Showing posts with label Security. Show all posts
Showing posts with label Security. Show all posts

Friday, February 10, 2017

Gartner Magic Quadrant for Intrusion Detection and Prevention Systems (2017, 2015, 2013, 2012, 2010 ...)


According to Gartner, “The network intrusion prevention system market has undergone dynamic
evolution, increasingly being absorbed by next-generation firewall placements. Nextgeneration
IPSs are available for the best protection, but the IPS market is being pressured by the uptake of
advanced threat defense solutions.

This Magic Quadrant focuses on the market for stand-alone IDPS appliances; however, IDPS capabilities are also delivered as functionality in other network security products. Network IDPSs are provided within a next-generation firewall (NGFW), which is the evolution of enterprise-class network firewalls, and include application awareness and policy control, as well as the integration of network IDPSs


2017


Gartner’s 2017 Magic Quadrant for Intrusion Detection and Prevention Systems (IDPS)
Cisco and Intel are still in leader quadrant, at the same time Trend Micro comes in as leader now. IBM becomes Challengers.

Saturday, December 31, 2016

Gartner Magic Quadrant for UTM (2016, 2015, 2014, 2013, 2012, 2010,...)

Gartner defines the unified threat management (UTM) market as multifunction network security products used by small or midsize businesses (SMBs) (< 1000 employees).

2016 - Fortinet in Leader Q uadrant 7 Years in a Row since 2009

Gartner Magic Quadrant for Unified Threat Management 2016
Reference:

Sunday, April 17, 2016

Real-Time Cyber Attack Threat Map

More and more security companies use a webpage to show their monitored global security events such as the  Live Status of Cyber Attacks being launched from where and who is the target of that attack. It is become interesting by watching those websites. Actually those are not games but actually happening globally.


1.  Kaspersky CYBERTHREAT REAL-TIME MAP



Tuesday, April 12, 2016

NSS Labs NGFW Security Value Map Report (2016, 2014, 2013, 2012, 2011)

It is good to compare with Gartner Magic Quadrant for Enterprise Network Firewall (2015, 2014, 2013, 2011, 2010) or Gartner Magic Quadrant for UTM (2015, 2014, 2013, 2012, 2010,...)

End users are finding that NGFWs are no longer as limiting in their performance or capability trade-offs as they once were. NSS Labs discovered that many enterprises are choosing NGFW over traditional firewalls for a variety of reasons without feeling that they are compromising on features or performance. Some NGFW solutions scale to tens of gigabits which satisfies the needs of all but the most demanding enterprise WAN connections.

NSS Labs regularly released NGFW Security Value Map™, Comparative Analysis Reports, and Product Analysis Reports.  These results help guide security professionals in the enterprise to make informed decisions when evaluating the many offerings in the industry.

NSS Labs designed the test to focus on the following four areas:
  •     Security effectiveness
  •     Performance
  •     Stability
  •     Total Cost of Ownership (TCO)
2016

Check Point® Software Technologies Ltd. (NASDAQ: CHKP) today announced the company received its eleventh ‘Recommended’ rating from NSS Labs. Check Point’s latest results earned its fifth ‘Recommended’ rating in the NSS Labs Next Generation Firewall Test, delivering top results with the highest block rate (99.8%) from the NSS Labs Exploit Library and tied for the highest security effectiveness score (99.6%).

Hillstone Networks Next-Generation Firewall's high marks include lowest for Total Cost of Ownership (TCO) per Protected Mbps, blocking 99.6% of exploits from the NSS exploit library and blocking 98.32% of live exploits over a 2-month period from December 1, 2015 – January 31, 2016.



NSS 2016 NGFW Group Test SVM

Sunday, March 20, 2016

Ransomware Locked Files on My Test Machine

One of my test machines which I am using to download and test software from Internet was hit by Ransomware recently.

Check out what it did to my machine.

