Earlier today Microsoft published their Security Bulletins for March 2010. The availability of patches mark the beginning of a flurry of activity for IT organizations everywhere. In the video below, I summarize this month’s bulletins:
In addition to those bulletins, Microsoft also published Microsoft Security Advisory 981374. This advisory addresses a vulnerability in Internet Explorer which could be exploited to execute artibrary code.
Each month Cisco Security Intelligence Operations (SIO) produces intelligence around Microsoft’s Security Bulletin Release and I thought that I would provide an overview of what is available. Although I am highlighting this information in the context of Microsoft Tuesday, note that Cisco SIO produces similar collateral for other security relevant events from a variety of vendors as well as the open source community.
In this post we will be building on the ideas covered in my previous post, Whales and IDS, and discussing how striving for the possible, not the perfect, is a valuable direction to take; not just with IPS, but with management and monitoring alerts from IDS too.
At Cisco, my team (Cisco CSIRT) is responsible for investigations into any cyber attacks against Cisco.com. Back when we first deployed IDS, we found that hundreds of IPs from all over the world were attacking us all the time. Right now there are probably 100 different sources port-scanning, probing our web infrastructure, looking for a way in. An IPS would detect these attacks, but we have a relatively small team and we can’t act on everything, so we really have to make sure we DO act on the important stuff. In the Cisco.com environment, we get over a million inbound attacks every day. Very rarely do the attacks have any level of success, and no one can physically examine that many legitimate (but unsuccessful) attacks. Yes, examining each and every one of those attempts would be perfect, just not feasible. But we haven’t let the ideal get in the way of the possible. I’ll give you an example of how we used this line of thinking to improve the security of the site.
A few weeks back ReadWriteWeb (RWW) published a short posting about a deal between AOL and Facebook to integrate Facebook chat with AOL Instant Messenger. RWW went on to discuss its opinion that Facebook was interested in becoming the social networking destination for users, and to prevent mass emigrations that previously struck MySpace and Friendster. In describing this, RWW used the term “one true login”, which would eventually lead to Google giving this blog post a very high position for anyone searching “Facebook login”, and in turn would lead to many confused users trying to login to RWW to get to Facebook. Exasperated Facebook users posted many comments like the following:
The new Facebook sucks> NOW LET ME IN
please give me back the old facebook login this is crazy……………..
We depend on the Internet for news, for staying in touch with family and friends, for banking, and for entertainment. Healthcare, electrical power systems, video communications, self-service customer experience and collaboration are some of the emerging capabilities enabled by the Internet, and it’s pretty safe to say that other new capabilities will emerge in our lifetime. What we must protect and ensure is our confidence and trust in these services.
With end-to-end trust, we can have increased confidence and conviction that the hardware, software, operating systems, and network—even the data and the people online using these systems—are as safe and secure as possible. Greater collaboration is a true benefit of a trusted Internet. It enables us to communicate, interact, work, and play—essentially, get closer to those we want to get closer to, while keeping away those we don’t want near—as we conduct business and our lives.
If you’re in the information security biz, almost all your colleagues are probably converging in San Francisco today for the opening day of the RSA Security Conference. Cisco is there too. And today we had exciting news of our own, including the introduction of the Secure Borderless Network, the new Cisco AnyConnect Secure Mobility solution and the expansion of Cisco TrustSec.