BRKSEC-2010: Emerging Threats – The State of Cyber Security

Presenter: Craig Williams (@security_craig) – Sr Technical Leader / Security Outreach Manager, Cisco TALOS

I’m from Talos. We love to stop bad guys.

 
Talos by the numbers:

  • 1.1 million incoming malware samples per day
  • 1.5 billion Sender Base reputation queries per day

Talos has a serious amount of data. For serious.

Data is key. It allows generation of real threat intel.

We basically have a bottomless pit of data

Talos vuln dev team:

  • Looking for ways to programmatically find 0-days
  • Takes this research and feeds it back into Cisco to a) make Cisco products more secure and b) generate sigs and threat intel to protect customers

With ransomware, you’re basically funding the malware underground.

Malvertizing:

  • Malicious ads which redirect user to malware and then infects them
  • Kyle & Stan campaign dynamically generated a new .exe every time it was downloaded; prevented matching on the file hash; Cisco AMP can stay on the bleeding edge of this
  • blogs.cisco.com/security/talos/kyle-and-stan

Destructive/Wiper Malware:

  • Targets your data
  • Not just file data, but also seen targetting network devices and wiping their configs
  • Cryptolocker 2.0: uses TOR for C&C; encrypted binary to avoid hash fingerprinting; anti-VM check
  • Cryptolocker 3.0: still Continue reading

North Korea threatens cyber attacks on US

North Korea has responded to a report that it was the target of an unsuccessful Stuxnet-style cyber attack by threatening a cyber attack of its own against the U.S.In an article published in the country’s largest daily newspaper on Tuesday, North Korea said it would wage a cyber war against the U.S. to hasten its ruin. Such bellicose threats are fairly common in North Korean media and aren’t always followed by action, but when it comes to cyber attacks, the country has been blamed for several large attacks in the past.Most have been against South Korea, but the country was also publicly accused by the U.S. government of being behind last year’s devastating attack against Sony Pictures.To read this article in full or to leave a comment, please click here

BRKARC-2032 – Designing for Secure Convergence of Enterprise and PCNs

BRKARC-2032 – Designing for Secure Convergence of Enterprise and Process Control Networks

Presenter: Chuck Stickney, Cisco SE

Handful of OT folks in the room; majority IT.

Convergence Benefits

  • Simplification (common protocols)
  • Reduced Cost
  • Pervasive enablement of features and services


PCN vs Enterprise

  • PCN: peer-to-peer, publish/subscribe model; application defines communication parameters; strict time sync
  • Enterprise: three-tier architecture; session oriented; many-to-one (centralized apps)
  • PCN: short, high-volume messages; localized traffic; delay/jitter sensitive; unreliable transmission; no out of order messages, no retransissions; similar to voice/video (these are problems that IT has solved for years)
  • Enterprise: large messages; remote traffic; delay tolerant; reliable, connection oriented; retransmission, re-ordering

“Layer 2, Layer 3″ are not terms that OT folks understand. IT folks: speak a language your OT folks can understand.

PCN Characteristics

  • Proprietary protocols (Modbus, Profibus, DeviceNet)
  • Incompatibility between systems (connectors, cabling, signals) (think: Ethernet vs Token Ring)
  • Industrial Ethernet: a common data link layer using standard 802.3 components (EtherNet/IP, Modbus/TCP, Profinet)
  • Ethernet/IP: Rockwell; uses Common Industrial Protocol (CIP); implicit, real-time (UDP, mcast port 2222); explicit, non-time critical (tcp port 44818)
  • Profinet: Siemens; IO and non-realtime; IO is Layer 2 only where app layer directly interfaces with MAC layer bypassing layers 3 – 6; non-real time Continue reading

Southern African nations team with Ericsson to develop broadband policies

The Communications and Regulators Association of Southern Africa (CRASA) is teaming up with Ericsson to encourage countries in the region to adopt national broadband policies and lay the groundwork for the growth of Internet services.CRASA serves nations in the Southern African Development Community (SADC), which are generally considered to lack the necessary expertise to formulate policies that could foster the growth of broadband services.In addition to accelerating the deployment of Internet services, CRASA’s initiative, if successful, could curb the high cost of broadband in the region, said Edith Mwale, a telecom analyst at Africa Center for ICT Development.To read this article in full or to leave a comment, please click here

