CISCO to launch iPhone App

November 22, 2009 by · Leave a Comment 

CISCO is preparing to launch a new security iPhone App. According to their website, the “Cisco® SIO To Go, an Apple iPhone application that puts the power of the Cisco Security Intelligence Operations (SIO) in users’ hands, giving them real-time access to a wealth of actionable global security information no matter where they are. The Cisco SIO iPhone application enables users to personalize alerts to show only those security threats that could impact their network and provides added assurance that they are being protected by their Cisco security solution.”

Some of their planned alerts include:

  • Cisco Product Security Incident Response Team (PSIRT) Alerts
  • Cisco Intrusion Prevention Systems (IPS) Signatures
  • Cisco Applied Mitigation Bulletins
  • Cisco Threat Outbreak Alerts
  • And many others

Sounds like an interesting App… 

Update: App is available now…



Printer Diving

November 21, 2009 by · 2 Comments 

I had an interesting conversation this week. A gentlemen told me that he frequently sees things on printers that are of interest to him. It’s understandable that people often print new diagrams, Org charts, or special project material that others may find interesting. Nothing out of the ordinary there… However, he went further and said that many times he has no idea where the items come from or who they belong to, but if they sit on the printer too long he feels that the documents belong to him.

I found this statement quite humorous at first. Actually, I laughed for a few seconds because I thought he was kidding. As it turns out, he was very serious. I thought about it for a while and realized that this is likely going on all the time in large enterprise environments.  A user could print out a sensitive document to a print station, someone grabs it by accident, and then the document owner shows up to nothing at the printer. Thinking that the printer may have malfunctioned, the document owner may re-print it and think nothing else about it. The other person that grabbed it by accident may eventually decide to return the document to the printer. At that point, the document just sits on the printer to be glanced over by anyone using that printer. Someone could then decide to go “Printer Diving” and pick up the sensitive document without a valid need-to-know.

While this may seem a bit trivial since only authorized employees should have access to print stations, let’s not forget about non-cleared visitors, disgruntled employees, competitors, or simply authorized users without a need to know.  In that regard, printer diving can be compared to dumpster diving.

Gone Facebook Phishing?

November 4, 2009 by · Leave a Comment 

The folks at Appriver recently reported that attackers have started a serious campaign against Facebook users. According to their reports, the botnet is sending over 500 phishing messages per second. And get this, along with stealing your Facebook credentials, the botnet prompts unsuspecting users to download what appears to be an “update.” What the user really gets is malware crafted to target bank account and other financial information.

For more information on this attack, visit the Appriver blog.

Facebook Phishing

Source: Appriver

What is ISO 17799?

September 5, 2009 by · Leave a Comment 

ISO 17799 is a set of standards created by the International Organization for Standardization.  ISO is responsible for creating numerous standards, including the OSI model. ISO 17799 covers a broad range of information security practices and acts as a framework for an organization to establish and implement a security management program. The ten security domains that make up ISO 17799:2000 include:

  • Security policy: This domain provides input into security management from a top-down perspective and the creation of an effective security management program.
  • Organizational security: This domain focuses on both internal and external management of operational security. It isn’t limited to technical controls, but also relationship and reputation issues.
  • Asset classification and control: This domain focuses on organizations, prioritizing, and classifying information based on sensitivity and need for confidentiality and availability. It also covers the day-to-day use and storage of such information.
  • Personnel security: This domain focuses on procedures for hiring, firing, and training of employees. Employees must be screened prior to employment and consent forms need to be addressed and signed.
  • Physical and environmental security: This domain covers the protection of assets from damage to its physical infrastructure and providing access controls via cipher locks or other mechanisms. It also covers HVAC and power controls.
  • Communications and operations management: This domain covers techniques for ensuring secure communications and providing data integrity through the use of firewalls, AV protection, encryption, and backups.
  • Access control: This domain covers access and monitoring controls through the user of discretionary, mandatory, and role based controls. This constitutes authentication and identity management.
  • System development and maintenance: This domain covers change management of systems with the advancement of technology to ensure compatibility and overall quality assurance.
  • Business continuity management: This domain covers strategies for protecting a business from massive outages and prepares a company for unforeseen circumstances such as natural disasters and impromptu recovery missions.
  • Compliance: This domain covers law and legislation from a state, local, and federal standpoint. It goes into protection of trade secrets and intellectual property.

