A Reference for all Cisco UC and Security Professionals and Decision Makers

It’s always meddling when those pesky questions around design or deployment of a UC network’s security are raised. More often than not one finds him/her (self) amid a flurry of queries.

Now, there’s a guide, a reference, and a companion to be with you always when there are queries around Cisco IP Telephony / UC security. You won’t be left alone when the discussion is around securing the UC applications or underlying network. Cisco Press publication ‘Securing Cisco IP Telephony Networks’ will be with you to address any and all queries pertinent to secure Cisco UC design approach or deployment strategy.

The book is available in paperback and eBook format:

Cisco Press



Posted by on November 3, 2012 in UC Security Posts


Tags: , , , , , , , , , , , , , , ,

My CCIE 10th Year Anniversary Plaque

My CCIE 10th Year Anniversary Plaque

Today’s a special day. Just got my CCIE 10th Year Anniversary Plaque. In all it’s glory – shining like nothing has ever shined! 7th Dec 2007 was the day when I achieved my first CCIE and then in Feb 2009 the second one. Been a decade and still the memories of that era never fade; and for good.

CCIE 10th Year Anniversary

This plaque is something that reminds me of the grits and guts I put in 10 years ago. A sweet memoir of days when I used to slog day in and day out in preparation of my greatest personal battle – that of achieving the highly coveted CCIE title. It was my love, my life and I adored it not just once but twice – doing my Double CCIE.

“Nostalgia at its best!”

Proud and humble to be one of a few thousand CCIEs across the globe. Good to remember what I stood for and feels even better to keep doing what I love – my passion for technology and zest to learn has only grown with time.

Thank you dear god, my parents, my family and my friends for your love, support, and blessings.


Leave a comment

Posted by on February 2, 2018 in UC Security Posts


2017 – Year in Review and Looking Ahead from Cyber Security Standpoint

It’s been a while that I’ve posted however, it is because my new job and regional profile. I’ve been traveling a fair bit and being kept on the toes  🙂

Not keeping away from facts, 2017 was a year of (cyber)security incidents. From ransom ware for example  Petya to breaches at Equifax and Uber (and so many more), the year was pretty eventful from security perspective. Not just we witnessed big names getting breached and user data ex-filtrated, there was a mass momentum from bad guys to target and bring down key industry players in no time.

In response, security vendors were swift and came out with workarounds and fixes. Moreover, industry became aware of the fact (yet again) that humans are the weakest link in the scheme of cyber security. Vulnerabilities and exploits were introduced by virtue of weak security construct, policies, and configuration.

To sum it up – 2017 was an eventful year and a handful for security analysts and advisers alike. Looking forward – 2018 has had a big bang start with Meltdown and Spectre exploits. We’ll see how 2018 turns out from cyber security perspective however, I have a strong feeling it will be a step up as dark net continues to grow and flourish and the bad guys continue exploiting the connected systems.

Happy New Year to everyone!

Leave a comment

Posted by on January 14, 2018 in UC Security Posts


Into The Cloud 9


Dear All,

I’ll be presenting a life inspired webcast series – Into The Cloud 9 where I will share my life experiences and present my journey through the various phases of my life where I did things further than the customary to leave a mark. The webcasts will walk through my phases in life where I lead charge and drove beyond the usual being an author, a speaker, an evangelist, and an artisan at work; breaking the traditional notions and creating a wealth of information. These webinars are crux of life turning events that I went through; creating opportunities for myself and leading others on a path to leave their legacy – as I would leave one; beyond my existence.

Most people feel (if not say) that they wish to leave some sort of legacy in life. The interesting part is that, even if they don’t say it; there is usually some sort of desire – almost always. Its human nature that we all want to be remembered because being remembered means that our lives had meaning and significance to someone other than ourselves.

People such as authors, speakers, musicians, artists, inventors, and such leave legacies through their bodies of work. But it’s only those who push the bounds beyond the ordinary and challenge the traditions, confines, and status quo of their respective fields of work or their industry; are usually not forgotten because of their boldness and innovation. I’ve pushed the bounds, and I know what it is like to be on the top of a summit.

I love spreading my knowledge about my industry to the masses by my blog, my posts on social media, and most importantly, by my books. How many people you run into have written articles; let apart books? How many would ever want to because it consumes social and personal life to be dedicated to such a noble cause? In the end, those who do or even wish to, I help them wherever possible; in all ways I can.

I am who I am, and I can only change for myself and those around me for betterment of our life because, it’s my passion to guide people into things that are not comfortable however, bear the sweetest fruit when endured. When I speak, I don’t sugar coat things and tell my audience the truth, whether they like it or not it’s their choice. And, by doing it as I gain the respect of thousands of people every year, so can you!

