Michael Cooney
Author Archives: Michael Cooney
- Home → Author's archive:
Michael Cooney
0
Cisco issues critical security warning for Nexus data-center switches
Cisco issued some 40 security advisories today but only one of them was deemed “critical” – a vulnerability in the Cisco Nexus 9000 Series Application Centric Infrastructure (ACI) Mode data-center switch that could let an attacker secretly access system resources.The exposure, which was given a Common Vulnerability Scoring System importance of 9.8 out of 10, is described as a problem with secure shell (SSH) key-management for the Cisco Nexus 9000 that lets a remote attacker to connect to the affected system with the privileges of a root user, Cisco said.To read this article in full, please click here
0
Cisco issues critical security warning for Nexus data-center switches
Cisco issued some 40 security advisories today but only one of them was deemed “critical” – a vulnerability in the Cisco Nexus 9000 Series Application Centric Infrastructure (ACI) Mode data-center switch that could let an attacker secretly access system resources.The exposure, which was given a Common Vulnerability Scoring System importance of 9.8 out of 10, is described as a problem with secure shell (SSH) key-management for the Cisco Nexus 9000 that lets a remote attacker to connect to the affected system with the privileges of a root user, Cisco said.To read this article in full, please click here
0
Cisco goes all in on WiFi 6
Cisco has taken the wraps off a family of WiFi 6 access points, roaming technology and developer-community support all to make wireless a solid enterprise equal with the wired world.“Best-effort’ wireless for enterprise customers doesn’t cut it any more. There’s been a change in customer expectations that there will be an uninterrupted unplugged experience,” said Scott Harrell, senior vice president and general manager of enterprise networking at Cisco. “It is now a wired first world.” More about 802.11ax (Wi-Fi 6) Why 802.11ax is the next big thing in wireless FAQ: 802.11ax Wi-Fi Wi-Fi 6 (802.11ax) is coming to a router near you Wi-Fi 6 with OFDMA opens a world of new wireless possibilities 802.11ax preview: Access points and routers that support Wi-Fi 6 are on tap Bringing a wired first enterprise world together is one of the drivers behind a new family of WiFi 6-based access points (AP) for Cisco’s Catalyst and Meraki portfolios. WiFi 6 (802.11ax) is designed for high-density public or private environments. But it also will be beneficial in internet of things (IoT) deployments, and in offices that use bandwidth-hogging applications like videoconferencing.To read this article in full, please click here
0
Venerable Cisco Catalyst 6000 switches ousted by new Catalyst 9600
Few events in the tech industry are truly transformative, but Cisco’s replacement of its core Catalyst 6000 family could be one of those actions for customers and the company.Introduced in 1999, iterations of the Catalyst 6000 have nestled into the core of scores of enterprise networks, with the model 6500 becoming the company’s largest selling box ever. Learn about edge networking How edge networking and IoT will reshape data centers Edge computing best practices How edge computing can help secure the IoT It goes without question that migrating these customers alone to the new switch – the Catalyst 9600 which the company introduced today – will be of monumental importance to Cisco as it looks to revamp and continue to dominate large campus-core deployments. The first Catalyst 9000, introduced in June 2017, is already the fastest ramping product line in Cisco’s history.To read this article in full, please click here
0
Cisco: DNSpionage attack adds new tools, morphs tactics
The group behind the Domain Name System attacks known as DNSpionage have upped their dark actions with new tools and malware to focus their attacks and better hide their activities. Cisco Talos security researchers, who discovered DNSpionage in November, this week warned of new exploits and capabilities of the nefarious campaign. More about DNS: DNS in the cloud: Why and why not DNS over HTTPS seeks to make internet use more private How to protect your infrastructure from DNS cache poisoning ICANN housecleaning revokes old DNS security key “The threat actor's ongoing development of DNSpionage malware shows that the attacker continues to find new ways to avoid detection. DNS tunneling is a popular method of exfiltration for some actors and recent examples of DNSpionage show that we must ensure DNS is monitored as closely as an organization's normal proxy or weblogs,” Talos wrote. “DNS is essentially the phonebook of the internet, and when it is tampered with, it becomes difficult for anyone to discern whether what they are seeing online is legitimate.”To read this article in full, please click here
