The document discusses the evolution of network security over time as networks have become more complex and connected. It describes how early networks were simpler but grew larger and became virtualized and located in multiple cloud environments. This trend of increased connectivity between all kinds of devices and systems from any location creates new security challenges. The document advocates for increased security automation through standards and highlights some recent cyber attacks to demonstrate ongoing threats. It suggests collaboratively sharing ideas and brainstorming as ways to improve network security defenses.
18. Modern workers—
particularly young
“Millennials”—want the
freedom to browse the web
not only when and how
they want to, but also with
the devices they choose.
18
23. …the ANY to ANY dilemma:
• People to Machine
• Machine to Machine
• People to People
• From Any Device
• From Any Location
• At Any Time
• Data from Any Data Center
and from Any Cloud
23
24. …but in this new “trend” I am not only talking
about these
24
25. …but in this new “trend” I am not only talking
about these
25
27. Meters pre-configured Objective Function DAO advertises IPv6
with Utility Network (SSID) Rank = Minimum ETX address of meter and
X.509 Cert, EUI-64 ID (pre-configured) parents
802.15.4 Rx Signal Meters only maintain
Strength Indicator used to default route to DODAG
qualify ETX root
DHCPv6 Client used for
address autoconfiguration
RPL in non-storing mode
DHCPv6 Relay function Root generates source
passes all requests to routes when needed
FAR (DODAG root)
DHCPv6 requests passed
to DHCP server
RPL run-time parameters
configured at DODAG root
using DIO message
32. Basic Definitions
What Is Software Defined Network (SDN)? What Is OpenFlow?
“…In the SDN architecture, the control and data planes are “…open standard that enables researchers
decoupled, network intelligence and state are logically to run experimental protocols in campus networks. Provides
centralized, and the underlying network infrastructure is standard hook for researchers to run experiments, without
abstracted from the applications…” exposing internal working of vendor devices…”
Source: www.opennetworking.org Source: www.opennetworking.org
What is OpenStack? What is Overlay Network?
Opensource software for building public Overlay network is created on existing network infrastructure
and private Clouds; includes Compute (Nova), Networking (physical and/or virtual) using a network protocol. Examples of
(Quantum) and Storage (Swift) services. overlay network protocol are: MPLS, LISP, OTV and VXLAN
Source: www.openstack.org
33. In an SDN network, the controller could
potentially be seen as a single point of
failure risk for the network.
If the controller is attacked, the entire
network it controls is potentially at risk.
33
36. Cloud
Internet of Everything
Identity
Privacy
Social Media APT
Mobility BYOD
Advanced Malware
Big Data
Next Gen Data Centers Social Engineering
36
37. Video
Cloud Data Center
Consolidation
Service
Campus
Mobility/ Provider Virtualization
BYOD & Cloud
Branch Business Continuity
Security
Disaster Recovery
Data Center
CAPACITY COMPLEXITY COST
“Do I have the right “How do I simplify “How can I be operationally
performance to scale?” deployments?” efficient?”
The IT Management Challenge: “Is My Network Ready?
40. HOW CAN I BECOME MORE EFFICIENT
AUTOMATION?
40
41. Security Automation Evolution
The perception of the security automation evolution
Robust support for relevant
Security Automation standards to ensure multi-layer
interoperability / standards interoperability
CLOSED SOLUTIONS EVOLVING MATURITY MATURE IMPLEMENTATIONS
PAST FUTURE
WE ARE ABOUT HERE
42. Vulnerability Machine Readable Content
Cisco is committed to protect customers by sharing critical security-related
information in different formats.
OVAL: Cisco IOS Vulnerability Assessment Common Vulnerability Reporting
• Cisco PSIRT is including Open Vulnerability and Framework (CVRF)
Assessment Language (OVAL) definitions in • In addition to OVAL definitions, PSIRT is
Cisco IOS security advisories. also publishing CVRF content for all Cisco
• OVAL provides a structured and standard security advisories.
machine-readable content that allows • CVRF allows vendors to publish security
customers to quickly consume security advisories in an XML (machine-readable)
vulnerability information and identify affected format.
devices. • CVRF has been designed by the Industry
• OVAL can also be used to verify that the Consortium for Advancement of Security
patches or fixes that resolve such on the Internet (ICASI), of which Cisco is a
vulnerabilities were successfully installed. member and took a major role in its
• OVAL content can be downloaded from each development.
Cisco IOS security advisories
43. Top Android Malware Types
Android malware encounters grew 2,577%
over 2012
However, mobile malware only makes up a
small percentage of total web malware
encounters.
Source: Cisco’s Annual Security Report
43
48. RED OCTOBER (aka ROCRA)
Large-scale cyber espionage campaign discovered by
researchers from Kaspersky Lab.
Very clever attacks that many are now claiming have been
taking place for more than five years!
