Understanding Firepower DNS Policies

One cool feature added with Firepower version 6 is probably best described as DNS-based Security Intelligence, Inspection and Sinkholing. The thought is pretty simple. If a host issues a DNS request for a host that is known to be malicious, that response is manipulated. The manipulated response can be host not found, an alternative IP address or no response at all. This allows an administrator to provide another layer of protection by preventing hosts ready access to the IP addresses of known malicious hosts.

So the first question that might come to mind is how are hosts on the Internet classified as bad. The short answer is that Talos maintains lists of known bad fully qualified domain names (fqdn). These are actually categorized and delivered into the Firepower solution as a feed. Each of the following category can be selected into one or multiple DNS Rules.

DNS Feeds and ListsDNS Rule with Categories

  • DNS Attackers
  • DNS Bogons
  • DNS Bots
  • DNS CnC
  • DNS Dga
  • DNS Exploitkit
  • DNS Malware
  • DNS Open_proxy
  • DNS Open_relay
  • DNS Phishing
  • DNS Response
  • DNS Spam
  • DNS Suspicious
  • DNS Tor_exit_node

In addition to the above, there are two built in lists that can be controlled by the UI.

  • Global-Blacklist-for-DNS
  • Global-Whitelist-for-DNS

The final way Continue reading

Nexar, turning your smartphone into a dash cam with crowdsourced smarts

I’ve tested a few dash cams in the last year (for example the Swann DriveEye and the Papago GOSAFE 520) and I’ve been impressed. Even if you’re not planning to capture the next meteor screaming over your town and shattering windows for miles around, it’s a great hedge against fraudulent insurance claims against you and terrific documentation for any road travel incidents you might have. But as with all technology, while there’s a lot of value in point application, when the point data is aggregated and treated as Big Data, amazing opportunities and insights emerge … which is exactly what comes from turning your iPhone into an ultra-sophisticated dash cam with the Nexar app.To read this article in full or to leave a comment, please click here

ADP + Docker Datacenter Delivers Security and Scale for Both Legacy and Microservices Applications

At DockerCon 2016, the second day’s general session featured products and stories related to Docker running in the enterprise. From product demonstrations of integrated security features, to deployment templates to a session featuring Keith Fulton, CTO of ADP, speaking about their evolution to a tech company and how Docker Datacenter enables them to ship faster, securely at scale across apps big and small.

ADP is the largest global provider of cloud based human capital management (HCM) solutions. ADP has over 630,000 clients that span more than 35 million users in over 100 countries. More than just payroll services, ADP delivers solutions across the entire spectrum of HCM for their customers in each one of these areas with right sized versions for SMBs, mid market and large enterprises.

 

 

This breadth and depth of solutions developed over the last 60 years does lead to some complexity in product development. ADP views this as a transition from a services company to a technology company and Docker is the key to future acceleration. Speeding up product development, not just in writing more code faster, but also helping ADP ship the resulting end product faster. Docker enables them to have a common Continue reading

The full-disk encryption protecting your Android can be cracked

If you have an Android device running 5.0 (Lollipop) or later, and powered by a Qualcomm Snapdragon processor, then you should know that a security researcher demonstrated how to crack the full-disk encryption (FDE) with brute-force attacks; the fix is not necessarily as simple as installing new firmware and might require changes to hardware.Full-disk encryption, which is supported on devices running Lollipop on up, is supposed to protect files on the storage drive. Android uses a randomly chosen 128-bit device encryption key which is further encrypted using a user’s PIN, password or swipe pattern. The master key, or Device Encryption Key (DEK), is stored on a user’s device; it is bound to the device’s hardware though Android’s KeyMaster, which runs in the TrustZone. In other words, an attacker should not be able to extract the crypto key for this walled-off and protected section.To read this article in full or to leave a comment, please click here

The full-disk encryption protecting your Android can be cracked

If you have an Android device running 5.0 (Lollipop) or later, and powered by a Qualcomm Snapdragon processor, then you should know that a security researcher demonstrated how to crack the full-disk encryption (FDE) with brute-force attacks; the fix is not necessarily as simple as installing new firmware and might require changes to hardware.Full-disk encryption, which is supported on devices running Lollipop on up, is supposed to protect files on the storage drive. Android uses a randomly chosen 128-bit device encryption key which is further encrypted using a user’s PIN, password or swipe pattern. The master key, or Device Encryption Key (DEK), is stored on a user’s device; it is bound to the device’s hardware though Android’s KeyMaster, which runs in the TrustZone. In other words, an attacker should not be able to extract the crypto key for this walled-off and protected section.To read this article in full or to leave a comment, please click here

Golang: Exercising pointers, interfaces, functions and wrapping

This article is inspired by my somewhat confused learning experience with interfaces, methods and wrapping functions in Golang. Needless to say, there was some serious learning to do here given first of all I was a C junkie then moved swiftly to Python for ease and speed in the networking world. Lots to learn.