In most computer folders including c driver and d driver, even on the desktop, there are three following files which obviously is from hackers who is asking for money to decrypt your files.:
  • +REcovER+gdqvd+.txt
  • +REcovER+gdqvd+.html
  • +REcovER+gdqvd+.png
 photo 2016-03-20_9-52-10_zpseoi5kqjz.png 

Tuesday, March 8, 2016

How Firewalls (Security Gateways) Handle the Packets? (Traffic Flow)

Different firewall (security gateway) vendor has different solution to handle the passing traffic. This post compiles some useful Internet posts that interpret major vendors' solutions including:
1. Checkpoint
2. Palo Alto
3. Fortigate
4. Cisco
5. Juniper
6. F5



1. Checkpoint Firewall Packets Flow:
Note: Checkpoint can define destination NAT happens at client side (default) or server side. Source NAT always at outbound, and ACL is checked before NAT. More details are on SK85460

Monday, February 8, 2016

Garner Magic Quadrant for Mobile Data Protection (2015, 2014, 2013, 2012, 2011...)

According to Gartner, "Mobile Data Protection (MDP) systems and procedures are needed to protect business data privacy, meet regulatory and contractual requirements, and comply with audits." Additionally, "Most companies, even if not in sensitive or regulated industries, recognize that encrypting business data is a best practice."

2015


Magic Quadrant for Mobile Data Protection Solutions 2015

2014

Checkpoint is in the leader Quadrant for 8 years in a row. McAfee and Sophos are also in the leaders quadrant since 2008

2013

No Changes in Leader's Quadrant from 2012.

2012

If compares 2012 and 2011's Gartner Magic Quadrant diagram, there is not too much changes on leaders quadrant. McAfee, Sophos and Check Point are still leading in this market. No challengers appear yet. In the visionaries quadrant, there are Symantec with others small players. Symantec was in leader quadrant on 2010

2011

2010

2009


2008

Utimaco = Sophos
2007



2006

Monday, December 21, 2015

My Top Network Security Tools

I listed some of my favorite and useful Internet websites and network tools in previous post which has been used in my daily IT life. There are some network security related tools I am using at my environment. This post is a summarize for those tools and also I am trying to extend this list to add more later.

Online Security Scanning

  • Qualys FreeScan - Online Vulnerability Scan can accurately scan your network, servers, desktops or web apps for security vulnerabilities. Scanning takes just minutes to find out where you're at risk.
  • Zscaler - Free, Instant Security Scan is a comprehensive suite of security services delivered from the cloud. It covers email, web and mobile computing. Some services the product provides are anti-malware, browser and application vulnerability management, policy enforcement for mobile computing, bandwidth and QoS management, web filtering, intellectual property protection and regulatory compliance.
  • Acunetix analyze complete web and network from Acunetix servers. You can register for free but full function 14 days online scan.  46% of web applications scanned with Acunetix Online Vulnerability Scanner contained a high risk vulnerability and 87% a medium risk vulnerability as per the 2015 Web App Vulnerability Report by Acunetix
  • Scan my server: provide one of the most comprehensive reports of varieties of security test like SQL Injection, Cross Site Scripting, PHP Code Injection, Source Disclosure, HTTP Header Injection, Blind SQL Injection and much more. Scan report is notified by email with vulnerability summary. But it requires you put a verification seal on your website to confirm your site ownership.

Online Website Security Vulnerabilities & Malware Scan

  • ASafaWeb - Automated Security Analyser for ASP.NET Websites. You also can schedule a regular scanning for your website in case there is any security level change on your website and you will be notified at the first tim.
  • Qualus SSL Labs: provides deep analysis of your https URL including expiry day, overall rating, Cipher, SSL/TLS version, Handshake simulation, Protocol details, BEAST and much more.
  • Quttera - Free Online Website Malware Scanner checks website for malware and vulnerability exploits online
  • SiteGuarding: helps you to scan your domain for malware, website blacklisting, injected spam, defacement and much more. The scanner is compatible with WordPress, Joomla, Drupal, Magento, osCommerce, Bulletin and another platform.
  • Sucuri - Free Website Malware and Security Scanner
  • Tinfoil Security : first audits your website against top 10 OWASP vulnerabilities and then other known security holes. You will need to verify your site by upload a html file, or add a meta tag, or add a DNS record, or manual Tinfoil verification. 
  • UpGuard : is external risk assessment tool uses publicly available information to grade on various factors including SSL, Clickjack attack, Cookie, DNSSEC, Headers, etc.
  • VirusTotal is a free service that analyzes suspicious files and URLs and facilitates the quick detection of viruses, worms, trojans, and all kinds of malware.
  • Web Inspector - Scan a Webpage with entering a URL to find out whether it is malicious or not