I take risks whenever I can because I know, without risks – there are no rewards. Everyone thinks differently and I admire people who decide that they need to step out and get it done because; they are the ones who make a mark and leave a legacy.

It’s all about leaving a legacy for without one – you were just one of 6 billion people on this planet, who would live and die without being known for anything apart from living a normal life. Your legacy may not be all weighed in coins; but in what you did at large to impact the society; especially the people in your genre, line of business, or community. Be remembered for something, beyond being recognized for being someone!

If you think this is of value to you or someone you know please join me in my journey and realize the untapped potential and lead a life extraordinaire!

The webcasts are being hosted by and you can register (or refer others to) at

With Regards,

Akhil Behl

Leave a comment

Posted by on July 2, 2017 in Events


Don’t be ‘Petyafied’!

Image result for petya check point

Just when the world was recovering from the crisis caused by wannacry – there’s yet another bump in the wire and this time its far more serious than its predecessor. Yes, its’ PETYA.

** By predecessor it’s implied a ransomware although there’s minimal to no relation between these two

First things first – Petya looks like an attempt in all muscle and power to bring down ‘Ukraine’. There’s already mounting evidence that Petya’s focus on Ukraine was deliberate. The initial attacks were limited to just a few specific infections, all of which seem to have been targeted at Ukraine. The highest-profile one was a Ukrainian accounting program called MeDoc, which sent out a suspicious software update Tuesday morning that many researchers blame for the initial Petya infections. Attackers also planted malware on the homepage of a prominent Ukraine-based news outlet, according to one researcher at Kaspersky.

Underline is – The attackers had complete control over where they planted Petya (at least initially) and they chose to plant it in some of the most central institutions in Ukraine.

Now, let’s get to the nuts and bolts of this new kid on the block.

How Petya commences and proceeds?

Petya takes over computers of its victims and demands $300, in Bitcoin. It spreads rapidly across an organization once a computer (first in the organization – known as patient zero) is infected using the EternalBlue vulnerability in Microsoft Windows (Microsoft has released a patch, but not everyone will have installed it) or through two Windows administrative tools. The malware tries one option and if it doesn’t work, it tries the next one. “It has a better mechanism for spreading itself than WannaCry,” said Ryan Kalember, of cybersecurity company Proofpoint. However, unlike WannaCry, ‘Petya’ tries to spread internally within networks, but not seed itself externally.

How to temporarily and permanently stop the infection?

The ransomware infects computers and then waits for about an hour before rebooting the machine. While the machine is rebooting, you can switch the computer off to prevent the files from being encrypted and try and rescue the files from the machine. This is a temporary and corrective measure. For a permanent and preventive approach, make sure the Windows OS is patched with latest patches from Microsoft and you AV/HIPS or host firewall software are updated to protect against this threat.

What if my system is already infected and encrypted?

If your system reboots with the ransom note, please don’t pay the ransom – the attacker’s email address has been shut down by the email provider so there’s no way to get the decryption key to unlock your files anyway. The best way to move forward is to disconnect your computer from the Internet, reformat the hard drive and restore your files from a backup.

** Backing up your files regularly and keep your anti-virus software up to date are highly recommended.

What software can I use to protect against Petya?

One of the post popular host firewall and AV solutions is Zonealram

If you already have any AV software make sure to update. Windows updates as mentioned earlier will help prevent the infection.

It’s one thing about individual PC’s however, what can I do to protect my Enterprise wide network?

Well, there are a couple of ways to offer preventive defense. One is, to segment your network (normal subnet based or micro segmentation using SDN) so to protect critical systems from other user facing systems. This also offers capability to protect between the layers of network, storage, compute and so on within your private DC or your cloud ecosystem. Checkout Check Point’s vSEC solution

The other approach is to have your existing or new firewall gateways to offer Advanced Threat Protection (ATP) as well as endpoint agents offer advanced Sandboxing and on the host defense capabilities. Checkout and

Hope this article helps you be protected from nasty threats and conduct business as usual.

Leave a comment

Posted by on July 1, 2017 in Cyber Security


Tags: , , ,

I don’t ‘Wanna Cry’ – And that’s for a fact!

So, there’s been a rant about the Windows vulnerability and un-patched systems being exploited by Wanna Decryptor. Well, while some of that is supposedly the user’s fault (why to click on something you’re not sure of what it is) and some of it is fault of the way the ransomware has been described in the wilderness. Why the latter you may ask? Simply because, there’s been a lot of hoax and noise about what seems to be yet another ransomware attack – only this time it is related to a vulnerability that was supposed to be fixed only if the users updated Windows.

