RSS

A Reference for all Cisco UC and Security Professionals and Decision Makers

It’s always meddling when those pesky questions around design or deployment of a UC network’s security are raised. More often than not one finds him/her (self) amid a flurry of queries.

Now, there’s a guide, a reference, and a companion to be with you always when there are queries around Cisco IP Telephony / UC security. You won’t be left alone when the discussion is around securing the UC applications or underlying network. Cisco Press publication ‘Securing Cisco IP Telephony Networks’ will be with you to address any and all queries pertinent to secure Cisco UC design approach or deployment strategy.

The book is available in paperback and eBook format:

Cisco Press

Amazon

 
105 Comments

Posted by on November 3, 2012 in UC Security Posts

 

Tags: , , , , , , , , , , , , , , ,

IoT Hack = Security Lapse. And its just the beginning

Dallas, Texas – On Apr 8 2017, around 11:42 PM for no apparent reason, 156 tornado sirens went off (all together) and woke up what can be best described as – scared and baffled residents. When the sirens repeated in 90-second cycles, the locals thought they were being (or about to be) bombed.

Dallas Mayor – Mike Rawlings posted an update for citizens on his Facebook page (https://www.facebook.com/MayorMikeRawlings/posts/1030736253694199) where he described the incident as the hack i.e. an attack on emergency notification system. He also wrote, “This is yet another serious example of the need for us to upgrade and better safeguard our city’s technology infrastructure.”

The news was posted on many major news channels and websites – including CNN http://edition.cnn.com/2017/04/08/us/dallas-alarm-hack/

The most comprehensive coverage is fro Washingtonpost.com https://www.washingtonpost.com/news/the-intersect/wp/2017/04/09/someone-hacked-every-tornado-siren-in-dallas-it-was-loud/?utm_term=.0b1ec2649790

Now, while news channels/websites and reporters talk about the situation and have provided updates on how the issue was handled and finally resolved – lets consider some facts and try to derive some inference from the incident from cyber security perspective.

First – it is more than assured that this was an intentional hack and not a ‘mistake’ by someone in the emergency service grid. Hence, this infers that; the security controls deployed were either not enough or not tested properly during the planning and deployment cycles. At first there were speculations of the system not being controlled at all by a back-end software however, that was ruled out and this proves the point enough – integrating security (controls) in every system (offline or online) from planning, deployment and testing point of view should be an absolute zero tolerance exercise.

Second, the hacker(s) were motivated and determined to make it happen – at the most awkward hour. This hacker or hacking group made it look easy enough without leaving much of an evidence that the trail could be picked up and the perpetrator of the cyber crime is apprehended.

Third, connected systems expose the attack surface – and yes while this is a known fact, who would imagine that an emergency system grid could be hacked? That too – whole of it!! It is supposed to be a closed and monitored system – isn’t it? This brings us to the discussion where we can either discuss about standards not being in place from IoT / grid computing security point of view or we can simply say – it is about time someone did something about cyber security pertinent to public and government deployment. While this was clearly an issue with implementation of security for the sensors; this could go well beyond just the alarms as more often than not, one emergency system is connected to another e.g. 911 has taps into fire, police etc.

Last but nevertheless most importantly – while security analysts analyze and wonder how this could have been pulled off, for the people who experienced this ‘it was very real and scary’. This serves well to remind us all that how helpless we feel when technology is abused.

Note: The intent of this article was not to give the information that is widely available in terms of this incident however, to further deep dive and see the causalities of ill-fated security systems/controls. And, to extrapolate the kind of damage that can be done at large – anywhere in the world by that someone nasty – who knows how to get pass the security  (if at all there was some). 

 
Leave a comment

Posted by on April 20, 2017 in Cyber Security

 

Tags: , , , ,

Good Friday Just Became Better – With My CCSK Certification!

Holy Moly – The sweet taste of achieving the much coveted certification in the wake of furthering my Cyber Security journey. Aced the certification with a strong 90%. I’m now Certified Cloud Security Knowledge (CCSK) certified. My Good Friday just became a whole lot better!!!

 

It’s been sometime that I’ve been dragging my feet and finally decided to write the CCSK certification. Been busy with authoring and mentoring (cannot really complain as it’s my passion) hence, the delay. Like they say – better late than never!!

CCSK

In the following sections I’ve shared my experiences, my preparation, the insights and details to the certification exam. Hope these get you to your own CCSK summit.
The exam itself – This exam has been there for sometime now and I took the v3.0 (v2.1 is alo available but hey, latest is greatest right!). CCSK is a pretty comprehensive exam. It covers all basis (and more) from cyber security / security from a Cloud Service Provider (CSP) and a Cloud Consumer perspective, and then some. It also addresses domains which are usually blind spotted for example – cloud risk management, vendor management, supply chain management and such.

