Archive for March, 2009
March 30th, 2009
Conficker Worm Targets Microsoft Windows Systems
Original release date: March 29, 2009
Last revised: –
Source: US-CERT
Systems Affected
* Microsoft Windows
Overview
US-CERT is aware of public reports indicating a widespread
infection of the Conficker worm, which can infect a Microsoft
Windows system from a thumb drive, a network share, or directly
across a network if the host is not patched with MS08-067.
Solution
Install updates
The updates to address these vulnerabilities are available on the
Microsoft Update site. We recommend enabling Automatic Updates.
Description
The presence of a Conficker infection may be detected if a user is
unable to surf to the following websites:
* http://www.symantec.com/norton/theme.jsp?themeid=conficker_worm&inid=us_ghp_link_conficker_worm
* http://www.mcafee.com
If a user is unable to reach either of these websites, a Conficker
infection may be indicated (the most current variant of Conficker
interferes with queries for these sites, preventing a user from
visiting them). If a Conficker infection is suspected, the user
should run the Microsoft Windows Malicious Software Removal Tool
and install updates available from the Microsoft Update site.
References
* Microsoft Windows Malicious Software Removal Tool -
<http://www.microsoft.com/downloads/details.aspx?FamilyId=AD724AE0-E72D-4F54-9AB3-75B8EB148356>
* Microsoft Updates Website -
<http://update.microsoft.com/microsoftupdate/>
* US-CERT Technical Cyber Security Alert TA09-088A -
<http://www.us-cert.gov/cas/techalerts/TA09-088A.html>
* Virus alert about the Win32/Conficker.B worm -
<http://support.microsoft.com/kb/962007>
* The Conficker Worm -
<http://www.symantec.com/norton/theme.jsp?themeid=conficker_worm>
* W32/Conficker.worm -
<http://us.mcafee.com/root/campaign.asp?cid=54857>
* Microsoft Automatic Updates -
<http://www.microsoft.com/windows/downloads/windowsupdate/automaticupdate.mspx>
____________________________________________________________________
The most recent version of this document can be found at:
<http://www.us-cert.gov/cas/alerts/SA09-088A.html>
____________________________________________________________________
Feedback can be directed to US-CERT Technical Staff. Please send
email to <c...@cert.org> with “SA09-088A Feedback VU#827267″ in
the subject.
____________________________________________________________________
For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
____________________________________________________________________
Produced 2009 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
____________________________________________________________________
Revision History
March 29, 2009: Initial release
March 30th, 2009
Conficker Worm Targets Microsoft Windows Systems
Original release date: March 29, 2009
Last revised: –
Source: US-CERT
Systems Affected
* Microsoft Windows
Overview
US-CERT is aware of public reports indicating a widespread
infection of the Conficker worm, which can infect a Microsoft
Windows system from a thumb drive, a network share, or directly
across a network if the host is not patched with MS08-067.
I. Description
The presence of a Conficker infection may be detected if a user is
unable to surf to the following websites:
* http://www.symantec.com/norton/theme.jsp?themeid=conficker_worm&inid=us_ghp_link_conficker_worm
* http://www.mcafee.com
If a user is unable to reach either of these websites, a Conficker
infection may be indicated (the most current variant of Conficker
interferes with queries for these sites, preventing a user from
visiting them). If a Conficker infection is suspected, the
infected system should be removed from the network. Major
anti-virus vendors and Microsoft have released several free tools
that can verify the presence of a Conficker infection and remove
the worm. Instructions for manually removing a Conficker infection
from a system have been published by Microsoft in
http://support.microsoft.com/kb/962007.
II. Impact
A remote, unauthenticated attacker could execute arbitrary code on
a vulnerable system.
III. Solution
US-CERT encourages users to prevent a Conficker infection by
ensuring all systems have the MS08-067 patch (part of Security
Update KB958644, which was published by Miscrosoft in October
2008), disabling AutoRun functionality (see
http://www.us-cert.gov/cas/techalerts/TA09-020A.html), and
maintaining up-to-date anti-virus software.
IV. References
* Virus alert about the Win32/Conficker.B worm -
<http://support.microsoft.com/kb/962007>
* Microsoft Security Bulletin MS08-067 – Critical -
<http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx>
* Microsoft Windows Does Not Disable AutoRun Properly -
<http://www.us-cert.gov/cas/techalerts/TA09-020A.html>
* MS08-067: Vulnerability in Server service could allow remote code
execution -
<http://support.microsoft.com/kb/958644>
* The Conficker Worm -
<http://www.symantec.com/norton/theme.jsp?themeid=conficker_worm>
* W32/Conficker.worm -
<http://us.mcafee.com/root/campaign.asp?cid=54857>
____________________________________________________________________
The most recent version of this document can be found at:
<http://www.us-cert.gov/cas/techalerts/TA09-088A.html>
____________________________________________________________________
Feedback can be directed to US-CERT Technical Staff. Please send
email to <c...@cert.org> with “TA09-088A Feedback VU#827267″ in
the subject.
