Cisco Security Intelligence Operations is tracking reports of ongoing exploitation of a vulnerability in the popular web application framework Ruby on Rails that creates a Linux-based botnet. The vulnerability dates back to January 2013 and affects Ruby on Rails versions prior to 3.2.11, 3.1.10, 3.0.19, and 2.3.15. Cisco Security Intelligence Operations’ has previously published an analysis of CVE-2013-0156. Cisco is receiving reports of attempted infection from Cisco IPS customers participating in Global Correlation.
Connected devices are spreading like kudzu on the Carolina roadside. Cisco Identity Services Engine (ISE) is a great way to manage the devices on your network and with implementing some best practices, I can say you will save time. Below are 7 ideas that will help:
1. Find an Executive Sponsor.
Security policies can now be supported at a network level using ISE. Official IT policies around accessing information based on BYOD were often circumvented. But now with ISE, we’ve been able to implement policies that provide the right access, but can’t be circumvented. This makes it more important than ever that you have executive-level sponsorship. Truth be told, which IT project wouldn’t benefit from the executive backing? My first experience with an executive sponsor was with an excellent CIO who resembled Pope Francis and spoke like a wicked good Bostonian. He tasked me with pursuing business groups and obtaining feedback on IT process changes. The CIO called me his “Man in Havana”. My coworkers lovingly changed it to “Cabana boy” because we made fun of each other at every opportunity. The point is, busy manufacturing and software development directors found time for my questions and follow-up meetings because an executive was driving the effort.
On Tuesday May 28, 2013 at 17:30 UTC a massive pharmaceutical-based spam campaign began, using the Subject: header “Only 24 Hours Left to Shop!”. Cisco witnessed volume rates peaking as high as 8 out of every 10 spam messages being sent. The indiscriminate nature of the attack’s recipients suggests that most anti-spam vendors, including Cisco, will have blocked this attack very quickly.
This may seem to some a rhetorical question, right? It’s in the name! A guide that describes the design and implementation of a system or solution. That seems simple enough. Cisco Design and Implementation Guides (DIGs) can be found in the Cisco Design Zone. Many of these designs are Cisco Validated Designs (CVDs) that include internal or external testing, some are reference designs, and some are visionary architectures or best practices documented by experienced engineers.
As a Network Architect, I came to Cisco to develop CVDs and accelerate business solutions beyond just the “marketecture” vision. I wanted to prove how products and systems can be used to create end-to-end solutions that work better together, more than just the sum of their parts, solving real-world business problems.
The HIPAA Omnibus Final Rule, released January 2013, greatly expands the number of organizations that must comply with HIPAA beyond the known ‘Covered Entities.’
The Final Rule expands the definition of a Business Associate to include an organization that ‘creates, receives, transmits or maintains’ PHI. Adding the term ‘maintains’ into the definition makes a big difference and will include a lot more businesses than before. The Department of Health and Human Services (HHS) estimates that 250,000 – 500,000 additional entities will be considered a Business Associate and therefore must comply with HIPAA. Read More »