Arctic Wolf offers SIEM in cloud

Arctic Wolf Networks is trying to address the problem many security techs have of receiving too many false-positive incident alerts to respond to effectively.The company is offering a security service made up of its home-grown SIEM in the cloud backed by security engineers who filter out the security-event noise and trigger alerts only when they come across incidents actually worth investigating further.The company is four years old but just last year started serving up its service – AWN Cyber-SOC - that quickly analyzes security data from a range of other security devices. Brian NeSmithTo read this article in full or to leave a comment, please click here

AttackIQ tests networks for known weaknesses attackers exploit

Startup AttackIQ can run attack scenarios against live networks to see whether the defenses customers think are in place are actually doing their job.The platform, called FireDrill, consists of an agent that is deployed on representative endpoints, and a server that stores attack scenarios and gathers data.The platform’s function is similar to that of another startup SafeBreach. Both companies differ from penetration testing in that they continuously test networks whereas a pen test gives a snapshot in time with large gaps between each snapshot.To read this article in full or to leave a comment, please click here

IBM launches new mainframe with focus on security

A new IBM mainframe includes security hardware to encrypt data without slowing down transactions and can integrate with IBM security software to support secure hybrid-cloud services. Ravi Srinivasan, vice president of strategy and offering management for IBM Security Thanks to an encryption co-processor, the new IBM z13s mainframe offloads encryption and doubles the speed at which previous mainframes could perform transactions, making for faster completion times and lower per-transaction costs, says Ravi Srinivasan, vice president of strategy and offering management for IBM Security.To read this article in full or to leave a comment, please click here

Striving For Continuous Network Configuration

25 GbE: Data Center Deployment Scenarios

Running BGP on Servers

Mr. A. Anonymous left this comment on my BGP in the data centers blog post:

BGP is starting to penetrate into servers as well. What are your thoughts on having BGP running from the servers themselves?

Finally some people got it. Also, welcome back to the '90s (see also RFC 1925 section 2.11).

Tim Cook says Apple will oppose court order rather than hack customers

Apple's CEO Tim Cook has reacted sharply to a federal court order in the U.S. that would require the company to help the FBI search the contents of an iPhone 5c seized from Syed Rizwan Farook, one of the terrorists in the San Bernardino, California, attack on Dec. 2.The U.S. government "has demanded that Apple take an unprecedented step which threatens the security of our customers," Cook wrote in an open letter to customers posted on Apple's website on Wednesday. He added that the moment called for a public discussion and he wanted customers and people around the country "to understand what is at stake."To read this article in full or to leave a comment, please click here

Tim Cook says Apple will oppose court order rather than hack customers

Apple's CEO Tim Cook has reacted sharply to a federal court order in the U.S. that would require the company to help the FBI search the contents of an iPhone 5c seized from Syed Rizwan Farook, one of the terrorists in the San Bernardino, California, attack on Dec. 2.The U.S. government "has demanded that Apple take an unprecedented step which threatens the security of our customers," Cook wrote in an open letter to customers posted on Apple's website on Wednesday. He added that the moment called for a public discussion and he wanted customers and people around the country "to understand what is at stake."To read this article in full or to leave a comment, please click here

vBrownBag: Troubleshooting Multicast High Level

For “basic” multicast I have always found that >70% of the problems I troubleshoot end up being the same things over and over and over again.

1. Missing “trigger” to “pull” the multicast down to the receiver
2. Multicast Distribution Tree (MDT) not built cause router doesn’t know
   1. WHO the root of the MDT is
   2. WHERE the root of the MDT is
   3. WHAT is the PIM RPF Neighbor toward the root of the MDT

Thank you, vBrownBag for asking me to present this.     It was lots of fun.

When adding a VLAN doesn’t add a VLAN

Vendor: Cisco
Software version: 12.2(33)SXI7
Hardware: 6509-E

So this is a typical stupid question. How do you add VLANs to a trunk?

Assuming you started with a port with default configuration on it, it would be:

 interface
 switchport
 switchport mode trunk
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan
 switchport trunk native vlan

Now, I was interrupted while doing this by someone interjecting and stating categorically, that

 switchport trunk allowed vlan
 ```

Should be:

```
 switchport trunk allowed vlan add
 ```

Not really the way I would do it on a new switchport, but not wanting to hurt feelings I proceeded and saw this:

```
 TEST(config-if)#switchport trunk allowed vlan add 10,20,30
 TEST(config-if)#do show run int gi9/14
 Building configuration...