Free Security Check / Scanning Tools

  • Microsoft Baseline Security Analyzer (MBSA) can perform local or remote scans on Windows desktops and servers, identifying any missing service packs, security patches, and common security misconfigurations. 
  • Tripwire Free Tools : SecureScan and SecureCheqSecureScan finds security vulnerabilities on your network with Tripwire SecureScan and get instructions on how to fix them. Tripwire SecureCheq is free Microsoft Windows Configuration Security Check tool for Desktops and Servers. It tests for common configuration errors and weaknesses in Microsoft Windows desktops and servers.
  • Retina Gives You Powerful Vulnerability Assessment Across Your Entire Environment. For up to 256 IPs free, Retina Community identifies network vulnerabilities (including zero-day), configuration issues, and missing patches across operating systems, applications, devices, and virtual environments.
  • OpenVAS is a framework of several services and tools offering a comprehensive and powerful vulnerability scanning and vulnerability management solution.

Packets Capturing and Analysing Tools

  • Tcpdump - Packet sniffers
  • Wireshark - Wireshark (known as Ethereal until a trademark dispute in Summer 2006) is a fantastic open source multi-platform network protocol analyzer. It allows you to examine data from a live network or from a capture file on disk. You can interactively browse the capture data, delving down into just the level of packet detail you need. Wireshark has several powerful features, including a rich display filter language and the ability to view the reconstructed stream of a TCP session. It also supports hundreds of protocols and media types. A tcpdump-like console version named tshark is included. One word of caution is that Wireshark has suffered from dozens of remotely exploitable security holes, so stay up-to-date and be wary of running it on untrusted or hostile networks (such as security conferences).
  • CloudShark works entirely in your web browser. No additional utilities, plugins, or downloads.

TCP/UDP Tools

  • TCPView is a Windows program that will show you detailed listings of all TCP and UDP endpoints on your system, including the local and remote addresses and state of TCP connections. 
  • The Process Explorer display details your computer's running processes in a more visual representation than the standard Windows Task Manager. 
  • RINETD - Redirects TCP connections from one IP address and port to another. 

Integrity Check

  • Tripwire - It was a simple tool to check file and folder integrity. Now Tripwire provide a whole set solution to discovers every asset on an organization’s network and delivers high-fidelity visibility and deep intelligence about these endpoints. Tripwire solutions also deliver actionable reports and alerts and enable the integration of valuable endpoint intelligence into operational systems like change management databases, ticketing systems, patch management and security solutions including SIEMS, malware detection and risk and analytics. 

Penetration Test Tools

  • World's most used penetration testing software - metasploit
  • Kali Linux - is the new generation of the industry-leading Debian-based BackTrack Linux penetration testing and security auditing Linux distribution. Kali Linux is a complete re-build of BackTrack from the ground up, adhering completely to Debian development standards. Kali 2.0 Teaser is coming.
  • Nessus® is the industry’s most widely-deployed vulnerability, configuration, and compliance scanner.
  • BackTrack - BackTrack is a free bootable Linux distribution that contains a plethora of open source tools that you can use for network security and penetration testing. The tools are organized into different categories such as ‘Information Gathering’, ‘Vulnerability Assessment’, ‘Exploitation Tools’, ‘Privilege Escalation’ and ‘Maintaining Access’, amongst others.
  • Nmap ("Network Mapper") is a free and open source (license) utility for network discovery and security auditing. 

Proxy Software



Network Automation Tools

  • NetMRI provides automatic network discovery, switch port management, network change automation, and continuous security policy and configuration compliance management for multi-vendor routers, switches, and other layer-2 and layer-3 network devices. NetMRI is the only platform that supports traditional and virtual network constructs (such as VRF) for multi-vendor network automation.

Security Intelligence Tools

  • Lancope, Inc. is a leading provider of network visibility and security intelligence to protect enterprises against today’s top threats. 
  • FireEye Network Security (NX) products, now available in modular 2- and 4-Gbps appliances, enable organizations to prevent, detect, and respond to network-based zero day exploit attempts, web drive-by downloads, and advanced malware that routinely bypass conventional signature-reliant defenses.


Security information and event management (SIEM) 

  • IBM® Security QRadar® SIEM consolidates log source event data from thousands of devices endpoints and applications distributed throughout a network.
  • Splunk is an industry-leading platform for machine data, automatically indexes all your log data, including structured, unstructured and complex multi-line application log data. 

Encryption Tools

  • Truecrypt - a strong encryption utility that can encrypt entire volumes or create an encrypted container within a file system. It has been announced this freeware project no longer maintained on 28 May 2014. 

Windows System/Appication Test Software

  • Sandboxie, which lets you run programs independent of the rest of your system. That way they can't infect, access, or otherwise interfere with your Windows installation. It supports 64bits and Win8. 
  • PowerShadow works both pro-actively and protectively to shield you from anything that threatens the life of your computer system. Installation of PowerShadow is like planting an amazing protection mechanism called the Shadow Mode. It is designed to defend you against millions of viruses, spyware and Trojan horse that would love to invade your system.

Antivirus


Firewall Management Tools

  • Tufin Orchestration Suite: Tufin enables organizations to implement network security changes in the same business day through automation and impact analysis – orchestrating change processes end-to-end across physical environments and hybrid cloud platforms. It automatically designs,  provisions, analyzes and audits network changes from the application layer down to the network layer. 
  • FireMon provides enterprises with security management software that gives them deeper visibility and tighter control over their network security infrastructure. Its Security Intelligence Platform--including Security Manager, Policy Planner, Policy Optimizer and Risk Analyzer--enables customers to identify network risk, proactively eliminate those vulnerabilities and strengthen security throughout the organization, and reduce the cost of security operations. 
  • The AlgoSec Security Management Suite: The AlgoSec suite delivers a complete, integrated software solution for managing complex network security policies -- from the business application layer to the network infrastructure. With powerful visibility across virtual, cloud and physical environments, the AlgoSec suite automates and simplifies the entire security change management process to accelerate application delivery while ensuring security and compliance. The AlgoSec Security Management Suite, which includes Algosec BusinessFlow®, AlgoSec FireFlow® and AlgoSec Firewall Analyzer helps you.  



Friday, May 1, 2015

Gartner Magic Quadrant for Enterprise Network Firewall (2015, 2014, 2013, 2011, 2010)

Gartner, Inc. has released the latest Magic Quadrant for Enterprise Network Firewalls on April 22, 2015:

2015

The biggest change in this year is Juniper lost their challengers position in the magic quadrant based on following reasons. In 2010 Juniper was in leaders quadrant:

"Juniper is assessed as a Niche Player for enterprises, mostly because we see it selected in concert with other Juniper offerings, rather than displacing competitors based on its vision or features, and we see it being replaced in enterprise environments more often than we see it selected. Juniper is, however, shortlisted and/or selected in mobile service provider deployments and large-enterprise data center deployments, primarily because of price and high throughput on its largest appliances." - From Gartner report.

Other small changes from 2014 to 2015:
  • Fortinet is doing pretty good and geting closer to Leaders Quadrant. 
  • In the leader Quadrant, the position between Palo Alto and Check Point is getting closer and closer for last four years.
CheckPoint has been in Leaders Magic Quadrant Since 1997, and Palo Alto becomes leaders since 2011.



2014 

Gartner Magic Quadrant for Enterprise Network Firewall:


Palo Alto and Checkpoint position into leader quadrant again.

This is the third year for Palo Alto and seventeenth year for Checkpoint to list in the leader quadrant.

2013 

Gartner Magic Quadrant for Enterprise Network Firewall:

Note: There is no 2012 Gartner Magic Quadrant for Enterprise Network Firewall

2011 

Gartner Magic Quadrant for Enterprise Network Firewall:


2010 

Gartner Magic Quadrant for Enterprise Network Firewall:


Reference:

Thursday, March 26, 2015

Troubleshooting Java HTTPS Security Warning Message

One of our Internal Website is always having a Security Warning message when using Internet Explorer https to it, but this message is not showing when using Google Chrome.

