Phone : +1 (800) 980-1130 | Email : info@hensongroup.com   |  | 
Category Archives: Cisco

I

n Mar 9 2015, the Project Zero team at Google revealed findings from new research related to the known issue in the DDR3 Memory specification referred to as “Row Hammer”. Row Hammer is an industry-wide issue that has been discussed publicly since (at least) 2012.

The new research by Google shows that these types of errors can be introduced in a predictable manner. A proof-of-concept (POC) exploit that runs on the Linux operating system has been released. Successful exploitation leverages the predictability of these Row Hammer errors to modify memory of an affected device. An authenticated, local attacker with the ability to execute code on the affected system could elevate their privileges to that of a super user or “root” account. This is also known as Ring 0. Programs that run in Ring 0 can modify anything on the affected system.

 

Read More : http://blogs.cisco.com/security/mitigations-available-for-the-dram-row-hammer-vulnerability

In mid-2013, a problem occurred that slowly began unmasking the hidden registration information for owners’ domains that had opted into WHOIS privacy protection. These domains all appear to be registered via Google App [1], using eNom as a registrar. At the time of writing this blog, there are 305,925 domains registered via Google’s partnership with eNom. 282,867 domains, or roughly 94% appear have been affected [2]. (Google reports that new domains which have not faced a renewal period are not affected and many businesses do not opt into their privacy service.) The information disclosed included full names, addresses, phone numbers, and email addresses for each domain. The information was leaked in the form of WHOIS records.

More Details : http://blogs.cisco.com/security/talos/whoisdisclosure
0 Likes
Share

Linux containers, as a lighter virtualization alternative to virtual machines, are gaining momentum. The High Performance Computing (HPC) community is eyeing Linux containers with interest, hoping that they can provide the isolation and configurability of Virtual Machines, but without the performance penalties.

In this article, I will show a simple example of libvirt-based container configuration in which I assign the container one of the ultra-low latency (usNIC) enabled Ethernet interfaces available in the host. This allows bare-metal performance of HPC applications, but within the confines of a Linux container.

Before we jump into the specific libvirt configuration details, let’s first quickly review the following points:

What “container” means in the context of this article.
What limitations exist making it impossible to rely solely on (the available) namespaces to assign host devices to containers and guarantee some kind of isolation.
What tools can be used to bridge the above-mentioned gaps.
Introduction to Linux Containers

Fun fact: there is no formal definition of a Linux “container.” Most people identify a Linux container with keywords like LXC, libvirt, Docker, namespaces, cgroups, etc.

Some of those keywords identify user space tools used to configure and manage some form of containers (LXC, libvirt, and Docker). Others identify some of the building blocks used to define a container (namespaces and cgroups).

Even in the Linux kernel, there is no definition of a “container.”

However, the kernel does provide a number of features that can be combined to define what many people call a “container.” None of these features are mandatory, and depending on what level of sharing or isolation you need between containers — or between the host and containers — the definition/configuration of a “container” will (or will not) make use of certain features.

In the context of this article, I will focus on assignment of usNIC enabled devices in libvirt-based LXC containers. For simplicity, I will ignore all security-related aspects.

Network namespaces, PCI, and filesystems

Given the relationship between devices and the filesystem, I will focus on filesystem related aspects and ignore the other commonly configured parts of a container, such as CPU, generic devices, etc.

Assigning containers their own view of the filesystem, with different degrees of sharing between host filesystem and container filesystem, is already possible and easy to achieve (see mount documentation for namespaces). However, what is still not possible is to partition or virtualize (i.e., make namespace-aware) certain parts of the filesystem.

Filesystem elements such as the virtual filesystems commonly mounted in /proc, /sys, and /dev are examples that fall into that category. These special filesystems provide a lot of information and configuration knobs that you may not want to share between the host and all containers, or between containers.

Also, a number of device drivers place special files in /dev that user space can use to interact with the devices via the device driver.

More Details : http://blogs.cisco.com/performance/usnic-inside-linux-containers

Last month, I had the privilege, as part of my job, to go to Greece to deploy emergency communications infrastructure. Cisco was asked by partner NGOs to support the influx of people passing through the Greek islands due to the Syrian refugee crisis.

Syria’s civil war is the worst humanitarian crisis of our time. Half the country’s pre-war population, more than 11 million people, have been killed or forced to flee their homes. Hundreds of thousands of refugees are attempting the dangerous trip across the Mediterranean Sea from Turkey to Greece, hoping to find a better future in Europe—and unfortunately not all of them make it across. Those who do, then face steep challenges from strained resources and minimal services due to the enormity of the situation.

This is why they need our help. The majority of the refugee community in Greece is Syrian and the rest are Iraqi and Afghans, trying to escape wars there. The current humanitarian aid effort is led by UN agencies working with the national governments and a multitude of NGO aid organisations. The overall response has been humbling to see, people providing shelter and power to sites, and the local support offered by Greek citizens in welcoming the refugees has been inspiring.

Ten of us (from Cisco, a partner NGO and other corporate disaster response teams) have just returned from the region. We went there with one aim in mind; to install secure Wi-Fi zones and charging stations so that the refugees could contact their loved ones and families back home. For many, they had been out of touch with those that mattered for so long and this was the first opportunity they had to let them know they were safe and ok.

When we first arrived on Greek shores, most of the refugee sites had no communications infrastructure in place at all. The Disaster Response Team had been tasked to bring connectivity to various points along the migration routes, starting in the Greek islands. The importance of this was brought home, as we learned that one of the first questions refugees ask when they get rescued out of their boats is, “Do you have Wi-Fi?”

More Details : http://blogs.cisco.com/ioe/reconnecting-refugees-with-loved-ones-thanks-to-the-cisco-disaster-response-team

The Domain Name Service (DNS) provides the IP addresses of intended domain names in response to queries from requesting end hosts. Because many threat actors today are leveraging DNS to compromise end hosts monitoring DNS is often a critical step in identifying and containing malware infections and investigating attacks. Yet our research found that few organizations actually monitor DNS for security purposes—or at all—which makes DNS a security “blind spot.”

We explore this issue in more detail in the Cisco 2016 Annual Security Report. But here’s one statistic from the report that helps underscore why security teams need to start, or step up, their monitoring of DNS: Our recent analysis of malware validated as “known bad” found that the majority (91.3 percent) of that malware uses DNS in one of three ways:

to gain command and control
to exfiltrate data
to redirect traffic
More Details : http://blogs.cisco.com/security/overcoming-the-dns-blind-spot