The insights to the exam – The exam can be daunting if you have little to no security experience and specially – if you come in with minimal (all encompassing security) virtualization, security controls, risk management, physical security and traditional DC experience. The exam consists of 60 questions – multiple choice and true and false type, to be completed in 90 min. It is an open book, take anywhere exam however, that doesn’t demean its importance at all, in fact – it take a lot of time to understand the subjects and topics and then be prepared for the exam itself. It’s the journey in this matter that’s much more valuable than the result itself.

My experience during the exam – I completed the first pass in about 30-35 min (of the allocated 90 min) and marked all questions for second pass (Yes, you can mark questions for review and come back to them). Finally submitted the questions for grading by 45-50 min mark and passed with 90% (80% is the minimal score to pass) and that calls for a jolly moment!

The preparation – For the prep I used the two documents (both available here https://ccsk.cloudsecurityalliance.org/index.html) i.e.

  1. Cloud Security Guidance https://cloudsecurityalliance.org/research/security-guidance/
  2. ENISA Cloud Risk Assessment Report: http://www.enisa.europa.eu/act/rm/files/deliverables/cloud-computing-risk-assessment/at_download/fullReport

These two documents cover all basis in terms of questions. Just a thorough read and you should be fine.  One of my dear and old time friend (who happens to be a security geek as well) Sumanta Bhattacharya helped me by brainstorming on the topics and coming out with logical and conclusive derivations.

Summarizing – This is a certification that’s a must to do for security practitioners and professionals who intend to or currently engage with cloud. An excellent certification that pushes a person beyond their scope of thinking in context of Cloud and so much more.

 

 
1 Comment

Posted by on April 15, 2017 in Cyber Security, Security Posts

 

Tags: , , , , , ,

Cyber Ops – Up Up and Away!!!

I’ll be spending a good amount of time doing something that I’m passionate about and which I think brings me the satisfaction of knowing that it will be a career catalyst for many professionals (especially security professionals).

To be precise, I’ll be spending most of my time from late Mar till May writing on Cyber Security. Now, it matters how this time I spend and the material I author helps the larger community gain from it – and that’s been my motto since I stepped up as an author and an evangelist.

Demystifying: I’ll be authoring Cisco’s latest Cyber Security / Cyber Ops on two fronts – writing the practice tests / question banks (to go with the premium content):

  • Cyber Ops – SecFnd
  • Cyber Ops – SecOps

I’ll be writing practice question banks which will help the CCNA Cyber Ops aspirants to attain these world-class cyber security certifications. These practice tests will be available as part of the premium package with the following books written by Omar Santos and Joseph Muniz.

CCNA SECFND: http://www.ciscopress.com/store/ccna-cyber-ops-secfnd-210-250-official-cert-guide-premium-9780134609010

CCNA SECOPS: http://www.ciscopress.com/store/ccna-cyber-ops-secops-210-255-official-cert-guide-premium-9780134609027

I have to admit that Cisco has come a long way and now with these certifications, the gaps from InfoSec and CyberSec would be more than addressed. These certifications are bench-marking in terms that they will help bridge the gap between the old and new security paradigms – network and cyber.

All in all – I’m enjoying my time writing these questions and hope that they will help the aspirants succeed in their attempts to grab these two really cool certifications.

Happy learning and reading!

 

 
Leave a comment

Posted by on April 11, 2017 in Cyber Security

 

Tags: , , , , , ,

Terminator and SkyNet might be here before you think!

Terminator movies have taught us a couple of important lessons – Whatever you do you cannot control the destiny. And, don’t let all the control to the machines.

That said – with IoT beginning to connect ‘Things’ and with no security standards (well not much of them anyway) established during the IoT wars; don’t you wonder if that ‘smart’ machine in your home or office is secure enough and will absolutely do what it’s supposed to do?

Time to think again! A recent publication by SCMagazine clearly articulates the fact that it’s about time that security was made paramount before going live with anything that is ‘smart’ enough to take decisions.

An excerpt follows:

As many of these “smart” machines are self – propelled, it is important that they’re secure, well protected, and not easy to hack. If not, instead of helpful resources they could quickly  become dangerous tools capable of wreaking havoc and caus ing substantive harm to  their surroundings and the humans they’re designed to serve. We’re already experiencing some of the consequences of substantial cybersecurity  problems with Internet of Things (IoT) devices that are impacting the Internet,  companies and commerce, and individual consumers alike. Cybersecurity problems in  robots could have a much greater impact. When you think of robots as computers with  arms, legs, or wheels, they become kinetic IoT devices that, if hacked, can pose new  serious threat s we have never encountered before.  As human – robot interactions improve and evolve, new attack vectors emerge and threat  scenarios expand. Mechanical extremities, peripheral devices, and human trust expand  the area where cybersecurity issues could be  exploited to cause harm, destroy property,  or even kill.

