Cyber Threat Response Clinic 2.0
There is not a silver bullet for providing 100% protection against cyber crime. You can, however, learn to reduce the risk of being compromised! During a recent event that NFF hosted at the Cisco office in Washington DC, the attendees got to launch a real-time ransomware attack and see it unfolding.
This clinic was developed by Joseph (Joey) Muniz, a security researcher, and architect at Cisco Systems. Joey has been involved in the design and implementation of multiple projects ranging from Fortune 500 corporations to large federal networks. He is the author and contributor of several books including a book about Security Operations Centers and the CCNA Cyber Ops book, and he has spoken at popular security conferences such as Cisco Live, ISC2, and DEF CON.
During this exclusive live training in a virtual lab environment, people played as both attacker and defender in a real Cyber security attack situation. Joey showed how environments get compromised and how breaches get discovered and demonstrated how to respond effectively. The feedback was very positive; several people suggested to make it a multiple-day event!
It’s not if, but when
Not long ago we received an urgent call from one of our long-time customers, a large association representing more than 35,000 members nationwide. Several of their senior staff members had locked computers with ransomware notifications stating that all their files were encrypted and that they had to pay a ransom to regain access to their files. Since their computers had been connected to the organization's network, the ransomware had also encrypted all their shared drives, making them unavailable to all users in the company. Their systems were only protected with a basic firewall and antivirus software. Apparently, someone got linked to an infected web page, either directly or via a malicious email.
Luckily this customer has a service contract with us so that NFF engineers could start working on the issue immediately, and their first step was to isolate all their computers on a quarantined network to determine the extent of the infection. The second measure they took was configuring the customer’s network to use OpenDNS (now part of Cisco, under the “Umbrella Security” brand), adding a DNS-based security to prevent others from getting infected (NFF ultimately found a few more infected computers lying in wait that had not encrypted yet). Once the infected machines were identified and isolated, engineers assisted the client to restore the file server with their last backup.
The final task was wiping the infected computers. Within four to five hours everything was back to normal, without paying the ransom. Thanks to an established service agreement, the organization lost less than a day of productivity as the NFF engineers were able to take action immediately and mitigate the attack with a good backup and quick implementation of Umbrella Security.
We will be hosting this clinic again in the early Fall, let us know if you would like to receive an invite. In the meantime, we can help you review your vulnerabilities with a network threat assessment.
Disaster Recovery for DC’s Office of the Chief Financial Officer
NFF is in the final stages of an 8-month project with DC Government’s, Office of the Chief Financial Officer (OCFO) Agency for Design and Implementation of a Disaster Recovery (DR) Solution. In October of 2016, OCFO contracted NFF to design, implement, and test a DR Solution that would provide OCFO the ability to fail over their critical applications to the DC Government’s Data Center in Virginia.
The project consisted of extensive discovery and design efforts to collect, catalog and provide a workable solution for recovery and continued operations of OCFO’s applications should their primary data center become unavailable. In addition to the design, NFF’s services included a white-glove packing/shipping service for all DR equipment previously located at OCIO’s Waterfront office location. The NFF team provided rack, cabling, and configuration services (to the approved design) for the equipment either relocated or newly purchased as part of the project.
Once the physical implementation was completed, the team then performed several DR failover tests of selected applications, ensuring OCFO’s RPO/RTO SLAs were met and with no impact to any OCIO-managed production system. The NFF team used network virtualization techniques to ensure all systems included in the DR test were restored into an isolated network environment.
The NFF team is currently providing the final stage of the project by performing a DR failback test which will be simulated by replicating backups/data from restored DR systems back to the OCFO Waterfront data center.
Secure Wireless Everywhere
Since 2013, NFF has been engaged with The Mitre Corporation (MITRE) for network security and wireless design consulting services. NFF’s recent solution for “Secure Wireless Everywhere” was estimated to save $3.5 million in construction costs by leveraging a new wireless security design. Mitre recently awarded NFF an additional task order to continue providing Cisco ISE and Wireless Network Security Architecture Consulting Services. The new task order award provides for NFF engineers to work directly with MITRE network and security personnel on a project basis, for continued assistance with their wireless network and Cisco Identity Services Engine (ISE) configuration and design to support MITRE’s trusted wired and wireless capability enhancements and goals.
Three-year extension awarded by DC Water
NFF was recently awarded a three-year extension of their contract to provide technical consultants to the agency. NFF has been working with DC Water for over 14 years, providing staff augmentation services in a number of different disciplines, including project management; enterprise software development; network administration, engineering and support; technical writing and documentation; and service desk personnel. Over the past decade, many NFF consultants were hired into full-time positions with DC Water, a testament to the quality personnel NFF has provided.
During this last contract extension period, DC Water consolidated the number of vendors that are providing personnel (and IT equipment) to them. When meeting with DC Water’s procurement head after the award, he indicated that the primary reasons that NFF was again selected as a preferred vendor were related to our ability to consistently provide qualified resources at a competitive rate, as well as our commitment to Washington DC as a whole. NFF looks forward to expanding our support of DC Water as their need for qualified technical consultants increases in the coming months and years.
Here you can find more information about the positions we have filled.
Optimizing Secure Access for Catholic University
NFF recently completed a Cisco Identity Services Engine (ISE) project for the Catholic University of America (CUA). CUA purchased new physical ISE appliances to replace their existing virtual ISE nodes supporting network authentication services for both campus Staff and Students. NFF worked with CUA to replace the existing virtual ISE nodes with the newly purchased Cisco ISE hardware appliances using best practices to provide a more robust and optimized experience for network authentication and connectivity to the campus WiFi and network services.
As an outcome of the successful CUA ISE project, Catholic University of America has awarded NFF with new professional services engagements. NFF will be providing engineering services for CUA’s campus network refresh and building switch configuration projects. CUA has engaged NFF to provide the design and transition services of their campus network core switches, wireless controllers, and firewalls to newly purchased equipment. NFF will be working with CUA over the summer to provide optimized network design and migration services for CUA’s DC campus. Secondly, NFF will be assisting CUA over the summer with their Voice over IP migration project by providing full network switch discovery, assessment, and configuration mitigation services. This second effort provides CUA with a baseline network switch configuration using best practices and deploying that standard across all campus switches to enable a successful VoIP migration for the University.