Microsoft fixes buggy browser in Patch Tuesday update

Internet Explorer, always heavily scrutinized by both security researchers and online attackers, has once again gotten the majority of patches in this month’s Microsoft’s Patch Tuesday round of monthly bug fixes.For June, Microsoft issued 8 bulletins, which collectively contain 45 patches. The bulletin for IE alone MS15-06 contains 24 patches, including 20 that cover critical flaws, meaning they should be applied as quickly as possible.Other bulletins cover faults in the Windows operating system, the Office suite, Windows Media Player, Active Directory, and the Exchange Server.To read this article in full or to leave a comment, please click here

Multipath TCP

The Transmission Control Protocol (TCP) is a core protocol of the Internet networking protocol suite. This protocol transforms the underlying unreliable datagram delivery service provided by the IP protocol into a reliable data stream protocol. This protocol was undoubtedly the single greatest transformative moment in the evolution of computer networks. The TCP protocol is now some 40 years old, but that doesn’t mean that it has been frozen over all these years.

Intel to invest $125 million in startups run by women, minorities

To encourage diversity in IT, Intel Capital has established a US$125 million investment program targeted at startups run by women and under-represented minorities.The investment program complements a separate $300 million Intel initiative announced in January whose goal is to bring more women and under-represented minorities into its workforce by 2020.Intel already chose four companies, all of which have diverse work forces, for the first round of investments, totaling $16.7 million. Intel Capital has a pipeline of companies it is looking to fund, said Intel’s CEO Brian Krzanich, during a webcast on Tuesday.Intel has talked about plans to change its capital investment program to make it more accessible for women and minorities. Intel wants to be clearer on funding plans and responsive to funding requests from startups run by women and minorities. The company has also established an advisory board of senior Intel employees to help make funding decisions.To read this article in full or to leave a comment, please click here

iOS 9 could be a step toward saving the tablet market

Earlier this week, I laid out some ideas on what Apple needs to do inject new life into the fading tablet category. It seems that Apple was already on track with at least part of my message. "For many, the iPad is the primary computer," Apple's senior vice president of software engineering Craig Federighi noted at Apple's World Wide Developers Conference keynote yesterday.See also: 5 ways Apple should re-invent the iPad To help out those people, who I think represent the future of the tablet market, the company delivered on a couple of the things I asked for. As many observers expected, Apple announced split screen and picture-in-picture functionality in iOS 9, as well as a new software keyboard that can also work a trackpad. (Personally, the improvements in text selection and movement could be the biggest benefit to using the iPad for real work—I've always found that process frustratingly awkward and inexact.)To read this article in full or to leave a comment, please click here

6 headaches Apple is fixing in iOS 9

Apple’s iOS 9 has plenty of major features to look forward to, such as a more intelligent Siri, transit maps, and, and side-by-side iPad apps. Just as important, however, are the little things—the minor headaches of previous iOS versions that Apple is now getting around to alleviating.+ Read all the news from WWDC +To recap, here are six iPhone and iPad annoyances that will disappear in iOS 9:1. A less-confusing shift key Pop quiz: On the default iOS keyboard, are the letters uppercase when the shift key is gray, or white? Unless you bother to memorize, this issue has likely been a constant source of confusion since iOS 7. (The answer, by the way, is white.) As 9to5Mac notes, hitting shift in iOS 9 will toggle the letters on the keyboard between uppercase and lowercase, so there’s no ambiguity about what you’re about to type.To read this article in full or to leave a comment, please click here

Adobe fixes Flash Player flaws that could lead to info theft, malware attacks

Adobe Systems fixed 13 security issues in Flash Player that could lead to serious attacks, including remote code execution and information disclosure.Users should upgrade to Flash Player 18.0.0.160 for Windows and Mac, Adobe Flash Player 11.2.202.466 for Linux, or Flash Player 13.0.0.292 if they are on the extended support release channel.Users of Internet Explorer on Windows 8.x and Google Chrome on Windows, Linux and Mac will receive the Flash Player update for their respective browser automatically.Adobe also released updates for the AIR runtime on Windows, Mac and Android, as well AIR SDK and Compiler, because these programs bundle Flash Player.To read this article in full or to leave a comment, please click here

