Archive

Category Archives for "Security"

Research: Toward new possibilities in threat management – PWC

Report derived from annual Global State of Information Security® performed by PWC.

Good for managers and executives who can ‘t speak technology to introduce them to the ideas around cloud-based data analytics and how its taking over the security infrastructure market.

When it comes to threat intelligence and information sharing, the cloud platform provides a centralized foundation for constructing, integrating and accessing a modern threat program.

See what I mean. Obvious stuff.

This graphic stood out because it highlights that lack of real IT Security tools in place.

Screenshot of Safari 28 03 2017 13 48 22

Few capabilities are more fundamental to proactive threat intelligence than real-time monitoring and analytics. This year, more than half (51%) of respondents say they actively monitor and analyze threat intelligence to help detect risks and incidents.

Wowser. More than half, that’s real progress!!!

Its a good read for about 10 mins and worth passing into the higher layers. They might learn something.

Link: Key Findings from The Global State of Information Security® Survey 2017 – PWC http://www.pwc.com/gx/en/issues/cyber-security/information-security-survey/assets/gsiss-report-cybersecurity-privacy-possibilities.pdf

The post Research: Toward new possibilities in threat management – PWC appeared first on EtherealMind.

Don’t Leave Features Lying Around

Many years ago, when multicast was still a “thing” everyone expected to spread throughout the Internet itself, a lot of work went into specifying not only IP multicast control planes, but also IP multicast control planes for interdomain use (between autonomous systems). BGP was modified to support IP multicast, for instance, in order to connect IP multicast groups from sender to receiver across the entire ‘net. One of these various efforts was a protocol called the Distance Vector Multicast Routing Protocol, or DVMRP. The general idea behind DVMRP was to extend many of the already well-known mechanisms for signaling IP multicast with interdomain counterparts. Specifically, this meant extending IGMP to operate across provider networks, rather than within a single network.

As you can imagine, one problem with any sort of interdomain effort is troubleshooting—how will an operator be able to troubleshoot problems with interdomain IGMP messages sources from outside their network? There is no way to log into another provider’s network (some silliness around competition, I would imagine), so something else was needed. Hence the idea of being able to query a router for information about its connected interfaces, multicast neighbors, and other information, was written up in draft-ietf-idmr-dvmrp-v3-11 (which Continue reading

Configuring Microsoft NPS for Aerohive 802.1X Authentication

This post is a starting point for anyone who wants to use 802.1X authentication with Aerohive APs and Microsoft NPS. I will provide configuration screen shots for both of Aerohive’s management platforms and for NPS running on Microsoft Windows 2008 Server. It is not intended to be an exhaustive guide, but should be a decent starting point. Every implementation will be different in some respect, and some of these steps may not be the exact manner in which you configure Microsoft NPS. The steps for Aerohive may also be different depending on what you are trying to accomplish. I’ll make sure to note my particular scenario when appropriate.

Versions Used:

HiveManager Classic/HM6/HMOL – 6.8r7a

HiveManager NG – 11.19.99.0 (March 2017)

Microsoft Windows 2008 Server

Assumptions:

  1. Basic understanding of navigation within the HiveManager Classic and/or NG interface.
  2. No RADIUS objects or user profiles for 802.1X authentication have been configured within HiveManager Classic or NG. If you have already configured some of them, just skip the steps that cover the creation of those objects.
  3. Microsoft NPS is installed and a server certificate for the NPS machine has been issued and installed.

Scenario

Company XYZ wants to authenticate Continue reading

Cisco IOS and IOS XE Software Cluster Management Protocol Remote Code Execution Vulnerability

Serious and easily exploited flaws in older Cisco IOS software. Commonly used, but old, switches used for Campus and SME Data Centres. Serious problem.

Thoughts:

  • Demonstrates how older Cisco devices are fundamentally insecure.
  • Cisco wasn’t focussed on security back then. They were happy if it even worked properly.
  • Cisco was slow to adopt SSH in IOS because customers weren’t asking for it. Microsoft should shoulder a lot of blame for not including an SSH client and we slowed operational adoption 1 (seriously, getting putty installed in many enterprises was a major problem)
  • Cisco has responded promptly and professionally to offer fix.
  • Customers should replace most of this kit, not fix it. You can expect many more security flaws in these NOS’s because security was a minor design issue for Cisco at that time.

The Cluster Management Protocol utilizes Telnet internally as a signaling and command protocol between cluster members. The vulnerability is due to the combination of two factors

  • The failure to restrict the use of CMP-specific Telnet options only to internal, local communications between cluster members and instead accept and process such options over any Telnet connection to an affected device, and
  • The incorrect processing of malformed CMP-specific Telnet Continue reading

Technology Short Take #80

Welcome to Technology Short Take #80! This post is a week late (I try to publish these every other Friday), so my apologies for the delay. However, hopefully I’ve managed to gather together some articles with useful information for you. Enjoy!

