Aaron Woland

Author Archives: Aaron Woland

IDG Contributor Network: Securing the modern mobile OS

The idea for this blog post came to me during a discussion around some recent research performed by Cisco’s Talos threat research group.The post "Advanced Mobile Malware Campaign in India uses Malicious MDM" authored by Warren Mercer, Paul Rascagneres and Andrew Williams and the follow-up post containing additional research found in Part 2.In this beautiful piece of research, these guys identified and analyzed an attacker with malicious intent, that used a modified open source Mobile Device Manager (MDM) to control multiple mobile devices; and to install modified versions of well-known apps like WhatsApp and Telegram in order to gain access to what would otherwise be private data.To read this article in full, please click here

IDG Contributor Network: Protecting iOS against the aLTEr attacks

Researchers from Ruhr-Universität Bochum & New York University Abu Dhabi have uncovered a new attack against devices using the Long-Term Evolution (LTE) network protocol. LTE, which is a form of 4G, is a mobile communications standard used by billions of devices and the largest cellular providers around the world.In other words, the attack can be used against you.The research team has named the attack “aLTEr” and it allows the attacker to intercept communications using a man-in-the-middle technique and redirect the victim to malicious websites using DNS spoofing.To read this article in full, please click here

IDG Contributor Network: A first-hand account of Cisco Live 2018 in Orlando

I have had many people ask me about what Cisco Live is like, from my perspective as a long-time attendee and a member of the Hall of Fame Elite for speakers.  While my perspective may be a bit different than your average attendee, I thought I’d give it a shot and write it up.Cisco Live is an amazing event.  Some years, I may present at Cisco Live up to 4 times per year, and this was one of those years.  Cancun, Mexico – December 2017 Barcelona, Spain – February 2018 Melbourne, Australia – March 2018 Orlando, Florida, USA – June 2018 When I was a young buck and started attending Cisco Live they were actually called “Networkers” and to me, that still describes the best part of Cisco Live.  Not networking in the technology sense, but the human networking that goes on.  It’s like a reunion with the people that I get to see year after year; and I get to meet new people every single time.To read this article in full, please click here

IDG Contributor Network: A first-hand account of Cisco Live 2018 in Orlando

I have had many people ask me about what Cisco Live is like, from my perspective as a long-time attendee and a member of the Hall of Fame Elite for speakers.  While my perspective may be a bit different than your average attendee, I thought I’d give it a shot and write it up.Cisco Live is an amazing event.  Some years, I may present at Cisco Live up to 4 times per year, and this was one of those years.  Cancun, Mexico – December 2017 Barcelona, Spain – February 2018 Melbourne, Australia – March 2018 Orlando, Florida, USA – June 2018 When I was a young buck and started attending Cisco Live they were actually called “Networkers” and to me, that still describes the best part of Cisco Live.  Not networking in the technology sense, but the human networking that goes on.  It’s like a reunion with the people that I get to see year after year; and I get to meet new people every single time.To read this article in full, please click here

IDG Contributor Network: AMP and ThreatGrid Integration into Meraki UTMs

Lately, I have been spending a lot of time on integrating security systems together, and specifically focusing a lot of my energy on Cisco’s Advanced Threat Security product family. (Disclosure: I am employed by Cisco.)Which is what brings me to Cisco’s Advanced Malware Protection (AMP), which is a solution to enable malware detection, blocking, continuous analysis and retrospective actions and alerting.In fact, when the Talos cyber-vigilantes parachute into an environment and performs their forensics analysis and active defense against attacks—AMP is one of the primary tools that they use.To read this article in full or to leave a comment, please click here

IDG Contributor Network: AMP and ThreatGrid Integration into Meraki UTMs

Lately, I have been spending a lot of time on integrating security systems together, and specifically focusing a lot of my energy on Cisco’s Advanced Threat Security product family. (Disclosure: I am employed by Cisco.)Which is what brings me to Cisco’s Advanced Malware Protection (AMP), which is a solution to enable malware detection, blocking, continuous analysis and retrospective actions and alerting.In fact, when the Talos cyber-vigilantes parachute into an environment and performs their forensics analysis and active defense against attacks—AMP is one of the primary tools that they use.To read this article in full or to leave a comment, please click here

