49 Results Found
ASA and PIX software version 7.0 introduced the configuration command nat-control which didn’t exist in previous versions of code. Although training course material for both the SNAF (Securing Networks with ASA Fundamentals) and SNAA (Securing Networks with ASA Advan...
There are some common misconceptions on the part of some of my students as to how VPN sessions are established from either a remote location or remote user to the ASA firewall. In particular, a “gray area” seems to be when the attributes from the tunnel group are app...
I recently was presented with the challenge of logging ALL of the pertinent connection, disconnection, and termination messages associated with the Cisco SSL AnyConnect client without overwhelming the syslog capture display with extraneous messages. This blog will br...
The subject of this week’s post was actually prompted by a question from a former colleague. Soon after the PIX Firewall added support for IPSec Virtual Private Networks, a command was added to the command-line, sysopt connection permit-ipsec. This command was subse...
Occasionally as I'm teaching a Cisco training class, I get an idea for a blog post and it happened again this week. The Securing Networks with ASA Fundamentals curriculum is mostly based on the Adaptive Security Device Manager (ASDM). While the class describes the us...
A feature common to IPSec Virtual Private Network implementations throughout the Cisco product line is Perfect Forward Secrecy (PFS). This optional additional component is now a default supplied configuration setting with the Adaptive Security Device Manager (ASDM) I...
As any network administrator will tell you, the ASA Security appliance (as well as its forerunner, the PIX) are capable of generating massive amounts of log messages, especially when the firewall/security appliance is set to log messages at debug level to the syslog...
Attackers use a method called scanning before they attack a network. Scanning can be considered a logical extension (and overlap) of active reconnaissance since the attacker uses details gathered during reconnaissance to identify specific vulnerabilities. Often attackers use automated tools such as network/host scanners and war dialers to locate systems and attempt to discover vulnerabilities.
Gaining access is the most important phase of an attack in terms of potential damage, although attackers don’t always have to gain access to the system to cause damage. For instance, denial-of-service attacks can either exhaust resources or stop services from running on the target system. Stopping a service can be carried out by killing processes, using a logic/time bomb, or even reconfiguring and crashing the system. Resources can be exhausted locally by filling up outgoing communication links.
Once an attacker gains access to the target system, the attacker can choose to use both the system and its resources and further use the system as a launch pad to scan and exploit other systems, or he can keep a low profile and continue exploiting the system. Both these actions can damage the organization. For instance, the attacker can implement a sniffer to capture all network traffic, including telnet and ftp sessions with other systems.
An attacker needs to destroy evidence of his presence and activities for several reasons like being able to maintain access and evade detection (and the resulting punishment). Erasing evidence of a compromise is a requirement for any attacker who wants to remain obscure and evade trace back. This usually starts with erasing the contaminated logins and any possible error messages that may have been generated from the attack process.
In spite of an organization's best efforts to prevent downtime and avoid compromises, failures will still happen from time to time. “There are only two types of companies: those that have been hacked, and those that will be. Even that is merging into one category: those that have been hacked and will be again,” (FBI Director Robert Mueller). So what is your organization doing about it? How do you plan for failures and security breaches?
Risk is something we deal with on a daily basis. Living in New Jersey and having the occasional storm, I’ve recently performed my own risk assessment determining the value of certain assets and activities and made a decision on what I was willing to spend to reduce risk to what I perceived as an acceptable level. My management of risk was a rather simple case. Sure, in my revised business continuity plan for my home, I’ll make sure that I have more D cell batteries, have my garage door adjusted so it opens manually again, more food I can heat on a stove and that doesn’t rely on refrigeration, and finally I’ll consider a whole house gas generator that uses natural gas, which has always been available to power critical systems like the sump pump in my basement. What if, however, I was a really large business? One with lots of components and interdependencies that require a tight integration in order to succeed? How and where can a large volume of information necessary to management, business continuity, and disaster recovery be correlated and communicated to those individuals who, because of their roles and responsibilities, need to make the critical decisions regarding the management of risk?
While the last few years have brought about many great advances in IT and network technology security and risk management have a critical point. There is a host of new concerns the IT security manager must be concerned with, including social networking, mobile, cloud, and information sharing. This has unleashed a new wave of change and potential risk. Risk management is required to deal with these emerging technologies and should provide the rationale for all information security activities within the organization. You can think of risk management as the process of ensuring that the impact of threats and exploited vulnerabilities is within acceptable limits at an acceptable cost. Risk management requires the use of countermeasures. Countermeasures can include any process that serves to reduce threats or vulnerabilities.
Dell SonicWALL's CSSA (Certified SonicWALL Security Administrator) exam is an open book, online certification exam that certifies a student’s understanding of the SonicOS Unified Threat Management (UTM) operating system. The exam tests a student’s network security knowledge, and their ability to use the GUI menu structure for configuration of standard network security scenarios.
Constant change in the technology landscape has been mirrored by the steady evolution of information security. The current information system environment is increasingly complex, comprising storage, servers, LANs/WANs, workstations, Unified Communications, Intranet, and Internet connections.
There are several advantages to implementing a route-based VPN (a.k.a. tunnel interface VPN) instead of a site-to-site one. Learn more.
According to Cisco marketing, Dynamic Multipoint VPN (DMVPN) “will lower capital and operation expenses, simplifies branch communications, reduces deployment complexity, and improves business resiliency.” Okay. But what is it, really, and why should we care?
Have you ever Googled yourself to see how much of your personal information is online? In many cases it can be pretty scary and include things like your home address, phone number, likes, dislikes, etc. One young man searched for himself and found all of his banking information online. In that case it turned out to be a mistake by a bank employee, exposing the banking information of 86,000 customers.