Apart form the noise, here are some facts and finds pertinent to this specific ransomware.

The malware itself: Wanna decryptor (wncry) ransomware is reported to be based on a tool developed by the NSA to hack into computers. The NSA tool was used by a hacker group called the Shadow Brokers. The code is publicly available and can be found in

Delivery: The malware is delivered as a Trojan through a loaded hyperlink that can be accidentally opened by a victim through an email, advert on a web page or a Dropbox link.

Activation and exploit: Once wncry is activated, the ransomware spreads through the computer and locks all the files. Once the files have been encrypted wncry deletes the originals and delivers a ransom note in the form of a read me file. Moreover, it changes the victim’s computer’s wallpaper to a message demanding payment to return the files.

The specifics: wncry malware modifies files in the /Windows and /windows/system32 directories and enumerates other users on the network to infect.

Mitigation: Use latest AV definitions, personal / corporate firewalls, and don’t click on anything that doesn’t sound right.

Repercussion: $300 ransom to be paid to un-encrypt your data.

Story from Microsoft: Microsoft has not disclosed how it came to know about the vulnerabilities included in the MS17-010 patch.  Microsoft also has not disclosed any information about “in the wild” exploitation of these vulnerabilities. Either way, here’s the location of the security update

Summarizing – this is a big outbreak and getting to know the malware well before running into it serves well. Patch your Windows machines and make sure the AV signatures are updated. And above all, don’t click on anything unintended or unaccounted for.

Leave a comment

Posted by on May 15, 2017 in Security Posts


Tags: , , , ,

CHFI All The Way! My Cyber Security Journey’s Milestone.


It has been a lot of fact, learning and fun filled weeks that I’ve been trying to get a handle on the art of cyber forensics. And like the idiom goes – All is well that ends well. I’ve been able to achieve a milestone to my learning and jousting with computer/network forensics by attaining my Computer Hacking Forensic investigator or CHFI. After CEH this is my second ECC certification (after almost 4 years since I achieved CEH)

So, why forensics or digital/cyber investigation related study and certification? I decided to change gears the forensics way because, it’s one of the least understood and discussed about cyber security stream. Any certification or on the job experience would not normally involve doing forensics or understanding and deploying your inner Sherlock Holmes. This side of cyber security is often unseen, unheard and blindsided in wake of daily operations and business as usual. And that’s what caught my attention – the things which allure the most however, are not very well understood or discussed amongst security professionals.

It’s been a lot of learning and head scratching (well sometimes almost banging my head in the wall over some rather intricate topics), playing around with some tools (like EnCase, Mobiledit) and most importantly understanding how the end-to-end cyber forensics process pans out. I learned a lot and came to know things above and beyond the nature of job that a security professional such as myself may be usually engaged with.

As usual, I’ll share my experience with this certification and my journey to achieve the same. I hope that my experiences are useful and that you can achieve this certification.


The exam itself – This exam has been there since last 7+ years and has evolved a lot from its predecessors. I took the v8.0 as I have been preparing for a while for it although, v9.0 is very muc available since last year. CHFI is a pretty draining exam in that it addresses many areas of cyber forensics from – PC forensics to Mobile forensics to application forensics and finally network forensics. It covers all basics and covers the know how required from a forensics to investigation to conclusion. Which is great as this is something not taught in security 101. What we traditionally learn and practice is network, application and information security; not their underbellies in terms of conducting a forensic investigation, tracing the evidence(s) back to the perpetrator and going through chain of evidence/custody. And this goes on and on; you’ll have to use your imagination to guess where. A lot of uncommon topics are more than enough to throw off and it’s not unusual to be lost in the depths of legal obligations or standards and even the way an envidence must be handled from discovery to its presentation to convict the cyber criminals. See the topics covered and other requirements here –
The insights to the exam – The exam is a killer in that it is a 180 degree twist and covers subjects much apart from what we as security professionals are used to do vs. what this certification demands. This is certainly for the folks who have been in the ICT industry for a while and have a good grasp of security – both from network and information security backdrop. The exam is 4 hours long (not that you have to sit for all 4 hours unless it takes that much time to answer all questions) and consists of 150 questions – multiple choice (single and multiple options) as well as true and false type. This is a closed book and proctored certification exam. Now, it is important to note that this exam is only delivered online via and you get an online proctor from Oh yes, before I forget to mention – you need to undergo an eligibility and verification process (and pay a fee for this and other ECC certifications) with EC-Council. You have to go through an application where they verfiy your security experience and only upon successful application you can you sit for the exam. A minimum of 2 years of security experience is required. I was exempted from the eligibility process and application as I already have CEH and more than 10 years of security experience.

