security
Massive Canadian Pharmacy Spam Campaign
1 min read
On Tuesday May 28, 2013 at 17:30 UTC a massive pharmaceutical-based spam campaign began, using the Subject: header “Only 24 Hours Left to Shop!”. Cisco witnessed volume rates peaking as high as 8 out of every 10 spam messages being sent. The indiscriminate nature of the attack’s recipients suggests that most anti-spam vendors, including Cisco, will have blocked […]
Cisco Domain Ten: Domain 9: Security and Compliance
3 min read
Security and Compliance is the next domain in our Cisco Domain TenSM model that I will cover, following on from my previous post on Applications. And following on from my previous posts around Cisco Domain Ten, I’ll give you a brief overview of the questions that come up when we discuss data center security and compliance […]
Interop, Vegas…Rear View Mirror
1 min read
My two favorite days for a Vegas conference: arriving and leaving. Everything in between is a foot numbing, sleepless blur. But we had a great time! It was cool to be on stage hanging with our Cisco friends and getting to re-unite with old competitors, many of which are former peers. We did not have […]
First Look – The Cisco NOC Model For Wired and Wireless
1 min read
Over the last few weeks, we've started to unpack some of the focus-group discussions we've recently had with hundreds of IT professionals. The goal of these focus groups was...
Foundational Network Traffic Collection and Analysis Setup
3 min read
This introductory post explains how one of Cisco’s security research groups established a network data collection capability for large amounts of network traffic. This capability was necessary to support research into selected aspects of the Domain Name Service (DNS), but it can be adapted for other purposes.
Shedding More Light on MDM
1 min read
Starting with a primer on MDM, Networking 101: MDM, Jimmy Ray answers the questions on what is MDM and what can it do for my organization in his entertaining and educational white board approach.
Security Logging in an Enterprise, Part 2 of 2
5 min read
We first logged IDS, some syslog from some UNIX hosts, and firewall logs (circa 1999). We went from there to dropping firewall logging as it introduced some overhead and we didn’t have any really good uses for it. (We still don’t.) Where did we go next?
Department of Labor Watering Hole Attack Confirmed to be 0-Day with Possible Advanced Reconnaissance Capabilities
2 min read
Update 2 5/9/2013: Microsoft has released a “Microsoft fix it” as a temporary mitigation for this issue on systems which require IE8. At this time, multiple sites have been observed hosting pages which exploit this vulnerability. Users of IE8 who cannot update to IE9+ are urged to apply the Fix It immediately. Update 5/6/2013: An […]
Security Logging in an Enterprise, Part 1 of 2
3 min read
Logging is probably both one of the most useful and least used of all security forensic capabilities. In large enterprises many security teams rely on their IT counterparts to do the logging and then turn to the IT logging infra when they need log information. That in itself isn’t bad; however, the needs/requirements for IT may not be a 100% fit for a CIRT. Read on to find out how we handled it.