Алексей рассказал о Cisco PSIRT, жизненном цикле управления уязвимостями и взаимодействии Cisco PSIRT с пользователями. Также докладчик разобрал два кейса: «Heartbleed» и «Програмный имплант в Cisco IOS».
Proteja seus clientes - Gerenciamento dos Serviços de SegurançaCisco do Brasil
Similar a «Product Security Incident Response Team (PSIRT) - Изнутри Cisco PSIRT», Алексей Лукацкий, бизнес-консультант по безопасности, Cisco Systems (20)
11. http://www.cisco.com/web/about/security/psirt/security_vulnerability_policy.html
The following table summarizes the methods used by Cisco to notify customers
about the security vulnerabilities and other security information.
Email SIO Portal RSS CNS Bug Search Tool
Security Advisories Yes Yes Yes Yes Yes
Security Notices No Yes Yes No Yes
Security Response Yes Yes Yes Yes Yes
Cisco Event Responses No Yes Yes No No
Threat Outbreak Alerts / IntelliShield Alerts No Yes Yes No No
Release Note Enclosures No No No No Yes
11
12. http://www.cisco.com/web/about/security/psirt/security_vulnerability_policy.html
Cisco uses the following CVSS guidelines when determining which security
publication will include a particular vulnerability:
Publication CVSS Score
Cisco Security Advisory 7.0 – 10.0
Cisco Security Notice 4.0 – 6.9
Bug Release Note Enclosure 0.1 – 3.9
Cisco Security Responses address issues
that require a response to information
discussed in a public forum, such as a blog or
discussion list. The responses are normally
published if a third party makes a public
statement about a Cisco product vulnerability.
12
18. PSIRT Collaborates With Experts Across Cisco
Many other
teams
Technology Groups
product experts
Technical
Assistance Center
support experts
Legal & Public
Relations
Advanced Services
high touch support
experts
Security Research &
Operations
Security Experts
59. 59
OVAL Components
OVAL
Definitions
•XML files that are
used to check the
presence of a
vulnerability or a
configuration best
practice.
OVAL Schemas
•OVAL definitions are
XML documents;;
thus they need
schemas.
•The purpose of an
XML Schema is to
define the building
blocks of an XML
document
•OVAL XML Schemas
define elements,
attributes, and data
types that are part of
an OVAL definition
•Example: how OVAL
checks for affected
versions;; different
configurations (i.e.,
ACLs, Interfaces,
Routing Protocols,
etc.)
Authoring Tool
•Cisco created
internal tools to
support the creation
of IOS vulnerability
definitions
System
Characteristics
Producer
•Generates and
keeps details of the
system being
evaluated
•Examples: jOVAL
Definition Interpreter,
McAfee Policy
Auditor, etc.
Definition
Repository
•A repository of OVAL
Definitions made
available to the
community (free or
pay).
•Cisco publishes
OVAL definitions that
can be downloaded
from each IOS
security advisories.
Definition
Evaluator
•A product that uses
an OVAL Definition
to guide evaluation
and produces OVAL
Results (full results)
as output.
•Examples: jOVAL