Time to Consider User Behavior Analytics (UBA)

In 2012, I did an extension research project on big data security analytics. My thesis was that big data tools like Hadoop, Mahout, MapReduce, and Pig would greatly enhance in-depth historical cybersecurity investigations beyond anything provided by SIEM tools. In retrospect, I believe my assumptions were correct, but the market remains in an early stage of development even today. While general use of big data security analytics is still in its genesis phase, there appears to be an increasingly popular use case in cybersecurity: User Behavior Analytics (UBA). UBA is roughly defined as the analysis of all activities related to individual users, covering devices, processes, applications, network sessions, and data consumed and utilized. UBA builds a data analytics model where all log files, endpoint and network forensics, authentication requests, and data access actions are aligned with individual users themselves. To read this article in full or to leave a comment, please click here

Critical vulnerabilities patched in Magento e-commerce platform

If you're running an online shop based on the Magento e-commerce platform, it's a good idea to update it as soon as possible. The latest patches fix critical vulnerabilities that could allow attackers to hijack administrative accounts.One issue was discovered by researchers from Web security firm Sucuri and stems from improper validation of email addresses in the customer registration form.The flaw allows a malicious user to include JavaScript code in the email field, leading to a so-called stored cross-site scripting (XSS) attack. The JavaScript code is saved along with the form and is triggered when the user account is listed in the website's back-end panel.To read this article in full or to leave a comment, please click here

Securing BGP: A Case Study (1)

What would it take to secure BGP? Let’s begin where any engineering problem should begin: what problem are we trying to solve?

In this network—in any collection of BGP autonomous systems—there are three sorts of problems that can occur at the AS level. For the purposes of this explanation, assume AS65000 is advertising 2001:db8:0:1::/64. While I’ve covered this ground before, it’s still useful to outline them:

1. AS65001 could advertise 2001:db8:0:1::/64 as if it is locally attached. This is considered a false origination, or a hijacked route.
2. AS65001 could advertise a route to 2001:db8:0:1::/64 with the AS path [65000,65001] to AS65003. This is another form of route hijacking, but instead of a direct hijack it’s a “one behind” attack. AS65001 doesn’t pretend to own the route in question, but rather to be connected to the AS that is originating the route.
3. AS65000 could consider AS65003 a customer, or rather AS65003 might be purchasing Internet connectivity from AS65000. This would mean that any routes AS65000 advertises to AS65003 are not intended to be retransmitted back to AS65004. If, for instance, 2001:db8:0:1::/64, is advertised by AS65000 to AS65003, and AS65003 readvertises it to AS65004, AS65003 would be an unintentional transit AS in the Continue reading

A Threatening Situation

CISOs should take security training seriously

In many ways, security awareness training exemplifies the way information security is seen and tackled by senior management.A once-a-year, classroom-based approach may be traditional, with security updates and warnings posted on walls and the Intranet, but it is also a sign of a tick-box, compliance-driven approach to security. It is often done to appease industry regulators, PCI and data protection authorities, and the training can offer relatively basic – arguably condescending- advice.But times are changing. The threat landscape is growing with the arrival of millions of mobiles and wearables, each with their own IP address, while organized crime and nation-state APT groups are looking at new ways of compromising victims. From exploit kits and Trojans to ransomware, phishing and social engineering scams – the criminal game has moved on.To read this article in full or to leave a comment, please click here

Telephonic DoS a smokescreen for cyberattack on Ukrainian utility

The late December telephonic denial-of-service attack against a Ukrainian power company was a smokescreen to cover up a cyber attack, experts say."This is one of the more common reasons why these attacks are done," said Rene Paap, product marketing manager at security vendor A10 Networks.According to Paap, telephonic DoS attacks have been around for a while, but don't get as much attention as the big DDoS attacks.Just like a regular DDoS attack, telephonic DoS works by overwhelming the victim's call center with so many fake phone calls that legitimate calls can't get through.[ ALSO ON CSO: Ukrainian power companies are getting hit with more cyberattacks ]To read this article in full or to leave a comment, please click here

8 Networking Vendors Catching Fire In 2016

Channel Bonding In WiFi: Rules And Regulations

New products of the week 1.25.2016

New products of the weekOur roundup of intriguing new products. Read how to submit an entry to Network World's products of the week slideshow.Actifio Global ManagerKey features: AGM is a web-scale data virtualization solution delivering instant access and radically simple management of application data for business resiliency and test data management across private, public, and hybrid cloud. More info.To read this article in full or to leave a comment, please click here

New products of the week 1.25.2016

New products of the weekOur roundup of intriguing new products. Read how to submit an entry to Network World's products of the week slideshow.Actifio Global ManagerKey features: AGM is a web-scale data virtualization solution delivering instant access and radically simple management of application data for business resiliency and test data management across private, public, and hybrid cloud. More info.To read this article in full or to leave a comment, please click here

REVIEW: Cyphort makes advanced threat protection easier than ever

Over the past few months, we’ve reviewed a variety of cutting-edge security tools that combat advanced persistent threats (APTs); everything from threat intelligence to virtual sandboxing to privileged identity management. And while all of these programs have been powerful, they all had varying degrees of complexity when it came to usability and customization.To read this article in full or to leave a comment, please click here(Insider Story)

Whatever Happened to “Do No Harm”?

A long time ago in a podcast far, far away one of the hosts saddled his pony unicorn and started explaining how stateful firewalls work:

Stateful firewall is a way to imply trust… because it’s possible to hijack somebody’s flows […] and if the application changes its port numbers… my source port changes when I’m communicating with my web server - even though I’m connected to port 80, my source port might change from X to Y. Once I let the first one through, I need to track those port changes […]

WAIT, WHAT? Was that guy really trying to say “someone can change a source port number of an established TCP session”?

