RSS

A Reference for all Cisco UC and Security Professionals and Decision Makers

It’s always meddling when those pesky questions around design or deployment of a UC network’s security are raised. More often than not one finds him/her (self) amid a flurry of queries.

Now, there’s a guide, a reference, and a companion to be with you always when there are queries around Cisco IP Telephony / UC security. You won’t be left alone when the discussion is around securing the UC applications or underlying network. Cisco Press publication ‘Securing Cisco IP Telephony Networks’ will be with you to address any and all queries pertinent to secure Cisco UC design approach or deployment strategy.

The book is available in paperback and eBook format:

Cisco Press

Amazon

Advertisements
 
105 Comments

Posted by on November 3, 2012 in UC Security Posts

 

Tags: , , , , , , , , , , , , , , ,

Network Programmability and Automation – Reviewing was Fun and Learning!

In my last post on tech editing of Network Defense and Countermeasures , I shared that it was a refreshing experience tech editing a pure play security book.

I tech reviewed / edited a new cadre of book – Network programmability and automation late last year. This is the book by O’Reilly. I’ve reviewed a few reports earlier by O’Reilly however, this was first manuscript that I got to review so it was beyond just a few pages.

So, what’s different from other titles I reviewed? Simple, this book is all about automation and programmability of Networks to automate mundane tasks and let scripts do things for us. Yes, it is very different and while I have decent experience in using scripts with cloud platforms, it was also a learning opportunity with various languages and frameworks explained in the book. This is s good read for those trying to build up on automation and scripting side of things.

Here’s few glances of the book.

Look forward to do more automation with SDN platforms, public cloud and otherwise in upcoming months; of course alongside securing the unsecured.

Happy reading.

 
 

Network Defense and Countermeasures – Tech Edited!

The third edition of Network Defense and Countermeasures is out on shelf. And it was really fun tech editing it. The book is really comprehensive from basics to advance topics. It’s available on Amazon https://www.amazon.com/Network-Defense-Countermeasures-Principles-Cybersecurity/dp/0789759969/ref=sr_1_1?ie=UTF8&qid=1524856270&sr=8-1&keywords=network+defense+and+countermeasures

I just got my copy in mail and it was exciting to see something printed (yes on real paper; not Kindle) with my name to it.

Yes, it’s a very refreshing change from looking at ebooks and such.

More to come in following months 🙂

Happy reading!

 
Leave a comment

Posted by on April 27, 2018 in UC Security Posts

 

Hacks all the way – Yes, the Public Cloud isn’t Secure by DEFAULT!

Recent Uber and Tesla hacks have resurfaced the same question as last year – when Equifax was hacked.

“Is the cloud secure?”

One side of the coin says: Yes, the cloud is secure – when it’s about the infrastructure of the cloud provider. For one – if there’s an attack on AWS and Azure; they will defend their infrastructure from cyber attacks.

Other side of same coin says: No, the cloud isn’t secure – when it comes to cloud consumers; their workloads are their own responsibility per the shared responsibility model. AWS and Azure do not care if ‘your’ (the consumer) instances/VMs are under attack.

Still confused? Alright, here’s an example to set things straight.

***************************************************************************************************************************************

You have two options when it comes to procure a laptop – buy upfront for about $1,500 or lease for $30 per month for 3 years. Now, obviously getting it upfront is $1,500 – ($30*3*12=) $1,080 = $420 more than leasing over 3 years.

So, leasing seems like a good idea. There’s however a catch. When you buy a laptop, you get an OS, some applications, may be antivirus and such. And, there’s may be warranty for some software alongside the warranty for hardware for next three years. However, in case of leasing the laptop  you don’t get anything but the bare-metal laptop. You have to install your own OS (of your choice – yay), and other applications such as office, antivirus, and such. However, you do get physical damage coverage all the same as upfront purchase.

** Now, hopefully that’s comfortably equitable to on-premise vs. cloud concept. You can build your DC and spin up VMs or, you can go and grab compute, storage and network from a cloud provider, and spin up VMs. Latter gives (potential) cost savings, (definite) agility and elasticity, and (absolute) lower Time To Market (TTM) as result of elasticity and agility available to IT and Dev Ops.

Now, one fine day – your own machine breaks down. What do you do? Call the helpline and get onsite or remote help! If it’s physical damage you get repairs done or if it’s a software issue you get software support.

And, in case you leased the laptop – you can only call the vendor for fixing hardware. Since, the laptop came with no software, any software on it is outside of vendor’s responsibility area.

***************************************************************************************************************************************

Now, match this to on-premise vs. cloud. On premise – you build something and get software with support (more often than not unless you’re doing open source). On cloud however, you build your software instance (IaaS) atop the vendor offered compute, storage, and network. Now, if in latter case – your software / VM / Instance is breached; it’s none of the vendor’s concern to fix or even look into the matter.

