I had a great holiday and enjoyed my time off, I hope you all did as well. Now I have to get my head back in the game. Several notable announcements have come out of the Cisco Security group while I was away. The first one I’d like to highlight is a new SSLVPN licensing schema.

The wait is over! Cisco now offers a temporary SSLVPN license key that is similar to other vendors, like Juniper’s ICE (in case of emergency) licensing. Cisco calls their new feature flex licensing.

Read more

Cisco recently released a major overhaul of its Wireless IPS capabilities that it calls Cisco Adaptive WIPS. This upgrade seems timely given the recent flurry of news around wireless security vulnerabilities. The new system integrates features into the Cisco Unified Wireless framework that were previously only found in specialized wips vendors like airdefense.

Read more

Yep I did it, I made the plunge, I am now a MAC maniac! My work provided me with a shiny new MAC book Pro 15.4”with 4Gb of ram about 3 weeks ago. Here is my conversion story so far…

Read more

The economy is in dire straits, nobody has budget for training or travel anymore, and online community sites are reaping the rewards. People are jumping onto these sites for all sorts of reasons like to find jobs and social network, to learn new skills, and to keep up with the latest buzz to name but a few. Large companies like Cisco are starting to make their presence known in these extremely popular communities.

Read more

What could be cooler than a security technology that uses single photons, particle beam splitters, quantum particles, fiber optics, and physical objects to derive unhackable encryption keys? Ahhhh, nothing…

Read more

I've compiled 5 very useful ASA features that I find most customers don't know about yet. You've probably heard of one or even two but I'm betting not all 5. How in-depth is your ASA knowledge, put it to the test.
Application Firewalling

Read more

Cisco Network Compliance Manager, Known as NCM, is a standout management product that performs. Need a network device audit based on things like PCI, HIPAA, ITIL, etc? Need to roll-out config and software changes to several devices? Need a real-time visio network diagram? Need a super detailed inventory of all your network devices? Want a live PSIRT alert system that tells you exactly what devices need remediation, downloads the code to fix it with, and produces a report showing if the device can support the new code?

Read more

Cisco released a score of new 802.1x features in 12.2.33 SXI for their Catalyst 6500 switch lineup. These new features focus on making dot1x easier to deploy. Hmmm…Is that an oxymoron: dot1x and easy? Well perhaps not anymore. You can now deploy full dot1x features in a quasi “monitor only” mode. This allows you to see what is going to happen in your live environment before you enable true enforcement.

Read more

The new James Bond movie releases next week and I can’t wait. The best part of watching a 007 flick is seeing all the new gadgets that Q has cooked up for Bond to use. Over the years their have been some really great ones going all the way back to the Sean Connery era in the 1960’s. Even though the new bond movies don’t include the same amount of cool 007 gadgetry, I thought it would be fun to do a blog on 7 of my personal favorites from the Bond series anyway. When these gadgets were showcased at the movies they were bleeding edge and futuristic.

Read more

I recently came across another way to span traffic to ports on Cisco switches. This one was new to me since I usually just use VACL Capture for traffic spanning. I found it while reading the latest release notes for Cisco IPS version 6.2(1)E3 that just released. This IPS version includes tons of IPv6 features and signature engines.

Read more

PCI compliance has been a focus for retail companies for years, but it is only recently that healthcare providers are diving into the PCI pool. Healthcare providers, like hospitals, doctor’s offices, clinics, etc., are just starting to appreciate the sometimes massive amount of credit card data that is being transmitted and stored on their networks and hosts. Traditionally, PCI compliance and credit card data protection just wasn’t a key focus area for healthcare providers. HIPAA has always gotten the attention.

Read more

My guess is many of you have never heard of the FTC’s Red Flag Rules. Even so, I would bet that a fair number of you work for a business that needs to comply with the rules. This unawareness is the reason behind the FTC’s decision to extend the enforcement date. Here are just a few example business types that may need to comply: car dealers, mortgage brokers, and healthcare entities. Read on to find out if your business falls under the rules and what that means.

Read more

Cisco announced the availability of NAC Appliance release 4.5. This is a major release upgrade that contains many of the features that customers and I have been waiting for. NAC Appliance 4.5 steps up Cisco’s offering to the next level. According to Cisco, “Release 4.5 increases the scalability and power of the Cisco NAC Appliance by delivering many new functions, including wireless out-of-band support, Mac OS posture assessment, and importing and exporting of NAC policies.”

Read more

Businesses who use Cisco gear seem to constantly struggle with how best to determine the code version they should run on a particular Cisco product. IT departments are looking for the best balance of features and stability. Customers frequently ask me for my advice on this when it deals with security products. To that end, I thought it would be a good idea to share with you some of the public resources that I use for researching (scrubbing) code versions for Cisco security products.

Read more

On November 12th Cisco will host the Cisco IT Security Forum an interactive online event packed with all the things you’d typically find at a Networkers event. This includes top notch speakers like Bob Russo, General Manager PCI Security Standards Council and John Stewart, Chief Security Officer to name a couple. The security forum will be broken up into two areas, a virtual conference hall and a virtual exhibit floor complete with virtual security solution booths.

Read more

Is it possible to be both a security market share leader and have best of breed solutions? Cisco thinks so.

Read more

Have you run out of traffic spanning sessions on your Cisco switches, are you treating them like gold because of their scarcity? If so, you should take a good look at VACL capture, a feature that provides you with a virtually unlimited number of SPAN sessions.
VACL capture works with most of the newer Cisco switches including the 6500, 4500, 4900, 3750E, 3750, 3560E, and the 3560. To find out if your switch supports this feature take a look at the Cisco Catalyst Switch Guide.

VACL stands for VLAN Access Control List. It operates like a typical port based ACL but instead of being enabled on a per port or L3 interface level it is enabled on a VLAN bases. A VACL is an extended ACL that controls traffic that enters or exists a VLAN. The VACL capture feature adds a keyword capture to the end of an ACL entry. The capture keyword tells the switch to make a copy of any matching packets and send them to a configured capture destination port. Because the VACL feature controls traffic flow just like an ACL would you must always be sure to configure a permit rule to allow traffic that is not already being captured. This is to deal with the implicit deny that exists at the end of any ACL. If you don’t then you’ll end up capturing and forwarding traffic for your capture command but then denying all other non-captured traffic in that VLAN because of the implicit deny at the end of all ACLs.

Here is a simple configuration example to illustrate how this works:

1. Define the interesting traffic you want to be captured

IOS(config)#ip access-list extended Capture_HTTPandUDP

IOS(config-ext-nacl)#permit tcp 10.10.10.128 0.0.0.127 host 20.10.10.1 eq 80
IOS(config-ext-nacl)#permit udp any any

Read more

Taking just 5 seconds to inspect any credit/debit card readers before you swipe could end up saving you from identity and credit card theft. I’ll show you what to look for before you swipe your next card. The con is called skimming. Skimming works by retrofitting a perfectly legitimate card reader (like an ATM) with a camouflaged counterfeit card reader. The counterfeit reader records all of your card’s information as it passes through. To give you an idea of what we are dealing with, here is a picture of an ATM with a skimmer overlaid on to the slot where you insert your card and a micro camera hidden behind a bogus white plastic piece above the PIN keypad. This ATM was reported to police on September 6, 2008.
Image is Courtesy of Naples Police Department:

Would you have known it was stealing card data? The purpose of this blog is to educate you on how to identify a skimmer. To that end I’ve compiled a portfolio of example photos made up of both basic and advanced skimmers. It is by no means all inclusive but should give you a heads up on what to look out for the next time you go to swipe your card.

According to law enforcement, “Credit card skimming has been around for years and is a growing problem that seems to be getting worse.” Many of us take for granted that inserting your credit/debit card into an ATM or swiping it at the grocery store or gas station is a safe practice. And most of the time you’d be right. However, skimmers are increasingly being retrofitted to legitimate ATMs, gas pumps, grocery/department store checkout machines, restaurants, etc., etc., you name it criminals are trying to skim your credit card from it. Here’s a look at the insides of the micro camera that is capturing video of your keypad presses.
Image is Courtesy of Naples Police Department:

Read more

Cisco is setting its sights on the competitors in the packet shaping market place with its newest release of the Application Performance Assurance (APA) Network Module the NME-APA-E3 2.0. The APA 2.0 code adds many of the features that Cisco needed to compete in this market, like the ability to classify and control over 1000 applications and report on its findings with over 100 built-in reporting templates. The APA allows for per user traffic profile granularity that hooks into Microsoft Active Directory. The new NME-APA-E3 leverages ASIC components and RISC processors that allow it to scale up to 45Mpbs of performance. The NME-APA-E3 is targeted at the branch office and regional office segment of corporations.

Read more

According to Cisco the APA solution provides these features:

• Layer 7 stateful packet inspection and classification
• Robust support for over 1000 protocols and applications, including:
• –Business—Systems, Applications, and Products (SAP), Oracle, Citrix, Digital Imaging and Communications in Medicine (DICOM), Healthcare Level 7 (HL7), FIX, and Blackboard
• –General—HTTP, HTTPS, FTP, Telnet, Network News Transfer Protocol (NNTP), Simple Mail Transfer Protocol (SMTP), Post Office Protocol 3 (POP3), Internet Message Access Protocol (IMAP), Wireless Application Protocol (WAP), and others
• –Peer-to-Peer (P2P file sharing—FastTrack-KazaA, Gnutella, BitTorrent, Winny, Hotline, eDonkey, DirectConnect, Piolet, and others
• –P2P VoIP—Skype, Skinny, DingoTel, and others
• –Instant Messaging—Yahoo Messenger, AIM, Google Talk, and MSN
• –Streaming and Multimedia—Real Time Streaming Protocol (RTSP), Session Initiation Protocol (SIP), HTTP streaming, Real Time Protocol (RTP) and Real Time Control Protocol (RTCP), and others
• Programmable system core for flexible reporting

Cisco recently released a new code upgrade for their ASA security appliance. The new release, 8.0.4, contains several new features and many bug fixes. Cisco also released a new version of its GUI, ASDM 6.1.3, that supports the new features of 8.0.4. The fact that 8.0.4 is an Early Deployment (ED) release means that it goes through extensive dev testing before release. It also means that it is meant to be a very stable release of ASA code and will contain numerous bug fixes to support that premise. In fact, 8.0.4 contains some 514 closed caveats that were discovered in previous ASA builds. Most ASA customers who are using SSLVPN features or are on an 8.0.3.X engineering release should seriously consider moving to the new 8.0.4 ED release. 8.0.4 doesn’t just include closed caveats but also some important new features.

My favorite new feature has to be the IP Phone and Presence Proxy feature. First the IP Phone Proxy feature. This allows you to take your Cisco IP Phone home with you, plug it into the internet, have it setup an encrypted TLS tunnel back to your ASA, and register with your Cisco Call Manager just like you were at the office. Basically it gives you a VPN from your IP Phone to the Cisco ASA. This allows you to enable work from anywhere voice using your existing Cisco IP Phones.

Now the presence proxy feature. This allows you to share your presence information with your other business partners and affiliates. Enterprises share Presence information, and can use IM applications. It allows you to secure connectivity (TLS proxy) between Cisco Unified Presence servers and Cisco or Microsoft Presence servers. Here are some of the benefits of using a Presence solution as reported by Cisco:
• Increase productivity: Connect with colleagues on the first try by knowing their availability in advance on either Cisco Unified Personal Communicator and Cisco Unified IP Phone.

Read more