Cisco’s One Platform Kit (onePK) is a fantastic toolkit for building custom applications that interact with your Cisco routers and switches. Using onePK, you can build automation directly into the network and extend all sorts of functionality using Cisco devices. The first in a three-part blog series, this article will introduce onePK to the reader, explain what it is, how it can be useful, and will show how to configure onePK on a router. The second and third installments will walk the reader through a simple security-relevant application using the C API. Important to note is that we’ll be covering the 0.6.0 version of onePK features and service sets. At the time of this writing, the toolkit is still in Controlled Availability and as such, is still in active development, and the API could change before it is released into General Availability. However, even in the face of API evolutionism, this article will provide you with a solid jumping-off point for your plunge into the wondrous world of onePK.
OK, Just What is onePK?
OnePK is a Cisco IOS Software feature and a set of programming libraries enabling an application programmer to build powerful applications that tightly integrate and interact with Cisco devices. onePK is available to you via a well-documented and unified API, currently offered in C and Java with Python in active development. It is currently in pre-release and is available only on request. Details on how to obtain onePK are provided below. Read More »
Tags: Cisco, cisco ios, Cisco Security, cisco sio, IOS, One Platform Kit, onePK, secure software, security
We’re seeing reports of exploitation of this vulnerability. We can confirm Global Correlation – Network Participation telemetry is seeing multiple exploitation attempts across many customers. Customers who participate in Global Correlation – Inspection have a higher chance of this signature blocking in the default configuration since the sensor will take the reputation of an attacker into account during the risk rating evaluation. One of the reports mentioned the use of an IRC-based botnet as a payload for a large number of compromised machines. Since this report is similar to one I previously blogged about, I examined the IRC payloads in depth. Many of the variable names and functions are identical, with the new bot’s source code indicating that it is a later revision of the one we saw previously. Additional features have been added in this revision, which can allow the bots to transfer files directly to other bots via the command and control channel. Given the nature of this vulnerability and the ease of exploitation, it is very likely that unpatched machines will continue to be compromised if not remediated.
A 0-day vulnerability has been publicly posted which affects older versions of the Parallels Plesk software. The author of the exploit included an informational text file, which appears to indicate public servers have already been exploited. This vulnerability does not affect the latest major version of the software; nevertheless we expect to see widespread exploitation, due to the age of the affected versions — sites still running these versions of Plesk, which should enter End of Life of June 9, are unlikely to be regularly maintained.
Read More »
Tags: 0-day, exploits, malware, security, TRAC
Cisco Security Intelligence Operations is tracking reports of ongoing exploitation of a vulnerability in the popular web application framework Ruby on Rails that creates a Linux-based botnet. The vulnerability dates back to January 2013 and affects Ruby on Rails versions prior to 3.2.11, 3.1.10, 3.0.19, and 2.3.15. Cisco Security Intelligence Operations’ has previously published an analysis of CVE-2013-0156. Cisco is receiving reports of attempted infection from Cisco IPS customers participating in Global Correlation.
Read More »
Tags: botnet, data center, esa, ioc, IPS, Linux, malware, netflow, ruby on rails, TRAC, wsa
Connected devices are spreading like kudzu on the Carolina roadside. Cisco Identity Services Engine (ISE) is a great way to manage the devices on your network and with implementing some best practices, I can say you will save time. Below are 7 ideas that will help:
1. Find an Executive Sponsor.
Security policies can now be supported at a network level using ISE. Official IT policies around accessing information based on BYOD were often circumvented. But now with ISE, we’ve been able to implement policies that provide the right access, but can’t be circumvented. This makes it more important than ever that you have executive-level sponsorship. Truth be told, which IT project wouldn’t benefit from the executive backing? My first experience with an executive sponsor was with an excellent CIO who resembled Pope Francis and spoke like a wicked good Bostonian. He tasked me with pursuing business groups and obtaining feedback on IT process changes. The CIO called me his “Man in Havana”. My coworkers lovingly changed it to “Cabana boy” because we made fun of each other at every opportunity. The point is, busy manufacturing and software development directors found time for my questions and follow-up meetings because an executive was driving the effort.
Read More »
Tags: byod, ISE, security, security policy, wifi
On Tuesday May 28, 2013 at 17:30 UTC a massive pharmaceutical-based spam campaign began, using the Subject: header “Only 24 Hours Left to Shop!”. Cisco witnessed volume rates peaking as high as 8 out of every 10 spam messages being sent. The indiscriminate nature of the attack’s recipients suggests that most anti-spam vendors, including Cisco, will have blocked this attack very quickly.
Read More »
Tags: security, spam, TRAC