____________________________________________________________________
For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
____________________________________________________________________
Produced 2009 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
____________________________________________________________________
Revision History
March 29, 2009: Initial release
March 30th, 2009
Original release date: March 29, 2009 at 8:18 pm
Last revised: March 29, 2009 at 8:18 pm
US-CERT is aware of public reports indicating a widespread infection
of the Conficker worm, which can infect a Microsoft Windows system
from a thumb drive, a network share, or directly across the network if
the host is not patched with MS08-067.
The presence of a Conficker infection may be detected if a user is
unable to navigate to the following websites:
http://www.symantec.com/norton/theme.jsp?themeid=conficker_worm&inid=u
s_ghp+link_conficker_worm
http://www.mcafee.com
If a user is unable to reach either of these websites, the Conficker
infection may be indicated (the most current variant of Conficker
interferes with queries for these sites, preventing a user from
visiting them). If a Conficker infection is suspected, the infected
system should be removed from the network. Major anti-virus vendors
and Microsoft have released several free tools that can verify the
presence of a Conficker infection and remove the worm. Instructions
for manually removing a Conficker infection from a system have been
published by Microsoft in Knowledgebase Article 962007.
US-CERT encourages users to prevent a Conficker infection by ensuring
all systems have the MS08-067 patch (part of Security Update KB958644,
which was published by Microsoft in October 2008), disabling AutoRun
functionality (see US-CERT Technical Cyber Security Alert TA09-020A),
and maintaining up-to-date antivirus software.
US-CERT will provide additional information as it becomes available.
Relevant Url(s):
<http://support.microsoft.com/kb/958644>
<http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx>
<http://www.us-cert.gov/cas/techalerts/TA09-020A.html>
<http://support.microsoft.com/kb/962007>
<http://www.mcafee.com/>
<http://www.symantec.com/norton/theme.jsp?themeid=conficker_worm&inid=us_ghp_link_conficker_worm>
====
This entry is available at
http://www.us-cert.gov/current/index.html#conficker_worm_information
March 29th, 2009
 |
|
IN THIS ISSUE:
-
Announcing the S388 Signature Update for IPS
-
Announcing End-of-Life (EOL) for new signature updates in 4.x format for Cisco IOS IPS feature
-
Cisco IPS Signature correlation available in the Cisco Security IntelliShield Alert Manager Service
-
Subscribe to the Product Alert Tool for IPS Related Field Issues
-
Subscription Information
1. Announcing the S388 Signature Update for IPS
The S388 signature update contains the following new signatures:
| PLATFORM |
SIGID |
SIGNAME |
ENGINE |
SEVERITY |
ENABLED |
| 5.x,6.x |
6085.0 |
IE Table Column Record Handling |
string-tcp |
high |
false |
| 5.x,6.x |
6108.0 |
FreeRADIUS Denial of Service |
atomic-ip |
medium |
false |
| 5.x,6.x |
6106.0 |
Cisco Secure ACS EAP-TLS Authentication Bypass |
string-udp |
medium |
false |
| 5.x,6.x |
6135.0 |
Sun Solaris in.rwhod Buffer Overflow |
string-udp |
high |
false |
| 5.x,6.x |
6732.0 |
CA BrightStor ARCServe Backup LGServer Password Buffer Overflow |
string-tcp |
high |
true |
| 5.x,6.x |
6734.0 |
CA ARCserve Backup LGServer Multiple Buffer Overflows |
string-tcp |
high |
false |
| 5.x,6.x |
6719.0 |
MySQL COM_TABLE_DUMP Function Stack Overflow |
string-tcp |
high |
false |
| 5.x,6.x |
6720.0 |
MySQL Login Handshake Information Disclosure |
string-tcp |
high |
false |
| 5.x,6.x |
6721.0 |
OpenBSD ISAKMP Message Handling Denial Of Service |
atomic-ip |
low |
false |
| 5.x,6.x |
6723.0 |
Sun Directory Server LDAP Denial of Service Details |
string-tcp |
medium |
false |
| 5.x,6.x |
3791.1 |
Solaris Printd Unlink File Deletion |
string-tcp |
medium |
false |
| 5.x,6.x |
6735.0 |
Microsoft Internet Explorer HHCtrl.ocx Image Property Heap Corruption |
multi-string |
medium |
false |
| 5.x,6.x |
6736.0 |
Apple QuickTime FLIC Animation File Buffer Overflow Details |
string-tcp |
medium |
false |
| 5.x,6.x |
6737.0 |
