If you want to hack a corporation fast, Social Engineering (SE) techniques work every time and more often than not it works the first time. I'm talking about in your face, Mano-a-mano, live in the flesh social engineering techniques. Securing the information that is in the human mind is a monumental, colossal, epic, Read more
Cisco's newly released ISR G2 routers come with a new update to their software features in IOS version 15.0. I will focus on describing some of the new security features that are found in the IOS 15.0 security feature set. It is important to note that IOS 15.0 will work on older ISR models as well as the new ISR G2 platforms. This is a straightforward list with a description of each new feature. Read more
Cisco just released support for the Windows 7 operating system in both its IPSEC client and SSLVPN client software. The Cisco Anyconnect 2.4 SSLVPN client now supports both 32bit and 64bit Windows 7 hosts. The new Anyconnect 2.4 client additionally supports MAC OSX 10.6.1 32 and 64bit operating systems as well. Cisco also released a Windows 7 32bit version of its widely deployed Cisco VPN client 5.0.6.
Neither client requires any changes at the head-end VPN concentrator/ASA. Read more
The FTC has found only 59 Identity Theft Red Flag Rule violations in all of the 1000's of Credit Unions under their influence since January 2008 (Red Flag Rules enforcement date). The most prevalent violation found was not having established a Red Flag Identity theft program at all. The 55 Credit unions represent less than 1% of the total credit unions that fall under the jurisdiction of the FTC. So is the FTC really taking Identity Theft seriously? Are they making an impact? Read more
Ahhhh, Physical Security! It usually constitutes one of the major weak links in IT security's armor. All you have to do is look at the demand for Network Access Control (NAC) to be convinced. Most don't realize that Cisco has been in the physical security business for a while now, mostly in the IP Video Surveillance (IPVS) sector. Cisco sells HD IP Video Cameras, Video management systems, DVRs, and all the other pieces to complete a full IP Video Surveillance Solution. Read more
Today Cisco externally announced it's newest Ironport Web Security Appliance (WSA) code version. The big splash feature is a brand new, built from scratch, URL filtering engine. Cisco is calling it Web usage Controls. It consists of a list based traditional URL filtering database plus a new dynamic URL categorization engine for un-categorized URLs. Read more
Cisco started to include reputation functionality in its IPS sensors about 6 months ago with its 7.0 release. The data has been collected on how effective it has been so far. The findings are significant. Cisco's addition of reputation data to its IPS sensor software has resulted in a 100% increase in effectiveness over signature protection alone. Additionally, it has been found that a reputation lookup and drop can be done 100 times faster than a traditional signature check and drop. IP address reputation is just like a credit score in finance. Read more
Currently, the H1N1 virus is running rampant (46,000+ cases) throughout the nation and the "official" flu season doesn't start until Oct 4th. Like all viruses, H1N1 is made up of a DNA sequence, or code. The most amazing part is that it only takes about 3.2 Kbytes of data to code itself. A worm like Conficker takes over 112 Kbytes! Always striving for ultimate efficiency, it looks like Mother Nature has figured out how to write some super streamlined code. Deadly code at that. Read more
How could the Internet ever die, you ask? It is growing at a fantastical rate, becoming more and more important to our everyday lives, businesses, and evolution as a species. Well, everything has a finite lifespan, even our universe itself. (I say our universe on purpose; I'm a believer in the principals of quantum physics and the multiverse) Our universe might not die for billions or trillions of years but that is beside the point. Point is that it has a beginning and an end. Read more
I've been receiving this question more and more recently from Cisco ACS customers so figured I'd post my answer here for all to view. As some of you already know, Cisco's ACS software received an overhaul this past year. Many of the features that ACS customers have been asking for, for a while, have finally made it into ACS 5.0.
Here are the top 10 new features that will affect your upgrade decision. You can use this info to make up your own mind if you should make the switch from 4.x yet.
When I logged into one of my online accounts today it said it was locked out and I needed to call to get it reset. You wont believe what happened next. Read more
I loved watching Abbott and Costello as a kid so I couldn't resist sharing this skit with you all. It is reminiscent of the old who's on first, what's on second routine. It left me in stitches so hopefully you'll enjoy it too.
Costello calls and wants to buy a computer from Abbott…
ABBOTT: Super Duper Computer Store. Can I help you?
COSTELLO: Hi. Yes, I'm setting up an office in my den, and I'm thinking about buying a computer.
ABBOTT: Mac?
COSTELLO: No, the name's Lou.
ABBOTT: Your computer?
COSTELLO: I don't own a computer. I want to buy one.
Read more
Today at Defcon 17 I attended an interesting talk given by the Electronic Frontier Foundation (EFF) where they talked about some of the case law that is shaping our countries IT related laws. One of the interesting tidbits that I picked up was that current laws seem to protect your personal video rental and sales records (i.e. what you rented from the video store) from disclosure in a more effective way than your computer data residing online. I'm no lawyer, and this is not legal advice, but here are some of the details on the subject. Read more
The Blackhat security conference kicked off today and in true fashion several allegedly zero-day exploits and other nastiness were revealed by security researchers. Several of today's security talks at Blackhat 2009 here in Vegas focused on newly found security vulnerabilities in the digital certificate controlled SSL encryption process as it exists today. SSL is the cryptographic technology used to secure millions of website transactions globally. Every time you login to your banking, trading, shopping, etc. website you are using SSL to encrypt and secure your Internet session with them. Read more
Cisco recently released a new GUI tool that makes creating custom profiles for their Cisco Anyconnect SSLVPN client a point and click exercise. Previous to the tool, ASA SSLVPN admins would have to create, or modify existing, XML profile files. This required the admin to download and learn the schema used in the files so they could apply their customization to them. Here's a look at how to use the tool. Read more
Last week Cisco posted the 3.3 version of its enterprise class Cisco Security Manager (CSM) product. All sorts of new features were introduced, most especially are performance improvements throughout, ASA 8.2 support, IPS 7.0 support, ASR router support, and finally full support for IOS zone-based firewall. Another notable feature is the bulk import/export functionality. This allows you to work with objects, devices, and device overrides in bulk instead of the previous per device method.
Here is a list of all the new features added (according to release notes): Read more
The recent disclosure of 46 new security fixes in iPhone 3.0 is just part of the proof the iPhone is ready for Enterprise adoption. Read more
President Obama recently announced the results and his perspective of the 60-day cyber security review he requested earlier this year. This makes him the first president to ever put their name with such a report. Following the results of the 60 day cyber security review, the Obama administration has made clear the urgent need to upgrade our nation's information technology infrastructure with a particular focus on securing those systems. Read more
There are lots of IT Security related urban legends floating around the Internet. Some have malicious intent and others are just for fun. Some have been with us for years but still refuse to die. Here is a list of my top IT Security Urban Legend picks for this year.
1) Department of Homeland Security mandates that all PC manufacturers install keyboard-logging devices in all PC keyboards. Read more
With all of the free webinars, VoD, IP/TV, and forum sessions available on the web it can be hard to find what you’re looking for. To that end I put together a list of some of the upcoming online security events that Cisco will be putting on in the next few months. The topics are wide ranging and the content varies from advanced to beginner and technical to marketing. Have a look and see if something catches your eye.
• Email Security Events Read more
Jamey Heary, CCIE No. 7680, is the author of the Cisco NAC Appliance: Enforcing Host Security with Clean Access book by Cisco Press. Jamey is a seasoned security technologist with over 15 years in the IT field with 10 years focused on IT security. His areas of expertise include network and host security design and implementation, security regulatory compliance, and routing and switching. His other certifications include CISSP, CCSP, and Microsoft MCSE. He is also a Certified HIPAA Security Professional. Jamey is currently a Security Consulting Systems Engineer with Cisco, though the opinions expressed here are his own. Jamey is a member of Network World's Cisco Subnet blog community.
The Leader in Network Knowledge