Compared with other malware that has been associated with
cyber espionage such as Duqu, Flame, and Gauss.
http://blogs.cisco.com/security/red-october-in-january-the-cyber-espionage-era 48
49. RED OCTOBER (aka ROCRA)
Some of the Vulns:
CVE-2009-3129 -- Microsoft Office Excel Featheader Record Processing Arbitrary Code Execution
CVE-2010-3333 - Microsoft Office Rich Text Format Content Processing Buffer Overflow
CVE-2012-0158 - Microsoft MSCOMCTL.OCX ActiveX Control Remote Code Execution
CVE-2011-3544 - Oracle Java Applet Rhino Script Engine arbitrary code execution vulnerability
Network Device Configuration Harvesting
Malware contained a large list of hardcoded commonly-used SNMP community strings that were
used to attack infrastructure devices.
+ credential information collected from Word and Excel Documents on affected systems
49
50. Just one example: OPERATION ABABIL
Huge DDoS attack (volumetrics) campaign which was aimed at U.S.-based
financial institutions.
50
Public clouds, private clouds, hybrid clouds… Infrastructure as a service, PaaS, SaaS, etcetcInformation can be in any cloud at any datacenter….
This is how we have changed….
In the Internet of Everything, connections are what matter most. The types of connections, not the number, are what create value between people, processes, data, and things. The Internet of Everything is quickly taking shape, so the security professional needs to think about how to shift their focus from simply securing endpoints and the network perimeter…
Openstack – is an open source cloud computing project started by Rackspace and NASA in 2010. The use of it is to provision cloud.It is free open source software that follows Apache License.
We continue to look for points of differentiation in our markets, the network continues to play a vital role in enabling businesses to adopt new technologies and applications to help them grow. The creation of an infrastructure that is scalable, intelligent, and ready to support the demands and applications of today and tomorrow, while protecting customer investments, is essential. They understand that the impact of some of these mega trends is not going to be silo’d but have a ripple effect across their entire organization. They have to deal with this proactively, as it can adversely impact their business. So they are looking at CAPACITY PLANNING (on their ability to maximize capacity, performance, scale, bandwidth considerations), REDUCING COMPLEXITY (i.e. not just throwing bandwidth at the problem, but being focused on driving infrastructure efficiency, making deployments more simpler , and thirdly COST REDUCTION, i.e. not just look at CAPEX, which has some benefits, but looking at lowering their TCO strongly considering cost reduction with operational efficiency. So each IT will have to understand if their network is ready for these mega trends.
We continue to look for points of differentiation in our markets, the network continues to play a vital role in enabling businesses to adopt new technologies and applications to help them grow. The creation of an infrastructure that is scalable, intelligent, and ready to support the demands and applications of today and tomorrow, while protecting customer investments, is essential. They understand that the impact of some of these mega trends is not going to be silo’d but have a ripple effect across their entire organization. They have to deal with this proactively, as it can adversely impact their business. So they are looking at CAPACITY PLANNING (on their ability to maximize capacity, performance, scale, bandwidth considerations), REDUCING COMPLEXITY (i.e. not just throwing bandwidth at the problem, but being focused on driving infrastructure efficiency, making deployments more simpler , and thirdly COST REDUCTION, i.e. not just look at CAPEX, which has some benefits, but looking at lowering their TCO strongly considering cost reduction with operational efficiency. So each IT will have to understand if their network is ready for these mega trends.
This is not to say that actors in the shadow economy do not remain committed to creating ever-more sophisticated tools and techniques to compromise users, infect networks, and steal sensitive data, among many other goals. In 2012, however, there was a trend toward reaching back to “oldies but goodies” to find new ways to create disruption or evade enterprise security protections.
Cisco Device Configuration HarvestingAdditionally, the malware in question has been observed to harvest the configurations of Cisco networking equipment. Cisco PSIRT has been in direct communication with the research team at Kaspersky and has received confirmation from them stating that the network device configuration and other information were obtained by exploiting weak Simple Network Management Protocol (SNMP) community strings and network device passwords. These attacks were not due to a known or unknown Cisco vulnerability. The malware contained a large list of hardcoded commonly-used SNMP community strings that were used to attack infrastructure devices.
Cisco Device Configuration HarvestingAdditionally, the malware in question has been observed to harvest the configurations of Cisco networking equipment. Cisco PSIRT has been in direct communication with the research team at Kaspersky and has received confirmation from them stating that the network device configuration and other information were obtained by exploiting weak Simple Network Management Protocol (SNMP) community strings and network device passwords. These attacks were not due to a known or unknown Cisco vulnerability. The malware contained a large list of hardcoded commonly-used SNMP community strings that were used to attack infrastructure devices.
Operation AbabilDuring September and October 2012, Cisco and Arbor Networks monitored a targeted and very serious DDoS attack campaign known as “Operation Ababil,” which was aimed at U.S.-based financial institutions.” The DDoS attacks were premeditated, focused, advertised before the fact, and executed to the letter. Attackers were able to render several major financial sites unavailable to legitimate customers for a period of minutes—and in the most severe instances, hours. Over the course of the events, several groups claimed responsibility for the attacks; at least one group purported to be protesting copyright and intellectual property legislation in the United States. Others broadcast their involvement as a response to a YouTube video offensive to some Muslims.
Spam
we want to make sure that our evolution does not lead into broken things... or into the wrong direction...
Out of all the different security automation standards out there; which ones are you prioritizing and why?How can we (security community) increase better collaboration?For the standards/protocols that aremore “mature” (i.e., OVAL); how can we increase adoption within vendors /community?How do you currently exchange security content?