A case for cloud privacy brokerage

There is Software-as-a-Service, Disaster Recover-as-a-Service, SECurity-as-a-Service. What's currently missing, and the crux of much cloud-profiting malaise, is PRiVacy-as-a-Service.Cloud Access Security Broker (CASB) software, something that's in the lab right now, does a great job of things like infiltration/exfiltration (read: filtration) of organizational data from SaaS applications. Some do some wicked things as proxies for user apps. The idea is to help keep users honest and prevent organizational assets from jeopardy.But when we-as-civilians do everyday surfing, answering emails and going about our business on the Internet, we're protected at the firewall level as users. Perhaps it's Malwarebytes, or a myiad of client-side security packages. And we admonish people to NEVER open spam, as spam often delivers unbelievably nasty systems attack code, disguised as benign attachments.To read this article in full or to leave a comment, please click here

Will Cisco Shine On?

Digital Lights

Cisco announced their new Digital Ceiling initiative today at Cisco Live Berlin. Here’s the marketing part:

And here’s the breakdown of protocols and stuff:

Funny enough, here’s a presentation from just three weeks ago at Networking Field Day 11 on a very similar subject:

Cisco is moving into Internet of Things (IoT) big time. They have at least learned that the consumer side of IoT isn’t a fun space to play in. With the growth of cloud connectivity and other things on that side of the market, Cisco knows that is an uphill battle not worth fighting. Seems they’ve learned from Linksys and Flip Video. Instead, they are tracking the industrial side of the house. That means trying to break into some networks that are very well put together today, even if they aren’t exactly Internet-enabled.

Digital Ceiling isn’t just about the PoE lighting that was announced today. It’s a framework that allows all other kinds of dumb devices to be configured and attached to networks that have intelligence built in. The Constrained Application Protocol (CoaP) is designed in such a way as to provide data about a great number of devices, not just lights. Yet lights are the launch Continue reading

Junos Conditional Route Advertisement

University network borders tend to be more complicated than those in similarly sized corporate organizations. I recently helped a peer from another university transition from IOS to Junos for border routing. While most of the configuration was straightforward, he required a unique  conditional routing policy. Since I’ve been working with Junos for many years (starting […]

The post Junos Conditional Route Advertisement appeared first on Packet Pushers.

Junos Conditional Route Advertisement

University network borders tend to be more complicated than those in similarly sized corporate organizations. I recently helped a peer from another university transition from IOS to Junos for border routing. While most of the configuration was straightforward, he required a unique  conditional routing policy. Since I’ve been working with Junos for many years (starting […]

The post Junos Conditional Route Advertisement appeared first on Packet Pushers.

‘Unbreakable’ security that wasn’t: True tales of tech hubris

The $30,000 lockImage by Library of CongressEighteenth century British engineer Joseph Bramah invented a lock that, he was sure, could never be picked. He was so sure that he offered 200 guineas (roughly $30,000 today) to anyone who could defeat it. Cris Thomas, a 21st-century strategist at Tenable Network Security, calls this one of the first bug bounties in history. The lock remained seemingly impregnable for more than 67 years, until an American locksmith named Alfred Charles Hobbs defeated it in 1851, prompting a contemporary observer to remark that "the mechanical spirit, however, is never at rest, and if it is lulled into a false state of listlessness in one branch of industry, and in one part of the world, elsewhere it springs up suddenly to admonish and reproach us with our supineness."To read this article in full or to leave a comment, please click here

Arctic Wolf offers SIEM in cloud

Arctic Wolf Networks is trying to address the problem many security techs have of receiving too many false-positive incident alerts to respond to effectively.The company is offering a security service made up of its home-grown SIEM in the cloud backed by security engineers who filter out the security-event noise and trigger alerts only when they come across incidents actually worth investigating further.The company is four years old but just last year started serving up its service – AWN Cyber-SOC - that quickly analyzes security data from a range of other security devices. Brian NeSmithTo read this article in full or to leave a comment, please click here

AttackIQ tests networks for known weaknesses attackers exploit

Startup AttackIQ can run attack scenarios against live networks to see whether the defenses customers think are in place are actually doing their job.The platform, called FireDrill, consists of an agent that is deployed on representative endpoints, and a server that stores attack scenarios and gathers data.The platform’s function is similar to that of another startup SafeBreach. Both companies differ from penetration testing in that they continuously test networks whereas a pen test gives a snapshot in time with large gaps between each snapshot.To read this article in full or to leave a comment, please click here

IBM launches new mainframe with focus on security

A new IBM mainframe includes security hardware to encrypt data without slowing down transactions and can integrate with IBM security software to support secure hybrid-cloud services. Ravi Srinivasan, vice president of strategy and offering management for IBM Security Thanks to an encryption co-processor, the new IBM z13s mainframe offloads encryption and doubles the speed at which previous mainframes could perform transactions, making for faster completion times and lower per-transaction costs, says Ravi Srinivasan, vice president of strategy and offering management for IBM Security.To read this article in full or to leave a comment, please click here

