Cisco Blogs


Cisco Blog > Government

National Town Hall on Cybersecurity

May 2, 2011 at 3:53 pm PST

Cyberspace has emerged as the “fourth commons” after sea, air, and space in the defense world, and a broad variety of private and public networks make up the critical infrastructure that enables governments to provide essential services. The network has become both a platform for innovation and a mission-critical resource for the civilian, defense, and intelligence operations of governments. - Cisco’s Don Proctor, SVP -- Office of the CEO

The growing number of attacks on our cyber networks has become, in President Obama’s words, “one of the most serious economic and national security threats our nation faces.”  Addressing these issues means working across the government, partnering with the private sector, and empowering the general public to create a safe, secure, and resilient cyber environment, and promote cybersecurity knowledge and innovation.

If you are, or want to be part of this effort, please join us at the National Town Hall on Cybersecurity, a provocative on-line discussion, May 24th at 1:00 PM ET.

It’s free, and you can register here.

Tags: , , , , ,

LISP – Locator ID Separation Protocol & IPv6

April 26, 2011 at 5:12 pm PST

Cisco Locator/ID Separation Protocol (LISP) is routing architecture that provides new semantics for IP addressing. The current IP routing and addressing architecture uses a single numbering space, the IP address, to express two pieces of information:

  • Device identity
  • The way the device attaches to the network

The LISP routing architecture design separates the device identity, or endpoint identifier (EID), from its location, or routing locator (RLOC), into two different numbering spaces. Splitting EID and RLOC functions yields several advantages.

Check out this video for a quick review of LISP.

Although LISP was designed to deal with the route scalability problem in the Internet, it turns out is has the capability to help with the transition to IP Version 6 (IPv6), the next-generation Internet protocol.

The transition to IPv6 is an immediate challenge facing Public Sector, and specifically Federal customers today due to Government mandates and impending IPv4 address exhaustion for consumers of Government services.

Because IPv6 is not backward compatible with IPv4, and because its deployment and operation are different from that of IPv4, development and implementation of an IPv6 transition strategy is imperative. Many techniques exist to ease the transition to IPv6, and the network-based IPv6 transition techniques can be divided generally into three categories: dual-stack IPv4 and IPv6, IPv6 tunneling, and IPv6 translation.

Each approach has its features, benefits, and limitations; they are not all equivalent in terms of cost, complexity, or capabilities. Most likely, a combination of these techniques will provide the best solution. The role that the Locator/ID Separation Protocol (LISP) being developed by Cisco and the IETF can play in IPv6 transition strategies is documented in this Whitepaper.

Incorporating LISP into an IPv6 transition strategy can simplify the initial rollout of IPv6 by taking advantage of the LISP mechanisms to encapsulate IPv6 host packets within IPv4 headers (or IPv4 host packets within IPv6 headers). For example, you can build IPv6 islands and connect them with existing IPv4 Internet connectivity.

LISP is a Cisco innovation that is being promoted as an open standard. Cisco participates in standards bodies such as the IETF LISP Working Group to develop the LISP architecture.

For further information, check the Cisco site on LISP.

Tags: , , , , , ,

Government Product Certifications

Cisco believes in the value of, and is committed to, the government product certification process. My name is Gene Keeling, Director, Global Certification Team (GCT). Cisco is a leader in government product certifications. In April alone, Cisco received 10 government product certifications, specifically:

• Three FIPS 140-2 certificates for the Integrated Services Routers – Generation 2.
• Cisco’s Unified Communications Manager 8.0.2 was added to the US Department of Defense (DoD) Unified Capabilities (UC) Approved Products List (APL) as a PBX1. This follows the previous UC APL listing of the product as a Local Session Controller (LSC).
• The Cisco 7206 VXR router was added to the DoD UC APL as a Customer Edge Router (CER).
• The Cisco ISR 3845 router was added to the DoD UC APL as an Edge Boundary Controller (EBC).
• Two FIPS 140-2 certificates and a Common Criteria certificate for the Nexus 7000 data center switch.
• MeetingPlace Express 2.1 was added to the DoD UC APL as a Customer Premise Equipment (CPE).

More information about Cisco’s GCT can be found at www.cisco.com/go/govcerts

.

Tags: , , , ,

Are you really secure ?

Yes, the question is “Are you really secure?” Now that I’ve asked a loaded question, let me get to the point.

The term “secure” sure has a lot of different meanings depending on the context in which it is used. If we take it from a corporate security perspective, your options are somewhat limited to physical security, as in video surveillance or physical access, or logical security, as in your laptop or data access. But, when you ask a security professional if they are secure, they will most certainly take that in the context of what they can control, and will most likely answer “yes”.

Well, what about the things you cannot control? You can control which products you buy to provide security, you control how they are installed and configured, and you control the processes and procedures that identify how they are managed and updated. But, can you control how they are manufactured?

Read More »

Tags: , , , , , , , , , , ,

New White Paper on Cisco “Suite B” Cryptography

April 22, 2011 at 2:46 pm PST

There is a new Whitepaper out on the Next-Generation Cryptography called “Suite B” for Government that will enable a new level of  secure communications and collaboration.

The Suite B set of cryptographic algorithms has become the preferred global standard for ensuring the security and integrity of information shared over non-trusted networks. This white paper, intended for public sector IT professionals, explains that:

  • Suite B combines four well established public domain cryptographic algorithms
  • The Internet Engineering TaskForce (IETF) has established open standards for commercial products using Suite B, helping organizations adopt it with confidence
  • Cisco has introduced an IPsec-based implementation of Suite B cryptography in its VPN products

There is a nice quote from David McGrew – Cisco Fellow

“Open and freely implementable cryptography standards are indispensable to global information security.  By not asserting patent rights with the Galois/Counter Mode of operation, Cisco has taken an active role in helping Suite B standards remain open.”

For an understanding of Suite B, you may download the Whitepaper here.


Tags: , , ,