OpenSSL SSL_get_shared_ciphers Function Buffer Overflow |
string-tcp |
high |
false |
| 5.x,6.x |
6739.0 |
Novell GroupWise Messenger HTTP POST Request Invalid Memory Access |
string-tcp |
low |
false |
| 5.x,6.x |
6740.0 |
Trend Micro OfficeScan Atxconsole ActiveX Control Format String |
string-tcp |
medium |
false |
| 5.x,6.x |
6742.0 |
Microsoft PowerPoint Malformed Record Code Execution |
string-tcp |
medium |
false |
| 5.x,6.x |
15133.0 |
XML Race Condition in Internet Explorer |
string-tcp |
high |
false |
| 5.x,6.x |
7246.1 |
Microsoft Excel Spreadsheet Buffer Overflow |
string-tcp |
high |
false |
| 5.x,6.x |
15954.0 |
CA Multiple Products Console Server Buffer Overflow |
string-tcp |
high |
false |
| 5.x,6.x |
16013.0 |
Borland Interbase Integer Overflow Vulnerability |
string-tcp |
high |
true |
The S388 signature update contains the following modified signatures:
| PLATFORM |
SIGID |
SIGNAME |
ENGINE |
SEVERITY |
ENABLED |
| 5.x,6.x |
5569.0 |
MDaemon Imap Authentication Overflow |
string-tcp |
high |
true |
| 5.x,6.x |
5602.0 |
Windows System32 Directory File Access |
service-smb-advanced |
medium |
true |
| 5.x,6.x |
3003.0 |
TCP Frag SYN Port Sweep |
sweep |
high |
true |
| 5.x,6.x |
3180.1 |
BakBone NetVault Remote Heap Overflow |
string-tcp |
high |
false |
| 5.x,6.x |
3408.0 |
Telnet Client LINEMODE SLC Option Overflow |
string-tcp |
high |
false |
| 5.x,6.x |
5463.0 |
Computer Associates License Software GETCONFIG Buffer Overflow |
string-tcp |
high |
false |
| 5.x,6.x |
3157.0 |
FTP PASV Port Spoof |
service-ftp |
high |
true |
| 5.x,6.x |
3251.0 |
TCP Hijack Simplex Mode |
normalizer |
high |
false |
| 5.x,6.x |
6008.0 |
First 4 Internet XCP Uninstallation ActiveX Control |
string-tcp |
high |
false |
| 5.x,6.x |
3534.0 |
IMAP Long AUTHENTICATE Command |
string-tcp |
high |
true |
Modified signature details: SFR has been increased for the following sigs: 3003-0 TCP Frag SYN Port Sweep 3157-0 FTP PASV Port Spoof 3534-0 IMAP Long AUTHENTICATE Command The following sigs have been retired: 3180-1 BakBone NetVault Remote Heap Overflow 3251-0 TCP Hijack Simplex Mode 3408-0 Telnet Client LINEMODE SLC Option Overflow 5463-0 Computer Associates License Software GETCONFIG Buffer Overflow 6008-0 First 4 Internet XCP Uninstallation ActiveX Control The following sigs have been modified to increase fidelity: 5569-0 MDaemon Imap Authentication Overflow 5602-0 Windows System32 Directory File Access
IMPORTANT NOTES: All signature updates are cumulative. The S388 signature update contains all previously released signature updates. You must have a valid Cisco Services for IPS contract per sensor to receive and use software upgrades including signature updates from Cisco.com. A Cisco Services for IPS Services License is required for the installation of all signature updates. The Cisco Services for IPS Services License can be requested from http://www.cisco.com/go/license for all sensors covered by a maintenance contract. To manage your maintenance contracts use the Service Contract Center: http://www.cisco.com/cgi-bin/front.x/scccibdispatch?AppName=ContractAgent
SUPPORTED PLATFORMS: The S388 signature update can ONLY be applied to E3 sensors. IPS S388 Software Update Files: Sensor appliances, IDSM2, NM-CIDS, ASA-SSM-AIP modules: click here
IOS IPS in 12.4(11)T or later T-Train Releases: http://www.cisco.com/pcgi-bin/tablebuild.pl/ios-v5sigup Note: Posting of signature release files for IOS IPS may take a few additional days.
CISCO SECURITY MANAGER (CSM) NOTICE:
Note 1: You can only apply the IPS-CS-MGR-sig-S388-req-E3.zip signature update file to CSM 3.0 or later and IPS MC version 2.2 or later. The E3 Engine Update packages for sensors are deployed automatically the first time a signature set that requires E3 is deployed by CSM. E3 updates are not listed or available for selection in the Apply Update Wizard and cannot be applied independently by CSM. To ensure that the E3 update is applied to your sensors, please ensure that you push the S366 package to your sensors.
2. Announcing End-of-Life (EOL) for new signature updates in 4.x format for Cisco IOS IPS feature
IMPORTANT ANNOUNCEMENT:
Cisco announces the End-of-Life (EOL) for new signature updates in Cisco IPS version 4.x format for Cisco IOS IPS feature.
