Security events, such as vulnerabilities and threats, that are detected globally continue to grow and evolve in scale, impact, diversity, and complexity. Compounded with this is the other side of the coin, the unreported or undetected events waiting in the wings, hovering below the radar in a stealthy state. With all of the security technologies at our disposal, are they sufficient enough to provide effective protection? Well, it is certainly a good start when applied correctly. At a summary level, Cisco’s Security Intelligence Operations (SIO) approach to this challenge was covered in the Network World feature article, “Inside Cisco Security Intelligence Operations.” However, one of the core human elements, which I will introduce, that deserves closer attention is the role of security analyst. In addition, this article provides those of you with career interests some additional insight into working in the IT security field.
Once again it’s time for Cisco’s semi-annual Cisco IOS Software Security Advisory Bundled Publication. Today’s edition of the bundle contains a total of nine IOS-related advisories and one non-IOS advisory for the Cisco Unified Communications Manager (CUCM) family of products. Included in the 10 Security Advisories are a total of 19 Cisco Bug IDs, each one representing an individual vulnerability.
In many exploit scenarios, an attacker finds a target and, if possible, establishes remote control over the system through known or unknown exploits. Whether the attacker uses a buffer overflow, insecure configuration, phishing for credentials, or cookie-stealing, the goal is clear: get a remote shell and gain complete control. Then what?
It is this post-exploitation environment that has interested me at this year’s Black Hat 2011. Several talks and trainings discuss post-exploitation techniques, and I’d like to share them in the interest of research – and defense.
Today we announced our regularly scheduled, semiannual (that’s twice a year, not every other year) group of Cisco IOS Security Advisories, otherwise known as our “Cisco IOS Security Advisory Bundle.” Security Advisories are disclosed by the Cisco Product Security Incident Response Team (PSIRT) in response to vulnerabilities that have been discovered and/or reported, either internally or externally, in Cisco products. The term “bundle” was chosen since we now disclose a group of IOS-related Security Advisories at one time, as opposed to releasing advisories individually whenever they are ready for prime time. This one-at-a-time approach is what we had used for years until, back in March 2008, we decided to take the “bundle” approach, similar to Microsoft’s monthly “Microsoft Tuesday” event, which occurs on the second Tuesday of every month.