Cisco Blogs

Cisco Blog > Enterprise Networks

Security – more than just a stateful firewall!

Security is hot. It has always been. It will always be. If you look at IT-related spending security budget allocations usually tend to be among the highest. However, having spent nearly 15 years directly and indirectly in various security-related roles, I’ve observed it to be among the most misunderstood areas of technology as well one with the most number of preconceived notions.Interestingly, many organizations start taking their security requirements more seriously when they’ve been exposed to an attack of sorts. It could be a virus attack, denial-of-service, data compromise or theft. Though never an afterthought, security considerations are given more prominence after exposure to risk. Sometime back, while speaking at a Roadshow, I ran an impromptu survey with the attending audience in three cities before beginning my session. These were a random cross-section of customers from different verticals, varying business sizes and mostly those making business decisions. They were asked to provide a true/false response to the questions below. Some words were purposely bolded, to add a blind and make the responder think:- My organization is completely secure because I have a stateful firewall- Most security threats originate from outside the network and can be prevented by installing a firewall at every ingress path- Installing an self-updating anti-virus package on laptops is sufficient to prevent internal security breaches- Securing my IP data network, helps provide Secure voice-over-IP- Mobile phones cannot transmit viruses as they have to pass through service provider firewallsAny guesses what a majority of respondents answered? Interestingly, the bolded words which were incorporated as placebos threw most people off-track. Everybody had a hearty laugh when they saw the results. With so many organizations (including Cisco) spending millions of marketing dollars over a decade or more, creating security awareness, one would think people get what pervasive security is all about. They don’t, at least not yet. Organic education takes time, as opposed to threat-based education that provides shock value. You may see continued spending of these millions of marketing dollars over the next decade…:-)As Jimmy Ray Purser states in one of his earlier videos for the Cisco Developer contest, calling application developers to think secure,”security is a lot more than just a firewall”. As always, Jimmy Ray stimulates grey cells as only he can.The truth is -the nature, source and complexity of threats is evolving as we adopt different media for communication and bring different types of devices into the”network”. Today, in an IP-based environment, where mobile phones, microwave owens and video cameras are all different network-addressable devices jostling for attention, anything could be a source of threat, and should be treated accordingly. And there are other extremes. These are the people who just don’t trust anything. Here’s an anecdote. For most of us, AES may be inherently secure and widely adopted. However, a number of institutions are mandated not to believe it. They still have their own proprietary encryption algorithms, which they believe provide superior security. It is interesting to recollect that one of the reasons Cisco considered opening their routers, was a Eastern European government outfit requesting permission to port their own security algorithm on the Integrated Services Router instead of the standards-based ones that Cisco supports by default. They didn’t trust AES. Read More »

Cisco’s INTERNAL Developer contest closes – Results around the corner

Okay, DON’T confuse this with the external Developer contest! Phase-1 of that contest is open till Feb 27th, 2009. We extended it, remember?This one is about the INTERNAL developer contest. It closed on Jan 12th, 2009. For those who don’t know, this was something we mentioned in one of the previous blogs. In conjunction with the external contest we adopted a two-fold approach to this contest, with an internal version focused on our Sales and Network Engineering community with a small prize pool. Since our SEs are among the closest technical liasons to our customers, and understand the branch problem space the best, we thought it’d be a great idea to get them to submit innovative ideas, and tap into their knowledge of customer deployments. Over the last few weeks, we received a few questions about our internal contest results and if the winners were finalized. I thought it’s perhaps a good time to give an update.Since we don’t expect any of our Sales Engineers to code (a lot of them probably are hardcode coders though), we restricted the entries to proposal submissions only. Yeah, the shrewd observer will realize that it somewhat concurs with the Phase-1 of the external contest. There were some differences though -- the template for the internal contest was geared towards customer relevance and applicability of the solution to deployments familiar to them. I just want to exult for a moment and state that our global SE community rose to the challenge and delivered a number of innovative proposals, many with detailed schematics of the solution and its possible implementation. A panel of judges with diverse areas of expertise did the honors and it was tough to shortlist and choose three. Why am I sharing details of the internal contest here? Because we intend to share some of the innovative ideas from our SEs in this blog and on the contest website.. There were a number of honourable mentions too. We’ll try to bring them on and get their perspectives as well. When? Read More »

Branch VoIP Recording – It’s NICE, really!

