Be Proactive: Protect your Business from Ransomware

Posted by Avi Mergui on May 26, 2016 11:30:00 AM

 

Ransomware, as its name suggests is a malware that infects a system and locks the user out of their data unless a ransom is paid. The victim of such an attack is left powerless to recover their data as only a unique key can unlock the infected system. The user has a pre-set deadline to pay the ransom or risk permanently losing access to their data. This type of attack has seen a rise in occurrence since its rise to prominence in 2005. The field of Crytomalaware is in constant evolution because of the extremely profitable nature of these activities, the largest threat currently is Cryptowall 3.0 /Cryptolocker which usually spreads through phishing emails. The user clicks on a link, a Trojan is installed on the system which then delivers its payload by encrypting user data and displaying a locked out message.

These attacks are now so prevalent that they account for $18 million in yearly revenue in the US alone and some estimates go up to $350 million worldwide according to a research done by The Cyber Threat Alliance (CTA). In the following sections, we will review some mitigation techniques about how to stay ahead of the curve to prevent this unfortunate scenario.
Read More

Topics: Security, How to(s), Network

UDP Fragmentation, why should you avoid it?

Posted by Jonathan Sylvain on May 12, 2016 8:59:31 AM

Do you experience intermittent performance problems, particularly at branch offices? Do some applications “not work” and then self-resolve before you can address them? Limitations in path MTU may be the cause of your problems!

In today's networking environment,  you may encounter situations where your traffic passes through a path with an MTU that is lower than the standard 1500 bytes, for example if you are using a PPPoE DSL or an IPSec VPN. If you are aware of a limitation in the MTU along a path you should use the IP MTU command on the interface facing this path to limit the MTU. This should be done as close as possible to the traffic source so that messages are sent back immediately informing the client of the limitations while reducing the chances of them being lost of ignored.

These network settings will result in packet fragmentation. Since TCP is a stream oriented protocol which handles packet re-ordering, as well as, the retransmission of lost packets, it should not suffer packet loss directly tied to fragmentation but will suffer a performance degradation.

However, on the other hand, UDP being a message oriented protocol, it does not have a built-in reordering or retransmitting mechanism, so fragmentation should be avoided.  Further, when your traffic flows through devices that you have no control over nor visibility on such as sending traffic over the internet, then this should be avoided at all cost. 

Read More

Topics: Security, Network & Security Insights, Network

Networking Segmentation for Security using VRF

Posted by John Marrett on Apr 7, 2016 9:08:56 AM

Many organisations today face a challenge in securing enterprise networks that were designed prior to internal segmentation and security becoming a primary concern. It is very difficult to retrofit security into a network design, especially when you want to avoid changing server configurations, minimize downtime and impact, maintain performance within existing network segments, and progressively phase in security rules. In this blog post, we'll discuss an approach we have developed and used for both new network deployments, as well as, retrofits. 

THE PROBLEM

Retrofitting security into a network design while avoiding server configuration changes, downtime and performance issues.

Read More

Topics: Security, Network & Security Insights, How to(s)

CVE-2015-7547, glibc vulnerability; its impact on Cisco products and our mitigation solutions

Posted by John Marrett on Feb 19, 2016 12:16:06 PM

 

 

The Vulnerability 

On Tuesday, February 16th, Google's security team announced a significant vulnerability in glibc . The vulnerability relates to the handling of DNS packets, and many Cisco systems are vulnerable to it if an attacker can cause an affected device to perform a DNS lookup against an attacker-controlled DNS server. As many services (ssh, some web servers, mail servers) do perform these requests in an externally controllable fashion, the risk and exposure of this vulnerability are extremely significant.

Cisco released their advisory for this issue on the 18th. Because of the extensive use of Linux in newer switching and routing products, UC servers, and security and management appliances, the potential scope of the issue is vast. Cisco is presently still in the process of qualifying products to determine if and how they are affected.

Read More

Topics: Security, Network & Security Insights, Network

Cisco CVE-2016-1287 Network Vulnerability and our Mitigation Solution

Posted by John Marrett on Feb 11, 2016 11:37:47 AM


CISCO CVE-2016-1287 VULNERABILITY PROBLEM

Yesterday Cisco released an out of band patch for an ASA vulnerability (CVE-2016-1287) that permits remote code execution for any ASA device enabled for IKE / IPSec.
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160210-asa-ike

You can validate if your configuration is affected using the following command:

show run crypto map | include interface

The Cisco advisory indicates that there is no way to mitigate this threat. There are a large number of  vulnerable ASA firmware versions that have not and will not receive fixes. Customers should be aware of the difficulty in migrating from 8.2 to newer versions because of the complete restructuring of NAT rules.

Read More

Topics: Security, Network & Security Insights, Cisco Release Notes and Product Reviews, Network

Don’t miss out. Expert advice straight to your inbox!

Insightful tips, troubleshooting and solutions for your everyday Unified Communications challenges from our team of experts. You can look forward to:

  • Weekly UC tips;
  • Cisco Unified Communications insights;
  • UCCX - Contact Center insights;
  • Network and Security insights;
  • Cisco Release notes and Product reviews.
Join us for free live demo