My experience during the exam – The questions were very varied and not so much so expected. Saw a lot about basics being tested such as HDD geometry and OSI stack pertinent to forensics and traffic analysis. As expected, there were questions on PC, mobile and network forensics and best practices to lead an investigation. I did enjoy the time during the test and instead of being stressed I maintained my clam to ensure that I don’t get fatigued (both click wise and mental) as well as to ensure that the right choice was indeed the right choice; the first time. 4 hours is more than enough from a time perspective and it takes grits to hold up the security persona during the exam coming from a non-forensic background.

I marked quite a few questions on my way to completion of first pass, as I wold call it. Managed to complete the firt pass in about 2 hours. I completed the second pass in another 15 min or so looking over the marked questions. The worst thing would have been to second guess myself and hence, I changed just a couple of answers where it made absolute and concrete sense. And then submitted for grading. I passed with 93% (70% is the minimal score to pass). And that calls for a happier weekend knowing that I would have achieved another milestone in my quest for knowledge!

The preparation – For the prep I used a number of resources:

1. CHFI official slides. These are very helpful and that’s where most of my preparation would come from
2. CHFI all-in-one guide. This was also helpful specially with exam practice questions
3. I read through a few other forensics books and articles. To name a few – Computer Forensics a Pocket Guide, Computer Forensics for Dummies, Computer Incident Response, Digital Forensics for Network, Internet, and Cloud Computing, and so on. I skimmed the content where I knew it and read where I knew I had holes from an information and understanding of subject point of view
4. Practiced a few more questions from

Summarizing – This is hands down one of the most alluring and comprehensive certification pertinent to computer and network forensics. Security practitioners and professionals who intend to further their understanding on this subject matter (which is quite interesting and uncommon) should go for it. For me, it was the journey that was more rewarding than the certification.


1 Comment

Posted by on April 29, 2017 in Cyber Security


Tags: , , , , , ,

IoT Hack = Security Lapse. And its just the beginning

Dallas, Texas – On Apr 8 2017, around 11:42 PM for no apparent reason, 156 tornado sirens went off (all together) and woke up what can be best described as – scared and baffled residents. When the sirens repeated in 90-second cycles, the locals thought they were being (or about to be) bombed.

Dallas Mayor – Mike Rawlings posted an update for citizens on his Facebook page ( where he described the incident as the hack i.e. an attack on emergency notification system. He also wrote, “This is yet another serious example of the need for us to upgrade and better safeguard our city’s technology infrastructure.”

The news was posted on many major news channels and websites – including CNN

The most comprehensive coverage is fro

Now, while news channels/websites and reporters talk about the situation and have provided updates on how the issue was handled and finally resolved – lets consider some facts and try to derive some inference from the incident from cyber security perspective.

First – it is more than assured that this was an intentional hack and not a ‘mistake’ by someone in the emergency service grid. Hence, this infers that; the security controls deployed were either not enough or not tested properly during the planning and deployment cycles. At first there were speculations of the system not being controlled at all by a back-end software however, that was ruled out and this proves the point enough – integrating security (controls) in every system (offline or online) from planning, deployment and testing point of view should be an absolute zero tolerance exercise.

Second, the hacker(s) were motivated and determined to make it happen – at the most awkward hour. This hacker or hacking group made it look easy enough without leaving much of an evidence that the trail could be picked up and the perpetrator of the cyber crime is apprehended.

Third, connected systems expose the attack surface – and yes while this is a known fact, who would imagine that an emergency system grid could be hacked? That too – whole of it!! It is supposed to be a closed and monitored system – isn’t it? This brings us to the discussion where we can either discuss about standards not being in place from IoT / grid computing security point of view or we can simply say – it is about time someone did something about cyber security pertinent to public and government deployment. While this was clearly an issue with implementation of security for the sensors; this could go well beyond just the alarms as more often than not, one emergency system is connected to another e.g. 911 has taps into fire, police etc.

Last but nevertheless most importantly – while security analysts analyze and wonder how this could have been pulled off, for the people who experienced this ‘it was very real and scary’. This serves well to remind us all that how helpless we feel when technology is abused.

Note: The intent of this article was not to give the information that is widely available in terms of this incident however, to further deep dive and see the causalities of ill-fated security systems/controls. And, to extrapolate the kind of damage that can be done at large – anywhere in the world by that someone nasty – who knows how to get pass the security  (if at all there was some). 

Leave a comment

Posted by on April 20, 2017 in Cyber Security


Tags: , , , ,