Cisco Blogs


Cisco Blog > Security

SPAN Packet Duplication: Problem and Solution

In the spirit of National Cyber Security Awareness Month (NCSAM) I offer up a recent tale of intrigue and mystery from an ongoing Cisco Security Research project…

Prologue

One of Cisco Security Research and Operation’s ongoing projects is to oversee a massive infrastructure of several high-volume Internet POPs that send large amounts of network traffic into one of our research labs. We are collecting NetFlow and packet dumps from a geographically distributed sensor network. These pcap files each contain several million packets, but due to a configuration error in the packet capture process, there was some amount of packet duplication. This short blog article will talk about why the duplication happened, how we prevented it from reoccurring, and a unique solution that was employed to remove the duplicate packets from all of the affected pcap files. Read More »

Tags: , ,

Distributed Denial of Service Attacks on Financial Institutions: A Cisco Security Intelligence Operations Perspective

The past few weeks have had many on heightened alert from the initial threats to the ongoing attacks surrounding U.S.-based financial institutions; to say folks have been busy would be quite the understatement.

These events spawned a collaborative effort throughout the Cisco Security Intelligence Operations (Cisco SIO) organization, as depicted in the diagram below.

 

* Note: As Cisco products have not been found to be vulnerable to these attacks the Cisco PSIRT (Product Security Incident Response Team) provides feedback and peer-review, hence the reason that no Cisco Security Advisory (SA) is present for this activity.

Read More »

Tags: , , , , , , , , ,

Does the challenge of PCI compliance compare with summiting Mt. Everest?

Having attended the annual North American PCI Community Meeting for many years and being involved with PCI compliance since 2008, I’ve heard firsthand the challenges merchants face in their quest for PCI compliance (see Blog: Compliance Headaches Continue).  However, thinking back to the PCI Community Meeting last week in Orlando, I was intrigued by how this year’s keynote speaker fit into the program.  How could an extreme adventurer, such as Jamie Clarke, rather than a hacker or data breach expert provide the necessary perspective on compliance?  As I attended sessions and networked with over a thousand of my peers from 17 countries, it dawned on me:  The collective PCI state of mind is reflective of the maturity of the journey and a fresh optimism emerges as we near the top of the mountain after a very long and arduous journey.

Here are some of the highlights from this year’s meeting.

  • PCI SSC General Manager Bob Russo presented the annual PCI State of the Industry. The PCI standards continue to mature and merchants are increasing the focus to protect cardholder data.  The overall tone was more about ‘tweak’ than change.
  • The opportunity for training from the PCI Council continues to increase with several new programs including a Qualified Integrators and Resellers (QIR) program and a Payment Card Industry Professional (PCIP) certification.
  • The Special Interest Groups (SIGs) are going strong, which again speaks to the maturity of the standard.  We are seeing ongoing clarity, rather than new initiatives.  The SIGs leverage valuable business and technical experiences from PCI Participating Organizations (POs).  Over 460 POs were in attendance.  Our key candidates for the 2013 SIGs are Cardholder Data Discovery and Guidance on Logging.  However, there are 7 candidates up for voting.
  • Spider Labs presented an overview of mobile device security and reviewed several mobile attack scenarios. The PCI Council has released new guidance on secure mobile payment acceptance.
  • Updates to the Council’s Point-to-Point Encryption (P2PE) program are available.
  • Feedback on the PCI standards was discussed in preparation for the next releases in 2013.

Read More »

Tags: , , , ,

NCSAM: Diversity, Consistency, and Security Intelligence

The security community at Cisco is very diverse. It extends beyond the typical researcher or analyst roles to include customer-facing engineers and marketing, public relations, and legal teams. The community is comprised of individuals with greatly varied backgrounds, skill sets, and charters and contains a wealth of knowledge on just about any topic. This diversity allows Cisco Security Intelligence Operations to understand and react appropriately to today’s threats as well as those that we may face in the future.

If we think about security intelligence—which I define as raw information enhanced through correlation, processing or perspective—having an established variety of inputs is key. Our people are certainly one of those inputs.

The trick, however, is utilizing that diversity in such a way that you can create consistent and predictable outputs that can be easily absorbed and acted on.

Read More »

Tags: , , ,

One Small Step…

More and more, we ask technology to play critical roles in our businesses, and our lives.  Pondering that for a moment, that dependance (versus use), requires careful thought on how much we trust that the technology is working as we want it, only as we want it, and nothing more.  For many businesses or governments, testing via FIPS or Common Criteria increases that confidence level, combined with detailed operational plans to ensure running the services after they are installed is going correctly. For many technology vendors, innovation and commitment, can help here.

Our commitment at Cisco, and our innovation, for trustworthiness have never been stronger than they are today.  Nearly 5 years ago, we started down a road which ultimately led to Cisco’s Secure Development Lifecycle (CSDL), and in our most recent FY12 SEC 10-K, acknowledged that work, our secure supply chain work, and our innovation efforts for Secure Boot and Anti-Tamper.  For reference, that 10K, or 2012 Annual Report, is posted here: http://investor.cisco.com/

We foresaw the need for trustworthiness by listening to our customers, and we started early.  Early results are in, and we’ve both reduced externally found security flaws, as well as increased the resiliency for multiple products anti-tamper.  Have we done it on every product? Not yet, although rest assured, that’s exactly where we are going. I’ll keep you posted.

Tags: , , , , , , ,