No new signature releases in 4.x format and no new updates to the pre-built Basic or Advanced signature sets (128MB.sdf
and 256MB.sdf files) will be posted at http://www.cisco.com/pcgi-bin/tablebuild.pl/ios-sigup after this time. IOS-S351.zip file
posted on August 20, 2008 is the final signature release and Version 10 of the recommended Basic and Advanced signature
sets posted on August 11, 2008 are the final recommended sets in 4.x format for IOS IPS. Customers using IOS IPS feature
with IOS Mainline and T-Train Releases prior to 12.4(11)T Release that work only with 4.x format IPS signatures are
strongly encouraged to upgrade their routers to run IOS 12.4(15)T7 or 12.4(20)T release as soon as possible.
3. Cisco IPS Signature correlation available in the Cisco. Security IntelliShield Alert Manager Service Search Access Feature
The Cisco IPS Team is pleased to announce the correlation of Cisco IPS Signature information within the IntelliShield Alert Manager Search Access Feature. Cisco Services for IPS clients that subscribe to the service now have access to perform targeted searches to display Cisco IPS Signatures associated with different alerts to ensure they have the most up to date intelligence. Subscribers can view a new IPS Signature list page that is searchable and will display Cisco IPS Signatures associated with IntelliShield Alerts. IntelliShield Alerts also contain the associated Cisco IPS Signature information within each alert.
The IntelliShield Alert Manager Search Access Feature provides clients with access to one of the most extensive collections of vendor-neutral security intelligence alerts in the industry. Clients can access a fully indexed and searchable database that extends back over six years and contains more than 1700 vendors, 5500 products, and 20,000 distinct versions of applications.
To obtain access to the IntelliShield Alert Manager Search Access Feature, each user is required to provide either a valid IPS License File or a valid IPS Serial Number to authorize the creation of this user account. Only one user account is permitted for each IPS License File or IPS Serial Number. Please proceed to the registration page at the following link to obtain your access:
https://intellishield.cisco.com/security/alertmanager/intelliShieldSearch
Email support is available for users of the Cisco Security IntelliShield Alert Manager Service Search Access Feature at intellishieldsearch-support@cisco.com . Support is provided by Cisco during the hours of 7:00 a.m. and 7:00 p.m. Eastern Time.
4. Subscribe to the Product Alert Tool for IPS Related Field Issues
Interested in knowing the latest on field notices, product alerts, and end-of-sale information relating to your IDS and IPS hardware? We have recently updated the Cisco Product Alert Tool to include IDS and IPS appliances.
Simply visit: http://tools.cisco.com/Support/PAT/do/ViewMyProfiles.do and follow these steps:
- Select Create a new Alert Profile.
- Name your profile anything you would like.
- Under Select Your Product, select: Intrusion Prevention System
- Click Add so that “Intrusion Prevention System” is added to the “Products in your profile” list
- Select the message types you wish to receive
- Confirm your email address
- Click Submit.
You will be kept up to date with the latest news on your IPS hardware appliances.
5. Subscription Information
If you wish to receive this bulletin, you can subscribe now.
Your opinions are important to us. If you have feedback about the Active Update Bulletin, please contact us at ips-news@cisco.com. For technical support, sales or other issues, please contact your authorized Cisco reseller or Cisco TAC. Please note that technical support or sales questions sent to this address will not be answered or redirected.
|
|
|
Links
- Software Center – Download the latest Cisco IPS software.
- User Forum – Participate in the IPS Forum, part of our Networking Professionals Connection.
- Home Page – Visit our Cisco IPS home page for product literature, news, and awards.
- Cisco Security Center- Visit the Cisco Security Center site for information on emerging threats and the Cisco network IPS signatures available to protect your network..
- CRMS – Cisco Remote Managed Services for Security
- Training – Learn about available IPS training courses and Cisco Security Certifications.
- IPS Technical Documentation – Visit our Cisco IPS Technical Documentation site for configuration guides, maintenance guides, release and installation notes and more
- IntelliShield Alert Manager Search Access Feature – Search through an extensive collection of security intelligence reports. Registration required.
|
March 29th, 2009
March 2009
=====/Cisco Unity Software on VMWare/=================================
Effective February 27, 2009, Cisco Unity 7.0 is supported on a VMware
ESX 3.5 platform. Deploying Cisco Unity software in a VMware
environment offers substantial benefits such as:
. Reduces capital and operating expenses
. Increases operational efficiencies
. Lowers environmental impact
The Cisco Unity on VMware solution requires a VMware infrastructure
and is recommended only for Cisco customers with significant expertise
and investment in data center virtualization.
To get started, read the Design Guide for Cisco Unity Virtualization.
http://sdm3.rm04.net/ctt?kn=27&m=2455158&r=MTYxODkwNjE0ODcS1&b=2&j=Njk3OTM1NDYS1&mt=1&rt=0.
