cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2487
Views
15
Helpful
6
Replies

Ask the Experts: Automating Cisco IOS Vulnerability Assessment

ciscomoderator
Community Manager
Community Manager

Automating Cisco IOS Software Vulnerability Assessment with Omar SantosWith Omar Santos

Welcome to the Cisco Support Community Ask the Expert conversation. This is an opportunity to learn and ask questions about Cisco's Product Security Incident Response Team (PSIRT) including Open Vulnerability and Assessment Language (OVAL) definitions in Cisco IOS Software security advisories. OVAL provides a structured and standard machine-readable content that allows customers to quickly consume security vulnerability information and identify affected devices.

You can ask things like how customers can use OVAL to quickly assess the effects of security vulnerabilities in Cisco IOS Software devices as well as how to provide step-by-step instructions on how to use OVAL content with available open source tools, and about security automation and machine-readable content.

Omar Santos is an incident manager with Cisco's PSIRT. He has designed, implemented, and supported numerous secure networks for Fortune 500 companies and the U.S. government, including the U.S. Marine Corps and the U.S. Department of Defense. He is also the author of many Cisco online technical documents and configuration guidelines. Prior to his current role, he was a technical leader within the World Wide Security Practice and Cisco's Technical Assistance Center (TAC), where he taught, led, and mentored many engineers within both organizations. He is an active member of the InfraGard organization. InfraGard is a cooperative undertaking between the Federal Bureau of Investigation and an association of businesses, academic institutions, state and local law enforcement agencies, and other participants that is dedicated to increasing the security of the critical infrastructures of the United States of America. Santos has also delivered numerous technical presentations to Cisco customers and partners; as well as executive presentations to CEOs, CIOs, and CSOs of many organizations. He is also the author of these Cisco Press books: Cisco ASA: All-in-One Firewall, IPS, and VPN Adaptive Security Appliance; Cisco Network Admission Control, Volume II: NAC Deployment and Troubleshooting; End-to-End Network Security: Defense-in-Depth; and Cisco ASA: All-in-One Firewall, IPS, Anti-X, and VPN Adaptive Security Appliance (2nd Edition).

Remember to use the rating system to let Omar know if you have received an adequate response.

Omar might not be able to answer each question due to the volume expected during this event. Remember that you can continue the conversation on the Security community Other Security subcommunity shortly after the event. This event lasts through Friday May 3, 2013. Visit this forum often to view responses to your questions and the questions of other Cisco Support Community members.

Webcast related links:

.

6 Replies 6

John Ventura
Level 1
Level 1

When are security advisories posted by PSIRT?

Hi John,

Cisco generally discloses Cisco Security Advisories at 1600 GMT on any given Wednesday. For Cisco IOS Software security vulnerabilities and because of direct customer feedback, Cisco releases bundles of Cisco IOS Software Security Advisories at 1600 GMT on the fourth Wednesday in March and September each year. This schedule applies to the disclosure of Cisco IOS Software vulnerabilities and does not apply to the disclosure of vulnerabilities in other Cisco products.

This is documented in our Security Vulnerability Policy at the following link:

http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html#ds

Thank you!

Omar

Thanks Omar! That was helpful. Another quick question for you...is OVAL free?

Hi John,

All OVAL content that Cisco creates for security advisories is completely free. The OVAL definitions can be downloaded from each IOS security advisory.

I have included more information on the following blog post, as well as in the webcast (recording and slides):

http://blogs.cisco.com/security/automating-cisco-ios-vulnerability-assessment/

If you are referring to the OVAL language, it is also free. It is an industry-adopted standard led by MITRE.

A frequently asked questions (FAQ) document has been published at the following location to help answer some of the common questions related to Cisco’s OVAL adoption:

http://www.cisco.com/web/about/security/intelligence/oval_faq.html

Thanks!

Omar

Thanks much. Another question...can I put an OVAL definition inside of a CVRF XML?

Hi,

In the currrent version of CVRF (1.1) this is not supported. However, there have been talks on supporting this in the future. As a matter of fact, Cisco is taking an active roll on this and working with the industry to support this in the future.

Thanks!

Omar

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: