Jaeson Schultz and Craig Williams recently posed on the Cisco security blog about research on the latest snowshoe spam trends being seen. They explain the problem, what they are seeing and suggestions for remediation. The original post can be found HERE.
Every so often, we observe certain spam campaigns that catch our interest. On August 15, we observed a particular spam campaign that caught our attention because it was using “snowshoe” spam techniques combined with PDF exploitation. While neither of these techniques are new, we have seen a growing trend involving snowshoe spam and we wanted to explain why the bad guys seem to be moving in that direction with a real world example. As you can see from the chart below, we’ve seen the amount of snowshoe spam double since November of 2013.
My Lab – ASA5515, w520 (hosting ISE, NCS, Lancope, WSA and ESA), 3560 8 port switch, 2504 Controller + AP
I recently picked up an ASA5515 with Solid State Drive to support the next generation firewall features also known as ASA CX. This post will explain how to build a ASA CX home lab. I found limited troubleshooting documentation so hopefully my lessons learned would help you avoid my mistakes. I will stop once I can access the ASA and CX via direct GUIs and ASDM management. I will do another post on adding ASA/ASACX to PRSM and features overview as a Part 2 post. Continue reading →
The Internet is not a safe place. Best practice is protecting users with a Web Security solution. The ideal solution should be able to identify the attackers meaning verifying the source of the threat along with various methods to look for attacks. Cisco accomplishes this through a combination of global correlation (IE verifying if the source is malicious based on things like location, time the source has ben active, reputation, content, etc.), malware scanning and traffic monitoring.
The flagship web security solution from cisco is the Web Security Appliance (WSA) coming from the 2007 Ironport acquisition. Other web security options are a cloud offering and next generation firewall addition to the ASA firewall known as CX. More on Cisco’s Web Security options can be found HERE. Continue reading →
Today’s threat landscape is loaded with malicious websites, malware and other risks that attack users every nanosecond of the day. There isn’t a single product available that can guarantee protection from cyber threats. Older solutions leveraging static technologies such as signatures are not good enough. The best approach for dealing with advanced threats is continuously monitoring the entire network through layering security technologies. Continue reading →
Its shocking how organizations are compromised due to administration carelessness such as using default passwords or advertising sensitive information on public sources. Many companies purchase top dollar security solutions however fail at addressing the most common security weakness; enforcing thorough security policies. One popular reconnaissance technic known as Google Hacking (however can use other search engines) can expose confidential information, vulnerabilities and login credentials using Internet search engines. Here are some tips to avoid being abused by Google Hacking or other reconnaissance techniques. Continue reading →
Today’s Internet is a dangerous place. Imagine a small village with law and order surrounded by a wall keeping out miles of ungoverned ruthless territory. Most known websites surfed daily by your users make up a small percentage of the total Internet. The remaining 80% or more of uncategorized websites are contaminated with Botnets, malware and short-lived websites targeting your users. Many of these malicious websites are embedded in trusted sites such as social networks by hiding in advertisements or silly links posted by your friends. The best protection for this threat vector is limiting Internet usage to trusted websites and monitoring those websites for malicious applications. Continue reading →
Many corporations fail to establish and enforce a network policy. A network policy is a set of conditions, limitations, and customized settings designed to control how authorized subjects use network resources. Common examples of a network policy are controlling access to adult, gambling, hacking, blacklisted and other website categories that violate human resource (HR) and security standards. Network Policy requirements can change based on device type, time of day and user role. Its key that network policy is automatically enforced rather than something end-users choose to abide by or most likely will fail when most needed. Continue reading →
The web is a dangerous place so its extremely important to have web proxy / content filter technology protecting users that access it. I had a roommate years ago who purchased a computer and within hours had every virus, malware and what not clogging his new machine. I’m sure he didn’t have the best surfing habits however that doesn’t mean the average user is less likely to be infected. What most people don’t realize about websites is they are like a Paint By Numbers canvas leveraging other websites to fill in the colors. For example, if you see a RealAudio video on a website, guess what … you have surfed both that embedded video’s website and the host website. The same goes when there are hidden links that download malicious malware on what you believe is a safe website. Continue reading →