Current configuration : 279 bytes
 !
 interface GigabitEthernet9/14
 description TEST
 switchport
 switchport trunk encapsulation dot1q
 switchport mode trunk
 shutdown
 storm-control broadcast level 0.50
 storm-control multicast level 0.50
 no cdp enable
 no lldp transmit
 no lldp receive
 end
 ```

To cut a long story short, the switch takes the configuration, but doesn’t apply it. It lead to a lot of head scratching, because you’d think it should work. Switchport state when doing:

```
 show interface gi9/14 trunk
 ```

Shows a state Continue reading

‘Locky’ ransomware, which infects like Dridex, hits the unlucky

A new flavor of ransomware, similar in its mode of attack to the notorious banking software Dridex, is causing havoc with some users.Victims are usually sent via email a Microsoft Word document purporting to be an invoice that requires a macro, or a small application that does some function.Macros are disabled by default by Microsoft due to the security dangers. Users who encounter a macro see a warning if a document contains one.If macros are enabled, the document will run the macro and download Locky to a computer, wrote Palo Alto Networks in a blog post on Tuesday. The same technique is used by Dridex, a banking trojan that steals online account credentials.To read this article in full or to leave a comment, please click here

Apple ordered to assist in unlocking iPhone used by San Bernardino attacker

Apple was ordered Tuesday by a federal judge in California to provide assistance to the FBI to search a locked iPhone 5c that was used by Syed Rizwan Farook, one of the terrorists said to have been involved in an  attack in San Bernardino, California, on Dec. 2.The government's request under a statute called the All Writs Act will likely give a boost to attempts by law enforcement to curb the use of encryption by smartphone vendors.Apple is fighting in a New York federal court a similar move by the Department of Justice to get the company's help in unlocking the iPhone 5s smartphone of an alleged methamphetamine dealer. On Friday, it asked the New York court to give a final order as it has received additional similar requests from law enforcement agencies, and was advised that more such requests could come under the same statute.To read this article in full or to leave a comment, please click here

Some notes on Apple decryption San Bernadino phone

1. disable the auto-erase that happens after 10 bad guesses
2. enable submitting passcodes at a high speed electronically rather than forcing a human to type them one-by-one
3. likely accomplish this through a fimware update

Craigslist fails to flag most scam rental ads, study finds

Craigslist, the popular online listings service, has waged a long fight against scammers, but a new academic study suggests it's been losing the battle.The study focussed on listings for housing rentals, and found that Craigslist failed to remove a majority of those that were fraudulent.The researchers analyzed two million ads over a five-month period in 2014 and determined that Craigslist had flagged and removed fewer than half the listings that likely weren't genuine.Looking for housing can be stressful, and people are vulnerable to schemes that advertise below-market pricing or ways to get ahead of the rental game.To read this article in full or to leave a comment, please click here

Beating the Bad Guys: Top Cloud Security Tools

Boost your guard! You might need these top cloud security tools.

Network Simulation – Cisco VIRL Now Available in the Cloud

There has been a lot happening around VIRL the last few weeks. A new release of VIRL just got released and today the VIRL team announced that they are adding support for running VIRL in the cloud.

Cisco has chosen to work together with Packet, a bare metal cloud provider. This is how Packet describes themselves.

At Packet, we're out to build a better internet by supercharging the container revolution with smart, API-driven bare metal. Our platform brings the price and performance benefits of bare metal servers to the cloud, powering highly-available performance workloads through a unique, never-congested network.

The following picture summarizes why Cisco has chosen Packet.

Compared to Amazon AWS, Packet is a bare metal cloud provider which means that the resources you rent will be dedicated to you. Packet does not run any hypervisors, meaning that the workloads are not virtualized.

If you have an existing install of VIRL, you can use Terraform by Hashicorp to provision your new VIRL server at Packet. I had never heard of Terraform before, this is how Hashicorp describes Terraform.

Today we announce Terraform, a tool for safely and efficiently building, combining, and launching infrastructure. From  Continue reading

Use Linux? Stop what you’re doing and apply this patch

A buffer-overflow vulnerability uncovered Tuesday in the GNU C Library poses a serious threat to countless Linux users.Dating back to the release of glibc 2.9 in 2008, CVE-2015-7547 is a stack-based buffer overflow bug in the glibc DNS client-side resolver that opens the door to remote code execution when a particular library function is used. Software using the function can be exploited with attacker-controlled domain names, attacker-controlled DNS servers or man-in-the-middle attacks.Glibc, which was also at the core of the "Ghost" vulnerability found last year, is a C library that defines system calls and other basic functions on Linux systems. Its maintainers had apparently been alerted of the new problem last July, but it's not clear if any remediation effort was launched at that time.To read this article in full or to leave a comment, please click here

IBM goes all in on blockchain, offers cloud-based service

IBM is betting big on blockchain secure-records technology taking off beyond its traditional use in bitcoin and other financial transactions. The company is now offering a cloud-based service to allow developers to set up blockchain networks and test and deploy related apps.IBM announced a flurry of blockchain-related initiatives Tuesday, including developer services hosted on its Bluemix cloud. Developers can access DevOps tools to create, deploy and monitor blockchain applications on the IBM cloud, the company said.To read this article in full or to leave a comment, please click here

How Shared Spectrum Can Improve In-Building Cellular

Cisco Says Its Next-Generation Firewall Is More ‘Next-Gen’ Than Yours

Cisco's Firepower is about threat defense.