=====/Product Launches/===============================================
* Cisco Unified Enterprise Attendant Console Enhances Customer Service
http://sdm3.rm04.net/ctt?kn=20&m=2455158&r=MTYxODkwNjE0ODcS1&b=2&j=Njk3OTM1NDYS1&mt=1&rt=0
March 16, 2009
* Cisco Unified Wireless IP Phone 7925G for Demanding Environments
http://sdm3.rm04.net/ctt?kn=29&m=2455158&r=MTYxODkwNjE0ODcS1&b=2&j=Njk3OTM1NDYS1&mt=1&rt=0
February 27, 2009
* Cisco Products Launch RSS Feed
http://sdm3.rm04.net/ctt?kn=46&m=2455158&r=MTYxODkwNjE0ODcS1&b=2&j=Njk3OTM1NDYS1&mt=1&rt=0
=====/In the Spotlight/===============================================
Top Overall NetPros as of 3/20/09:
1. rob.huffman 15,665
2. p.bevilacqua 12,798
3. rburts 12,086
4. jon.marshall 10,846
5. thisisshanky 7,197
Top March NetPros as of 3/20/09:
1. giuslar 555
2. jon.marshall 521
3. rob.huffman 326
4. adamclarkuk 241
4. p.bevilacqua 221
See if you are listed on our Top NetPro page today.
http://sdm3.rm04.net/ctt?kn=7&m=2455158&r=MTYxODkwNjE0ODcS1&b=2&j=Njk3OTM1NDYS1&mt=1&rt=0
=====/Member Interview/=================================================
*** Sankar Nair ***
Sankar Nair is a network engineer with Cisco Gold Partner General
Datatech, a network infrastructure professional services firm based in
Dallas, Texas. The company started 12 years ago as a reseller of
networking products, then branched into network services six years ago.
Today, General Datatech provides industry-leading wide area and local
area network services to its clients across the United States.
Read more of this interview
http://sdm3.rm04.net/ctt?kn=35&m=2455158&r=MTYxODkwNjE0ODcS1&b=2&j=Njk3OTM1NDYS1&mt=1&rt=0
=====/Cisco Live 2009/==================================================
Registration is now open.
Don’t miss the industry’s premier education and training event for IT,
networking, and communications professionals. Attend Cisco Live – home
of Networkers – June 27 through July 2, in San Francisco.
Learn more at:
http://sdm3.rm04.net/ctt?kn=4&m=2455158&r=MTYxODkwNjE0ODcS1&b=2&j=Njk3OTM1NDYS1&mt=1&rt=0
=====/Events/===========================================================
*** Ask the Expert – NX-OS ***
Learn about NX-OS and its benefits with Cisco expert Mark Berly.
Ends March 27, 2009
Join the Discussion
http://sdm3.rm04.net/ctt?kn=11&m=2455158&r=MTYxODkwNjE0ODcS1&b=2&j=Njk3OTM1NDYS1&mt=1&rt=0
*** Ask the Expert – Cisco AP-1140 Access Point ***
Get an update on Wi-Fi such as antennas, PoE, standards, installations
and more with Cisco expert Fred Niehaus.
Ends March 27, 2009
Join the Discussion
http://sdm3.rm04.net/ctt?kn=11&m=2455158&r=MTYxODkwNjE0ODcS1&b=2&j=Njk3OTM1NDYS1&mt=1&rt=0
*** Ask the Expert – CVO Express ***
Learn how Cisco Virtual Office Express provides an easier way to deploy
and manage teleworker services with Cisco expert Pedro Leonardo.
Starts March 30, 2009
Coming Soon
http://sdm3.rm04.net/ctt?kn=11&m=2455158&r=MTYxODkwNjE0ODcS1&b=2&j=Njk3OTM1NDYS1&mt=1&rt=0
*** Ask the Expert – IPv6 ***
Learn how to deploy Internet Protocol version 6 to cope with the growing
demand with Cisco expert Harold Ritter.
