We’re seeing reports of exploitation of this vulnerability. We can confirm Global Correlation – Network Participation telemetry is seeing multiple exploitation attempts across many customers. Customers who participate in Global Correlation – Inspection have a higher chance of this signature blocking in the default configuration since the sensor will take the reputation of an attacker into account during the risk rating evaluation. One of the reports mentioned the use of an IRC-based botnet as a payload for a large number of compromised machines. Since this report is similar to one I previously blogged about, I examined the IRC payloads in depth. Many of the variable names and functions are identical, with the new bot’s source code indicating that it is a later revision of the one we saw previously. Additional features have been added in this revision, which can allow the bots to transfer files directly to other bots via the command and control channel. Given the nature of this vulnerability and the ease of exploitation, it is very likely that unpatched machines will continue to be compromised if not remediated.
A 0-day vulnerability has been publicly posted which affects older versions of the Parallels Plesk software. The author of the exploit included an informational text file, which appears to indicate public servers have already been exploited. This vulnerability does not affect the latest major version of the software; nevertheless we expect to see widespread exploitation, due to the age of the affected versions — sites still running these versions of Plesk, which should enter End of Life of June 9, are unlikely to be regularly maintained.
Read More »
Tags: 0-day, exploits, malware, security, TRAC
I have lost count of the number of trade shows I’ve worked over my career. But working trade shows for Cisco over the past 14 months has been a uniquely positive experience. Microsoft TechEd North America 2013 makes my 5th show evangelizing Cisco UCS and our solutions.
I have been able to have long (sometimes up to 45 minutes) conversations with potential customers who have heard about UCS and want to learn more. Their reactions on how Cisco does it differently from others in the industry is an eye-opener for them – whether it the technology or the economics of the solution. They all walk away saying they are going to have to dig deeper into our solutions and contact their account team / partner.
It has become almost embarrassing the amount of praise our current customers heap on us when they come by the booth. Embarrassing because I’m just a very small part of what makes UCS successful; Cisco has a very strong team behind UCS and I wish they all could hear the great things the customers are saying about their experiences.
There are still two days left to stop by the Cisco booth and learn about:
- UCS Solutions FlexPod, VSPEX, Exchange, SQL Server
- UCS Manager
- Nexus 1000V
- VM FEX
- Cisco Email Security
Tags: email, Exchange, FlexPod, Nexus 1000v, security, SQL, UCS, UCS Manager, VM-FEX, vspex
As a follow up to my introductory blog on Securing the Internet of Everything, I would like to discuss further the security implications that will comprise proposed framework. As the applications of the IoT/M2M affect our daily lives, whether it is in the Industrial Control, Transportation, Smartgrid or Healthcare, it becomes imperative to ensure a secure IoT/M2M system. As the use of IP networks are employed, IoT/M2M applications have already become a target for attacks that will continue to grow in both quantity and sophistication. Both the scale and context of the IoT/M2M make it a compelling target for those who would do harm to companies, organizations, nations, and people.
The targets are abundant and cover many different industry segments. The potential impact spans from minor irritant to grave and significant damage and loss of life. The threats in this environment can be similarly categorized as those in the traditional IT environments. It’s useful to consider general platform architecture when discussing IoT security challenges. Below is the platform architecture that uses to frame IoT/M2M discussions.
While many existing security technologies and solutions can be leveraged across this architecture, perhaps especially across the Core and Data Center Cloud layers, there are unique challenges for the IoT. The nature of the endpoints and the sheer scale of aggregation in the data center require special attention.
The architecture is composed of four similar layers to those described in general network architectures. The first layer of the IoT/M2M architecture is comprised of Read More »
Tags: architecture, cloud, data center, dos, Internet of Everything, IoE, IoT, ip, M2M, mpls, network, security, Service Provider
This is the first in a two-part blog series that examines the opportunities that cloud-based services offer to law enforcement agencies—along with the challenges of this fundamental shift in the way information resources are managed.
Police forces have a well-established culture of owning and managing systems directly founded on concerns about security and control of access to information. Three trends, however, make this position unsustainable:
- Traditional models for acquiring and running systems, which slow the pace of innovation
- Increasing need to form partnerships with other police agencies, public-sector bodies, and the private sector. Partnership depends on information sharing and open approaches to developing systems.
One of the most radical—and successful—cloud-based public-safety and security services is Facewatch. Using a network-based model, Facewatch provides an online reporting tool that allows U.K. businesses and citizens to report crimes and attach video evidence. The service enables crime victims to cancel credit cards instantly through Facewatch’s partners; allows users to share images of wanted people; and provides a channel for feedback from the police on the outcomes of cases.
Facewatch offers immediate benefits to the public, businesses, and law enforcement:
- Citizens: ease of reporting and rapid management of associated processes
- Businesses: less time required to deal with incidents
- Law enforcement: reduces or eliminates the need to interact directly with premises to recover video footage
For all users, there is greater transparency about processes and reporting on outcomes, as well as the ability for communities to share information about wanted persons and crime trends.
Read More »
Tags: Cisco, cloud, Cloud Computing, Facewatch, IBSG, law enforcement, network, networking, police, Public Safety, security, social media, technology, United Kingdom
Connected devices are spreading like kudzu on the Carolina roadside. Cisco Identity Services Engine (ISE) is a great way to manage the devices on your network and with implementing some best practices, I can say you will save time. Below are 7 ideas that will help:
1. Find an Executive Sponsor.
Security policies can now be supported at a network level using ISE. Official IT policies around accessing information based on BYOD were often circumvented. But now with ISE, we’ve been able to implement policies that provide the right access, but can’t be circumvented. This makes it more important than ever that you have executive-level sponsorship. Truth be told, which IT project wouldn’t benefit from the executive backing? My first experience with an executive sponsor was with an excellent CIO who resembled Pope Francis and spoke like a wicked good Bostonian. He tasked me with pursuing business groups and obtaining feedback on IT process changes. The CIO called me his “Man in Havana”. My coworkers lovingly changed it to “Cabana boy” because we made fun of each other at every opportunity. The point is, busy manufacturing and software development directors found time for my questions and follow-up meetings because an executive was driving the effort.
Read More »
Tags: byod, ISE, security, security policy, wifi