Symptoms:

As following screenshot shows, a pop-up window will ask you "Do you want to Continue? The connection to this website is untrusted".
 Click More Information link:
 The Warning message will warm you a Risk;
"This application will run with unrestricted access which may put your computer and personal information at risk. The information provided is unreliable or unknown so it is recommended not to run this application unless you are familiar with its source. 
Unable to ensure the certificate unsed to identify this application has not been revoked. 
The digital signature for this application was generated with a certificate from a trusted certificate authority, but we are unable to ensure that it was not revoked by that authority."
Lets drill down again to view Certificate Details:
 From the certificate chain, we can see the local certificate was issued by Verisign G4, Verisign G4 certificate was issued by Verisign G5 (expiring date is Jul 16 2036).

I were able to find out this G5 certificate from Certificate button at IE's Content tab:


Interesting thing is when I use Google Chrome, there is no warning at all. But I did found an Interesting thing on the Google Chrome session:

The connection to this website is using TLS1.0 , which is obsolete cryptography.


Solutions:

From previous More Information of warning message screenshot, we could find out it is coming from Java, since at the bottom, it lets us to visit Java.com for more details. Also it mentioned the certificate could not be verified if revoked before. This warning message must relate to Java's TLS Revocation Settings.


I went back to Java Control Panel and found out there is one setting for "TLS Certificate Revocation". After changed it to Do not check. This warning message is gone.

Another solution for this is to change server side to use ssl only.  I will keep post once get more information regarding this Java security warming message issue.  If you have any better idea why Google Chrome is always fine before any change, please let me know. Appreciated it. 

Monday, February 2, 2015

CVE-2015-0235: GHOST - A Critical Vulnerability in the Glibc Library


GHOST is a 'buffer overflow' bug affecting the gethostbyname() and gethostbyname2() function calls in the glibc library. If a remote attacker can make an application call to gethostbyname() or gethostbyname2(), this vulnerability allows the remote attacker to execute arbitrary code with the permissions of the user running the application.

GHOST was originally published by Red Hat as CVE-2015-0235: https://access.redhat.com/articles/1332213


1. Check Point Response to CVE-2015-0235 (glibc - GHOST)

Solution ID: sk104443
Severity: Low

IPS Protection: 

Check Point released "GNU C Library gethostbyname Buffer Overflow" IPS protection that protects customer environments.
This protection is part of the Recommended_Protection profile. It enables organizations to add a layer of protection to their network while updating their systems with vendor-provided patches.

OS Level Protection: 


  • IPSO OS is not vulnerable.
  • While Check Point Gaia and SecurePlatform operating systems may be susceptible to CVE-2015-0235, there are no known exploits to Check Point software.


Hotfix Packages

Hotfix packages are available for R77.20R77.10R77R76,  and R75.47
R77.20R77.10R77R76R75.47
Gaia
SecurePlatform

2. Juniper: 2015-01 Out of Cycle Security Bulletin: GHOST glibc gethostbyname() buffer overflow vulnerability (CVE-2015-0235)

Vulnerable Products


  • Junos Space
  • CTPView
  • CTP
  • IDP-SA
  • SRC
  • NSM Appliance
  • JSA and STRM Series

SOLUTION:


  • Junos Space: PR 1060102 has been logged to resolve this issue.
  • IDP-SA: PR 1060071 has been logged to resolve this issue in IDP-OS.
  • CTPView: PR 1060060 has been logged to resolve this issue in CTPView.
  • CTP: PR 1060352 has been logged to resolve this issue in CTP-OS.
  • SRC: PR 1060350 has been logged to resolve this issue.
  • NSM Appliance: PR 1059948 has been logged to resolve this issue.
  • QFabric Director: gethostbyname() functions are used internally, but DNS name resolution is not supplied as a service on external ports.
  • Firefly Host/vGW: The C/C++ based daemon running on the vGW/FFH Security VM agent is not exploitable. Also, the vGW/FFH management system (SD VM) is Java based (Apache Java application server) is not applicable.
  • JSA and STRM: A fix is pending release.
  • IDP Anomaly: The IDP anomaly ​SMTP:OVERFLOW:COMMAND-LINE should cover the known SMTP variant of this vulnerability. For easy attack lookup, the Signatures team has linked CVE-2015-0235 as a reference to this anomaly and also made it part of the recommended policy. All these changes will be reflected in the next signature pack which is scheduled to release on 29-Jan-2015 at 12:00 PST.