Recently, the standard was revamped and is now known as ISO 270002:2005. In addition to the new version and updates, the domain names are now:

  • security policy;
  • organization of information security;
  • asset management;
  • human resources security;
  • physical and environmental security;
  • communications and operations management;
  • access control;
  • information systems acquisition, development and maintenance;
  • information security incident management;
  • business continuity management;
  • compliance.

Organizations  should create policies for each domain (unique to their mission and objectives).

Where have I been?

September 5, 2009 by · Leave a Comment 

I’ve been poking in and out of this blog for a while now. Why? Well, I’m working on my first book. So in between writing, blogging, working, and life, I’ve been quite busy… Subscribe to my feed for upcoming information on my book.

How to configure ACLs on the Cisco ASA

August 1, 2009 by · Leave a Comment 

The access control list (ACL) methodology on the Cisco ASA is interface-based. Therefore, each interface must have a specified security level (0-100), with 100 being most secure and 0 being least secure. Once configurations are in place, traffic from a more secure interface is allowed to access less secure interfaces by default. Conversely, less secure interfaces are blocked from accessing more secure interfaces.

Some common commands used to configure Cisco ASA interfaces include:
nameif – used to name the interface
security-level – used to configure the interface’s security level
access-list – used to permit or deny traffic
access-group – applies an ACL to an interface

We can configure an access list to permit or deny traffic, based on a specific port or protocol. With deny-by-default, everything is automatically blocked and must be explicitly allowed.

Let’s say we want to configure an ACL on an ASA to permit all FTP traffic from any host to To do this, we must input the following ACL:

ASA(config)# access-list OUTBOUND permit tcp any host eq ftp

As you can see, we specified TCP, or transmission control the protocol, from any host to only the IP address we want to permit. In addition, we specified only port 21 using eq (equal) and ftp. This is because FTP traffic is sent via port 21.

To view the hit count on our access lists, simply type the command: show access-list OUTBOUND.

To remove the access list, simply type the command: clear access-list OUTBOUND

I hope I haven’t lost you….

A few things to keep in mind…you can only apply one access list per interface, per protocol, per direction. That is, make sure you create two ACL groups, one for outbound and the other for inbound traffic on each interface.

If you’re uncomfortable typing the various syntaxes and are a more visual person, the ASA ASDM is your friend. ASDM stands for Adaptive Security Device Manager. This tool provides a easy to use GUI (graphical user interface) with point and click capabilities. A screenshot of the ASDM is provided below:


Source: Experts-Exchange

If you’re looking to become certified on the CISCO ASA, the new exam covers quite a bit of ASDM material. While many of the previous exams covered nearly all CLI (command line interface) material, the newer versions (Securing Networks with ASA Foundation and Securing Networks with ASA Advanced) focus much more on the ASDM.

For more information on becoming a CISCO ASA Specialist, see their website here.

Thought of the day

July 14, 2009 by · Leave a Comment 

“Our fatigue is often caused not by work, but by worry, frustration and resentment.”
– Dale Carnegie

So what does this mean to me? Be conscious about what you focus on!

Thought of the day

“A goal properly set is halfway reached.”
-Zig Ziglar

Thought of the day

“If you doubt you can accomplish something, then you can’t accomplish it. You have to have confidence in your ability, and then be tough enough to follow through.”
-Rosalyn Carter

Relationship between a policy, standard, guideline, and procedure

May 16, 2009 by · 2 Comments 

After a recent conversation explaining the relationship between a standard and guideline, I thought I’d post this diagram which clearly shows the relationship, at that of policies and procedures.


Source: CISA Certified Information Systems Auditor Study Guide

« Previous PageNext Page »


Warning: Unknown: open(/home/content/30/5076530/tmp/sess_ijm3lg1r9rvt846n644aaikua4, O_RDWR) failed: No such file or directory (2) in Unknown on line 0

Warning: Unknown: Failed to write session data (files). Please verify that the current setting of session.save_path is correct () in Unknown on line 0