Fire in the Cisco! Networking giant's Duo MFA message logs stolen in phish attack Cisco is fighting fires on a couple cybersecurity fronts this week involving its Duo multi-factor authentication (MFA) service and its remote-access VPN services. Cisco has alerted customers that one of its Duo telephony partners fell victim to a phishing attack on April 1, during which crooks stole an employee's credentials …
Guys,
Please fight against the lazy users that want you to use AD as your source for sign on.
They will whine to their boss about having a different password for the vpn and desktop but it will be your butt not the boss’s when your VPN access is sold because bad guys own your AD.
As far as dual factor, please refer to the Reg article about Duo
Monitor your vpn login. It pays.
.... that no customers' personel info was exfiltrated by computer invaders in these sorts of situations? Log files don't necessarily tell the whole story. If the victims' DNS is compromised, computers on that network can be tricked into sending log events to a random, unconnected IP address instead of the actual logging server logserver1.mycorp.com.
Excellent point.
I use the ip address of the server instead of the DNS when I can just for that reason
I agree that logs don’t prevent hacks, they do let you know that your are being attacked and more importantly it gives you the ammunition against the bean counters when you do spend the money on something that will stop it.
If you monitor the bandwidth (and there are free solutions, but requires hours to implement and maintain) on each port, you can trace where the data is unusual. Some firewalls will even give you numbers by device.
As a reference, it takes about 1Tb of storage for 6 months of performance logs per 2k points. Use SSD or it will never keep up.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
