I see and hear a variety of acronyms being used on a daily basis. I recently heard one tossed around with good humor that makes a point: TMA or Too Many Acronyms. Every once in a while, when I think I’ve embedded the definition and use of an acronym into my long-term memory (anything beyond an extended weekend), it seems as if either a new acronym was spawned, or it has been overloaded with a different meaning. My goal in this blog post is offer both a refresher on some topical acronyms that appear to be quite commonly circulated in security technology circles and media outlets. It is challenging to be a subject matter expert in every aspect of cyber security. Whether you are reading an article, joining a conversation or preparing for a presentation or certification in the realm of cyber security, you may not be completely perplexed by these acronyms when you come across them and become more familiar with them. For situational purposes, I organized the acronyms into categories where I have seen them used frequently and included related links for each of them.
AAA: Authentication, Authorization, and Accounting. This is a set of actions that enable you to control over who is allowed access to the network, what services they are allowed to use once they have access, and track the services and network resources being accessed.
ACL/tACL/iACL/VACL/PACL: Access Control List. ACLs are used to filter traffic based upon a set of rules that you define. For ACLs listed with a prefix (for example, t=transit, i=infrastructure, V=VLAN (Virtual Local Area Network), P=Port)), these ACLs have special purposes to address a particular need within the network.
FW/NGFW/FWSM/ASASM: Firewall/Next Generation Firewall/Firewall Service Module/Adaptive Security Appliance Services Module. These products provide a set of security features designed to govern the communications via the network. Cisco provides firewall features as a dedicated appliance or hardware module that can be added to a network device such as a router.
IPS: Intrusion Prevention System. Typically, this is a network appliance that is used to examine network traffic for the purposes of protecting against targeted attacks, malware, and application and operating system vulnerabilities. In order to ensure the effectiveness of a Cisco IPS device, it should be maintained using Cisco’s IPS subscription service.
DNSSEC: Domain Name System (DNS) Security Extensions. That’s right, we have an acronym within an acronym. These are the specifications for security characteristics that make it possible to verify the authenticity of information stored in DNS. This validation makes it possible to provide assurances to resolvers that when they request a particular piece of information from the DNS, that they receive the correct information published by the authoritative source. Read More »
Tags: byod security, Cisco Security, cybersecurity, HIPAA Compliance, incident response, MDM, PCI Compliance, pci-dss, security, vulnerability
Update 2 5/9/2013:
Microsoft has released a “Microsoft fix it” as a temporary mitigation for this issue on systems which require IE8. At this time, multiple sites have been observed hosting pages which exploit this vulnerability. Users of IE8 who cannot update to IE9+ are urged to apply the Fix It immediately.
An exploit for this bug is now publicly available within the metasploit framework. Users of the affected browser should consider updating to IE9+ or using a different browser until a patch is released. Given the nature of this vulnerability additional exploitation is likely.
At the end of April a Watering Hole–style attack was launched from a United States Department of Labor website. Many are theorizing that this attack may have been an attempt to use one compromised organization to target another. Visitors to specific pages hosting nuclear-related content at the Department of Labor website were also receiving malicious content loaded from the domain dol.ns01.us. Initially it appeared that this attack used CVE-2012-4792 to compromise vulnerable machines; however, Microsoft is now confirming that this is indeed a new issue. This issue is being designated CVE-2013-1347 and is reported to affect all versions of Internet Explorer 8.
Read More »
Tags: botnet, botnets, Cisco Security, cybersecurity, security, targeted attacks, TRAC, vulnerability
On April 10, 2013, a collective of politically motivated hacktivists announced a round of planned attacks called #OPUSA. These attacks, slated to begin May 7, 2013, are to be launched against U.S.-based targets. #OPUSA is a follow-up to #OPISRAEL, which were a series of attacks carried out on April 7 against Israeli-based targets. Our goal here is to summarize and inform readers of resources, recommendations, network mitigations, and best practices that are available to prevent, mitigate, respond to, or dilute the effectiveness of these attacks. This blog was a collaborative effort between myself, Kevin Timm, Joseph Karpenko, Panos Kampanakis, and the Cisco TRAC team.
If the attackers follow the same patterns as previously witnessed during the #OPISRAEL attacks, then targets can expect a mixture of attacks. Major components of previous attacks consisted of denial of service attacks and web application exploits, ranging from advanced ad-hoc attempts to simple website defacements. In the past, attackers used such tools as LOIC, HOIC, and Slowloris.
Publicly announced attacks of this nature can have highly volatile credibility. In some cases, the announcements exist only for the purpose of gaining notoriety. In other cases, they are enhanced by increased publicity. Given the lack of specific details about participation or capabilities, the exact severity of the attack can’t be known until it (possibly) happens. Read More »
Tags: advisories, ASA, botnet, botnets, Cisco Security, Cloud Computing, cloud security, data center security, DDoS, exploits, firewall, incident response, IPS, IPS signatures, malware, mitigations, security, targeted attacks, TRAC, vulnerability
The Common Vulnerability Reporting Framework (CVRF) is a security automation standard intended to make your life easier by offering a common language to exchange traditional security and vulnerability bulletins, reports, and advisories. You can read more about it on the official ICASI CVRF 1.1 page, in my CVRF 1.1 Missing Manual blog series, or in the cvrfparse instructional blog. CVRF 1.1 has been available to the public for almost a year and we would like to know how its helped and how we can improve it. Please take a moment to take the poll and please feel free to share it with any interested parties. Comments are encouraged and welcomed. The more feedback we get, the more we can improve CVRF.
Read More »
Tags: advisories, Cisco Security, cvrf, cybersecurity, exploits, psirt, security, vulnerability
“A security advisory was just published! Should I hurry and upgrade all my Cisco devices now?”
This is a question that I am being asked by customers on a regular basis. In fact, I am also asked why there are so many security vulnerability advisories. To start with the second question: Cisco is committed to protecting customers by sharing critical security-related information in a very transparent way. Even if security vulnerabilities are found internally, the Cisco Product Security Incident Response Team (PSIRT) – which is my team – investigates, drives to resolution, and discloses such vulnerabilities. To quickly answer the first question, don’t panic, as you may not have to immediately upgrade your device. However, in this article I will discuss some of the guidelines and best practices for responding to Cisco security vulnerability reports.
Read More »
Tags: advisories, CVSS, cybersecurity, exploits, incident response, malware, psirt, security advisories, security advisory, security notice, security notices, security top of mind, vulnerability