Cisco released a warning to customers today about multiple holes in their security appliances. Patches have been released to fix the affected products, but the PIX 500 series has reached "End Of Life" status so no new software will be released for them. Workarounds have been suggested for PIX users and can be found here. The other affected products include the Cisco Firewall Services Module (FWSM) for the 6500 and 7600 series, ASA5500 Security Appliance, and Cisco Security Agent (CSA) releases 5.1, 5.2, and 6.0.

The FWSM vulnerability could cause a DoS (Denial Of Service) and may be forced to reload after processing a destructive SCCP (Skinny Client Control Protocol) message. The hole becomes apparent when SCCP inspection is enabled and is triggered by transit traffic, not traffic intended for the device. The ASA and PIX units are plagued by similar vulnerabilites, most of which can cause DoS but one fairly nasty one which can grant the hacker unauthorized access to the device and your network. The CSA holes can include an SQL injection that allows hackers to download files from the server hosting CSA's Management Center, product reconfiguration using the SQL injection, and DoS attacks that could lead to the system hosting the CSA to crash.

For more information on the subject, please use the link in the first paragraph of this article. 

Last April IBM announced plans to build a supercomputer that could compete on Jeopardy and confirmed yesterday that the computer, dubbed 'Watson', is now capable of beating human contestants. The supercomputer, which has been dubbed a 'question answering system', has been under development for about two years now. Based on IBM's 1997 success with Deep Blue the supercomputer that beat chess champion Garry Kasparov, the technological giant is convinced they have made a computer that's 'smarter' and has 'more confidence' than it's predecessor.

Watson is able to use cutting-edge natural language processing technology to analyze the meanings behind words. This gives the supercomputer the ability to identify relevant information, interpret human expressions and puns, break down questions into sub-questions, and synthesize the information into an answer. Watson has been 'studying' so to speak, by 'reading' many natural language books, texts, etc. and has stored all the information internally, just like a human brain. It will not be connected to the internet, literally putting Watson on its own against the human competitors. Knowledge isn't the only thing Watson will need to really compete on Jeopardy though, confidence in its answers and the quickness of its responses will be of paramount concern to the developers.

The human brain is essentially a blazingly fast processor and human competitors have the advantage, at least at the moment. When real Jeopardy contestants are asked a question, they will sometimes buzz in before their brain has actually recalled the information needed, taking a few seconds to respond. This instinctive confidence in our own knowlege is something IBM believes it can overcome, at least enough to make Watson competitive against human beings. Strategy is also a big part of the game and IBM has programmed the supercomputer to take the score of the game, the dollar value of the question, and the 'confidence' in its answer into account before deciding whether to buzz in.

IBM is keeping Watson's win/loss stats secret for the time being, so we will have to wait until the end of this year to see what 'the next step in AI' can actually do. Until then we can continue to bask in our cognitive superiority and wonder what exactly Watson might spend that prize money on. Maybe a nice new warehouse for Deep Blue and itself to live out their golden years? And an Aibo to keep them company? Only time will tell!

Here's an interesting little tidbit of information I came across while I was cruising some articles regarding last weeks Black Hat security conference. Cisco and other networking companies implement a 'backdoor' into all of their routers and switches for lawful intercept. What's lawful intercept you ask? Well, this basically means that by law, all networking equipment manufacturers selling to ISP's must provide a backdoor into their routers and switches so that law enforcement agencies can track the internet activity of individuals under surveillance.

With internet privacy always being a hot issue, this measure was first greeted with mixed reviews but most believed that if hackers couldn't get ahold of this backdoor information then security would be tighter for all of us. While that seems like a great thought, the fact of the matter is that Cisco and other networking giants haven't taken the time to tighten the security around the backdoors themselves. IBM researchers found several bugs, which by themselves are almost harmless, that can be used in conjunction with eachother to allow hackers to spy on network traffic and steal information.

Cisco was first warned about these bugs in 2008 and released a patch to correct some of the problems, but this major security issue still hasn't been addressed properly as of last week. Hackers are still able to access the backdoor and even after numerous failed password guessing attempts the systems don't A) Block the perpetrator from trying again or B) Alert a network administrator to the unauthorized access. This type of 'invisibility' was originally intended to hide the technique from ISP employees, who in theory could detect the intercept and alert the individual under surveillance. This has obviously gone completely wrong, instead of keeping dishonest employees out it's practically inviting hackers to spy and steal information without anyone being alerted until it's too late.

While it seems Cisco may be the primary target of the IBM researchers, keep in mind that all networking companies are legally required to bild lawful intercepts into their router and switch lines. Cisco is actually the only company that follows the advice of the Internet Engineering Task Force or IETF and makes its intercept architecture public, exposing it to peer review and security scrutiny. Other networking companies keep theirs in the dark and they most likely suffer from the same flaws or possibly more. Allowing the weaknesses to be public knowledge may seem like cutting your own throat, but knowing about them keeps IT personel informed and aware so that these issues can be mitigated properly.

