Interop: Cyberwar test runs yield information about defenses

---

• Interop: Cyberwar test runs yield information about defenses
• Offshoring: Preparing for India's Proposed Privacy Rules
• Facebook, Twitter need corporate security policies
• Cisco ASA Virtual Firewall Configuration
• Startup rolls out 40G data center switches at Interop
• Is OpenFlow a go?
• Integrated identity management: How to get it?
• Top 5 things to do before buying more security technology
• Little new in Obama cybersecurity proposal
• Adobe Flash update puts users in charge of privacy
• Facebook tightens log-in verification
• Unchecked usage can kill cost benefits of cloud services
• White House delivers cybersecurity legislation
• Caught! Facebook admits running anti-Google campaign
• Google jumps gun, adds new Flash Player to Chrome
• As 'big data' grows, IT job roles, technology must change

Interop: Cyberwar test runs yield information about defenses Posted: 13 May 2011 08:32 AM PDT Cyber warfare strategy is getting so sophisticated that network attacks suitable for major assaults are being used instead as trial runs meant solely to probe enemies with the aim of figuring out what their defenses are, an audience at an Interop security talk was told.

Offshoring: Preparing for India's Proposed Privacy Rules Posted: 13 May 2011 08:00 AM PDT India's proposed data privacy regulations could create serious logistical problems for offshoring customers if passed. Offshore outsourcing attorneys and analysts explain how the data protection rules will impact customers.

Facebook, Twitter need corporate security policies Posted: 13 May 2011 06:13 AM PDT Social networks such as Facebook and Twitter open threats to sensitive corporate data that businesses need to deal with aggressively, Interop attendees were told.

Cisco ASA Virtual Firewall Configuration Posted: 13 May 2011 10:28 AM PDT Device virtualization is one of the most popular topics in IT industry today and Cisco has been supporting this concept in the majority of its network devices. In this article we will talk about Cisco ASA virtualization, which means multiple virtual firewalls on the same physical ASA chassis. Virtual ASA is also known as "Security Context". All firewall models (except ASA 5505) support multiple security contexts (i.e virtual firewalls). By default, all models support 2 security contexts without a license upgrade (except the ASA 5510 which requires the security plus license). Each Context has it's own configuration file and security policy, i.e. one context is completely isolated and does not depend on other contexts. The exception is the Admin Context, from which the whole ASA appliance (physical ASA) is managed and also is used to create the other Contexts. For enabling the creation of virtual contexts on the ASA appliance, we must switch to Multiple Context mode. In this mode some features are not available, like Dynamic Routing, IPSEC and SSL VPN, Multicast and Threat Detection. Let's make a little discussion when multiple context mode is advisable and when it is not. When would you want to use multiple security contexts? ●       If you want to use the active/active failover feature. Keep in mind that with active/active failover, you should not use more than half of the available bandwidth. ●       If you are an ISP and need to offer a different security context for each customer. ●       If you need to provide different security policies for various departments, users, or vendors and need to create a separate context for each one. ●       If you'd like to reduce hardware requirements by combining the functionality of multiple firewalls into one. When should you not use multiple security contexts? ●       If you need to provide VPN services such as remote access or site-to-site VPN tunnels. ●       If you need to use dynamic routing protocols. With multiple context mode, you can use only static routes. ●       If you need to use QoS. ●       If you need to support multicast routing. ●       If you need to provide Threat Detection. Now let's consider an example of how Contexts are configured. In the scenario in our topology below, we have one ASA appliance and let's create two contexts for two customers and one admin context for ASA appliance management. Physical Topology Diagram: Logical Topology Diagram: Equipment Used in this LAB ASA 5520 – Cisco Adaptive Security Appliance Software Version 8.0(3) Catalyst 2960 – LAN Lite IOS. Before starting configuration let's check if it works in Single context mode or multiple context mode. As I've already stated, ASA appliance must be in multiple context mode for creating Security contexts. !Verify ASA Operating mode. asa # show mode Security context mode: single ! enable multiple mode, for switching to this Mode, restart is required. asa(config)#mode multiple Then the following output is displayed. ASA Appliance converts the current running configuration into two files: a new startup configuration that comprises the system configuration, and "admin.cfg" that comprises the admin context (stored in the root directory of the internal Flash memory). The original running configuration is saved as "old_running.cfg" (in the root directory of the internal Flash memory). WARNING: This command will change the behavior of the device WARNING: This command will initiate a Reboot Proceed with change mode? [confirm] Convert the system configuration? [confirm] ! The old running configuration file will be written to flash The admin context configuration will be written to flash The new running configuration file was written to flash Security context mode: multiple *** *** — SHUTDOWN NOW — *** *** Message to all terminals: *** ***   change mode Rebooting…. Booting system, please wait… !after rebooting verify ASA Operation mode asa# show mode Security context mode: multiple After restarting let's start configuration of Contexts. First configure the admin context. !Configure the admin context asa(config)# admin-context admin asa(config)# context admin asa(config-ctx)# allocate-interface Management0/0 asa(config-ctx)# config-url disk0:/admin.cfg !configure the Sub-interfaces for Customer1 interface GigabitEthernet0/1.11 vlan 11 interface GigabitEthernet0/0.21 vlan 21 !configure the Sub-interfaces for Customer2 interface GigabitEthernet0/1.12 vlan 12 interface GigabitEthernet0/0.22 vlan 22 Now we start creating contexts for Customer-1 and Customer-2 and allocate interfaces. ! Configure the Customer1 context shown as C1 in diagram. asa(config)# context c1 asa(config-ctx)# allocate-interface gigabitethernet0/0.21 asa(config-ctx)# allocate-interface gigabitethernet0/1.11 asa(config-ctx)# config-url disk0:/c1.cfg ! Configure the Customer2 context shown as C2 in diagram. asa(config)# context c2 asa(config-ctx)# allocate-interface gigabitethernet0/0.22 asa(config-ctx)# allocate-interface gigabitethernet0/1.12 asa(config-ctx)# config-url disk0:/c2.cfg I will not describe how VLANs on Switches are configured. Let's consider switching between Contexts. We can switch to any context from admin context, but we can't switch from Customers context to anywhere. ! Let's log in to Customer1 context. The syntax of command is the following: changeto context <context name> asa#changeto context  c1 ! Let's switch to system configuration mode. Switching to this mode is available only from Admin Context. In system configuration mode Contexts are created and resources are allocated. asa#changeto system

