Recently, our country was up in arms over the new airport security requirements imposed by the Transportation and Security Agency. Travelers complained that new full-body scanners and pat-downs at airport security checkpoints were inconvenient and invasive, and major concern ensued that objectors to the new regulations would cause significant delays over the Thanksgiving holiday — the busiest travel time of the year. Grassroots groups were encouraging travelers to either refrain from flying or opt out of full-body scans and choose the more time-consuming pat-downs as a protest. Despite all the hoopla, the Thanksgiving travel rush was not impacted by the new laws. In fact, a recent CBS poll revealed that 4 out of 5 people support the new security measures.
We as individuals like to whine about laws and regulations that keep us safe, and the same can be said for organizations. As Cisco security team members, we have heard our share of customers grumble about regulatory compliance requirements such as HIPAA, SOX, and most recently the Payment Card Industry (PCI) Data Security Standards (DSS). These regulations can be, at times, cumbersome to deal with. Yet, when asked in a recent Cisco-commissioned survey about their sentiments on PCI compliance, organizations were largely positive and on board with PCI.
Read More »
Tags: pci, pci-dss, security
This is the Forth part in the series “Missives from the Trenches.” (Here are the (first), (second), and(third) parts of the series.) In today’s blog post we will be discussing Cisco IOS Netflow. Netflow has an interesting position as being both the most useful and least used tool. When meeting with other companies I often ask them “do you use Netflow?” By asking this question I am actually asking several different questions--Do you care about the security of your site? Or do you have any hopes in managing/responding to events at your site? Answers to these questions unfortunately tend to be as follows: What is Netflow? The network guys use it but we don’t. I think we capture it somewhere but not really sure where -- and so on. I then mention that Netflow is free, they don’t have to buy anything to start using it, and it’s used for every large case we do. At that point they start looking angrily at the sales engineer asking why this is the first they are hearing about it. So what is Netflow and why does Cisco CSIRT say its critical to daily event management? Read on to find out!
Read More »
Tags: APT, CSIRT, security, TRAC
Have you ever watched a movie called “The Abyss?” Near the end of the movie there’s a scene that I think is particularly relevant to this post. Our hero has to go 17,000 feet under the sea to disarm a nuclear bomb (watch the movie and you’ll know how the bomb ended up there and why our hero has the unenviable task of disarming it). And when he gets to the bomb, he’s instructed to “cut the blue wire with a white stripe — not the black wire with a yellow stripe” in order to disable it.
Easy enough, right? The problem is that our hero is using a glow stick as a light source, and under its yellowish light he can’t accurately determine which wire is which; they both look exactly the same. So after a bit of indecision, preparing to cut one but changing his mind, he goes ahead and cuts a wire. Lucky for him, it was the right one.
While here at the Cisco PSIRT we do not have to deal with such explosive situations (well, maybe not in a physical sense), we do, however, think that making security decisions based on incomplete data is certainly not a good approach. And this is why our vulnerability disclosure process keeps evolving over time.
Read More »
Tags: psirt, security
This past weekend, Gawker Media began notifying more than 1.3 million users, across its variety of website properties, that their user databases and other information assets had been compromised. A complete dump of the user database was being distributed via BitTorrent, and a pastebin.com log of various details was posted (this has since been removed). As details emerge and are analyzed, it appears that the breach was a final act from a group that had gained fairly considerable access to Gawker Media, and had reviewed and extracted a great deal of information for at least a month. As we often do on the Cisco Security Blog, let’s take a look at how we could learn from others’ misfortune.
Read More »
Last week, an Internet Privacy Workshop was held at MIT, sponsored by IAB, W3C, MIT, and ISOC. About 60 people attended, including three of us from Cisco. In order to be invited to the workshop participants needed to write a short position paper on a topic relating to Internet Privacy. The position papers and the workshop covered a wide range of topics, and the papers are expected to be published in the near future. In the meanwhile, here is my submission, which ties closely to work being done in the identity field.
Read More »