As our lives are becoming more and more dependant on computers, the internet, networking, and portable gadgets; network security is quickly becoming a household term and concern. Everyday I read reports of people, not just small or large businesses, regular people becoming victims of cyber attacks. Whether it's stolen passwords, phishing scams, data loss, denial of service, or full blown Identity Theft; your cyber security should be almost as important as the lock on your front door. Today I would like to talk about one threat in particular and the strides Cisco has made to help protect us from that threat.

Botnets are a collection of software robots or 'zombie computers' that are controlled by a single 'command and control center' usually ran by one person with the ultimate goal being to steal your personal data. Computers are usually infected via website or email and depending on the type of exploit (DoS, key logging, phishing scams, etc.) it will then launch an attack. Keeping up with security updates for your PC or Mac (Macs ARE NOT invulnerable to viruses, despite what Apple entusiasts would have you believe), up-to-date antivirus software, and malware blocking programs will keep most of the unwanted software out. No program is perfect though and hackers are coming up with new tricks all the time, so how do you know if something slips through undetected? Has your computer or a computer on your network become a zombie?

This is where Cisco's Layer 4 Traffic Monitoring feature comes in, referred to as L4TM. Botnets alll have one thing in common, they must 'call home' to their command center and relay what information, if any, that they were trying to steal. L4TM tracks and detects command and control data that is being sent back to the hacker by using modified technology that Cisco had previously used in their Ironport Web Security Appliance or WSA for short. The ASA is configured to install the Botnet database from the Ironport website and check every 60 minutes for updates. Then, the L4TM feature compares the destination IP addresses with the Botnet database, looking for known malicious IPs. When a match is found, an alert will be sent to the ASDM.

These features and a host of others can be found in ASA release 8.2/ASDM 6.2 and above, compatible with the entire ASA5500 line from 5505 to 5580. If you are currently running a pre-8.2 release, I strongly recommend upgrading as these features can help keep your 'electronic life' safe. Recently, Cisco has added a Botnet drop filter capability with ASA release 8.2.2/ASDM 6.2.5 along with a slew of bug fixes and extra features, including an SSL/VPN feature that helps conserve your licenses. For a full list of features and upgrades, search Cisco's webste for 'ASA 8.2.2'.

ActionPacked! Networks, a privately owned company based in Honolulu, is offering free permanent licenses for its LiveAction 1.8 Software for a limited time. AP! has been working on their LiveAction platform for years, dissecting Cisco and competing vendor router lines in an effort to find a way to make them more accessible and easier to use. This product is based on the premise that managing multiple devices is too difficult when you're required to type commands line-by-line, as is the case with Cisco's CLI and many others.

LiveAction uses embedded device knowledge, charts, and graphics to help network managers troubleshoot various potential problems. The software can be installed on a standard pc, laptop, or server without stopping network traffic and allows IT personnel with password clearance to troubleshoot from anywhere on the network. The programs embedded device knowledge makes it possible for network managers to configure and access various devices and information from the inside out, rather than looking at problems from the outside perspective only.

The free license ActionPacked! is offering lasts through March 31, 2010 and they have even unlocked a few key capabilities that future free versions won't have. Some of these include, offering network managers end-to-end NetFlow, jflow and sflow monitoring and analysis capabilities and includes the added support for HP and Juniper devices. The software is available for download at ActionPacked!'s website.

With the new year only a few days old and the 2009 recession almost behind us, many companies are now looking to upgrade their network and computer systems. One of the big upgrades for many this year is the Windows XP/Vista to Windows 7, a task that has so far met with mixed reviews but has faired MUCH better than the Vista debacle of '07. While I'm sure we haven't met all the bugs that Microsoft's latest offering is sure to produce.

Cisco systems has already made some headway in the software compatibility department. According to Microsoft's Compatibility Center, 4 Cisco desktop apps are already certified to work with Windows 7; Cisco VPN client version 5, Cisco LEAP Module, Cisco EAP-FAST Module, and the Cisco PEAP Module. The modules themselves are used with a VPN and can securely transmit authentication credentials. Cisco's VPN support for Windows 7 covers both the IPSEC and SSLVPN clients, although the VPN client 5.0.6 only does the 32-bit version at this time, SSLVPN can handle the 32 and 64-bit operating system.

Consumers using Cisco's Unified Communications product line should be warned that support for Windows 7 won't be available until the version 8.0 is released sometime in the first quarter of 2010, minus about a dozen UC products that will have to wait until version 8.5. Out of 50 UC products published, only 3 of these have been promised to support the 64-bit OS through a 32-bit emulator. Make sure to check with your company's IT department before doing a Windows 7 upgrade to avoid setbacks!