Startup rolls out 40G data center switches at Interop Posted: 13 May 2011 07:16 AM PDT Tucked way in the back corner of the exhibition floor in a tiny cubicle, Gnodal Limited, a startup data center switch vendor from Bristol, U.K., unveiled its initial Ethernet offerings at Interop 2011 this week.

Is OpenFlow a go? Posted: 13 May 2011 06:57 AM PDT Interop 2011 could have been called The OpenFlow Show. Vendors were hawking OpenFlow switches and controllers, and a lab demonstration on the show floor displayed the traffic management technique and applicability among multivendor switches.

Integrated identity management: How to get it? Posted: 13 May 2011 03:00 AM PDT We tried an experiment at the recent Kuppinger-Cole European Identity Conference called a "World Cafe." This is an "un-conference" style session with open-ended discussion among the participants centered around a specific area.

Top 5 things to do before buying more security technology Posted: 13 May 2011 03:00 AM PDT Las Vegas --Throwing more technology at security threats as they crop up is not the best way to go if the goal is to protect the most valuable data at the best price, attendees at Interop were told this week.

Little new in Obama cybersecurity proposal Posted: 13 May 2011 02:10 AM PDT A set of cybersecurity proposals, submitted to Congress on Thursday by the Obama Administration, contained little that was new or unexpected.

Adobe Flash update puts users in charge of privacy Posted: 12 May 2011 03:38 AM PDT Adobe has released an important update to its Flash Player software that fixes critical security flaws and gives users a better way of controlling whether they are being tracked on the Web.

Facebook tightens log-in verification Posted: 12 May 2011 02:24 AM PDT To help its hundreds of millions of users prevent unauthorized access to their accounts, Facebook has added an optional verification step to its log-in process.

Unchecked usage can kill cost benefits of cloud services Posted: 12 May 2011 01:36 AM PDT The touted cost savings associated with cloud services didn't pan out for Ernie Neuman, not because the savings weren't real, but because the use of the service got out of hand.

White House delivers cybersecurity legislation Posted: 11 May 2011 11:20 PM PDT The White House today sent its cybersecurity legislation to Capitol Hill, asking for changes in the law that will give the Dept. of Homeland Security more authority and duties in overseeing both private-sector and government networks. The White House is also asking for a national data-breach law that would supercede the patchwork of state data-breach laws now in place around the country.

Caught! Facebook admits running anti-Google campaign Posted: 11 May 2011 11:14 PM PDT Facebook has been caught hiring a well-known PR firm to plant anti-Google stories in the media.

Google jumps gun, adds new Flash Player to Chrome Posted: 11 May 2011 11:14 PM PDT Google today jumped the gun by updating its Chrome browser with a new version of Flash Player that Adobe won't release until later today.

As 'big data' grows, IT job roles, technology must change Posted: 11 May 2011 10:43 PM PDT As companies look to keep every bit of data generated in-house and by customers for analytics as well as legal and regulatory compliance, the roles of those who manage it are changing as are the tools they use.

You are subscribed to email updates from "Cisco" via Ehsan in Google Reader To stop receiving these emails, you may unsubscribe now.	Email delivery powered by Google
Google Inc., 20 West Kinzie, Chicago IL USA 60610