Update 2013-11-12: Watch our youtube discussion
Update 2013-11-05: Upon further examination of the traffic we can confirm that a large percentage is destined for TCP port 445. This is indicative of someone looking for nodes running SMB/DCERPC. With that in mind it is extremely likely someone is looking for vulnerable windows machines or it is quite possible that the “soon to be” attackers are looking for boxes compromised by a specific malware variant.
On 2013-11-02 at 01:00 UTC Cisco saw a massive spike in TCP source port zero traffic for three hours. This was the largest spike of reconnaissance activity we’ve seen this year. TCP source port zero is a reserved port according to the RFC and it should not be used. Customers who see port zero activity on their network should consider the traffic suspicious and investigate the source.
This graph displays the magnitude of the number of sensors logging this activity. Normally we see a magnitude of less than 20, this increased five fold on 2013-11-02. There was also an associated massive increase in the volume of traffic observed by signature 24199-0.
Read More »
Tags: IPS, security, security research, TRAC
Let’s examine and consider mobile devices in education. Students need to become more tech savvy to compete in today’s economy, and mobile devices offer supplemental learning and a new style to learn. A recent report noted that educators see great potential in mobile technology for transforming learning. The most commonly expected and desired benefits are that mobile technology is engaging for students (62 percent of respondents) and that the devices can be used to personalize instruction to meet the needs of different students. There is no question educational institutions need to seize this mobility trend for better learning and to ensure our next generation is tech savvy.
Does your child’s school provide mobile devices for their learning or does it require your child to bring their own mobile device? I know in my case, my son’s school has a bring your own device (BYOD) policy. Yet some schools, whether higher education or primary or secondary schools, have made the decision to buy mobile devices for their student population. According to the Wall Street Journal, the Los Angeles Unified School District, the second largest district in the United States, headed down this path to offer all students and teachers Apple iPads — only to find some challenges like unseen costs, secure access issues, and unclear policies. Others, like Bucks County School District in Pennsylvania and McAllen School District in Texas, have enjoyed the benefits of providing mobile device usage (whether BYOD or school sanctioned) in a simple and secure manner in the education environment by leveraging Cisco infrastructure.
The use of mobile devices by young children, whether it be for education or entertainment, has soared. A new report from Common Sense Media, a child-advocacy group based in San Francisco, found that 17 percent of children 8 and younger use mobile devices daily, up from 8 percent in 2011. I am guessing that education and entertainment will continue to drive this number each year. What is your opinion on schools using mobile devices? Is this the shiny new penny to improve our education systems? And as an IT professional, what is your experience with the mobility and secure access considerations?
Tags: byod, education, mobility
CSIRT, I have a project for you. We have a big network and we’re definitely getting hacked constantly. Your group needs to develop and implement security monitoring to get our malware and hacking problem under control.
If you’ve been a security engineer for more than a few years, no doubt you’ve received a directive similar to this. If you’re anything like me, your mind probably races a mile a minute thinking of all of the cool detection techniques you’re going to develop and all of the awesome things you’re going to find.
I know, I’ll take the set of all hosts in our web proxy logs doing periodic POSTs and intersect that with…
You shouldn’t leap before you look into a project like this. Read More »
Tags: CSIRT, csirt-playbook, incident response, infosec, logging, logs, playbook, security, SIEM
Is it the end of October already? As has been true for centuries, there is a tradition for children to wear costumes and disguise themselves while going door to door with a simple question: “Trick or treat?” While I am not sure there is a coincidence, but having National Cyber Security Awareness Month (NCSAM) end on a day characterized by pranks, false identifications and the like seems appropriate. And what scary stories we had to tell!
Read More »
Tags: byod, cloud, cryptography, dns, ncsam-2013, patch, security
Stop-think-connect is not only for kids. Everyone, including nerds like me and network and security professionals, should pay more attention before connecting any device to the Internet. Routers (wireless and wired), industrial control systems, video surveillance cameras, fire alarm systems, traffic cameras, home and building automation systems, and many other devices are being connected to the Internet every single day, wide open. If you don’t believe me do a quick search on SHODAN.
Read More »
Tags: NCSAM, ncsam-2013, SCADA, Security Threats, shodan, threat landscape