Cisco Blogs


Cisco Blog > Cisco Interaction Network

You are SO Hacked

June 3, 2010
at 12:00 pm PST

You are SO Hacked!

Well, hopefully not…but do you even know?  Knowledge and awareness go a long way these days and with the profit motive driving the criminal activity these days, it pays to be obscure.  Welcome to the shownotes for our security episode today featuring Cisco’s Tom Gillis and his new book, Marc Guntrip from ScanSafe for two whole segments (its great stuff), a back to the science lab BOT dissection class with Jimmy Ray and a really cool, did not see that coming, segment on the new LISP protocol with Darrel Lewis, co-chair on the LISP working group.

Have you seen the show yet?  Be sure and catch the replay if not.

 

Tech

There’s an old saying that says“familiarity breeds contempt.” Perceived familarity can have an equally detrimental effect -- lulling us into a false sense of complacency and blinding us to reality.

For many years there have been dire sounding warnings that cyberwar is looming somewhere on the horizon. Many have scoffed at those predictions; others have approached the topic with academic and even military interest. But what many have failed to realize is that cyberwar is already here and the battle is already being waged.

At the frontlines are YOUR corporate assets: intellectual property, research, schematics, sensitive proprietary data, and confidential customer and employee information.

Modern malware is merely a tool – and only one of many – used by cybercriminals to carry out their attacks. To approach today’s security challenge as a malware problem is to completely miss the bigger picture – it is a criminally run sophisticated e-business network intent on gathering intellectual and corporate assets. It is not simply a malware problem per se; it is a large scale cyber-espionage assault and all countries are being adversely impacted

You can download the ScanSafe Security report (.pdf)

 

Keys to the Show

Borderless Security’ – is this making sense?

Bot or Not – how well do you understand this threat?

Do you know how to reverse engineer a bot?  Why would you?  

Cloud Security – where does cloud fit into your personal hype cycle?   NOT, to be clear, about protecting your ‘cloud.’  Cause, regardless of how you might define it, there is too much evidence that many functions make more sense off-site.  Software as a Service is the delivery-model that ScanSafe has had incredible success with.

Protocol Watch – good network design never goes out of style.  There is an inceased pressure, especially with the growth of these ‘off-site services,’ for our network to remain ever available.  Darrel Lewis is co-chair of the IETF working group for LISP. Location ID Seperator Protocol.  This is one you may not know right now – but it will soon be changing things for the better. Watch out for it.

 


State of Security, Jennifer Geisler and Tom Gillis

Borderless Security is not the most obvious concept to grasp. Tom Gillis, co-founder of IronPort systems wrote the book on it. He joins Jennifer to discuss it.

Tom Gillis Book

Securing the Borderless World (Tom Gillis)

Jamey Heary did a good job posing some hard questions to Tom Gillis about the state of Cisco’s Security Strategy. Read the blog entry here.

Want to follow Cisco’s Borderless Network moves on your mobile phone?  Check out the continually updated mobile version of their site.


Bot Forensics

The ability to identify and dissect a modern bot offers great promise for dealing with this threat.  Jimmy Ray Purser shows the most common attributes to look for and shows how to do it.

JR Botnet

Software required:
- Debugging tools for Windows:
http://www.microsoft.com/whdc/devtools/debugging/installx86.Mspx
- IDA: http://www.hex-rays.com/idapro/idadownfreeware.htm

Site:
www.skullsecurity.org

Dude:
Ron Bowes

 

Cisco Security Blog had a nicely detailed write up on ‘Exploring a Java Bot’ (build links to parts 1, 2, 3)

Part 1

Part 2

Part 3

Part 4

I love these stories…”Russian Bot tries to kill off Rival”.…no honor among criminals?  


Scan Safe Intro, Guest: Marc Guntrip

Marc Guntrip

ScanSafe represents truly different methods for dealing with the most dynamic threats we are faced with. Marc Guntrip walks the ever-skeptical Jimmy Ray through the solution.

A little ScanSafe history, 

Eldar Tuvey and his brother started ScanSafe in the UK back in 2004 with a different model.

Jamey Heary did a nice write up on ScanSafe awhile back.

Seth Hanford did a nice write up on the Security Blog with an overview: ScanSafe Report Highlights Attacker Thrift, Intellectual Property Risk

Cisco’s Main page on ‘Cloud Security’ is a great place to go…just don’t get confused by the fact that we are hosting security as a service..this is not about protecting your cloud. Does that make sense?


WIRE 

Web Intelligence Reporting provides a global, yet granular, view of your traffic and your security.  Marc Guntrip of ScanSafe illustrates exactly what can be done with this powerful toolset.

I highly recommend this WIRE demonstration that Marc recorded prior to the Cisco acquisition.

 


LISP Guest: Darrel Lewis

Multi-homing your connection to the outside world has remained a painful activity. Darrel Lewis, Co-Chair of the IETF on Location Identifier Separation Protocol is bringing answers that are looking to reshape all of this for the better.

Want to go deeper on this?  Check out the Google TechTalk.

Written stuff: LISP Tutorial (.pdf)

Jennifer shopping

 

More handy info!

Cisco AnyConnect

TAC Security Podcasts

 

Security Intelligence on the iPhone

BONUS QUIZ!

If you are STILL paying attention….perhaps you can win a prize…I will send a free copy of Tom Gillis’ new CiscoPress book to the first 5 people that leave ANY comment on this blog entry AND send me an email (robboyd (at) cisco dot com)  with the answers to our Jimmy Ray T-Shirt Question of the day….(it really helps if you watched the show…)

In the spirit of Jeopardy

First Answer:

It was introduced in the Nintendo 64 as an obstacle to be avoided. It has been made famous the hit Mario Kart and is the weapon of choice of popular primate Donkey Kong.
 
The second answer is:

In the 2007 Valve released the first  part puzzle; part first person multi-player online shooting game: Portal. In this game, players used a specially developed “Handheld Portal Device” to travel between locations in three dimensional space, which introduced  entirely new unique gaming physics to players. Who designed the Handheld Portal Device
 
Now….what are the TWO questions?
 

 

In an effort to keep conversations fresh, Cisco Blogs closes comments after 60 days. Please visit the Cisco Blogs hub page for the latest content.

13 Comments.


  1. Wow, nice post!

       0 likes

  2. I want that book! :)

       0 likes

  3. nice write-up

       0 likes

  4. Very educational on both high and low levels. It gave me a lot of homework to do. Great references of where to learn more, too.

       0 likes

  5. Robb Boyd

    Fantastic – we got a couple of answers right already…but we can take a few more…I will respond back to those that email in shortly!Thank you!Robb

       0 likes

  6. Great article! Hope you still have some books available!

       0 likes

  7. Robb Boyd

    Yes we do Robin, your answers were right on! Thanks for watching!

       0 likes

  8. Great information questions are in your inbox.

       0 likes

  9. TechWise shows are great, this one really rocks!!!

       0 likes

  10. great article

       0 likes

  11. Hi. Hope I’m not too late! I sent Questions to the Answers yesterday but just getting to the blog comment now.

       0 likes

  12. Robb Boyd

    Cynthia,I got your Q&A no problem but I don’t think I got your address yet? Send me an email!Robb

       0 likes

  13. nice articlethanx

       0 likes