Inclusion of third-party software as part of a vendor’s own products has become a common method of reducing time from conception to product launch. As with all strategic decisions related to product development, the costs of including third party code are weighed against the benefits. In this post I’ll discuss how security considerations should be factored into this decision. These include who has worked on the code, the end-user, and the vendor using it. Who does the work (and how much does it cost)? Read More »
Cisco IOS Embedded Event Manager (EEM) is a technology that allows a Cisco IOS device to detect an event and perform an action. EEM links events and actions using EEM policies, which are manifested as either configuration-based EEM applets, or EEM scripts that exist as Tcl scripts on the Cisco IOS device.EEM has been successful in many ways; it is recognized as a powerful troubleshooting tool and as a great aid in detecting those hard-to-catch intermittent network issues. Perhaps less well known, however, is that the reactive capabilities of EEM lend themselves very well to the identification of security issues on Cisco IOS devices.Within the realm of security, EEM can be used to instrument the “un-instrumented”.For example, Cisco IOS XR Software contains a security feature known has Local Packet Transport Services (LPTS). Although widely heralded as a fantastic security feature, LPTS does not contain robust reporting capabilities. So while LPTS can be used to protect Cisco IOS XR devices from several types of denial of service attacks, it is impossible for an LPTS-enabled device to alert an administrator that an attack may be occurring. Enter EEM… Read More »
Cisco Security Intelligence Operations (SIO) is putting the finishing touches on a training session for Black Hat USA 2009. This training session, a first for Cisco, will help attendees gain an understanding of the types of recommendations we encourage every customer to implement. The abstract for the session reads:
Detecting & Mitigating Attacks Using Your Network Infrastructureby Randy Ivener, Joseph Karpenko, and Tim Sammut, CiscoThis course will detail how to leverage innate network functionality, such as routing protocols and NetFlow, to provide a full range of attack identification and mitigation capabilities. The course is organized around a proven six-phase approach to incident response, which moves from preparation through post mortem, and includes extensive demonstrations and hands-on lab work.
As indicated above, this session contains information on how organizations can use the functionality that already exists in their networks. Although we’ll discuss a few security products as well—such as Intrusion Prevention Systems and firewalls—the majority of the material is focused on helping organizations take advantage of their existing investment in Cisco products.These recommendations go beyond the obvious and well understood—things like use strong passwords and keeping your software up-to-date—to include underutilized functionality that can greatly enhance the security of network devices, such as Control Plane Policing and Unicast RPF. Read More »
Next week’s Cyber Risk Report (CRR) will cover the successful prosecution of a gang of Internet criminals by the United States Federal Trade Commission (FTC). Their scam was selling “scareware,” bogus computer security software, including “Antivirus XP 2008,” from 2003-2008. One of the co-defendants had in 2005 been ordered to pay Symantec 3.1 million dollars in compensation for selling pirated copies of its popular Norton brand. Last week, the first of the defendants in the case settled with the FTC for the entirety of his assets less legal fees, a sum amounting to $116,697, in lieu of a much larger judgement of 1.9 million dollars. The other defendants will have their days in court starting in July, barring any continuances.
The defendants used interactive advertisements that suggested that they had scanned a victim’s PC and found malware, tracking cookies and pornography that did not exist but that could be removed for $39.95. If the initial approach was unsuccessful, the rogue anti-virus software would alter search engine results to include false warnings of spyware infections and would display pop-ups to the user warning of data loss.
As discussed in the Cyber Risk Report (CRR) dated June 22--28, 2009, the recent crashes of Air France flight 447 and the Washington DC Metro Red Line commuter train have focused concerns over automated control systems, or computer-controlled systems. Preliminary findings in the ongoing investigations indicate that sensor systems malfunctioned or failed, and that the human interfaces of the systems either didn’t warn the air crew or train operator, or warned them too late. The preliminary investigations also indicate that the pilot disabled the autopilot and the train operator engaged the brake, but in both cases were unable to recover from their dire situation.Automated control systems are widely deployed and normally highly reliable. The systems are used to improve efficiency, reliability, productivity, and safety and security. They are used increasingly within homes, vehicles, manufacturing, financial trading systems, critical infrastructure and many other instances. Automated control systems range from systems used for fairly simple repetitive actions to highly complex systems that are capable of collecting and interpreting data from multiple sources and initiating actions with speed, accuracy and reliability levels not possible by humans. But these systems also include weaknesses that should be understood and considered by all users, operators, and managers of the systems. The critical fail-safe in nearly all of these systems is the human interface or management console, where information is presented to a human that can interact, correct, or take full control. Read More »