Forensic analysis of IOS images can be a tricky science, due in part to the diversity in IOS image versions and branches. Between IOS 11 and IOS 12.4, over five thousand different images were built, a quarter of which belong to the 12.2 train. Some IOS trains are in more widespread use than others, just as some hardware platforms are more popular than others, but even when narrowing down by feature-set or hardware, there is a large diversity of images. There are however, some steps that can be taken, both while the IOS device is running, as well as offline, that can help determine the integrity of an IOS image.
Last year at the RSA security show, Cisco announced the SecureX security strategy. SecureX is designed to help organizations address security from a holistic perspective, rather than a siloed approach, using an integrated framework of innovative new security devices blended with the security-aware network. This approach allows organizations to truly address critical issues like BYOD and the consumerization of network enabled devices, the transition to virtualized data centers and cloud-based computing, the flood of data coming from social media sites and the use of new high-bandwidth services such as video collaboration, and the spread of sophisticated new attacks aimed at your organization’s soft spots. Cisco also announced powerful new tools to increase the reach and efficacy of security. The first was the addition of context awareness to security and network devices to add real granular control over users and devices. We also announced a powerful new policy-based solution, the Cisco Identity Services Engine, which allows organizations for the first time ever to truly take control of security policy creation, deployment, enforcement, and management. Next, we announced the broadening of our Security Intelligence Operations that allows us to fine tune our entire family of security solutions in real-time with actionable data gathered from hundreds of thousands of sensors located across the globe. Cisco SIO is now the largest threat telemetry service in the world. And in the year since that announcement we have continued to deliver innovative new devices and technologies designed to address security issues, from the endpoint, across the edge and branch, and out across the virtualized data center and cloud environments. So this year, at RSA 2012, Cisco will announce our plans to continue to drive innovation and revolutionize security through our SecureX strategy. For those of you heading out to this year’s event, here is a sneak peek at what you can expect:
Read More »
We are often asked by customers about how they can prevent traffic from a certain country (let’s say country X) from entering their network. The motivations for doing this could vary. Sometimes a company does not do business with all countries in the world; therefore, the company doesn’t need to be accessible from all countries. Other times it is an issue of trust and security, where an administrator may not want to allow country X to enter their infrastructure. Finally, there are cases where country X has often been incriminated with malicious activity, so an administrator may want to block country X when there is no need for the organization to interact with this country. In this document I present a methodology on how to write a tool that provides the configuration lines to block country X, using your IOS router or ASA/ASASM firewall.
Read More »
It’s that time of year again. The annual RSA security show brings together all the major security vendors under one roof for a week of training, announcements, and vendors hawking their latest wares. This year we can expect the usual cadre of legacy security vendors with their stand-alone, siloed products pretending that they now support clouds and mobile workers and BYOD. Booth babes, jugglers, magicians, and flashy giveaways will fill the exhibit halls while vendors play shell games with the security of customers, all adding a cacophony of noise to an already confusing situation.
Amidst all the hoopla and fanfare, however, Cisco Systems, the largest security vendor in the world, will be there with perhaps the only reasonable strategy for securing the networks organizations are creating today.
Last week it was reported in the media that two British tourists were detained at Los Angeles International Airport due to the threatening tone of messages on Twitter (“tweets”), as one of the two travelers had said that they were going to “destroy America” on their holiday. It turns out that either the U.S. Department of Homeland Security (DHS) noticed those tweets through their efforts to monitor social media, or, as has been suggested more recently, someone explicitly reported the tweets to DHS as a prank. The legal ramifications of this event are worthy of examination when we consider that this event contains elements of language (slang), location (whose laws apply based on where the alleged events took place), and intent — particularly if the prank allegation turns out to be true. Read More »