Cisco Blogs


Cisco Blog > Security

SPAN Packet Duplication: Problem and Solution

In the spirit of National Cyber Security Awareness Month (NCSAM) I offer up a recent tale of intrigue and mystery from an ongoing Cisco Security Research project…

Prologue

One of Cisco Security Research and Operation’s ongoing projects is to oversee a massive infrastructure of several high-volume Internet POPs that send large amounts of network traffic into one of our research labs. We are collecting NetFlow and packet dumps from a geographically distributed sensor network. These pcap files each contain several million packets, but due to a configuration error in the packet capture process, there was some amount of packet duplication. This short blog article will talk about why the duplication happened, how we prevented it from reoccurring, and a unique solution that was employed to remove the duplicate packets from all of the affected pcap files. Read More »

Tags: , ,

Distributed Denial of Service Attacks on Financial Institutions: A Cisco Security Intelligence Operations Perspective

The past few weeks have had many on heightened alert from the initial threats to the ongoing attacks surrounding U.S.-based financial institutions; to say folks have been busy would be quite the understatement.

These events spawned a collaborative effort throughout the Cisco Security Intelligence Operations (Cisco SIO) organization, as depicted in the diagram below.

 

* Note: As Cisco products have not been found to be vulnerable to these attacks the Cisco PSIRT (Product Security Incident Response Team) provides feedback and peer-review, hence the reason that no Cisco Security Advisory (SA) is present for this activity.

Read More »

Tags: , , , , , , , , ,

NCSAM: Diversity, Consistency, and Security Intelligence

The security community at Cisco is very diverse. It extends beyond the typical researcher or analyst roles to include customer-facing engineers and marketing, public relations, and legal teams. The community is comprised of individuals with greatly varied backgrounds, skill sets, and charters and contains a wealth of knowledge on just about any topic. This diversity allows Cisco Security Intelligence Operations to understand and react appropriately to today’s threats as well as those that we may face in the future.

If we think about security intelligence—which I define as raw information enhanced through correlation, processing or perspective—having an established variety of inputs is key. Our people are certainly one of those inputs.

The trick, however, is utilizing that diversity in such a way that you can create consistent and predictable outputs that can be easily absorbed and acted on.

Read More »

Tags: , , ,

Partner Perspectives: Nexus, Inc. on Defending the Data Center

A few weeks ago, I got to arrange a meeting of the minds – between Cisco and one of our Master Security and UC Specialized partners, Nexus, to be exact. Given the new Security products and solutions we’ve announced around defending the data center, we thought it’d be a good time to sit down with Nexus and get a partner perspective on what they’re seeing in the market.

We chatted with Waheed Choudhry, President and COO, and Mike Zozaya, Practice Manager of Security, Mobility, and Infrastructure at Nexus to get some insights on what their customers are trying to achieve in the data center and how Cisco Security is helping them get there.

Read More »

Tags: , , ,

Automating Cisco IOS Vulnerability Assessment

September 26, 2012 at 9:14 am PST

Security automation is a hot topic these days. Most organizations have many systems to patch and configure securely, with numerous versions of software and features enabled. Many security administrators are seeking ways to leverage standards and available tools to reduce the complexity and time necessary to respond to security advisories, assess their devices, and ensure compliance so they can allocate resources to focus on other areas of their network and security infrastructure.

Cisco is committed to protect customers by sharing critical security-related information in different formats.

Starting today, September 26, 2012, Cisco’s Product Security Incident Response Team (PSIRT) is including Open Vulnerability and Assessment Language (OVAL) definitions in Cisco IOS security advisories. Read More »

Tags: , , , , ,