Starts March 30, 2009
Coming Soon
http://sdm3.rm04.net/ctt?kn=11&m=2455158&r=MTYxODkwNjE0ODcS1&b=2&j=Njk3OTM1NDYS1&mt=1&rt=0
Check out additional TAC information related to the events:
* Product Support for Cisco NX-OS Software
http://sdm3.rm04.net/ctt?kn=28&m=2455158&r=MTYxODkwNjE0ODcS1&b=2&j=Njk3OTM1NDYS1&mt=1&rt=0
* Cisco NX-OS MIB Quick Reference
http://sdm3.rm04.net/ctt?kn=12&m=2455158&r=MTYxODkwNjE0ODcS1&b=2&j=Njk3OTM1NDYS1&mt=1&rt=0
* Password Recovery Procedure for Cisco NX-OS
http://sdm3.rm04.net/ctt?kn=14&m=2455158&r=MTYxODkwNjE0ODcS1&b=2&j=Njk3OTM1NDYS1&mt=1&rt=0
* Product Support for Cisco Aironet 1140 Series
http://sdm3.rm04.net/ctt?kn=22&m=2455158&r=MTYxODkwNjE0ODcS1&b=2&j=Njk3OTM1NDYS1&mt=1&rt=0
* Getting Started Guide: Cisco Aironet 1140 Series Lightweight Access
Point
http://sdm3.rm04.net/ctt?kn=18&m=2455158&r=MTYxODkwNjE0ODcS1&b=2&j=Njk3OTM1NDYS1&mt=1&rt=0
* Cisco Virtual Office – End User Instructions for Cisco 1811 Router
Set Up at Home or Small Office
http://sdm3.rm04.net/ctt?kn=39&m=2455158&r=MTYxODkwNjE0ODcS1&b=2&j=Njk3OTM1NDYS1&mt=1&rt=0
* Cisco Virtual Office – End User Instructions for Cisco 871 and
Cisco 881 Router Set Up at Home or Small Office
http://sdm3.rm04.net/ctt?kn=19&m=2455158&r=MTYxODkwNjE0ODcS1&b=2&j=Njk3OTM1NDYS1&mt=1&rt=0
* Technology Support for IP Version 6 (IPv6)
http://sdm3.rm04.net/ctt?kn=36&m=2455158&r=MTYxODkwNjE0ODcS1&b=2&j=Njk3OTM1NDYS1&mt=1&rt=0
* Cisco IPv6 Solutions
http://sdm3.rm04.net/ctt?kn=30&m=2455158&r=MTYxODkwNjE0ODcS1&b=2&j=Njk3OTM1NDYS1&mt=1&rt=0
For even more information, check out the technical support available
on the Cisco Support Website:
http://sdm3.rm04.net/ctt?kn=8&m=2455158&r=MTYxODkwNjE0ODcS1&b=2&j=Njk3OTM1NDYS1&mt=1&rt=0
For the latest webcasts, check out the NetPro page:
http://sdm3.rm04.net/ctt?kn=38&m=2455158&r=MTYxODkwNjE0ODcS1&b=2&j=Njk3OTM1NDYS1&mt=1&rt=0
======/Participation/================================================
Check out these interesting conversations going on in our discussion
forums:
*** Redistributing vs. Advertising ***
gkuzmowycz needs your advice on the following question. “I’ve read a
lot of Cisco documentation and have worked through the relevant
sections of Jeff Doyle’s book, but I’m still having difficulty with
this topic. Can somebody give a “25 words or less” sort of explanation
of the difference between “redistributing via” and “advertised by”?”
If you have suggestions, post them to gkuzmowycz’s inquiry located in
the Network Infrastructure Forum’s WAN topic.
http://sdm3.rm04.net/ctt?kn=34&m=2455158&r=MTYxODkwNjE0ODcS1&b=2&j=Njk3OTM1NDYS1&mt=1&rt=0
*** Need Help Designing a WLAN ***
MIke68847 needs your feedback on the following issue. “I want to scrap
our D-Link WLAN’s and use Cisco devices, but I am so new to CISCO that
I don’t know what I should have or what devices really need to go
together, so I thought I’d ask. Our non-profit org is a small campus
on a former ranch. I want to extend wireless access to 2 other buildings
from our Admin bldg. They are both within 110 meters of my outdoor
omni-dir. antenna. I would like to have guest access to the internet
ONLY, and staff-only access to the LAN. I have a single Aironet 1131AG
access point and like it fairly well (I don’t like that I can’t do WPA
with it unless I also use RADIUS.) I wouldn’t mind using more, but ….
do I need other Cisco devices to enhance or control them? (Add’l info:
I have a Windows Server 2003-based LAN using Active Directory, ISA 2004
with SP2 as my firewall, and I have a Layer-3 switch (VLAN capable) -
a D-Link DES-3828P.)” If you have suggestions post them to
MIke68847’s inquiry located in the Wireless Forum’s Getting Started with
Wireless discussion topic.
http://sdm3.rm04.net/ctt?kn=15&m=2455158&r=MTYxODkwNjE0ODcS1&b=2&j=Njk3OTM1NDYS1&mt=1&rt=0
*** “Pending” Licenses ***
nowcommsupport computer needs your feedback on the following issue.”A
prospect customer of ours is having some issues with Auto registering
phones, and it means that they now can’t add new phones. The symptoms
that they’ve put across to me are a little on the woolly side and we
can’t get remote access either! Basically in CUCM 5.x they have the
license report that tells them: Total DLUs: 1260 Used: 1124 Units
Remaining: 136 Units Pending: 185. I haven’t got the exact wording,
but the error the customer receives is along the lines that number of
unused / pending licenses is preventing them from adding new phones.
