Last week Plixer released version 7.0 of Scrutinizer NetFlow and sFlow Analyzer, which is absolutely free. We celebrated by starting a two-part blog series detailing three free and fabulous resources for Cisco NetFlow admins. Today, we talk about the third free resource, plus share with you some of the free tools that your friends at Plixer use often.

Read more »

To celebrate the release of Version 7.0 of Scrutinizer NetFlow and sFlow Analyzer, which is absolutely free, I thought I’d share with you three fabulous free resources for Cisco network administrators. Read more »

This is the final part in a two-part blog series on using Cisco NetFlow to identify if your network is part of a botnet. Part 1 gave a quick overview of distributed denial of service (DDoS) attacks and how they’re often caused by botnets flooding Web sites with requests, thus making the Web site inaccessible to others.

It’s not just home computers that could be part of botnets. Any work computer could be compromised if users unwittingly download malware or visit malicious Web sites, putting corporate networks at risk.  How can Cisco NetFlow be used to identify DDoS attacks?
Read more »

Distributed denial of service (DDoS) attacks are unfortunately par for the course on the Internet these days but when high-profile sites are targeted, the attacks are big news. Take for example last week’s DDoS attack on Twitter, which the microblogging site speculated was geopolitical in motivation.

Quick overview of DDoS

DDoS attacks are often caused by botnets flooding Web sites with requests thus bringing the site’s Web servers to their knees. A botnet is a collection of computers that have been compromised by viruses and worms so that they can be controlled by malicious individual(s). An example could be the collection of computers compromised by Conficker, however a Conficker botnet has yet to be leveraged to do harm.

In the case of Twitter, the irony is that it could have been the compromised computers of some of Twitter’s own users that caused the DDoS. Read more »

Canadian lawmakers are debating network neutrality as it reviews industry comments submitted in response to its hearings last month on the subject. Why is this such a big deal? It is estimated that 80% of Internet traffic is caused by 5% of the population. This 5% is causing all the traffic using P2P applications such as BitTorrent which is optimized in many cases to hog bandwidth.

The Canadian Radio-Television and Telecommunications Commission is expected in November to issue guidelines for Canadian ISPs on how to manage Internet traffic and congestion. Cable companies and network management software providers issued their comments at the end of July for the CRTC to review. Read more »

Black Hat Las Vegas is taking place this week. The event is where professional hackers gather to share what they’ve been working on over the past few months. The results are often pretty startling for most average computer users.

For instance, Alessandro Acquisti, a researcher at Carnegie Mellon University is going to show how information about an individual’s place and date of birth can be exploited to predict his or her Social Security Number. To cut a long story short, Acquisti says SSNs were designed to be simple identifiers and not for authentication purposes, and so businesses should stop using them as confidential passwords.

We know enterprise networks are big targets for cybercriminals. Here are some Black Hat Vegas briefing sessions by security professionals about new attacks that could be around the corner and how to protect against them. Slides from the presentations are expected to be available at the Black Hat site after the event. Slides from January’s Black Hat DC 2009 briefing sessions are here. Read more »

C‭isco, in its midyear security report, notes that although vulnerability and threat activity has been off to a slower start this year compared to 2008, we should expect spam volumes to rise to record levels. Cisco says that Memorial Day on May 25, 2009 was the third-highest volume day ever recorded for spam. The report also suggests that criminals are expected to maintain their aggressive targeting of legitimate websites to create botnets through the propagation of malware.

Cisco also warns that until social networking sites use “more robust protection”, cyber criminals will continue to target popular online communities to lure unsuspecting users to click to fraudulent sites or to download malware. Read more »

Google got the blogosphere in a flutter last week when it released details of its latest development – the Google Chrome operating system aimed initially at netbooks and eventually full-size desktop systems. Pundits, such as TechCrunch, marveled at Google’s latest attempt to steal Microsoft’s crown, with the search leader introducing Chrome OS as Microsoft is busy promoting Windows 7.

But the question that will be of most interest to you is whether and when you will need to monitor your enterprise network traffic for Google Chrome OS activity. Google says Chrome OS won’t be available until the second half of 2010. That timeframe is almost a whole year after the launch of Windows 7, slated in October.

Read more »

You thought no other certification could be tougher to attain than the CCIE. There is now. Cisco this week launched the Cisco Certified Architect program, which sits above the CCIE and its design sibling, the Cisco Certified Design Expert (CCDE) certification, to become the company’s highest level of accreditation.

Cisco explains that the Cisco Certified Architect “recognizes the architectural expertise of network designers who can support the increasingly complex networks of global organizations and effectively translate business strategies into evolutionary technical strategies.”

Candidates must first already hold the CCDE certification and have approximately 10 years of industry experience before they can apply to enter the program. The certification doesn’t have the usual Cisco written or lab exam, but instead candidates are required to meet before an in-person review board made up of Cisco-appointed exam committee members. There, candidates defend their proposed network solutions and must be able to revise the proposals on-the-fly when challenged to by the review board.

Read more »

We work hard to protect our corporate networks from external threats but any security consultant will tell you that the average corporate network is far more at risk of coming to harm by internal hackers than external. Last month, it emerged that an ex-employee of Dallas-based Energy Future Holdings allegedly hacked into the Texas power company’s network and emailed proprietary information to a personal Yahoo account, and modified and deleted files. The intrusion cost the company’s energy forecast system more than $26,000 for a day in March, reports Wired.com.

And almost a year ago, city employee Terry Childs was arrested on four counts of computer tampering with the City of San Francisco’s multimillion-dollar FiberWAN, which holds much of San Francisco’s key records. Childs, who built and administered the network refused to hand over passwords to the network, effectively putting the city on lock-down.

Read more »