Cisco Blogs


Cisco Blog > Security

Injecting the Python Interpreter Via GDB

Recently I was evaluating the security of an application sandbox and I needed a way to inject some kind of interface into the sandboxed application in order to explore the possibilities available from that context. The main objective was to be able to easily explore file and system call access to determine what was allowed/denied. I decided the most suitable interface I could use for this exploration would be the Python interactive shell.

The first step I needed to take was to get the Python library (libpython) loaded into the address space of the target application. The easiest way that I could think to do this was to utilize the call command in the Gnu Debugger (GDB). GDB’s call command performs a debugee procedure call by injecting a new thread into the debugee and controlling the startup state. Since GDB already performs the necessary steps, I could take advantage of this by issuing the command:

Read More »

Tags: , ,

Managing Communications During Customer-Impacting Incidents

No matter how you prepare, you never know how or when it will begin. The phone rings and sixty seconds later a sense of dread emerges. It grows slowly, peaking just as you hang up the phone. Sitting back in your chair, you take a deep breath and turn your mind to all the customers, executives, and journalists who will soon know what you know.

You and I both have a sense of the work involved in managing customer-impacting data exposures, privacy breaches, or malicious attacks. These are high pressure, high profile incidents that demand the very best response team—a team that includes technical and non-technical expertise.

Working as I do with Cisco security and incident response teams, I sit alongside some great people who understand the value of having a professional communicator at the table. With a technical response underway, the communicator can do what they do best—summarize the topic, identify impacted audiences, assess their needs, and craft the required messaging. Regardless of their department—public relations, employee communications, customer communications, or marketing—these people will be critical to sustaining customer relationships and protecting your organization’s reputation.

Read More »

Tags: , , ,

Security Industry Visionary Joins Cisco

We are in the middle of several major market trends and transitions, including mobility, cloud and virtualization. Security is at the center of these massive transitions, and our customers tell us that they want simplicity and seamlessly integrated solutions for their network architectures. These industry disruptions require new thinking to create innovative technological solutions that will solve our customers’ biggest problems.

Enter Bret Hartman.

Bret has joined Cisco as the new Chief Technology Officer (CTO) for the Security Technology Group, which encompasses all of Cisco’s core security products. For Cisco, Bret will define our overall security technology strategy, particularly as it relates to how security technology integrates across the network infrastructure. Ensuring that our strategy transitions into value-added customer solutions will be critical as we move to an integrated security architecture that leverages the network.

Read More »

Tags: , , , , , , , ,

IPS Performance Explained

Data sheet performance numbers are often used to make purchasing and deployment decisions for network devices. This is true for Intrusion Prevention Systems (IPS) as well. However, the nature of IPS is such that performance can vary greatly based on multiple factors, including the traffic mix seen at the IPS, signature tuning, and the software version in use. As a result, basing an IPS deployment purely on data sheet numbers is difficult. Cisco has demystified data sheet performance metrics for its IPS 4500 and IPS 4300 products via a detailed technical paper that walks the reader through each performance number.

Read More »

Tags: , ,

SPAN Packet Duplication: Problem and Solution

In the spirit of National Cyber Security Awareness Month (NCSAM) I offer up a recent tale of intrigue and mystery from an ongoing Cisco Security Research project…

Prologue

One of Cisco Security Research and Operation’s ongoing projects is to oversee a massive infrastructure of several high-volume Internet POPs that send large amounts of network traffic into one of our research labs. We are collecting NetFlow and packet dumps from a geographically distributed sensor network. These pcap files each contain several million packets, but due to a configuration error in the packet capture process, there was some amount of packet duplication. This short blog article will talk about why the duplication happened, how we prevented it from reoccurring, and a unique solution that was employed to remove the duplicate packets from all of the affected pcap files. Read More »

Tags: , ,