Anyone care to explain what the “pending” field does? And why they
might have ended up with pending licenses?” If you have suggestions
post them to nowcommsupport’s inquiry located in the Unified
Communications and Video Forum’s IP Telephony discussion topic.
http://sdm3.rm04.net/ctt?kn=41&m=2455158&r=MTYxODkwNjE0ODcS1&b=2&j=Njk3OTM1NDYS1&mt=1&rt=0
*** New to NAC ***
rpinon needs your feedback on the following issue. “My company has
asked me to investigate NAC at the headquarters. I’m going over pages
of quotes and information, my question – Do I need to purchase a
failover bundle? If not, I assume when the NAC fails, connectivity is
open, but I assume a good Smartnet contract can limit that, money is
tight enough and I want to see this happen.” If you have suggestions
post them to rpinon’s inquiry located in the Security Forum’s General
discussion topic.
http://sdm3.rm04.net/ctt?kn=17&m=2455158&r=MTYxODkwNjE0ODcS1&b=2&j=Njk3OTM1NDYS1&mt=1&rt=0
======/Latest Cisco News/============================================
* Cisco Announces Intent to Acquire Pure Digital Technologies,
Makers of Flip VideoTM
March 19, 2009
http://sdm3.rm04.net/ctt?kn=5&m=2455158&r=MTYxODkwNjE0ODcS1&b=2&j=Njk3OTM1NDYS1&mt=1&rt=0
* Accenture and Cisco Introduce Enterprise Solutions to Support
Cisco’s New Unified Computing System
March 16, 2009
http://sdm3.rm04.net/ctt?kn=21&m=2455158&r=MTYxODkwNjE0ODcS1&b=2&j=Njk3OTM1NDYS1&mt=1&rt=0
* Cisco and VMware Enhance Virtualization with Powerful, Scalable
Unified Computing System
March 16, 2009
http://sdm3.rm04.net/ctt?kn=40&m=2455158&r=MTYxODkwNjE0ODcS1&b=2&j=Njk3OTM1NDYS1&mt=1&rt=0
* Cisco Builds Open Partner Ecosystem to Accelerate Industry Transition
to Unified Computing
March 16, 2009
http://sdm3.rm04.net/ctt?kn=3&m=2455158&r=MTYxODkwNjE0ODcS1&b=2&j=Njk3OTM1NDYS1&mt=1&rt=0
======/Cisco Smart Call Home/=========================================
Cisco Smart Call Home to Support End-to-End Enterprise Devices
Many enterprise customers are already benefiting from Smart Call Home
as it provides higher network availability and operational efficiency.
The roadmap for Smart Call Home product support is quickly accelerating
beyond the data center. During the next six months, the following Cisco
products will be phased into Smart Call Home product support: Cisco
Catalyst 4500, Cisco 7300, and Cisco 7200 products. Support for a
majority of mainstream Cisco products, including Cisco ASR 1000 devices;
Cisco 800 Series Routers; and Cisco 1800, 2800, and 3800 Series
Integrated Services Routers, will quickly follow.
To download the correct software release for your device and appropriate
Quick Start Guide, visit the Smart Call Home website.
Smart Call Home is available as part of the Cisco SMARTnet Service;
there is no additional cost.
Learn more:
http://sdm3.rm04.net/ctt?kn=31&m=2455158&r=MTYxODkwNjE0ODcS1&b=2&j=Njk3OTM1NDYS1&mt=1&rt=0
=====================================================================
March 29th, 2009
Cisco Live 2009
Redistributing vs. Advertising
gkuzmowycz needs your advice on the following question. “I’ve read a lot of Cisco documentation and have worked through the relevant sections of Jeff Doyle’s book, but I’m still having difficulty with this topic. Can somebody give a “25 words or less” sort of explanation of the difference between “redistributing via” and “advertised by”?” If you have suggestions, post them to gkuzmowycz’s inquiry located in the Network Infrastructure Forum’s WAN topic.
Post your suggestions.
Need Help Designing a WLAN
MIke68847 needs your feedback on the following issue. “I want to scrap our D-Link WLAN’s and use Cisco devices, but I am so new to CISCO that I don’t know what I should have or what devices really need to go together, so I thought I’d ask. Our non-profit org is a small campus on a former ranch. I want to extend wireless access to 2 other buildings from our Admin bldg. They are both within 110 meters of my outdoor omni-dir. antenna. I would like to have guest access to the internet ONLY, and staff-only access to the LAN. I have a single Aironet 1131AG access point and like it fairly well (I don’t like that I can’t do WPA with it unless I also use RADIUS.) I wouldn’t mind using more, but …. do I need other Cisco devices to enhance or control them? (Add’l info: I have a Windows Server 2003-based LAN using Active Directory, ISA 2004 with SP2 as my firewall, and I have a Layer-3 switch (VLAN capable) – a D-Link DES-3828P.)”. If you have suggestions post them to MIke68847’s inquiry located in the Wireless Forum’s Getting Started with Wireless discussion topic. Post your suggestions.
“Pending” Licenses
nowcommsupport computer needs your feedback on the following issue.”A prospect customer of ours is having some issues with Auto registering phones, and it means that they now can’t add new phones. The symptoms that they’ve put across to me are a little on the woolly side and we can’t get remote access either! Basically in CUCM 5.x they have the license report that tells them: Total DLUs: 1260 Used: 1124 Units Remaining: 136 Units Pending: 185. I haven’t got the exact wording, but the error the customer receives is along the lines that number of unused / pending licenses is preventing them from adding new phones. Anyone care to explain what the “pending” field does? And why they might have ended up with pending licenses?” If you have suggestions post them to nowcommsupport’s inquiry located in the Unified Communications and Video Forum’s IP Telephony discussion topic. Post your suggestions.
