You are SO Hacked!
Well, hopefully not…but do you even know? Knowledge and awareness go a long way these days and with the profit motive driving the criminal activity these days, it pays to be obscure. Welcome to the shownotes for our security episode today featuring Cisco’s Tom Gillis and his new book, Marc Guntrip from ScanSafe for two whole segments (its great stuff), a back to the science lab BOT dissection class with Jimmy Ray and a really cool, did not see that coming, segment on the new LISP protocol with Darrel Lewis, co-chair on the LISP working group.
Have you seen the show yet? Be sure and catch the replay if not.
There’s an old saying that says“familiarity breeds contempt.” Perceived familarity can have an equally detrimental effect – lulling us into a false sense of complacency and blinding us to reality.
For many years there have been dire sounding warnings that cyberwar is looming somewhere on the horizon. Many have scoffed at those predictions; others have approached the topic with academic and even military interest. But what many have failed to realize is that cyberwar is already here and the battle is already being waged.
At the frontlines are YOUR corporate assets: intellectual property, research, schematics, sensitive proprietary data, and confidential customer and employee information.
Modern malware is merely a tool – and only one of many – used by cybercriminals to carry out their attacks. To approach today’s security challenge as a malware problem is to completely miss the bigger picture – it is a criminally run sophisticated e-business network intent on gathering intellectual and corporate assets. It is not simply a malware problem per se; it is a large scale cyber-espionage assault and all countries are being adversely impacted
Keys to the Show
Borderless Security’ – is this making sense?
Bot or Not – how well do you understand this threat?
Do you know how to reverse engineer a bot? Why would you?
Cloud Security – where does cloud fit into your personal hype cycle? NOT, to be clear, about protecting your ‘cloud.’ Cause, regardless of how you might define it, there is too much evidence that many functions make more sense off-site. Software as a Service is the delivery-model that ScanSafe has had incredible success with.
Protocol Watch – good network design never goes out of style. There is an inceased pressure, especially with the growth of these ‘off-site services,’ for our network to remain ever available. Darrel Lewis is co-chair of the IETF working group for LISP. Location ID Seperator Protocol. This is one you may not know right now – but it will soon be changing things for the better. Watch out for it.
State of Security, Jennifer Geisler and Tom Gillis
Borderless Security is not the most obvious concept to grasp. Tom Gillis, co-founder of IronPort systems wrote the book on it. He joins Jennifer to discuss it.
Jamey Heary did a good job posing some hard questions to Tom Gillis about the state of Cisco’s Security Strategy. Read the blog entry here.
Want to follow Cisco’s Borderless Network moves on your mobile phone? Check out the continually updated mobile version of their site.
The ability to identify and dissect a modern bot offers great promise for dealing with this threat. Jimmy Ray Purser shows the most common attributes to look for and shows how to do it.
– Debugging tools for Windows:
– IDA: http://www.hex-rays.com/idapro/idadownfreeware.htm
Cisco Security Blog had a nicely detailed write up on ‘Exploring a Java Bot’ (build links to parts 1, 2, 3)
I love these stories…”Russian Bot tries to kill off Rival”.…no honor among criminals?
Scan Safe Intro, Guest: Marc Guntrip
ScanSafe represents truly different methods for dealing with the most dynamic threats we are faced with. Marc Guntrip walks the ever-skeptical Jimmy Ray through the solution.
A little ScanSafe history,
Eldar Tuvey and his brother started ScanSafe in the UK back in 2004 with a different model.
Jamey Heary did a nice write up on ScanSafe awhile back.
Seth Hanford did a nice write up on the Security Blog with an overview: ScanSafe Report Highlights Attacker Thrift, Intellectual Property Risk
Cisco’s Main page on ‘Cloud Security’ is a great place to go…just don’t get confused by the fact that we are hosting security as a service..this is not about protecting your cloud. Does that make sense?
Web Intelligence Reporting provides a global, yet granular, view of your traffic and your security. Marc Guntrip of ScanSafe illustrates exactly what can be done with this powerful toolset.
I highly recommend this WIRE demonstration that Marc recorded prior to the Cisco acquisition.
LISP Guest: Darrel Lewis
Multi-homing your connection to the outside world has remained a painful activity. Darrel Lewis, Co-Chair of the IETF on Location Identifier Separation Protocol is bringing answers that are looking to reshape all of this for the better.
Want to go deeper on this? Check out the Google TechTalk.
Written stuff: LISP Tutorial (.pdf)
More handy info!
If you are STILL paying attention….perhaps you can win a prize…I will send a free copy of Tom Gillis’ new CiscoPress book to the first 5 people that leave ANY comment on this blog entry AND send me an email (robboyd (at) cisco dot com) with the answers to our Jimmy Ray T-Shirt Question of the day….(it really helps if you watched the show…)
In the spirit of Jeopardy…
It was introduced in the Nintendo 64 as an obstacle to be avoided. It has been made famous the hit Mario Kart and is the weapon of choice of popular primate Donkey Kong.
The second answer is:
In the 2007 Valve released the first part puzzle; part first person multi-player online shooting game: Portal. In this game, players used a specially developed “Handheld Portal Device” to travel between locations in three dimensional space, which introduced entirely new unique gaming physics to players. Who designed the Handheld Portal Device
Now….what are the TWO questions?