Golang

The reason for concentration on Golang? It’s simple, powerful, quick to compile and massively supported with a vibrant community. A little like the film ‘Lock Stock and Two Smoking Barrels’, I take the tenet of ‘guns for show, knives for a pro’ approach with Python and Golang; roughly translating to Python for proof-of-concepts, speed and simple apps, Golang for performance and services. Therefore knowing how interfaces, pointers, types and methods based on types are critical knowledge components!

Show me the code

The code below is an exercise of interfaces, function wrapping, pointers and mixing usage of them all. It does not cover why you might want to do it, so go and learn that yourself. Pointers are great for highly optimised applications and can also save memory if used correctly. With Golang’s garbage collection, worrying about freeing memory is not an issue. Exercise 6 will Continue reading

Automotive cybersecurity; what we don’t hack will probably be used to kill us

Car hacking is not only a “thing” but it's also a thing that’s in its early days and because there’s the potential for exploits with serious and quite possibly life-threatening consequences, automotive cybersecurity is something we should all be very concerned about. Just imagine your own car traveling at speed and having your ability to steer, alter speed, and brake, taken away and then being ransomed to regain control. Charles01 / Wikipedia Chrysler Jeep CherokeeTo read this article in full or to leave a comment, please click here

Automotive cybersecurity; what we don’t hack will probably be used to kill us

Car hacking is not only a “thing” but it's also a thing that’s in its early days and because there’s the potential for exploits with serious and quite possibly life-threatening consequences, automotive cybersecurity is something we should all be very concerned about. Just imagine your own car traveling at speed and having your ability to steer, alter speed, and brake, taken away and then being ransomed to regain control. Charles01 / Wikipedia Chrysler Jeep CherokeeTo read this article in full or to leave a comment, please click here

Meraki MX – URL Filtering

Over the past few days, I’ve spent quite a bit of time looking at some of the advanced capabilities of modern Cisco Firewalls. My most recent testing was done with the Meraki MX 60 cloud managed Firewall product. What I have to say is this is the easiest to configure content filter I’ve ever seen. So I just wanted to take a moment and share what that looks like.Meraki MX Menu

As with all Meraki products, the MX is completely cloud managed. So to manage the device, and administrator must access the Meraki Dashboard. Once authenticated, it is simply necessary to choose Security Appliance then Content Filtering from the menu on the right.

Once on the content filtering page, the policy is self explanatory. The top section is for categories that should be blocked. While the box appears to be a free form entry field, clicking anywhere in the area presents a list of categories to choose from. The bottom section allows for manual whitelisting and blacklisting. To get a better idea on how the match is performed and the format requirements of the block criteria, the “Learn how URL blocking works” link may be selected.

Meraki Content Filtering Page

For those wanting to see the complete category list Continue reading

Worth Reading: Alchemy can’t save Moore’s Law

We don’t have a Moore’s Law problem so much as we have a materials science or alchemy problem. If you believe in materials science, what seems abundantly clear in listening to so many discussions about the end of scale for chip manufacturing processes is that, for whatever reason, the industry as a whole has not done enough investing to discover the new materials that will allow us to enhance or move beyond CMOS chip technology. -The Next Platform

LinkedInTwitterGoogle+Facebook

The post Worth Reading: Alchemy can’t save Moore’s Law appeared first on 'net work.

These solar road panels could turn our world into Tron

Solar Roadways believes the road ahead should be paved with solar panels. The Idaho startup makes hexagonal solar panels that it's trying to get installed on U.S. roads. The goal is to generate enough energy to power homes and businesses, and the panels can even light up to display programmable road markings. It's a lofty idea but the company has gained some early support. Solar Roadways has completed three rounds of testing with the U.S. Department of Transportation and in 2014 it raised over $2 million on Indiegogo. The project has also caught the attention of Missouri's Department of Transportation, which will install the panels, as part of a pilot program, on a sidewalk in front of the Route 66 Welcome Center in Conway. To read this article in full or to leave a comment, please click here

A simple metadata server to run cloud images on standalone libvirt :: KVM Hypervisor

With all the interest in Cloud Computing and virtualization, the OS vendors are providing ever more easier ways to deploy VMs. Most of them now come with cloud images. This makes it really easy for users to deploy VMs with the distro of their choice on a cloud platform like OpenStack or AWS. Here are … Continue reading A simple metadata server to run cloud images on standalone libvirt :: KVM Hypervisor

Book – Unintended Features

Hi everyone,

I have some exciting news to share with you. I’ve been working on a book lately together with Russ White. It’s called Unintended Features – Thoughts on thinking and life as a network engineer. The book is partly based on blog post we have written in the past but also some unique content for the book. The outline of the book is as follows:

So you’ve decided you want to be a network engineer—or you’re already you a network engineer, and you want to be a better engineer, to rise to the top, to be among the best, to… Well, you get the idea. The question is, how do you get from where you are now to where you want to be? This short volume is designed to answer just that question.

This book tries to teach concepts not found in other writings such as thinking more about architecture and seeing patterns in technology and how to stay current in the networking industry. With the rapid pace of the networking industry it seems like we are sipping from the fire hose. How can we prevent this? Isn’t every new technology pretty much an old one with some new Continue reading

1 2,859 2,860 2,861 2,862 2,863 3,853