Here’s AWS Shared Responsibility model at a glance:

Image result for aws shared responsibility model

And that for Azure is as follows:

Image result for azure shared responsibility model

So, all in all it is important to understand where the vendor responsibility towards security of ‘your’ valuable assests ends and where ‘yours’ starts.

Coming back to previous point, Uber could have stopped the hack by adopting appropriate security controls at various levels. First, not to allow any Github code to be downloaded. Second, prevent any malicious code to be executed (yes, ATP is useful). Third, not to allow the threat to travel within the cloud (East-West). And finally, to thwart any attempt to connect from compromised instances to the perpetrator of crime (there’s something known on lines of Anti Bot).

Please, do not forget that you were and still are responsible for security of what’s dear to you. Putting data on cloud and hoping for miraculous security will not bear fruits anytime. It’s a futile attempt to think that there’s security by default.

 
Leave a comment

Posted by on April 26, 2018 in Cyber Security

 

My CCIE 10th Year Anniversary Plaque

My CCIE 10th Year Anniversary Plaque

Today’s a special day. Just got my CCIE 10th Year Anniversary Plaque. In all it’s glory – shining like nothing has ever shined! 7th Dec 2007 was the day when I achieved my first CCIE and then in Feb 2009 the second one. Been a decade and still the memories of that era never fade; and for good.

CCIE 10th Year Anniversary

This plaque is something that reminds me of the grits and guts I put in 10 years ago. A sweet memoir of days when I used to slog day in and day out in preparation of my greatest personal battle – that of achieving the highly coveted CCIE title. It was my love, my life and I adored it not just once but twice – doing my Double CCIE.

“Nostalgia at its best!”

Proud and humble to be one of a few thousand CCIEs across the globe. Good to remember what I stood for and feels even better to keep doing what I love – my passion for technology and zest to learn has only grown with time.

Thank you dear god, my parents, my family and my friends for your love, support, and blessings.

 

 
Leave a comment

Posted by on February 2, 2018 in UC Security Posts

 

2017 – Year in Review and Looking Ahead from Cyber Security Standpoint

It’s been a while that I’ve posted however, it is because my new job and regional profile. I’ve been traveling a fair bit and being kept on the toes  🙂

Not keeping away from facts, 2017 was a year of (cyber)security incidents. From ransom ware for example  Petya to breaches at Equifax and Uber (and so many more), the year was pretty eventful from security perspective. Not just we witnessed big names getting breached and user data ex-filtrated, there was a mass momentum from bad guys to target and bring down key industry players in no time.

In response, security vendors were swift and came out with workarounds and fixes. Moreover, industry became aware of the fact (yet again) that humans are the weakest link in the scheme of cyber security. Vulnerabilities and exploits were introduced by virtue of weak security construct, policies, and configuration.

To sum it up – 2017 was an eventful year and a handful for security analysts and advisers alike. Looking forward – 2018 has had a big bang start with Meltdown and Spectre exploits. We’ll see how 2018 turns out from cyber security perspective however, I have a strong feeling it will be a step up as dark net continues to grow and flourish and the bad guys continue exploiting the connected systems.

Happy New Year to everyone!

 
Leave a comment

Posted by on January 14, 2018 in UC Security Posts

 

Into The Cloud 9

 

Dear All,

I’ll be presenting a life inspired webcast series – Into The Cloud 9 where I will share my life experiences and present my journey through the various phases of my life where I did things further than the customary to leave a mark. The webcasts will walk through my phases in life where I lead charge and drove beyond the usual being an author, a speaker, an evangelist, and an artisan at work; breaking the traditional notions and creating a wealth of information. These webinars are crux of life turning events that I went through; creating opportunities for myself and leading others on a path to leave their legacy – as I would leave one; beyond my existence.

Most people feel (if not say) that they wish to leave some sort of legacy in life. The interesting part is that, even if they don’t say it; there is usually some sort of desire – almost always. Its human nature that we all want to be remembered because being remembered means that our lives had meaning and significance to someone other than ourselves.

People such as authors, speakers, musicians, artists, inventors, and such leave legacies through their bodies of work. But it’s only those who push the bounds beyond the ordinary and challenge the traditions, confines, and status quo of their respective fields of work or their industry; are usually not forgotten because of their boldness and innovation. I’ve pushed the bounds, and I know what it is like to be on the top of a summit.

I love spreading my knowledge about my industry to the masses by my blog, my posts on social media, and most importantly, by my books. How many people you run into have written articles; let apart books? How many would ever want to because it consumes social and personal life to be dedicated to such a noble cause? In the end, those who do or even wish to, I help them wherever possible; in all ways I can.

