Today, we released the last Cisco IOS & XE Software Security Advisory Bundled Publication of 2015. As a reminder, Cisco discloses IOS vulnerabilities on a predictable schedule (the fourth Wednesday of March and September each calendar year). Last cycle, we began including Cisco Security Advisories addressing vulnerabilities in Cisco IOS XE Software in this publication. This change was a direct result of your feedback, and we hope the timeline and additional “bundling” continues to allow organizations to plan and ensure resources are available to analyze, test, and remediate vulnerabilities in their environments.
Today’s edition of the Cisco IOS & XE Software Security Advisory Bundled Publication includes three advisories that affect the following technologies:
- IPv6 First-Hop Security
- SSH Version 2 (SSHv2)
- Cisco IOS XE Software
You may recall that Cisco announced enhancements to the Cisco IOS Software Checker last year. As my colleague Kevin Saling shared, the tool can display first-fixed software release data based on the combination of Cisco IOS Software releases and Cisco Security Advisories selected. Users can now quickly identify the first release that addresses all vulnerabilities disclosed in the selected advisories. Read More »
Tags: Cisco IOS software, psirt, security, security advisories, vulnerabilities
“It’s our thesis that privacy will be an integral part of the next wave in the technology revolution and that innovators who are emphasizing privacy as an integral part of the product life cycle are on the right track.” —The Privacy Engineer’s Manifesto, 2014
Privacy in an always and increasingly connected world is a complex topic. Does privacy mean the same thing it did 20—or even 10 years ago—before we all used smartphones and social media? How does data that we generate in our connected day tell a story, become monetized, and get purposed and repurposed? How do vendors ensure that privacy is designed into products and services?
These are issues that Michelle Finneran Dennedy, a leading authority on privacy, corporate policies, and the protection of the Internet, is passionate about—and so is Cisco. So I’m very pleased to say that Michelle joined Cisco as Vice President and Chief Privacy Officer today. Simply stated, welcome, Michelle! Read More »
Tags: chief privacy officer, Cisco Security and Trust Organization, security, security and trust, welcome
In so many parts of life, the passing of time is a benefit. Wine and whisky mature, intelligence is gained, and friendships grow stronger. For those of us working in IT security, however, the passing of time brings new challenges. Prolonging the use of older technology exponentially increases risk and the resulting problems can cost more than recommended maintenance/upgrades.
Let’s consider three facts:
- Fact 1: IT is fundamental to the economy, safety, health, and well-being of the world’s societies. Today’s IT systems support everything from advanced medical research to a country’s economic growth.
- Fact 2: Attacks on IT will continue to evolve in terms of efficiency, complexity, and deviousness. The need for better prevention, detection, and remediation recovery from cyber attacks continues to grow.
- Fact 3: IT devices are developed to perform securely within the known constraints and challenges of their launch environment, with flexibility for some upgrades. But at some point, all technology reaches a lifecycle limit. Quite often that limit is less about the device’s ability to “just power up” and more about it doing so securely.
Consider these facts together and what is the conclusion?
Read More »
Tags: Cisco Security and Trust Organization, security
Historically, threat actors have targeted network devices to create disruption through a denial of service (DoS) situation. While this remains the most common type of attack on network devices, we continue to see advances that focus on further compromising the victim’s infrastructure.
Recently, the Cisco Product Security Incident Response Team (PSIRT) has alerted customers around the evolution of attacks against Cisco IOS Software platforms.
Today, Mandiant/FireEye published an article describing an example of this type of attack. This involved a router “implant” that they dubbed SYNful Knock, reported to have been found in 14 routers across four different countries.
The Cisco PSIRT worked with Mandiant and confirmed that the attack did not leverage any product vulnerabilities and that it was shown to require valid administrative credentials or physical access to the victim’s device.
SYNful Knock is a type of persistent malware that allows an attacker to gain control of an affected device and compromise its integrity with a modified Cisco IOS software image. It was described by Mandiant as having different modules enabled via the HTTP protocol and triggered by crafted TCP packets sent to the device.
Note: Cisco Talos has published the Snort Rule SID:36054 to help detect attacks leveraging the SYNful Knock malware.
Given their role in a customer’s infrastructure, networking devices are a valuable target for threat actors and should be protected as such. We recommend that customers of all networking vendors include methods for preventing and detecting compromise in their operational procedures. The following figure outlines the process of protecting and monitoring Cisco networking devices.
We thank Mandiant/FireEye for their focus on protecting our shared customers, and for adding their voice to calls for greater focus on network security.
Tags: cyber security, ios attack, ios compromise, IOS Security, psirt, security, SYNful Knock
The Cisco IPS network based intrusion prevention system (NIPS) uses signatures to detect network-based attacks. Signatures can be created in a variety of engines based on the type of network traffic being inspected. Cisco signatures have very flexible configurations. In this blog post, I will discuss the trade-offs between two basic approaches for signature configuration: anomaly detection and vulnerability detection.
With Cisco IPS, anomaly detection is a broad approach of detecting malicious network activity. Signatures written to detect broad categories of anomalous activity will catch many different attack vectors, but at a cost. The parameters of a signature designed to detect an anomaly will often put a strain on the system running Cisco IPS in the form of memory or CPU usage, limiting the number of signatures that may be enabled. They also carry a high false positive risk due to their broad approach.
Vulnerability based signatures are targeted and require less overhead. These signatures normally target one or more attack vectors associated with a specific CVE. Their engine parameters typically use less memory and impact the CPU performance less on the IPS device, permitting more signatures to be active. They also allow the user to finely tune the configuration based on the types of vulnerable systems in a user’s network. False positive risk is low if the active signature set is tuned for a user’s network environment. Read More »
Tags: IPS, nips, security