Cisco Blogs

Cisco Blog > TechWiseTV

SIP SIP SIP Everywhere

Wow — everyone is talking about SIP these days but SIP connections really come in three flavors: SIP trunking (carrier side)SIP connections between PBXsSIP line-side (PBX to phone) The buzz I’m hearing these days is all about SIP on the carrier side. I’ve been tracking industry articles and blogs on this topic and there are two distinct opinions out there — people who advocate for SIP trunks from your carrier due to the flexibility and cost savings Helping Organizations and those who tell the story of a lack of reliability, challenges with support and negligible cost savings SIP Trunks: A Call to the Wild. What do Jimmy Ray and I think? Tune in on June 25th to find out. You can bet Jimmy Ray has a few thoughts on the security of SIP trunks!For those of you who really want to dive-in, check out the SIP Forum for lots of good details. After the show airs, I’ll post blog entries that will dive deeper into SIP connections between PBXs and SIP line-side and the pros and cons of each. If you have specific questions you want answered on these two areas — fire away now!

Protecting the Internet Edge

Jimmy Ray hosted one of his ‘white hat hacking master classes’ as one viewer termed it. Massive response yesterday to a great webex based security chat complete with video and application sharing. Record numbers registered and showed up. Here are some notes and helpful links that were asked for. The full replay of the event is available here: (COMING SOON)imageNotes and helpful links: Read More »

Passionate about Security

imageWe are having another ‘Technology Workshop’ this Thursday and the title is ‘Protecting the Internet Edge’ featuring our own Jimmy Ray Purser. As I was chatting with JR about this one, I am firmly convinced you DO NOT want to miss this. Assuming of course the subject of security is of interest. JR loves to share his passion for white hat hacking and teaching the ‘offensive’ maneuvers you should be making with your own networking resources. We have spoken numerous times about the defenders dilemma and a pure defensive approach is always going to fail to some degree at some point. If you are even remotely technical you will get something of value here. These workshop sessions are done via WebEx so that we can be interactive and a bit more casual.. The end result is a head full of knowledge, new ideas, new tools, etc. Hope you can make it. I will be there. Robb

Security Questions

What a fantastic show last week – “Crime Still Pays” featuring Patrick Peterson and Kevin Kennedy taped LIVE from the RSA 2009 show. (You can catch the recording right now with no waiting). We had questions and some consistency with ‘requests for clarification’ that I promised we would follow up on in the blog here. Several people inquired about a tool that Jimmy Ray referred to in rather loving fashion…it was ‘Maltego’ – an open source forensics application that can assist in drawing out hard to define relationships. * * * * * *Another common question we received was around MD6. What is it? In a nutshell…its new cryptography that although it had not had time to make it into any real products yet…it was already being used in Conficker B. This fact, plus the speed in which it was updated is fascinating. Here is a great explanation straight from the SRI International Analysis under the ‘implications of Variant C:In evaluating this mechanism, we find that the Conficker authors have devised a sophisticated encryption protocol that is generally robust to direct attack. All three crypto-systems employed by Conficker’s authors (RC4, RSA, and MD-6) also have one underlying commonality. They were all produced by Dr. Ron Rivest of MIT. Furthermore, the use of MD-6 is a particularly unusual algorithm selection, as it represents the latest encryption hash algorithm produced to date. The discovery of MD-6 in Conficker B is indeed highly unusual given Conficker’s own development time line. We date the creation of Conficker A to have occurred in October 2008, roughly the same time frame that MD-6 had been publicly released by Dr. Rivest (see While A employed SHA-1, we can now confirm that MD-6 had been integrated into Conficker B by late December 2008 (i.e., the authors chose to incorporate a hash algorithm that had literally been made publicly available only a few weeks earlier).Unfortunately for the Conficker authors, by mid-January, Dr. Rivest’s group submitted a revised version of the MD-6 algorithm, as a buffer overflow had been discovered in its implementation. This revision was inserted quietly, followed later by a more visible public announcement of the buffer overflow on 19 February 2009, with the release of the Fortify report ( We confirmed that this buffer overflow was present in the Conficker B implementations. However, we also confirmed that this buffer overflow was not exploitable as a means to take control of Conficker hosts. Nevertheless, the Conficker developers were obviously aware of these developments, as they have now repaired their MD-6 implementation in Conficker C, using the identical fix made by Dr. Rivest’s group. Clearly the authors are aware of, and adept at understanding and incorporating, the latest cryptographic advances, and are actively monitoring the latest developments in this community.* * * * * * iACL’s or ‘Infrastructure ACL’s’ were also a hot topic in this show. Read More »

Network Testing Reaches Breaking Point

Jimmy Ray caught up with Phil Trainor from BreakingPoint while at the RSA Conference…and then I happended to sit next to Kyle Flaherty, their Marketing Director on the plane ride home…(they are based in Austin, TX). Chance? I think not – shrewed marketers who realize that we have easy access to at lest 12 to 15 geeks…. Are you familiar with them? Jimmy Ray loves them and as you will see gives them high marks for their blog. technology. Great Guys. Texans. What more do you need?