Proxy auto-config or PAC files are commonly used by IT departments to update browser settings so that internet traffic passes through the corporate web gateway. The ability to redirect web traffic to malicious proxy servers is particularly attractive for malicious actors since it gives them a method of intercepting and modifying traffic to and from websites from which they can gain financially.
Malicious PAC files have been described since 2005 , but this obfuscated example contains a timely festive message. The Portuguese phrase for “Happy Christmas”, “Feliz Natal” is used to encode the IP address of the malicious proxy, 188.8.131.52.
Read More »
Tags: banking malware, security, TRAC
Last month I attended a summit of subject matter experts on securing the Internet of Things (IoT). At first, I thought I had the wrong room, because it seemed that everybody other than me was an architect or engineer working for a device manufacturer, and as a result the conversation was dominated by placing security controls into the devices, themselves. In contrast, I tend to approach the issue from the perspective of protecting the core of the network. But just when I was beginning to think I had wasted an hour-long drive and was going to be bored out of my skull all day, a few of us started debating the issue and the conversation began to evolve. Before long, we had found common ground in the fact that security controls are all about trust relationships – ‘I trust you, therefore I will allow you to do that’.
Now trust is a funny thing, because by its very nature it can neither be one-sided nor one-dimensional. Instead, it must be built into every aspect of the transaction; a sort of “digital handshake” to ensure all is well before doing business. In other words, each of our pre-conceived perspectives was correct, yet we were all being stubborn and short-sighted! Read More »
Tags: Cisco, cyber security, Internet of Everything, internet of things, IoE, IoT, network security, security
Cisco will host a live backbone switching webcast on Wed Dec 4, 2013 to discuss BYOD, mobility, security and how Cisco backbone switching addresses these customer needs. This is the second webcast in the Cisco switching webcast series. You can view the first one, Cisco access switching webcast, at any time as it is now an on-demand video.
This backbone switching webcast comes at a critical time, as BYOD and mobility are creating major impact to the workplace. According to a recent study on BYOD and mobility,
- 75% of employees think that the IT department should help secure personal devices used at work;
- 63% of IT pros say the biggest network issue will be the increased bandwidth requirements;
- 39% of them say that network latency is a problem because of mobile devices;
- And 39% of them have seen serious issues tied to network performance as a result.
Read More »
Tags: Backbone Switch, byod, Catalyst 6500, Catalyst 6800, Cisco, mobility, security, webinar
Today’s law enforcement and government agencies are leveraging mobility to enable efficiency and ensure greater safety and security for the public these agencies serve.
In recent years, law enforcement agencies have turned to mobile technology to enhance wireless networks to deliver mission critical information. Other agencies have turned to software to help analyze citizen-driven information on mobile devices and crime in real-time.
IT decision makers in the public sector will face several challenges as they look for solutions in this growing mobile landscape that will help those in the line of duty. With that in mind it’s important for those decision makers to continue to support the case for innovative mobility solutions.
Read the full article: Government Agencies and the Future of Mobility
Tags: Cisco, Community Policing, future of mobility, mobility, Public Safety, security
Securing critical internet infrastructure is an ongoing challenge for operators that require collaboration across administrative boundaries. Last September, something exceptional happened in the small South American country of Ecuador: the entire local network operation community got together to be pioneers in securing the local Internet infrastructure by registering its networks in the RPKI system and implementing secure origin AS validation. Please visit my original blog post over on the Cisco Perspectives Blog to read more!
Tags: BGP, BGP Security, critical infrastructure, RPKI, security