Cisco Blogs


Cisco Blog > Security

MS Detours: Ongoing vigilance keeps customers on the right track.

Detours is a library offered by Microsoft Research for interception of functions on x86 and x64 platforms. It is sold for commercial use to various vendors that build products ranging from security to gaming applications.

Detours is often injected into most or all of the processes, either system-wide or in the context of the logged in user. The most common way this is done is through the AppInit_Dlls registry value. Because the injection is typically applied to a large number of processes running under various permissions, extra care must be taken to ensure the library and its usage are very carefully reviewed by engineers with a strong understanding of the implications of such wide hooking.

We have used this library in our own security products at Cisco (both CSA and AnyConnect) to provide certain security functions on the system. During one of our research projects earlier this year, we noticed a peculiar pattern on Windows systems where processes we were hooking had a change in the in-memory permissions, which marked the headers of the modules from the normal READ/EXECUTE to now include WRITE as well.

This was quite alarming to us, because a dll should not be writeable when loaded into memory. What was interesting, and led to clues of what might be the cause, was that it was only the dlls that had functions we were actively trying to hook. They were the common Win32 dlls that one would typically intercept methods for, such as Kernel32.dll.

Read More »

Tags: , , , ,

#ExecInsights: Defend, Discover and Remediate with Security Services

Like most industries, security has gone through many different evolutions. Over the past 20 years, the industry has been largely product focused, with customers deploying point products across the network in an effort to “cover” all security gaps. Over time and with the arrival of mobile, social and cloud, customers now recognize that having all the security products in the world is not going to close all the gaps. Today’s customers are looking for fully integrated solutions – a combination of services, products and people.

This is where Cisco delivers. We are elevating our security solutions efforts with the creation of a Services Security Practice, led by security industry veteran Bryan Palma, who comes to Cisco with an extensive background in both services and security. Reporting to Edzard Overbeek, Senior Vice President of Cisco Services, Bryan’s team will build three new service categories for our customers: Consultation; Product Implementation and Support; and Managed Services for enterprises and governments.

Cisco’s integrated security strategy is to defend, discover and remediate the most critical threats. With world-class products, research teams, global intelligence, advanced threat protection – and now services – our customers will benefit from continuous security in more places across the infrastructure.

Read More »

Tags: ,

Industrial Grade SDN

The software defined network has become all the rage lately for reasons that seem to vary and are caught up in interesting perceptions.  One view was that it allowed a single network to be controlled centrally and divided up logically to prevent different groups from interfering with one another, well that’s true.  Another view is that it provides a central place of management that configures and monitors the network for performance and faults, well that is true.

The basis is really the separation of the control plane (configuration and management) onto a server that centrally controls many network nodes.  From the data plane which are the switches and routers that pass the data for the application from one end device to another, or many.  The SDN controller communicates over a secure communications path using an API supported by the network device.

Yet what may be the most significant possibility of SDN is the ability to use programmatic control from the very applications that use the network for transport to stipulate any number of services that application needs from the network.  We are seeing this in data centers that will allow end user departments to define a complete network for say ERP from within the ERP application and no help from IT.  Why not for controls?  And since SDN is based on open source initiatives the ability for anyone to create and market applications for say a controls system is very real. Read More »

Tags: , , , , ,

ICCC 2013: Improving Common Criteria Standards for New Technologies

In order for government and enterprise organizations to keep their data secure from increasingly advanced cyber threats, security solutions and protocols are critical. However, these organizations must ensure that their chosen security solutions meet key security criteria, are standards based, perform as expected and interoperate reliably with existing technology.

The challenges above are why Common Criteria was created. Common Criteria is an international standard for IT product security and reliability. In fact, many governments will not use security products that don’t meet Common Criteria standards.

This year, the International Common Criteria Conference is being held in Orlando, Florida from September 10-12. The conference is a place for Certification Bodies, Evaluation Laboratories, Researchers, Evaluators, Product Makers and Buyers and Sellers to come together and exchange ideas in order to improve Common Criteria.

Cisco will lead multiple sessions covering topics like Cryptography, Network Device Protection Profiles, Improving Common Criteria and Marketing Common Criteria.

Details on the speaking sessions presented by and in collaboration with Cisco are below:

  • Keynote Speaker: CCUF Perspective

September 11 from 9-9:30AM ET

Alicia Squires, Cisco, CCUF Chair

  • Marketing the New CC

September 11 from 9:30-11AM ET

Moderator: Mark Loepker, NIAP, CCES Chair

Panelists: Joshua Brickman, Oracle; Jen Gilbert, Cisco; Matt Keller, Corsec; Eric Winterton, Booz Allen Hamilton.

  • Entropy Sources – Industry Realities and Evaluation Challenges

September 11 from 10-10:30AM ET

Alicia Squires: CISSP, Product Certification Engineer, Cisco Chair, CCUF Management Group

  • Cryptography and Common Criteria

September 11 from 11:30-12PM ET

Ashit Vora, Manager, Common Criteria Certification, Cisco and Chris Brych, Manager, Security Certifications, SafeNet, Inc.

  • Lessons and Recommendations from Evaluating Against NDPP in Three Different Schemes

September 11 from 5-5:30PM ET

Terrie Diaz, Product Certification Engineer, Cisco and Ashit Vora, Manager, Common Criteria Certification, Cisco

  • Widening the Use of CC for End Users Worldwide

September 12 from 9:30-11AM ET

Moderator: Michele Mullen, Director, ATA, CSEC

Adam Golodner, Director, Global Security & Technology Policy, Cisco; Steve Lipner, Microsoft; Blackberry (INVITED); Ericsson (INVITED)

Tags: , , , , , ,

Cisco Manufacturing Honored by Frost & Sullivan

Frost & SullivanI am happy to share the great news that the Cisco team received industry accolades last week when it was recognized by Frost & Sullivan for delivering a seamlessly connected enterprise collaboration solution across industry verticals.  The award, based on Frost & Sullivan’s Vision of the Future of Manufacturing Production 2.0 (Visi-MAP 2.0), identified the top 50 game changers in manufacturing hardware and software. The Visi-MAP 2.0 initiative uses this platform to identify companies that refuse to take a ringside spectator view of industry developments and instead, lead in the visionary innovation process.

I know I speak for the entire Cisco Manufacturing team when I say that we are honored to be recognized for our integrated, vertically relevant solutions for business and operations networks as well as our strong ecosystem of partners.  We have advanced our solutions greatly over the past few years and are excited for our future and continued growth. Our industry-leading solutions continue to set us apart from our competitors and we are excited that the industry is recognizing us as a leader.

Read More »

Tags: , , , , ,