0
Cisco: DNSpionage attack adds new tools, morphs tactics
The group behind the Domain Name System attacks known as DNSpionage have upped their dark actions with new tools and malware to focus their attacks and better hide their activities. Cisco Talos security researchers, who discovered DNSpionage in November, this week warned of new exploits and capabilities of the nefarious campaign. More about DNS: DNS in the cloud: Why and why not DNS over HTTPS seeks to make internet use more private How to protect your infrastructure from DNS cache poisoning ICANN housecleaning revokes old DNS security key “The threat actor's ongoing development of DNSpionage malware shows that the attacker continues to find new ways to avoid detection. DNS tunneling is a popular method of exfiltration for some actors and recent examples of DNSpionage show that we must ensure DNS is monitored as closely as an organization's normal proxy or weblogs,” Talos wrote. “DNS is essentially the phonebook of the internet, and when it is tampered with, it becomes difficult for anyone to discern whether what they are seeing online is legitimate.”To read this article in full, please click here
0
Cisco warns WLAN controller, 9000 series router and IOS/XE users to patch urgent security holes
Cisco this week issued 31 security advisories but direct customer attention to “critical” patches for its IOS and IOS XE Software Cluster Management and IOS software for Cisco ASR 9000 Series routers. A number of vulnerabilities also need attention if customers are running Cisco Wireless LAN Controllers.The first critical patch has to do with a vulnerability in the Cisco Cluster Management Protocol (CMP) processing code in Cisco IOS and Cisco IOS XE Software that could allow an unauthenticated, remote attacker to send malformed CMP-specific Telnet options while establishing a Telnet session with an affected Cisco device configured to accept Telnet connections. An exploit could allow an attacker to execute arbitrary code and obtain full control of the device or cause a reload of the affected device, Cisco said.To read this article in full, please click here
0
Cisco warns WLAN controller, 9000 series router and IOS/XE users to patch urgent security holes
Cisco this week issued 31 security advisories but direct customer attention to “critical” patches for its IOS and IOS XE Software Cluster Management and IOS software for Cisco ASR 9000 Series routers. A number of vulnerabilities also need attention if customers are running Cisco Wireless LAN Controllers.The first critical patch has to do with a vulnerability in the Cisco Cluster Management Protocol (CMP) processing code in Cisco IOS and Cisco IOS XE Software that could allow an unauthenticated, remote attacker to send malformed CMP-specific Telnet options while establishing a Telnet session with an affected Cisco device configured to accept Telnet connections. An exploit could allow an attacker to execute arbitrary code and obtain full control of the device or cause a reload of the affected device, Cisco said.To read this article in full, please click here
0
Cisco Talos details exceptionally dangerous DNS hijacking attack
Security experts at Cisco Talos have released a report detailing what it calls the “first known case of a domain name registry organization that was compromised for cyber espionage operations.”Talos calls ongoing cyber threat campaign “Sea Turtle” and said that state-sponsored attackers are abusing DNS to harvest credentials to gain access to sensitive networks and systems in a way that victims are unable to detect, which displays unique knowledge on how to manipulate DNS, Talos stated. More about DNS: DNS in the cloud: Why and why not DNS over HTTPS seeks to make internet use more private How to protect your infrastructure from DNS cache poisoning ICANN housecleaning revokes old DNS security key By obtaining control of victims’ DNS, the attackers can change or falsify any data on the Internet, illicitly modify DNS name records to point users to actor-controlled servers; users visiting those sites would never know, Talos reported. To read this article in full, please click here
0
Cisco Talos details exceptionally dangerous DNS hijacking attack
