WannaCry: Safety and Security under attack from all fronts NSA, North Korea, Cyber Criminals and the CIA

Posted by John Marrett on May 19, 2017 1:34:29 PM

With all of the concern this week regarding "WannaCry" ransomware, we decided to deviate from our standard Tips and Insights to explain what is happening and our view on the situation and it's root causes.

“WannaCry” is the security story of the moment, and, hopefully, the year. There's a lot of the year left, but this worm has already caused an impressive amount of damage. Thankfully, due to the quick actions of a malware researcher in the UK registering a kill switch domain, the worm was shut down just as it was getting started. Were it not for those quick actions combined with limited exposure of SMB shares directly to the Internet this attack could have taken off like “code red” or “slammer.”

Read More

Topics: Security, Network, ransomware, wannacry

Use of Scripting to Identify Devices Affected by the Clock Signaling Field Notice

Posted by John Marrett on Mar 13, 2017 2:03:43 PM

By now you have likely heard about the "Clock Signaling Component" issue affecting a broad range of Cisco products. If you haven't a number of Cisco products are affected by an issue that will cause them to fail during normal operation, once they fail they will stop functioning completely and can not be powered back on. You can learn more about the affected devices on the notice page

Read More

Topics: Security, Network, UC managed Services, Cisco Clock Issue

Diagnosing Firewall "Misbehaviour" with Packet Captures

Posted by John Marrett on Jun 22, 2016 8:30:00 AM

Our support team received a call from a customer complaining that their next generation firewall (NGFW) was intermittently blocking access to their new voting website. As we were in the process of making firewall changes inside their environment and are responsible for the management of their network they turned to us for help.

The website was a vanity domain hosted at GoDaddy that redirected users to a deep link within another website. We accessed the site and confirmed that it was working properly and sending a 301 redirect as expected, it worked properly both inside their and our environment. We reviewed the firewall logs and found no indications that traffic was blocked by any firewall or IPS. The customer insisted that there was an intermittent problem accessing the website that seemed to affect some users at random.

Read More

Topics: Security, Network

Be Proactive: Protect your Business from Ransomware

Posted by Avi Mergui on May 26, 2016 11:30:00 AM

 

Ransomware, as its name suggests is a malware that infects a system and locks the user out of their data unless a ransom is paid. The victim of such an attack is left powerless to recover their data as only a unique key can unlock the infected system. The user has a pre-set deadline to pay the ransom or risk permanently losing access to their data. This type of attack has seen a rise in occurrence since its rise to prominence in 2005. The field of Crytomalaware is in constant evolution because of the extremely profitable nature of these activities, the largest threat currently is Cryptowall 3.0 /Cryptolocker which usually spreads through phishing emails. The user clicks on a link, a Trojan is installed on the system which then delivers its payload by encrypting user data and displaying a locked out message.

These attacks are now so prevalent that they account for $18 million in yearly revenue in the US alone and some estimates go up to $350 million worldwide according to a research done by The Cyber Threat Alliance (CTA). In the following sections, we will review some mitigation techniques about how to stay ahead of the curve to prevent this unfortunate scenario.
Read More

Topics: Security, Network

UDP Fragmentation, why should you avoid it?

Posted by Jonathan Sylvain on May 12, 2016 8:59:31 AM

Do you experience intermittent performance problems, particularly at branch offices? Do some applications “not work” and then self-resolve before you can address them? Limitations in path MTU may be the cause of your problems!

In today's networking environment,  you may encounter situations where your traffic passes through a path with an MTU that is lower than the standard 1500 bytes, for example if you are using a PPPoE DSL or an IPSec VPN. If you are aware of a limitation in the MTU along a path you should use the IP MTU command on the interface facing this path to limit the MTU. This should be done as close as possible to the traffic source so that messages are sent back immediately informing the client of the limitations while reducing the chances of them being lost of ignored.

These network settings will result in packet fragmentation. Since TCP is a stream oriented protocol which handles packet re-ordering, as well as, the retransmission of lost packets, it should not suffer packet loss directly tied to fragmentation but will suffer a performance degradation.

However, on the other hand, UDP being a message oriented protocol, it does not have a built-in reordering or retransmitting mechanism, so fragmentation should be avoided.  Further, when your traffic flows through devices that you have no control over nor visibility on such as sending traffic over the internet, then this should be avoided at all cost. 

Read More

Topics: Security, Network

Don’t miss out. Expert advice straight to your inbox!

Insightful tips, troubleshooting and solutions for your everyday Unified Communications challenges from our team of experts. You can look forward to:

  • Weekly UC tips;
  • Cisco Unified Communications insights;
  • UCCX - Contact Center insights;
  • Network and Security insights;
  • Cisco Release notes and Product reviews.

Posts by Topic

see all
Join us for free live demo

Recent Posts