In this post you will learn about some of the design decisions behind the 1.1 release of the Common Vulnerability Reporting Framework (CVRF). Particular attention is paid to explaining some of the required elements and the Product Tree. After those tasty tidbits, we will convert a recent Cisco security advisory into a well-formed and valid CVRF document. To close, you are treated to some of the items on the docket for future versions of CVRF. It bears mentioning that this paper is not meant to be an exhaustive explanation of the CVRF schemata. It is a rather capricious, if somewhat disorganized look at some outliers that aren’t fully explained elsewhere. It is assumed the reader has a working knowledge of the Common Vulnerability Reporting Framework and of XML.
This past weekend was Mother’s Day here in the United States, and being a mother of two high-tech savvy teenage children, I pondered what my kids has in store for me. I was surprised with the latest iPad! Eventually, I started asking myself: would Cisco allow me to use it for work?
Luckily, Cisco has a BYOD policy in place and a long-term vision for an Any Device, empowering our employees to use the device they want to be productive. For other working mothers who may have also gotten a new iPad or mobile device for Mother’s Day, what does your company say about using this new personal device? Will you “Lock It Up or Free It Up”? (a notion introduce at RSA conference this year). How will IT department respond to this request?
One of the biggest concerns folks have for BYOD is security. Just this past week, Cisco was showcasing our Secure BYOD solution at Interop, with the TechWiseTV folks sitting down with my colleague Bill McGee to help you answer the call of mobile devices on your corporate network. Take a look at the video for yourself, but blurring the lines between personal and corporate device doesn’t pose such a security challenge anymore. Related to this topic, we are holding a webcast May 16th focused on the Network Built for the Mobile Experience. You can join our CTO and SVP, Padmasree Warrior, along with stories from British Telecom and Eagle Investment on how they are transforming their workplace, and allowing their employees to work “Your Way” without compromising the business. For more details click here, and for those who want to continue this conversation--
Working Mothers: I would like to hear from you -- did you get that new mobile device this Mother’s Day or do you already have a neat personal device -- Do you bring it into work? Do you share it with your family?
IT departments: What is your BYOD policy is, and are you busy provisioning all those new mobile devices from this past weekend?
Protecting data, resources, and assets, including audio-video (A/V) content and communications no matter where it resides or travels on Cisco-powered networks can be a daunting undertaking to say the least. People ultimately are responsible for making this happen. With this thought in mind, here are a few questions that frequently challenge someone with this type of responsibility:
How can one ensure that the confidentiality, integrity, and availability of the core network keeps pace with the introduction of new technologies, while managing the continuous stream of disclosures on existing product vulnerabilities and emerging threats?
What preemptive or corrective actions can one take to mitigate or remediate known or potential weaknesses in your network operations?
What trusted informational resources are available that we can apply in the design, operation and optimization of a secure network, and where can this information be found?
This article provides personal insight into a specialized role residing within Cisco’s Applied Intelligence team, a team which was highlighted in the Network World feature article (page 3), “Inside Cisco Security Intelligence Operations.” The role is that of the Security Intelligence Engineer (SIE), a role which focuses on researching and producing actionable intelligence, vulnerability analysis, and threat validation that typically leads to providing answers and solutions to the challenges posed by these questions.
As part of CSIRT’s mobile monitoring offering for special events, we undertook monitoring of the corporate and customer traffic of the Cisco House at the London 2012 Olympics. This engagement presents us with an excellent opportunity to showcase Cisco technology, while keeping a close watch on potential network security threats. CSIRT monitoring for this event will be active for the entire life-span of the Cisco House, from two months before the Olympics, until two months after.
For the London 2012 engagement, we shipped our gear in a 14RU military-grade rack that is containerized: made for shipping. Inside the mobile monitoring rack we have an assortment of Cisco kit and third-party kit that mirrors the monitoring we do internally:
Catalyst 3750 to fan out traffic to all the other devices
FireEye for advanced malware detection
Two Cisco IronPort WSA devices for web traffic filtering based on reputation
Cisco UCS box where we run multiple VMs
Lancope StealthWatch collector for NetFlow data
and a Cisco 4255 IDS for intrusion detection
We mirror the signatures that we have deployed internally at Cisco out to these remote locations. Depending on the environment where the mobile monitoring rack is deployed, we may also do some custom tuning. The kit in the mobile monitoring rack can do intrusion detection, advanced malware detection, and collect and parse NetFlow and log data for investigation purposes. The Cisco UCS rack server also helps us have several VMs, allowing us to run multiple tools that complement the other devices in the rack. For example, we run a Splunk instance on a VM to collect the logs generated by all the services. The data from the gear in the mobile monitoring rack is analyzed by our team of analysts and investigators, to eliminate false positives, conduct mitigation and remediation, and finally produce an incident report if required.
Security professionals are planners by nature. Our industry expects planning, legal and standards compliance requires it, and we drive ourselves toward it. However, the best plans fall out of date quickly. And as the adage commonly paraphrased as “no plan survives contact with the enemy” states, even properly maintained, up-to-date, and well-thought-out plans may fall apart during an incident.
What’s the remedy? We certainly shouldn’t throw out our plans. Instead, we should test and adjust our plans so that when the real enemy shows up, we might have a plan that survives, at least from a broad perspective. In short: security professional, hack thyself! Read More »