Facebook to set up second data center in Europe

Facebook is setting up a data center in Clonee, Ireland, which will be its sixth in the world and its second outside the U.S.The new data center will be equipped with servers and storage from the Open Compute Project, a Facebook initiative that shares designs as open source with other data center operators to standardize and drive down the costs of equipment."We will outfit this data center with the latest OCP server and storage hardware, including Yosemite for compute," Facebook's Vice President of Engineering, Jay Parikh said in a post on the social networking website. Yosemite is an open source modular chassis for high-powered microservers, designed by Facebook.To read this article in full or to leave a comment, please click here

What is open networking?

Saying ‘open networking’ is a little like saying ‘SDN’.  Without context, it can mean almost anything.  Some argue it’s more around options on platforms while others believe it’s more to do with software.  When I think about open networking, I think about these main points…

Generic Platforms – White box switches are all the rage these days and for good reason.  A white box switch gives you the option to run a variety of different software platforms on generic hardware.  This means you don’t need to buy a piece of proprietary hardware to run your proprietary software on. The net result here is that vendor lock in goes away.  It also means that you don’t need to wait years and years to buy new hardware to get new software.  

Linux – Linux is used EVERYWHERE.  As it turns out, it’s already used quite extensively in networking platforms, but not how you might imagine.  Most networking vendors use a highly customized version of Linux and the Linux kernel.  The reason for this is simple – Linux wasn’t built for networking.  Long story short, traditional network vendors had to modify the Continue reading

Learning to Love Codenames

One of the things I struggled with when starting at a vendor was dealing with project codenames. There is no secret decoder ring – you have to learn the names the hard way. I couldn’t understand why descriptive names weren’t used. It took a while, but I’ve come to understand the reasoning behind the obscure names now. It’s still a stretch to say I ‘love’ them, but I can at least understand them now.

Naming Standards & Bikeshedding

When I started my professional career, it was common to name servers using things like Greek & Roman Gods, or Star Wars characters. Billing might run on Apollo, while Medusa was used for third-party connections.

This is fine for 5-10 servers, but clearly doesn’t scale. I’ve wasted many long and pointless hours in server naming “bikeshedding” discussions. Grumpy old sysadmins would argue that it was far easier to remember names like Bert & Ernie than web01/web02. The Young Turks saw that as a way of hoarding knowledge. It seemed to deliberately make it more difficult for newcomers/outsiders. They preferred descriptive names that gave some indication of what the system was doing, where it was located, etc.

Arguments went back and forth, then virtualisation came Continue reading

Single group of hackers targets Uyghur, Tibetan activists

A years-long campaign of seemingly disparate cyberattacks against Tibetan and Uyghur activists likely comes from a single group of hackers, according to a seven-month study by Palo Alto Networks.The computer security company also concluded that the information stolen by the group, nicknamed Scarlet Mimic, would be of little interest to entities other than a nation-state."The majority of attacks we identified were targeting Uyghurs or Tibetans or advocates thereof," Olson said.Several other security companies, including Kaspersky Lab and Trend Micro, and Citizen Lab, part of the University of Toronto, have studied attacks against the activist groups, which have long been at odds with the Chinese government. Palo Alto's report noted, however, that it did not have direct evidence linking the attacks to China.To read this article in full or to leave a comment, please click here

SDN and Network Automation: Splitting Hairs?

At the recent Network Field Day 11, there were several discussions at the Cisco offices after the Cisco folks left the room. One of these discussions, led by Terry Slattery, was centered around SDN, and I think it’s worth a listen/watch (only about 20 minutes):

In this video, I made the argument that SDN should be limited to a very specific definition, which eliminates the management plane from the conversation entirely (around 5:40).

I am in full agreement that the term SDN, or “software-defined __ “ is at this point totally meaningless. It means so many things to so many different people, and predictably, this conversation ended with just as much confusion about SDN as when we started. So, to try to “define” SDN seems pointless, and smells of hair-splitting, but I do this for a very specific reason.

Splitting Hairs

To me, SDN and network automation are two totally different things, yet they almost always get lumped together in conversations. Normally I wouldn’t try to remedy this, but since one of these things is a practical thing to do for many organizations, I want to offer up a different way of thinking about this.

First off, you Continue reading

BGP Design Case Study

Below BGP design case study is taken from the Orhan Ergun’s CCDE Practical Workbook.In the new version of the workbook there are more than 50 case studies are shared for many technologies. If you are in the network design field or want to learn about it,don’t miss the book. Scenario : Network A is a customer […]

The post BGP Design Case Study appeared first on Cisco Network Design and Architecture | CCDE Bootcamp | orhanergun.net.

BGP Design Case Study

Below BGP design case study is taken from the Orhan Ergun’s CCDE Practical Workbook.In the new version of the workbook there are more than 50 case studies are shared for many technologies. If you are in the network design field or want to learn about it,don’t miss the book. Scenario : Network A is a customer […]

The post BGP Design Case Study appeared first on Orhanergun.

Put a password on your webcam or end up featured on Shodan’s vulnerable cam feed

Don't you hate it when people want to kill the messenger instead of address the problems highlighted in the message?This time the messenger is Shodan, as the IoT search engine added a new section featuring vulnerable webcams. Ars Technica reported, "The feed includes images of marijuana plantations, back rooms of banks, children, kitchens, living rooms, garages, front gardens, back gardens, ski slopes, swimming pools, colleges and schools, laboratories, and cash register cameras in retail stores."To read this article in full or to leave a comment, please click here