Cisco Blogs


Cisco Blog > Security

Real World DNS Abuse: Finding Common Ground

Prologue

The Domain Name System (DNS) is the protocol leveraged within the Internet´s distributed name and address database architecture. Originally implemented to make access to Internet-based resources human-friendly, DNS quickly became critical infrastructure in the intricate behind-the-scenes mechanics of the Internet, second only to routing in its importance. When DNS becomes inaccessible, the functionality of many common Internet-based applications such as e-mail, Web browsing, and e-commerce can be adversely affected—sometimes on a wide scale. This short blog post will explore some real-world examples of DNS abuse. I would like to welcome and thank Andrae Middleton for joining me as a co-author and presenting his expertise on this article.

There are a few different types of DNS attacks: cache poisoning, hijacking attacks, and denial of service (DoS) attacks (which primarily include reflection and amplification). In the news as of late are widespread and focused DoS attacks. Cisco Security Intelligence Operations (SIO), with its distributed sensors, is able observe and measure various aspects of the global DNS infrastructure. What follows are two vignettes detailing recent Internet DNS DoS attacks against the Internet’s DNS infrastructure. We will see that, though the attacks are different, the results are similar and the countermeasures and mitigations are the same.

Read More »

Tags: , , ,

The Day I Lost My Mobile with Sensitive Corporate Data

November 26, 2012 at 8:18 am PST

It was a dark, cold, and scary night when I returned from dinner with friends and noticed that my mobile phone was missing. It had corporate sensitive data such as emails, calendar events, and documents, as well as personal data (including pictures, videos and other documents). Well, let me be honest with you, I didn’t really lose my phone. However, many cell phones, tablets, and other gadgets are lost or stolen on a daily basis. The problem of stolen mobile devices is huge. According to a report from the Federal Communications Commission (FCC) earlier this year, about 40 percent of robberies in Washington, D.C., New York, and other major cities now involve mobile devices. The FCC has teamed up with the nation’s top wireless carriers, including AT&T, Verizon, T-Mobile, and Sprint, to develop a database of stolen mobile devices.

Allowing employees to access corporate email, critical business applications and data makes workers more productive and effective. Finding just the right balance when allowing easy access to the applications that users need to be more productive, while maintaining the integrity and security of enterprise resources, will give your organization a competitive advantage.

Stolen and lost devices are among the many challenges of mobile device security.

Read More »

Tags: , , , , ,

Live Broadcast: John N. Stewart to Discuss Cyber Security for the Holiday Season

The National Retail Federation predicts that Holiday Shopping this year will grow to $586.1 billion, with a record percentage of those purchases occurring online and from mobile devices.

As more shoppers make purchases online and on their mobile devices, Cyber Monday is fast becoming Mobile Monday, opening up a variety of new threats and challenges for shoppers. And even after the shopping is done, consumers need to take care when they open their presents and turn on new devices for the first time, and know what to expect when they bring their purchases to work or school in early January.

Join us on Wednesday, Nov. 28 at 10:00 AM PT for a live discussion with John N. Stewart, SVP and Chief Security Officer of Global Government and Corporate Security at Cisco. John will address topics ranging from how to stay safe while shopping online, tips for securely setting up gifts you receive, and how to safely bring new devices into work and school in the new year.

Read More »

Tags: , , , ,

November 20th Webinar: Protecting Industrial Control Systems Using Cisco IPS

We invite you to join us for a webinar scheduled for 20 November 2012 where we’ll discuss how to protect Industrial Control Systems using Cisco Intrusion Prevention Systems (IPS).

Industrial control systems is the term used to identify several types of control systems, including supervisory control and data acquisition (SCADA) systems, process control systems (PCSs), and other smaller control system types, such as programmable logic controllers (PLCs), used in critical infrastructure such as power plants, oil and gas pipelines, electrical power distribution, and manufacturing facilities.

Historically these control systems were kept separate from the corporate network.  Because of this isolation they were traditionally difficult to break into because of their separation for health and safety reasons.

More recently, control systems may be running Windows or Linux, using the Internet Protocol (IP) to communicate, giving direct access to SCADA networks via the Internet. Wireless and Bluetooth capabilities allow remote management and diagnosis. These connections to the outside create a massive challenge from a security perspective for the following reasons:

Read More »

Tags: , , ,

AnyConnect 3.0 for Android Product Announcement

Following up on my last note about BYOD at Cisco, I wanted to update you on the latest numbers here at Cisco. As Sheila Jordan had pointed out here, we have surpassed the 20% tablet penetration among our workforce and mobile devices continue to grow at a rate of 1,000 each month. I highly recommend you doing a quick read on her six steps of approaching device deluge. Meanwhile, the latest IDC report (Aug 8, 2012) reaffirms the 2-horse race in the smartphone world. Android and iOS powered 85% of all smartphones shipped in the second quarter of 2012 (2Q2012).

Maintaining our market leadership in supporting the broadest set of Operating Systems (desktop and mobile) and Web Browsers, Cisco Security is excited to announce the availability of AnyConnect 3.0 for Android (Download here). As in the past, we have worked with the market leading Android device makers along with supporting the Android VPN Framework (AVF) to ensure the latest AnyConnect functionality. These new features are now available on any Android device running on version 4.0 (Ice Cream Sandwich) or higher (including Jelly Bean).

SOME KEY FEATURES OF ANYCONNECT 3.0 FOR ANDROID:

  • Intel Android (IA): The Android VPN Framework (AVF) image is now compatible with x86 Intel Android devices.
  • IPsec IKEv2: AnyConnect users can connect via IPsec IKEv2 connections to their corporate Cisco ASA in addition to SSL (TLS or DTLS). (Requires ASA 9.0+)
  • Suite B Cryptography: AnyConnect users who need NSA’s recommended Suite B Cryptography will be now able to do so from their mobile devices. (Requires ASA 9.0 and AnyConnect Premium Licenses.)
  • Untrusted Certificate Warnings: Reduces Man-in-the-Middle attack risk by rejecting untrusted certificates by default and requiring end-users to acknowledge risks before connecting to a gateway with an untrusted certificate.
  • SCEP Proxy: AnyConnect users can enroll their mobile device with an internal Certificate Authority (CA) Server, using SCEP without opening up the CA Server directly to external threats. (To embed the identity of the mobile endpoint in the certificate request, Mobile Host Scan must be utilized, which is an AnyConnect Premium License feature).
  • FIPS 140-2 Compliant: AnyConnect users now have access to the latest FIPS 140-2 cryptographic compliant module to meet industry compliance/mandates.

Read More »

Tags: , , , , ,