I am who I am, and I can only change for myself and those around me for betterment of our life because, it’s my passion to guide people into things that are not comfortable however, bear the sweetest fruit when endured. When I speak, I don’t sugar coat things and tell my audience the truth, whether they like it or not it’s their choice. And, by doing it as I gain the respect of thousands of people every year, so can you!

I take risks whenever I can because I know, without risks – there are no rewards. Everyone thinks differently and I admire people who decide that they need to step out and get it done because; they are the ones who make a mark and leave a legacy.

It’s all about leaving a legacy for without one – you were just one of 6 billion people on this planet, who would live and die without being known for anything apart from living a normal life. Your legacy may not be all weighed in coins; but in what you did at large to impact the society; especially the people in your genre, line of business, or community. Be remembered for something, beyond being recognized for being someone!

If you think this is of value to you or someone you know please join me in my journey and realize the untapped potential and lead a life extraordinaire!

The webcasts are being hosted by http://experience4live.com and you can register (or refer others to) at  http://experience4live.com/product/into-the-cloud/

With Regards,

Akhil Behl

 
Leave a comment

Posted by on July 2, 2017 in Events

 

Don’t be ‘Petyafied’!

Image result for petya check point

Just when the world was recovering from the crisis caused by wannacry – there’s yet another bump in the wire and this time its far more serious than its predecessor. Yes, its’ PETYA.

** By predecessor it’s implied a ransomware although there’s minimal to no relation between these two

First things first – Petya looks like an attempt in all muscle and power to bring down ‘Ukraine’. There’s already mounting evidence that Petya’s focus on Ukraine was deliberate. The initial attacks were limited to just a few specific infections, all of which seem to have been targeted at Ukraine. The highest-profile one was a Ukrainian accounting program called MeDoc, which sent out a suspicious software update Tuesday morning that many researchers blame for the initial Petya infections. Attackers also planted malware on the homepage of a prominent Ukraine-based news outlet, according to one researcher at Kaspersky.

Underline is – The attackers had complete control over where they planted Petya (at least initially) and they chose to plant it in some of the most central institutions in Ukraine.

Now, let’s get to the nuts and bolts of this new kid on the block.

How Petya commences and proceeds?

Petya takes over computers of its victims and demands $300, in Bitcoin. It spreads rapidly across an organization once a computer (first in the organization – known as patient zero) is infected using the EternalBlue vulnerability in Microsoft Windows (Microsoft has released a patch, but not everyone will have installed it) or through two Windows administrative tools. The malware tries one option and if it doesn’t work, it tries the next one. “It has a better mechanism for spreading itself than WannaCry,” said Ryan Kalember, of cybersecurity company Proofpoint. However, unlike WannaCry, ‘Petya’ tries to spread internally within networks, but not seed itself externally.

How to temporarily and permanently stop the infection?

The ransomware infects computers and then waits for about an hour before rebooting the machine. While the machine is rebooting, you can switch the computer off to prevent the files from being encrypted and try and rescue the files from the machine. This is a temporary and corrective measure. For a permanent and preventive approach, make sure the Windows OS is patched with latest patches from Microsoft and you AV/HIPS or host firewall software are updated to protect against this threat.

What if my system is already infected and encrypted?

If your system reboots with the ransom note, please don’t pay the ransom – the attacker’s email address has been shut down by the email provider so there’s no way to get the decryption key to unlock your files anyway. The best way to move forward is to disconnect your computer from the Internet, reformat the hard drive and restore your files from a backup.

** Backing up your files regularly and keep your anti-virus software up to date are highly recommended.

What software can I use to protect against Petya?

One of the post popular host firewall and AV solutions is Zonealram https://www.zonealarm.com/

If you already have any AV software make sure to update. Windows updates as mentioned earlier will help prevent the infection.

It’s one thing about individual PC’s however, what can I do to protect my Enterprise wide network?

Well, there are a couple of ways to offer preventive defense. One is, to segment your network (normal subnet based or micro segmentation using SDN) so to protect critical systems from other user facing systems. This also offers capability to protect between the layers of network, storage, compute and so on within your private DC or your cloud ecosystem. Checkout Check Point’s vSEC solution https://www.checkpoint.com/products/vsec-virtual-edition/

The other approach is to have your existing or new firewall gateways to offer Advanced Threat Protection (ATP) as well as endpoint agents offer advanced Sandboxing and on the host defense capabilities. Checkout https://www.checkpoint.com/products-solutions/zero-day-protection/ and https://www.checkpoint.com/products-solutions/threat-intelligence/

Hope this article helps you be protected from nasty threats and conduct business as usual.

 
Leave a comment

Posted by on July 1, 2017 in Cyber Security

 

Tags: , , ,