Cisco Releases Security Advisory for Cisco Small Business SRP 500 Series
Cisco Small Business (SRP 500) Series Services Ready Platforms contain the following three vulnerabilities:
These vulnerabilities can be exploited using sessions to the Services Ready Platform Configuration Utility web interface. These vulnerabilities could be exploited from the local LAN side of the SRP
device by default configuration and the WAN side of the SRP device if remote management is enabled. Remote management is disabled by default.
Cisco has released free software updates that address these vulnerabilities.
Workarounds that mitigate these vulnerabilities are available.
This advisory is available at the following link:
The following Cisco SRP 520 Series models are affected if running firmware prior to version 1.1.26:
* Cisco SRP 521W
* Cisco SRP 526W
* Cisco SRP 527W
The following Cisco SRP 520W-U Series models are affected if running firmware prior to version 1.2.4:
* Cisco SRP 521W-U
* Cisco SRP 526W-U
* Cisco SRP 527W-U
The following Cisco SRP 540 Series models are affected if running firmware prior to version 1.2.4:
* Cisco SRP 541W
* Cisco SRP 546W
* Cisco SRP 547W
To view the firmware version on a device, log in to the Services Ready Platform Configuration Utility and navigate to the Status > Router page to view information about the Cisco SRP Series device and its firmware status. The Firmware Version field indicates the current running version of firmware on the Cisco SRP 500 Series device.
More information regarding these vulnerabilities:
The latest Cisco SRP 500 Series Services Ready Platforms firmware can
be downloaded at:
- Cisco Security Advisory: Cisco NX-OS (netsecurityit.wordpress.com)
Intelligent network security and data protection solutions provider, SonicWall, has expanded its suite of firewall security services with the addition of Kaspersky Anti-Virus to its Enforced Client Anti-Virus and Anti-Spyware solution.
SonicWall Firewalls are designed to ensure easy deployment, provisioning and enforcement of the client on endpoint devices through a unique policy-driven engine.
SonicWall Next-Generation and Unified Threat Management firewalls already provide gateway anti-virus through SonicWall’s proprietary reassembly-free deep packet inspection anti-malware solution, protecting the perimeter, wireless and VPNs. But, according to SonicWall, viruses can still enter the network through laptops, thumb drives or other unprotected systems. Protection at multiple layers is the best defence against sophisticated modern threats, however, maintaining, enforcing and deploying the right security software on endpoint devices can put a strain on IT resources and budgets. SonicWall firewalls are designed to provide an innovative multi-layered anti-malware strategy consisting of its anti-malware solution at the gateway and enforced anti-virus solution at the endpoints.
When a non-compliant end-point within the network tries to connect to the internet, the firewall will redirect the user to a web page to install the latest SonicWall Enforced Client Anti-Virus and Anti-Spyware software. The firewall is also designed to ensure that all the end-point clients are automatically updated with the latest anti-virus and anti-spyware signatures without end-user intervention. The updated clients can remediate infections by cleansing the endpoint systems and thus preventing further propagation of the threat throughout the network. SonicWall has integrated Kaspersky technology into its enforced client solution. The software resides on endpoint computers and delivers critical protection against viruses, spyware, Trojans, worms, rootkits and more. “Deploying, maintaining and enforcing the right security software on endpoint devices within a network can be difficult,” said Swarup Selvaraman, product line manager at SonicWall. “Our innovative SonicWall solution simplifies this process and gives IT managers’ easy-to-deploy anti-virus and anti-spyware protection across any number of devices using policy-based management and reporting. Kaspersky support bolsters our existing offering and gives customers more opportunities to choose the anti-virus solution that best meets their needs.” The solution is designed to support Microsoft Windows PCs and laptops and is ideal for deployments scaling from a few to thousands of end-points.
Aruba Delivers BYOD Control with ClearPass
The bring-your-own-device (BYOD) era is booming, while BYOD delivers some freedom to users and is great don’t get me wrong, however. It is still absolutely critical that companies reachthe same degree of protection, and control that corporate owned devices also receive to these devices. It has to be thought of as a wired device, in my opinion.
“ClearPass provides a networking solution for BYOD to address all of the majoroperating systems and any networking vendor’s network architecture,” Robert Fenstermacher, director of Product Marketing at Aruba, told InternetNews.com. “It can act as a single point of policy control across all wired, wireless and remote infrastructure for a global organization.”
- Aruba simplifies IT management of BYOD (infoworld.com)
- Aruba to buy Avenda for BYOD security (infoworld.com)
- Aruba Simplifies IT Management of Employee-Owned Mobile Devices (oracleidentity.wordpress.com)
In a recent article posted on Network World, Qualys; a security firm specializing in vulnerability scanning and assessment says they are ready to go public. Based on my experience with the product I would have to agree that this would be a good decision. Regarding the fact that I have used, and currently using Qualys on a contract position, many hours have been spent using and abusing these appliance(s). I have witnessed first hand the ways the scanning engines have morphed into a dependable tool with low false positives. Offering more asset control to the administrator than in recent years, and the overall performance issues that have been handled through it’s generations have made this product ready for prime time. Apparently I am not the only one who thinks so – with over 5,000 appliances currently running on production environments world wide.
“Courtot says the company did about $76 million in revenue last year, showing profitability, and expects to see revenues grow to $94 million this year,” Messmer writes. “Its variety of products, and scanning and compliance services, have become widely used by about 5,000 organizations around the world.”
For the full story click here: http://www.networkworld.com/news/2012/022112-qualys-ipo-256396.html
- The 8 Best Tips You’ll Ever Get On How To Launch (And Grow) A Startup (businessinsider.com)
U.S. Official Signals Growing Concern Over Anonymous Group’s Capabilities
The director of the National Security Agency has warned that the hacking group Anonymous could have the ability within the next year or two to bring about a limited power outage through a cyberattack.
Gen. Keith Alexander, the director, provided his assessment in meetings at the White House and in other private sessions, according to people familiar with the gatherings. While he hasn’t publicly expressed his concerns about the potential for Anonymous to disrupt power supplies, he has warned publicly about an emerging ability by cyberattackers to disable or even damage computer networks.
Gen. Alexander’s warning signals a growing federal …
More on this story here: