Posts

New Initiative Aims to Fast-Track Women into Cybersecurity Careers

This blog post is a summary of this week’s Information Security News put together by our Security Incident Response Team (SIRT).

A new professional development initiative will give 100 women the opportunity to revamp their careers and prepare for new roles in cybersecurity in only 100 days…

Read more

 

Top 5 Security News

What’s Behind the Wolters Kluwer Tax Outage?

Avoid a Security Endgame: Learn About the Latest “Avengers” Scam

Critical Flaw in Cisco Elastic Services Controller Allows Full System Takeove

Turla LightNeuron: An email too far

Hackers steal US$41 million worth of Bitcoin from cryptocurrency exchange

Image by Gerd Altmann from Pixabay

Security Software & Tools Tips – December 2018

In this monthly post, we try to make you aware of five different security related products.
This is a repost from my personal website Ulyaothroducts.

This month we have choosen for the following:
* ModSecurity
* Snort
* OSSIM
* Nmap
* Osquery

ModSecurity


ModSecurity is a WAF module that can be used for various webservers such as Nginx, Apache and IIS.

Information from the ModSecurity website:

ModSecurity is an open source, cross-platform web application firewall (WAF) module. Known as the “Swiss Army Knife” of WAFs, it enables web application defenders to gain visibility into HTTP(S) traffic and provides a power rules language and API to implement advanced protections.

Website:

https://www.modsecurity.org/

Snort

Information from the Snort website:

Snort is an open source network intrusion prevention system, capable of performing real-time traffic analysis and packet logging on IP networks. It can perform protocol analysis, content searching/matching, and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more.

Website:

https://www.snort.org/

OSSIM

Information from the OSSIM website:

AlienVault® OSSIM™, Open Source Security Information and Event Management (SIEM), provides you with a feature-rich open source SIEM complete with event collection, normalization, and correlation. Launched by security engineers because of the lack of available open source products, AlienVault OSSIM was created specifically to address the reality many security professionals face: A SIEM, whether it is open source or commercial, is virtually useless without the basic security controls necessary for security visibility.

Website:

https://www.alienvault.com/products/ossim

Nmap

Information from the Nmap website:

Nmap (“Network Mapper”) is a free and open source (license) utility for network discovery and security auditing. Many systems and network administrators also find it useful for tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. It was designed to rapidly scan large networks, but works fine against single hosts. Nmap runs on all major computer operating systems, and official binary packages are available for Linux, Windows, and Mac OS X. In addition to the classic command-line Nmap executable, the Nmap suite includes an advanced GUI and results viewer (Zenmap), a flexible data transfer, redirection, and debugging tool (Ncat), a utility for comparing scan results (Ndiff), and a packet generation and response analysis tool (Nping).

Website:

https://nmap.org/

Osquery

Information from the Osquery website:

osquery exposes an operating system as a high-performance relational database. This allows you to write SQL-based queries to explore operating system data. With osquery, SQL tables represent abstract concepts such as running processes, loaded kernel modules, open network connections, browser plugins, hardware events or file hashes.

Website:

https://osquery.io/

Photo by Collin Armstrong on Unsplash

Vulnerability in Cisco ASA

Cisco Adaptive Security Appliance (ASA) Software is affected by the following vulnerabilities:
Cisco ASA ASDM Privilege Escalation Vulnerability
Cisco ASA SSL VPN Privilege Escalation Vulnerability
Cisco ASA SSL VPN Authentication Bypass Vulnerability
Cisco ASA SIP Denial of Service Vulnerability
These vulnerabilities are independent of one another; a release that is affected by one of the vulnerabilities may not be affected by the others.

Successful exploitation of the Cisco ASA ASDM Privilege Escalation Vulnerability and the Cisco ASA SSL VPN Privilege Escalation Vulnerability may allow an attacker or an unprivileged user to elevate privileges and gain administrative access to the affected system.

Successful exploitation of the Cisco ASA SSL VPN Authentication Bypass Vulnerability may allow an attacker to obtain unauthorized access to the internal network via SSL VPN.

It is recommended to upgrade as soon as possible in order to avoid breaches.

More information and upgrade information: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140409-asa

Cisco ASA VPN Denial of Service Vulnerability

A vulnerability in the VPN authentication code that handles parsing of the username from the certificate on the Cisco ASA firewall could allow an unauthenticated, remote attacker to cause a reload of the affected device.

The vulnerability is due to parallel processing of a large number of Internet Key Exchange (IKE) requests for which username-from-cert is configured. An attacker could exploit this vulnerability by sending a large number of IKE requests when the affected device is configured with the username-from-cert command. An exploit could allow the attacker to cause a reload of the affected device, leading to a denial of service (DoS) condition.

More information: http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5544

Cisco ASA and FWSM – multiple vulnerabilities

Cisco has released two security advisories to address multiple vulnerabilities. These vulnerabilities could allow an attacker to obtain elevation of privilege, bypass security controls, or cause a denial of service condition.

More information:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131009-asa
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131009-fwsm

Cisco releases multiple vulnerability updates

Cisco have released advisories about applying updates for the following products:
Cisco ASA Protcol Inspection Connection Table Denial of Service Vulnerability
Cisco UCS 6100 Fabric Interconnect Memory Leak
Cisco IOS XR RIP Version 2 Crafted Packet Vulnerability
Cisco Wireless LAN Controller Multiple Parameter Handling Denial of Service Vulnerability

It is recommended to apply for these product upgrades as soon as possible.

Cisco IOS Multiple DoS Vulnerabilities

Information regarding 7 DoS vulnerabilities for Cisco IOS was released yesterday by Cisco.
All of them are regarding DoS attacks, so it’s recommended to upgrade as soon as possible.

Cisco IOS Software Internet Key Exchange Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130327-ike

Cisco IOS Software Smart Install Denial of Service Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130327-smartinstall

Cisco IOS Software Zone-Based Policy Firewall Session Initiation
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130327-cce

Cisco IOS Software Network Address Translation Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130327-nat

Cisco IOS Software Protocol Translation Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130327-pt

Cisco IOS Software Resource Reservation Protocol Denial of Service
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130327-rsvp

Cisco IOS Software IP Service Level Agreement Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130327-ipsla

Alltid kul med nytänkande

Med referens till artikeln i IDG http://www.idg.se/2.1085/1.403348/serverrack-ska-radda-jatte-i-kris .

Nöden är väl ändå uppfinningens moder? Trots alla stora och återkommande framsteg som skett genom åren på prestandasidan i form av minne, cpu och format, har väldigt lite hänt på själva plattformssidan. En server anno 2001 är väldigt lik en server idag. Administration och automation av infrastruktur har alltid varit något av en efterkonstruktion vid framtagandet av t.ex. serverprodukter och vi som arbetar med just automation och drift vill gärna uppmuntra fler leverantörer att följa Ciscos exempel.

Att göra en server tillgänglig för produktion innefattar många fler steg än att bara montera servern i racket och sedan slå på strömbrytaren, snarare handlar det om ett 50-tal moment som ska utföras och testas innan man ger tummen upp för produktion. Verktyg som underlättar för oss att kunna systematiskt integrera dom i våra befintliga system och arbetsflöden för att sedan bara kunna klicka på “Kör” stärker både kvaliteten och flexibiliteten för våra kunder.

För att gå tillbaka till framtiden, så vill jag tro att många av oss går och väntar på äkta multitenancy även på hårdvarusidan, där vi kan avbrottsfritt tillföra eller frigöra maskinkraft på låg nivå, men för att då oundvikligen snegla mot stordatorvärlden, så förutsätts då att både hårdvara, OS och applikationer är framtagna och underhålls i harmoni. Och, den moderna termen för detta är väl ändå Platform as A Service (PaaS) och vi får hoppas på att utvecklare hoppar på tåget och går i den riktningen. Än så länge är adaptionen av PaaS väldigt låg för nya produkter och tjänster på nätet och man fastnar i labb-stadiet.

Så, för att återgå i ämnet, är UCS då räddningen för Ciscos framtid? Vem vet, när fler operatörer börjar bygga PaaS plattformar så är Cisco UCS en tilltalande infrastruktur att bygga den kring. Kommer UCS produkten tilltala IT-chefen som köper en server i månaden och har inga automatiserade arbetsflöden eller ambitioner, förmodligen inte. 🙂

/Stefan Månsby