Security Intelligence Operations – Cisco Security Advisories, Responses, and Notices – PSIRT – (CISCO Admins)

CISCO

Este post es para los compañeros que hacen uso de tecnología CISCO a diario.

El Equipo de Respuesta a Incidentes de Cisco tiene como responsabilidad atender a los problemas de seguridad de los productos de CISCO.

El Cisco PSIRT es un equipo dedicado, global que maneja la recepción, investigación y presentación de informes públicos de información sobre vulnerabilidades de seguridad que se relaciona con los productos y redes de Cisco.

Para mantener seguros sus dispositivos & apps entre otras cosas, además de los CERT oficiales y también considerar los no oficiales, que a veces se no abstienen tanto como los primeros y nos acercan más a la realidad, es necesario atender a los avisos, advertencias, noticias y respuestas provenientes en este caso de CISCO.

CISCO da a conocer sus avisos, si existieran, todos los días miércoles de cada mes y sus respuestas y noticias cuando lo fuere necesario.

Por cada aviso, por lo general relacionado con una Vulnerabilidad, más que una publicidad 😉 CISCO nos acerca los siguientes tópicos en la cual podemos darnos cuenta el impacto, los productos involucrados y los procedimientos de seguridad de CISCO para mitigar los riesgos asociados.

Tópicos:

  • Affected Products
  • Details
  • Vulnerability Scoring Details
  • Impact
  • Software Versions and Fixes
  • Workarounds
  • Obtaining Fixed Software
  • Exploitation and Public Announcements
  • Status of This Notice: Final
  • Distribution
  • Revision History
  • Cisco Security Procedures

Proceso de Respuestas a Incidentes de Seguridad de productos CISCO (Cisco Product Security Incident Response Process)

El siguiente gráfico muestra el proceso PSIRT Cisco a un alto nivel y proporciona una visión general del ciclo de vida de la vulnerabilidad, la divulgación y el proceso de resolución.

psirt_01

Es importante ver recién cuando se hace aviso en forma masivo por el PSIRT, el tiempo transcurrido? no lo sabemos!  (continuará….)

En general, es importante considerar todas las entradas vinculadas con “Información de la amenaza más reciente” o “Información de las últimas amenazas” (Latest Threat Information, por su denominación en Inglés)  Latest Threat Information

Tipos de Publicaciones de Seguridad (Types of Security Publications)

In all security publications, Cisco discloses the minimum amount of information required for an end user to assess the impact of a vulnerability and any potential steps needed to protect their environment. Cisco does not provide vulnerability details that could enable someone to craft an exploit.

Cisco provides the following types of security-related publications via the Security Intelligence Operations portal on Cisco.com.

  • Cisco Security Advisories
    Cisco Security Advisories provide detailed information about significant security issues that directly involve Cisco products and require an upgrade, fix, or other customer action.Cisco Security Advisories include an option to download Common Vulnerability Reporting Framework (CVRF) content, and Cisco Security Advisories for Cisco IOS Software will include an option to download Open Vulnerability and Assessment Language (OVAL) definitions. CVRF and OVAL are industry standards designed to depict vulnerability information in machine-readable format (XML files). This machine-readable content can be used with other tools to automate the process of interpreting data contained in a Security Advisory. CVRF and OVAL content can be downloaded directly from each Security Advisory. For more information about CVRF and OVAL, see the preceding links.
  • Cisco Security Notices
    Cisco Security Notices document low- and medium-severity security issues that directly involve Cisco products but do not warrant the visibility of a Cisco Security Advisory.Cisco Security Notices are organized by Common Vulnerabilities and Exposures (CVE) Identifier to facilitate correlation of security issues across Cisco products.
  • Cisco Security Responses
    Cisco Security Responses address issues that require a response to information discussed in a public forum, such as a blog or discussion list. The responses are normally published if a third party makes a public statement about a Cisco product vulnerability.
  • Cisco Event Responses
    Cisco Event Responses provide information about security events that have the potential for widespread impact on customer networks, applications, and devices. Cisco Event Responses contain summary information, threat analysis, and mitigation techniques that feature Cisco products. They are normally published under the following circumstances:

    • If a significant security vulnerability exists in a vendor’s product that could affect a Cisco product due to interoperation with the vendor’s product or use of the network as a vector for exploitation
    • In response to the release of Cisco IOS Software bundled publications

  • Cisco Applied Mitigation Bulletins
    Cisco Applied Mitigation Bulletins describe techniques that use Cisco product abilities to detect and mitigate exploits. They are normally published when Cisco products may be used to mitigate known vulnerabilities.

  • Threat Outbreak Alerts
    Cisco Threat Outbreak Alerts cover the latest data regarding malicious e-mail and web-based threats, including spam, phishing, viruses, malware, and botnet activity. These alerts do not relate to Cisco products but are provided for the benefit of Cisco customers and others.

  • Release Note Enclosures
    All Cisco bug IDs that are disclosed by Cisco are available for registered customers to view in the Cisco Bug Toolkit.

If a Cisco Security Advisory or Cisco Security Notice references a bug, the bug entry in the Cisco Bug Toolkit will link to the relevant Cisco Security Advisory or Notice. 

Cyber Risk Report

CISCO CyberRiskReport

http://tools.cisco.com/security/center/viewCrr.x?alertId=31512

Fuente:    <!–para más información–>

http://www.cisco.com/web/about/security/psirt/security_vulnerability_policy.html

http://tools.cisco.com/security/center/navigation.x?i=118

http://tools.cisco.com/security/center/publicationListing.x

http://www.cloudauditcontrols.com/2013/09/security-intelligence-operations-cisco.html

https://plus.google.com/u/0/+CiscoSystems/posts

Un comentario sobre “Security Intelligence Operations – Cisco Security Advisories, Responses, and Notices – PSIRT – (CISCO Admins)

Responder

Introduce tus datos o haz clic en un icono para iniciar sesión:

Logo de WordPress.com

Estás comentando usando tu cuenta de WordPress.com. Cerrar sesión / Cambiar )

Imagen de Twitter

Estás comentando usando tu cuenta de Twitter. Cerrar sesión / Cambiar )

Foto de Facebook

Estás comentando usando tu cuenta de Facebook. Cerrar sesión / Cambiar )

Google+ photo

Estás comentando usando tu cuenta de Google+. Cerrar sesión / Cambiar )

Conectando a %s