Snowshoe Spam Attack Comes and Goes in a Flurry

Jaeson Schultz and Craig Williams recently posed on the Cisco security blog about research on the latest snowshoe spam trends being seen. They explain the problem, what they are seeing and suggestions for remediation. The original post can be found HERE.

Every so often, we observe certain spam campaigns that catch our interest. On August 15, we observed a particular spam campaign that caught our attention because it was using “snowshoe” spam techniques combined with PDF exploitation. While neither of these techniques are new, we have seen a growing trend involving snowshoe spam and we wanted to explain why the bad guys seem to be moving in that direction with a real world example. As you can see from the chart below, we’ve seen the amount of snowshoe spam double since November of 2013.snowshoe1 Snowshoe Spam Attack Comes and Goes in a Flurry

Continue reading

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

Building a next generation firewall ASA CX home lab Part 1 – Configuring ASA 5515 and CX

Labimage Building a next generation firewall ASA CX home lab Part 1   Configuring ASA 5515 and CX

My Lab – ASA5515, w520 (hosting ISE, NCS, Lancope, WSA and ESA), 3560 8 port switch, 2504 Controller + AP

I recently picked up an ASA5515 with Solid State Drive to support the next generation firewall features also known as ASA CX. This post will explain how to build a ASA CX home lab. I found limited troubleshooting documentation so hopefully my lessons learned would help you avoid my mistakes. I will stop once I can access the ASA and CX via direct GUIs and ASDM management. I will do another post on adding ASA/ASACX to PRSM and features overview as a Part 2 post. Continue reading

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

How to configure a Cisco virtual Web Security Appliance vWSA home lab

The Internet is not a safe place. Best practice is protecting users with a Web Security solution. The ideal solution should be able to identify the attackers meaning verifying the source of the threat along with various methods to look for attacks. Cisco accomplishes this through a combination of global correlation (IE verifying if the source is malicious based on things like location, time the source has ben active, reputation, content, etc.), malware scanning and traffic monitoring.

The flagship web security solution from cisco is the Web Security Appliance (WSA) coming from the 2007 Ironport acquisition. Other web security options are a cloud offering and next generation firewall addition to the ASA firewall known as CX. More on Cisco’s Web Security options can be found HERE. Continue reading

VN:F [1.9.22_1171]
Rating: 5.0/5 (1 vote cast)

Cisco’s Cyber Solutions – What Is Happening In Your Network

Watching Cisco’s Cyber Solutions – What Is Happening In Your NetworkToday’s threat landscape is loaded with malicious websites, malware and other risks that attack users every nanosecond of the day.  There isn’t a single product available that can guarantee protection from cyber threats. Older solutions leveraging static technologies such as signatures are not good enough. The best approach for dealing with advanced threats is continuously monitoring the entire network through layering security technologies. Continue reading

VN:F [1.9.22_1171]
Rating: 4.0/5 (1 vote cast)

Defending Against Google Hacking : Know What Can Be Found On Search Engines

Its shocking how organizations are compromised due to administration carelessness such as using default passwords or advertising sensitive information on public sources. Many companies purchase top dollar security solutions however fail at addressing the most common security weakness; enforcing thorough security policies. One popular reconnaissance technic known as Google Hacking (however can use other search engines) can expose confidential information, vulnerabilities and login credentials using Internet search engines. Here are some tips to avoid being abused by Google Hacking or other reconnaissance techniques. Continue reading

VN:F [1.9.22_1171]
Rating: 3.7/5 (3 votes cast)

Web Security Offerings From Cisco: Comparing Cisco NEW CX to IronPort Web Security Appliance WSA

 Web Security Offerings From Cisco: Comparing Cisco NEW CX to IronPort Web Security Appliance WSAToday’s Internet is a dangerous place. Imagine a small village with law and order surrounded by a wall keeping out miles of ungoverned ruthless territory. Most known websites surfed daily by your users make up a small percentage of the total Internet. The remaining 80% or more of uncategorized websites are contaminated with Botnets, malware and short-lived websites targeting your users. Many of these malicious websites are embedded in trusted sites such as social networks by hiding in advertisements or silly links posted by your friends. The best protection for this threat vector is limiting Internet usage to trusted websites and monitoring those websites for malicious applications. Continue reading

VN:F [1.9.22_1171]
Rating: 5.0/5 (11 votes cast)

Enforcing Network Policy Internally, Remotely And To Mobile Devices

 Enforcing Network Policy Internally, Remotely And To Mobile DevicesMany corporations fail to establish and enforce a network policy. A network policy is a set of conditions, limitations, and customized settings designed to control how authorized subjects use network resources. Common examples of a network policy are controlling access to adult, gambling, hacking, blacklisted and other website categories that violate human resource (HR) and security standards. Network Policy requirements can change based on device type, time of day and user role. Its key that network policy is automatically enforced rather than something end-users choose to abide by or most likely will fail when most needed. Continue reading

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

Securing Teleworkers: Building A Remote Access Solution For Teleworking

sales working at home office 300x199 Securing Teleworkers: Building A Remote Access Solution For Teleworking
Securing Teleworkers is at the top of the to do list for many organizations. President Obama signed a bill aimed to significantly boost teleworking by federal employees. There are lots of business benefits from teleworking however permitting remote access to internal resources increases risk. Here are some tips to consider when securing your teleworkers. Continue reading

VN:F [1.9.22_1171]
Rating: 5.0/5 (1 vote cast)