Tim Cook says Apple will oppose court order rather than hack customers

Apple's CEO Tim Cook has reacted sharply to a federal court order in the U.S. that would require the company to help the FBI search the contents of an iPhone 5c seized from Syed Rizwan Farook, one of the terrorists in the San Bernardino, California, attack on Dec. 2.The U.S. government "has demanded that Apple take an unprecedented step which threatens the security of our customers," Cook wrote in an open letter to customers posted on Apple's website on Wednesday. He added that the moment called for a public discussion and he wanted customers and people around the country "to understand what is at stake."To read this article in full or to leave a comment, please click here

Tim Cook says Apple will oppose court order rather than hack customers

Apple's CEO Tim Cook has reacted sharply to a federal court order in the U.S. that would require the company to help the FBI search the contents of an iPhone 5c seized from Syed Rizwan Farook, one of the terrorists in the San Bernardino, California, attack on Dec. 2.The U.S. government "has demanded that Apple take an unprecedented step which threatens the security of our customers," Cook wrote in an open letter to customers posted on Apple's website on Wednesday. He added that the moment called for a public discussion and he wanted customers and people around the country "to understand what is at stake."To read this article in full or to leave a comment, please click here

vBrownBag: Troubleshooting Multicast High Level

For “basic” multicast I have always found that >70% of the problems I troubleshoot end up being the same things over and over and over again.

  1. Missing “trigger” to “pull” the multicast down to the receiver
  2. Multicast Distribution Tree (MDT) not built cause router doesn’t know
    1. WHO the root of the MDT is
    2. WHERE the root of the MDT is
    3. WHAT is the PIM RPF Neighbor toward the root of the MDT

Thank you, vBrownBag for asking me to present this.  :)   It was lots of fun.

When adding a VLAN doesn’t add a VLAN

Vendor: Cisco
Software version: 12.2(33)SXI7
Hardware: 6509-E

So this is a typical stupid question. How do you add VLANs to a trunk?

Assuming you started with a port with default configuration on it, it would be:

 interface
 switchport
 switchport mode trunk
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan
 switchport trunk native vlan

Now, I was interrupted while doing this by someone interjecting and stating categorically, that

 switchport trunk allowed vlan
 ```

Should be:

```
 switchport trunk allowed vlan add
 ```

Not really the way I would do it on a new switchport, but not wanting to hurt feelings I proceeded and saw this:

```
 TEST(config-if)#switchport trunk allowed vlan add 10,20,30
 TEST(config-if)#do show run int gi9/14
 Building configuration...
Current configuration : 279 bytes
 !
 interface GigabitEthernet9/14
 description TEST
 switchport
 switchport trunk encapsulation dot1q
 switchport mode trunk
 shutdown
 storm-control broadcast level 0.50
 storm-control multicast level 0.50
 no cdp enable
 no lldp transmit
 no lldp receive
 end
 ```

To cut a long story short, the switch takes the configuration, but doesn’t apply it. It lead to a lot of head scratching, because you’d think it should work. Switchport state when doing:

```
 show interface gi9/14 trunk
 ```

Shows a state Continue reading

‘Locky’ ransomware, which infects like Dridex, hits the unlucky

A new flavor of ransomware, similar in its mode of attack to the notorious banking software Dridex, is causing havoc with some users.Victims are usually sent via email a Microsoft Word document purporting to be an invoice that requires a macro, or a small application that does some function.Macros are disabled by default by Microsoft due to the security dangers. Users who encounter a macro see a warning if a document contains one.If macros are enabled, the document will run the macro and download Locky to a computer, wrote Palo Alto Networks in a blog post on Tuesday. The same technique is used by Dridex, a banking trojan that steals online account credentials.To read this article in full or to leave a comment, please click here

Apple ordered to assist in unlocking iPhone used by San Bernardino attacker

Apple was ordered Tuesday by a federal judge in California to provide assistance to the FBI to search a locked iPhone 5c that was used by Syed Rizwan Farook, one of the terrorists said to have been involved in an  attack in San Bernardino, California, on Dec. 2.The government's request under a statute called the All Writs Act will likely give a boost to attempts by law enforcement to curb the use of encryption by smartphone vendors.Apple is fighting in a New York federal court a similar move by the Department of Justice to get the company's help in unlocking the iPhone 5s smartphone of an alleged methamphetamine dealer. On Friday, it asked the New York court to give a final order as it has received additional similar requests from law enforcement agencies, and was advised that more such requests could come under the same statute.To read this article in full or to leave a comment, please click here

Some notes on Apple decryption San Bernadino phone

Today, a judge ordered Apple to help the FBI decrypt the San Bernadino shooter's iPhone 5C. Specifically:
  1. disable the auto-erase that happens after 10 bad guesses
  2. enable submitting passcodes at a high speed electronically rather than forcing a human to type them one-by-one
  3. likely accomplish this through a fimware update
The text of the court order almost exactly matches that of the "IOS Security Guide". In other words, while it may look fairly technical, actually the entirety of the technical stuff they are asking is described in one short document.

The problem the FBI is trying to solve is that when guessing passcodes is slow. The user has two options. One option is that every bad guess causes the wait between guesses to get longer and longer, slowing down guessing, forcing an hour between guesses. The other option is to have the phone erase itself after 10 bad guesses. Ether way, it makes guessing the passcode impractical. The FBI is demanding the Apple update the software of the phone to prevent either of these things from happening.

The phone is an iPhone 5C, first released in September 2013, so is quite old. This increases the chance that Continue reading
1 3,068 3,069 3,070 3,071 3,072 3,773