In the past, I wrote how to build a Lancope Stealthwatch lab found HERE. Since then, Cisco has acquired Lancope and many changes have been made including major improvements to the web GUI. I decided to delete my old lab and build a new one based on the latest 6.7.1 code. This post will cover how to install and configure a Lancope Stealthwatch lab made up of a Manager, Collector and Sensor. Continue reading
Pierluigi Paganini from Security Affairs posted a great article about how Cisco NetFlow could possibly be used to identify Tor clients. The idea is a NetFlow sensor could monitor a certain percent of random generated Tor circuits and possibly link clients back to their users. The original post can be found HERE. Here is the post.
The research revealed that more than 81 percent of Tor clients can be de-anonymized by exploiting a new traffic analysis attack based on Netflow technology.
A team of researchers conducted a study between 2008 and 2014 on the de-anonymization of the Tor users, the team worked to disclose their originating IP addresses. Continue reading
Lancope is a NetFlow based tool that can turn your network into a gigantic sensor grid. This includes routers, switches, wireless access points, virtual systems aka servers in your data center and so on. So rather than having a handful of security tools looking for threats, your entire network takes part in your security defense against cyber attacks. I’ve wrote about Lancope HERE as well as how to build your own Lancope lab HERE. The Lancope team runs a blog found HERE that has provided posts about using their solution to identify the latest cyber attacks. Some interesting articles recently posted focus on threats like Heartbleed, Putter Panda and Saffron Rose. Continue reading
Cisco just formally announced the launch of its Managed Threat Defense (MTD) Service as part of its managed security practice. The goal is offering real-time, predicative analytics to detect and prevent attacks. This is not a typically offering as Cisco will own the equipment and charge for those assets, operational expenditures and monitoring services. This means customers will not be required to purchase Cisco security products to leverage this service. Continue reading
I have recently seen a uptick in DDoS / DoS attacks against my customers and asked questions such as “how easy is it to perform these attacks?”, “who launches these attacks?” and “how can I defend against such attacks?”. I have spoke about this topic in the past however will provide both the executing and defending side of DoS in this post. Continue reading
NetFlow is an important tool for incident responders, providing valuable insight into the activities that take place on organizations networks. NetFlow is capable of summarizing information about network traffic into brief records that may be maintained indefinitely, providing a running history of network connections that may be referenced during incident response.
With all the good NetFlow brings, there are still some misconceptions about NetFlow that need to be dispelled. Continue reading
Controlling who and what access your network is a critical element to keep your resources safe from malicious threats. Network Admission Control (NAC) solutions like the Cisco Identity Services Engine (ISE) can police who and what is permitted network access as well as enforce policy for those devices. Examples would be permitting an administrator with a government furnished Windows 7 laptop access to VLAN 10, which holds internal servers, while provisioning a marketing professional’s iPad with VLAN 20 access, which is limited to Internet and email through the use of ACLs. Continue reading
Lancope enables visibility for security and network performance. Security capabilities focus on identifying insider threats such as botnets, malware and data loss using non-signature network wide correlation of all traffic. Pretty much anything touching the physical or virtual network leaves a footprint known as NetFlow that is investigated for malicious intent and performance statics.
Lancope offers a virtual and physical appliance option for the StealthWatch technology making it easy to build a lab. This post will explain how to build a simple Lancope lab integrated with Cisco ISE 1.2 beta using an Apple Mac mini server hosting vSphere ESXI 5.1 with ASA 5505 firewall. Continue reading