More and more we are seeing the education landscape change to include more technology for collaboration and mobile learning. Colleges and universities are enabling secure networks for staff and students to access resources on-campus and off. With October being National Cybersecurity Awareness Month (NCSAM) and Educause next week, we are hearing a lot of talk about the importance of campus network security and threats. Read More »
Quick question for IT leaders – can the switches on your network report 100% unsampled netflow? If they can’t, there may be elusive cybersecurity threats hiding within your network. Yes, inside your network.
Every week, I hear stories of intellectual property (IP) loss and personal identifying information (PII) being compromised. This is due in part to many agencies still approaching cybersecurity the way they always have – guarding the edges to keep threats out. But that’s not enough anymore. With malware now being custom-written to bypass the perimeter, external drives plugged in, and the ever-present possibility of tricked or malicious insiders, monitoring inside the network is now one of the most effective ways to find and eliminate threats.
Cisco Security Intelligence Operations is tracking reports of ongoing exploitation of a vulnerability in the popular web application framework Ruby on Rails that creates a Linux-based botnet. The vulnerability dates back to January 2013 and affects Ruby on Rails versions prior to 3.2.11, 3.1.10, 3.0.19, and 2.3.15. Cisco Security Intelligence Operations’ has previously published an analysis of CVE-2013-0156. Cisco is receiving reports of attempted infection from Cisco IPS customers participating in Global Correlation.
This introductory post explains how one of Cisco’s security research groups established a network data collection capability for large amounts of network traffic. This capability was necessary to support research into selected aspects of the Domain Name Service (DNS), but it can be adapted for other purposes.
DNS exploitation is frequently the means by which malicious actors seek to disrupt the normal operation of networks. This can include DNS Cache Poisoning, DNS Amplification Attacks and many others. A quick search at cisco.com/security yields a lot of content published, indicating both the criticality and exposures associated with DNS.
Our research required the ability to collect DNS data and extract DNS attributes for various analytical purposes. For this post, I’ll focus on collection capabilities regarding DNS data. Read More »
On March 12th, Cisco announced the ISR-AX and how Cisco is changing the game, reducing complexity and making it simpler for enterprises to deliver and manage application delivery to users. Cisco is expanding the role of our Integrated Service Routers (ISRs) to deliver application-centric networks that provide granular visibility, control, and optimization without additional devices or bandwidth upgrades – Cisco® Application Experience (AX) Router family is now a part of the ISR family of routers! The Cisco ISR-AX Routers directly integrate Cisco Wide Area Application Services (WAAS), Application Visibility and Control (AVC), Data/IPBase and Security services into a platform that is simple to order, configure, and deploy for secure, optimized cloud connectivity and branch-office routing. The Cisco ISR G2 and ISR-AX Routers are based on the same hardware and software that you know and love and are deploying today. Today I wanted to go into the technical details of each of the components. Read More »
Tags: Application Experience Router, Application Visibility and Control, AVC, Cisco 19xx, Cisco 29xx, Cisco 39xx, cisco ios, ISR, ISR G2, ISR-AX, NBAR2, netflow, PfR, router, secure routing, vpn, waas, wan opt, WAN Optimization, What is the ISR-AX?