As our lives are becoming more and more dependant on computers, the internet, networking, and portable gadgets; network security is quickly becoming a household term and concern. Everyday I read reports of people, not just small or large businesses, regular people becoming victims of cyber attacks. Whether it's stolen passwords, phishing scams, data loss, denial of service, or full blown Identity Theft; your cyber security should be almost as important as the lock on your front door. Today I would like to talk about one threat in particular and the strides Cisco has made to help protect us from that threat.

Botnets are a collection of software robots or 'zombie computers' that are controlled by a single 'command and control center' usually ran by one person with the ultimate goal being to steal your personal data. Computers are usually infected via website or email and depending on the type of exploit (DoS, key logging, phishing scams, etc.) it will then launch an attack. Keeping up with security updates for your PC or Mac (Macs ARE NOT invulnerable to viruses, despite what Apple entusiasts would have you believe), up-to-date antivirus software, and malware blocking programs will keep most of the unwanted software out. No program is perfect though and hackers are coming up with new tricks all the time, so how do you know if something slips through undetected? Has your computer or a computer on your network become a zombie?

This is where Cisco's Layer 4 Traffic Monitoring feature comes in, referred to as L4TM. Botnets alll have one thing in common, they must 'call home' to their command center and relay what information, if any, that they were trying to steal. L4TM tracks and detects command and control data that is being sent back to the hacker by using modified technology that Cisco had previously used in their Ironport Web Security Appliance or WSA for short. The ASA is configured to install the Botnet database from the Ironport website and check every 60 minutes for updates. Then, the L4TM feature compares the destination IP addresses with the Botnet database, looking for known malicious IPs. When a match is found, an alert will be sent to the ASDM.

These features and a host of others can be found in ASA release 8.2/ASDM 6.2 and above, compatible with the entire ASA5500 line from 5505 to 5580. If you are currently running a pre-8.2 release, I strongly recommend upgrading as these features can help keep your 'electronic life' safe. Recently, Cisco has added a Botnet drop filter capability with ASA release 8.2.2/ASDM 6.2.5 along with a slew of bug fixes and extra features, including an SSL/VPN feature that helps conserve your licenses. For a full list of features and upgrades, search Cisco's webste for 'ASA 8.2.2'.