Cisco Blogs

Cisco Blog > Security

Cisco PSIRT – Notice about public exploitation of the Cisco ASA Clientless SSL VPN Portal Customization Integrity Vulnerability

Cisco PSIRT is aware of public exploitation of the Cisco ASA Clientless SSL VPN Portal Customization Integrity Vulnerability identified by Cisco bug ID CSCup36829 (registered customers only) and CVE ID CVE-2014-3393. This vulnerability was disclosed on the 8th of October 2014 in the Cisco Security Advisory: Multiple Vulnerabilities in Cisco ASA Software.

All customers that have customizations applied to their Clientless SSL VPN portal and regardless of the Cisco ASA Software release in use should review the security advisory and this blog post for additional remediation actions.

NOTE: The Cisco Security Advisory: Multiple Vulnerabilities in Cisco ASA Software should be used as the Single Source of Truth (SSoT) for all details of this vulnerability and for any revisions of information going forward. Read More »

Tags: , , , ,

Cisco ASA with FirePOWER Services – How to get infected

On October 7, 2013 Cisco completed the acquisition of Sourcefire. At that time, I recognized this via Twitter and checked out the products on their website. I was excited to see the FirePOWER in action together with a Cisco ASA.

I had a good possibility to join the “ASA with FirePower Services” Workshop in Munich directly at Cisco. A big part of this Training was a Hands-on Lab, where the FirePOWER “Virus” infected me. I was thrilled, about the Cisco ASA with FirePOWER Services and the FireSIGHT Management Center.

This intelligent cyber security solution covers gaps in traditional security solutions. The threat-focused next-generation firewall provides next-generation security capabilities:

Application Visibility and Control (AVC)

Over 3000 Application-Layer and Riskbased controls, that works closely with the IPS to optimize the security.

Next-Generation IPS (NGIPS)

Visibility to detect multivector threats to streamline and automate defense response, Superior threat prevention and mitigation for both known and unknown threats

URL Filtering, and Advanced Malware Protection (AMP)

The comprehensive malware-defeating solution can enable malware detection and blocking, continuous analysis, and retrospective alerting.

Cisco ASA1 Read More »

Tags: , , , , , , , , , , , ,

ASA now with FirePower Services?

ASA and SourceFire

ASA and SourceFire

Traditional network security solutions have been built from disparate point technologies that create gaps in traditional defenses that sophisticated attackers exploit. With an integrated approach, organizations gain the full contextual awareness and dynamic controls necessary to automatically assess all threats, correlate intelligence, and optimize defenses to protect modern enterprise networks. An integrated threat defense also considers both network and endpoint perspective across the extended enterprise. Contrast this with point solutions that lack the visibility needed to spot multi-vector threats and to see what users, applications, content and devices are on the network and what each are doing.

 – Watch the Entire Show Right Now – 

In today’s dynamic network environment, point solutions lack the visibility and control required to implement effective security policy to accelerate threat detection and response. In addition, disparate solutions add to capital and operating costs and administrative complexity. They also result in higher implementation costs to integrate with the existing IT environment, work stream, and network fabric.  By integrating defense layers, organizations can enhance visibility, enable dynamic controls, and provide advanced threat protection that address the entire attack continuum – before, during, and after an attack

Cisco ASA with FirePOWER Services is a new, adaptive, threat-focused next-generation firewall that delivers superior, multi-layered protection, improves visibility, and reduces security costs and complexity. It provides integrated threat defense for the entire attack continuum by combining proven ASA firewall skills with industry- leading Sourcefire next-generation IPS and advanced malware protection.

But haven’t we heard this all before? 


Tags: , , , , ,

Cisco Features you should be using

I know more than once now the Cisco ISR/ISR-G2’s Series have been dubbed as the ‘Swiss Army Knife’ of networking devices, simply due to the amount of flexibility & the number of technologies available to you when deploying these devices. Luckily for us, these devices provide even more features available to us to assist with troubleshooting and maintaining the overall health of the network. What is even better is that many of these useful troubleshooting features exist on many of the other product families not just ISR/ISR-G2’s. I’ve had the pleasure to work on networks all around the world for some decent size companies so I wanted to kick off this list with what I consider to be the most useful tools built-in to Cisco devices that are not very well known out there.

1. Embedded Packet Capture (EPC) – There is no doubt about it, but the ability to perform a packet capture at key points throughout the network can make troubleshooting particular issues that much easier. Luckily this feature exists on many different devices:

1. ISR G2’s – Even the older ISR’s have this ability
2. ASA Firewalls
3. IOS-XE devices – From the powerful ASR’s to the newer Catalyst 3850
4. NX-OS devices – Granted on NX-OS you can capture packets that are process switched, there is an easy way around this by creating an Access-list to match the traffic you want to capture.
5. Even in Cisco UCS we can configure a traffic monitoring policy to capture traffic directly from particular servers and capture directly off the Fabric Interconnects. *This is more of a SPAN-type session than Embedded Packet Capture. Read More »

Tags: , , , , ,

Evolving the Next-Generation Firewall: The Importance of Being Platform-Based

Why is platform-based a key imperative for next-generation firewalls (NGFWs)? In our previous blog posts, we outlined what it means to be threat-centric, integrating best-in-class security layers with shared intelligence across all layers to combat advanced multi-vector threats.

Multiple point products create considerable management complexity and cost for IT staff who are under tremendous pressure to efficiently manage IT environments, keep operational costs low, and maintain the best defenses to keep pace with the dynamic threat landscape.

To protect extended networks, the idea of being platform-based entails delivering a more effective yet simplified architecture with fewer security devices to manage and deploy. Unifying security layers in a single device not only closes gaps that attackers exploit but this architecture also reduces cost and complexity in a number of ways.

Read More »

Tags: , , , ,