Cisco Blogs


Cisco Blog > Inside Cisco IT

“Rules of Thumb” for Co-Locating UC Hosts on Cisco UCS Servers

One part of my job involves designing the virtualization model for our internal unified communications (UC) system deployments around the world. A critical task in this design is specifying which UC virtual machines (VMs) can share a Cisco Unified Computing System (Cisco UCS) server chassis or blade and which ones can’t. When migrating UC servers to a shared virtual environment, we need to make sure we carefully balance each VM’s needs for CPU, storage, network and memory. Read More »

Tags: , , , , , , , ,

Securing Linux Based Products With CSDL

The theme for this year’s SecCon was “Building on a Foundation of Security.” The breadth of topics discussed that are relevant to being a trusted vendor and producing trustworthy products is quite significant. Naturally many of the discussions revolved around the Cisco Secure Development Lifecycle (CSDL), Cisco’s approach to building secure products and solutions. As Graham Holmes mentioned in a recent blog post, CSDL takes a layered approach, with one of the key components being the security of the underlying operating system. As a standard part of the development process, Cisco’s product teams implement a comprehensive set of CSDL requirements to harden the base OS. These requirements were created not only by leveraging Cisco’s significant in-house security expertise, but also drawing from best practices available in the industry.

In keeping with the theme of SecCon 2012, we have decided to publish these foundational OS security requirements to enhance the knowledge of our partner ecosystem, and advance the industry as a whole. As of today, Cisco is releasing two documents that have been an integral part of CSDL: “Linux Hardening Recommendations For Cisco Products” and “Product Security Baseline Linux Distribution Requirements.” Read More »

Tags: , , , , ,

Demystifying the Catalyst: IOS Device Sensors

In this blog, let us take a look at how Catalyst access switches profile the various connected devices and make the information available to various network services.

Many devices like laptops, IP phones, cameras etc. are connected to the network and need to be managed by IT for asset management, device onboarding, switch configuration, policy management & device energy management. Traditionally, IT administrators manually added each device for each service. This consumes unnecessary overhead and is an inefficient use of IT’s time. Read More »

Tags: , , , , , , , , , ,

Have You Architected Your Data Center Survival Strategy for A Dystopic Cyber Landscape?

Drawing from a recent read of “Case 1: The Seeds of Dysptopia” in the World Economic Forum 2012 Global Risks 2012 Seventh Edition, it’s now more than apparent than ever that the impact of crime and terrorism in the digital world is fast mirroring that of a physical world.  We’re living in an era where attempts to build a more secure world may have unintentionally gone astray  as evidenced in Ellen Messmer’s Worst Security Snafus of 2012  where such consequences were clearly not imagined or intended by security vendors and businesses alike.   We’re indeed dealing with the opposite of Utopia.

Our digital reality can be very fragile when one considers that how heavily we rely on mobile devices and cloud applications not only to conduct business but also in our personal lives.  And the data that is transmitted via these devices and to various cloud applications is increasingly a target for scammers, thieves and hactivists.

And, it’s not only government entities, critical infrastructure and key verticals that are the targets of such attacks; in today’s climate every organization is a prime target.  Take the very recent case of an Australian healthcare organization that is being held to ransom by hackers to the tune of AU$4,000 who recently hacked into their database and encrypted the data – it seems an extraordinary scenario for a small organization to be facing.   Not only has their data been compromised but it has been rendered inaccessible as the organization now has to find a way to decrypt that data, which is proving to be rather challenging.

So what should organizations do to shore up their defenses?  Start by treating data as the key asset to be protected versus fortifying your infrastructure.  In today’s world data takes on increased significance --  bank account statements, personal information, credit card numbers, trade secrets, government documents. Every one has data  they  need to ensure tight control off and aligning security controls to the  CIA (Confidentiality, Integrity and Availability ) triad can help ensure the right measures are taken.

When we talk about confidentiality of information, it’s about about protecting  information from disclosure to unauthorized parties. In addition to measures like encryption, look to beef up  access controls  by feeding security decisions and intelligence across various enforcement points in the network rather than only at a single choke point in the data stream. Integrity of information refers to protecting information from being modified by unauthorized parties. Leverage global correlation and threat intelligence with reputation-based feeds to protect against new threat vectors and emerging malware. Availability of information  means ensuring that authorized parties are able to access the information when needed. Think of the network as a data enforcement layer and link that to a strategy that identifies users based on contextual attributes (where, when, how and business need to know) when accessing critical of confidential information assets.  So, what I have outlined is a starting point towards moving one step at a time towards a Utopian Digital Future. What are your strategies?  We’d love to hear from you.

Tags: , ,

Summary: The We’re Listening Blog Series: Simplifying the Entitlement Experience through Streamlined Access Management

The “We’re Listening” blog continues to look at actions taking place across Cisco to improve your experience working with us. In this post, Jim Fuller, Senior Director of Technical Services focused on entitlement, joins us to talk about improvements to services accessibility.

Imagine you’re in the back seat of a taxi—the driver is in complete control.  You have little to no control on speed or route, limited visibility, and no power.  Now, imagine you’re the driver—you control speed and course, have full visibility, and it’s your hands on the wheel—you are empowered.  That’s what I’m going to talk about—improvements we’re making to simplify customers and partners’ ability to take the driver’s seat.

Read the full article: The We’re Listening Blog Series: Simplifying the Entitlement Experience through Streamlined Access Management