Ever been put on hold while calling your bank, or another customer line? A mechanical or sweet voice comes on and says”your call is being monitored for compliance and/or training purposes”. Yeah, they do record our calls. Government and industry regulations, risk management issues, corporate governance, and sometimes training requirements prompt organizations to be diligent about recording conversations. (Or, at least that’s what they claim, though I’ve not seen my bank use such recordings anytime to provide better service -- they make me go through my service request every time I get my call put on hold for 20 minutes and I hang up to call again:-|).But let’s get back to talking technology.In one of the previous blogs with Mike Wood, we discussed complementary approaches to cloud computing involving the branch. The premise was to have a lightweight, local instantiation of the application footprint in the branch that would provide a degree of survivability, performance and perhaps in some cases, additional security, perceived or otherwise. It combines the best approaches of a centralized model and a distributed model, adopting a hybrid model.One such application involves Branch VoIP recording. Nothing fancy, but very useful. This can be a cloud based application, or it could involve the branch where the customer support personal or local staff is located.Sometime back, I hosted a panel discussion involving NICE, an Israel-based”well-established company that started more than 20 years ago”. What’s more relevant to us is NICE has developed a branch recording application and put some effort in integrating it with the Integrated Services Router on the Application Extension Platform.Nadav Doran from NICE came all the way from Israel to Orlando, Florida to participate in this panel discussion. It was very lively, and we did a balancing act on a small stage with three bar stools, but it was totally worth it. Read More »

Two’s company, three’s a team – Making it all work!

From those registered to participate in the Cisco ‘Think Inside the Box’ Developer Contest, among the most frequent questions we’ve received of a non-technical nature have to do with two aspects (i) Intellectual property and (ii) Team composition.Given the nature of the contest, questions on intellectual property are highly understandable. We’ve tried to clarify the variations on IP through individual responses via e-mail, and also put on a blog on it some time ago. See “A Question of IP”imageAgain, questions on team structure and composition are also very natural and several variations have resulted, including:• Can we change our team composition midway through the contest?• Can I add more members to the team?• Do I need a team? What should be the profile of the team members?• What if there are more than 3 team members?• Can a company submit its IP for this contest? What if extended team members have worked on the concept?• Can we have team members across different geographies?• Can a team submit multiple proposals?• And quite a few others of a similar nature…As with any contest, the variations to accommodate the requirements of the select few have to be balanced with the ability to operationally administer a contest for the broader populace. The answers to most of the questions can be found in the terms and conditions.While the nuances of team composition and dynamics are different with each team, a team will benefit from bringing in different perspectives into the play. While the contest is primarily for application developers, these applications reside on the Integrated Services Router which performs a pivotal role in branch networks. So, understanding the branch problem space, and applications therein are likely to help you provide better proposals that are not only innovative, but practical as well. Cisco’s Dave Frampton suggested as much, a previous blog. We’ve predominantly found two constituents who approach this contest, often from opposite ends of the spectrum, but they end up finding middle ground. The first set is that of Linux programmers and application developers. The second is Network and IT solution architects. On the contest website, you’ll find some approaches to both sets alongwith some resources that provide complementary perspectives.Some individuals want to go alone, and not want to split the prize money, should they win. Of course, this is entirely possible and all the more power to such individuals. While it is possible for an individual to wear multiple hats, it does help to bring in people with the relevant domain expertise in some capacity within your team. Not mandatory, but practical. Read More »

Video-On-Demand: Cisco AXP Virtual Workshop

Earlier this week, Cisco hosted a live interactive workshop for developing applications on the open Cisco Application Extension Platform (AXP). Click here to access the video-on-demand version of the workshop. Cisco experts, including: TechWise TV host and developer guru Jimmy Ray Purser, Anurag Gurtu, Cisco technical marketing engineer, and John Voss, Cisco Integrated Services Router (ISR) product manager take you through conversations extremely beneficial to application developers, network and IT solutions architects, and Cisco customers and partners interested in exploring application development and hosting solutions on the ISR via Cisco AXP. Here is an outline of the Cisco Virtual Workshop for Developing Applications on the AXP:- Introduction- Branch (or remote site) challenges- ISR overview- Why build applications on routers?- AXP partner examples and business opportunities- AXP technical overviewOver 5 million Cisco ISRs have been sold! This translates to over 5 million potential customers for application developers who can now develop any type of application on the open Cisco ISR and AXP. It’s not too late to register and submit applications for the “œThink Inside the Box” Developer Contest, the first phase of the contest has been extended to Friday, February 27, 2009. If you have any questions or comments, please let us know in the comment section of this blog or the visit the Cisco Developer Community Forum.Follow @CiscoGeeks on Twitter for “œThink Inside the Box” Developer Contest updates and conversations.