IDG Contributor Network: AMP and ThreatGrid Integration into Meraki UTMs

Lately, I have been spending a lot of time on integrating security systems together, and specifically focusing a lot of my energy on Cisco’s Advanced Threat Security product family. (Disclosure: I am employed by Cisco.)Which is what brings me to Cisco’s Advanced Malware Protection (AMP), which is a solution to enable malware detection, blocking, continuous analysis and retrospective actions and alerting.In fact, when the Talos cyber-vigilantes parachute into an environment and performs their forensics analysis and active defense against attacks—AMP is one of the primary tools that they use.To read this article in full or to leave a comment, please click here

IDG Contributor Network: AMP and ThreatGrid Integration into Meraki UTMs

Lately, I have been spending a lot of time on integrating security systems together, and specifically focusing a lot of my energy on Cisco’s Advanced Threat Security product family. (Disclosure: I am employed by Cisco.)Which is what brings me to Cisco’s Advanced Malware Protection (AMP), which is a solution to enable malware detection, blocking, continuous analysis and retrospective actions and alerting.In fact, when the Talos cyber-vigilantes parachute into an environment and performs their forensics analysis and active defense against attacks—AMP is one of the primary tools that they use.To read this article in full or to leave a comment, please click here

IDG Contributor Network: Cisco Rapid Threat Containment quickly detects, removes infected end points

Many of the readers of this blog are aware that ever since Cisco acquired SourceFire, and cybersecurity industry legends such as Marty Roesch took leadership roles within the company, Cisco's initiative is for all security products to be open and to interoperate with other products.Another very large acquisition was OpenDNS, and the CEO from OpenDNS now leads all of the security business at Cisco. The culture is all about Cisco products, as well as non-Cisco products, working better together. + Also on Network World: Cisco ONE simplifies security purchasing + For many, it's shocking to think about Cisco as a vendor pushing for openness and standards. I'm not sure why because Cisco has spent its life creating networking protocols and then helping them to become standards available to all. But I digress.To read this article in full or to leave a comment, please click here

IDG Contributor Network: Cisco Rapid Threat Containment quickly detects, removes infected end points

Many of the readers of this blog are aware that ever since Cisco acquired SourceFire, and cybersecurity industry legends such as Marty Roesch took leadership roles within the company, Cisco's initiative is for all security products to be open and to interoperate with other products.Another very large acquisition was OpenDNS, and the CEO from OpenDNS now leads all of the security business at Cisco. The culture is all about Cisco products, as well as non-Cisco products, working better together. + Also on Network World: Cisco ONE simplifies security purchasing + For many, it's shocking to think about Cisco as a vendor pushing for openness and standards. I'm not sure why because Cisco has spent its life creating networking protocols and then helping them to become standards available to all. But I digress.To read this article in full or to leave a comment, please click here

IDG Contributor Network: Troubleshooting Cisco’s ISE without TAC

One thing I have been very passionate about is making secure network access deployments easier, which includes what we like to call serviceability. Serviceability is all about making a product easier to troubleshoot, easier to deploy and easier to use. Ultimately the goal is always customer success.There is a distinct correlation between visibility and success of any NAC project. If you are blind to what's happening, and if you can't easily get to the information that helps figure out what's wrong, it can be very frustrating and also gives the appearance of a poor deployment.My goal of this post is to highlight a lot of the serviceability items Cisco has put into ISE that you may not be aware of. I'll do my best to not only call out the feature or function that was added, but explain why it matters and what version it was added in. To read this article in full or to leave a comment, please click here

IDG Contributor Network: Triggered NetFlow — <br>A Trick of the Trade

Triggered NetFlow: A Woland-Santuka Pro-Tip Vivek Santuka, CCIE #17621, is a consulting systems engineer at Cisco Systems who focuses on ISE for Cisco’s largest customers around the world. He and I devised, tested and deployed the methodology discussed in this blog entry, which we like to call “Triggered NetFlow.”NetFlow is an incredibly useful and under-valued security tool. Essentially, it is similar to a phone bill. A phone bill does not include recordings of all the conversations you have had in their entirety; it is a summary record of all calls sent and received.Cisco routers and switches support NetFlow, sending a “record” of each packet that has been routed, including the ports and other very usable information.To read this article in full or to leave a comment, please click here

