Cisco Blogs


Cisco Blog > Security

2014: More Secure Access, Please

Are you back from holiday break all refreshed and ready to embrace 2014 with confidence?

Many organizations will see new devices on their networks given the recent massive holiday gift giving. In particular, educational organizations will be morst likely to be impacted. It seems there was no new hot toy (must-have gift) noted this year because kids want electronics. A recent survey indicated that 88% of kids ages 12 to 17 said that they most wanted a gadget as a holiday gift, with the majority (69%) requesting some kind of Apple device.

Students are returning to school with their shiny new electronic mobile devices and no hesitation to access the resources at school. Educational institutions continue to strive to enable users, while minimizing potential risk, and security continues to be the top concern.

Secure AccessConsider this:

Secure Mobility in Higher Education

Secure Mobility in K-12 Education

The challenge of secure mobility will persist as the device storm continues. 2014 opens with the Consumer Electronics Show in Las Vegas, January 7-10. The last couple years the show highlighted latest smart phones and tablets. It seems this year a heavy focus on the Internet of Things—with sensor-based devices that feed information to a computer over the Internet, further emphasizing the Any to Any problem, which changes the security paradigm. Any user on any device increasingly going over any type of connection, to any application, that could be running in any data center and on any cloud. Regardless of how or where our users are connecting, we have to provide the right levels of inspection and protection against malicious intruders who may steal sensitive data or disrupt business. Let’s start to think and be prepared for what organizations may see coming on their networks and what the security implications may be for next year.

Happy 2014!

Tags: , , , ,

Fake German Bill Spam Campaign Spreads Malware

Update 2014-01-10: This malicious campaign has expanded to include emails that masquerade as bills from NTTCable and from VolksbankU

Update 2014-01-21: We’ve updated the chart to include the Vodafon emails and latest URL activity

English language has emerged as the language of choice for international commerce. Since people throughout the world are used to receiving English language emails, spammers have 

TRAC-tank-vertical_logoalso adopted the English language as the means of getting their message to large numbers of international recipients. However, spam messages that are written in a local language and that reference local companies can be particularly enticing for recipients to open because they do not expect malicious messages to be written in anything other than English. Cisco has observed and blocked a large number of malicious spam messages written in German language masquerading as phone billing statements. Initially the spam run masqueraded as Telekom Deutschland, with subsequent messages masquerading as messages from NTTCable  and Volksbank.

Cisco TRAC was able to locate what appears to be a single attack attempt, likely a test run, on 2013-12-16 however the majority of the attack started on 2014-01-05 and is ongoing. The malware is currently targeting users as depicted in the heap map below. The vast majority of attacks are occurring in Germany. It is reported that the end goal of this malware is to harvest credentials.

This heat-map represents the malicious URL activity we have detected and blocked:

newnewchart_large_cropped

Read More »

Tags: , , ,

SecCon and the Limits of the Human Mind

One of the things I like best about Cisco’s focus on security is the internal SecCon conference we put on each year. It focuses on security threats, defenses, and innovation. Although I participate as a trainer, organizer, and reviewer, my favorite role this year was as an attendee. The conference theme, The State of the Hack, encompassed many elements, but the key one for me was trust and the human element.

The two external keynotes set the tone for talking about trust. Bruce Schneier started by pointing out that trust is an inherent element of living in a society of humans. It allows people to work together, and enables banking, transport, commerce, government, and all the elements necessary for a society to function. Without it, we’d have to raise our own food, and live independently of electricity, money, and even neighbors. Bruce mentioned the four mechanisms that enforce trust: morals, reputation, institutional (rules), and security systems. As security practitioners, we tend to focus on the latter, but should remember the first three as well. Reputation is the currency of trust, and is what allows us to trust financial institutions, police, friends, and our food supply. Reputation takes a long time to build up, over many interactions. Banks and stores need to be in business for years to build trust. You trust your friends and neighbors gradually with money, keys, and babysitting. But trust can be destroyed in just one action, as many transgressing politicians and security-breached vendors can attest.

Read More »

Tags: ,

OpenSSL Website Breached Via Hypervisor Management Interface Misconfiguration

The website of the OpenSSL project, which provides a widely-used SSL/TLS implementation, was breached on 29th December and defaced (OpenSSL.org announcement). This defacement only affected the website of the project, however. The OpenSSL project has since checked the cryptographic hashes of the OpenSSL source code and confirmed that the source code has not been modified or compromised in any way. A compromise of the source code could result in a backdoor or other vulnerability being introduced. This is an important point since the Debian release of OpenSSL in 2006 had a bug which weakened the random number generator (wikipedia). However, the most worrying development of this breach is the way that the website was compromised, which was through the virtualization infrastructure of their hosting provider IndIT Hosting.

Whilst there are many potential avenues of attack against a website, what makes this attack notable is that instead of attacking the website directly, they attacked the hosting infrastructure of the website itself. In this case, it was the Virtual Machine hosting infrastructure operated by the openssl.org hosting provider. VMWare, whose products were used to host the OpenSSL website issued the following statement:

Read More »

Tags:

The Cisco RV325 – The newest edition to the Cisco Small Business Routing Portfolio

Now that the Holidays are upon us, and we look forward to 2014, the Cisco Small Business team continues to raise the Small Business networking bar with the introduction of the all new Cisco RV325. This Dual WAN, 14-port VPN Router, provides all of the same performance, security and reliability of the RV320 launched last June. Both routers are perfect for fast-growing small businesses or branch deployments. So if you are looking for more ports in the same enclosure, the RV325 is the Small Business router to take a look at.

RV320 and RV325

RV320 and RV325

Like the it’s smaller sibling the RV320, the RV325 is a perfect match with the Cisco Small Business SG300 Series Switches and WAP500 Series Access Points. As you saw from my last Blog, the WAP551 and WAP561 boasts a nice feature-set including Captive Portal and Single Point Set-up. The WAP 551/561 are controller-less Access Points meaning additional hardware is not required. The SG300 Series offers a nice blend of features at an affordable price and are designed Small Business. It has most of the features that can be found in today’s Enterprise-class Switches.

This formidable combination makes for the perfect solution for that many Small Businesses and Organizations can take advantage of. Add in our portfolio of award-winning Cisco Small Business Services, and you have a solution that all that guarantees a positive experience from Cisco Small Business Team.

One Option for this solution is the newly launched 200 Series of Smart Switches. There are four new models including 10-, 24-, 26-, and 50-port switches. These Full Power PoE Smart Switches are a great alternative as they offer a generous feature-set, solid performance and even greater affordability.

SG200 Series PoE Smart Switch

SG200 Series PoE Smart Switch

 

Happy Holidays and Happy New Year’s from the Team at Cisco Small Business.

 

 

 

 

 

 

Tags: , , , , , , , , , , , , , , , , , , , , , , , , , ,