For Your Prompt Attention — NOT!!

I get these emails somewhat regularly, as I’m sure you do too. I usually just laugh…how stupid do you have to be to fall for this stuff??? However…I then realize there must be enough people that do fall for it, otherwise these criminals would not be sending the emails out. Ugh!!

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

For Your Prompt Attention:

I am Peter Douglas, United Nations Inspection Agent in Hartsfield Jackson Atlanta International Airport Atlanta GA. We are conducting second phase audition, all abandoned Consignment in USA Airports are being transferred to our facilities here for inspection and confiscation. During our investigation, I discovered an abandoned luggage on your name which was transferred to our facility here in Hartsfield Jackson Atlanta International Airport and when scanned it, it revealed an undisclosed sum of money in a Metal Trunk Box. The consignment was abandoned because the Content was not properly declared by the consignee as money, rather it was declared as personal effect to avoid diversion by the Diplomatic Agent also the Diplomat inability to pay for Non Inspection Fees.

On my assumption, the box will contain more that $6M and the consignment is left in storage house till today through a Courier Dispatch Service. The Consignment is a metal box with weight of about 162LBS (Internal dimension:

W61 x H156 x D73 (cm) Effective capacity: 680 L)Approximately.

The details of the consignment includes your name, the official document from United Nations office in London all are tagged on the Metal Trunk box.

< etc, etc >

Verizon Data Breach Investigations Report 2018

Verizon 2018 DBIR

Last week, Verizon released its annual Data Breach Investigations Report for 2018. It’s another very good read…lots of insights in the world of hacking and nation-state activities. It is well written with some good humor thrown in too.

And it is very scary.

Sometimes I just want to unplug my network from the Internet…I know that I would sleep better, that is for sure. But…business depends on the Internet…so that is not an option. I just need to research and implement security as best as I can. And be prepared as best as I can for the inevitable security event…it will happen. It might be this year or next…or it might be happening right now.

You can download a copy of the report here:  Verizon 2018 DBIR

Note…you will be asked to register, but it is optional…just click the “View only” button.

US-CERT Ramsonware Reminder

If you have subscribed to the US-CERT alerts (and I sure hope you have!!), then you will have received today’s alert on “Ongoing Threat of Ransomware“. PLEASE read it!! Ransomware is getting worse…and it’s not going away anytime soon. This alert is more of a friendly reminder…a tap on your shoulder…to double check your policies and procedures, and make sure you are ready for a Ransomware event. I’m being very honest here…if you haven’t been hit yet, you will.

The alert mentions three main best practices…(with some of my thoughts)…

  • Create system back-ups: This is a no brainer! (I’ll assume you are backing up all of your critical systems and important data.) However, there is more to do…you need to regularly validate the integrity of those backups. Perform test restores and make sure you are comfortable with the processes. And make sure the back-ups are segmented from possible Ransomware attacks. Back-ups are worthless if they end up part of the Ransomware encrypted files.
  • Be wary of opening emails and attachments from unknown or unverified senders: Translated…TRAIN your users!! They are the first line of defense!! And you may groan at that thought, but I will tell you they WANT to be well trained! Just keep it simple and show them examples of what to expect (especially with phishing emails!). Send out regular reminders and make sure to publicly praise them as they catch this stuff…they will love it!!
  • Ensure that systems are updated with the latest patches: Ladies and gentlemen…this is Network Administration 101. If you do not have a regular patch procedure in place, then shame on you!! Failing in this area can get you fired! Nuff said…

And I want to add one more “best practice”…  Segment your network: This is a huge undertaking…one that is a pain in the butt to be honest. But it can pay huge dividends if done right. Most of you will have a Ransomware event at some point (or other security event)…it’s going to happen. However, if you segment your network, you can greatly reduce the impact of an attack or hack.

Segmenting simply means to put in place policies that restrict what type of network traffic can flow where. A simple example is printers…every company has them (lots of them!). Yet most companies place them on the same network segments as the users…not good. You should place all of your printers in their own VLAN, and then apply a policy, such as an ACL (Access Control List) that allows the printers to talk just to the print-servers, and nowhere else. Another example is SQL servers…they should not be accessible to everyone. Apply an ACL that limits communications to only the application servers that need that data (IP addresses and ports).