IDG Contributor Network: Triggered NetFlow — A Trick of the Trade

Triggered NetFlow: A Woland-Santuka Pro-Tip Vivek Santuka, CCIE #17621, is a consulting systems engineer at Cisco Systems who focuses on ISE for Cisco’s largest customers around the world. He and I devised, tested and deployed the methodology discussed in this blog entry, which we like to call “Triggered NetFlow.”NetFlow is an incredibly useful and under-valued security tool. Essentially, it is similar to a phone bill. A phone bill does not include recordings of all the conversations you have had in their entirety; it is a summary record of all calls sent and received.Cisco routers and switches support NetFlow, sending a “record” of each packet that has been routed, including the ports and other very usable information.To read this article in full or to leave a comment, please click here

IDG Contributor Network: Triggered NetFlow — A Trick of the Trade

Triggered NetFlow: A Woland-Santuka Pro-Tip Vivek Santuka, CCIE #17621, is a consulting systems engineer at Cisco Systems who focuses on ISE for Cisco’s largest customers around the world. He and I devised, tested and deployed the methodology discussed in this blog entry, which we like to call “Triggered NetFlow.”NetFlow is an incredibly useful and under-valued security tool. Essentially, it is similar to a phone bill. A phone bill does not include recordings of all the conversations you have had in their entirety; it is a summary record of all calls sent and received.Cisco routers and switches support NetFlow, sending a “record” of each packet that has been routed, including the ports and other very usable information.To read this article in full or to leave a comment, please click here

IDG Contributor Network: How to use Anycast to provide high availability to a RADIUS server

After months of issues, they have finally restored my access to my blog! After such a hiatus, it is my pleasure to bring this particular post. I'm certain many will find it at the very least cool in an "I'm a network geek" kind of a way, or even better: you will find it very educational and even leverage it in your own world.  This is a solution I have been wanting to write about for a long time now, and let's be clear—it is not mine. This entire post is owed to a long-time personal friend of mine who is also one of the most talented and gifted technologists roaming the earth today. His name is Epaminondas Peter Karelis, CCIE #8068 (Pete). Pete designed this particular high-availability solution for a small ISE deployment that had two data centers, as is crudely illustrated by me in the below figure. To read this article in full or to leave a comment, please click here

IDG Contributor Network: How to use Anycast to provide high availability to a RADIUS server

After months of issues, they have finally restored my access to my blog! After such a hiatus, it is my pleasure to bring this particular post. I'm certain many will find it at the very least cool in an "I'm a network geek" kind of a way, or even better: you will find it very educational and even leverage it in your own world.  This is a solution I have been wanting to write about for a long time now, and let's be clear—it is not mine. This entire post is owed to a long-time personal friend of mine who is also one of the most talented and gifted technologists roaming the earth today. His name is Epaminondas Peter Karelis, CCIE #8068 (Pete). Pete designed this particular high-availability solution for a small ISE deployment that had two data centers, as is crudely illustrated by me in the below figure. To read this article in full or to leave a comment, please click here

IDG Contributor Network: Device administration with Cisco WLC

I recently had to dive very deeply into doing device administration AAA with Cisco Wireless LAN controllers and the SourceFire/Cisco FirePower Manager software. Given the interest that others have shown, I decided to write this Blog entry to share my experience.How Device Admin AAA works on the Cisco WLC Device Administration with a Cisco Catalyst switch is capable of command-level authorizations. With the WLC, however, it is based on the sections of the menu system. It does not prevent access to those sections of the GUI, but instead prevents changes from being saved when inside a menu section that is not authorized. Figure 1 shows the different menus in the orange box, with three of the individual menus highlighted with a yellow box.  To read this article in full or to leave a comment, please click here