WORKAROUND: General Mitigation:

The affected gethostbyname() functions are primarily called in response to references to DNS host names and addresses from the CLI or via services listening on the device.  ​Apply and maintain good security best current practices (BCPs) to limit the exploitable attack surface of critical infrastructure networking equipment.  Use access lists or firewall filters to limit access to networking equipment only from trusted, administrative networks or hosts.  This reduces the risk of remote malicious exploitation of the GHOST vulnerability.

3. Cisco : GNU glibc gethostbyname Function Buffer Overflow Vulnerability

Advisory ID: cisco-sa-20150128-ghost:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150128-ghost

Workarounds: 

There are currently no network-based mitigations for this vulnerability or any mitigations that can be performed directly on affected systems.

Sunday, October 19, 2014

Poodle : New SSL 3.0 Bug (CVE-2014-3566)

Oct 14 2014, this bug CVE_2014-3566 has been found as a subtle but significant security weakness in version 3 of the SSL protocol. Severity level is Medium. Basically this vulnerability is not critical as Shellshock and Heartbleed

The vendors's Recommendations: 

1. Check Point response to the POODLE Bites vulnerability (CVE-2014-3566)

a. Check Point Customers

  • Check Point products are not vulnerable to the “POODLE Bites” vulnerability (CVE-2014-3566). See our Security Alert: sk102989
  • Implement the IPS protection, CPAI-2014-1909, to detect or block the use of SSL 3.0
  • Configure Multi Portal, HTTPS Inspection, and Check Point OS to prevent web browser use of SSL 3.0

b. Non Check Point Customers

  • Use Active Directory Group Policy Objects to disable the use of SSL 3.0
  • Update your browser when a patch is available
  • Disable SSL 3.0 in your clients and servers
  • Test if your browser is vulnerable at www.poodletest.com
  • Test if a particular domain name is vulnerable at www.poodlescan.com

2. Juniper Responding:

a. Junos:

Junos OS will update OpenSSL to add support for SSL 3.0 Fallback protection (TLS_FALLBACK_SCSV) in a future release.

Connect Secure (SA / SSL VPN) / Policy Secure (IC / UAC), MAG Series:
Please refer to Pulse Secure TSB16540 for details on mitigating risk from this vulnerability.

b. ScreenOS:

A problem report has been submitted.  Development is in the process of evaluating the best method to resolve this issue.

c. Junos Space:

Disable SSLv3 by changing the following files.

/etc/httpd/conf.d/webProxy.conf
/etc/httpd/conf.d/ssl.conf
/etc/httpd/conf.d/webConf/webProxyCertAuth.conf

The following line needs to be updated to remove references to SSLv3:

Original:
SSLProtocol -ALL +SSLv3 +TLSv1

Updated:
SSLProtocol -ALL +TLSv1

Restart httpd by typing 'service httpd restart'.

A future release of Junos Space will disable SSLv3 by default.

d. STRM/JSA Series:

Development is working on a patch to resolve this issue.

e. NSM3000/NSMXpress:

Edit /etc/httpd/conf/ssl.conf and change the SSLProtocol entry to:
SSLProtocol all -SSLv2 -SSLv3

f. IDP Signature:

Juniper has released signature SSL:AUDIT:SSL-V3-TRAFFIC in Sigpack 2430 to detect SSLv3 traffic.

3. Cisco Event Response: POODLE Vulnerability:

Details are in Cisco Page : 

 Vulnerable Products

Customers interested in tracking the progress of any of the following bugs can visit the Cisco Bug Search Tool to view the defect details and optionally select Save Bug and activate the Email Notification feature to receive automatic notifications when the bug is updated.

