Cisco Blogs


Cisco Blog > Security

Cisco Hosting Amsterdam 2014 FIRST Technical Colloquium

The registration is now open and there is still time left to respond to the call for papers for the upcoming FIRST Technical Colloquium April 7-8, 2014. Please contact us at amsterdam-tc@first.org for speaker engagements. The event already has an exciting preliminary program covering:

  • Savvy Attribution in the DNS – Using DNS to Geo-locate Malicious Actors
  • Beyond Zone File Access: Discovering interesting Domain Names Using Passive DNS
  • DNStap: High speed DNS logging without packet capture
  • CVSS v3 – This One Goes to 11
  • Securing the Internet Against DDoS Attacks
  • Threat Actor Techniques
  • Mitigating Attacks Targeting Administrator Credentials in the Enterprise
  • Hardware: The root of trust in the cloud
  • Targeted attack case study
  • What does an enterprise monitor for targeted attacks? -- CSIRT Playbook II
  • Security uses for hadoop & big data
  • OpenSOC
  • Using HBASE for Packet capture

And many more current issues facing the incident response community. Learn how organizations operationalize intelligence to mitigate and detect advanced threats.

The event’s line-up includes so far already notables from Cisco Security Intelligence Operations (SIO), Symantec, Vrije Universiteit Amsterdam and Farsight. Looking forward to A great TC!

Tags: , , , , , ,

Enterprise Security: Include DDoS Mitigation in your 2014 Plans

2014 will be a pivotal year for Enterprise Security professionals. Large scale Denial of Service ( DoS ) and Distributed Denial of Service attacks ( DDoS ) have been increasing over the years, which is nothing new. As technology evolves, including faster machines and cheaper bandwidth, attacks will also evolve just as fast if not a little faster.  What is alarming is the dramatic increase in the size of these DoS and DDoS attacks over the last year. These attacks are nothing to sneeze at, and in fact, are down right scary. Most of these attacks can cripple even the biggest of Enterprises due to their sheer size. This will require Enterprise Security professionals to take a serious look at their security plans for 2014.

Entperise Security

2013 saw the largest DDoS attack on record, with the 300gbps attack on the Anti-Spam site Spamhaus. 2014 has also started off quickly with a large NTP reflection attack. Jaeson Schultz has a great article on this topic, available here. This isn’t the start of the year the Enterprise Security professional wants to see. But it’s a real threat, and any Enterprise needs to have plans in place to handle this type of situation so can keep service available for their clients.

How Enterprise Security professional handle this type of nightmare can lead to some sleepless nights. With the amount Read More »

Tags: , , , , ,

When Network Clocks Attack

TRACIn October 2013, Cisco TRAC discussed Network Time Protocol (NTP) as a possible vector for amplified distributed denial of service (DDoS) attacks. Litnet CERT has since revealed that their NTP servers were used in a denial of service (DoS) attack. Symantec also published information regarding an NTP amplification-based DDoS attack that occurred in December 2013. On December 7, 2013, a hackforums.net user posted an NTP amplification DDoS script to Pastebin. The NTP DDoS script is heavily obfuscated Perl, though the plain text at the top credits the “leaking” of the script to an individual who goes by the handle Starfall. Brian Krebs also mentioned someone going by the name Starfall as a paying user of booter.tw. They may be the same person.

Decoding the obfuscated Perl yields some interesting insights. For example, this code near the top of the script has nothing to do with the NTP DDoS functionality:

ntpddos
The code above downloads a program called spoof.pl from IP 84.33.192.46, then runs and erases that program while writing the text “j00 g0t 0wn3d s0n” into a hidden file. Unfortunately, we were unable to obtain a copy of the spoof.pl script, but the ominous “j00 g0t 0wn3d s0n” text indicates the purpose of the program was likely to compromise the machine of anyone who was running the obfuscated NTP DDoS script. Is there no honor among hackers?
Read More »

Tags: , , , ,

2014: A Look Ahead

It’s December and the 2013 cyber security news cycle has just about run its course. We’ve seen more and increasingly virulent attacks, continued “innovation” by adversaries, and a minor revival of distributed denial of services (DDOS) actions perpetrated by hacktivists and other socio-politically motived actors.

Against this, Cisco stood up tall in recognizing the importance of strong security as both an ingredient baked into all Cisco products, services, and solutions, and a growing understanding of how to use the network to identify, share information about, and defeat threats to IT assets and value generation processes. I can also look back at 2013 as the year that we made internal compliance with the Cisco Secure Development Lifecycle (CSDL) process a stop-ship-grade requirement for all new Cisco products and development projects. Read More »

Tags: , , , , , ,

Our Unofficial Top Ten Cyber Trends for 2014

(I pulled this list together with the help of my colleague Martin Chorich. Or maybe it was the other way around. )

Every year, publications ranging from supermarket tabloids to serious academic journals issue forecasts for the coming year. Those with foresight hold on to these articles and read them again the following December for a good laugh, as we all know how accurate they can be. With that in mind, and following a long week of staring into a well and inhaling the fumes, we offer the following unofficial 2014 guide to trends for cyber security practitioners. These should not be construed in any way as representing Cisco expectations of future market or business conditions. As for their true value, this article and about $4.50 will get you a double mocha latté at a national coffee chain.

1. Changes in the Global Framework Governing the Internet – It is no secret that government policies around the world have had trouble keeping pace with the cultural and economic changes enabled by the Internet. At the same time, the Internet would not be the juggernaut it is without its borderless and unregulated nature. The Internet has developed around a multi-stakeholder model led by the Internet Corporation for Assigned Names and Numbers (ICANN). In recent years, some stakeholders have called for a more government-centric model of Internet governance. In 2014, this conversation will intensify. Debate topics will include whether governance of the Internet should change, and what sort of new governing bodies might find consensus, as stakeholders consider the risks of Internet balkanization and the potential stifling effects of mounting regulatory requirements.

Read More »

Tags: , , , , , , ,