Many employees are not as well-versed in their company’s security policy as they should be. This may result in workers performing tasks that might seem innocent or benign on the surface, but which actually put the organization at risk of a security breach. Understanding what you are doing (as an employee) or what your users are doing (as a boss or manager), can help you work toward a viable resolution to these situations. In most cases, user behavior changes as well as implementation of new technological solutions can curb exposure to risk and increase security policy compliance.
Pen testers beware. Whether you believe you know and understand all the potential legal issues, read on. First of all, a penetration test or “pen test” is a method that’s used to evaluate the security and/or vulnerabilities in a network. This test is normally conducted externally wherein the tester is attempting to hack a network or computer. Breaking into computers and networks is illegal under the Computer Fraud and Abuse Act (CFAA), and depending on your activities and other factors, other federal laws and state laws may be broken.
One of the main weapons of organized crime on the Internet is the use of junk email, also called spam. Hackers use spam for a number of purposes such as selling counterfeit products (medicines, particularly) to steal your personal or financial information, or to infect your computer with spyware and malware. This malicious software can then hijack your computer and your Internet connection to help propagate itself.
Business Continuity and Disaster Recovery (BC/DR) planning is the process of developing the plans, processes and procedures to respond to the range of incidents. We start with understanding the essential functions of an organization, called Business Impact Analysis (BIA). In life, we set the same priorities: protection of family and friends, shelter, food and water and other life-giving essentials.
The VMware NSX platform combines networking and security functionality directly in the hypervisor and it interoperable with a vast majority of VMware’s products. The platform provides a set of logical networking elements and services, using logical switching, routing, load balancing, VPN, firewall, etc. This product decouples network functionality from the physical devices.
Just like the physical keys to your car or house, passwords add a bit of inconvenience in exchange for security. However, if you've ever been frustrated by password rules (complexity, special characters and numbers, etc.), you might be happy about the latest news.
It should come as no surprise that in this modern era of digital data we need encryption. But what exactly is it? How do you know what kind of encryption you need? If you were to ask someone what kind of encryption they use, they may respond with a specific encryption-based product, like full-disk encryption. Or they may mention an encryption-based protocol, like HTTPS (HyperText Transport Protocol over SSL). But encryption is much more complicated than that.
Whether or not you work in cybersecurity, National Cyber Security Awareness Month (NCSAM) is a great time to start promoting online safety awareness. Every October when NCSAM rolls around, we at Global Knowledge find it is an opportune time to do our part as an NCSAM Champion to spread the word about cybersecurity.
Consider how many financial transactions are performed on the Internet everyday. Protecting all this data is of upmost importance. Cryptography can be defined as the process of concealing the contents of a message from all except those who know the key. Cryptography can be used for many purposes, but there are two types of cryptographic algorithms you need to understand, symmetric and asymmetric. Symmetric uses a single key, whereas asymmetric uses two keys. What else is required to have a good understanding of cryptography? It’s important to start with an understanding of how cryptography relates to the basic foundations of security: authentication, integrity, confidentiality, and non-repudiation.
Google takes security to a whole new level thanks to their years of experience as one of the most popular targets on the internet for would-be hackers and denial of service bots. This led Google to build a sophisticated security infrastructure the likes of which few companies or organizations can claim. Google approaches security holistically and involves everything from the physical data centers, to the data pipelines between them, down to the training of each employee that is responsible for managing the infrastructure.
Despite a growing awareness and preparation for distributed denial-of-service (DDoS) attacks, the overall arc of DDoS attacks is not weakening, but actually gaining more attention from the companies and personnel who have experienced these threats first-hand.
Have you been afraid to implement PowerShell in your environment because of security fears? The reality of PowerShell security doesn’t always match the perception. When compared to other scripting languages, PowerShell is actually more secure by default.
Cybersecurity has matured into a complex and diverse set of functions. Each of these functional specializations represent different roles requiring different knowledge, skills, and abilities.
(ISC)2’s CISSP (Certified Information System Security Practitioner) is a widely desired indicator of cybersecurity knowledge, experience and excellence on the resume of many IT professionals. Learn how to prep for the most comprehensive and in-demand cybersecurity certification.
The CISSP (Certified Information System Security Practitioner) certification exam update in 2018 included a modest revision of the topics and a significant change to the testing process. Preparing for the CISSP exam has become more challenging. Here's everything you need to know about the changes.
Should an organization that is the victim of an intentional nefarious hacking activity resort to retaliation? It’s a question that has been gathering a lot of attention. Retaliating against bad actors might seem appealing, but what are the legal ramifications? In this article, find out if there is a legal precedent to "hacking back."
While IT professionals are most likely to hold certifications in CompTIA and Microsoft, a greater percentage are pursuing credentials in AWS and Cisco in 2019. Here is a list of the five most sought-after IT certifications this year.
There are two types of networks: those that have been hacked and those that will be. To defend against hacks, cyber professionals can benefit greatly from ethical hacking programs.
Based on survey responses from the Global Knowledge 2019 IT Skills and Salary Report, this year’s highest-paying certifications reveal a strong emphasis on particular topics, such as cloud computing, cybersecurity, networking and project management. In fact, cloud and project management dominate the top five spots.
ISACA certifications are some of the most popular and highest-paying in the Global Knowledge 2019 IT Skills and Salary Report. Eleven percent of IT professionals in the United States and Canada are ISACA-certified, and their salaries are 12% above the North American average.
This year, CISSP-certified IT professionals have the third highest global salary ($116,573) and the 10th highest in North America ($123,815). This is nothing new—CISSP has ranked in the top 10 in the U.S. each year since 2015, even coming in first in 2018. CISSP is a top-paying certification year after year. But how has it remained so relevant and valuable?