Two years after Snowden leaks, US tech firms still feel the backlash

Two years after the first leaks by Edward Snowden about U.S. surveillance programs, the country’s tech companies are still worried about a backlash from other governments.Several foreign governments continue to push policies requiring that data generated in their countries be stored within their borders, said Yael Weinman, vice president of global privacy policy at the Information Technology Industry Council.“We’ve all heard the metaphor—data is the new oil,” Weinman said at the Techonomy Policy conference in Washington, D.C., Tuesday. “Barriers to cross-border data-flows make doing business today ... much more difficult.”The first surveillance leaks from Snowden, a former contractor with the U.S. National Security Agency, came out two years ago, and the impact of the surveillance programs was part of the backdrop for several debates at the conference.To read this article in full or to leave a comment, please click here

Two years after Snowden leaks, US tech firms still feel the backlash

Two years after the first leaks by Edward Snowden about U.S. surveillance programs, the country’s tech companies are still worried about a backlash from other governments.Several foreign governments continue to push policies requiring that data generated in their countries be stored within their borders, said Yael Weinman, vice president of global privacy policy at the Information Technology Industry Council.“We’ve all heard the metaphor—data is the new oil,” Weinman said at the Techonomy Policy conference in Washington, D.C., Tuesday. “Barriers to cross-border data-flows make doing business today ... much more difficult.”The first surveillance leaks from Snowden, a former contractor with the U.S. National Security Agency, came out two years ago, and the impact of the surveillance programs was part of the backdrop for several debates at the conference.To read this article in full or to leave a comment, please click here

Network Documentation Series: Logical Diagram

In this article, I will do a walk-through of a logical network diagram. As I also said in the Physical Diagram article: I prefer to use the term “logical” instead of “L3″ because it is more easily understood by somebody unfamiliar with the OSI model. It also removes the assumption (made by many non-technical people) […]

Author information

John W Kerns

John is a network and systems engineer based in the Los Angeles/San Diego area. His background is in two traditionally stovepiped skill sets; systems administration and switching/routing/security. Most of his time is spent as an implementation engineer for a medium sized SoCal VAR. You can visit his blog at blog.packetsar.com or follow him on Twitter @PackeTsar
Twitter

The post Network Documentation Series: Logical Diagram appeared first on Packet Pushers Podcast and was written by John W Kerns.

BRKARC-3004 APIC-EM Controller Workflow and Use Cases

Presenter: Markus Harbek, CCIE, CCDE

 
Who knows what SDN stands for?

  • Still Don’t kNow
  • Still Does Nothing
  • Schnitzel Dinner Night


APIC – Application Policy Infrastructure Controller

  • Data center
  • n9000s
  • Focus on application network profile. SLA, Security, QOS, load balancing
  • Application intent

UCI – User Centric Infrastructure

APIC-EM – APIC Enterprise Module

  • Catalyst, ISR, N7k, n6k, n5k, WLAN
  • Focus on user, things, network profile, QoS, security, SLA, device
  • Application intent

Eventually, APIC and APIC-EM will have a common policy model so they can share policies across DC and enterprise. They will not integrate directly but will talk to a common policy orchestrator.

APIC-EM is really focussed on brownfield deployments because the assumption is that customers already have networks up and running hat APIC-EM needs to integrate into. APIC-EM won’t cconfigure OSPF and STP today, things like that, because they’re more than likely already running.

Imperative Control

  • Baggage handlers at an airport follow sequences of simple, basic instructions

Declarative control

  • ATC tells where to take off from but not how to fly the plane
  • ATC tells the “what”
  • Pilot figures out the “how” part
  • In the network, this would be like the admin wanting segmentation between tenants, controller decides which technology Continue reading
1 3,385 3,386 3,387 3,388 3,389 3,780