Products and services listed in the subsections below have had their exposure to this vulnerability confirmed. Additional products will be added to these sections as the investigation continues.
Collaboration and Social Media
Endpoint Clients and Client Software
Network Application, Service, and Acceleration
  • Cisco ACE 4710 Application Control Engine (A5) [CSCur27691]
  • Cisco ACE10 / ACE20 / 4710 (A3x) [CSCur27985]
  • Cisco ACE30 Application Control Engine Module [CSCur23683]
  • Cisco CSS 11500 Series Content Security Switch [CSCur27999]
Network and Content Security Devices
  • Cisco Adaptive Security Appliance (ASA) Software [CSCur23709]
  • Cisco Email Security Appliance (ESA) [CSCur27131]
  • Cisco Intrusion Prevention System Solutions (IPS) [CSCur29000]
  • Cisco Prime Security Manager (PRSM) [CSCur29172]
Network Management and Provisioning
Routing and Switching - Enterprise and Service Provider
  • Cisco Application Policy Infrastructure Controller (ACI/APIC) [CSCur28110]
  • Cisco IOS and Cisco IOS-XE (IOSd only) [CSCur23656]
  • Cisco Nexus 3000 Series Switches [CSCur28178]
  • Cisco Nexus 9000 (ACI/Fabric Switch) [CSCur28114]
  • Cisco Nexus 9000 Series (standalone, running NxOS) [CSCur28092]
Unified Computing
Voice and Unified Communications Devices
  • Cisco IM and Presence Service (CUPS) [CSCur33203]
  • Cisco Unified Communications Manager (CUCM) [CSCur23720]
Video, Streaming, TelePresence, and Transcoding Devices
  • Cisco TelePresence Advanced Media Gateway 3610 [CSCur33286]
  • Cisco TelePresence IP Gateway Series [CSCur33289]
  • Cisco TelePresence IP VCR Series [CSCur33294]
  • Cisco TelePresence ISDN Gateway [CSCur33282]
  • Cisco TelePresence MCU (8510, 8420, 4200, 4500 and 5300) [CSCur33260]
  • Cisco TelePresence MSE 8050 Supervisor [CSCur33267]
  • Cisco TelePresence Serial Gateway Series [CSCur33297]
  • Cisco TelePresence Server 8710, 7010 [CSCur33274]
  • Cisco TelePresence Server on Multiparty Media 310, 320 [CSCur33274]
  • Cisco TelePresence Server on Virtual Machine [CSCur33274]
  • Cisco TelePresence Video Communication Server [CSCur23698]
Wireless
  • Cisco Wireless LAN Controller (WLC) [CSCur27551]
Cisco Hosted Services

4. Other Vendors

Apple has released a security update at the following link:Security Update 2014-005

Asterisk has released a security advisory at the following link:AST-2014-011

BlackBerry has released a security notice at the following link: KB36397

FreeBSD has released a VuXML document at the following link: OpenSSL -- multiple vulnerabilities


Microsoft has released a security advisory at the following link: 3009008

OpenSSL has released a security advisory at the following link: secadv_20141015

Oracle has released a security advisory at the following link:Cryptographic Issues vulnerability

Red Hat has released a CVE statement and security advisories for bug ID 1152789 at the following links: CVE-2014-3566RHSA-2014:1653, and RHSA-2014:1652


References:

a.  Check Point response to the POODLE Bites vulnerability (CVE-2014-3566)

Friday, September 26, 2014

Shellshock (Bash Computer Bug) Exploited - Responding from Venders


Heartbleed Extension Vulnerability caused lots of worries for Internet system. The affects still do not go away and now Shellshock coming.  This latest vulnerability affects the command line software Bash operating at Linux , Unix and Mac OS X.


Vendors have been posting the patches and suggestions on their websites already. Here is some quick collections for my environment.


1. Checkpoint's Responding:

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk102673

2. Cisco's Responding: 

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140926-bash

3. Juniper's Responding:

https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10648&actp=RSS

4. Vmware:

http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2090740


Note: How it happened? (from Symantec)

An attacker can potentially use CGI to send a malformed environment variable to a vulnerable Web server. Because the server uses Bash to interpret the variable, it will also run any malicious command tacked-on to it.