy. For those of you heading out to this year’s event, here is a sneak peek at what you can expect: Read More »
We are often asked by customers about how they can prevent traffic from a certain country (let’s say country X) from entering their network. The motivations for doing this could vary. Sometimes a company does not do business with all countries in the world; therefore, the company doesn’t need to be accessible from all countries. Other times it is an issue of trust and security, where an administrator may not want to allow country X to enter their infrastructure. Finally, there are cases where country X has often been incriminated with malicious activity, so an administrator may want to block country X when there is no need for the organization to interact with this country. In this document I present a methodology on how to write a tool that provides the configuration lines to block country X, using your IOS router or ASA/ASASM firewall. Read More »
It’s that time of year again. The annual RSA security show brings together all the major security vendors under one roof for a week of training, announcements, and vendors hawking their latest wares. This year we can expect the usual cadre of legacy security vendors with their stand-alone, siloed products pretending that they now support clouds and mobile workers and BYOD. Booth babes, jugglers, magicians, and flashy giveaways will fill the exhibit halls while vendors play shell games with the security of customers, all adding a cacophony of noise to an already confusing situation.
Amidst all the hoopla and fanfare, however, Cisco Systems, the largest security vendor in the world, will be there with perhaps the only reasonable strategy for securing the networks organizations are creating today.
Last week it was reported in the media that two British tourists were detained at Los Angeles International Airport due to the threatening tone of messages on Twitter (“tweets”), as one of the two travelers had said that they were going to “destroy America” on their holiday. It turns out that either the U.S. Department of Homeland Security (DHS) noticed those tweets through their efforts to monitor social media, or, as has been suggested more recently, someone explicitly reported the tweets to DHS as a prank. The legal ramifications of this event are worthy of examination when we consider that this event contains elements of language (slang), location (whose laws apply based on where the alleged events took place), and intent — particularly if the prank allegation turns out to be true. Read More »
How many times have we encountered a situation where some part of the software industry starts small, in a closed environment, then grows and attracts a lot of attention before realising that things were not designed properly for this changed environment? On a large scale, I would say three times. It happened with the Internet, operating systems, and system and industrial control systems (also referred to as SCADA). This transition from a closed environment to an open environment inevitably exposes aspects that were overlooked during the development phase. The speed of this transition will only exacerbate the situation. Because SCADA systems are currently going through this transition I will call this a “SCADA Syndrome.”
The Cisco 4Q11 Global Threat Report has been released. The report covers the period from 1 October 2011 through 31 December 2011 and features data from across Cisco Security Intelligence Operations. This quarter’s contributors were Cisco Intrusion Prevention System (IPS), Cisco IronPort, Cisco Security Research and Operations (SR&O), and Cisco ScanSafe.
In this short article the reader will first learn what NetFlow is and how it works. Next the reader will understand how it can be as an important security tool. Finally, a technique for correlating NetFlow results with public sources of Internet reputation, along with the tool “Netoriety,” which implements the technique, will be introduced and explained. Read More »
The threat landscape is an ever evolving environment that must be addressed with constant iteration. Since the Cisco Intrusion Prevention System signature configuration has grown over the past few years, the Cisco Security Research and Operations IPS Signature Development Team performed an exhaustive review of the default IPS signature settings currently shipping. As a result of that analysis, the team will be releasing changes to the default signature set via signature updates in a two-phase process over the course of several months.
Up until recently I was an owner of a hybrid car from one of the leading car manufacturers. The mechanical side of the car was good but I always had some serious doubts about the car’s cockpit. In particular, the touch screen mounted squarely in the middle of the dashboard, presumably to be equally accessible to the driver and the front passenger.
It is certainly a new day and age for many aspects of today’s society. One prominent sector that continues to lead by example in this area is the Internet, more specifically the online shopping environment. Note that online shopping is not a simple matter of go to a website, click “buy,” and checkout. That would be too simple. Ironically the purchase aspect itself tends to be the simplest matter here. The crux of the experience begins with the search and research phase. What exactly does one need/want? Is there a particular brand in mind? Is there a popular alternative? The convenience of asking and gathering answers to these questions and many more begin the journey, and thanks to the power and slew of resources the Internet provides, shoppers are able to search common products, brands, uses, verify details such as durability, ease of use and more based on the numerous rating systems, applications, web 2.0 solutions, social networking, and the ongoing phenomena that continue to evolve. So what does this mean? What does this have to do with security? Quite simply, all of this equates to more TIME on the Internet. Furthermore, the continued rise in scam and theft activities during the holidays is an additional means for concern. As mentioned in a recent Cyber Risk Report Law enforcement and government agencies continue to search and seize counterfeit and fraudulent websites. This includes counterfeit merchandise in addition to fraudulent website domains. More time spent on the Internet means there is more potential for exposure to threats and vulnerabilities. Simple math right? That said, let’s look at some numbers to provide valued context…….
Organizations are faced with providing security for employees that are rapidly adopting new technology in their personal and professional lives and expect their work environments and employers to do the same. As the data from the new Cisco 2011 Annual Security Report and the Cisco Connected World Technology Report Chapter 3 show, organizations that do not or cannot provide that type of environment are at risk of losing the ability to compete for those employees and business opportunities. If employers attempt to block, deny, or forbid mobile devices, social networks, instant communications, and new technologies in the work place employees will likely ignore the policies or, even worse, find ways around them that open your environment to unrealized risks.
As a new father and a security professional, it terrifies me to think of my daughter roaming freely around the Internet. However, I feel like restricting her completely will cut off a valuable avenue for education.
Recently, it seems in the media there has been a push to move websites that contain adult content into the .xxx sponsored top level domain (sTLD) in order to easily classify them. While I understand the reasoning for this, there is definitely a large spectrum of additional content which, in my opinion, is unsuitable for children and disallowing access to this sTLD would not provide an adequately restricted environment.
It’s happening every day. People are inadvertently sharing one of the most personal and private pieces of information, the infamous social security number (SSN). For Jonathan Barnett, the unbelievable became a reality when he discovered that nearly 50 names were connected to his SSN. The irony is that his credit report and social security earnings records are clean. The nation’s creditors, employers, and many others depend on this identity system predicated on SSNs.
The Cyber Risk Report for November 7 through 13 covered the second consecutive Social Engineering Capture the Flag event that was organized by Defcon 19 (a prominent industry “underground” security conference). The event proposes a challenge to competitors with the focus of leveraging social engineering tactics to successfully obtain key company information from a list of prospective companies, with the ultimate goal (based on the past two years) of raising awareness of the threat impact social engineering has on organizations. Furthermore, the competition highlights the common tactics and aspects that social engineers employ. As this year’s competition drew to a close, the Social Engineering CTF Results Report (which provides a debrief of the event, outcomes, and lessons learned) puts an emphasis on the techniques utilized, and the reasons why the respective techniques ultimately succeeded or failed.