If you decide to implement network segmentation, take your time! This is a complex undertaking…and if done incorrectly can break things very quickly!

Hope this helps you in your security planning! And have a great week!

A Very Busy 2017 and Resulting Priorities

Wow…it has been a long time since I last posted…and it has been a year, let me tell you. In fact, 2017 was the busiest year I have ever had…just way too much happening, both at work and at home. And something had to give…so I cut back on my French horn playing (that hurt), and I stopped blogging (which I did miss, but not as much at my horn). And yes, things have slowed down a bit, at least so far, in 2018. I’m rejoining the local orchestra and here is a blog. Sorry for the long absence…but sometimes you have to rearrange priorities and make some hard decisions.

So…what made 2017 so busy? Mainly work…I had two huge projects that I was managing…one was the opening of a new district office (lots of people, cabling, network equipment, and dealing with carriers). The other was the disconnect of all remaining MPLS circuits, and moving to new DIA (Direct Internet Access) circuits.  (I’ll talk more about this in a later blog.) And add to all of this is the normal, everyday fires that take up lots of time and energy. Ugh!

Both of the projects are now done…the new office is opened and running very smoothly. In fact, it’s not often that users will compliment me on how fast the network is, but they did here. And all of my old, legacy MPLS circuits are gone…now THAT was a huge project. I’m running mainly static VTI tunnels for now, but I’m in the middle of converting my entire WAN to DMVPN running IKEv2, with a dual-hub, dual-cloud setup. This REALLY has my geek juices flowing!! I’ve been pushing for some sort of network redundancy for years, and I finally got the green light! I’ll let you know how all of this works out later this year.

The other project that kept me busy was the first floor remodel at my house. My wife and I did almost all of the work (painting, refinishing cabinets, and new floors)…the only thing we hired out was the new granite countertops. It looks great, and we got it all done just 2 weeks before Christmas, when most of our kids were able to make it home for a visit!! It was a GREAT Christmas having family home!!

I hope things are going well with you…and you’ll be seeing more blogs now…(fingers crossed).

CiscoLive 2017 Las Vegas Day 1 – Opening Keynote & More

It was a great opening day of CiscoLive 2017 in Las Vegas! First session of the day had to do with using Cisco Umbrella (OpenDNS) to track down cyber activity within your network…

An excellent introduction to Cisco Umbrella

Next up was the opening keynote by Cisco CEO Chuck Robbins…

Opening keynote by Cisco CEO Chuck Robbins

His keynote was actually interesting and well done, with little of the humorous hi-jinks of years past…it was professional. His main point concerned how things are changing in the network industry, and in big ways. I may not be involved with all of the new networking technologies that are on the horizon, but one thing was very apparent…I need to adapt to the new world. If I stick to the traditional routing and switching of years past, I might find myself on the outside looking in. And that is not a good thing!! An indication of this is the evolution of Cisco certifications…

Next generation of Cisco certifications

Keep your skill set up to date…or be left behind.

Next up, Chuck had a special guest come up to the platform to discuss the partnership between Cisco and Apple. Yep…the guest was Apple CEO Tim Cook…

Guest CEO Tim Cook from Apple

As for the afternoon, I spent most of it in the vendor expo “World of Solutions”….there was LOTS to see and do, AND learn!! I spent most of my time learning about SD-WAN technologies, updated security solutions, and logging/SIEM solutions. Plus, my wife attended with me!! Yes, I’m a lucky man…my wife is part geek too, and she loves attending CiscoLive with me. I purchased a “Social” pass for my wife which allows her to attend each days keynote address, World of Solutions, and the Cisco Customer Appreciation Event on Wednesday evening. She had a wonderful time today, as did I.

At the end of the day, we took the monorail down the Las Vegas strip and watched the Bellagio Fountains light show…make sure you don’t pass this up, it was well worth the time!!

Bellagio Fountains at nightime

Time to get some rest…it’s going to be another long day tomorrow…

Peerlyst – A Great Resource for Security Professionals

While researching some security stuff, I stumbled across the Peerlyst website…and wow!! This is a great resource for security professionals…lots of helpful information and discussions. Make sure you check out their list of security cheat sheets…this is a treasure trove of information all in one place!!

