When we think of security the image of firewalls, anti-malware protection, and the latest and greatest in network access control pops in our head. With Cisco ISE servers providing NAC services, ASAs providing firewalling on our network edge, and AMP for Endpoints providing malware protection on our laptops we think we are secure. But are we? Have we forgotten the very first line of security?
This year’s AWS re:Invent has come and gone. This year 45,000 people from around the world descended on Las Vegas for one week. Participants were treated to a myriad of breakout sessions, labs, certification exams, and parties (it is Vegas after all). For the first time re:Invent spanned multiple convention centers. The Sands Convention Center was the main center with the Mirage, Aria, and MGM acting as secondary centers.
On Monday Mathy Vanhoef and Frank Piessens, from the University of Leuven, published a paper disclosing a series of vulnerabilities that affect the Wi-Fi Protected Access (WPA) and the Wi-Fi Protected Access II (WPA2) protocols. These vulnerabilities described a set of scenarios where a malicious user can perform a man-in-the-middle replay attack on wireless users connected to the network using the WPA and WPA2 wireless protocols. By spoofing the address of an access point and replaying the authentication 4-way handshake the malicious user can force the supplicant end device to reinstall an old key-pair, which is why it is being referred to as “KRACK” (Key Reinstallation AttaCK).
You have been working as a network administrator for your company for a few years now. In that time you have been asked to complete a handful of network projects; a new office turn up here, replace some switches or a router there. The whole time you work from old templates or, in the case of replacement gear, just copy and paste the old config. Have you ever really stepped back and looked at the network as a whole, or more importantly do you have time?
Recently I deployed Cisco’s AMP for Endpoints for a 50-user organization. For the uninitiated, AMP for Endpoints is Cisco’s cloud based, enterprise grade, advanced malware protection software that is deployed to each end device in the network. Each endpoint reports back to the central cloud controller and is managed by the controller. Cisco integrated AMP for Endpoints with Cisco’s ThreatGRID to provide deep threat analytics; analyzing millions of files and correlating them against hundreds of millions of malware samples. The controller can then push these new signatures to each endpoint automatically, protecting the device.
For many AWS customers, their workloads are located in one region, and in many cases their applications are utilizing only one availability zone within a region. To use the S3 outage as an example, the Simple Storage Service (S3) outage was localized to only the US East Region. Had customers replicated their S3 data to an additional region and utilized Amazons failover platform the outage would have gone unnoticed to all but the operators at AWS.
By now I am sure most of us have heard of Amazon’s AWS, or Amazon Web Services, but how many of us know of its full potential. The biggest myth around AWS is that it is a cloud service for developers and doesn’t have a place for the enterprise environment however, while AWS offers a lot of platform services aimed at the developer, at its core, it offers a set of rich infrastructure services. Let’s look at these core services and how they relate to the enterprise customer.
Currently I am working on a project where I am going through and optimizing a large set of Access Control Lists (ACL) on a set of 5585 Firewalls. While going through each ACL I have noticed a few mistakes other engineers have made while configuring these rules. I have compiled a list of these common mistakes. The focus of this blog will be around ACLs on Cisco ASA’s; however these rules still apply to other devices as well.
Subscribe to the informative Newsletter to be Notified Updates in the Technology world.