Security experts at Cisco Talos have released a report detailing what it calls the “first known case of a domain name registry organization that was compromised for cyber espionage operations.”Talos calls ongoing cyber threat campaign “Sea Turtle” and said that state-sponsored attackers are abusing DNS to harvest credentials to gain access to sensitive networks and systems in a way that victims are unable to detect, which displays unique knowledge on how to manipulate DNS, Talos stated. More about DNS: DNS in the cloud: Why and why not DNS over HTTPS seeks to make internet use more private How to protect your infrastructure from DNS cache poisoning ICANN housecleaning revokes old DNS security key By obtaining control of victims’ DNS, the attackers can change or falsify any data on the Internet, illicitly modify DNS name records to point users to actor-controlled servers; users visiting those sites would never know, Talos reported. To read this article in full, please click here
0
What SDN is and where it’s going
Hardware reigned supreme in the networking world until the emergence of software-defined networking (SDN), a category of technologies that separate the network control plane from the forwarding plane to enable more automated provisioning and policy-based management of network resources.SDN's origins can be traced to a research collaboration between Stanford University and the University of California at Berkeley that ultimately yielded the OpenFlow protocol in the 2008 timeframe. [Learn more about the difference between SDN and NFV. Get regularly scheduled insights by signing up for Network World newsletters] OpenFlow is only one of the first SDN canons, but it's a key component because it started the networking software revolution. OpenFlow defined a programmable network protocol that could help manage and direct traffic among routers and switches no matter which vendor made the underlying router or switch. To read this article in full, please click here
0
Gov’t warns on VPN security bug in Cisco, Palo Alto, F5, Pulse software
The Department of Homeland Security has issued a warning that some VPN packages from Cisco, Palo Alto, F5 and Pusle may improperly secure tokens and cookies, allowing nefarious actors an opening to invade and take control over an end user’s system. The DHS’s Cybersecurity and Infrastructure Security Agency (CISA) warning comes on the heels of a notice from Carnegie Mellon's CERT that multiple VPN applications store the authentication and/or session cookies insecurely in memory and/or log files.To read this article in full, please click here
0
Gov’t warns on VPN security bug in Cisco, Palo Alto, F5, Pulse software
The Department of Homeland Security has issued a warning that some VPN packages from Cisco, Palo Alto, F5 and Pusle may improperly secure tokens and cookies, allowing nefarious actors an opening to invade and take control over an end user’s system. The DHS’s Cybersecurity and Infrastructure Security Agency (CISA) warning comes on the heels of a notice from Carnegie Mellon's CERT that multiple VPN applications store the authentication and/or session cookies insecurely in memory and/or log files.To read this article in full, please click here
0
Gov’t warns on VPN security bug in Cisco, Palo Alto, F5, Pulse software
The Department of Homeland Security has issued a warning that some VPN packages from Cisco, Palo Alto, F5 and Pulse may improperly secure tokens and cookies, allowing nefarious actors an opening to invade and take control over an end user’s system. The DHS’s Cybersecurity and Infrastructure Security Agency (CISA) warning comes on the heels of a notice from Carnegie Mellon's CERT that multiple VPN applications store the authentication and/or session cookies insecurely in memory and/or log files.To read this article in full, please click here
0
Gov’t warns on VPN security bug in Cisco, Palo Alto, F5, Pulse software
The Department of Homeland Security has issued a warning that some VPN packages from Cisco, Palo Alto, F5 and Pulse may improperly secure tokens and cookies, allowing nefarious actors an opening to invade and take control over an end user’s system. The DHS’s Cybersecurity and Infrastructure Security Agency (CISA) warning comes on the heels of a notice from Carnegie Mellon's CERT that multiple VPN applications store the authentication and/or session cookies insecurely in memory and/or log files.To read this article in full, please click here
0
Cisco taps into AWS for data center, cloud applications
Cisco has released a cloud-service program on its flagship software-defined networking (SDN) software that will let customers manage and secure applications running in the data center or in Amazon Web Service cloud environments.The service, Cisco Cloud ACI (application centric infrastructure) for AWS lets users configure inter-site connectivity, define policies and monitor the health of network infrastructure across hybrid environments, Cisco said.[ Check out What is hybrid cloud computing and learn what you need to know about multi-cloud. | Get regularly scheduled insights by signing up for Network World newsletters. ] Specifically, this connectivity includes an "underlay network for IP reachability (IPsec VPN) over the Internet, or through AWS Direct Connect; an overlay network between the on-premises and cloud sites that runs BGP EVPN [Ethernet VPN] as its control plane and uses Virtual Extensible LAN (VXLAN) encapsulation and tunneling as its data plane,” Cisco says.To read this article in full, please click here