Memorial Day 2017 – Uncle Fred

I have been blessed with an incredible family…great parents and lots of wonderful Aunts and Uncles, all who were caring, funny, and supportive as far back as I can remember. One such person was my Uncle Fred. He always had time for me…for my questions and my inquisitive nature. As for the impact of a man upon my life, Uncle Fred was second only to my Dad.

I remember growing up as a kid and would spend time with Uncle Fred and Aunt Maude…they lived up in South Carolina, so it was a bit of a drive to get there from Georgia. He would show me and my brother around his property, and would especially linger in and around his shop. And what a shop it was! You see, Uncle Fred was a machinist (and maybe a Mechanical Engineer…not sure how accurate my memory is). And he NEVER threw anything away…never!

I remember one time when Uncle Fred was trying to explain to me how a differential worked. He made hand gestures and drawings on paper..but I still wasn’t getting it. He disappeared to his shop for a bit, and came back carrying a real differential…in his hands!! He then showed me how the gearing worked and the light bulb finally turned on!!

Uncle Fred was part of The Greatest Generation. He served in the Marines as part of the Seabees in World War II. The Seabees were USMC-trained soldiers who were also trained engineers and construction tradesmen. Talk about a one-two punch!! They could both fight and build…all in the same day if needed.

Another example Uncle Fred gave me was in marriage…he and my Aunt Maude were inseparable. They always held hands and joked with each other. They lived life to the fullest, trusted God, and were ready to help anyone in need.

Uncle Fred was 95 years old when he passed away a few weeks ago (on May 17th)…had he lived just one more week, he would have celebrated his 73 anniversary.

Thank you Uncle Fred for living a life that can be an example to us all. You will be missed always…

WannaCry Ransomware – That Got Our Attention, Didn’t It?

If you see this screen, then you will wanna cry!!

If you have not heard about the WannaCry ransomware that is (and perhaps was) running rampant over the past weekend, then you must have been in a cave or on your honeymoon! This one is a doozie, let me tell you!! Some quick facts…

  • This ransomware is based on the EternalBlue exploit (developed by the NSA, and then stolen and leaked on the Internet)
  • Microsoft released a patch for this (MS17-010) in March
  • Some quick thinking good guys were able to slow down the spread of WannaCry by activating a killswitch within the ransomware code
  • MANY people and organizations, throughout the world, have been hit by this

An excellent analysis of WannaCry can be found here…

WannaCry no more: ransomware worm IOC’s, Tor C2 and technical analysis + SIEM rules

Stay informed…AND patch your systems!!

Cisco IOS Feature/License Options

I need to add a feature (or license) to a number of my Cisco routers. This can get a bit confusing though, as Cisco made changes to their licensing model when they introduced the ISR G2 series of routers (IE: 1900, 2900 & 3900 series).

These routers use a “universal” image, and you simply license the features you want…in my case the routers are licensed for IPBase and UC, and I need to add the SEC (Security) license to the router. The license tree is pretty simple…

License options for newer Cisco routers

For my older routers, I’m currently running SP Services and I need to add Security/VPN, which means I need to upgrade to Advanced IP Services.

Feature set (IOS) options for older routers

Either way, Cisco is going to get a lot more money from me!!

SHA1 Got Shattered (Major Geek Stuff!!)

https://shattered.io Website Logo

This blog is for us true geeks!! (All others will be bored.)

It was announced today that the cryptographic hash function SHA-1 is susceptible to collisions. Although this has been theorized for a number of years, there has been no proof of a collision. Well…until today, that is. Teams from CWI Amsterdam and Google have been working together for the last couple of years, and have demonstrated an actual collision.

What is a cryptographic collision? It’s when two different files have the same hash signature. In other words, if you run a hash function against a file, the resulting hash is a “signature” for that file. Change anything in that file, and the hash result will be very different. However, these teams were able to manipulate two different files and get the same hash signature.  NOT good at all. The security implications for this is HUGE!

SHA-1 has already been deprecated, and is on it’s way out…today’s announcement adds urgency to it. You should move to SHA-256 or SHA-3.

For some really good reading on this, check out the following links…

SHATTERED

At death’s door for years, widely used SHA1 function is now dead

Enjoy!!