Networking

  • Biruk Mekonnen has an introductory article on using Netmiko for network automation. It’s short and light on details, but it does provide an example snippet of Python code to illustrate what can be done with Netmiko.
  • Gabriele Gerbino has a nice write-up about Cisco’s efforts with APIs; his article includes a brief description of YANG data models and a comparison of working with network devices via SSH or via API.
  • Giuliano Bertello shares why it’s important to RTFM; or, how he fixed an issue with a Cross-vCenter NSX 6.2 installation caused by duplicate NSX Manager UUIDs.
  • Andrius Benokraitis provides a preview of some of the networking features coming soon in Ansible 2.3. From my perspective, Ansible has jumped out in front in the race among tools for network automation; I’m seeing more coverage and more interest in using Ansible for network automation.
  • Need to locate duplicate MAC addresses in your environment, possibly caused by cloning Continue reading

Video: Software Secures the World

Martin Casado doesn’t have a proper job since he left VMware. This gives him times to think deeply about the future of IT security as part of his role of wasting investors money at A16Z and considering where the next advances or futures will be. This video makes a lot of sense to me.

Once upon a time, we thought of security measures as being built like a wall around a medieval city. Then, as threats grew in complexity, we began to think of it more like securing a city or nation-state. Finally, security grew alike to aerial warfare — mobile, quick, wide-ranging. Each of these new modes for thinking about security represented a major misalignment between the security threats that had evolved and our strategies/tactics for dealing with them.
Now we are once again at another such major misalignment — thanks largely to the cloud and new complexity — requiring both a shift in how we think about and respond to threats. But we also have security “overload” given the vast size of our systems and scale of notifications.
How do security threats develop? How should CEOs and CSOs think of planning for them? What role will AI and Continue reading

ARP, ARP Inspection, ARP Types and Deployment Considerations

Layer 2 security –  ARP and ARP Inspection   Introduction   This article is the second of our layer 2 attacks identification and mitigation techniques series, which will be a part of a bigger series discussing Security Infrastructure. Dynamic ARP Inspection relies on DHCP snooping technology explained in the previous article. It’s strongly recommended to […]

The post ARP, ARP Inspection, ARP Types and Deployment Considerations appeared first on Cisco Network Design and Architecture | CCDE Bootcamp | orhanergun.net.

Pranksters gonna prank

So Alfa Bank (the bank whose DNS traffic link it to trump-email.com) is back in the news with this press release about how in the last month, hackers have spoofed traffic trying to make it look like there's a tie with Trump. In other words, Alfa claims these packets are trying to frame them for a tie with Trump now, and thus (by extension) it must've been a frame last October.

There is no conspiracy here: it's just merry pranksters doing pranks (as this CNN article quotes me).

Indeed, among the people pranking has been me (not the pranks mentioned by Alfa, but different pranks). I ran a scan sending packets from IP address to almost everyone one the Internet, and set the reverse lookup to "mail1.trumpemail.com".



Sadly, my ISP doesn't allow me to put hyphens in the name, so it's not "trump-email.com" as it should be in order to prank well.

Geeks gonna geek and pranksters gonna prank. I can imagine all sorts of other fun pranks somebody might do in order to stir the pot. Since the original news reports of the AlfaBank/trump-email.com connection last year, we have to assume any further data Continue reading

F5 BIG-IP Plugin with Firefox 52 workaround

It’s not news anymore that Mozilla is stopping support for NPAPI (Netscape Plugin API). With the release of Firefox 52 version, I believe that only Flash plugin is enabled by default.

I’ll skip the discussion about NPAPI plugins and Mozilla’s decision to stop the support, however the reality is that for me it has a strong impact in certain areas. One of this areas is the F5 BIG-IP, specifically the APM and possibility to launch Application (like RDP) from the Webtop interface.

I’m relying heavily on a F5 BIG-IP VE machine to connect to my home lab when I’m remote. The Webtop functionality gives me the possibility to use only a Browser to connect to my applications at home, keeping me away from any F5 client installation on the machine that I use. Usually this machine is my MacBook or PC, and the F5 client installation should not be a big thing, however I like the clientless option.

The F5 Webtop functionality is possible due to a NPAPI plugin called “F5 Network Host Plugin” which usually installs in the browser when you access the F5 APM. So yes, you still need to install something, but this browser plugin is Continue reading

Layer 2 security – DHCP Details, DHCP Snooping

Layer 2 security – DHCP Details, DHCP Snooping  Introduction   This article is the first of a series explaining layer 2 attacks identification and mitigation techniques, which will be a part of a bigger series discussing Security Infrastructure.   We will be discussing the most common attacks and how to mitigate them; but more important, […]

The post Layer 2 security – DHCP Details, DHCP Snooping appeared first on Cisco Network Design and Architecture | CCDE Bootcamp | orhanergun.net.

1 127 128 129 130 131 181