0
Cisco taps into AWS for data center, cloud applications
Cisco has released a cloud-service program on its flagship software-defined networking (SDN) software that will let customers manage and secure applications running in the data center or in Amazon Web Service cloud environments.The service, Cisco Cloud ACI (application centric infrastructure) for AWS lets users configure inter-site connectivity, define policies and monitor the health of network infrastructure across hybrid environments, Cisco said.[ Check out What is hybrid cloud computing and learn what you need to know about multi-cloud. | Get regularly scheduled insights by signing up for Network World newsletters. ] Specifically, this connectivity includes an "underlay network for IP reachability (IPsec VPN) over the Internet, or through AWS Direct Connect; an overlay network between the on-premises and cloud sites that runs BGP EVPN [Ethernet VPN] as its control plane and uses Virtual Extensible LAN (VXLAN) encapsulation and tunneling as its data plane,” Cisco says.To read this article in full, please click here
0
Cisco, Google reenergize multi-cloud/hybrid cloud joint development work
Cisco and Google have expanded their joint cloud development activities to help customers more easily build secure multicloud and hybrid applications everywhere from on-premises data centers to public clouds.[Check out what hybrid cloud computing is and learn what you need to know about multi-cloud. Get regularly scheduled insights by signing up for Network World newsletters] The expansion centers around Google’s new open-source hybrid cloud package called Anthos, which was introduced at the company’s Google Next event this week. Anthos is based on – and supplants – the company's existing Google Cloud Service beta. Anthos will let customers run applications, unmodified, on existing on-premises hardware or in the public cloud and will be available on Google Cloud Platform (GCP) with Google Kubernetes Engine (GKE), and in data centers with GKE On-Prem, the company says. Anthos will also let customers for the first time manage workloads running on third-party clouds such as AWS and Azure from the Google platform without requiring administrators and developers to learn different environments and APIs, Google said. To read this article in full, please click here
0
Cisco, Google reenergize multicloud/hybrid cloud joint development
Cisco and Google have expanded their joint cloud-development activities to help customers more easily build secure multicloud and hybrid applications everywhere from on-premises data centers to public clouds.[Check out what hybrid cloud computing is and learn what you need to know about multi-cloud. Get regularly scheduled insights by signing up for Network World newsletters] The expansion centers around Google’s new open-source hybrid cloud package called Anthos, which was introduced at the company’s Google Next event this week. Anthos is based on – and supplants – the company's existing Google Cloud Service beta. Anthos will let customers run applications, unmodified, on existing on-premises hardware or in the public cloud and will be available on Google Cloud Platform (GCP) with Google Kubernetes Engine (GKE), and in data centers with GKE On-Prem, the company says. Anthos will also let customers for the first time manage workloads running on third-party clouds such as AWS and Azure from the Google platform without requiring administrators and developers to learn different environments and APIs, Google said. To read this article in full, please click here
0
Juniper opens SD-WAN service for the cloud
Juniper has taken the wraps off a cloud-based SD-WAN service it says will ease the management and bolster the security of wired and wireless-connected branch office networks.The Contrail SD-WAN cloud offering expands on the company’s existing on-premise (SRX-based) and virtual (NFX-based) SD-WAN offerings to include greater expansion possibilities – up to 10,000 spoke-attached sites and support for more variants of passive redundant hybrid WAN links – and topologies such as hub and spoke, partial, and dynamic full mesh, Juniper stated. To read this article in full, please click here