New to NAC
rpinon needs your feedback on the following issue. “My company has asked me to investigate NAC at the headquarters. I’m going over pages of quotes and information, my question – Do I need to purchase a failover bundle? If not, I assume when the NAC fails, connectivity is open, but I assume a good Smartnet contract can limit that, money is tight enough and I want to see this happen.” If you have suggestions post them to rpinon’s inquiry located in the Security Forum’s General discussion topic. Post your suggestions.
March 29th, 2009
Cisco Unity Software on VMWare
Effective February 27, 2009, Cisco Unity 7.0 is supported on a VMware ESX 3.5 platform. Deploying Cisco Unity software in a VMware environment offers substantial benefits such as:
- Reduces capital and operating expenses
- Increases operational efficiencies
- Lowers environmental impact
The Cisco Unity on VMware solution requires a VMware infrastructure and is recommended only for Cisco customers with significant expertise and investment in data center virtualization.
To get started, read the Design Guide for Cisco Unity Virtualization.
March 29th, 2009
Original release date: March 26, 2009 at 8:54 am
Last revised: March 26, 2009 at 8:54 am
Sun has released updates for Java SE to address multiple
vulnerabilities. These vulnerabilities may allow an attacker to
execute arbitrary code, cause a denial-of-service condition, or
operate with escalated privileges.
US-CERT encourages users to review the Sun Java SE 6 Update Release
Notes and upgrade to Java SE version 1.6.0_13 to help mitigate the
risks.
Relevant Url(s):
<http://java.sun.com/javase/6/webnotes/6u13.html>
====
This entry is available at
http://www.us-cert.gov/current/index.html#sun_releases_updates_for_java2
March 26th, 2009
Original release date: March 26, 2009 at 8:36 am
Last revised: March 26, 2009 at 8:36 am
OpenSSL has released a security advisory to address multiple
vulnerabilities. These vulnerabilities may allow an attacker to cause
a denial-of-service condition or bypass security restrictions in
affected applications.
US-CERT encourages users and administrators to review the OpenSSL
security advisory. Because OpenSSL is widely redistributed, users
should check for updates from their operating system vendors and
vendors of other products using OpenSSL. Users of OpenSSL from the
original source distribution should upgrade to OpenSSL 0.9.8k.
Relevant Url(s):
<http://www.openssl.org/news/secadv_20090325.txt>
====
This entry is available at
http://www.us-cert.gov/current/index.html#openssl_releases_security_advisory1
March 26th, 2009
Original release date: March 25, 2009 at 3:41 pm
Last revised: March 25, 2009 at 3:41 pm
Cisco has released multiple security advisories to address
vulnerabilities in IOS Software. These vulnerabilities may allow an
attacker to cause a denial-of-service condition, interfere with
network traffic, or operate with escalated privileges.
US-CERT encourages users and administrators to review the following
Cisco security advisories and apply any necessary workarounds or
updates to help mitigate the risks.
* cisco-sa-20090325-udp : Cisco IOS Software Multiple Features
Crafted UDP Packet Vulnerability
* cisco-sa-20090325-tcp : Cisco IOS Software Multiple Features
Crafted TCP Sequence Vulnerability
* cisco-sa-20090325-ip : Cisco IOS Software Multiple Features IP
Sockets Vulnerability
* cisco-sa-20090325-webvpn : Cisco IOS Software WebVPN and SSLVPN
Vulnerabilities
* cisco-sa-20090325-mobileip : Cisco IOS Software Mobile IP and
Mobile IPv6 Vulnerabilities
* cisco-sa-20090325-scp : Cisco IOS Software Secure Copy Privilege
Escalation Vulnerability
* cisco-sa-20090325-sip : Cisco IOS Software Session Initiation
Protocol Denial of Service Vulnerability
* cisco-sa-20090325-ctcp : Cisco IOS cTCP Denial of Service
Vulnerability
Relevant Url(s):
<http://www.cisco.com/en/US/products/products_security_advisory09186a0080a904c6.shtml>
<http://www.cisco.com/en/US/products/products_security_advisory09186a0080a90459.shtml>
<http://www.cisco.com/en/US/products/products_security_advisory09186a0080a9042f.shtml>
<http://www.cisco.com/en/US/products/products_security_advisory09186a0080a904cb.shtml>
<http://www.cisco.com/en/US/products/products_security_advisory09186a0080a904c0.shtml>
<http://www.cisco.com/en/US/products/products_security_advisory09186a0080a90426.shtml>
<http://www.cisco.com/en/US/products/products_security_advisory09186a0080a90424.shtml>
<http://www.cisco.com/en/US/products/products_security_advisory09186a0080a904c8.shtml>
====
This entry is available at
http://www.us-cert.gov/current/index.html#cisco_releases_multiple_security_advisory