Reference: https://media.scmagazine.com/documents/287/hacking-robots-before-skynet_71714.pdf

There are references of incidents where life threatening situations occurred because security was at loss for example:

  • A robot security guard at the Stanford Shopping Center in Silicon Valley knocked  down a toddler; fortunately, the child was not seriously hurt
  • A Chinese – made robot had an accident at a Shenzhen tech trade  fair, smashing a  glass window and injuring someone standing nearby
  • In 2007 a robot cannon killed 9 soldiers and seriously injured 14 others during a  shooting exercise due to a malfunction
  • Robotic surgery has been linked to 144 deaths in the US by a recent study

Time to wake up to reality that (cyber) security controls are more than desired with robotics let apart IoT; the mother ship of connectivity (and increases the attack and exploit surface manifold).

Bottom line: Trying to let control go to leverage automation may not be a good idea unless there are strict security norms and cyber security controls in place.

Watch out – that smart machine may be just too smart for your liking!!!

 
Leave a comment

Posted by on March 15, 2017 in IoT Security

 

Ransomware as a Service – It’s as real as it gets!

The world of information technology is changing rapidly. So much so that – now you can get your hands on a service that offers creating ransomware to commission based returns on jacked machines. Yes, that’s true.

Here’s an excerpt from an ‘underground’ forum:


Satan is a free to use ransomware kit, you only need to register on the site to start making your viruses. Satan only requires a user name and password to create an account, althrough, if you wish, you can set a public key for two-factor authentication.
Satan has a initial fee of 30% over the victim’s payment, however, this fee will get lower as you get more infections and payments. All of the user transactions are covered by the server, you’ll always get what the victim paid, minus the fee of course.

When creating your malware you can specify the ransom value (in bitcoins), a multiplier for the ransom after X days have passed, the number of days after the multiplier takes place, a private note so you can keep track of your victims.
Satan is free. You just have to register on the site.
Satan is very easy to deploy, you can create your ransomware in less than a minute.
Satan uses TOR and Bitcoin for anonymity.
Satan’s executable is only 170kb.

If english is not your first language or you speak a second language you can translate the ransom notes to help your victims understand better what is happening.
In case you’re looking for a way to spread the ransomware, there is a droppers page, where you can generate a crude code for a Microsoft Word macro and CHM file.

If you have any problem with the ransomware, you can report it using the leftmost button on the malwares table. The middle blue button is used to update the malware to a newer version, if available, and the green one is used to edit your malware configuration.


 

All in all – this is a big step forward in luring in and incubating talent pertinent to ‘Anti-Security’ professionals aka. hackers, attackers, and the list goes on.

The the humorous part is that – the way this has been publicized; it’s much much better than any security vendors’ product or service offering in terms of marketing the packaged product.  An its an excellent business model for the provider as it fuels not just their current investment however, also takes it a notch up and adds to the revenue from the exploits to next iteration of R&D.

 
Leave a comment

Posted by on February 7, 2017 in Security Posts

 

Security Keynote at Total Security Conference

Last week I delivered a Keynote at Total Security Conference in Hong Kong. This was to share today’s security trends and Juniper vision on cloud as the platform to deliver security. It was both really insightful and fun connecting with the audience; understanding the security landscape in the region and getting to know what the C-Level is looking from a solution perspective to tag along the business imperatives.

Get a sneak peak of the session at http://www.questexevent.com/TotalSecurityConference/2016/hongkong

The slides used for the keynote should be available shortly.

Here are a few photos from the event._DSC2109

 
Leave a comment

Posted by on May 17, 2016 in Events

 

CIPTV2, It’s Official. And its here!!!

Yes, that’s right. Of the two books which were soon to be published – one is published. And so, it’s official – my third book (this time as a co-author) in its physical self – hard cover, 450+ pages. Feeling excited and ecstatic!!!

If this topic interests you or someone you know, please read it or recommend it and provide your invaluable feedback. The book is available at following link.

http://click.linksynergy.com/deeplink?id=aV8WWcTd0Yc&mid=24808&murl=http%3A%2F%2Fwww.ciscopress.com/store/implementing-cisco-ip-telephony-and-video-part-2-ciptv2-9781587144554

 

ShowCover.asp

 
Leave a comment

Posted by on March 29, 2016 in CCNP Collaboration

 

Tags: , , , , , , , , ,